March 2025 - Linux-stable-mirror

[PATCH] exfat: fix random stack corruption after get_block

by Sungjong Seo

When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation. <CPU 0> <CPU 1> mpage_read_folio <<bh on stack>> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <<keep going>> ... ... ... ... <<bh is not valid out of mpage_read_folio>> . . another_function <<variable A on stack>> put_bh(bh) atomic_dec(bh->b_count) * stack corruption here * This patch returns -EAGAIN if a folio does not have buffers when bh_read needs to be called. By doing this, the caller can fallback to functions like block_read_full_folio(), create a buffer_head in the folio, and then call get_block again. Let's do not call bh_read() with on-stack buffer_head. Fixes: 11a347fb6cef ("exfat: change to get file size from DataLength") Cc: stable(a)vger.kernel.org Tested-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sungjong Seo <sj1557.seo(a)samsung.com> --- fs/exfat/inode.c | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/fs/exfat/inode.c b/fs/exfat/inode.c index 96952d4acb50..b8ea910586e4 100644 --- a/fs/exfat/inode.c +++ b/fs/exfat/inode.c @@ -344,7 +344,8 @@ static int exfat_get_block(struct inode *inode, sector_t iblock, * The block has been partially written, * zero the unwritten part and map the block. */ - loff_t size, off, pos; + loff_t size, pos; + void *addr; max_blocks = 1; @@ -355,17 +356,43 @@ static int exfat_get_block(struct inode *inode, sector_t iblock, if (!bh_result->b_folio) goto done; + /* + * No buffer_head is allocated. + * (1) bmap: It's enough to fill bh_result without I/O. + * (2) read: The unwritten part should be filled with 0 + * If a folio does not have any buffers, + * let's returns -EAGAIN to fallback to + * per-bh IO like block_read_full_folio(). + */ + if (!folio_buffers(bh_result->b_folio)) { + err = -EAGAIN; + goto done; + } + pos = EXFAT_BLK_TO_B(iblock, sb); size = ei->valid_size - pos; - off = pos & (PAGE_SIZE - 1); + addr = folio_address(bh_result->b_folio) + + offset_in_folio(bh_result->b_folio, pos); + + BUG_ON(size > sb->s_blocksize); + + /* Check if bh->b_data points to proper addr in folio */ + if (bh_result->b_data != addr) { + exfat_fs_error_ratelimit(sb, + "b_data(%p) != folio_addr(%p)", + bh_result->b_data, addr); + err = -EINVAL; + goto done; + } - folio_set_bh(bh_result, bh_result->b_folio, off); + /* Read a block */ err = bh_read(bh_result, 0); if (err < 0) goto unlock_ret; - folio_zero_segment(bh_result->b_folio, off + size, - off + sb->s_blocksize); + /* Zero unwritten part of a block */ + memset(bh_result->b_data + size, 0, + bh_result->b_size - size); } else { /* * The range has not been written, clear the mapped flag -- 2.25.1

2 months, 4 weeks

2
2
0 0

[PATCH RESEND] ext4: Fix potential NULL pointer dereferences in test_mb_mark_used() and test_mb_free_blocks()

by Qasim Ijaz

test_mb_mark_used() and test_mb_free_blocks() call kunit_kzalloc() to allocate memory, however both fail to ensure that the allocations succeeded. If kunit_kzalloc() returns NULL, then dereferencing the corresponding pointer without checking for NULL will lead to a NULL pointer dereference. To fix this call KUNIT_ASSERT_NOT_ERR_OR_NULL() to ensure the allocation succeeded. Fixes: ac96b56a2fbd ("ext4: Add unit test for mb_mark_used") Fixes: b7098e1fa7bc ("ext4: Add unit test for mb_free_blocks") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- fs/ext4/mballoc-test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c index bb2a223b207c..d634c12f1984 100644 --- a/fs/ext4/mballoc-test.c +++ b/fs/ext4/mballoc-test.c @@ -796,6 +796,7 @@ static void test_mb_mark_used(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buddy); grp = kunit_kzalloc(test, offsetof(struct ext4_group_info, bb_counters[MB_NUM_ORDERS(sb)]), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, grp); ret = ext4_mb_load_buddy(sb, TEST_GOAL_GROUP, &e4b); KUNIT_ASSERT_EQ(test, ret, 0); @@ -860,6 +861,7 @@ static void test_mb_free_blocks(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buddy); grp = kunit_kzalloc(test, offsetof(struct ext4_group_info, bb_counters[MB_NUM_ORDERS(sb)]), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, grp); ret = ext4_mb_load_buddy(sb, TEST_GOAL_GROUP, &e4b); KUNIT_ASSERT_EQ(test, ret, 0); -- 2.39.5

2 months, 4 weeks

4
3
0 0

[PATCH 6.6 000/166] 6.6.84-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.84 release. There are 166 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 21 Mar 2025 14:29:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.84-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.84-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: allow clone callbacks to sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: bail out if stateful expression provides no .clone Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use timestamp to check for set element timeout Mitchell Levy <levymitchell0(a)gmail.com> rust: lockdep: Remove support for dynamically allocated LockClassKeys Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: Fix a C2HTermReq error message Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: disable Fn key handling on the Omoton KB066 Daniel Wagner <wagi(a)kernel.org> nvme-fc: rely on state transitions to handle connectivity loss Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix corrupted list in hci_chan_del Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Fix match_session bug preventing session reuse Steve French <stfrench(a)microsoft.com> smb3: add support for IAKerb Philipp Stanner <phasta(a)kernel.org> stmmac: loongson: Pass correct arg to PCI function Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: sis630: Fix an error handling path in sis630_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali15x3: Fix an error handling path in ali15x3_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali1535: Fix an error handling path in ali1535_probe() Pali Rohár <pali(a)kernel.org> cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from parse_reparse_point() Pali Rohár <pali(a)kernel.org> cifs: Validate content of WSL reparse point buffers Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing closetimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing actimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acdirmax mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acregmax mount option Tamir Duberstein <tamird(a)gmail.com> scripts: generate_rust_analyzer: add missing macros deps Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: rt722-sdca: add missing readable registers Alban Kurti <kurti(a)invicto.ai> rust: init: add missing newline to pr_info! calls Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Fix maximum ADC Volume Ivan Abramov <i.abramov(a)mt-integration.ru> drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Alban Kurti <kurti(a)invicto.ai> rust: error: add missing newline to pr_warn! calls Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: ops: Consistently treat platform_max as control value Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: split critical region in remap_file_pages() and invoke LSMs in between Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: Handle memfd_secret() files in build_id_parse() Benno Lossin <benno.lossin(a)proton.me> rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and `Option<KBox<T>>` Matthew Maurer <mmaurer(a)google.com> rust: Disallow BTF generation with Rust + LTO Paulo Alcantara <pc(a)manguebit.com> smb: client: fix regression with guest option Haoxiang Li <haoxiang_li2024(a)163.com> qlcnic: fix memory leak issues in qlcnic_sriov_common.c Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Populate vmemmap at the page level if not section aligned Kent Overstreet <kent.overstreet(a)linux.dev> dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Thomas Mizrahi <thomasmizra(a)gmail.com> ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model Varada Pavani <v.pavani(a)samsung.com> clk: samsung: update PLL locktime for PLL142XX used on FSD platform Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: prevent connection release during oplock break notification Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_free_work_struct Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix slab-use-after-free on hdcp_work Alex Hung <alex.hung(a)amd.com> drm/amd/display: Assign normalized_pix_clk when color depth = 14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore correct backlight brightness after a GPU reset Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Disable unneeded hpd interrupts during dm_init Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix locking when skipping CSN before topology probing Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Filter out redundant DPMS calls Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Do cdclk post plane programming later Florent Revest <revest(a)chromium.org> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Johan Hovold <johan(a)kernel.org> USB: serial: option: match on interface class for Telit FN990B Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FE990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE990B compositions Boon Khai Ng <boon.khai.ng(a)intel.com> USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - swap old quirk combination with new quirk for more devices Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - swap old quirk combination with new quirk for several devices Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add required quirks for missing old boardnames Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ Antheas Kapenekakis <lkml(a)antheas.dev> Input: xpad - rename QH controller to Legion Go S Antheas Kapenekakis <lkml(a)antheas.dev> Input: xpad - add support for TECNO Pocket Go Antheas Kapenekakis <lkml(a)antheas.dev> Input: xpad - add support for ZOTAC Gaming Zone Pavel Rojtberg <rojtberg(a)gmail.com> Input: xpad - add multiple supported devices Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - preserve system status register H. Nikolaus Schaller <hns(a)goldelico.com> Input: ads7846 - fix gpiod allocation Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix error pbuf checking Jens Axboe <axboe(a)kernel.dk> io_uring: use unpin_user_pages() where appropriate Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: vmap pinned buffer ring Jens Axboe <axboe(a)kernel.dk> io_uring: unify io_pin_pages() Jens Axboe <axboe(a)kernel.dk> io_uring: use vmap() for ring mapping Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix corner case forgetting to vunmap Jens Axboe <axboe(a)kernel.dk> io_uring: don't attempt to mmap larger than what the user asks for Jens Axboe <axboe(a)kernel.dk> io_uring: get rid of remap_pfn_range() for mapping rings/sqes Jens Axboe <axboe(a)kernel.dk> mm: add nommu variant of vm_insert_pages() Ming Lei <ming.lei(a)redhat.com> block: fix 'kmem_cache of name 'bio-108' already exists' Frederic Weisbecker <frederic(a)kernel.org> net: Handle napi_schedule() calls from non-interrupt Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Do not override forced connector status Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: safety check before fallback Arnd Bergmann <arnd(a)arndb.de> x86/irq: Define trace events conditionally Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Use better start period for frequency mode Harry Wentland <harry.wentland(a)amd.com> drm/vkms: Round fixp2int conversion in lerp_u16 Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't truncate cached, mutated symlink Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Set the SDOUT polarity correctly Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Fix power control mask Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Fix volume scale Daniel Wagner <wagi(a)kernel.org> nvme: only allow entering LIVE from CONNECTING state Yu-Chun Lin <eleanor15x(a)gmail.com> sctp: Fix undefined behavior in left shift operation Pali Rohár <pali(a)kernel.org> cifs: Treat unhandled directory name surrogate reparse points as mount directory nodes Hector Martin <marcan(a)marcan.st> apple-nvme: Release power domains when probe fails Ruozhu Li <david.li(a)jaguarmicro.com> nvmet-rdma: recheck queue state is LIVE in state lock in recv done Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: add basic support for the C2HTermReq PDU Christopher Lentocha <christopherericlentocha(a)gmail.com> nvme-pci: quirk Acer FA100 for non-uniqueue identifiers Uday Shankar <ushankar(a)purestorage.com> io-wq: backoff when retrying worker creation Stephan Gerhold <stephan.gerhold(a)linaro.org> net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE Terry Cheong <htcheong(a)chromium.org> ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: adjust convert rate limitation Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: indicate unsupported clock rate Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on Positivo ARN50 Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: simple-card-utils.c: add missing dlc->of_node Jiayuan Chen <mrpre(a)163.com> selftests/bpf: Fix invalid flag of recv() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd Jan Beulich <jbeulich(a)suse.com> Xen/swiotlb: mark xen_swiotlb_fixup() __init Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/cpufreq_cooling: Remove structure member documentation Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: Fix CHPID "configure" attribute caching Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles Sybil Isabel Dorsett <sybdorsett(a)proton.me> platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e Jann Horn <jannh(a)google.com> sched: Clarify wake_up_q()'s write to task->wake_q.next Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Ignore dangling jump table entries Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: fix up the F6 key on the Omoton KB066 keyboard Ievgen Vovk <YevgenVovk(a)ukr.net> HID: hid-apple: Apple Magic Keyboard a3203 USB-C support Daniel Brackenbury <daniel.brackenbury(a)gmail.com> HID: topre: Fix n-key rollover on Realforce R3S TKL boards Alexander Stein <alexander.stein(a)ew.tq-group.com> usb: phy: generic: Use proper helper for property detection Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: ignore non-functional sensor in HP 5MP Camera Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Send clock sync message immediately after reset Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Brahmajit Das <brahmajit.xyz(a)gmail.com> vboxsf: fix building with GCC 15 Eric W. Biederman <ebiederm(a)xmission.com> alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Paulo Alcantara <pc(a)manguebit.com> smb: client: fix noisy when tree connecting to DFS interlink targets Gannon Kolding <gannon.kolding(a)gmail.com> ACPI: resource: IRQ override for Eluktronics MECH-17 Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix kernel oops when debug level > 2 Seunghui Lee <sh043.lee(a)samsung.com> scsi: ufs: core: Fix error return with query response Rik van Riel <riel(a)surriel.com> scsi: core: Use GFP_NOIO to avoid circular locking dependency Dmitry Kandybka <d.kandybka(a)gmail.com> platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() Christian Loehle <christian.loehle(a)arm.com> sched/debug: Provide slice length for fair tasks Chengen Du <chengen.du(a)canonical.com> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> powercap: call put_device() on an error path in powercap_register_control_type() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Mark is_migration_base() with __always_inline Daniel Wagner <wagi(a)kernel.org> nvme-fc: do not ignore connectivity loss during connecting Daniel Wagner <wagi(a)kernel.org> nvme-fc: go straight to connecting state when initializing Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: Bridge, fix the crash caused by LAG state check Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove misbehaving actions length check Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 link-local address generation. Alexey Kashavkin <akashavkin(a)gmail.com> netfilter: nft_exthdr: fix offset with ipv4_find_option() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Prevent creation of classes with TC_H_ROOT Dan Carpenter <dan.carpenter(a)linaro.org> ipvs: prevent integer overflow in do_ip_vs_get_ctl() Kohei Enju <enjuk(a)amazon.com> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Hangbin Liu <liuhangbin(a)gmail.com> bonding: fix incorrect MAC address setting to receive NS messages Amit Cohen <amcohen(a)nvidia.com> net: switchdev: Convert blocking notification chain to a raw one Taehee Yoo <ap420073(a)gmail.com> eth: bnxt: do not update checksum in bnxt_xdp_build_skb() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: handle errors in mlx5_chains_create_table() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Michael Kelley <mhklinux(a)outlook.com> drm/hyperv: Fix address space leak when Hyper-V DRM device is removed Breno Leitao <leitao(a)debian.org> netpoll: hold rcu read lock in __netpoll_send_skb() Matt Johnston <matt(a)codeconstruct.com.au> net: mctp i2c: Copy headers if cloned Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Verify after ATU Load ops Jiri Pirko <jiri(a)resnulli.us> net/mlx5: Fill out devlink dev info only for PFs Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: hci_core: Fix sleeping function called from invalid context" Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix enabling passive scanning Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: cfg80211: cancel wiphy_work before freeing wiphy Jun Yang <juny24602(a)gmail.com> sched: address a potential NULL pointer dereference in the GRED scheduler. Nicklas Bo Jensen <njensen(a)akamai.com> netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix memory leak in aRFS after reset Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Fix incorrect regmap max_registers value Michael Kelley <mhklinux(a)outlook.com> fbdev: hyperv_fb: iounmap() the correct memory when removing a device Xueming Feng <kuro(a)kuroa.me> tcp: fix forever orphan socket caused by tcp_abort Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Wander Lairson Costa <wander.lairson(a)gmail.com> bpf: Use raw_spinlock_t in ringbuf Felix Moessbauer <felix.moessbauer(a)siemens.com> hrtimer: Use and report correct timerslack values for realtime tasks Liu Shixin <liushixin2(a)huawei.com> zram: fix NULL pointer in comp_algorithm_show() Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full David Woodhouse <dwmw(a)amazon.co.uk> clockevents/drivers/i8253: Fix stop sequence for timer 0 ------------- Diffstat: Documentation/timers/no_hz.rst | 7 +- Makefile | 4 +- arch/alpha/include/asm/elf.h | 6 +- arch/alpha/include/asm/pgtable.h | 2 +- arch/alpha/include/asm/processor.h | 8 +- arch/alpha/kernel/osf_sys.c | 11 +- arch/arm64/mm/mmu.c | 5 +- arch/x86/events/intel/core.c | 85 +++++++ arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/mshyperv.c | 11 - arch/x86/kernel/irq.c | 2 + block/bio.c | 2 +- drivers/acpi/resource.c | 6 + drivers/block/zram/zram_drv.c | 4 +- drivers/clk/samsung/clk-pll.c | 7 +- drivers/clocksource/i8253.c | 36 ++- drivers/firmware/iscsi_ibft.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 64 ++++-- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 7 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 40 ++-- drivers/gpu/drm/drm_atomic_uapi.c | 4 + drivers/gpu/drm/drm_connector.c | 4 + drivers/gpu/drm/gma500/mid_bios.c | 5 + drivers/gpu/drm/hyperv/hyperv_drm_drv.c | 2 + drivers/gpu/drm/i915/display/intel_display.c | 5 +- drivers/gpu/drm/nouveau/nouveau_connector.c | 1 - drivers/gpu/drm/vkms/vkms_composer.c | 2 +- drivers/hid/Kconfig | 3 +- drivers/hid/hid-apple.c | 13 +- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-quirks.c | 1 + drivers/hid/hid-topre.c | 7 + drivers/hid/intel-ish-hid/ipc/ipc.c | 15 +- drivers/hid/intel-ish-hid/ishtp/ishtp-dev.h | 2 + drivers/hv/vmbus_drv.c | 13 ++ drivers/i2c/busses/i2c-ali1535.c | 12 +- drivers/i2c/busses/i2c-ali15x3.c | 12 +- drivers/i2c/busses/i2c-sis630.c | 12 +- drivers/input/joystick/xpad.c | 39 +++- drivers/input/misc/iqs7222.c | 50 ++-- drivers/input/serio/i8042-acpipnpio.h | 111 +++++---- drivers/input/touchscreen/ads7846.c | 2 +- drivers/md/dm-flakey.c | 2 +- drivers/net/bonding/bond_options.c | 55 ++++- drivers/net/dsa/mv88e6xxx/chip.c | 59 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 11 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.h | 3 +- drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 3 + .../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.h | 1 + .../net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 3 +- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 + .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 7 +- drivers/net/mctp/mctp-i2c.c | 5 + drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/nvme/host/apple.c | 2 + drivers/nvme/host/core.c | 2 - drivers/nvme/host/fc.c | 59 +---- drivers/nvme/host/pci.c | 2 + drivers/nvme/host/tcp.c | 43 ++++ drivers/nvme/target/rdma.c | 33 ++- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +- drivers/platform/x86/intel/pmc/core.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 50 ++-- drivers/powercap/powercap_sys.c | 3 +- drivers/s390/cio/chp.c | 3 +- drivers/scsi/qla1280.c | 2 +- drivers/scsi/scsi_scan.c | 2 +- drivers/thermal/cpufreq_cooling.c | 2 - drivers/ufs/core/ufshcd.c | 7 +- drivers/usb/phy/phy-generic.c | 2 +- drivers/usb/serial/ftdi_sio.c | 14 ++ drivers/usb/serial/ftdi_sio_ids.h | 13 ++ drivers/usb/serial/option.c | 48 ++-- drivers/video/fbdev/hyperv_fb.c | 2 +- drivers/xen/swiotlb-xen.c | 2 +- fs/fuse/dir.c | 2 +- fs/namei.c | 24 +- fs/proc/base.c | 9 +- fs/select.c | 11 +- fs/smb/client/asn1.c | 2 + fs/smb/client/cifs_spnego.c | 4 +- fs/smb/client/cifsglob.h | 4 + fs/smb/client/connect.c | 16 +- fs/smb/client/fs_context.c | 18 +- fs/smb/client/inode.c | 13 ++ fs/smb/client/reparse.c | 10 +- fs/smb/client/sess.c | 3 +- fs/smb/client/smb2pdu.c | 4 +- fs/smb/common/smbfsctl.h | 3 + fs/smb/server/connection.c | 20 ++ fs/smb/server/connection.h | 2 + fs/smb/server/ksmbd_work.c | 3 - fs/smb/server/ksmbd_work.h | 1 - fs/smb/server/oplock.c | 43 ++-- fs/smb/server/oplock.h | 1 - fs/smb/server/server.c | 14 +- fs/vboxsf/super.c | 3 +- include/linux/fs.h | 2 + include/linux/i8253.h | 1 - include/linux/io_uring_types.h | 3 - include/linux/nvme-tcp.h | 2 + include/net/bluetooth/hci_core.h | 108 ++++----- include/net/bluetooth/l2cap.h | 3 +- include/net/netfilter/nf_tables.h | 20 +- include/sound/soc.h | 5 +- init/Kconfig | 2 +- io_uring/io-wq.c | 23 +- io_uring/io_uring.c | 251 +++++++++++++++------ io_uring/io_uring.h | 8 +- io_uring/kbuf.c | 173 ++++---------- io_uring/kbuf.h | 3 +- io_uring/rsrc.c | 39 ---- kernel/bpf/ringbuf.c | 12 +- kernel/sched/core.c | 13 +- kernel/sched/debug.c | 2 + kernel/sys.c | 2 + kernel/time/hrtimer.c | 40 ++-- lib/buildid.c | 5 + mm/mmap.c | 69 ++++-- mm/nommu.c | 7 + net/bluetooth/hci_core.c | 10 +- net/bluetooth/hci_event.c | 37 +-- net/bluetooth/iso.c | 6 - net/bluetooth/l2cap_core.c | 181 +++++++-------- net/bluetooth/l2cap_sock.c | 15 +- net/bluetooth/rfcomm/core.c | 6 - net/bluetooth/sco.c | 12 +- net/core/dev.c | 2 +- net/core/netpoll.c | 9 +- net/ipv4/tcp.c | 20 +- net/ipv6/addrconf.c | 15 +- net/mptcp/protocol.h | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 8 +- net/netfilter/nf_conncount.c | 6 +- net/netfilter/nf_tables_api.c | 25 +- net/netfilter/nft_connlimit.c | 4 +- net/netfilter/nft_counter.c | 4 +- net/netfilter/nft_ct.c | 6 +- net/netfilter/nft_dynset.c | 2 +- net/netfilter/nft_exthdr.c | 10 +- net/netfilter/nft_last.c | 4 +- net/netfilter/nft_limit.c | 14 +- net/netfilter/nft_quota.c | 4 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 18 +- net/netfilter/nft_set_rbtree.c | 11 +- net/openvswitch/flow_netlink.c | 15 +- net/sched/sch_api.c | 6 + net/sched/sch_gred.c | 3 +- net/sctp/stream.c | 2 +- net/switchdev/switchdev.c | 25 +- net/wireless/core.c | 7 + rust/kernel/error.rs | 2 +- rust/kernel/init.rs | 23 +- rust/kernel/init/macros.rs | 6 +- rust/kernel/sync.rs | 10 +- scripts/generate_rust_analyzer.py | 30 ++- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/arizona.c | 14 +- sound/soc/codecs/cs42l43.c | 2 +- sound/soc/codecs/madera.c | 10 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 + sound/soc/codecs/tas2764.c | 10 +- sound/soc/codecs/tas2764.h | 8 +- sound/soc/codecs/tas2770.c | 2 +- sound/soc/codecs/wm0010.c | 13 +- sound/soc/codecs/wm5110.c | 8 +- sound/soc/generic/simple-card-utils.c | 1 + sound/soc/sh/rcar/core.c | 14 -- sound/soc/sh/rcar/rsnd.h | 1 - sound/soc/sh/rcar/src.c | 116 ++++++++-- sound/soc/sh/rcar/ssi.c | 3 +- sound/soc/soc-ops.c | 15 +- sound/soc/sof/amd/acp-ipc.c | 23 +- sound/soc/sof/intel/hda-codec.c | 1 + tools/objtool/check.c | 9 + .../selftests/bpf/prog_tests/sockmap_basic.c | 6 +- 186 files changed, 1803 insertions(+), 1167 deletions(-)

2 months, 4 weeks

10
180
0 0

[PATCH 6.13 000/207] 6.13.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.7 release. There are 207 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 12 Mar 2025 17:04:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.7-rc1 Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: Fix a C2HTermReq error message Arnd Bergmann <arnd(a)arndb.de> ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Steven Rostedt <rostedt(a)goodmis.org> fprobe: Fix accounting of when to unregister from function graph Steven Rostedt <rostedt(a)goodmis.org> fprobe: Always unregister fgraph function from ops Lukas Bulwahn <lukas.bulwahn(a)redhat.com> arm64: Kconfig: Remove selecting replaced HAVE_FUNCTION_GRAPH_RETVAL Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Angelo Dureghello <adureghello(a)baylibre.com> iio: adc: ad7606: fix wrong scale available Angelo Dureghello <adureghello(a)baylibre.com> dt-bindings: iio: dac: adi-axi-adc: fix ad7606 pwm-names Ricardo Ribalda <ribalda(a)chromium.org> iio: hid-sensor-prox: Split difference from multiple channels Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() Nayab Sayed <nayabbasha.sayed(a)microchip.com> iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Markus Burri <markus.burri(a)mt.com> iio: adc: ad7192: fix channel select Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: clear reset status flag Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: apds9306: fix max_scale_nano values Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: Force initialization of SDO Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Luca Ceresoli <luca.ceresoli(a)bootlin.com> drivers: core: fix device leak in __fw_devlink_relax_cycles() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: deallocate static minor in error path Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Qiu-ji Chen <chenqiuji666(a)gmail.com> cdx: Fix possible UAF error in driver_override_show() Xiaoyao Li <xiaoyao.li(a)intel.com> KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL in common x86 Sean Christopherson <seanjc(a)google.com> KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sean Christopherson <seanjc(a)google.com> KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Sean Christopherson <seanjc(a)google.com> KVM: SVM: Save host DR masks on CPUs with DebugSwap Sean Christopherson <seanjc(a)google.com> KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Christian A. Ehrhardt <lk(a)c--e.de> acpi: typec: ucsi: Introduce a ->poll_cci method Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: Fix NULL pointer access Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix host controllers "dying" after suspend and resume Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Marc Zyngier <maz(a)kernel.org> xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Matt Johnston <matt(a)codeconstruct.com.au> mctp i3c: handle NULL header address Takashi Iwai <tiwai(a)suse.de> drm/bochs: Fix DPMS regression Lorenzo Bianconi <lorenzo(a)kernel.org> net: dsa: mt7530: Fix traffic flooding for MMIO devices Dan Carpenter <dan.carpenter(a)linaro.org> nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Uday Shankar <ushankar(a)purestorage.com> ublk: set_params: properly check if parameters can be applied Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Eric Sandeen <sandeen(a)redhat.com> exfat: short-circuit zero-byte writes in exfat_file_write_iter Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix just enough dentries but allocate a new cluster to dir Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Jakub Kicinski <kuba(a)kernel.org> net: ethtool: plumb PHY stats to PHY drivers Oleksij Rempel <o.rempel(a)pengutronix.de> ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix QSB data for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix v4.7 resource group names Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Fix use-after-free when detaching device Maarten Lankhorst <dev(a)lankhorst.se> drm/xe: Remove double pageflip Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix timestamps in firmware traces Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Herbert Xu <herbert(a)gondor.apana.org.au> cred: Fix RCU warnings in override/revert_creds Christian Brauner <brauner(a)kernel.org> cred: return old creds from revert_creds_light() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix pmus_lock vs. pmus_srcu ordering Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Remove (revert) duplicate Ally X config Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: add basic support for the C2HTermReq PDU Maurizio Lombardi <mlombard(a)redhat.com> nvmet: remove old function prototype Salah Triki <salah.triki(a)gmail.com> bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Dave Airlie <airlied(a)redhat.com> drm/nouveau: select FW caching Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-events: Log error for exceeding the number of entry args Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Rewrite fprobe on function-graph tracer Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Add ftrace_fill_perf_regs() for perf event Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Add ftrace_partial_regs() for converting ftrace_regs to pt_regs Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Use ftrace_regs in fprobe exit handler Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Use ftrace_regs in fprobe entry handler Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fgraph: Replace fgraph_ret_regs with ftrace_regs Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix vendor-specific inheritance Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix MLE non-inheritance parsing Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Support parsing EPCS ML element Keith Busch <kbusch(a)kernel.org> nvme-ioctl: fix leaked requests on mapping error Kees Cook <kees(a)kernel.org> coredump: Only sort VMAs when core_sort_vma sysctl is set Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: Fix A-MSDU TSO preparation Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: Free pages allocated when failing to build A-MSDU Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't try to talk to a dead firmware Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't dump the firmware state upon RFKILL while suspend Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: log error for failures after D3 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: clean up ROC on failure Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: fw: avoid using an uninitialized variable Ma Wupeng <mawupeng1(a)huawei.com> mm: memory-hotplug: check folio ref count first in do_migrate_range Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Brian Geffon <bgeffon(a)google.com> mm: fix finish_fault() handling for large folios Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Ma Wupeng <mawupeng1(a)huawei.com> mm: memory-failure: update ttu flag inside unmap_poisoned_folio Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: abort vma_modify() on merge out of memory failure Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Qi Zheng <zhengqi.arch(a)bytedance.com> arm: pgtable: fix NULL pointer dereference issue Suren Baghdasaryan <surenb(a)google.com> userfaultfd: do not block on locking a large folio with raised refcount Mike Snitzer <snitzer(a)kernel.org> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> dma: kmsan: export kmsan_handle_dma() for modules Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() SeongJae Park <sj(a)kernel.org> selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries SeongJae Park <sj(a)kernel.org> selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms SeongJae Park <sj(a)kernel.org> selftests/damon/damos_quota: make real expectation of quota exceeds SeongJae Park <sj(a)kernel.org> selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/userptr: Unmap userptrs in the mmu notifier Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: properly setup pfn_flags_mask Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Fix fault mode invalidation with unbind Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Fix GT "for each engine" workarounds Krister Johansen <kjlx(a)templeofstupid.com> mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Validate userptr during gpu vma prefetching Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Fix a misplaced #endif Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/hmm: Don't dereference struct page pointers without notifier lock Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/hmm: Style- and include fixes Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add staging tree for VM binds Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Sanitize boot params before parsing command line Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e John Hubbard <jhubbard(a)nvidia.com> Revert "selftests/mm: remove local __NR_* definitions" Gabriel Krisman Bertazi <krisman(a)suse.de> Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Brendan King <Brendan.King(a)imgtec.com> drm/imagination: only init job done fences once Brendan King <Brendan.King(a)imgtec.com> drm/imagination: Hold drm_gem_gpuva lock for unmap Brendan King <Brendan.King(a)imgtec.com> drm/imagination: avoid deadlock on fence release Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: always allow ih interrupt from fw Andrew Martin <Andrew.Martin(a)amd.com> drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Paul Fertser <fercerpav(a)gmail.com> hwmon: (peci/dimmtemp) Do not provide fake thresholds data Nikunj A Dadhania <nikunj(a)amd.com> virt: sev-guest: Allocate request data dynamically Haoxiang Li <haoxiang_li2024(a)163.com> btrfs: fix a leaked chunk map issue in read_one_chunk() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix extent range end unlock in cow_file_range() Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Avoid module auto-load handling at event delivery Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix bug on trap in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix type confusion via race condition when using ipc_msg_send_request Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> HID: corsair-void: Update power supply values with a unified work handler Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix GPA size issue about VM Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Reload guest CSR registers after sleep Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add interrupt checking for AVEC Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set max_pfn with the PFN of the last page Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set hugetlb mmap base address aligned with pmd size Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use polling play_dead() when resuming from hibernation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Convert unreachable() to BUG() Philipp Stanner <phasta(a)kernel.org> stmmac: loongson: Pass correct arg to PCI function Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Reject invalid tracepoint name Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix a memory leak when tprobe with $retval Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Peter Zijlstra <peterz(a)infradead.org> loongarch: Use ASM_REACHABLE Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add some forgotten models to the SHA check Steve French <stfrench(a)microsoft.com> smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Pali Rohár <pali(a)kernel.org> cifs: Remove symlink member from cifs_open_info_data union Yutaro Ohno <yutaro.ono.418(a)gmail.com> rust: block: fix formatting in GenDisk doc Andrew Cooper <andrew.cooper3(a)citrix.com> x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() ------------- Diffstat: Documentation/admin-guide/sysctl/kernel.rst | 11 + .../devicetree/bindings/iio/adc/adi,ad7606.yaml | 1 + Makefile | 9 +- arch/arm/mm/fault-armv.c | 37 +- arch/arm64/Kconfig | 2 +- arch/arm64/include/asm/ftrace.h | 49 +- arch/arm64/include/asm/hugetlb.h | 4 +- arch/arm64/kernel/asm-offsets.c | 12 - arch/arm64/kernel/entry-ftrace.S | 32 +- arch/arm64/mm/hugetlbpage.c | 59 +- arch/loongarch/Kconfig | 3 +- arch/loongarch/include/asm/bug.h | 13 +- arch/loongarch/include/asm/ftrace.h | 32 +- arch/loongarch/include/asm/hugetlb.h | 6 +- arch/loongarch/kernel/asm-offsets.c | 12 - arch/loongarch/kernel/machine_kexec.c | 4 +- arch/loongarch/kernel/mcount.S | 17 +- arch/loongarch/kernel/mcount_dyn.S | 14 +- arch/loongarch/kernel/setup.c | 3 + arch/loongarch/kernel/smp.c | 47 +- arch/loongarch/kvm/exit.c | 6 + arch/loongarch/kvm/main.c | 7 + arch/loongarch/kvm/vcpu.c | 2 +- arch/loongarch/kvm/vm.c | 6 +- arch/loongarch/mm/mmap.c | 6 +- arch/mips/include/asm/hugetlb.h | 6 +- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/ftrace.h | 13 + arch/powerpc/include/asm/hugetlb.h | 6 +- arch/riscv/Kconfig | 2 +- arch/riscv/include/asm/ftrace.h | 45 +- arch/riscv/include/asm/hugetlb.h | 3 +- arch/riscv/kernel/mcount.S | 24 +- arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/Kconfig | 3 +- arch/s390/include/asm/ftrace.h | 36 +- arch/s390/include/asm/hugetlb.h | 18 +- arch/s390/kernel/asm-offsets.c | 6 - arch/s390/kernel/mcount.S | 12 +- arch/s390/kernel/traps.c | 6 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/x86/Kconfig | 3 +- arch/x86/boot/compressed/pgtable_64.c | 2 + arch/x86/include/asm/ftrace.h | 33 +- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/cpu/microcode/amd.c | 6 + arch/x86/kernel/cpu/sgx/ioctl.c | 7 + arch/x86/kernel/ftrace_32.S | 13 +- arch/x86/kernel/ftrace_64.S | 17 +- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/svm/svm.c | 49 ++ arch/x86/kvm/svm/svm.h | 2 +- arch/x86/kvm/svm/vmenter.S | 10 +- arch/x86/kvm/vmx/vmx.c | 8 +- arch/x86/kvm/vmx/vmx.h | 2 - arch/x86/kvm/x86.c | 2 + block/partitions/efi.c | 2 +- drivers/base/core.c | 1 + drivers/block/ublk_drv.c | 7 +- drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/cdx/cdx.c | 6 +- drivers/char/misc.c | 2 +- drivers/gpio/gpio-aggregator.c | 20 +- drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 +- drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 +- drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 +- drivers/gpu/drm/imagination/pvr_queue.c | 18 +- drivers/gpu/drm/imagination/pvr_queue.h | 4 + drivers/gpu/drm/imagination/pvr_vm.c | 134 ++++- drivers/gpu/drm/imagination/pvr_vm.h | 3 + drivers/gpu/drm/nouveau/Kconfig | 1 + drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/gpu/drm/tiny/bochs.c | 5 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 - drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_hmm.c | 194 ++++-- drivers/gpu/drm/xe/xe_hmm.h | 7 + drivers/gpu/drm/xe/xe_pt.c | 96 +-- drivers/gpu/drm/xe/xe_pt_walk.c | 3 +- drivers/gpu/drm/xe/xe_pt_walk.h | 4 + drivers/gpu/drm/xe/xe_vm.c | 100 +++- drivers/gpu/drm/xe/xe_vm.h | 10 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-corsair-void.c | 83 +-- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-steam.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hwmon/ad7314.c | 10 + drivers/hwmon/ntc_thermistor.c | 66 +-- drivers/hwmon/peci/dimmtemp.c | 10 +- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 + drivers/iio/adc/ad7192.c | 2 +- drivers/iio/adc/ad7606.c | 2 +- drivers/iio/adc/at91-sama5d2_adc.c | 68 ++- drivers/iio/dac/ad3552r.c | 6 + drivers/iio/filter/admv8818.c | 14 +- drivers/iio/light/apds9306.c | 4 +- drivers/iio/light/hid-sensor-prox.c | 7 +- drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/mei/vsc-tp.c | 2 +- drivers/net/caif/caif_virtio.c | 2 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++--- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 +- drivers/net/ipa/data/ipa_data-v4.7.c | 18 +- drivers/net/mctp/mctp-i3c.c | 3 + drivers/net/phy/phy.c | 43 ++ drivers/net/phy/phy_device.c | 2 + drivers/net/ppp/ppp_generic.c | 28 +- drivers/net/wireless/intel/iwlwifi/fw/dump.c | 3 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 77 ++- drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 +- drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 20 +- drivers/nvme/host/ioctl.c | 12 +- drivers/nvme/host/tcp.c | 81 ++- drivers/nvme/target/nvmet.h | 1 - drivers/nvme/target/tcp.c | 15 +- drivers/of/of_reserved_mem.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/slimbus/messaging.c | 5 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 85 +-- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/host/xhci-hub.c | 8 + drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/host/xhci-pci.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 + drivers/usb/typec/ucsi/ucsi.c | 25 +- drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 21 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + drivers/virt/acrn/hsm.c | 6 +- drivers/virt/coco/sev-guest/sev-guest.c | 24 +- fs/btrfs/inode.c | 9 +- fs/btrfs/volumes.c | 1 + fs/coredump.c | 15 +- fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/exfat/file.c | 2 +- fs/exfat/namei.c | 2 +- fs/nfs/file.c | 3 +- fs/smb/client/cifsglob.h | 6 +- fs/smb/client/inode.c | 2 +- fs/smb/client/reparse.h | 28 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2inode.c | 4 + fs/smb/client/smb2ops.c | 3 +- fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/smbacl.c | 16 + fs/smb/server/transport_ipc.c | 1 + include/asm-generic/hugetlb.h | 2 +- include/linux/compaction.h | 5 + include/linux/cred.h | 9 +- include/linux/ethtool.h | 23 + include/linux/fprobe.h | 62 +- include/linux/ftrace.h | 66 ++- include/linux/ftrace_regs.h | 2 + include/linux/hugetlb.h | 4 +- include/linux/nvme-tcp.h | 2 + include/linux/phy.h | 36 ++ include/linux/phylib_stubs.h | 42 ++ include/linux/sched.h | 2 +- kernel/events/core.c | 4 +- kernel/sched/fair.c | 6 +- kernel/trace/Kconfig | 18 +- kernel/trace/bpf_trace.c | 16 +- kernel/trace/fgraph.c | 21 +- kernel/trace/fprobe.c | 653 +++++++++++++++------ kernel/trace/trace_fprobe.c | 37 +- kernel/trace/trace_probe.h | 5 +- lib/test_fprobe.c | 51 +- mm/compaction.c | 3 + mm/hugetlb.c | 4 +- mm/internal.h | 5 +- mm/kmsan/hooks.c | 1 + mm/memory-failure.c | 63 +- mm/memory.c | 21 +- mm/memory_hotplug.c | 28 +- mm/page_alloc.c | 4 +- mm/userfaultfd.c | 17 +- mm/vma.c | 12 +- mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/bluetooth/mgmt.c | 5 + net/ethtool/cabletest.c | 8 +- net/ethtool/linkstate.c | 26 +- net/ethtool/netlink.c | 6 +- net/ethtool/netlink.h | 5 +- net/ethtool/phy.c | 2 +- net/ethtool/plca.c | 6 +- net/ethtool/pse-pd.c | 4 +- net/ethtool/stats.c | 18 + net/ethtool/strset.c | 2 +- net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/llc/llc_s_ac.c | 49 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/mlme.c | 1 + net/mac80211/parse.c | 164 ++++-- net/mptcp/pm_netlink.c | 18 +- net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- rust/kernel/block/mq/gen_disk.rs | 6 +- samples/fprobe/fprobe_example.c | 4 +- sound/core/seq/seq_clientmgr.c | 46 +- sound/pci/hda/Kconfig | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 107 +++- sound/usb/usx2y/usbusx2y.c | 11 + sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/testing/selftests/damon/damon_nr_regions.py | 2 + tools/testing/selftests/damon/damos_quota.py | 9 +- tools/testing/selftests/damon/damos_quota_goal.py | 3 + tools/testing/selftests/mm/hugepage-mremap.c | 2 +- tools/testing/selftests/mm/ksm_functional_tests.c | 8 +- tools/testing/selftests/mm/memfd_secret.c | 14 +- tools/testing/selftests/mm/mkdirty.c | 8 +- tools/testing/selftests/mm/mlock2.h | 1 - tools/testing/selftests/mm/protection_keys.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 4 + tools/testing/selftests/mm/uffd-stress.c | 15 +- tools/testing/selftests/mm/uffd-unit-tests.c | 14 +- usr/include/Makefile | 2 +- 269 files changed, 3214 insertions(+), 1547 deletions(-)

2 months, 4 weeks

17
229
0 0

[PATCH] x86/pkeys: Disable PKU when XFEATURE_PKRU is missing

by Akihiro Suda

Even when X86_FEATURE_PKU and X86_FEATURE_OSPKE are available, XFEATURE_PKRU can be missing. In such a case, pkeys has to be disabled to avoid hanging up. WARNING: CPU: 0 PID: 1 at arch/x86/kernel/fpu/xstate.c:1003 get_xsave_addr_user+0x28/0x40 (...) Call Trace: <TASK> ? get_xsave_addr_user+0x28/0x40 ? __warn.cold+0x8e/0xea ? get_xsave_addr_user+0x28/0x40 ? report_bug+0xff/0x140 ? handle_bug+0x3b/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? get_xsave_addr_user+0x28/0x40 copy_fpstate_to_sigframe+0x1be/0x380 ? __put_user_8+0x11/0x20 get_sigframe+0xf1/0x280 x64_setup_rt_frame+0x67/0x2c0 arch_do_signal_or_restart+0x1b3/0x240 syscall_exit_to_user_mode+0xb0/0x130 do_syscall_64+0xab/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f This fix is known to be needed on Apple Virtualization. Tested with macOS 13.5.2 running on MacBook Pro 2020 with Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz. Fixes: 70044df250d0 ("x86/pkeys: Update PKRU to enable all pkeys before XSAVE") Link: https://lore.kernel.org/regressions/CAG8fp8QvH71Wi_y7b7tgFp7knK38rfrF7rRHh-… Link: https://github.com/lima-vm/lima/issues/3334 Signed-off-by: Akihiro Suda <akihiro.suda.cz(a)hco.ntt.co.jp> --- arch/x86/kernel/cpu/common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e9464fe411ac..4c2c268af214 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -517,7 +517,8 @@ static bool pku_disabled; static __always_inline void setup_pku(struct cpuinfo_x86 *c) { if (c == &boot_cpu_data) { - if (pku_disabled || !cpu_feature_enabled(X86_FEATURE_PKU)) + if (pku_disabled || !cpu_feature_enabled(X86_FEATURE_PKU) || + !cpu_has_xfeatures(XFEATURE_PKRU, NULL)) return; /* * Setting CR4.PKE will cause the X86_FEATURE_OSPKE cpuid -- 2.45.2

2 months, 4 weeks

5
5
0 0

Re: BUG in LTS 5.15.x cpusets with tasks launched by newer systemd

by Waiman Long

On 3/20/25 6:07 AM, James Thomas wrote: > Hello all, > > I encountered an issue with the CPU affinity of tasks launched by systemd in a > slice, after updating from systemd 254 to by systemd >= 256, on the LTS 5.15.x > branch (tested on v5.15.179). > > Despite the slice file stipulating AllowedCPUS=2 (and confirming this was set in > /sys/fs/cgroup/test.slice/cpuset.cpus) tasks launched in the slice would have > the CPU affinity of the system.slice (i.e all by default) rather than 2. > > To reproduce: > > * Check kernel version and systemd version (I used a debian testing image for > testing) > > ``` > # uname -r > 5.15.179 > # systemctl --version > systemd 257 (257.4-3) > ... > ``` > > * Create a test.slice with AllowedCPUS=2 > > ``` > # cat <<EOF > /usr/lib/systemd/system/test.slice > [Unit] > Description=Test slice > Before=slices.target > [Slice] > AllowedCPUs=2 > [Install] > WantedBy=slices.target > EOF > # systemctl daemon-reload && systemctl start test.slice > ``` > > * Confirm cpuset > > ``` > # cat /sys/fs/cgroup/test.slice/cpuset.cpus > 2 > ``` > > * Launch task in slice > > ``` > # systemd-run --slice test.slice yes > Running as unit: run-r9187b97c6958498aad5bba213289ac56.service; invocation ID: > f470f74047ac43b7a60861d03a7ef6f9 > # cat > /sys/fs/cgroup/test.slice/run-r9187b97c6958498aad5bba213289ac56.service/cgroup.procs > > 317 > ``` > > # Check affinity > > ``` > # taskset -pc 317 > pid 317's current affinity list: 0-7 > ``` > > This issue is fixed by applying upstream commits: > > 18f9a4d47527772515ad6cbdac796422566e6440 > cgroup/cpuset: Skip spread flags update on v2 > and > 42a11bf5c5436e91b040aeb04063be1710bb9f9c > cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly > > With these applied: > > ``` > # systemd-run --slice test.slice yes > Running as unit: run-r442c444559ff49f48c6c2b8325b3b500.service; invocation ID: > 5211167267154e9292cb6b854585cb91 > # cat /sys/fs/cgroup/test.slice/run-r442c444559ff49f48c6c2b8325b3b500.service > 291 > # taskset -pc 291 > pid 291's current affinity list: 2 > ``` > > Perhaps these are a good candidate for backport onto the 5.15 LTS branch? > > Thanks > James > You should also send this email to stable(a)vger.kernel.org for consideration into the 5.15 LTS branch. Cheers, Longman

2 months, 4 weeks

1
0
0 0

[PATCH v2] keys: Fix UAF in key_put()

by David Howells

Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key after that point. The most key_put() is normally allowed to do is to touch key_gc_work as that's a static global variable. However, in an effort to speed up the reclamation of quota, this is now done in key_put() once the key's usage is reduced to 0 - but now the code is looking at the key after the deadline, which is forbidden. Fix this by using a flag to indicate that a key can be gc'd now rather than looking at the key's refcount in the garbage collector. Fixes: 9578e327b2b4 ("keys: update key quotas in key_put()") Reported-by: syzbot+6105ffc1ded71d194d6d(a)syzkaller.appspotmail.com Signed-off-by: David Howells <dhowells(a)redhat.com> Tested-by: syzbot+6105ffc1ded71d194d6d(a)syzkaller.appspotmail.com cc: Jarkko Sakkinen <jarkko(a)kernel.org> cc: Oleg Nesterov <oleg(a)redhat.com> cc: Kees Cook <kees(a)kernel.org> cc: Hillf Danton <hdanton(a)sina.com>, cc: keyrings(a)vger.kernel.org Cc: stable(a)vger.kernel.org # v6.10+ --- include/linux/key.h | 1 + security/keys/gc.c | 4 +++- security/keys/key.c | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/linux/key.h b/include/linux/key.h index 074dca3222b9..ba05de8579ec 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -236,6 +236,7 @@ struct key { #define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ #define KEY_FLAG_KEEP 8 /* set if key should not be removed */ #define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ +#define KEY_FLAG_FINAL_PUT 10 /* set if final put has happened on key */ /* the key type and key description string * - the desc is used to match a key against search criteria diff --git a/security/keys/gc.c b/security/keys/gc.c index 7d687b0962b1..f27223ea4578 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -218,8 +218,10 @@ static void key_garbage_collector(struct work_struct *work) key = rb_entry(cursor, struct key, serial_node); cursor = rb_next(cursor); - if (refcount_read(&key->usage) == 0) + if (test_bit(KEY_FLAG_FINAL_PUT, &key->flags)) { + smp_mb(); /* Clobber key->user after FINAL_PUT seen. */ goto found_unreferenced_key; + } if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) { if (key->type == key_gc_dead_keytype) { diff --git a/security/keys/key.c b/security/keys/key.c index 3d7d185019d3..7198cd2ac3a3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -658,6 +658,8 @@ void key_put(struct key *key) key->user->qnbytes -= key->quotalen; spin_unlock_irqrestore(&key->user->lock, flags); } + smp_mb(); /* key->user before FINAL_PUT set. */ + set_bit(KEY_FLAG_FINAL_PUT, &key->flags); schedule_work(&key_gc_work); } }

2 months, 4 weeks

4
8
0 0

[PATCH 6.1.y] fs/ntfs3: Change new sparse cluster processing

by Miguel García

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b upstream. This patch is a backport. Remove ntfs_sparse_cluster. Zero clusters in attr_allocate_clusters. Fixes xfstest generic/263 The fix has been verified by executing the syzkaller reproducer test case. Bug: https://syzkaller.appspot.com/bug?extid=f3e5d0948a1837ed1bb0 Reported-by: syzbot+f3e5d0948a1837ed1bb0(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Miguel Garcia Roman <miguelgarciaroman8(a)gmail.com> (cherry picked from commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b) --- fs/ntfs3/attrib.c | 176 +++++++++++++++++++++++++++++++-------------- fs/ntfs3/file.c | 151 +++++++++----------------------------- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 12 ++-- fs/ntfs3/ntfs_fs.h | 7 +- 6 files changed, 166 insertions(+), 186 deletions(-) diff --git a/fs/ntfs3/attrib.c b/fs/ntfs3/attrib.c index 0388e6b42100..3e402b597e0f 100644 --- a/fs/ntfs3/attrib.c +++ b/fs/ntfs3/attrib.c @@ -176,7 +176,7 @@ static int run_deallocate_ex(struct ntfs_sb_info *sbi, struct runs_tree *run, int attr_allocate_clusters(struct ntfs_sb_info *sbi, struct runs_tree *run, CLST vcn, CLST lcn, CLST len, CLST *pre_alloc, enum ALLOCATE_OPT opt, CLST *alen, const size_t fr, - CLST *new_lcn) + CLST *new_lcn, CLST *new_len) { int err; CLST flen, vcn0 = vcn, pre = pre_alloc ? *pre_alloc : 0; @@ -196,20 +196,36 @@ int attr_allocate_clusters(struct ntfs_sb_info *sbi, struct runs_tree *run, if (err) goto out; - if (new_lcn && vcn == vcn0) - *new_lcn = lcn; + if (vcn == vcn0) { + /* Return the first fragment. */ + if (new_lcn) + *new_lcn = lcn; + if (new_len) + *new_len = flen; + } /* Add new fragment into run storage. */ - if (!run_add_entry(run, vcn, lcn, flen, opt == ALLOCATE_MFT)) { + if (!run_add_entry(run, vcn, lcn, flen, opt & ALLOCATE_MFT)) { /* Undo last 'ntfs_look_for_free_space' */ mark_as_free_ex(sbi, lcn, len, false); err = -ENOMEM; goto out; } + if (opt & ALLOCATE_ZERO) { + u8 shift = sbi->cluster_bits - SECTOR_SHIFT; + + err = blkdev_issue_zeroout(sbi->sb->s_bdev, + (sector_t)lcn << shift, + (sector_t)flen << shift, + GFP_NOFS, 0); + if (err) + goto out; + } + vcn += flen; - if (flen >= len || opt == ALLOCATE_MFT || + if (flen >= len || (opt & ALLOCATE_MFT) || (fr && run->count - cnt >= fr)) { *alen = vcn - vcn0; return 0; @@ -287,7 +303,8 @@ int attr_make_nonresident(struct ntfs_inode *ni, struct ATTRIB *attr, const char *data = resident_data(attr); err = attr_allocate_clusters(sbi, run, 0, 0, len, NULL, - ALLOCATE_DEF, &alen, 0, NULL); + ALLOCATE_DEF, &alen, 0, NULL, + NULL); if (err) goto out1; @@ -582,13 +599,13 @@ int attr_set_size(struct ntfs_inode *ni, enum ATTR_TYPE type, /* ~3 bytes per fragment. */ err = attr_allocate_clusters( sbi, run, vcn, lcn, to_allocate, &pre_alloc, - is_mft ? ALLOCATE_MFT : 0, &alen, + is_mft ? ALLOCATE_MFT : ALLOCATE_DEF, &alen, is_mft ? 0 : (sbi->record_size - le32_to_cpu(rec->used) + 8) / 3 + 1, - NULL); + NULL, NULL); if (err) goto out; } @@ -886,8 +903,19 @@ int attr_set_size(struct ntfs_inode *ni, enum ATTR_TYPE type, return err; } +/* + * attr_data_get_block - Returns 'lcn' and 'len' for given 'vcn'. + * + * @new == NULL means just to get current mapping for 'vcn' + * @new != NULL means allocate real cluster if 'vcn' maps to hole + * @zero - zeroout new allocated clusters + * + * NOTE: + * - @new != NULL is called only for sparsed or compressed attributes. + * - new allocated clusters are zeroed via blkdev_issue_zeroout. + */ int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, - CLST *len, bool *new) + CLST *len, bool *new, bool zero) { int err = 0; struct runs_tree *run = &ni->file.run; @@ -896,29 +924,27 @@ int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, struct ATTRIB *attr = NULL, *attr_b; struct ATTR_LIST_ENTRY *le, *le_b; struct mft_inode *mi, *mi_b; - CLST hint, svcn, to_alloc, evcn1, next_svcn, asize, end; + CLST hint, svcn, to_alloc, evcn1, next_svcn, asize, end, vcn0, alen; + unsigned int fr; u64 total_size; - u32 clst_per_frame; - bool ok; if (new) *new = false; + /* Try to find in cache. */ down_read(&ni->file.run_lock); - ok = run_lookup_entry(run, vcn, lcn, len, NULL); + if (!run_lookup_entry(run, vcn, lcn, len, NULL)) + *len = 0; up_read(&ni->file.run_lock); - if (ok && (*lcn != SPARSE_LCN || !new)) { - /* Normal way. */ - return 0; + if (*len) { + if (*lcn != SPARSE_LCN || !new) + return 0; /* Fast normal way without allocation. */ + else if (clen > *len) + clen = *len; } - if (!clen) - clen = 1; - - if (ok && clen > *len) - clen = *len; - + /* No cluster in cache or we need to allocate cluster in hole. */ sbi = ni->mi.sbi; cluster_bits = sbi->cluster_bits; @@ -944,12 +970,6 @@ int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, goto out; } - clst_per_frame = 1u << attr_b->nres.c_unit; - to_alloc = (clen + clst_per_frame - 1) & ~(clst_per_frame - 1); - - if (vcn + to_alloc > asize) - to_alloc = asize - vcn; - svcn = le64_to_cpu(attr_b->nres.svcn); evcn1 = le64_to_cpu(attr_b->nres.evcn) + 1; @@ -968,36 +988,68 @@ int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, evcn1 = le64_to_cpu(attr->nres.evcn) + 1; } + /* Load in cache actual information. */ err = attr_load_runs(attr, ni, run, NULL); if (err) goto out; - if (!ok) { - ok = run_lookup_entry(run, vcn, lcn, len, NULL); - if (ok && (*lcn != SPARSE_LCN || !new)) { - /* Normal way. */ - err = 0; - goto ok; - } + if (!*len) { + if (run_lookup_entry(run, vcn, lcn, len, NULL)) { + if (*lcn != SPARSE_LCN || !new) + goto ok; /* Slow normal way without allocation. */ - if (!ok && !new) { - *len = 0; - err = 0; + if (clen > *len) + clen = *len; + } else if (!new) { + /* Here we may return -ENOENT. + * In any case caller gets zero length. */ goto ok; } - - if (ok && clen > *len) { - clen = *len; - to_alloc = (clen + clst_per_frame - 1) & - ~(clst_per_frame - 1); - } } if (!is_attr_ext(attr_b)) { + /* The code below only for sparsed or compressed attributes. */ err = -EINVAL; goto out; } + vcn0 = vcn; + to_alloc = clen; + fr = (sbi->record_size - le32_to_cpu(mi->mrec->used) + 8) / 3 + 1; + /* Allocate frame aligned clusters. + * ntfs.sys usually uses 16 clusters per frame for sparsed or compressed. + * ntfs3 uses 1 cluster per frame for new created sparsed files. */ + if (attr_b->nres.c_unit) { + CLST clst_per_frame = 1u << attr_b->nres.c_unit; + CLST cmask = ~(clst_per_frame - 1); + + /* Get frame aligned vcn and to_alloc. */ + vcn = vcn0 & cmask; + to_alloc = ((vcn0 + clen + clst_per_frame - 1) & cmask) - vcn; + if (fr < clst_per_frame) + fr = clst_per_frame; + zero = true; + + /* Check if 'vcn' and 'vcn0' in different attribute segments. */ + if (vcn < svcn || evcn1 <= vcn) { + /* Load attribute for truncated vcn. */ + attr = ni_find_attr(ni, attr_b, &le, ATTR_DATA, NULL, 0, + &vcn, &mi); + if (!attr) { + err = -EINVAL; + goto out; + } + svcn = le64_to_cpu(attr->nres.svcn); + evcn1 = le64_to_cpu(attr->nres.evcn) + 1; + err = attr_load_runs(attr, ni, run, NULL); + if (err) + goto out; + } + } + + if (vcn + to_alloc > asize) + to_alloc = asize - vcn; + /* Get the last LCN to allocate from. */ hint = 0; @@ -1011,18 +1063,33 @@ int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, hint = -1; } - err = attr_allocate_clusters( - sbi, run, vcn, hint + 1, to_alloc, NULL, 0, len, - (sbi->record_size - le32_to_cpu(mi->mrec->used) + 8) / 3 + 1, - lcn); + /* Allocate and zeroout new clusters. */ + err = attr_allocate_clusters(sbi, run, vcn, hint + 1, to_alloc, NULL, + zero ? ALLOCATE_ZERO : ALLOCATE_DEF, &alen, + fr, lcn, len); if (err) goto out; *new = true; - end = vcn + *len; - + end = vcn + alen; total_size = le64_to_cpu(attr_b->nres.total_size) + - ((u64)*len << cluster_bits); + ((u64)alen << cluster_bits); + + if (vcn != vcn0) { + if (!run_lookup_entry(run, vcn0, lcn, len, NULL)) { + err = -EINVAL; + goto out; + } + if (*lcn == SPARSE_LCN) { + /* Internal error. Should not happened. */ + WARN_ON(1); + err = -EINVAL; + goto out; + } + /* Check case when vcn0 + len overlaps new allocated clusters. */ + if (vcn0 + *len > end) + *len = end - vcn0; + } repack: err = mi_pack_runs(mi, attr, run, max(end, evcn1) - svcn); @@ -1547,7 +1614,7 @@ int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, struct ATTRIB *attr = NULL, *attr_b; struct ATTR_LIST_ENTRY *le, *le_b; struct mft_inode *mi, *mi_b; - CLST svcn, evcn1, next_svcn, lcn, len; + CLST svcn, evcn1, next_svcn, len; CLST vcn, end, clst_data; u64 total_size, valid_size, data_size; @@ -1623,8 +1690,9 @@ int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, } err = attr_allocate_clusters(sbi, run, vcn + clst_data, - hint + 1, len - clst_data, NULL, 0, - &alen, 0, &lcn); + hint + 1, len - clst_data, NULL, + ALLOCATE_DEF, &alen, 0, NULL, + NULL); if (err) goto out; diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c index 70b38465aee3..72e25842f5dc 100644 --- a/fs/ntfs3/file.c +++ b/fs/ntfs3/file.c @@ -122,8 +122,8 @@ static int ntfs_extend_initialized_size(struct file *file, bits = sbi->cluster_bits; vcn = pos >> bits; - err = attr_data_get_block(ni, vcn, 0, &lcn, &clen, - NULL); + err = attr_data_get_block(ni, vcn, 1, &lcn, &clen, NULL, + false); if (err) goto out; @@ -196,18 +196,18 @@ static int ntfs_zero_range(struct inode *inode, u64 vbo, u64 vbo_to) struct address_space *mapping = inode->i_mapping; u32 blocksize = 1 << inode->i_blkbits; pgoff_t idx = vbo >> PAGE_SHIFT; - u32 z_start = vbo & (PAGE_SIZE - 1); + u32 from = vbo & (PAGE_SIZE - 1); pgoff_t idx_end = (vbo_to + PAGE_SIZE - 1) >> PAGE_SHIFT; loff_t page_off; struct buffer_head *head, *bh; - u32 bh_next, bh_off, z_end; + u32 bh_next, bh_off, to; sector_t iblock; struct page *page; - for (; idx < idx_end; idx += 1, z_start = 0) { + for (; idx < idx_end; idx += 1, from = 0) { page_off = (loff_t)idx << PAGE_SHIFT; - z_end = (page_off + PAGE_SIZE) > vbo_to ? (vbo_to - page_off) - : PAGE_SIZE; + to = (page_off + PAGE_SIZE) > vbo_to ? (vbo_to - page_off) + : PAGE_SIZE; iblock = page_off >> inode->i_blkbits; page = find_or_create_page(mapping, idx, @@ -224,7 +224,7 @@ static int ntfs_zero_range(struct inode *inode, u64 vbo, u64 vbo_to) do { bh_next = bh_off + blocksize; - if (bh_next <= z_start || bh_off >= z_end) + if (bh_next <= from || bh_off >= to) continue; if (!buffer_mapped(bh)) { @@ -258,7 +258,7 @@ static int ntfs_zero_range(struct inode *inode, u64 vbo, u64 vbo_to) } while (bh_off = bh_next, iblock += 1, head != (bh = bh->b_this_page)); - zero_user_segment(page, z_start, z_end); + zero_user_segment(page, from, to); unlock_page(page); put_page(page); @@ -269,81 +269,6 @@ static int ntfs_zero_range(struct inode *inode, u64 vbo, u64 vbo_to) return err; } -/* - * ntfs_sparse_cluster - Helper function to zero a new allocated clusters. - * - * NOTE: 512 <= cluster size <= 2M - */ -void ntfs_sparse_cluster(struct inode *inode, struct page *page0, CLST vcn, - CLST len) -{ - struct address_space *mapping = inode->i_mapping; - struct ntfs_sb_info *sbi = inode->i_sb->s_fs_info; - u64 vbo = (u64)vcn << sbi->cluster_bits; - u64 bytes = (u64)len << sbi->cluster_bits; - u32 blocksize = 1 << inode->i_blkbits; - pgoff_t idx0 = page0 ? page0->index : -1; - loff_t vbo_clst = vbo & sbi->cluster_mask_inv; - loff_t end = ntfs_up_cluster(sbi, vbo + bytes); - pgoff_t idx = vbo_clst >> PAGE_SHIFT; - u32 from = vbo_clst & (PAGE_SIZE - 1); - pgoff_t idx_end = (end + PAGE_SIZE - 1) >> PAGE_SHIFT; - loff_t page_off; - u32 to; - bool partial; - struct page *page; - - for (; idx < idx_end; idx += 1, from = 0) { - page = idx == idx0 ? page0 : grab_cache_page(mapping, idx); - - if (!page) - continue; - - page_off = (loff_t)idx << PAGE_SHIFT; - to = (page_off + PAGE_SIZE) > end ? (end - page_off) - : PAGE_SIZE; - partial = false; - - if ((from || PAGE_SIZE != to) && - likely(!page_has_buffers(page))) { - create_empty_buffers(page, blocksize, 0); - } - - if (page_has_buffers(page)) { - struct buffer_head *head, *bh; - u32 bh_off = 0; - - bh = head = page_buffers(page); - do { - u32 bh_next = bh_off + blocksize; - - if (from <= bh_off && bh_next <= to) { - set_buffer_uptodate(bh); - mark_buffer_dirty(bh); - } else if (!buffer_uptodate(bh)) { - partial = true; - } - bh_off = bh_next; - } while (head != (bh = bh->b_this_page)); - } - - zero_user_segment(page, from, to); - - if (!partial) { - if (!PageUptodate(page)) - SetPageUptodate(page); - set_page_dirty(page); - } - - if (idx != idx0) { - unlock_page(page); - put_page(page); - } - cond_resched(); - } - mark_inode_dirty(inode); -} - /* * ntfs_file_mmap - file_operations::mmap */ @@ -385,13 +310,9 @@ static int ntfs_file_mmap(struct file *file, struct vm_area_struct *vma) for (; vcn < end; vcn += len) { err = attr_data_get_block(ni, vcn, 1, &lcn, - &len, &new); + &len, &new, true); if (err) goto out; - - if (!new) - continue; - ntfs_sparse_cluster(inode, NULL, vcn, 1); } } @@ -532,7 +453,8 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len) struct ntfs_sb_info *sbi = sb->s_fs_info; struct ntfs_inode *ni = ntfs_i(inode); loff_t end = vbo + len; - loff_t vbo_down = round_down(vbo, PAGE_SIZE); + loff_t vbo_down = round_down(vbo, max_t(unsigned long, + sbi->cluster_size, PAGE_SIZE)); bool is_supported_holes = is_sparsed(ni) || is_compressed(ni); loff_t i_size, new_size; bool map_locked; @@ -585,11 +507,8 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len) u32 frame_size; loff_t mask, vbo_a, end_a, tmp; - err = filemap_write_and_wait_range(mapping, vbo, end - 1); - if (err) - goto out; - - err = filemap_write_and_wait_range(mapping, end, LLONG_MAX); + err = filemap_write_and_wait_range(mapping, vbo_down, + LLONG_MAX); if (err) goto out; @@ -692,39 +611,35 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len) goto out; if (is_supported_holes) { - CLST vcn_v = ni->i_valid >> sbi->cluster_bits; CLST vcn = vbo >> sbi->cluster_bits; CLST cend = bytes_to_cluster(sbi, end); + CLST cend_v = bytes_to_cluster(sbi, ni->i_valid); CLST lcn, clen; bool new; + if (cend_v > cend) + cend_v = cend; + /* - * Allocate but do not zero new clusters. (see below comments) - * This breaks security: One can read unused on-disk areas. + * Allocate and zero new clusters. * Zeroing these clusters may be too long. - * Maybe we should check here for root rights? + */ + for (; vcn < cend_v; vcn += clen) { + err = attr_data_get_block(ni, vcn, cend_v - vcn, + &lcn, &clen, &new, + true); + if (err) + goto out; + } + /* + * Allocate but not zero new clusters. */ for (; vcn < cend; vcn += clen) { err = attr_data_get_block(ni, vcn, cend - vcn, - &lcn, &clen, &new); + &lcn, &clen, &new, + false); if (err) goto out; - if (!new || vcn >= vcn_v) - continue; - - /* - * Unwritten area. - * NTFS is not able to store several unwritten areas. - * Activate 'ntfs_sparse_cluster' to zero new allocated clusters. - * - * Dangerous in case: - * 1G of sparsed clusters + 1 cluster of data => - * valid_size == 1G + 1 cluster - * fallocate(1G) will zero 1G and this can be very long - * xfstest 016/086 will fail without 'ntfs_sparse_cluster'. - */ - ntfs_sparse_cluster(inode, NULL, vcn, - min(vcn_v - vcn, clen)); } } @@ -945,8 +860,8 @@ static ssize_t ntfs_compress_write(struct kiocb *iocb, struct iov_iter *from) frame_vbo = valid & ~(frame_size - 1); off = valid & (frame_size - 1); - err = attr_data_get_block(ni, frame << NTFS_LZNT_CUNIT, 0, &lcn, - &clen, NULL); + err = attr_data_get_block(ni, frame << NTFS_LZNT_CUNIT, 1, &lcn, + &clen, NULL, false); if (err) goto out; diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index d41ddc06f207..fb572688f919 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -2297,7 +2297,7 @@ int ni_decompress_file(struct ntfs_inode *ni) for (vcn = vbo >> sbi->cluster_bits; vcn < end; vcn += clen) { err = attr_data_get_block(ni, vcn, cend - vcn, &lcn, - &clen, &new); + &clen, &new, false); if (err) goto out; } diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index 2589f6d1215f..2dfe74a3de75 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -1442,8 +1442,8 @@ static int indx_create_allocate(struct ntfs_index *indx, struct ntfs_inode *ni, run_init(&run); - err = attr_allocate_clusters(sbi, &run, 0, 0, len, NULL, 0, &alen, 0, - NULL); + err = attr_allocate_clusters(sbi, &run, 0, 0, len, NULL, ALLOCATE_DEF, + &alen, 0, NULL, NULL); if (err) goto out; diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c index 057aa3cec902..5baf6a2b3d48 100644 --- a/fs/ntfs3/inode.c +++ b/fs/ntfs3/inode.c @@ -592,7 +592,8 @@ static noinline int ntfs_get_block_vbo(struct inode *inode, u64 vbo, off = vbo & sbi->cluster_mask; new = false; - err = attr_data_get_block(ni, vcn, 1, &lcn, &len, create ? &new : NULL); + err = attr_data_get_block(ni, vcn, 1, &lcn, &len, create ? &new : NULL, + create && sbi->cluster_size > PAGE_SIZE); if (err) goto out; @@ -610,11 +611,8 @@ static noinline int ntfs_get_block_vbo(struct inode *inode, u64 vbo, WARN_ON(1); } - if (new) { + if (new) set_buffer_new(bh); - if ((len << cluster_bits) > block_size) - ntfs_sparse_cluster(inode, page, vcn, len); - } lbo = ((u64)lcn << cluster_bits) + off; @@ -1533,8 +1531,8 @@ struct inode *ntfs_create_inode(struct user_namespace *mnt_userns, cpu_to_le64(ntfs_up_cluster(sbi, nsize)); err = attr_allocate_clusters(sbi, &ni->file.run, 0, 0, - clst, NULL, 0, &alen, 0, - NULL); + clst, NULL, ALLOCATE_DEF, + &alen, 0, NULL, NULL); if (err) goto out5; diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index 26dbe1b46fdd..05d9abd66b37 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -126,6 +126,7 @@ struct ntfs_buffers { enum ALLOCATE_OPT { ALLOCATE_DEF = 0, // Allocate all clusters. ALLOCATE_MFT = 1, // Allocate for MFT. + ALLOCATE_ZERO = 2, // Zeroout new allocated clusters }; enum bitmap_mutex_classes { @@ -416,7 +417,7 @@ enum REPARSE_SIGN { int attr_allocate_clusters(struct ntfs_sb_info *sbi, struct runs_tree *run, CLST vcn, CLST lcn, CLST len, CLST *pre_alloc, enum ALLOCATE_OPT opt, CLST *alen, const size_t fr, - CLST *new_lcn); + CLST *new_lcn, CLST *new_len); int attr_make_nonresident(struct ntfs_inode *ni, struct ATTRIB *attr, struct ATTR_LIST_ENTRY *le, struct mft_inode *mi, u64 new_size, struct runs_tree *run, @@ -426,7 +427,7 @@ int attr_set_size(struct ntfs_inode *ni, enum ATTR_TYPE type, u64 new_size, const u64 *new_valid, bool keep_prealloc, struct ATTRIB **ret); int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, - CLST *len, bool *new); + CLST *len, bool *new, bool zero); int attr_data_read_resident(struct ntfs_inode *ni, struct page *page); int attr_data_write_resident(struct ntfs_inode *ni, struct page *page); int attr_load_runs_vcn(struct ntfs_inode *ni, enum ATTR_TYPE type, @@ -491,8 +492,6 @@ extern const struct file_operations ntfs_dir_operations; /* Globals from file.c */ int ntfs_getattr(struct user_namespace *mnt_userns, const struct path *path, struct kstat *stat, u32 request_mask, u32 flags); -void ntfs_sparse_cluster(struct inode *inode, struct page *page0, CLST vcn, - CLST len); int ntfs3_setattr(struct user_namespace *mnt_userns, struct dentry *dentry, struct iattr *attr); int ntfs_file_open(struct inode *inode, struct file *file); -- 2.34.1

2 months, 4 weeks

2
2
0 0

[PATCH 6.1.y 6.6.y 1/1] netfilter: nft_counter: Use u64_stats_t for statistic.

by Felix Moessbauer

From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> commit 4a1d3acd6ea86075e77fcc1188c3fc372833ba73 upstream. The nft_counter uses two s64 counters for statistics. Those two are protected by a seqcount to ensure that the 64bit variable is always properly seen during updates even on 32bit architectures where the store is performed by two writes. A side effect is that the two counter (bytes and packet) are written and read together in the same window. This can be replaced with u64_stats_t. write_seqcount_begin()/ end() is replaced with u64_stats_update_begin()/ end() and behaves the same way as with seqcount_t on 32bit architectures. Additionally there is a preempt_disable on PREEMPT_RT to ensure that a reader does not preempt a writer. On 64bit architectures the macros are removed and the reads happen without any retries. This also means that the reader can observe one counter (bytes) from before the update and the other counter (packets) but that is okay since there is no requirement to have both counter from the same update window. Convert the statistic to u64_stats_t. There is one optimisation: nft_counter_do_init() and nft_counter_clone() allocate a new per-CPU counter and assign a value to it. During this assignment preemption is disabled which is not needed because the counter is not yet exposed to the system so there can not be another writer or reader. Therefore disabling preemption is omitted and raw_cpu_ptr() is used to obtain a pointer to a counter for the assignment. Cc: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> --- I propose the backport, as this is a performance improvement. Note, that this is a bugfix on RT kernels. net/netfilter/nft_counter.c | 90 +++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 44 deletions(-) diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c index 781d3a26f5df..8d19bd001277 100644 --- a/net/netfilter/nft_counter.c +++ b/net/netfilter/nft_counter.c @@ -8,7 +8,7 @@ #include <linux/kernel.h> #include <linux/init.h> #include <linux/module.h> -#include <linux/seqlock.h> +#include <linux/u64_stats_sync.h> #include <linux/netlink.h> #include <linux/netfilter.h> #include <linux/netfilter/nf_tables.h> @@ -17,6 +17,11 @@ #include <net/netfilter/nf_tables_offload.h> struct nft_counter { + u64_stats_t bytes; + u64_stats_t packets; +}; + +struct nft_counter_tot { s64 bytes; s64 packets; }; @@ -25,25 +30,24 @@ struct nft_counter_percpu_priv { struct nft_counter __percpu *counter; }; -static DEFINE_PER_CPU(seqcount_t, nft_counter_seq); +static DEFINE_PER_CPU(struct u64_stats_sync, nft_counter_sync); static inline void nft_counter_do_eval(struct nft_counter_percpu_priv *priv, struct nft_regs *regs, const struct nft_pktinfo *pkt) { + struct u64_stats_sync *nft_sync; struct nft_counter *this_cpu; - seqcount_t *myseq; local_bh_disable(); this_cpu = this_cpu_ptr(priv->counter); - myseq = this_cpu_ptr(&nft_counter_seq); - - write_seqcount_begin(myseq); + nft_sync = this_cpu_ptr(&nft_counter_sync); - this_cpu->bytes += pkt->skb->len; - this_cpu->packets++; + u64_stats_update_begin(nft_sync); + u64_stats_add(&this_cpu->bytes, pkt->skb->len); + u64_stats_inc(&this_cpu->packets); + u64_stats_update_end(nft_sync); - write_seqcount_end(myseq); local_bh_enable(); } @@ -66,17 +70,16 @@ static int nft_counter_do_init(const struct nlattr * const tb[], if (cpu_stats == NULL) return -ENOMEM; - preempt_disable(); - this_cpu = this_cpu_ptr(cpu_stats); + this_cpu = raw_cpu_ptr(cpu_stats); if (tb[NFTA_COUNTER_PACKETS]) { - this_cpu->packets = - be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS])); + u64_stats_set(&this_cpu->packets, + be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]))); } if (tb[NFTA_COUNTER_BYTES]) { - this_cpu->bytes = - be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES])); + u64_stats_set(&this_cpu->bytes, + be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]))); } - preempt_enable(); + priv->counter = cpu_stats; return 0; } @@ -104,40 +107,41 @@ static void nft_counter_obj_destroy(const struct nft_ctx *ctx, } static void nft_counter_reset(struct nft_counter_percpu_priv *priv, - struct nft_counter *total) + struct nft_counter_tot *total) { + struct u64_stats_sync *nft_sync; struct nft_counter *this_cpu; - seqcount_t *myseq; local_bh_disable(); this_cpu = this_cpu_ptr(priv->counter); - myseq = this_cpu_ptr(&nft_counter_seq); + nft_sync = this_cpu_ptr(&nft_counter_sync); + + u64_stats_update_begin(nft_sync); + u64_stats_add(&this_cpu->packets, -total->packets); + u64_stats_add(&this_cpu->bytes, -total->bytes); + u64_stats_update_end(nft_sync); - write_seqcount_begin(myseq); - this_cpu->packets -= total->packets; - this_cpu->bytes -= total->bytes; - write_seqcount_end(myseq); local_bh_enable(); } static void nft_counter_fetch(struct nft_counter_percpu_priv *priv, - struct nft_counter *total) + struct nft_counter_tot *total) { struct nft_counter *this_cpu; - const seqcount_t *myseq; u64 bytes, packets; unsigned int seq; int cpu; memset(total, 0, sizeof(*total)); for_each_possible_cpu(cpu) { - myseq = per_cpu_ptr(&nft_counter_seq, cpu); + struct u64_stats_sync *nft_sync = per_cpu_ptr(&nft_counter_sync, cpu); + this_cpu = per_cpu_ptr(priv->counter, cpu); do { - seq = read_seqcount_begin(myseq); - bytes = this_cpu->bytes; - packets = this_cpu->packets; - } while (read_seqcount_retry(myseq, seq)); + seq = u64_stats_fetch_begin(nft_sync); + bytes = u64_stats_read(&this_cpu->bytes); + packets = u64_stats_read(&this_cpu->packets); + } while (u64_stats_fetch_retry(nft_sync, seq)); total->bytes += bytes; total->packets += packets; @@ -148,7 +152,7 @@ static int nft_counter_do_dump(struct sk_buff *skb, struct nft_counter_percpu_priv *priv, bool reset) { - struct nft_counter total; + struct nft_counter_tot total; nft_counter_fetch(priv, &total); @@ -236,7 +240,7 @@ static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src, g struct nft_counter_percpu_priv *priv_clone = nft_expr_priv(dst); struct nft_counter __percpu *cpu_stats; struct nft_counter *this_cpu; - struct nft_counter total; + struct nft_counter_tot total; nft_counter_fetch(priv, &total); @@ -244,11 +248,9 @@ static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src, g if (cpu_stats == NULL) return -ENOMEM; - preempt_disable(); - this_cpu = this_cpu_ptr(cpu_stats); - this_cpu->packets = total.packets; - this_cpu->bytes = total.bytes; - preempt_enable(); + this_cpu = raw_cpu_ptr(cpu_stats); + u64_stats_set(&this_cpu->packets, total.packets); + u64_stats_set(&this_cpu->bytes, total.bytes); priv_clone->counter = cpu_stats; return 0; @@ -266,17 +268,17 @@ static void nft_counter_offload_stats(struct nft_expr *expr, const struct flow_stats *stats) { struct nft_counter_percpu_priv *priv = nft_expr_priv(expr); + struct u64_stats_sync *nft_sync; struct nft_counter *this_cpu; - seqcount_t *myseq; local_bh_disable(); this_cpu = this_cpu_ptr(priv->counter); - myseq = this_cpu_ptr(&nft_counter_seq); + nft_sync = this_cpu_ptr(&nft_counter_sync); - write_seqcount_begin(myseq); - this_cpu->packets += stats->pkts; - this_cpu->bytes += stats->bytes; - write_seqcount_end(myseq); + u64_stats_update_begin(nft_sync); + u64_stats_add(&this_cpu->packets, stats->pkts); + u64_stats_add(&this_cpu->bytes, stats->bytes); + u64_stats_update_end(nft_sync); local_bh_enable(); } @@ -285,7 +287,7 @@ void nft_counter_init_seqcount(void) int cpu; for_each_possible_cpu(cpu) - seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu)); + u64_stats_init(per_cpu_ptr(&nft_counter_sync, cpu)); } struct nft_expr_type nft_counter_type; -- 2.49.0

2 months, 4 weeks

2
1
0 0

[PATCH 6.6] wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version 8

by Emmanuel Grumbach

From: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> commit b1e8102a4048003097c7054cbc00bbda91a5ced7 upstream Commit 6b3e87cc0ca5 ("iwlwifi: Add support for LARI_CONFIG_CHANGE_CMD cmd v9") added a few bits to iwl_lari_config_change_cmd::oem_unii4_allow_bitmap if the FW has LARI version >= 9. But we also need to send those bits for version 8 if the FW is capable of this feature (indicated with capability bits) Add the FW capability bit, and set the additional bits in the cmd when the version is 8 and the FW capability bit is set. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> Reviewed-by: Johannes Berg <johannes.berg(a)intel.com> Link: https://patch.msgid.link/20241226174257.dc5836f84514.I1e38f94465a36731034c9… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/fw/file.h | 4 ++- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 37 ++++++++++++++++++-- 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/fw/file.h b/drivers/net/wireless/intel/iwlwifi/fw/file.h index b36e9613a52c..b1687e6d3ad2 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/file.h +++ b/drivers/net/wireless/intel/iwlwifi/fw/file.h @@ -372,6 +372,8 @@ typedef unsigned int __bitwise iwl_ucode_tlv_capa_t; * channels even when these are not enabled. * @IWL_UCODE_TLV_CAPA_DUMP_COMPLETE_SUPPORT: Support for indicating dump collection * complete to FW. + * @IWL_UCODE_TLV_CAPA_BIOS_OVERRIDE_5G9_FOR_CA: supports (de)activating 5G9 + * for CA from BIOS. * * @NUM_IWL_UCODE_TLV_CAPA: number of bits used */ @@ -468,7 +470,7 @@ enum iwl_ucode_tlv_capa { IWL_UCODE_TLV_CAPA_OFFLOAD_BTM_SUPPORT = (__force iwl_ucode_tlv_capa_t)113, IWL_UCODE_TLV_CAPA_STA_EXP_MFP_SUPPORT = (__force iwl_ucode_tlv_capa_t)114, IWL_UCODE_TLV_CAPA_SNIFF_VALIDATE_SUPPORT = (__force iwl_ucode_tlv_capa_t)116, - + IWL_UCODE_TLV_CAPA_BIOS_OVERRIDE_5G9_FOR_CA = (__force iwl_ucode_tlv_capa_t)123, #ifdef __CHECKER__ /* sparse says it cannot increment the previous enum member */ #define NUM_IWL_UCODE_TLV_CAPA 128 diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c index 80b5c20d3a48..c597492668fa 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c @@ -1195,11 +1195,30 @@ static u8 iwl_mvm_eval_dsm_rfi(struct iwl_mvm *mvm) return DSM_VALUE_RFI_DISABLE; } +enum iwl_dsm_unii4_bitmap { + DSM_VALUE_UNII4_US_OVERRIDE_MSK = BIT(0), + DSM_VALUE_UNII4_US_EN_MSK = BIT(1), + DSM_VALUE_UNII4_ETSI_OVERRIDE_MSK = BIT(2), + DSM_VALUE_UNII4_ETSI_EN_MSK = BIT(3), + DSM_VALUE_UNII4_CANADA_OVERRIDE_MSK = BIT(4), + DSM_VALUE_UNII4_CANADA_EN_MSK = BIT(5), +}; + +#define DSM_UNII4_ALLOW_BITMAP (DSM_VALUE_UNII4_US_OVERRIDE_MSK |\ + DSM_VALUE_UNII4_US_EN_MSK |\ + DSM_VALUE_UNII4_ETSI_OVERRIDE_MSK |\ + DSM_VALUE_UNII4_ETSI_EN_MSK |\ + DSM_VALUE_UNII4_CANADA_OVERRIDE_MSK |\ + DSM_VALUE_UNII4_CANADA_EN_MSK) + static void iwl_mvm_lari_cfg(struct iwl_mvm *mvm) { int ret; u32 value; struct iwl_lari_config_change_cmd_v6 cmd = {}; + u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw, + WIDE_ID(REGULATORY_AND_NVM_GROUP, + LARI_CONFIG_CHANGE), 1); cmd.config_bitmap = iwl_acpi_get_lari_config_bitmap(&mvm->fwrt); @@ -1211,8 +1230,22 @@ static void iwl_mvm_lari_cfg(struct iwl_mvm *mvm) ret = iwl_acpi_get_dsm_u32(mvm->fwrt.dev, 0, DSM_FUNC_ENABLE_UNII4_CHAN, &iwl_guid, &value); - if (!ret) - cmd.oem_unii4_allow_bitmap = cpu_to_le32(value); + if (!ret) { + u32 _value = cpu_to_le32(value); + + _value &= DSM_UNII4_ALLOW_BITMAP; + + /* Since version 9, bits 4 and 5 are supported + * regardless of this capability. + */ + if (cmd_ver < 9 && + !fw_has_capa(&mvm->fw->ucode_capa, + IWL_UCODE_TLV_CAPA_BIOS_OVERRIDE_5G9_FOR_CA)) + _value &= ~(DSM_VALUE_UNII4_CANADA_OVERRIDE_MSK | + DSM_VALUE_UNII4_CANADA_EN_MSK); + + cmd.oem_unii4_allow_bitmap = cpu_to_le32(_value); + } ret = iwl_acpi_get_dsm_u32(mvm->fwrt.dev, 0, DSM_FUNC_ACTIVATE_CHANNEL, -- 2.48.1

2 months, 4 weeks

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2025