March 2025 - Linux-stable-mirror

[PATCH v3] mm/migrate: fix shmem xarray update during migration

by Zi Yan

A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. Fixes: fc346d0a70a1 ("mm: migrate high-order folios in swap cache correctly") Reported-by: Liu Shixin <liushixin2(a)huawei.com> Closes: https://lore.kernel.org/all/28546fb4-5210-bf75-16d6-43e1f8646080@huawei.com/ Suggested-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Zi Yan <ziy(a)nvidia.com> Cc: stable(a)vger.kernel.org --- mm/migrate.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index fb4afd31baf0..c0adea67cd62 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -518,15 +518,13 @@ static int __folio_migrate_mapping(struct address_space *mapping, if (folio_test_anon(folio) && folio_test_large(folio)) mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON, 1); folio_ref_add(newfolio, nr); /* add cache reference */ - if (folio_test_swapbacked(folio)) { + if (folio_test_swapbacked(folio)) __folio_set_swapbacked(newfolio); - if (folio_test_swapcache(folio)) { - folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); - } + if (folio_test_swapcache(folio)) { + folio_set_swapcache(newfolio); + newfolio->private = folio_get_private(folio); entries = nr; } else { - VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); entries = 1; } -- 2.47.2

3 months, 2 weeks

4
3
0 0

[PATCH 6.1 000/161] 6.1.130-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.130 release. There are 161 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.130-rc2 Fullway Wang <fullwaywang(a)outlook.com> media: mtk-vcodec: potential null pointer deference in SCP Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() David Howells <dhowells(a)redhat.com> mm: Don't pin ZERO_PAGE in pin_user_pages() Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server Colin Ian King <colin.i.king(a)gmail.com> afs: remove variable nr_servers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Xin Long <lucien.xin(a)gmail.com> netfilter: allow exp not to be removed in nf_ct_find_expectation Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Fix wrong register value written to MR Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Paolo Valente <paolo.valente(a)linaro.org> block, bfq: split sync bfq_queues on a per-actuator basis Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Add simple K2G manual reset Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Introduce send sub-crq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Return error code on TX scrq flush fail Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Roy Luo <royluo(a)google.com> USB: gadget: core: create sysfs link between udc and gadget Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Yang Yingliang <yangyingliang(a)huawei.com> media: Switch to use dev_err_probe() helper Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Eddie James <eajames(a)linux.ibm.com> tpm: Use managed allocation for bios event log Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: trim addresses to 8 digits Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Handle depopulation and restoration in progress Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Add dummy clock ops Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Yang Yingliang <yangyingliang(a)huawei.com> spi: atmel-quadspi: switch to use modern name Tudor Ambarus <tudor.ambarus(a)microchip.com> spi: atmel-quadspi: Add support for configuring CS timing Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: add 'sync_size' into struct md_bitmap_stats Yu Kuai <yukuai3(a)huawei.com> md/md-cluster: fix spares warnings for __le64 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/core-api/pin_user_pages.rst | 6 + Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 --- arch/powerpc/lib/code-patching.c | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/x86/Kconfig | 3 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 20 ++- arch/x86/kernel/cpu/cyrix.c | 4 +- block/bfq-cgroup.c | 97 +++++----- block/bfq-iosched.c | 195 ++++++++++++++------- block/bfq-iosched.h | 51 ++++-- drivers/bluetooth/btqca.c | 110 +++++++++--- drivers/char/tpm/eventlog/acpi.c | 16 +- drivers/char/tpm/eventlog/efi.c | 13 +- drivers/char/tpm/eventlog/of.c | 3 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mediatek/clk-mtk.c | 16 ++ drivers/clk/mediatek/clk-mtk.h | 19 ++ drivers/edac/qcom_edac.c | 4 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 ++- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 ++- drivers/gpu/drm/i915/display/intel_display.c | 18 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 2 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/tidss/tidss_dispc.c | 22 ++- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/md/md-bitmap.c | 34 ++-- drivers/md/md-bitmap.h | 9 +- drivers/md/md-cluster.c | 34 ++-- drivers/md/md.c | 33 +++- drivers/media/cec/platform/stm32/stm32-cec.c | 9 +- drivers/media/i2c/ad5820.c | 18 +- drivers/media/i2c/imx274.c | 5 +- drivers/media/i2c/tc358743.c | 9 +- drivers/media/platform/mediatek/mdp/mtk_mdp_comp.c | 5 +- .../platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 + .../mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 +- .../media/platform/samsung/exynos4-is/media-dev.c | 4 +- drivers/media/platform/st/stm32/stm32-dcmi.c | 27 +-- drivers/media/platform/ti/omap3isp/isp.c | 3 +- drivers/media/platform/xilinx/xilinx-csi2rxss.c | 8 +- drivers/media/rc/gpio-ir-recv.c | 10 +- drivers/media/rc/gpio-ir-tx.c | 9 +- drivers/media/rc/ir-rx51.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 99 +++++++++-- drivers/media/usb/uvc/uvc_driver.c | 35 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +++-- drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++++++++--- drivers/net/ethernet/ibm/ibmvnic.c | 85 +++++++-- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/ipvlan/ipvlan_core.c | 24 ++- drivers/net/loopback.c | 14 ++ drivers/net/usb/gl620a.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 ++ drivers/power/supply/da9150-fg.c | 4 +- drivers/scsi/scsi_lib.c | 22 ++- drivers/scsi/sd.c | 4 + drivers/soc/mediatek/mtk-devapc.c | 36 ++-- drivers/spi/atmel-quadspi.c | 172 +++++++++++++----- drivers/tee/optee/supp.c | 35 +--- drivers/usb/gadget/function/f_midi.c | 2 +- drivers/usb/gadget/udc/core.c | 11 +- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 ++- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 ++++++++++-- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 40 +++-- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 4 + fs/squashfs/inode.c | 5 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/mm.h | 26 ++- include/linux/netdevice.h | 2 + include/linux/ptrace.h | 4 + include/linux/skmsg.h | 2 + include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/route.h | 5 +- include/net/strparser.h | 2 + include/net/tcp.h | 22 +++ include/trace/events/icmp.h | 67 +++++++ include/trace/events/oom.h | 36 +++- include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/acct.c | 134 ++++++++------ kernel/bpf/syscall.c | 18 +- kernel/events/core.c | 17 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 30 ++-- kernel/trace/trace_events_hist.c | 34 ++-- kernel/trace/trace_functions.c | 6 +- mm/gup.c | 31 +++- mm/madvise.c | 11 +- mm/memcontrol.c | 7 +- mm/memory.c | 4 +- mm/oom_kill.c | 14 +- net/bluetooth/l2cap_core.c | 9 +- net/bpf/test_run.c | 5 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/dev.c | 37 +++- net/core/drop_monitor.c | 39 ++--- net/core/flow_dissector.c | 49 +++--- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/skmsg.c | 7 + net/core/sysctl_net_core.c | 3 +- net/ipv4/arp.c | 2 +- net/ipv4/icmp.c | 24 +-- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 29 ++- net/ipv4/tcp_bpf.c | 36 ++++ net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 8 +- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +++--- net/ipv6/seg6_iptunnel.c | 97 ++++++---- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_expect.c | 4 +- net/netfilter/nft_ct.c | 2 + net/sched/sch_fifo.c | 3 + net/strparser/strparser.c | 11 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 ++- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 2 + sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + 179 files changed, 2160 insertions(+), 955 deletions(-)

3 months, 2 weeks

8
7
0 0

[PATCH locking 10/11] rust: lockdep: Remove support for dynamically allocated LockClassKeys

by Boqun Feng

From: Mitchell Levy <levymitchell0(a)gmail.com> Currently, dynamically allocated LockCLassKeys can be used from the Rust side without having them registered. This is a soundness issue, so remove them. Suggested-by: Alice Ryhl <aliceryhl(a)google.com> Link: https://lore.kernel.org/rust-for-linux/20240815074519.2684107-3-nmi@metaspa… Cc: stable(a)vger.kernel.org Fixes: 6ea5aa08857a ("rust: sync: introduce `LockClassKey`") Reviewed-by: Benno Lossin <benno.lossin(a)proton.me> Signed-off-by: Mitchell Levy <levymitchell0(a)gmail.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Link: https://lore.kernel.org/r/20250207-rust-lockdep-v4-1-7a50a7e88656@gmail.com --- rust/kernel/sync.rs | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs index 3498fb344dc9..16eab9138b2b 100644 --- a/rust/kernel/sync.rs +++ b/rust/kernel/sync.rs @@ -30,28 +30,20 @@ unsafe impl Sync for LockClassKey {} impl LockClassKey { - /// Creates a new lock class key. - pub const fn new() -> Self { - Self(Opaque::uninit()) - } - pub(crate) fn as_ptr(&self) -> *mut bindings::lock_class_key { self.0.get() } } -impl Default for LockClassKey { - fn default() -> Self { - Self::new() - } -} - /// Defines a new static lock class and returns a pointer to it. #[doc(hidden)] #[macro_export] macro_rules! static_lock_class { () => {{ - static CLASS: $crate::sync::LockClassKey = $crate::sync::LockClassKey::new(); + static CLASS: $crate::sync::LockClassKey = + // SAFETY: lockdep expects uninitialized memory when it's handed a statically allocated + // lock_class_key + unsafe { ::core::mem::MaybeUninit::uninit().assume_init() }; &CLASS }}; } -- 2.47.1

3 months, 2 weeks

2
1
0 0

[PATCH v6 4/8] crypto: ccp: Fix uapi definitions of PSP errors

by Dionna Glaze

From: Alexey Kardashevskiy <aik(a)amd.com> Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY = 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE = 0x0019, + SEV_RET_INVALID_PAGE_STATE = 0x001A, + SEV_RET_INVALID_MDATA_ENTRY = 0x001B, + SEV_RET_INVALID_PAGE_OWNER = 0x001C, + SEV_RET_AEAD_OFLOW = 0x001D, + SEV_RET_EXIT_RING_BUFFER = 0x001F, + SEV_RET_RMP_INIT_REQUIRED = 0x0020, + SEV_RET_BAD_SVN = 0x0021, + SEV_RET_BAD_VERSION = 0x0022, + SEV_RET_SHUTDOWN_REQUIRED = 0x0023, + SEV_RET_UPDATE_FAILED = 0x0024, + SEV_RET_RESTORE_REQUIRED = 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026, + SEV_RET_INVALID_KEY = 0x0027, SEV_RET_MAX, } sev_ret_code; -- 2.47.0.277.g8800431eea-goog

3 months, 2 weeks

4
6
0 0

[PATCH v2] iommufd: Fail replace if device has not been attached

by Yi Liu

The current implementation of iommufd_device_do_replace() implicitly assumes that the input device has already been attached. However, there is no explicit check to verify this assumption. If another device within the same group has been attached, the replace operation might succeed, but the input device itself may not have been attached yet. As a result, the input device might not be tracked in the igroup->device_list, and its reserved IOVA might not be added. Despite this, the caller might incorrectly assume that the device has been successfully replaced, which could lead to unexpected behavior or errors. To address this issue, add a check to ensure that the input device has been attached before proceeding with the replace operation. This check will help maintain the integrity of the device tracking system and prevent potential issues arising from incorrect assumptions about the device's attachment status. Fixes: e88d4ec154a8 ("iommufd: Add iommufd_device_replace()") Cc: stable(a)vger.kernel.org Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Yi Liu <yi.l.liu(a)intel.com> --- Change log: v2: - Add r-b tag (Kevin) - Minor tweaks. I swarpped the order of is_attach check with the if (igroup->hwpt == NULL) check, hence no need to add WARN_ON. v1: https://lore.kernel.org/linux-iommu/20250304120754.12450-1-yi.l.liu@intel.c… --- drivers/iommu/iommufd/device.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c index b2f0cb909e6d..bd50146e2ad0 100644 --- a/drivers/iommu/iommufd/device.c +++ b/drivers/iommu/iommufd/device.c @@ -471,6 +471,17 @@ iommufd_device_attach_reserved_iova(struct iommufd_device *idev, /* The device attach/detach/replace helpers for attach_handle */ +/* Check if idev is attached to igroup->hwpt */ +static bool iommufd_device_is_attached(struct iommufd_device *idev) +{ + struct iommufd_device *cur; + + list_for_each_entry(cur, &idev->igroup->device_list, group_item) + if (cur == idev) + return true; + return false; +} + static int iommufd_hwpt_attach_device(struct iommufd_hw_pagetable *hwpt, struct iommufd_device *idev) { @@ -710,6 +721,11 @@ iommufd_device_do_replace(struct iommufd_device *idev, goto err_unlock; } + if (!iommufd_device_is_attached(idev)) { + rc = -EINVAL; + goto err_unlock; + } + if (hwpt == igroup->hwpt) { mutex_unlock(&idev->igroup->lock); return NULL; -- 2.34.1

3 months, 2 weeks

2
1
0 0

[PATCH 6.13 000/154] 6.13.6-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.6 release. There are 154 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.6-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.6-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: use bitmap_equal() instead of memcmp() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Andreas Schwab <schwab(a)suse.de> riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ken Raeburn <raeburn(a)redhat.com> dm vdo: add missing spin_lock_init Milan Broz <gmazyland(a)gmail.com> dm-integrity: Avoid divide by zero in table status in Inline mode Joanne Koong <joannelkoong(a)gmail.com> fuse: revert back to __readahead_folio() for readahead Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Tejun Heo <tj(a)kernel.org> sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test that MPTCP actions are not restricted Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix suspicious RCU usage Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: Remove device comparison in context_setup_pass_through_cb Harshitha Ramamurthy <hramamurthy(a)google.com> gve: unlink old napi when stopping a queue using queue API André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: add missing enetc4_link_deinit() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: remove the mm_lock from the ENETC v4 driver Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() George Moussalem <george.moussalem(a)outlook.com> net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Qunqin Zhao <zhaoqunqin(a)loongson.cn> net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> i2c: amd-asf: Fix EOI register write to enable successive interrupts Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Qu Wenruo <wqu(a)suse.com> btrfs: fix data overwriting bug during buffered write when block size < page size Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free on inode when scanning root during em shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: do regular iput instead of delayed iput during extent map shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: skip inodes without loaded extent maps when shrinking extent maps Damien Le Moal <dlemoal(a)kernel.org> block: Remove zone write plugs when handling native zone append writes Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Fix Boot panic on Ampere Altra Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Yilin Chen <Yilin.Chen(a)amd.com> drm/amd/display: add a quirk to enable eDP0 on DP1 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Add shadow buffering for deferred I/O Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix EFAULT handling Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: restore invalidation list on error Mingcong Bai <jeffbai(a)aosc.io> drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend_type use Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Christian Bruel <christian.bruel(a)foss.st.com> phy: stm32: Fix constant-value overflow assertion Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Arnd Bergmann <arnd(a)arndb.de> phy: rockchip: fix Kconfig dependency more Andrii Nakryiko <andrii(a)kernel.org> uprobes: Remove too strict lockdep_assert() condition in hprobe_expire() Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ard Biesheuvel <ardb(a)kernel.org> objtool: Fix C jump table annotations for Clang Peter Zijlstra <peterz(a)infradead.org> objtool: Remove annotate_{,un}reachable() Peter Zijlstra <peterz(a)infradead.org> unreachable: Unify Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Update total_weight on bind and cdev updates Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/of: Fix cdev lookup in thermal_of_should_bind() Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Eric Dumazet <edumazet(a)google.com> idpf: fix checksums set in idpf_rx_rsc() Joe Damato <jdamato(a)fastly.com> selftests: drv-net: Check if combined-count exists Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Restore missing trace event when enabling vport QoS Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Fix vport QoS cleanup on error Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Avoid setting default Rx VSI twice in switchdev setup Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Stanislav Fomichev <sdf(a)fomichev.me> tcp: devmem: don't write truncated dmabuf CMSGs to userspace Sascha Hauer <s.hauer(a)pengutronix.de> net: ethernet: ti: am65-cpsw: select PAGE_POOL Melissa Wen <mwen(a)igalia.com> drm/amd/display: restore edid reading from a given i2c adapter Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: keep enforce isolation up to date Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx: only call mes for enforce isolation if supported Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Prevent races when soft-resetting using SPI control Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe/oa: Allow oa_exponent value of 0 Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl: Rename stream name of SAI DAI driver Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix compilation problem Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header Eric Dumazet <edumazet(a)google.com> net: better track kernel sockets lifetime Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add net_passive_inc() and net_passive_dec(). David Howells <dhowells(a)redhat.com> afs: Give an afs_server object a ref on the afs_cell object it points to David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix implicit ODP hang on parent deregistration Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Adjust delegated timestamps for O_DIRECT reads and writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> landlock: Fix non-TCP sockets restriction Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the statistics for Gen P7 VF Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Allocate dev_attr information dynamically Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add sanity checks on rdev validity Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix mbox timing out by adding retry mechanism Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a WARN during dereg_mr for DM type Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 22 +- arch/arm64/kvm/vmid.c | 11 +- arch/arm64/mm/init.c | 7 +- arch/riscv/include/asm/cmpxchg.h | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/riscv/kernel/cacheinfo.c | 12 +- arch/riscv/kernel/cpufeature.c | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu_sbi_hsm.c | 11 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 1 + arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 283 ++++++++----- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 +++++++++++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 - block/blk-zoned.c | 76 +++- drivers/firmware/cirrus/cs_dsp.c | 24 +- drivers/firmware/efi/mokvar-table.c | 42 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 4 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 86 +++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/drm_fbdev_dma.c | 217 +++++++--- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - drivers/gpu/drm/xe/xe_oa.c | 5 +- drivers/gpu/drm/xe/xe_vm.c | 40 +- drivers/i2c/busses/i2c-amd-asf-plat.c | 1 + drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/bnxt_re/bnxt_re.h | 2 +- drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 40 +- drivers/infiniband/hw/bnxt_re/main.c | 41 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 ++- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/mr.c | 16 +- drivers/infiniband/hw/mlx5/odp.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/infiniband/hw/mlx5/umr.c | 83 ++-- drivers/iommu/intel/dmar.c | 1 + drivers/iommu/intel/iommu.c | 10 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm-vdo/dedupe.c | 1 + drivers/net/dsa/realtek/Kconfig | 6 + drivers/net/dsa/realtek/Makefile | 3 + drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 +----------- drivers/net/dsa/realtek/rtl8366rb.h | 107 +++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++-- drivers/net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 7 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 2 + drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 5 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 8 + .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 + drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/icssg/icss_iep.c | 21 +- drivers/net/ipvlan/ipvlan_core.c | 21 +- drivers/net/loopback.c | 14 + drivers/net/phy/qcom/qca807x.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/Kconfig | 1 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 +- drivers/phy/st/phy-stm32-combophy.c | 38 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/scsi/scsi_lib.c | 14 +- drivers/thermal/gov_power_allocator.c | 32 +- drivers/thermal/thermal_of.c | 50 ++- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd.c | 38 +- fs/afs/server.c | 3 + fs/afs/server_list.c | 4 +- fs/btrfs/extent_map.c | 83 ++-- fs/btrfs/file.c | 9 +- fs/fuse/dev.c | 6 + fs/fuse/file.c | 13 +- fs/nfs/delegation.c | 37 ++ fs/nfs/delegation.h | 1 + fs/nfs/direct.c | 23 ++ fs/nfs/nfs4proc.c | 3 + fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/blkdev.h | 7 +- include/linux/compiler-gcc.h | 12 - include/linux/compiler.h | 39 +- include/linux/rcuref.h | 9 +- include/linux/socket.h | 2 + include/linux/sunrpc/sched.h | 3 +- include/net/net_namespace.h | 11 + include/net/sock.h | 1 + include/sound/cs35l56.h | 31 ++ include/trace/events/afs.h | 2 + include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 15 +- kernel/sched/core.c | 2 +- kernel/sched/ext.c | 11 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/core/gro.c | 1 + net/core/net_namespace.c | 8 +- net/core/scm.c | 10 + net/core/skbuff.c | 2 +- net/core/sock.c | 27 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/tcp.c | 26 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/rpl_iptunnel.c | 14 +- net/ipv6/seg6_iptunnel.c | 14 +- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 20 +- net/netlink/af_netlink.c | 10 - net/rds/tcp.c | 8 +- net/rxrpc/rxperf.c | 12 + net/smc/af_smc.c | 5 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/svcsock.c | 5 +- net/sunrpc/xprtsock.c | 18 +- security/integrity/ima/ima.h | 3 + security/integrity/ima/ima_main.c | 7 +- security/landlock/net.c | 3 +- sound/pci/hda/cs35l56_hda_spi.c | 3 + sound/pci/hda/patch_realtek.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 80 ++++ sound/soc/codecs/cs35l56-spi.c | 3 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_sai.c | 6 +- sound/soc/fsl/imx-audmix.c | 4 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/objtool/check.c | 50 +-- tools/objtool/include/objtool/special.h | 2 +- tools/testing/selftests/drivers/net/queues.py | 7 +- tools/testing/selftests/landlock/common.h | 1 + tools/testing/selftests/landlock/config | 2 + tools/testing/selftests/landlock/net_test.c | 124 +++++- tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- 177 files changed, 2637 insertions(+), 1171 deletions(-)

3 months, 2 weeks

11
10
0 0

[PATCH 2/2] virt: sev-guest: Move SNP Guest Request data pages handling under snp_cmd_mutex

by Alexey Kardashevskiy

Compared to the SNP Guest Request, the "Extended" version adds data pages for receiving certificates. If not enough pages provided, the HV can report to the VM how much is needed so the VM can reallocate and repeat. Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") moved handling of the allocated/desired pages number out of scope of said mutex and create a possibility for a race (multiple instances trying to trigger Extended request in a VM) as there is just one instance of snp_msg_desc per /dev/sev-guest and no locking other than snp_cmd_mutex. Fix the issue by moving the data blob/size and the GHCB input struct (snp_req_data) into snp_guest_req which is allocated on stack now and accessed by the GHCB caller under that mutex. Stop allocating SEV_FW_BLOB_MAX_SIZE in snp_msg_alloc() as only one of four callers needs it. Free the received blob in get_ext_report() right after it is copied to the userspace. Possible future users of snp_send_guest_request() are likely to have different ideas about the buffer size anyways. Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") Cc: stable(a)vger.kernel.org Cc: Nikunj A Dadhania <nikunj(a)amd.com> Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> --- arch/x86/include/asm/sev.h | 6 ++-- arch/x86/coco/sev/core.c | 23 +++++-------- drivers/virt/coco/sev-guest/sev-guest.c | 34 ++++++++++++++++---- 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1581246491b5..ba7999f66abe 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -203,6 +203,9 @@ struct snp_guest_req { unsigned int vmpck_id; u8 msg_version; u8 msg_type; + + struct snp_req_data input; + void *certs_data; }; /* @@ -263,9 +266,6 @@ struct snp_msg_desc { struct snp_guest_msg secret_request, secret_response; struct snp_secrets_page *secrets; - struct snp_req_data input; - - void *certs_data; struct aesgcm_ctx *ctx; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 82492efc5d94..d02eea5e3d50 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2853,19 +2853,8 @@ struct snp_msg_desc *snp_msg_alloc(void) if (!mdesc->response) goto e_free_request; - mdesc->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); - if (!mdesc->certs_data) - goto e_free_response; - - /* initial the input address for guest request */ - mdesc->input.req_gpa = __pa(mdesc->request); - mdesc->input.resp_gpa = __pa(mdesc->response); - mdesc->input.data_gpa = __pa(mdesc->certs_data); - return mdesc; -e_free_response: - free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); e_free_request: free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); e_unmap: @@ -2885,7 +2874,6 @@ void snp_msg_free(struct snp_msg_desc *mdesc) kfree(mdesc->ctx); free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); - free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); iounmap((__force void __iomem *)mdesc->secrets); memset(mdesc, 0, sizeof(*mdesc)); @@ -3054,7 +3042,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(req, &mdesc->input, rio); + rc = snp_issue_guest_request(req, &req->input, rio); switch (rc) { case -ENOSPC: /* @@ -3064,7 +3052,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * order to increment the sequence number and thus avoid * IV reuse. */ - override_npages = mdesc->input.data_npages; + override_npages = req->input.data_npages; req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; /* @@ -3120,7 +3108,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r } if (override_npages) - mdesc->input.data_npages = override_npages; + req->input.data_npages = override_npages; return rc; } @@ -3158,6 +3146,11 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req */ memcpy(mdesc->request, &mdesc->secret_request, sizeof(mdesc->secret_request)); + /* initial the input address for guest request */ + req->input.req_gpa = __pa(mdesc->request); + req->input.resp_gpa = __pa(mdesc->response); + req->input.data_gpa = req->certs_data ? __pa(req->certs_data) : 0; + rc = __handle_guest_request(mdesc, req, rio); if (rc) { if (rc == -EIO && diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 4699fdc9ed44..cf3fb61f4d5b 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -177,6 +177,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_guest_req req = {}; int ret, npages = 0, resp_len; sockptr_t certs_address; + struct page *page; if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; @@ -210,8 +211,20 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * the host. If host does not supply any certs in it, then copy * zeros to indicate that certificate data was not provided. */ - memset(mdesc->certs_data, 0, report_req->certs_len); npages = report_req->certs_len >> PAGE_SHIFT; + page = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, + get_order(report_req->certs_len)); + if (!page) + return -ENOMEM; + + req.certs_data = page_address(page); + ret = set_memory_decrypted((unsigned long)req.certs_data, npages); + if (ret) { + pr_err("failed to mark page shared, ret=%d\n", ret); + __free_pages(page, get_order(report_req->certs_len)); + return -EFAULT; + } + cmd: /* * The intermediate response buffer is used while decrypting the @@ -220,10 +233,12 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques */ resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize; report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); - if (!report_resp) - return -ENOMEM; + if (!report_resp) { + ret = -ENOMEM; + goto e_free_data; + } - mdesc->input.data_npages = npages; + req.input.data_npages = npages; req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_REPORT_REQ; @@ -238,7 +253,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques /* If certs length is invalid then copy the returned length */ if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { - report_req->certs_len = mdesc->input.data_npages << PAGE_SHIFT; + report_req->certs_len = req.input.data_npages << PAGE_SHIFT; if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) ret = -EFAULT; @@ -247,7 +262,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (ret) goto e_free; - if (npages && copy_to_sockptr(certs_address, mdesc->certs_data, report_req->certs_len)) { + if (npages && copy_to_sockptr(certs_address, req.certs_data, report_req->certs_len)) { ret = -EFAULT; goto e_free; } @@ -257,6 +272,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques e_free: kfree(report_resp); +e_free_data: + if (npages) { + if (set_memory_encrypted((unsigned long)req.certs_data, npages)) + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + else + __free_pages(page, get_order(report_req->certs_len)); + } return ret; } -- 2.47.1

3 months, 2 weeks

4
3
0 0

[PATCH] PCI: controller: Restore PCI_REASSIGN_ALL_BUS when PCI_PROBE_ONLY is enabled

by Bo Sun

On our Marvell OCTEON CN96XX board, we observed the following panic on the latest kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [0000000000000080] user address but active_mm is swapper Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 9 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.13.0-rc7-00149-g9bffa1ad25b8 #1 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : of_pci_add_properties+0x278/0x4c8 lr : of_pci_add_properties+0x258/0x4c8 sp : ffff8000822ef9b0 x29: ffff8000822ef9b0 x28: ffff000106dd8000 x27: ffff800081bc3b30 x26: ffff800081540118 x25: ffff8000813d2be0 x24: 0000000000000000 x23: ffff00010528a800 x22: ffff000107c50000 x21: ffff0001039c2630 x20: ffff0001039c2630 x19: 0000000000000000 x18: ffffffffffffffff x17: 00000000a49c1b85 x16: 0000000084c07b58 x15: ffff000103a10f98 x14: ffffffffffffffff x13: ffff000103a10f96 x12: 0000000000000003 x11: 0101010101010101 x10: 000000000000002c x9 : ffff800080ca7acc x8 : ffff0001038fd900 x7 : 0000000000000000 x6 : 0000000000696370 x5 : 0000000000000000 x4 : 0000000000000002 x3 : ffff8000822efa40 x2 : ffff800081341000 x1 : ffff000107c50000 x0 : 0000000000000000 Call trace: of_pci_add_properties+0x278/0x4c8 (P) of_pci_make_dev_node+0xe0/0x158 pci_bus_add_device+0x158/0x210 pci_bus_add_devices+0x40/0x98 pci_host_probe+0x94/0x118 pci_host_common_probe+0x120/0x1a0 platform_probe+0x70/0xf0 really_probe+0xb4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __driver_attach+0x9c/0x1b0 bus_for_each_dev+0x7c/0xe8 driver_attach+0x2c/0x40 bus_add_driver+0xec/0x218 driver_register+0x68/0x138 __platform_driver_register+0x2c/0x40 gen_pci_driver_init+0x24/0x38 do_one_initcall+0x4c/0x278 kernel_init_freeable+0x1f4/0x3d0 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 Code: aa1603e1 f0005522 d2800044 91000042 (f94040a0) This regression was introduced by commit 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags"). On our board, the 002:00:07.0 bridge is misconfigured by the bootloader. Both its secondary and subordinate bus numbers are initialized to 0, while its fixed secondary bus number is set to 8. However, bus number 8 is also assigned to another bridge (0002:00:0f.0). Although this is a bootloader issue, before the change in commit 7246a4520b4b, the PCI_REASSIGN_ALL_BUS flag was set by default when PCI_PROBE_ONLY was enabled, ensuing that all the bus number for these bridges were reassigned, avoiding any conflicts. After the change introduced in commit 7246a4520b4b, the bus numbers assigned by the bootloader are reused by all other bridges, except the misconfigured 002:00:07.0 bridge. The kernel attempt to reconfigure 002:00:07.0 by reusing the fixed secondary bus number 8 assigned by bootloader. However, since a pci_bus has already been allocated for bus 8 due to the probe of 0002:00:0f.0, no new pci_bus allocated for 002:00:07.0. This results in a pci bridge device without a pci_bus attached (pdev->subordinate == NULL). Consequently, accessing pdev->subordinate in of_pci_prop_bus_range() leads to a NULL pointer dereference. To summarize, we need to restore the PCI_REASSIGN_ALL_BUS flag when PCI_PROBE_ONLY is enabled in order to work around issue like the one described above. Cc: stable(a)vger.kernel.org Fixes: 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags") Signed-off-by: Bo Sun <Bo.Sun.CN(a)windriver.com> --- drivers/pci/controller/pci-host-common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/controller/pci-host-common.c b/drivers/pci/controller/pci-host-common.c index cf5f59a745b3..615923acbc3e 100644 --- a/drivers/pci/controller/pci-host-common.c +++ b/drivers/pci/controller/pci-host-common.c @@ -73,6 +73,10 @@ int pci_host_common_probe(struct platform_device *pdev) if (IS_ERR(cfg)) return PTR_ERR(cfg); + /* Do not reassign resources if probe only */ + if (!pci_has_flag(PCI_PROBE_ONLY)) + pci_add_flags(PCI_REASSIGN_ALL_BUS); + bridge->sysdata = cfg; bridge->ops = (struct pci_ops *)&ops->pci_ops; bridge->msi_domain = true; -- 2.48.1

3 months, 2 weeks

4
9
0 0

[PATCH v1] mm/madvise: Always set ptes via arch helpers

by Ryan Roberts

Instead of writing a pte directly into the table, use the set_pte_at() helper, which gives the arch visibility of the change. In this instance we are guaranteed that the pte was originally none and is being modified to a not-present pte, so there was unlikely to be a bug in practice (at least not on arm64). But it's bad practice to write the page table memory directly without arch involvement. Cc: <stable(a)vger.kernel.org> Fixes: 662df3e5c376 ("mm: madvise: implement lightweight guard page mechanism") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- mm/madvise.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/madvise.c b/mm/madvise.c index 388dc289b5d1..6170f4acc14f 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -1101,7 +1101,7 @@ static int guard_install_set_pte(unsigned long addr, unsigned long next, unsigned long *nr_pages = (unsigned long *)walk->private; /* Simply install a PTE marker, this causes segfault on access. */ - *ptep = make_pte_marker(PTE_MARKER_GUARD); + set_pte_at(walk->mm, addr, ptep, make_pte_marker(PTE_MARKER_GUARD)); (*nr_pages)++; return 0; -- 2.43.0

3 months, 2 weeks

3
8
0 0

Re: [PATCH] net: fix uninitialised access in mii_nway_restart()

by Qasim Ijaz

On Tue, Feb 18, 2025 at 02:10:08AM +0100, Andrew Lunn wrote: > On Tue, Feb 18, 2025 at 12:24:43AM +0000, Qasim Ijaz wrote: > > In mii_nway_restart() during the line: > > > > bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); > > > > The code attempts to call mii->mdio_read which is ch9200_mdio_read(). > > > > ch9200_mdio_read() utilises a local buffer, which is initialised > > with control_read(): > > > > unsigned char buff[2]; > > > > However buff is conditionally initialised inside control_read(): > > > > if (err == size) { > > memcpy(data, buf, size); > > } > > > > If the condition of "err == size" is not met, then buff remains > > uninitialised. Once this happens the uninitialised buff is accessed > > and returned during ch9200_mdio_read(): > > > > return (buff[0] | buff[1] << 8); > > > > The problem stems from the fact that ch9200_mdio_read() ignores the > > return value of control_read(), leading to uinit-access of buff. > > > > To fix this we should check the return value of control_read() > > and return early on error. > > What about get_mac_address()? > > If you find a bug, it is a good idea to look around and see if there > are any more instances of the same bug. I could be wrong, but it seems > like get_mac_address() suffers from the same problem? Thank you for the feedback Andrew. I checked get_mac_address() before sending this patch and to me it looks like it does check the return value of control_read(). It accumulates the return value of each control_read() call into rd_mac_len and then checks if it not equal to what is expected (ETH_ALEN which is 6), I believe each call should return 2. > > Andrew

3 months, 2 weeks

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2025