- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] mm/thp: fix deferred split unqueue naming and locking" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f8f931bba0f92052cf842b7e30917b1afcc77d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024111108-kangaroo-press-8c50@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8f931bba0f92052cf842b7e30917b1afcc77d5a Mon Sep 17 00:00:00 2001 From: Hugh Dickins <hughd(a)google.com> Date: Sun, 27 Oct 2024 13:02:13 -0700 Subject: [PATCH] mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing list_del corruptions, "Bad page state"s and worse (I keep BUGs in both of those, so usually don't get to see how badly they end up without). The relevant recent changes being 6.8's mTHP, 6.10's mTHP swapout, and 6.12's mTHP swapin, improved swap allocation, and underused THP splitting. Before fixing locking: rename misleading folio_undo_large_rmappable(), which does not undo large_rmappable, to folio_unqueue_deferred_split(), which is what it does. But that and its out-of-line __callee are mm internals of very limited usability: add comment and WARN_ON_ONCEs to check usage; and return a bool to say if a deferred split was unqueued, which can then be used in WARN_ON_ONCEs around safety checks (sparing callers the arcane conditionals in __folio_unqueue_deferred_split()). Just omit the folio_unqueue_deferred_split() from free_unref_folios(), all of whose callers now call it beforehand (and if any forget then bad_page() will tell) - except for its caller put_pages_list(), which itself no longer has any callers (and will be deleted separately). Swapout: mem_cgroup_swapout() has been resetting folio->memcg_data 0 without checking and unqueueing a THP folio from deferred split list; which is unfortunate, since the split_queue_lock depends on the memcg (when memcg is enabled); so swapout has been unqueueing such THPs later, when freeing the folio, using the pgdat's lock instead: potentially corrupting the memcg's list. __remove_mapping() has frozen refcount to 0 here, so no problem with calling folio_unqueue_deferred_split() before resetting memcg_data. That goes back to 5.4 commit 87eaceb3faa5 ("mm: thp: make deferred split shrinker memcg aware"): which included a check on swapcache before adding to deferred queue, but no check on deferred queue before adding THP to swapcache. That worked fine with the usual sequence of events in reclaim (though there were a couple of rare ways in which a THP on deferred queue could have been swapped out), but 6.12 commit dafff3f4c850 ("mm: split underused THPs") avoids splitting underused THPs in reclaim, which makes swapcache THPs on deferred queue commonplace. Keep the check on swapcache before adding to deferred queue? Yes: it is no longer essential, but preserves the existing behaviour, and is likely to be a worthwhile optimization (vmstat showed much more traffic on the queue under swapping load if the check was removed); update its comment. Memcg-v1 move (deprecated): mem_cgroup_move_account() has been changing folio->memcg_data without checking and unqueueing a THP folio from the deferred list, sometimes corrupting "from" memcg's list, like swapout. Refcount is non-zero here, so folio_unqueue_deferred_split() can only be used in a WARN_ON_ONCE to validate the fix, which must be done earlier: mem_cgroup_move_charge_pte_range() first try to split the THP (splitting of course unqueues), or skip it if that fails. Not ideal, but moving charge has been requested, and khugepaged should repair the THP later: nobody wants new custom unqueueing code just for this deprecated case. The 87eaceb3faa5 commit did have the code to move from one deferred list to another (but was not conscious of its unsafety while refcount non-0); but that was removed by 5.6 commit fac0516b5534 ("mm: thp: don't need care deferred split queue in memcg charge move path"), which argued that the existence of a PMD mapping guarantees that the THP cannot be on a deferred list. As above, false in rare cases, and now commonly false. Backport to 6.11 should be straightforward. Earlier backports must take care that other _deferred_list fixes and dependencies are included. There is not a strong case for backports, but they can fix cornercases. Link: https://lkml.kernel.org/r/8dc111ae-f6db-2da7-b25c-7a20b1effe3b@google.com Fixes: 87eaceb3faa5 ("mm: thp: make deferred split shrinker memcg aware") Fixes: dafff3f4c850 ("mm: split underused THPs") Signed-off-by: Hugh Dickins <hughd(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Usama Arif <usamaarif642(a)gmail.com> Cc: Wei Yang <richard.weiyang(a)gmail.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index a1d345f1680c..03fd4bc39ea1 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3588,10 +3588,27 @@ int split_folio_to_list(struct folio *folio, struct list_head *list) return split_huge_page_to_list_to_order(&folio->page, list, ret); } -void __folio_undo_large_rmappable(struct folio *folio) +/* + * __folio_unqueue_deferred_split() is not to be called directly: + * the folio_unqueue_deferred_split() inline wrapper in mm/internal.h + * limits its calls to those folios which may have a _deferred_list for + * queueing THP splits, and that list is (racily observed to be) non-empty. + * + * It is unsafe to call folio_unqueue_deferred_split() until folio refcount is + * zero: because even when split_queue_lock is held, a non-empty _deferred_list + * might be in use on deferred_split_scan()'s unlocked on-stack list. + * + * If memory cgroups are enabled, split_queue_lock is in the mem_cgroup: it is + * therefore important to unqueue deferred split before changing folio memcg. + */ +bool __folio_unqueue_deferred_split(struct folio *folio) { struct deferred_split *ds_queue; unsigned long flags; + bool unqueued = false; + + WARN_ON_ONCE(folio_ref_count(folio)); + WARN_ON_ONCE(!mem_cgroup_disabled() && !folio_memcg(folio)); ds_queue = get_deferred_split_queue(folio); spin_lock_irqsave(&ds_queue->split_queue_lock, flags); @@ -3603,8 +3620,11 @@ void __folio_undo_large_rmappable(struct folio *folio) MTHP_STAT_NR_ANON_PARTIALLY_MAPPED, -1); } list_del_init(&folio->_deferred_list); + unqueued = true; } spin_unlock_irqrestore(&ds_queue->split_queue_lock, flags); + + return unqueued; /* useful for debug warnings */ } /* partially_mapped=false won't clear PG_partially_mapped folio flag */ @@ -3627,14 +3647,11 @@ void deferred_split_folio(struct folio *folio, bool partially_mapped) return; /* - * The try_to_unmap() in page reclaim path might reach here too, - * this may cause a race condition to corrupt deferred split queue. - * And, if page reclaim is already handling the same folio, it is - * unnecessary to handle it again in shrinker. - * - * Check the swapcache flag to determine if the folio is being - * handled by page reclaim since THP swap would add the folio into - * swap cache before calling try_to_unmap(). + * Exclude swapcache: originally to avoid a corrupt deferred split + * queue. Nowadays that is fully prevented by mem_cgroup_swapout(); + * but if page reclaim is already handling the same folio, it is + * unnecessary to handle it again in the shrinker, so excluding + * swapcache here may still be a useful optimization. */ if (folio_test_swapcache(folio)) return; diff --git a/mm/internal.h b/mm/internal.h index 93083bbeeefa..16c1f3cd599e 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -639,11 +639,11 @@ static inline void folio_set_order(struct folio *folio, unsigned int order) #endif } -void __folio_undo_large_rmappable(struct folio *folio); -static inline void folio_undo_large_rmappable(struct folio *folio) +bool __folio_unqueue_deferred_split(struct folio *folio); +static inline bool folio_unqueue_deferred_split(struct folio *folio) { if (folio_order(folio) <= 1 || !folio_test_large_rmappable(folio)) - return; + return false; /* * At this point, there is no one trying to add the folio to @@ -651,9 +651,9 @@ static inline void folio_undo_large_rmappable(struct folio *folio) * to check without acquiring the split_queue_lock. */ if (data_race(list_empty(&folio->_deferred_list))) - return; + return false; - __folio_undo_large_rmappable(folio); + return __folio_unqueue_deferred_split(folio); } static inline struct folio *page_rmappable_folio(struct page *page) diff --git a/mm/memcontrol-v1.c b/mm/memcontrol-v1.c index 81d8819f13cd..f8744f5630bb 100644 --- a/mm/memcontrol-v1.c +++ b/mm/memcontrol-v1.c @@ -848,6 +848,8 @@ static int mem_cgroup_move_account(struct folio *folio, css_get(&to->css); css_put(&from->css); + /* Warning should never happen, so don't worry about refcount non-0 */ + WARN_ON_ONCE(folio_unqueue_deferred_split(folio)); folio->memcg_data = (unsigned long)to; __folio_memcg_unlock(from); @@ -1217,7 +1219,9 @@ static int mem_cgroup_move_charge_pte_range(pmd_t *pmd, enum mc_target_type target_type; union mc_target target; struct folio *folio; + bool tried_split_before = false; +retry_pmd: ptl = pmd_trans_huge_lock(pmd, vma); if (ptl) { if (mc.precharge < HPAGE_PMD_NR) { @@ -1227,6 +1231,27 @@ static int mem_cgroup_move_charge_pte_range(pmd_t *pmd, target_type = get_mctgt_type_thp(vma, addr, *pmd, &target); if (target_type == MC_TARGET_PAGE) { folio = target.folio; + /* + * Deferred split queue locking depends on memcg, + * and unqueue is unsafe unless folio refcount is 0: + * split or skip if on the queue? first try to split. + */ + if (!list_empty(&folio->_deferred_list)) { + spin_unlock(ptl); + if (!tried_split_before) + split_folio(folio); + folio_unlock(folio); + folio_put(folio); + if (tried_split_before) + return 0; + tried_split_before = true; + goto retry_pmd; + } + /* + * So long as that pmd lock is held, the folio cannot + * be racily added to the _deferred_list, because + * __folio_remove_rmap() will find !partially_mapped. + */ if (folio_isolate_lru(folio)) { if (!mem_cgroup_move_account(folio, true, mc.from, mc.to)) { diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 2703227cce88..06df2af97415 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -4629,9 +4629,6 @@ static void uncharge_folio(struct folio *folio, struct uncharge_gather *ug) struct obj_cgroup *objcg; VM_BUG_ON_FOLIO(folio_test_lru(folio), folio); - VM_BUG_ON_FOLIO(folio_order(folio) > 1 && - !folio_test_hugetlb(folio) && - !list_empty(&folio->_deferred_list), folio); /* * Nobody should be changing or seriously looking at @@ -4678,6 +4675,7 @@ static void uncharge_folio(struct folio *folio, struct uncharge_gather *ug) ug->nr_memory += nr_pages; ug->pgpgout++; + WARN_ON_ONCE(folio_unqueue_deferred_split(folio)); folio->memcg_data = 0; } @@ -4789,6 +4787,9 @@ void mem_cgroup_migrate(struct folio *old, struct folio *new) /* Transfer the charge and the css ref */ commit_charge(new, memcg); + + /* Warning should never happen, so don't worry about refcount non-0 */ + WARN_ON_ONCE(folio_unqueue_deferred_split(old)); old->memcg_data = 0; } @@ -4975,6 +4976,7 @@ void mem_cgroup_swapout(struct folio *folio, swp_entry_t entry) VM_BUG_ON_FOLIO(oldid, folio); mod_memcg_state(swap_memcg, MEMCG_SWAP, nr_entries); + folio_unqueue_deferred_split(folio); folio->memcg_data = 0; if (!mem_cgroup_is_root(memcg)) diff --git a/mm/migrate.c b/mm/migrate.c index fab84a776088..dfa24e41e8f9 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -490,7 +490,7 @@ static int __folio_migrate_mapping(struct address_space *mapping, folio_test_large_rmappable(folio)) { if (!folio_ref_freeze(folio, expected_count)) return -EAGAIN; - folio_undo_large_rmappable(folio); + folio_unqueue_deferred_split(folio); folio_ref_unfreeze(folio, expected_count); } @@ -515,7 +515,7 @@ static int __folio_migrate_mapping(struct address_space *mapping, } /* Take off deferred split queue while frozen and memcg set */ - folio_undo_large_rmappable(folio); + folio_unqueue_deferred_split(folio); /* * Now we know that no one else is looking at the folio: diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 5e108ae755cc..8ad38cd5e574 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2681,7 +2681,6 @@ void free_unref_folios(struct folio_batch *folios) unsigned long pfn = folio_pfn(folio); unsigned int order = folio_order(folio); - folio_undo_large_rmappable(folio); if (!free_pages_prepare(&folio->page, order)) continue; /* diff --git a/mm/swap.c b/mm/swap.c index 835bdf324b76..b8e3259ea2c4 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -121,7 +121,7 @@ void __folio_put(struct folio *folio) } page_cache_release(folio); - folio_undo_large_rmappable(folio); + folio_unqueue_deferred_split(folio); mem_cgroup_uncharge(folio); free_unref_page(&folio->page, folio_order(folio)); } @@ -988,7 +988,7 @@ void folios_put_refs(struct folio_batch *folios, unsigned int *refs) free_huge_folio(folio); continue; } - folio_undo_large_rmappable(folio); + folio_unqueue_deferred_split(folio); __page_cache_release(folio, &lruvec, &flags); if (j != i) diff --git a/mm/vmscan.c b/mm/vmscan.c index ddaaff67642e..28ba2b06fc7d 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1476,7 +1476,7 @@ static unsigned int shrink_folio_list(struct list_head *folio_list, */ nr_reclaimed += nr_pages; - folio_undo_large_rmappable(folio); + folio_unqueue_deferred_split(folio); if (folio_batch_add(&free_folios, folio) == 0) { mem_cgroup_uncharge_folios(&free_folios); try_to_unmap_flush(); @@ -1864,7 +1864,7 @@ static unsigned int move_folios_to_lru(struct lruvec *lruvec, if (unlikely(folio_put_testzero(folio))) { __folio_clear_lru_flags(folio); - folio_undo_large_rmappable(folio); + folio_unqueue_deferred_split(folio); if (folio_batch_add(&free_folios, folio) == 0) { spin_unlock_irq(&lruvec->lru_lock); mem_cgroup_uncharge_folios(&free_folios);

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] signal: restore the override_rlimit logic" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9e05e5c7ee8758141d2db7e8fea2cab34500c6ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024111159-repaying-whole-1063@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9e05e5c7ee8758141d2db7e8fea2cab34500c6ed Mon Sep 17 00:00:00 2001 From: Roman Gushchin <roman.gushchin(a)linux.dev> Date: Mon, 4 Nov 2024 19:54:19 +0000 Subject: [PATCH] signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now it's enforced unconditionally, even if override_rlimit is set. This behavior change caused production issues. For example, if the limit is reached and a process receives a SIGSEGV signal, sigqueue_alloc fails to allocate the necessary resources for the signal delivery, preventing the signal from being delivered with siginfo. This prevents the process from correctly identifying the fault address and handling the error. From the user-space perspective, applications are unaware that the limit has been reached and that the siginfo is effectively 'corrupted'. This can lead to unpredictable behavior and crashes, as we observed with java applications. Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip the comparison to max there if override_rlimit is set. This effectively restores the old behavior. Link: https://lkml.kernel.org/r/20241104195419.3962584-1-roman.gushchin@linux.dev Fixes: d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") Signed-off-by: Roman Gushchin <roman.gushchin(a)linux.dev> Co-developed-by: Andrei Vagin <avagin(a)google.com> Signed-off-by: Andrei Vagin <avagin(a)google.com> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Acked-by: Alexey Gladkov <legion(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 3625096d5f85..7183e5aca282 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -141,7 +141,8 @@ static inline long get_rlimit_value(struct ucounts *ucounts, enum rlimit_type ty long inc_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, long v); bool dec_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, long v); -long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type); +long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, + bool override_rlimit); void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type); bool is_rlimit_overlimit(struct ucounts *ucounts, enum rlimit_type type, unsigned long max); diff --git a/kernel/signal.c b/kernel/signal.c index 4344860ffcac..cbabb2d05e0a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -419,7 +419,8 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t gfp_flags, */ rcu_read_lock(); ucounts = task_ucounts(t); - sigpending = inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING); + sigpending = inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING, + override_rlimit); rcu_read_unlock(); if (!sigpending) return NULL; diff --git a/kernel/ucount.c b/kernel/ucount.c index 9469102c5ac0..696406939be5 100644 --- a/kernel/ucount.c +++ b/kernel/ucount.c @@ -307,7 +307,8 @@ void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type) do_dec_rlimit_put_ucounts(ucounts, NULL, type); } -long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type) +long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, + bool override_rlimit) { /* Caller must hold a reference to ucounts */ struct ucounts *iter; @@ -320,7 +321,8 @@ long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type) goto dec_unwind; if (iter == ucounts) ret = new; - max = get_userns_rlimit_max(iter->ns, type); + if (!override_rlimit) + max = get_userns_rlimit_max(iter->ns, type); /* * Grab an extra ucount reference for the caller when * the rlimit count was previously 0.

10 months, 2 weeks

1
0
0 0

[PATCH v2 06/25] ASoC: sh: rz-ssi: Terminate all the DMA transactions

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> In case of full duplex the 1st closed stream doesn't benefit from the dmaengine_terminate_async(). Call it after the companion stream is closed. Fixes: 26ac471c5354 ("ASoC: sh: rz-ssi: Add SSI DMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - none sound/soc/renesas/rz-ssi.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index 6efd017aaa7f..2d8721156099 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -415,8 +415,12 @@ static int rz_ssi_stop(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) rz_ssi_reg_mask_setl(ssi, SSICR, SSICR_TEN | SSICR_REN, 0); /* Cancel all remaining DMA transactions */ - if (rz_ssi_is_dma_enabled(ssi)) - dmaengine_terminate_async(strm->dma_ch); + if (rz_ssi_is_dma_enabled(ssi)) { + if (ssi->playback.dma_ch) + dmaengine_terminate_async(ssi->playback.dma_ch); + if (ssi->capture.dma_ch) + dmaengine_terminate_async(ssi->capture.dma_ch); + } rz_ssi_set_idle(ssi); -- 2.39.2

10 months, 2 weeks

4
4
0 0

[PATCH v2] drm/xe: improve hibernation on igpu

by Matthew Auld

The GGTT looks to be stored inside stolen memory on igpu which is not treated as normal RAM. The core kernel skips this memory range when creating the hibernation image, therefore when coming back from hibernation the GGTT programming is lost. This seems to cause issues with broken resume where GuC FW fails to load: [drm] *ERROR* GT0: load failed: status = 0x400000A0, time = 10ms, freq = 1250MHz (req 1300MHz), done = -1 [drm] *ERROR* GT0: load failed: status: Reset = 0, BootROM = 0x50, UKernel = 0x00, MIA = 0x00, Auth = 0x01 [drm] *ERROR* GT0: firmware signature verification failed [drm] *ERROR* CRITICAL: Xe has declared device 0000:00:02.0 as wedged. Current GGTT users are kernel internal and tracked as pinned, so it should be possible to hook into the existing save/restore logic that we use for dgpu, where the actual evict is skipped but on restore we importantly restore the GGTT programming. This has been confirmed to fix hibernation on at least ADL and MTL, though likely all igpu platforms are affected. This also means we have a hole in our testing, where the existing s4 tests only really test the driver hooks, and don't go as far as actually rebooting and restoring from the hibernation image and in turn powering down RAM (and therefore losing the contents of stolen). v2 (Brost) - Remove extra newline and drop unnecessary parentheses. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/3275 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_bo.c | 37 ++++++++++++++------------------ drivers/gpu/drm/xe/xe_bo_evict.c | 6 ------ 2 files changed, 16 insertions(+), 27 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 8286cbc23721..549866da5cd1 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -952,7 +952,10 @@ int xe_bo_restore_pinned(struct xe_bo *bo) if (WARN_ON(!xe_bo_is_pinned(bo))) return -EINVAL; - if (WARN_ON(xe_bo_is_vram(bo) || !bo->ttm.ttm)) + if (WARN_ON(xe_bo_is_vram(bo))) + return -EINVAL; + + if (WARN_ON(!bo->ttm.ttm && !xe_bo_is_stolen(bo))) return -EINVAL; if (!mem_type_is_vram(place->mem_type)) @@ -1774,6 +1777,7 @@ int xe_bo_pin_external(struct xe_bo *bo) int xe_bo_pin(struct xe_bo *bo) { + struct ttm_place *place = &bo->placements[0]; struct xe_device *xe = xe_bo_device(bo); int err; @@ -1804,8 +1808,6 @@ int xe_bo_pin(struct xe_bo *bo) */ if (IS_DGFX(xe) && !(IS_ENABLED(CONFIG_DRM_XE_DEBUG) && bo->flags & XE_BO_FLAG_INTERNAL_TEST)) { - struct ttm_place *place = &(bo->placements[0]); - if (mem_type_is_vram(place->mem_type)) { xe_assert(xe, place->flags & TTM_PL_FLAG_CONTIGUOUS); @@ -1813,13 +1815,12 @@ int xe_bo_pin(struct xe_bo *bo) vram_region_gpu_offset(bo->ttm.resource)) >> PAGE_SHIFT; place->lpfn = place->fpfn + (bo->size >> PAGE_SHIFT); } + } - if (mem_type_is_vram(place->mem_type) || - bo->flags & XE_BO_FLAG_GGTT) { - spin_lock(&xe->pinned.lock); - list_add_tail(&bo->pinned_link, &xe->pinned.kernel_bo_present); - spin_unlock(&xe->pinned.lock); - } + if (mem_type_is_vram(place->mem_type) || bo->flags & XE_BO_FLAG_GGTT) { + spin_lock(&xe->pinned.lock); + list_add_tail(&bo->pinned_link, &xe->pinned.kernel_bo_present); + spin_unlock(&xe->pinned.lock); } ttm_bo_pin(&bo->ttm); @@ -1867,24 +1868,18 @@ void xe_bo_unpin_external(struct xe_bo *bo) void xe_bo_unpin(struct xe_bo *bo) { + struct ttm_place *place = &bo->placements[0]; struct xe_device *xe = xe_bo_device(bo); xe_assert(xe, !bo->ttm.base.import_attach); xe_assert(xe, xe_bo_is_pinned(bo)); - if (IS_DGFX(xe) && !(IS_ENABLED(CONFIG_DRM_XE_DEBUG) && - bo->flags & XE_BO_FLAG_INTERNAL_TEST)) { - struct ttm_place *place = &(bo->placements[0]); - - if (mem_type_is_vram(place->mem_type) || - bo->flags & XE_BO_FLAG_GGTT) { - spin_lock(&xe->pinned.lock); - xe_assert(xe, !list_empty(&bo->pinned_link)); - list_del_init(&bo->pinned_link); - spin_unlock(&xe->pinned.lock); - } + if (mem_type_is_vram(place->mem_type) || bo->flags & XE_BO_FLAG_GGTT) { + spin_lock(&xe->pinned.lock); + xe_assert(xe, !list_empty(&bo->pinned_link)); + list_del_init(&bo->pinned_link); + spin_unlock(&xe->pinned.lock); } - ttm_bo_unpin(&bo->ttm); } diff --git a/drivers/gpu/drm/xe/xe_bo_evict.c b/drivers/gpu/drm/xe/xe_bo_evict.c index 32043e1e5a86..b01bc20eb90b 100644 --- a/drivers/gpu/drm/xe/xe_bo_evict.c +++ b/drivers/gpu/drm/xe/xe_bo_evict.c @@ -34,9 +34,6 @@ int xe_bo_evict_all(struct xe_device *xe) u8 id; int ret; - if (!IS_DGFX(xe)) - return 0; - /* User memory */ for (mem_type = XE_PL_VRAM0; mem_type <= XE_PL_VRAM1; ++mem_type) { struct ttm_resource_manager *man = @@ -125,9 +122,6 @@ int xe_bo_restore_kernel(struct xe_device *xe) struct xe_bo *bo; int ret; - if (!IS_DGFX(xe)) - return 0; - spin_lock(&xe->pinned.lock); for (;;) { bo = list_first_entry_or_null(&xe->pinned.evicted, -- 2.47.0

10 months, 2 weeks

4
10
0 0

[PATCH v3 0/3] Fix bugs in qla2xxx driver

by Anastasia Kovaleva

This series of patches contains 3 separate changes that fix some bugs in the qla2xxx driver. --- v3: - Fix build issue in patch 1 v2: - Change a spinlock wrap to a WRITE_ONCE() in patch 1 - Add Reviewed-by tags on patches 2 and 3 --- Anastasia Kovaleva (3): scsi: qla2xxx: Drop starvation counter on success scsi: qla2xxx: Make target send correct LOGO scsi: qla2xxx: Remove incorrect trap drivers/scsi/qla2xxx/qla_iocb.c | 11 +++++++++++ drivers/scsi/qla2xxx/qla_isr.c | 4 ++++ drivers/scsi/qla2xxx/qla_target.c | 16 +++++++--------- 3 files changed, 22 insertions(+), 9 deletions(-) -- 2.40.1

10 months, 2 weeks

2
6
0 0

[PATCH v2 0/2] usb: typec: ucsi: glink: fix and improve orientation handling

by Dmitry Baryshkov

Fix an off-by-one issue which resulted in USB-C connector #2 orientation being reported as unknown. While we are at it, correct the way we set orientation_aware flag for the USB-C connectors. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v2: - Added cc:stable to the first patch (Greg's bot) - Expanded the commit message for the second patch. - Link to v1: https://lore.kernel.org/r/20241106-ucsi-glue-fixes-v1-0-d0183d78c522@linaro… --- Dmitry Baryshkov (2): usb: typec: ucsi: glink: fix off-by-one in connector_status usb: typec: ucsi: glink: be more precise on orientation-aware ports drivers/usb/typec/ucsi/ucsi_glink.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- base-commit: 0a2598971f04649933bd38f5db241b3bf23c04ec change-id: 20241106-ucsi-glue-fixes-a20e2b2a0e3a Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

10 months, 2 weeks

2
2
0 0

[PATCH 3/6] arm64/kvm: Configure HYP TCR.PS/DS based on host stage1

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> When the host stage1 is configured for LPA2, the value currently being programmed into TCR_EL2.T0SZ may be invalid unless LPA2 is configured at HYP as well. This means kvm_lpa2_is_enabled() is not the right condition to test when setting TCR_EL2.DS, as it will return false if LPA2 is only available for stage 1 but not for stage 2. Similary, programming TCR_EL2.PS based on a limited IPA range due to lack of stage2 LPA2 support could potentially result in problems. So use lpa2_is_enabled() instead, and set the PS field according to the host's IPS, which is capped at 48 bits if LPA2 support is absent or disabled. Whether or not we can make meaningful use of such a configuration is a different question. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/arm64/kvm/arm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index a0d01c46e408..1d20d86bb9f5 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -2005,8 +2005,7 @@ static int kvm_init_vector_slots(void) static void __init cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits) { struct kvm_nvhe_init_params *params = per_cpu_ptr_nvhe_sym(kvm_init_params, cpu); - u64 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); - unsigned long tcr; + unsigned long tcr, ips; /* * Calculate the raw per-cpu offset without a translation from the @@ -2020,6 +2019,7 @@ static void __init cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits) params->mair_el2 = read_sysreg(mair_el1); tcr = read_sysreg(tcr_el1); + ips = FIELD_GET(TCR_IPS_MASK, tcr); if (cpus_have_final_cap(ARM64_KVM_HVHE)) { tcr |= TCR_EPD1_MASK; } else { @@ -2029,8 +2029,8 @@ static void __init cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits) tcr &= ~TCR_T0SZ_MASK; tcr |= TCR_T0SZ(hyp_va_bits); tcr &= ~TCR_EL2_PS_MASK; - tcr |= FIELD_PREP(TCR_EL2_PS_MASK, kvm_get_parange(mmfr0)); - if (kvm_lpa2_is_enabled()) + tcr |= FIELD_PREP(TCR_EL2_PS_MASK, ips); + if (lpa2_is_enabled()) tcr |= TCR_EL2_DS; params->tcr_el2 = tcr; -- 2.47.0.277.g8800431eea-goog

10 months, 2 weeks

1
0
0 0

[merged mm-stable] maple_tree-refine-mas_store_root-on-storing-null.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: refine mas_store_root() on storing NULL has been removed from the -mm tree. Its filename was maple_tree-refine-mas_store_root-on-storing-null.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: maple_tree: refine mas_store_root() on storing NULL Date: Thu, 31 Oct 2024 23:16:26 +0000 Currently, when storing NULL on mas_store_root(), the behavior could be improved. Storing NULLs over the entire tree may result in a node being used to store a single range. Further stores of NULL may cause the node and tree to be corrupt and cause incorrect behaviour. Fixing the store to the root null fixes the issue by ensuring that a range of 0 - ULONG_MAX results in an empty tree. Users of the tree may experience incorrect values returned if the tree was expanded to store values, then overwritten by all NULLS, then continued to store NULLs over the empty area. For example possible cases are: * store NULL at any range result a new node * store NULL at range [m, n] where m > 0 to a single entry tree result a new node with range [m, n] set to NULL * store NULL at range [m, n] where m > 0 to an empty tree result consecutive NULL slot * it allows for multiple NULL entries by expanding root to store NULLs to an empty tree This patch tries to improve in: * memory efficient by setting to empty tree instead of using a node * remove the possibility of consecutive NULL slot which will prohibit extended null in later operation Link: https://lkml.kernel.org/r/20241031231627.14316-5-richard.weiyang@gmail.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/lib/maple_tree.c~maple_tree-refine-mas_store_root-on-storing-null +++ a/lib/maple_tree.c @@ -3447,9 +3447,20 @@ static inline void mas_root_expand(struc return; } +/* + * mas_store_root() - Storing value into root. + * @mas: The maple state + * @entry: The entry to store. + * + * There is no root node now and we are storing a value into the root - this + * function either assigns the pointer or expands into a node. + */ static inline void mas_store_root(struct ma_state *mas, void *entry) { - if (likely((mas->last != 0) || (mas->index != 0))) + if (!entry) { + if (!mas->index) + rcu_assign_pointer(mas->tree->ma_root, NULL); + } else if (likely((mas->last != 0) || (mas->index != 0))) mas_root_expand(mas, entry); else if (((unsigned long) (entry) & 3) == 2) mas_root_expand(mas, entry); _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are

10 months, 2 weeks

1
0
0 0

[PATCH] drm/amdgpu: Fix UVD contiguous CS mapping problem

by Arunpravin Paneer Selvam

When starting the mpv player, Radeon R9 users are observing the below error in dmesg. [drm:amdgpu_uvd_cs_pass2 [amdgpu]] *ERROR* msg/fb buffer ff00f7c000-ff00f7e000 out of 256MB segment! The patch tries to set the TTM_PL_FLAG_CONTIGUOUS for both user flag(AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS) set and not set cases. Closes:https://gitlab.freedesktop.org/drm/amd/-/issues/3599 Closes:https://gitlab.freedesktop.org/drm/amd/-/issues/3501 Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index d891ab779ca7..9f73f821054b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1801,13 +1801,17 @@ int amdgpu_cs_find_mapping(struct amdgpu_cs_parser *parser, if (dma_resv_locking_ctx((*bo)->tbo.base.resv) != &parser->exec.ticket) return -EINVAL; - (*bo)->flags |= AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS; - amdgpu_bo_placement_from_domain(*bo, (*bo)->allowed_domains); - for (i = 0; i < (*bo)->placement.num_placement; i++) - (*bo)->placements[i].flags |= TTM_PL_FLAG_CONTIGUOUS; - r = ttm_bo_validate(&(*bo)->tbo, &(*bo)->placement, &ctx); - if (r) - return r; + if ((*bo)->flags & AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS) { + (*bo)->placements[0].flags |= TTM_PL_FLAG_CONTIGUOUS; + } else { + (*bo)->flags |= AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS; + amdgpu_bo_placement_from_domain(*bo, (*bo)->allowed_domains); + for (i = 0; i < (*bo)->placement.num_placement; i++) + (*bo)->placements[i].flags |= TTM_PL_FLAG_CONTIGUOUS; + r = ttm_bo_validate(&(*bo)->tbo, &(*bo)->placement, &ctx); + if (r) + return r; + } return amdgpu_ttm_alloc_gart(&(*bo)->tbo); } -- 2.25.1

10 months, 2 weeks

1
0
0 0

+ selftests-hugetlb_dio-fixup-check-for-initial-conditions-to-skip-in-the-start.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests: hugetlb_dio: fixup check for initial conditions to skip in the start has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-hugetlb_dio-fixup-check-for-initial-conditions-to-skip-in-the-start.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Donet Tom <donettom(a)linux.ibm.com> Subject: selftests: hugetlb_dio: fixup check for initial conditions to skip in the start Date: Sun, 10 Nov 2024 00:49:03 -0600 This test verifies that a hugepage, used as a user buffer for DIO operations, is correctly freed upon unmapping. To test this, we read the count of free hugepages before and after the mmap, DIO, and munmap operations, then check if the free hugepage count is the same. Reading free hugepages before the test was removed by commit 0268d4579901 ('selftests: hugetlb_dio: check for initial conditions to skip at the start'), causing the test to always fail. This patch adds back reading the free hugepages before starting the test. With this patch, the tests are now passing. Test results without this patch: ./tools/testing/selftests/mm/hugetlb_dio TAP version 13 1..4 # No. Free pages before allocation : 0 # No. Free pages after munmap : 100 not ok 1 : Huge pages not freed! # No. Free pages before allocation : 0 # No. Free pages after munmap : 100 not ok 2 : Huge pages not freed! # No. Free pages before allocation : 0 # No. Free pages after munmap : 100 not ok 3 : Huge pages not freed! # No. Free pages before allocation : 0 # No. Free pages after munmap : 100 not ok 4 : Huge pages not freed! # Totals: pass:0 fail:4 xfail:0 xpass:0 skip:0 error:0 Test results with this patch: /tools/testing/selftests/mm/hugetlb_dio TAP version 13 1..4 # No. Free pages before allocation : 100 # No. Free pages after munmap : 100 ok 1 : Huge pages freed successfully ! # No. Free pages before allocation : 100 # No. Free pages after munmap : 100 ok 2 : Huge pages freed successfully ! # No. Free pages before allocation : 100 # No. Free pages after munmap : 100 ok 3 : Huge pages freed successfully ! # No. Free pages before allocation : 100 # No. Free pages after munmap : 100 ok 4 : Huge pages freed successfully ! # Totals: pass:4 fail:0 xfail:0 xpass:0 skip:0 error:0 Link: https://lkml.kernel.org/r/20241110064903.23626-1-donettom@linux.ibm.com Fixes: 0268d4579901 ("selftests: hugetlb_dio: check for initial conditions to skip in the start") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugetlb_dio.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/tools/testing/selftests/mm/hugetlb_dio.c~selftests-hugetlb_dio-fixup-check-for-initial-conditions-to-skip-in-the-start +++ a/tools/testing/selftests/mm/hugetlb_dio.c @@ -44,6 +44,13 @@ void run_dio_using_hugetlb(unsigned int if (fd < 0) ksft_exit_fail_perror("Error opening file\n"); + /* Get the free huge pages before allocation */ + free_hpage_b = get_free_hugepages(); + if (free_hpage_b == 0) { + close(fd); + ksft_exit_skip("No free hugepage, exiting!\n"); + } + /* Allocate a hugetlb page */ orig_buffer = mmap(NULL, h_pagesize, mmap_prot, mmap_flags, -1, 0); if (orig_buffer == MAP_FAILED) { _ Patches currently in -mm which might be from donettom(a)linux.ibm.com are selftests-hugetlb_dio-fixup-check-for-initial-conditions-to-skip-in-the-start.patch

10 months, 2 weeks

1
0
0 0

[PATCH] watchdog: rti: of: honor timeout-sec property

by A. Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Currently "timeout-sec" Device Tree property is being silently ignored: even though watchdog_init_timeout() is being used, the driver always passes "heartbeat" == DEFAULT_HEARTBEAT == 60 as argument. Fix this by setting struct watchdog_device::timeout to DEFAULT_HEARTBEAT and passing real module parameter value to watchdog_init_timeout() (which may now be 0 if not specified). Cc: stable(a)vger.kernel.org Fixes: 2d63908bdbfb ("watchdog: Add K3 RTI watchdog support") Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> --- drivers/watchdog/rti_wdt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/watchdog/rti_wdt.c b/drivers/watchdog/rti_wdt.c index f410b6e39fb6f..58c9445c0f885 100644 --- a/drivers/watchdog/rti_wdt.c +++ b/drivers/watchdog/rti_wdt.c @@ -61,7 +61,7 @@ #define MAX_HW_ERROR 250 -static int heartbeat = DEFAULT_HEARTBEAT; +static int heartbeat; /* * struct to hold data for each WDT device @@ -252,6 +252,7 @@ static int rti_wdt_probe(struct platform_device *pdev) wdd->min_timeout = 1; wdd->max_hw_heartbeat_ms = (WDT_PRELOAD_MAX << WDT_PRELOAD_SHIFT) / wdt->freq * 1000; + wdd->timeout = DEFAULT_HEARTBEAT; wdd->parent = dev; watchdog_set_drvdata(wdd, wdt); -- 2.47.0

10 months, 2 weeks

3
2
0 0

[PATCH V7 1/2] cpufreq: scmi: Fix cleanup path when boost enablement fails

by Sibi Sankar

Include free_cpufreq_table in the cleanup path when boost enablement fails. cc: stable(a)vger.kernel.org Fixes: a8e949d41c72 ("cpufreq: scmi: Enable boost support") Signed-off-by: Sibi Sankar <quic_sibis(a)quicinc.com> --- drivers/cpufreq/scmi-cpufreq.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c index 5892c73e129d..07d6f9a9b7c8 100644 --- a/drivers/cpufreq/scmi-cpufreq.c +++ b/drivers/cpufreq/scmi-cpufreq.c @@ -287,7 +287,7 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) ret = cpufreq_enable_boost_support(); if (ret) { dev_warn(cpu_dev, "failed to enable boost: %d\n", ret); - goto out_free_opp; + goto out_free_table; } else { scmi_cpufreq_hw_attr[1] = &cpufreq_freq_attr_scaling_boost_freqs; scmi_cpufreq_driver.boost_enabled = true; @@ -296,6 +296,8 @@ static int scmi_cpufreq_init(struct cpufreq_policy *policy) return 0; +out_free_table: + dev_pm_opp_free_cpufreq_table(cpu_dev, &freq_table); out_free_opp: dev_pm_opp_remove_all_dynamic(cpu_dev); -- 2.34.1

10 months, 2 weeks

2
1
0 0

[PATCH 6.6 00/28] fix CVE-2024-46701

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> Fix patch is patch 27, relied patches are from: - patches from set [1] to add helpers to maple_tree, the last patch to improve fork() performance is not backported; - patches from set [2] to change maple_tree, and follow up fixes; - patches from set [3] to convert offset_ctx from xarray to maple_tree; Please notice that I'm not an expert in this area, and I'm afraid to make manual changes. That's why patch 16 revert the commit that is different from mainline and will cause conflict backporting new patches. patch 28 pick the original mainline patch again. (And this is what we did to fix the CVE in downstream kernels). [1] https://lore.kernel.org/all/20231027033845.90608-1-zhangpeng.00@bytedance.c… [2] https://lore.kernel.org/all/20231101171629.3612299-2-Liam.Howlett@oracle.co… [3] https://lore.kernel.org/all/170820083431.6328.16233178852085891453.stgit@91… Andrew Morton (1): lib/maple_tree.c: fix build error due to hotfix alteration Chuck Lever (5): libfs: Re-arrange locking in offset_iterate_dir() libfs: Define a minimum directory offset libfs: Add simple_offset_empty() maple_tree: Add mtree_alloc_cyclic() libfs: Convert simple directory offsets to use a Maple Tree Liam R. Howlett (12): maple_tree: remove unnecessary default labels from switch statements maple_tree: make mas_erase() more robust maple_tree: move debug check to __mas_set_range() maple_tree: add end of node tracking to the maple state maple_tree: use cached node end in mas_next() maple_tree: use cached node end in mas_destroy() maple_tree: clean up inlines for some functions maple_tree: separate ma_state node from status maple_tree: remove mas_searchable() maple_tree: use maple state end for write operations maple_tree: don't find node end in mtree_lookup_walk() maple_tree: mtree_range_walk() clean up Lorenzo Stoakes (1): maple_tree: correct tree corruption on spanning store Peng Zhang (7): maple_tree: add mt_free_one() and mt_attr() helpers maple_tree: introduce {mtree,mas}_lock_nested() maple_tree: introduce interfaces __mt_dup() and mtree_dup() maple_tree: skip other tests when BENCH is enabled maple_tree: preserve the tree attributes when destroying maple tree maple_tree: add test for mtree_dup() maple_tree: avoid checking other gaps after getting the largest gap Yu Kuai (1): Revert "maple_tree: correct tree corruption on spanning store" yangerkun (1): libfs: fix infinite directory reads for offset dir fs/libfs.c | 129 ++- include/linux/fs.h | 6 +- include/linux/maple_tree.h | 356 +++--- include/linux/mm_types.h | 3 +- lib/maple_tree.c | 1096 +++++++++++++------ lib/test_maple_tree.c | 218 ++-- mm/internal.h | 10 +- mm/shmem.c | 4 +- tools/include/linux/spinlock.h | 1 + tools/testing/radix-tree/linux/maple_tree.h | 2 +- tools/testing/radix-tree/maple.c | 390 ++++++- 11 files changed, 1564 insertions(+), 651 deletions(-) -- 2.39.2

10 months, 2 weeks

7
46
0 0

[PATCH net] gve: Flow steering trigger reset only for timeout error

by Jeroen de Borst

From: Ziwei Xiao <ziweixiao(a)google.com> When configuring flow steering rules, the driver is currently going through a reset for all errors from the device. Instead, the driver should only reset when there's a timeout error from the device. Fixes: 57718b60df9b ("gve: Add flow steering adminq commands") Cc: stable(a)vger.kernel.org Signed-off-by: Ziwei Xiao <ziweixiao(a)google.com> Reviewed-by: Harshitha Ramamurthy <hramamurthy(a)google.com> --- drivers/net/ethernet/google/gve/gve_adminq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/google/gve/gve_adminq.c b/drivers/net/ethernet/google/gve/gve_adminq.c index e44e8b139633..060e0e674938 100644 --- a/drivers/net/ethernet/google/gve/gve_adminq.c +++ b/drivers/net/ethernet/google/gve/gve_adminq.c @@ -1248,10 +1248,10 @@ gve_adminq_configure_flow_rule(struct gve_priv *priv, sizeof(struct gve_adminq_configure_flow_rule), flow_rule_cmd); - if (err) { + if (err == -ETIME) { dev_err(&priv->pdev->dev, "Timeout to configure the flow rule, trigger reset"); gve_reset(priv, true); - } else { + } else if (!err) { priv->flow_rules_cache.rules_cache_synced = false; } -- 2.47.0.277.g8800431eea-goog

10 months, 2 weeks

2
1
0 0

[PATCH 5.10.y 0/2] Fixed perf abort when taken branch stack sampling enabled

by Shuai Xue

On x86 platform, kernel v5.10.228, perf-report command aborts due to "free(): invalid pointer" when perf-record command is run with taken branch stack sampling enabled. This regression can be reproduced with the following steps: - sudo perf record -b - sudo perf report The root cause is that bi[i].to.ms.maps does not always point to thread->maps, which is a buffer dynamically allocated by maps_new(). Instead, it may point to &machine->kmaps, while kmaps is not a pointer but a variable. The original upstream commit c1149037f65b ("perf hist: Add missing puts to hist__account_cycles") worked well because machine->kmaps had been refactored to a pointer by the previous commit 1a97cee604dc ("perf maps: Use a pointer for kmaps"). The memory leak issue, which the reverted patch intended to fix, has been solved by commit cf96b8e45a9b ("perf session: Add missing evlist__delete when deleting a session"). The root cause is that the evlist is not being deleted on exit in perf-report, perf-script, and perf-data. Consequently, the reference count of the thread increased by thread__get() in hist_entry__init() is not decremented in hist_entry__delete(). As a result, thread->maps is not properly freed. To this end, - PATCH 1/2 reverts commit a83fc293acd5c5050a4828eced4a71d2b2fffdd3 to fix the abort regression. - PATCH 2/2 backports cf96b8e45a9b ("perf session: Add missing evlist__delete when deleting a session") to fix memory leak issue. Riccardo Mancini (1): perf session: Add missing evlist__delete when deleting a session Shuai Xue (1): Revert "perf hist: Add missing puts to hist__account_cycles" tools/perf/util/hist.c | 10 +++------- tools/perf/util/session.c | 5 ++++- 2 files changed, 7 insertions(+), 8 deletions(-) -- 2.39.3

10 months, 2 weeks

2
4
0 0

[PATCH] arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer

by Dragan Simic

The way InvenSense MPU-6050 accelerometer is mounted on the user-facing side of the Pine64 PinePhone mainboard, which makes it rotated 90 degrees counter- clockwise, [1] requires the accelerometer's x- and y-axis to be swapped, and the direction of the accelerometer's y-axis to be inverted. Rectify this by adding a mount-matrix to the accelerometer definition in the Pine64 PinePhone dtsi file. [1] https://files.pine64.org/doc/PinePhone/PinePhone%20mainboard%20bottom%20pla… Fixes: 91f480d40942 ("arm64: dts: allwinner: Add initial support for Pine64 PinePhone") Cc: stable(a)vger.kernel.org Helped-by: Ondrej Jirman <megi(a)xff.cz> Helped-by: Andrey Skvortsov <andrej.skvortzov(a)gmail.com> Signed-off-by: Dragan Simic <dsimic(a)manjaro.org> --- Notes: See also the linux-sunxi thread [2] that has led to this patch, which provides a rather detailed analysis with additional details and pictures. This patch effectively replaces the patch submitted in that thread. [2] https://lore.kernel.org/linux-sunxi/20240916204521.2033218-1-andrej.skvortz… arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi b/arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi index 6eab61a12cd8..b844759f52c0 100644 --- a/arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi +++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi @@ -212,6 +212,9 @@ accelerometer@68 { interrupts = <7 5 IRQ_TYPE_EDGE_RISING>; /* PH5 */ vdd-supply = <&reg_dldo1>; vddio-supply = <&reg_dldo1>; + mount-matrix = "0", "1", "0", + "-1", "0", "0", + "0", "0", "1"; }; };

10 months, 2 weeks

4
8
0 0

+ mm-readahead-fix-large-folio-support-in-async-readahead.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/readahead: fix large folio support in async readahead has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-readahead-fix-large-folio-support-in-async-readahead.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yafang Shao <laoar.shao(a)gmail.com> Subject: mm/readahead: fix large folio support in async readahead Date: Fri, 8 Nov 2024 22:17:10 +0800 When testing large folio support with XFS on our servers, we observed that only a few large folios are mapped when reading large files via mmap. After a thorough analysis, I identified it was caused by the `/sys/block/*/queue/read_ahead_kb` setting. On our test servers, this parameter is set to 128KB. After I tune it to 2MB, the large folio can work as expected. However, I believe the large folio behavior should not be dependent on the value of read_ahead_kb. It would be more robust if the kernel can automatically adopt to it. With /sys/block/*/queue/read_ahead_kb set to 128KB and performing a sequential read on a 1GB file using MADV_HUGEPAGE, the differences in /proc/meminfo are as follows: - before this patch FileHugePages: 18432 kB FilePmdMapped: 4096 kB - after this patch FileHugePages: 1067008 kB FilePmdMapped: 1048576 kB This shows that after applying the patch, the entire 1GB file is mapped to huge pages. The stable list is CCed, as without this patch, large folios don't function optimally in the readahead path. It's worth noting that if read_ahead_kb is set to a larger value that isn't aligned with huge page sizes (e.g., 4MB + 128KB), it may still fail to map to hugepages. Link: https://lkml.kernel.org/r/20241108141710.9721-1-laoar.shao@gmail.com Fixes: 4687fdbb805a ("mm/filemap: Support VM_HUGEPAGE for file mappings") Suggested-by: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Yafang Shao <laoar.shao(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/readahead.c~mm-readahead-fix-large-folio-support-in-async-readahead +++ a/mm/readahead.c @@ -385,6 +385,8 @@ static unsigned long get_next_ra_size(st return 4 * cur; if (cur <= max / 2) return 2 * cur; + if (cur > max) + return cur; return max; } _ Patches currently in -mm which might be from laoar.shao(a)gmail.com are mm-readahead-fix-large-folio-support-in-async-readahead.patch

10 months, 2 weeks

1
0
0 0

+ nommu-pass-null-argument-to-vma_iter_prealloc.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nommu: pass NULL argument to vma_iter_prealloc() has been added to the -mm mm-hotfixes-unstable branch. Its filename is nommu-pass-null-argument-to-vma_iter_prealloc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hajime Tazaki <thehajime(a)gmail.com> Subject: nommu: pass NULL argument to vma_iter_prealloc() Date: Sat, 9 Nov 2024 07:28:34 +0900 When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu kernels crashed upon accessing a vma iterator, such as acct_collect() reading the size of vma entries after do_munmap(). This commit fixes this issue by passing a right argument to the preallocation call. Link: https://lkml.kernel.org/r/20241108222834.3625217-1-thehajime@gmail.com Fixes: b5df09226450 ("mm: set up vma iterator for vma_iter_prealloc() calls") Signed-off-by: Hajime Tazaki <thehajime(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/nommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/nommu.c~nommu-pass-null-argument-to-vma_iter_prealloc +++ a/mm/nommu.c @@ -573,7 +573,7 @@ static int delete_vma_from_mm(struct vm_ VMA_ITERATOR(vmi, vma->vm_mm, vma->vm_start); vma_iter_config(&vmi, vma->vm_start, vma->vm_end); - if (vma_iter_prealloc(&vmi, vma)) { + if (vma_iter_prealloc(&vmi, NULL)) { pr_warn("Allocation of vma tree for process %d failed\n", current->pid); return -ENOMEM; _ Patches currently in -mm which might be from thehajime(a)gmail.com are nommu-pass-null-argument-to-vma_iter_prealloc.patch

10 months, 2 weeks

1
0
0 0

[PATCH stable 6.11.y] netfs: reset subreq->iov_iter before netfs_clear_unread() tail clean

by Christian Ebner

Fixes file corruption issues when reading contents via ceph client. Call netfs_reset_subreq_iter() to align subreq->io_iter before calling netfs_clear_unread() to clear tail, as subreq->io_iter count and subreq->transferred might not be aligned after incomplete I/O, having the subreq's NETFS_SREQ_CLEAR_TAIL set. Based on ee4cdf7b ("netfs: Speed up buffered reading"), which introduces a fix for the issue in mainline. Fixes: 92b6cc5d ("netfs: Add iov_iters to (sub)requests to describe various buffers") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219237 Signed-off-by: Christian Ebner <c.ebner(a)proxmox.com> --- Sending this patch in an attempt to backport the fix introduced by commit ee4cdf7b ("netfs: Speed up buffered reading"), which however can not be cherry picked for older kernels, as the patch is not independent from other commits and touches a lot of unrelated (to the fix) code. fs/netfs/io.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/netfs/io.c b/fs/netfs/io.c index d6ada4eba744..500119285346 100644 --- a/fs/netfs/io.c +++ b/fs/netfs/io.c @@ -528,6 +528,7 @@ void netfs_subreq_terminated(struct netfs_io_subrequest *subreq, incomplete: if (test_bit(NETFS_SREQ_CLEAR_TAIL, &subreq->flags)) { + netfs_reset_subreq_iter(rreq, subreq); netfs_clear_unread(subreq); subreq->transferred = subreq->len; goto complete; -- 2.39.5

10 months, 2 weeks

2
5
0 0

[PATCH] spi: Fix deadlock when adding SPI controllers on SPI buses

by Hardik Gohil

From: Mark Brown <broonie(a)kernel.org> [ Upstream commit 6098475d4cb48d821bdf453c61118c56e26294f0 ] Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. This means that if the SPI device is itself a SPI controller and triggers the instantiation of further SPI devices we trigger a deadlock as we try to register and instantiate those devices while in the process of doing so for the parent controller and hence already holding the global spi_add_lock. Since we only care about concurrency within a single SPI bus move the lock to be per controller, avoiding the deadlock. This can be easily triggered in the case of spi-mux. Reported-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Hardik Gohil <hgohil(a)mvista.com> --- This fix was not backported to v5.4 and 5.10 Along with this fix please also apply this fix on top of this spi: fix use-after-free of the add_lock mutex commit 6c53b45c71b4920b5e62f0ea8079a1da382b9434 upstream. Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: drivers/spi/spi.c | 15 +++++---------- include/linux/spi/spi.h | 3 +++ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index 0f9410e..58f1947 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -472,12 +472,6 @@ static LIST_HEAD(spi_controller_list); */ static DEFINE_MUTEX(board_lock); -/* - * Prevents addition of devices with same chip select and - * addition of devices below an unregistering controller. - */ -static DEFINE_MUTEX(spi_add_lock); - /** * spi_alloc_device - Allocate a new SPI device * @ctlr: Controller to which device is connected @@ -580,7 +574,7 @@ int spi_add_device(struct spi_device *spi) * chipselect **BEFORE** we call setup(), else we'll trash * its configuration. Lock against concurrent add() calls. */ - mutex_lock(&spi_add_lock); + mutex_lock(&ctlr->add_lock); status = bus_for_each_dev(&spi_bus_type, NULL, spi, spi_dev_check); if (status) { @@ -624,7 +618,7 @@ int spi_add_device(struct spi_device *spi) } done: - mutex_unlock(&spi_add_lock); + mutex_unlock(&ctlr->add_lock); return status; } EXPORT_SYMBOL_GPL(spi_add_device); @@ -2512,6 +2506,7 @@ int spi_register_controller(struct spi_controller *ctlr) spin_lock_init(&ctlr->bus_lock_spinlock); mutex_init(&ctlr->bus_lock_mutex); mutex_init(&ctlr->io_mutex); + mutex_init(&ctlr->add_lock); ctlr->bus_lock_flag = 0; init_completion(&ctlr->xfer_completion); if (!ctlr->max_dma_len) @@ -2657,7 +2652,7 @@ void spi_unregister_controller(struct spi_controller *ctlr) /* Prevent addition of new devices, unregister existing ones */ if (IS_ENABLED(CONFIG_SPI_DYNAMIC)) - mutex_lock(&spi_add_lock); + mutex_lock(&ctlr->add_lock); device_for_each_child(&ctlr->dev, NULL, __unregister); @@ -2688,7 +2683,7 @@ void spi_unregister_controller(struct spi_controller *ctlr) mutex_unlock(&board_lock); if (IS_ENABLED(CONFIG_SPI_DYNAMIC)) - mutex_unlock(&spi_add_lock); + mutex_unlock(&ctlr->add_lock); } EXPORT_SYMBOL_GPL(spi_unregister_controller); diff --git a/include/linux/spi/spi.h b/include/linux/spi/spi.h index ca39b33..1b9cb90 100644 --- a/include/linux/spi/spi.h +++ b/include/linux/spi/spi.h @@ -483,6 +483,9 @@ struct spi_controller { /* I/O mutex */ struct mutex io_mutex; + /* Used to avoid adding the same CS twice */ + struct mutex add_lock; + /* lock and mutex for SPI bus locking */ spinlock_t bus_lock_spinlock; struct mutex bus_lock_mutex; -- 2.7.4

10 months, 2 weeks

2
1
0 0

[PATCH] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()

by Thomas Zimmermann

The code for detecting and updating the connector status in cdn_dp_pd_event_work() has a number of problems. - It does not aquire the locks to call the detect helper and update the connector status. These are struct drm_mode_config.connection_mutex and struct drm_mode_config.mutex. - It does not use drm_helper_probe_detect(), which helps with the details of locking and detection. - It uses the connector's status field to determine a change to the connector status. The epoch_counter field is the correct one. The field signals a change even if the connector status' value did not change. Replace the code with a call to drm_connector_helper_hpd_irq_event(), which fixes all these problems. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 81632df69772 ("drm/rockchip: cdn-dp: do not use drm_helper_hpd_irq_event") Cc: Chris Zhong <zyw(a)rock-chips.com> Cc: Guenter Roeck <groeck(a)chromium.org> Cc: Sandy Huang <hjc(a)rock-chips.com> Cc: "Heiko Stübner" <heiko(a)sntech.de> Cc: Andy Yan <andy.yan(a)rock-chips.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-rockchip(a)lists.infradead.org Cc: <stable(a)vger.kernel.org> # v4.11+ --- drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/gpu/drm/rockchip/cdn-dp-core.c b/drivers/gpu/drm/rockchip/cdn-dp-core.c index b04538907f95..f576b1aa86d1 100644 --- a/drivers/gpu/drm/rockchip/cdn-dp-core.c +++ b/drivers/gpu/drm/rockchip/cdn-dp-core.c @@ -947,9 +947,6 @@ static void cdn_dp_pd_event_work(struct work_struct *work) { struct cdn_dp_device *dp = container_of(work, struct cdn_dp_device, event_work); - struct drm_connector *connector = &dp->connector; - enum drm_connector_status old_status; - int ret; mutex_lock(&dp->lock); @@ -1009,11 +1006,7 @@ static void cdn_dp_pd_event_work(struct work_struct *work) out: mutex_unlock(&dp->lock); - - old_status = connector->status; - connector->status = connector->funcs->detect(connector, false); - if (old_status != connector->status) - drm_kms_helper_hotplug_event(dp->drm_dev); + drm_connector_helper_hpd_irq_event(&dp->connector); } static int cdn_dp_pd_event(struct notifier_block *nb, -- 2.47.0

10 months, 2 weeks

2
1
0 0

[PATCH 6.1] Revert "wifi: mac80211: fix RCU list iterations"

by Fedor Pchelkin

This reverts commit b0b2dc1eaa7ec509e07a78c9974097168ae565b7 which is commit ac35180032fbc5d80b29af00ba4881815ceefcb6 upstream. The reverted commit is based heavily on wiphy locking changes made by the "wifi: cfg80211/mac80211: locking cleanups" series [1] introduced since 6.7 kernel and not supposed to be backported to old stable branches. It breaks locking rules in the context of old stables leading e.g. to the following lockdep splat there - ieee80211_get_max_required_bw() is actually called under RCU reader lock in 6.1/6.6, not the wiphy mutex. WARNING: CPU: 3 PID: 8711 at net/mac80211/chan.c:248 ieee80211_get_max_required_bw+0x423/0x4e0 net/mac80211/chan.c:248 Modules linked in: CPU: 3 PID: 8711 Comm: kworker/u8:6 Not tainted 6.1.113-syzkaller-00105-g9859ec205cfa #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: phy155 ieee80211_iface_work RIP: 0010:ieee80211_get_max_required_bw+0x423/0x4e0 net/mac80211/chan.c:248 Call Trace: <TASK> ieee80211_get_chanctx_vif_max_required_bw net/mac80211/chan.c:294 [inline] ieee80211_get_chanctx_max_required_bw net/mac80211/chan.c:336 [inline] _ieee80211_recalc_chanctx_min_def+0x5e6/0xf30 net/mac80211/chan.c:381 ieee80211_recalc_chanctx_min_def+0x21/0x80 net/mac80211/chan.c:462 ieee80211_recalc_min_chandef+0x17a/0x590 net/mac80211/util.c:2908 sta_info_move_state+0x748/0x8c0 net/mac80211/sta_info.c:2301 ieee80211_assoc_success net/mac80211/mlme.c:5001 [inline] ieee80211_rx_mgmt_assoc_resp.cold+0x1335/0x69ec net/mac80211/mlme.c:5201 ieee80211_sta_rx_queued_mgmt+0x40f/0x2270 net/mac80211/mlme.c:5831 ieee80211_iface_process_skb net/mac80211/iface.c:1665 [inline] ieee80211_iface_work+0xa31/0xd30 net/mac80211/iface.c:1722 process_one_work+0xa72/0x1590 kernel/workqueue.c:2292 worker_thread+0x632/0x1240 kernel/workqueue.c:2439 kthread+0x2e1/0x3a0 kernel/kthread.c:376 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:295 [1]: https://lore.kernel.org/linux-wireless/20230828115927.116700-41-johannes@si… Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: Miriam Rachel Korenblit <miriam.rachel.korenblit(a)intel.com> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- net/mac80211/chan.c | 4 +--- net/mac80211/mlme.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/util.c | 4 +--- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index 807bea1a7d3c..f07e34bed8f3 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c @@ -245,9 +245,7 @@ ieee80211_get_max_required_bw(struct ieee80211_sub_if_data *sdata, enum nl80211_chan_width max_bw = NL80211_CHAN_WIDTH_20_NOHT; struct sta_info *sta; - lockdep_assert_wiphy(sdata->local->hw.wiphy); - - list_for_each_entry(sta, &sdata->local->sta_list, list) { + list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { if (sdata != sta->sdata && !(sta->sdata->bss && sta->sdata->bss == sdata->bss)) continue; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index ee9ec74b9553..9a5530ca2f6b 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -660,7 +660,7 @@ static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, bool disable_mu_mimo = false; struct ieee80211_sub_if_data *other; - list_for_each_entry(other, &local->interfaces, list) { + list_for_each_entry_rcu(other, &local->interfaces, list) { if (other->vif.bss_conf.mu_mimo_owner) { disable_mu_mimo = true; break; diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index edbf468e0bea..f1147d156c1f 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -501,7 +501,7 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) * the scan was in progress; if there was none this will * just be a no-op for the particular interface. */ - list_for_each_entry(sdata, &local->interfaces, list) { + list_for_each_entry_rcu(sdata, &local->interfaces, list) { if (ieee80211_sdata_running(sdata)) ieee80211_queue_work(&sdata->local->hw, &sdata->work); } diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 3fe15089b24f..738f1f139a90 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -767,9 +767,7 @@ static void __iterate_interfaces(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata; bool active_only = iter_flags & IEEE80211_IFACE_ITER_ACTIVE; - list_for_each_entry_rcu(sdata, &local->interfaces, list, - lockdep_is_held(&local->iflist_mtx) || - lockdep_is_held(&local->hw.wiphy->mtx)) { + list_for_each_entry_rcu(sdata, &local->interfaces, list) { switch (sdata->vif.type) { case NL80211_IFTYPE_MONITOR: if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE)) -- 2.39.5

10 months, 2 weeks

1
0
0 0

[PATCH 6.6] Revert "wifi: mac80211: fix RCU list iterations"

by Fedor Pchelkin

This reverts commit f37319609335d3eb2f7edfec4bad7996668a4d29 which is commit ac35180032fbc5d80b29af00ba4881815ceefcb6 upstream. The reverted commit is based heavily on wiphy locking changes made by the "wifi: cfg80211/mac80211: locking cleanups" series [1] introduced since 6.7 kernel and not supposed to be backported to old stable branches. It breaks locking rules in the context of old stables leading e.g. to the following lockdep splat there - ieee80211_get_max_required_bw() is actually called under RCU reader lock in 6.1/6.6, not the wiphy mutex. WARNING: CPU: 3 PID: 8711 at net/mac80211/chan.c:248 ieee80211_get_max_required_bw+0x423/0x4e0 net/mac80211/chan.c:248 Modules linked in: CPU: 3 PID: 8711 Comm: kworker/u8:6 Not tainted 6.1.113-syzkaller-00105-g9859ec205cfa #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: phy155 ieee80211_iface_work RIP: 0010:ieee80211_get_max_required_bw+0x423/0x4e0 net/mac80211/chan.c:248 Call Trace: <TASK> ieee80211_get_chanctx_vif_max_required_bw net/mac80211/chan.c:294 [inline] ieee80211_get_chanctx_max_required_bw net/mac80211/chan.c:336 [inline] _ieee80211_recalc_chanctx_min_def+0x5e6/0xf30 net/mac80211/chan.c:381 ieee80211_recalc_chanctx_min_def+0x21/0x80 net/mac80211/chan.c:462 ieee80211_recalc_min_chandef+0x17a/0x590 net/mac80211/util.c:2908 sta_info_move_state+0x748/0x8c0 net/mac80211/sta_info.c:2301 ieee80211_assoc_success net/mac80211/mlme.c:5001 [inline] ieee80211_rx_mgmt_assoc_resp.cold+0x1335/0x69ec net/mac80211/mlme.c:5201 ieee80211_sta_rx_queued_mgmt+0x40f/0x2270 net/mac80211/mlme.c:5831 ieee80211_iface_process_skb net/mac80211/iface.c:1665 [inline] ieee80211_iface_work+0xa31/0xd30 net/mac80211/iface.c:1722 process_one_work+0xa72/0x1590 kernel/workqueue.c:2292 worker_thread+0x632/0x1240 kernel/workqueue.c:2439 kthread+0x2e1/0x3a0 kernel/kthread.c:376 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:295 [1]: https://lore.kernel.org/linux-wireless/20230828115927.116700-41-johannes@si… Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: Miriam Rachel Korenblit <miriam.rachel.korenblit(a)intel.com> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- net/mac80211/chan.c | 4 +--- net/mac80211/mlme.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/util.c | 4 +--- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index c09aed6a3cfc..68952752b599 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c @@ -245,9 +245,7 @@ ieee80211_get_max_required_bw(struct ieee80211_sub_if_data *sdata, enum nl80211_chan_width max_bw = NL80211_CHAN_WIDTH_20_NOHT; struct sta_info *sta; - lockdep_assert_wiphy(sdata->local->hw.wiphy); - - list_for_each_entry(sta, &sdata->local->sta_list, list) { + list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) { if (sdata != sta->sdata && !(sta->sdata->bss && sta->sdata->bss == sdata->bss)) continue; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index b14c809bcdea..42e2c84ed248 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -732,7 +732,7 @@ static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, bool disable_mu_mimo = false; struct ieee80211_sub_if_data *other; - list_for_each_entry(other, &local->interfaces, list) { + list_for_each_entry_rcu(other, &local->interfaces, list) { if (other->vif.bss_conf.mu_mimo_owner) { disable_mu_mimo = true; break; diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index d4a032f34577..1726e3221d3c 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -490,7 +490,7 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) * the scan was in progress; if there was none this will * just be a no-op for the particular interface. */ - list_for_each_entry(sdata, &local->interfaces, list) { + list_for_each_entry_rcu(sdata, &local->interfaces, list) { if (ieee80211_sdata_running(sdata)) wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); } diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 02b5aaad2a15..d682c32821a1 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -745,9 +745,7 @@ static void __iterate_interfaces(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata; bool active_only = iter_flags & IEEE80211_IFACE_ITER_ACTIVE; - list_for_each_entry_rcu(sdata, &local->interfaces, list, - lockdep_is_held(&local->iflist_mtx) || - lockdep_is_held(&local->hw.wiphy->mtx)) { + list_for_each_entry_rcu(sdata, &local->interfaces, list) { switch (sdata->vif.type) { case NL80211_IFTYPE_MONITOR: if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE)) -- 2.39.5

10 months, 2 weeks

1
0
0 0

AMD PMF on 6.11.y

by Mario Limonciello

Hi, 6.11 already supports most functionality of AMD family 0x1a model 0x60, but the amd-pmf driver doesn't load due to a missing device ID. The device ID was added in 6.12 with: commit 8ca8d07857c69 ("platform/x86/amd/pmf: Add SMU metrics table support for 1Ah family 60h model") Can this please come back to 6.11.y to enable it more widely? Thanks!

10 months, 2 weeks

2
3
0 0

[PATCH 6.6 000/151] 6.6.60-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.60 release. There are 151 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 08 Nov 2024 12:02:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.60-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.60-rc1 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Sequential field availability check in mi_enum_attr() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-control: Add support for ALSA enum control Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-control: Add support for ALSA switch control Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove BUG_ON call sites Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: winbond: fix w25q128 regression David Hildenbrand <david(a)redhat.com> mm: don't install PMD mappings when THPs are disabled by the hw/process/vma Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix 6 GHz scan construction Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of checked flag Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211: fix NULL dereference at band check in starting tx ba session Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always lock __io_cqring_overflow_flush Haibo Chen <haibo.chen(a)nxp.com> arm64: dts: imx8ulp: correct the flexspi compatible string Gregory Price <gourry(a)gourry.net> vmscan,migrate: fix page count imbalance on node stats when demoting pages Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Andrey Konovalov <andreyknvl(a)gmail.com> kasan: remove vmalloc_percpu test Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> nvmet-auth: assign dh_key to NULL after kfree_sensitive Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 Christoph Hellwig <hch(a)lst.de> xfs: fix finding a last resort AG in xfs_filestream_pick_ag Matt Johnston <matt(a)codeconstruct.com.au> mctp i2c: handle NULL header address Edward Adam Davis <eadavis(a)qq.com> ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Sabyrzhan Tasbolatov <snovitoll(a)gmail.com> x86/traps: move kmsan check after instrumentation_begin Gatlin Newhouse <gatlin.newhouse(a)gmail.com> x86/traps: Enable UBSAN traps on x86 Matt Fleming <mfleming(a)cloudflare.com> mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Alexander Usyskin <alexander.usyskin(a)intel.com> mei: use kvmalloc for read buffer Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: init: protect sched with rcu_read_lock Hugh Dickins <hughd(a)google.com> iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP Shawn Wang <shawnwang(a)linux.alibaba.com> sched/numa: Fix the potential null pointer dereference in task_numa_work() Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Ensure ports ready at cxl_acpi_probe() return Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove duplicated GET_RM Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove unused GENERATING_ASM_OFFSETS WangYuli <wangyuli(a)uniontech.com> riscv: Use '%u' to format the output of 'cpu' Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: efi: Set NX compat flag in PE/COFF header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Limit internal Mic boost on Dell platform Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: edt-ft5x06 - fix regmap leak when probe fails Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: vdso: Prevent the compiler from inserting calls to memset() Frank Li <Frank.Li(a)nxp.com> spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Xinyu Zhang <xizhang(a)purestorage.com> block: fix sanity checks in blk_rq_map_user_bvec Ben Chuang <ben.chuang(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9767: Fix low power mode in the SD Express process Ben Chuang <ben.chuang(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9767: Fix low power mode on the set clock function Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix use-after-free, permit out-of-order decoder shutdown Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Honor TMU requirements in the domain when setting TMU mode Wladislav Wiebe <wladislav.kw(a)gmail.com> tools/mm: -Werror fixes in page-types/slabinfo Jeongjun Park <aha310510(a)gmail.com> mm: shmem: fix data-race in shmem_getattr() Yunhui Cui <cuiyunhui(a)bytedance.com> RISC-V: ACPI: fix early_ioremap to early_memremap Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential deadlock with newly created symlinks Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix microlux value calculation Jinjie Ruan <ruanjinjie(a)huawei.com> iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() Jinjie Ruan <ruanjinjie(a)huawei.com> iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() Zicheng Qu <quzicheng(a)huawei.com> iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zicheng Qu <quzicheng(a)huawei.com> staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlegacy: Clear stale interrupts before resuming device Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: clear wdev->cqm_config pointer on free Manikanta Pubbisetty <quic_mpubbise(a)quicinc.com> wifi: ath10k: Fix memory leak in management tx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Edward Liaw <edliaw(a)google.com> Revert "selftests/mm: replace atomic_bool with pthread_barrier_t" Edward Liaw <edliaw(a)google.com> Revert "selftests/mm: fix deadlock for fork after pthread_create on ARM" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Fix uevent_show() vs driver detach race" Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Use pm_runtime_get to prevent RPM on unsupported systems Faisal Hassan <quic_faisalh(a)quicinc.com> xhci: Fix Link TRB DMA in command ring stopped completion event Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usb: fix NULL-deref on runtime suspend Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: qcom-pmic-typec: use fwnode_handle_put() to release fwnodes Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() Zijun Hu <quic_zijuhu(a)quicinc.com> usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou <zhouzongmin(a)kylinos.cn> usbip: tools: Fix detach_port() invalid port error path Jan Schär <jan(a)jschaer.ch> ALSA: usb-audio: Add quirks for Dell WD19 dock Zqiang <qiang.zhang1211(a)gmail.com> rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() deadlocks Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Add data to eliminate RCU-tasks/do_exit() deadlocks Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: dummy-hcd: Fix "task hung" problem Andrey Konovalov <andreyknvl(a)gmail.com> usb: gadget: dummy_hcd: execute hrtimer callback in softirq context Marcello Sylvester Bauer <sylv(a)sylv.io> usb: gadget: dummy_hcd: Set transfer interval to 1 microframe Marcello Sylvester Bauer <sylv(a)sylv.io> usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler Dimitri Sivanich <sivanich(a)hpe.com> misc: sgi-gru: Don't disable preemption in GRU driver Dai Ngo <dai.ngo(a)oracle.com> NFS: remove revoked delegation from server's delegation list Daniel Palmer <daniel(a)0x0f.com> net: amd: mvme147: Fix probe banner message Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Add MMIO RAPL PL4 support Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support Pali Rohár <pali(a)kernel.org> cifs: Fix creating native symlinks pointing to current or parent directory Pali Rohár <pali(a)kernel.org> cifs: Improve creating native symlinks pointing to directory Benjamin Marzinski <bmarzins(a)redhat.com> scsi: scsi_transport_fc: Allow setting rport state to current state Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ntfs_file_release Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix general protection fault in run_is_mapped_full Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ni_clear() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix possible deadlock in mi_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add rough attr alloc_size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Stale inode instead of bad Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix warning possible deadlock in ntfs_set_state Andrew Ballance <andrewjballance(a)gmail.com> fs/ntfs3: Check if more than chunk-size bytes are written lei lu <llfamsec(a)gmail.com> ntfs3: Add bounds checking to mi_enum_attr() Shiju Jose <shiju.jose(a)huawei.com> cxl/events: Fix Trace DRAM Event Record Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct device number on nfs reparse points Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of device numbers Pierre Gondois <pierre.gondois(a)arm.com> ACPI: CPPC: Make rmw_lock a raw_spin_lock David Howells <dhowells(a)redhat.com> afs: Fix missing subdir edit when renamed between parent dirs David Howells <dhowells(a)redhat.com> afs: Automatically generate trace tag enums Xiongfeng Wang <wangxiongfeng2(a)huawei.com> firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Marco Elver <elver(a)google.com> kasan: Fix Software Tag-Based KASAN with GCC Christoph Hellwig <hch(a)lst.de> iomap: turn iomap_want_unshare_iter into an inline function Darrick J. Wong <djwong(a)kernel.org> fsdax: dax_unshare_iter needs to copy entire blocks Darrick J. Wong <djwong(a)kernel.org> fsdax: remove zeroing code from dax_unshare_iter Darrick J. Wong <djwong(a)kernel.org> iomap: share iomap_unshare_iter predicate code with fsdax Darrick J. Wong <djwong(a)kernel.org> iomap: don't bother unsharing delalloc extents Christoph Hellwig <hch(a)lst.de> iomap: improve shared block detection in iomap_unshare_iter Toke Høiland-Jørgensen <toke(a)redhat.com> bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_ptp: Add missing verification before pushing Tx header Benoît Monin <benoit.monin(a)gmx.fr> net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Dong Chenchen <dongchenchen2(a)huawei.com> netfilter: Fix use-after-free in get_info() Wang Liang <wangliang74(a)huawei.com> net: fix crash when config small gso_max_size/gso_ipv4_max_size Byeonguk Jeong <jungbu2855(a)gmail.com> bpf: Fix out-of-bounds write in trie_get_next_key() Zichen Xie <zichenxie0106(a)gmail.com> netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Eduard Zingerman <eddyz87(a)gmail.com> bpf: Force checkpoint when jmp history is too long Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Add bpf_percpu_obj_{new,drop}() macro in bpf_experimental.h Pedro Tammela <pctammela(a)mojatatu.com> net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: allow -1 to be specified as file description from userspace Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Wander Lairson Costa <wander(a)redhat.com> igb: Disable threaded IRQ for igb_msix_other Furong Xu <0x1207(a)gmail.com> net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Ley Foon Tan <leyfoon.tan(a)starfivetech.com> net: stmmac: dwmac4: Fix high address display by updating reg_space[] from register values Jianbo Liu <jianbol(a)nvidia.com> macsec: Fix use-after-free while sending the offloading packet Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't add default link in fw restart flow Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: synchronize the qp-handle table array Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the usage of control path spin locks Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Dump vendor specific QP details Geert Uytterhoeven <geert(a)linux-m68k.org> wifi: brcm80211: BRCM_TRACING should depend on TRACING Remi Pommarel <repk(a)triplefau.lt> wifi: ath11k: Fix invalid ring usage in full monitor mode Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys Geert Uytterhoeven <geert(a)linux-m68k.org> mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING Ben Hutchings <ben(a)decadent.org.uk> wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() Georgi Djakov <djakov(a)kernel.org> spi: geni-qcom: Fix boot warning related to pm_runtime and devres Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Fix potential overflow issue when checking max_depth Stefan Kerkmann <s.kerkmann(a)pengutronix.de> Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller Brenton Simpson <appsforartists(a)google.com> Input: xpad - sort xpad_device by vendor and product ID Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Free tzp copy along with the thermal zone Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Rework thermal zone availability check Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Make thermal_zone_device_unregister() return after freeing the zone ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 2 +- arch/riscv/kernel/acpi.c | 4 +- arch/riscv/kernel/asm-offsets.c | 2 - arch/riscv/kernel/cpu-hotplug.c | 2 +- arch/riscv/kernel/efi-header.S | 2 +- arch/riscv/kernel/traps_misaligned.c | 2 - arch/riscv/kernel/vdso/Makefile | 1 + arch/x86/include/asm/bug.h | 12 ++ arch/x86/kernel/traps.c | 71 +++++- block/blk-map.c | 4 +- drivers/acpi/cppc_acpi.c | 9 +- drivers/base/core.c | 48 ++++- drivers/base/module.c | 4 - drivers/cxl/acpi.c | 7 + drivers/cxl/core/hdm.c | 50 ++++- drivers/cxl/core/port.c | 13 +- drivers/cxl/core/region.c | 48 ++--- drivers/cxl/core/trace.h | 17 +- drivers/cxl/cxl.h | 3 +- drivers/firmware/arm_sdei.c | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 + drivers/iio/adc/ad7124.c | 2 +- drivers/iio/industrialio-gts-helper.c | 4 +- drivers/iio/light/veml6030.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 + drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 38 ++-- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 + drivers/infiniband/hw/cxgb4/provider.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/input/joystick/xpad.c | 12 +- drivers/input/touchscreen/edt-ft5x06.c | 19 +- drivers/misc/mei/client.c | 4 +- drivers/misc/sgi-gru/grukservices.c | 2 - drivers/misc/sgi-gru/grumain.c | 4 - drivers/misc/sgi-gru/grutlbpurge.c | 2 - drivers/mmc/host/sdhci-pci-gli.c | 38 ++-- drivers/mtd/spi-nor/winbond.c | 7 +- drivers/net/ethernet/amd/mvme147.c | 7 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 26 ++- drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 8 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +- drivers/net/gtp.c | 22 +- drivers/net/macsec.c | 3 +- drivers/net/mctp/mctp-i2c.c | 3 + drivers/net/netdevsim/fib.c | 4 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 7 +- drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 + drivers/net/wireless/intel/iwlegacy/common.c | 15 +- drivers/net/wireless/intel/iwlegacy/common.h | 12 ++ drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 24 ++- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/nvme/target/auth.c | 1 + drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 10 +- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 + drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 + drivers/scsi/scsi_transport_fc.c | 4 +- drivers/spi/spi-fsl-dspi.c | 6 +- drivers/spi/spi-geni-qcom.c | 8 +- drivers/staging/iio/frequency/ad9832.c | 7 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 70 +++--- drivers/thermal/thermal_core.c | 25 ++- drivers/thunderbolt/tb.c | 48 ++++- drivers/usb/gadget/udc/dummy_hcd.c | 57 +++-- drivers/usb/host/xhci-pci.c | 6 +- drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/phy/phy.c | 2 +- drivers/usb/typec/class.c | 1 + drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 4 +- fs/afs/dir.c | 25 +++ fs/afs/dir_edit.c | 91 +++++++- fs/afs/internal.h | 2 + fs/dax.c | 49 +++-- fs/iomap/buffered-io.c | 7 +- fs/nfs/delegation.c | 5 + fs/nilfs2/namei.c | 3 + fs/nilfs2/page.c | 1 + fs/ntfs3/file.c | 9 +- fs/ntfs3/frecord.c | 4 +- fs/ntfs3/inode.c | 15 +- fs/ntfs3/lznt.c | 3 + fs/ntfs3/namei.c | 2 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/ntfs3/record.c | 31 ++- fs/ocfs2/file.c | 8 + fs/smb/client/cifs_unicode.c | 17 +- fs/smb/client/reparse.c | 174 ++++++++++++++- fs/smb/client/reparse.h | 9 +- fs/smb/client/smb2inode.c | 3 +- fs/smb/client/smb2proto.h | 1 + fs/xfs/xfs_filestream.c | 23 +- fs/xfs/xfs_trace.h | 15 +- include/acpi/cppc_acpi.h | 2 +- include/linux/compiler-gcc.h | 4 + include/linux/device.h | 3 + include/linux/huge_mm.h | 18 ++ include/linux/iomap.h | 19 ++ include/linux/sched.h | 2 + include/linux/thermal.h | 2 + include/linux/ubsan.h | 5 + include/net/ip_tunnels.h | 2 +- include/trace/events/afs.h | 240 +++------------------ init/init_task.c | 1 + io_uring/io_uring.c | 13 +- io_uring/rw.c | 23 +- kernel/bpf/cgroup.c | 19 +- kernel/bpf/lpm_trie.c | 2 +- kernel/bpf/verifier.c | 9 +- kernel/cgroup/cgroup.c | 4 +- kernel/fork.c | 1 + kernel/rcu/tasks.h | 90 +++++--- kernel/sched/fair.c | 4 +- lib/Kconfig.ubsan | 4 +- lib/iov_iter.c | 6 +- mm/huge_memory.c | 13 +- mm/kasan/kasan_test.c | 27 --- mm/memory.c | 9 + mm/migrate.c | 2 +- mm/page_alloc.c | 10 +- mm/shmem.c | 2 + net/bluetooth/hci_sync.c | 18 +- net/bpf/test_run.c | 1 + net/core/dev.c | 4 + net/core/rtnetlink.c | 4 +- net/ipv6/netfilter/nf_reject_ipv6.c | 15 +- net/mac80211/Kconfig | 2 +- net/mac80211/agg-tx.c | 4 +- net/mac80211/cfg.c | 3 +- net/mac80211/key.c | 42 ++-- net/mptcp/protocol.c | 2 + net/netfilter/nft_payload.c | 3 + net/netfilter/x_tables.c | 2 +- net/sched/sch_api.c | 2 +- net/sunrpc/svc.c | 9 +- net/wireless/core.c | 1 + sound/pci/hda/patch_realtek.c | 23 +- sound/soc/codecs/cs42l51.c | 7 +- sound/soc/sof/ipc4-control.c | 175 ++++++++++++++- sound/soc/sof/ipc4-topology.c | 49 ++++- sound/soc/sof/ipc4-topology.h | 19 +- sound/usb/mixer_quirks.c | 3 + tools/mm/page-types.c | 9 +- tools/mm/slabinfo.c | 4 +- tools/testing/cxl/test/cxl.c | 14 +- tools/testing/selftests/bpf/bpf_experimental.h | 31 +++ tools/testing/selftests/mm/uffd-common.c | 5 +- tools/testing/selftests/mm/uffd-common.h | 3 +- tools/testing/selftests/mm/uffd-unit-tests.c | 21 +- tools/usb/usbip/src/usbip_detach.c | 1 + 155 files changed, 1657 insertions(+), 775 deletions(-)

10 months, 2 weeks

12
162
0 0

[PATCH 5.4 000/461] 5.4.285-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.285 release. There are 461 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 09 Nov 2024 06:32:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.285-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.285-rc2 Qun-Wei Lin <qun-wei.lin(a)mediatek.com> mm: krealloc: Fix MTE false alarm in __do_krealloc Johannes Berg <johannes.berg(a)intel.com> mac80211: always have ieee80211_sta_restart() Jeongjun Park <aha310510(a)gmail.com> vt: prevent kernel-infoleak in con_font_get() Jason-JH.Lin <jason-jh.lin(a)mediatek.com> Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" Jeongjun Park <aha310510(a)gmail.com> mm: shmem: fix data-race in shmem_getattr() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of checked flag Edward Adam Davis <eadavis(a)qq.com> ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove unused GENERATING_ASM_OFFSETS Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential deadlock with newly created symlinks Zicheng Qu <quzicheng(a)huawei.com> staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlegacy: Clear stale interrupts before resuming device Manikanta Pubbisetty <quic_mpubbise(a)quicinc.com> wifi: ath10k: Fix memory leak in management tx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Fix uevent_show() vs driver detach race" Faisal Hassan <quic_faisalh(a)quicinc.com> xhci: Fix Link TRB DMA in command ring stopped completion event Zijun Hu <quic_zijuhu(a)quicinc.com> usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou <zhouzongmin(a)kylinos.cn> usbip: tools: Fix detach_port() invalid port error path Dimitri Sivanich <sivanich(a)hpe.com> misc: sgi-gru: Don't disable preemption in GRU driver Daniel Palmer <daniel(a)0x0f.com> net: amd: mvme147: Fix probe banner message Xiongfeng Wang <wangxiongfeng2(a)huawei.com> firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() zhong jiang <zhongjiang(a)huawei.com> drivers/misc: ti-st: Remove unneeded variable in st_tty_open Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Benoît Monin <benoit.monin(a)gmx.fr> net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Xin Long <lucien.xin(a)gmail.com> net: support ip generic csum processing in skb_csum_hwoffload_help Byeonguk Jeong <jungbu2855(a)gmail.com> bpf: Fix out-of-bounds write in trie_get_next_key() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: allow -1 to be specified as file description from userspace Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> gtp: simplify error handling code in 'gtp_encap_enable()' Wander Lairson Costa <wander(a)redhat.com> igb: Disable threaded IRQ for igb_msix_other Maciej Falkowski <m.falkowski(a)samsung.com> dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Youghandhar Chintala <youghand(a)codeaurora.org> mac80211: Add support to trigger sta disconnect on hardware restart Johannes Berg <johannes.berg(a)intel.com> mac80211: do drv_reconfig_complete() before restarting all Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Fix potential overflow issue when checking max_depth Sabrina Dubroca <sd(a)queasysnail.net> xfrm: validate new SA's prefixlen using SA family when sel.family is unset junhua huang <huang.junhua(a)zte.com.cn> arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning Paul Moore <paul(a)paul-moore.com> selinux: improve error checking in sel_write_load() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of buffer delay flag Shubham Panwar <shubiisp8(a)gmail.com> ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Christian Heusel <christian(a)heusel.eu> ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Guard against bad data for ATIF ACPI method Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update default depop procedure Andrey Shumilin <shum.sdl(a)nppct.ru> ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Jinjie Ruan <ruanjinjie(a)huawei.com> posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Heiner Kallweit <hkallweit1(a)gmail.com> r8169: avoid unsolicited interrupts Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: fix use-after-free in taprio_change() Oliver Neukum <oneukum(a)suse.com> net: usb: usbnet: fix name regression Biju Das <biju.das(a)bp.renesas.com> dt-bindings: power: Add r8a774b1 SYSC power domain definitions Wang Hai <wanghai38(a)huawei.com> be2net: fix potential memory leak in be_xmit() Wang Hai <wanghai38(a)huawei.com> net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() Leo Yan <leo.yan(a)arm.com> tracing: Consider the NULL character when validating the event length Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: Fix sanity check in dbMount Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Hans de Goede <hdegoede(a)redhat.com> drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Nico Boehr <nrb(a)linux.ibm.com> KVM: s390: gaccess: Check if guest address is in memslot Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: gaccess: Cleanup access to guest pages Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: gaccess: Refactor access address range check Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> KVM: s390: gaccess: Refactor gpa and length calculation Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Fix uprobes for big-endian kernels junhua huang <huang.junhua(a)zte.com.cn> arm64:uprobe fix the uprobe SWBP_INSN in big-endian Ye Bin <yebin10(a)huawei.com> Bluetooth: bnep: fix wild-memory-access in proto_unregister Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> usb: typec: altmode should keep reference to parent Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOBs when building SMB2_IOCTL request Eric Dumazet <edumazet(a)google.com> genetlink: hold RCU in genlmsg_mcast() Wang Hai <wanghai38(a)huawei.com> net: systemport: fix potential memory leak in bcm_sysport_xmit() Wang Hai <wanghai38(a)huawei.com> net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() Sabrina Dubroca <sd(a)queasysnail.net> macsec: don't increment counters for an unrelated SA Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return more meaningful error Xin Long <lucien.xin(a)gmail.com> ipv4: give an IPv4 dev to blackhole_netdev Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Florian Klink <flokli(a)flokli.de> ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> mac80211: Fix NULL ptr deref for injected rate info Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix lz4 inplace decompression Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: propagate directory read errors from nilfs_find_entry() Zhang Rui <rui.zhang(a)intel.com> x86/apic: Always explicitly disarm TSC-deadline timer Nathan Chancellor <nathan(a)kernel.org> x86/resctrl: Annotate get_mem_config() functions as __init Takashi Iwai <tiwai(a)suse.de> parport: Proper fix for array out-of-bounds access Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 MBIM compositions Benjamin B. Frost <benjamin(a)geanix.com> USB: serial: option: add support for Quectel EG916Q-GL Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix incorrect stream context type macro Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Aaron Thompson <dev(a)aaront.org> Bluetooth: Remove debugfs directory on module init failure Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Emil Gedenryd <emil.gedenryd(a)axis.com> iio: light: opt3001: add missing full-scale range value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig Nikolay Kuratov <kniv(a)yandex-team.ru> drm/vmwgfx: Handle surface check failure correctly Omar Sandoval <osandov(a)fb.com> blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race Jim Mattson <jmattson(a)google.com> x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET Michael Mueller <mimu(a)linux.ibm.com> KVM: s390: Change virtual to physical address access in diag 0x258 handler Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> s390/sclp_vt220: Convert newlines to CRLF instead of LFCR Breno Leitao <leitao(a)debian.org> KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix potential key use-after-free Liu Shixin <liushixin2(a)huawei.com> mm/swapfile: skip HugeTLB pages for unuse_vma OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: fix uninitialized variable WangYuli <wangyuli(a)uniontech.com> PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Andrii Nakryiko <andrii(a)kernel.org> tracing/kprobes: Fix symbol counting logic by looking at modules as well Francis Laniel <flaniel(a)linux.microsoft.com> tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Fix simulate_ldr*_literal() Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Remove broken LDR (literal) uprobe support Jinjie Ruan <ruanjinjie(a)huawei.com> posix-clock: Fix missing timespec64 check in pc_clock_settime() Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Anastasia Kovaleva <a.kovaleva(a)yadro.com> net: Fix an unsafe loop on the list SurajSonawane2415 <surajsonawane0215(a)gmail.com> hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma Icenowy Zheng <uwu(a)icenowy.me> usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Jose Alberto Reguero <jose.alberto.reguero(a)gmail.com> usb: xhci: Fix problem with xhci resume from suspend Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Stop processing of pending events if controller is halted Oliver Neukum <oneukum(a)suse.com> Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" Wade Wang <wade.wang(a)hp.com> HID: plantronics: Workaround for an unexcepted opposite volume key Oliver Neukum <oneukum(a)suse.com> CDC-NCM: avoid overflow in sanity checking Huang Ying <ying.huang(a)intel.com> resource: fix region_intersects() vs add_memory_driver_managed() Zhiguo Niu <zhiguo.niu(a)unisoc.com> lockdep: fix deadlock issue between lockdep and rcu Waiman Long <longman(a)redhat.com> locking/lockdep: Avoid potential access of invalid memory in lock_class Peter Zijlstra <peterz(a)infradead.org> locking/lockdep: Rework lockdep_lock Peter Zijlstra <peterz(a)infradead.org> locking/lockdep: Fix bad recursion pattern Eric Dumazet <edumazet(a)google.com> slip: make slhc_remember() more robust against malicious packets Eric Dumazet <edumazet(a)google.com> ppp: fix ppp_async_encode() illegal access Xin Long <lucien.xin(a)gmail.com> sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Eric Dumazet <edumazet(a)google.com> net: annotate lockless accesses to sk->sk_max_ack_backlog Eric Dumazet <edumazet(a)google.com> net: annotate lockless accesses to sk->sk_ack_backlog Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: fix wrong goto Eric Dumazet <edumazet(a)google.com> net/sched: accept TCA_STAB only for root qdisc Mohamed Khalfella <mkhalfella(a)purestorage.com> igb: Do not bring the device up after non-fatal error Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Use devm_clk api to manage clock source Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Add the flush write to ensure the write complete. Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Andy Roulin <aroulin(a)nvidia.com> netfilter: br_netfilter: fix panic with metadata_dst skb Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe Neal Cardwell <ncardwell(a)google.com> tcp: fix to allow timestamp undo if no retransmits were sent Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Fix integer overflow in decode_rc_list() Dave Ertman <david.m.ertman(a)intel.com> ice: fix VLAN replay after reset Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Andrey Shumilin <shum.sdl(a)nppct.ru> fbdev: sisfb: Fix strbuf array overflow Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/iio: Add memory allocation failure check for trigger_name Philip Chen <philipchen(a)chromium.org> virtio_pmem: Check device status before requesting flush Shawn Shao <shawn.shao(a)jaguarmicro.com> usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: enable suspend interrupt after usb reset Yunke Cao <yunkec(a)chromium.org> media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Kaixin Wang <kxwang23(a)m.fudan.edu.cn> ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Alex Williamson <alex.williamson(a)redhat.com> PCI: Mark Creative Labs EMU20k2 INTx masking as broken Hans de Goede <hdegoede(a)redhat.com> i2c: i801: Use a different adapter-name for IDF adapters Subramanian Ananthanarayanan <quic_skananth(a)quicinc.com> PCI: Add ACS quirk for Qualcomm SA8775P Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: bcm: bcm53573: fix OF node leak in init Daniel Jordan <daniel.m.jordan(a)oracle.com> ktest.pl: Avoid false positives with grub2 skip regex Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Remove WARN_ON_ONCE statements Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: nested locking for xattr inode Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Add cond_resched() to cmm_alloc/free_pages() Heiko Carstens <hca(a)linux.ibm.com> s390/facility: Disable compile time optimization for decompressor code Tao Chen <chen.dylane(a)gmail.com> bpf: Check percpu map value size first Mathias Krause <minipli(a)grsecurity.net> Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal Michael S. Tsirkin <mst(a)redhat.com> virtio_console: fix misc probe bugs Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have saved_cmdlines arrays all in one allocation Rob Clark <robdclark(a)chromium.org> drm/crtc: fix uninitialized variable use even harder Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove precision vsnprintf() check from print event Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Drop TSO support Gabriel Krisman Bertazi <krisman(a)suse.de> unicode: Don't special case ignorable code points zhanchengbin <zhanchengbin1(a)huawei.com> ext4: fix inode tree inconsistency caused by ENOMEM Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix possible crash when unregistering a battery hook Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Simplify battery hook locking Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add tally counter fields added with RTL8125 Colin Ian King <colin.i.king(a)gmail.com> r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Mike Tipton <quic_mdtipton(a)quicinc.com> clk: qcom: clk-rpmh: Fix overflow in BCM vote Stephen Boyd <sboyd(a)kernel.org> clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd() NeilBrown <neilb(a)suse.de> nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Arnd Bergmann <arnd(a)arndb.de> nfsd: use ktime_get_seconds() for timestamps Oleg Nesterov <oleg(a)redhat.com> uprobes: fix kernel info leak via "[uprobes]" vma Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround once more Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-N3 definitions Anshuman Khandual <anshuman.khandual(a)arm.com> arm64: Add Cortex-715 CPU part definition Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() Stephen Boyd <swboyd(a)chromium.org> i2c: qcom-geni: Grow a dev pointer to simplify code Stephen Boyd <swboyd(a)chromium.org> i2c: qcom-geni: Let firmware specify irq trigger flags Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: davinci: fix lazy disable Filipe Manana <fdmanana(a)suse.com> btrfs: wait for fixup workers before stopping cleaner kthread during umount Qu Wenruo <wqu(a)suse.com> btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix adp5589_gpio_get_value() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rtc: at91sam9: fix OF node leak in probe() error path Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fallback to realpath if symlink's pathname does not exist Barnabás Czémán <barnabas.czeman(a)mainlining.org> iio: magnetometer: ak8975: Fix reading for ak099xx sensors Zheng Wang <zyytlz.wz(a)163.com> media: venus: fix use after free bug in venus_remove due to race condition Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: sun4i_csi: Implement link validate for sun4i_csi subdev Sebastian Reichel <sebastian.reichel(a)collabora.com> clk: rockchip: fix error for unknown clocks Chun-Yi Lee <joeyli.kernel(a)gmail.com> aoe: fix the potential use-after-free problem in more places Jisheng Zhang <jszhang(a)kernel.org> riscv: define ILLEGAL_POINTER_VALUE for 64bit Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Julian Sun <sunjunchao2870(a)gmail.com> ocfs2: fix null-ptr-deref when journal load failed. Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: remove unreasonable unlock in ocfs2_read_blocks Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: cancel dqi_sync_work before freeing oinfo Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> ocfs2: reserve space for inline xattr before attaching reflink tree Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: fix uninit-value in ocfs2_get_block() Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the la space leak when unmounting an ocfs2 volume Danilo Krummrich <dakr(a)kernel.org> mm: krealloc: consider spare memory for __GFP_ZERO Baokun Li <libaokun1(a)huawei.com> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Ma Ke <make24(a)iscas.ac.cn> drm: omapdrm: Add missing check for alloc_ordered_workqueue Andrew Jones <ajones(a)ventanamicro.com> of/irq: Support #msi-cells=<0> in of_msi_get_domain Helge Deller <deller(a)gmx.de> parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Helge Deller <deller(a)kernel.org> parisc: Fix 64-bit userspace syscall path Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Baokun Li <libaokun1(a)huawei.com> ext4: fix double brelse() the buffer of the extents path Baokun Li <libaokun1(a)huawei.com> ext4: aovid use-after-free in ext4_ext_insert_extent() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() Baokun Li <libaokun1(a)huawei.com> ext4: propagate errors from ext4_find_extent() in ext4_insert_range() Edward Adam Davis <eadavis(a)qq.com> ext4: no need to continue when the number of entries is 1 Jaroslav Kysela <perex(a)perex.cz> ALSA: core: add isascii() check to card ID generator Thomas Zimmermann <tzimmermann(a)suse.de> drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Helge Deller <deller(a)gmx.de> parisc: Fix itlb miss handler for 64-bit programs Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix small negative period being ignored Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Wait for TX empty to avoid missed TX NAKs Marek Vasut <marex(a)denx.de> i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO symbols lookup for powerpc64 Yifei Liu <yifei.l.liu(a)oracle.com> selftests: breakpoints: use remaining time to check if suspend succeed Ben Dooks <ben.dooks(a)codethink.co.uk> spi: s3c64xx: fix timeout counters in flush_fifo Artem Sadovnikov <ancowi69(a)gmail.com> ext4: fix i_data_sem unlock order in ext4_ind_migrate() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: ext4_search_dir should return a proper error Geert Uytterhoeven <geert+renesas(a)glider.be> of/irq: Refer to actual buffer size in of_irq_parse_one() Geert Uytterhoeven <geert+renesas(a)glider.be> drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() Kees Cook <kees(a)kernel.org> scsi: aacraid: Rearrange order of struct aac_srb_unit Matthew Brost <matthew.brost(a)intel.com> drm/printer: Allow NULL data in devcoredump printer Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize get_bytes_per_element's default to 1 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in degamma hardware format translation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream before comparing them Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> jfs: Fix uninit-value access of new_ea in ea_buffer Edward Adam Davis <eadavis(a)qq.com> jfs: check if leafidx greater than num leaves per dmap tree Edward Adam Davis <eadavis(a)qq.com> jfs: Fix uaf in dbFreeBits Remington Brasga <rbrasga(a)uci.edu> jfs: UBSAN: shift-out-of-bounds in dbFindBits Damien Le Moal <dlemoal(a)kernel.org> ata: sata_sil: Rename sil_blacklist to sil_quirks Andrew Davis <afd(a)ti.com> power: reset: brcmstb: Do not go into infinite loop if reset fails Kaixin Wang <kxwang23(a)m.fudan.edu.cn> fbdev: pxafb: Fix possible use after free in pxafb_task() Kees Cook <kees(a)kernel.org> x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Takashi Iwai <tiwai(a)suse.de> ALSA: hdsp: Break infinite MIDI input flush loop Takashi Iwai <tiwai(a)suse.de> ALSA: asihpi: Fix potential OOB array access Thomas Gleixner <tglx(a)linutronix.de> signal: Replace BUG_ON()s Jinjie Ruan <ruanjinjie(a)huawei.com> nfp: Use IRQF_NO_AUTOEN flag in request_irq() Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Adrian Ratiu <adrian.ratiu(a)collabora.com> proc: add config & param to block forcing mem writes Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> ACPICA: iasl: handle empty connection_node Jason Xing <kernelxing(a)tencent.com> tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Ido Schimmel <idosch(a)nvidia.com> ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Simon Horman <horms(a)kernel.org> net: mvpp2: Increase size of queue_name buffer Simon Horman <horms(a)kernel.org> tipc: guard against string buffer overrun Pei Xiao <xiaopei01(a)kylinos.cn> ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: EC: Do not release locks during operation region accesses Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw88: select WANT_DEV_COREDUMP Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: consistently use rcu_replace_pointer() in taprio_change() Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_field() fails Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_mdio: fix OF node leak in probe() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hip04: fix OF node leak in probe() Aleksandr Mishin <amishin(a)t-argos.ru> ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Jann Horn <jannh(a)google.com> f2fs: Require FMODE_WRITE for atomic write ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs Oder Chiou <oder_chiou(a)realtek.com> ALSA: hda/realtek: Fix the push button function for the ALC257 Xin Long <lucien.xin(a)gmail.com> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Anton Danilov <littlesmilingcloud(a)gmail.com> ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Eric Dumazet <edumazet(a)google.com> net: add more sanity checks to qdisc_pkt_len_init() Eric Dumazet <edumazet(a)google.com> net: avoid potential underflow in qdisc_pkt_len_init() with UFO Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix memory disclosure Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> Bluetooth: btmrvl_sdio: Refactor irq wakeup Eric Dumazet <edumazet(a)google.com> netfilter: nf_tables: prevent nf_skb_duplicated corruption Jinjie Ruan <ruanjinjie(a)huawei.com> net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Phil Sutter <phil(a)nwl.cc> netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Mohamed Khalfella <mkhalfella(a)purestorage.com> net/mlx5: Added cond_resched() to crdump collection Jinjie Ruan <ruanjinjie(a)huawei.com> ieee802154: Fix build error Krzysztof Kozlowski <krzk(a)kernel.org> drivers: net: Fix Kconfig indentation, continued rd.dunlab(a)gmail.com <rd.dunlab(a)gmail.com> Minor fixes to the CAIF Transport drivers Kconfig file Xiubo Li <xiubli(a)redhat.com> ceph: remove the incorrect Fw reference check when dirtying pages Stefan Wahren <wahrenst(a)gmx.net> mailbox: bcm2835: Fix timeout during suspend mode Liao Chen <liaochen4(a)huawei.com> mailbox: rockchip: fix a typo in module autoloading Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> usb: yurex: Fix inconsistent locking bug in yurex_read() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: isch: Add missed 'else' Tommy Huang <tommy_huang(a)aspeedtech.com> i2c: aspeed: Update the stop sw state when the bus recovery occurs David Gow <davidgow(a)google.com> mm: only enforce minimum stack gap size if it's sensible Ma Ke <make24(a)iscas.ac.cn> pps: add an error check in parport_attach Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pps: remove usage of the deprecated ida_simple_xx() API Oliver Neukum <oneukum(a)suse.com> USB: misc: yurex: fix race between read and write Lee Jones <lee(a)kernel.org> usb: yurex: Replace snprintf() with the safer scnprintf() variant Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix soc_dev leak during device remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix memory leak during device remove Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Thomas Gleixner <tglx(a)linutronix.de> PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() Arseniy Krasnov <avkrasnov(a)salutedevices.com> ASoC: meson: axg-card: fix 'use-after-free' Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg: extract sound card utils Li Lingfeng <lilingfeng3(a)huawei.com> nfs: fix memory leak in error path of nfs4_do_reclaim Mickaël Salaün <mic(a)digikod.net> fs: Fix file_set_fowner LSM hook inconsistencies Julian Sun <sunjunchao2870(a)gmail.com> vfs: fix race between evice_inodes() and find_inode()&iput() Guoqing Jiang <guoqing.jiang(a)canonical.com> hwrng: mtk - Use devm_pm_runtime_enable Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: prevent possible int overflow in dir_block_index() Zhen Lei <thunder.leizhen(a)huawei.com> debugobjects: Fix conditions in fill_pool() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8822c: Fix reported RX band width Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Thomas Weißschuh <linux(a)weissschuh.net> ACPI: sysfs: validate return type of _STR method Mikhail Lobanov <m.lobanov(a)rosalinux.ru> drbd: Add NULL check for net_conf to prevent dereference in state validation Qiu-ji Chen <chenqiuji666(a)gmail.com> drbd: Fix atomicity violation in drbd_uuid_set_bm() Florian Fainelli <florian.fainelli(a)broadcom.com> tty: rp2: Fix reset with non forgiving PCIe host bridges Jann Horn <jannh(a)google.com> firmware_loader: Block path traversal Oliver Neukum <oneukum(a)suse.com> USB: class: CDC-ACM: fix race between get_serial and set_serial Oliver Neukum <oneukum(a)suse.com> USB: misc: cypress_cy7c63: check for short transfer Oliver Neukum <oneukum(a)suse.com> USB: appledisplay: close race between probe and completion handler Robin Chen <robin.chen(a)amd.com> drm/amd/display: Round calculated vtotal Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: integrator: fix OF node leak in probe() error path Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Remove *.orig pattern from .gitignore Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use Simon Horman <horms(a)kernel.org> netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Youssef Samir <quic_yabdulra(a)quicinc.com> net: qrtr: Update packets cloning when broadcasting Josh Hunt <johunt(a)akamai.com> tcp: check skb is non-NULL in tcp_rto_delta_us() Kaixin Wang <kxwang23(a)m.fudan.edu.cn> net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: tmc: sg: Do not leak sg_table Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix standby gpio state to match the documentation Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix oversampling gpio array Chao Yu <chao(a)kernel.org> f2fs: reduce expensive checkpoint trigger frequency Chao Yu <chao(a)kernel.org> f2fs: remove unneeded check condition in __f2fs_setxattr() Chao Yu <chao(a)kernel.org> f2fs: fix to update i_ctime in __f2fs_setxattr() Yonggil Song <yonggil.song(a)samsung.com> f2fs: fix typo Chao Yu <chao(a)kernel.org> f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: return -EINVAL when namelen is 0 Guoqing Jiang <guoqing.jiang(a)linux.dev> nfsd: call cache_put if xdr_reserve_space returns NULL Jinjie Ruan <ruanjinjie(a)huawei.com> ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() Mikhail Lobanov <m.lobanov(a)rosalinux.ru> RDMA/cxgb4: Added NULL check for lookup_atid Jinjie Ruan <ruanjinjie(a)huawei.com> riscv: Fix fp alignment bug in perf_callchain_user() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Optimize hem allocation performance Jonas Blixt <jonas.blixt(a)actia.se> watchdog: imx_sc_wdt: Don't disable WDT in suspend Wang Jianzheng <wangjianzheng(a)vivo.com> pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function David Lechner <dlechner(a)baylibre.com> clk: ti: dra7-atl: Fix leak of of_nodes Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix missing error code in pcs_probe() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix register misspelling Dan Carpenter <dan.carpenter(a)linaro.org> PCI: keystone: Fix if-statement expression in ks_pcie_quirk() Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Jonas Karlman <jonas(a)kwiboo.se> clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Ian Rogers <irogers(a)google.com> perf time-utils: Fix 32-bit nsec parsing Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fix missing free of session in perf_sched__timehist() Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential oob read in nilfs_btree_check_delete() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: determine empty node blocks as corrupted Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: avoid OOB when system.data xattr changes underneath the filesystem Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: return error on ext4_find_inline_entry Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid negative min_clusters in find_group_orlov() Jiawei Ye <jiawei.ye(a)foxmail.com> smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso yangerkun <yangerkun(a)huawei.com> ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard Mauricio Faria de Oliveira <mfo(a)canonical.com> jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() Chen Yu <yu.c.chen(a)intel.com> kthread: fix task state in kthread worker if being frozen Rob Clark <robdclark(a)chromium.org> kthread: add kthread_work tracepoints Lasse Collin <lasse.collin(a)tukaani.org> xz: cleanup CRC32 edits from 2018 Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling test_lru_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling tcp_rtt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling flow_dissector.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c Jonathan McDowell <noodles(a)meta.com> tpm: Clean up TPM space after command failure Juergen Gross <jgross(a)suse.com> xen/swiotlb: add alignment check for dma buffers Juergen Gross <jgross(a)suse.com> xen: use correct end address of kernel for conflict checking Yuesong Li <liyuesong(a)vivo.com> drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Sherry Yang <sherry.yang(a)oracle.com> drm/msm: fix %s null argument error Wolfram Sang <wsa+renesas(a)sang-engineering.com> ipmi: docs: don't advertise deprecated sysfs entries Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: fix races in preemption evaluation stage Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: properly clear preemption records on resume Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: disable preemption in submits by default Aleksandr Mishin <amishin(a)t-argos.ru> drm/msm: Fix incorrect file name output in adreno_request_fw() Jeongjun Park <aha310510(a)gmail.com> jfs: fix out-of-bounds in dbNextAG() and diAlloc() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets Jonas Karlman <jonas(a)kwiboo.se> drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode Alex Bee <knaerzche(a)gmail.com> drm/rockchip: vop: Allow 4096px width scaling Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: properly handle vbios fake edid sizing Paulo Miguel Almeida <paulo.miguel.almeida.rodenas(a)gmail.com> drm/radeon: Replace one-element array with flexible-array member Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: properly handle vbios fake edid sizing Paulo Miguel Almeida <paulo.miguel.almeida.rodenas(a)gmail.com> drm/amdgpu: Replace one-element array with flexible-array member Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/stm: Fix an error handling path in stm_drm_platform_probe() Charles Han <hanchunchao(a)inspur.com> mtd: powernv: Add check devm_kasprintf() returned value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() Artur Weber <aweber.kernel(a)gmail.com> power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Remove design from min and max voltage Hermann Lauer <Hermann.Lauer(a)iwr.uni-heidelberg.de> power: supply: axp20x_battery: allow disabling battery charging Yuntao Liu <liuyuntao12(a)huawei.com> hwmon: (ntc_thermistor) fix module autoloading Mirsad Todorovac <mtodorovac69(a)gmail.com> mtd: slram: insert break after errors in parsing the map Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix overflows seen when writing limits Ankit Agrawal <agrawal.ag.ankit(a)gmail.com> clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: berlin: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: versatile: fix OF node leak in CPUs prepare Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ Ma Ke <make24(a)iscas.ac.cn> spi: ppc4xx: handle irq_of_parse_and_map() errors Yu Kuai <yukuai3(a)huawei.com> block, bfq: don't break merge chain in bfq_split_bfqq() Yu Kuai <yukuai3(a)huawei.com> block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix possible UAF for bfqq->bic with merge chain Su Hui <suhui(a)nfschina.com> net: tipc: avoid possible garbage value Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix not handling ZPL/short-transfer Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Eric Dumazet <edumazet(a)google.com> sock_map: Add a cond_resched() in sock_hash_free() Jiawei Ye <jiawei.ye(a)foxmail.com> wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> mac80211: parse radiotap header when selecting Tx queue Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject expiration higher than timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject element expiration with no timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: use correct function name in comment Olaf Hering <olaf(a)aepfle.de> mount: handle OOM on mnt_warn_timestamp_expiry Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> fs/namespace: fnic: Switch to use %ptTd Anthony Iliopoulos <ailiop(a)suse.com> mount: warn only once about timestamp range expiration Christoph Hellwig <hch(a)lst.de> fs: explicitly unregister per-superblock BDIs Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k: Remove error checks when creating debugfs entries Minjie Du <duminjie(a)vivo.com> wifi: ath9k: fix parameter check in ath9k_init_debug() Aleksandr Mishin <amishin(a)t-argos.ru> ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() Edward Adam Davis <eadavis(a)qq.com> USB: usbtmc: prevent kernel-usb-infoleak Junhao Xie <bigfoot(a)classfun.cn> USB: serial: pl2303: add device id for Macrosilicon MS3020 Toke Høiland-Jørgensen <toke(a)redhat.com> bpf: Fix DEVMAP_HASH overflow check on 32-bit arches Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hagar Hemdan <hagarhem(a)amazon.com> gpio: prevent potential speculation leaks in gpio_device_get_desc() Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: add bounds checking to ocfs2_xattr_find_entry() Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Liao Chen <liaochen4(a)huawei.com> spi: bcm63xx: Enable module autoloading hongchi.peng <hongchi.peng(a)siengine.com> drm: komeda: Fix an issue related to normalized zpos Liao Chen <liaochen4(a)huawei.com> ASoC: tda7419: fix module autoloading Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Ensure tx descriptor updates are visible Mike Rapoport <rppt(a)kernel.org> microblaze: don't treat zero reserved memory regions as error Thomas Blocher <thomas.blocher(a)ek-dev.de> pinctrl: at91: make it work with current gpiolib Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - FIxed ALC285 headphone no sound Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ALC256 headphone no sound Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table db1200_pids Masami Hiramatsu <mhiramat(a)kernel.org> selftests: breakpoints: Fix a typo of function name Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" Han Xu <han.xu(a)nxp.com> spi: nxp-fspi: fix the KASAN report out-of-bounds bug Sean Anderson <sean.anderson(a)linux.dev> net: dpaa: Pad packets to ETH_ZLEN Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Enable TX interrupt to avoid TX timeout Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5e: Add missing link modes to ptys2ethtool_map Jacob Keller <jacob.e.keller(a)intel.com> ice: fix accounting for filters shared by multiple VSIs Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma Anders Roxell <anders.roxell(a)linaro.org> scripts: kconfig: merge_config: config files: add a trailing newline Pawel Dembicki <paweldembicki(a)gmail.com> net: phy: vitesse: repair vsc73xx autonegotiation Moon Yeounsu <yyyynoom(a)gmail.com> net: ethernet: use ip_hdrlen() instead of bit shift Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix carrier detection in modes 1 and 4 ------------- Diffstat: .gitignore | 1 - Documentation/IPMI.txt | 2 +- Documentation/admin-guide/kernel-parameters.txt | 10 + Documentation/arm64/silicon-errata.rst | 4 + .../devicetree/bindings/gpu/samsung-rotator.txt | 28 - .../devicetree/bindings/gpu/samsung-rotator.yaml | 48 + Makefile | 4 +- arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 2 +- arch/arm/boot/dts/imx7d-zii-rmu2.dts | 2 +- arch/arm/mach-realview/platsmp-dt.c | 1 + arch/arm64/Kconfig | 2 + arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 23 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/uprobes.h | 12 +- arch/arm64/kernel/cpu_errata.c | 2 + arch/arm64/kernel/probes/decode-insn.c | 16 +- arch/arm64/kernel/probes/simulate-insn.c | 18 +- arch/arm64/kernel/probes/uprobes.c | 4 +- arch/microblaze/mm/init.c | 5 - arch/parisc/kernel/entry.S | 6 +- arch/parisc/kernel/syscall.S | 14 +- arch/riscv/Kconfig | 5 + arch/riscv/kernel/asm-offsets.c | 2 - arch/riscv/kernel/perf_callchain.c | 2 +- arch/s390/include/asm/facility.h | 6 +- arch/s390/kernel/perf_cpum_sf.c | 12 +- arch/s390/kvm/diag.c | 2 +- arch/s390/kvm/gaccess.c | 162 +- arch/s390/kvm/gaccess.h | 14 +- arch/s390/mm/cmm.c | 18 +- arch/x86/include/asm/cpufeatures.h | 3 +- arch/x86/include/asm/syscall.h | 7 +- arch/x86/kernel/apic/apic.c | 14 +- arch/x86/kernel/cpu/mshyperv.c | 1 + arch/x86/kernel/cpu/resctrl/core.c | 4 +- arch/x86/xen/setup.c | 2 +- block/bfq-iosched.c | 13 +- block/blk-rq-qos.c | 2 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/acpi/acpica/dbconvert.c | 2 + drivers/acpi/acpica/exprep.c | 3 + drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/battery.c | 28 +- drivers/acpi/button.c | 11 + drivers/acpi/device_sysfs.c | 5 +- drivers/acpi/ec.c | 55 +- drivers/acpi/pmic/tps68470_pmic.c | 6 +- drivers/acpi/resource.c | 27 + drivers/ata/sata_sil.c | 12 +- drivers/base/bus.c | 6 +- drivers/base/core.c | 13 +- drivers/base/firmware_loader/main.c | 30 + drivers/base/module.c | 4 - drivers/block/aoe/aoecmd.c | 13 +- drivers/block/drbd/drbd_main.c | 8 +- drivers/block/drbd/drbd_state.c | 2 +- drivers/bluetooth/btmrvl_sdio.c | 16 +- drivers/bluetooth/btusb.c | 10 +- drivers/char/hw_random/mtk-rng.c | 2 +- drivers/char/tpm/tpm-dev-common.c | 2 + drivers/char/tpm/tpm2-space.c | 3 + drivers/char/virtio_console.c | 18 +- drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- drivers/clk/qcom/clk-rpmh.c | 37 +- drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/rockchip/clk.c | 3 +- drivers/clk/ti/clk-dra7-atl.c | 1 + drivers/clocksource/timer-qcom.c | 7 +- drivers/firmware/arm_sdei.c | 2 +- drivers/firmware/tegra/bpmp.c | 6 - drivers/gpio/gpio-aspeed.c | 4 +- drivers/gpio/gpio-davinci.c | 8 +- drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 +- drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 26 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 + .../dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 +- .../display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 +- .../drm/amd/display/modules/freesync/freesync.c | 2 +- drivers/gpu/drm/amd/include/atombios.h | 2 +- drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 +- drivers/gpu/drm/drm_atomic_uapi.c | 2 +- drivers/gpu/drm/drm_crtc.c | 1 + drivers/gpu/drm/drm_mipi_dsi.c | 2 +- drivers/gpu/drm/drm_print.c | 13 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 8 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 1 + drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 26 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 2 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.c | 5 + drivers/gpu/drm/radeon/atombios.h | 2 +- drivers/gpu/drm/radeon/evergreen_cs.c | 62 +- drivers/gpu/drm/radeon/r100.c | 70 +- drivers/gpu/drm/radeon/radeon_atombios.c | 26 +- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 +- drivers/gpu/drm/stm/drv.c | 4 +- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + drivers/hid/hid-ids.h | 2 + drivers/hid/hid-plantronics.c | 23 + drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 +- drivers/hwmon/max16065.c | 5 +- drivers/hwmon/ntc_thermistor.c | 1 + drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- drivers/i2c/busses/i2c-aspeed.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/i2c/busses/i2c-isch.c | 3 +- drivers/i2c/busses/i2c-qcom-geni.c | 59 +- drivers/i2c/busses/i2c-stm32f7.c | 6 +- drivers/i2c/busses/i2c-xiic.c | 19 +- drivers/iio/adc/Kconfig | 4 + drivers/iio/adc/ad7606.c | 8 +- drivers/iio/adc/ad7606_spi.c | 5 +- .../iio/common/hid-sensors/hid-sensor-trigger.c | 2 +- drivers/iio/dac/Kconfig | 2 + drivers/iio/light/opt3001.c | 4 + drivers/iio/magnetometer/ak8975.c | 32 +- drivers/iio/proximity/Kconfig | 2 + drivers/infiniband/core/iwcm.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/cxgb4/cm.c | 14 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 10 +- drivers/infiniband/sw/rxe/rxe_comp.c | 6 +- drivers/input/keyboard/adp5589-keys.c | 13 +- drivers/input/rmi4/rmi_driver.c | 6 +- drivers/mailbox/bcm2835-mailbox.c | 3 +- drivers/mailbox/rockchip-mailbox.c | 2 +- drivers/media/common/videobuf2/videobuf2-core.c | 8 +- drivers/media/dvb-frontends/rtl2830.c | 2 +- drivers/media/dvb-frontends/rtl2832.c | 2 +- drivers/media/platform/qcom/venus/core.c | 1 + drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 + drivers/misc/sgi-gru/grukservices.c | 2 - drivers/misc/sgi-gru/grumain.c | 4 - drivers/misc/sgi-gru/grutlbpurge.c | 2 - drivers/misc/ti-st/st_core.c | 4 +- drivers/mtd/devices/powernv_flash.c | 3 + drivers/mtd/devices/slram.c | 2 + drivers/net/Kconfig | 64 +- drivers/net/caif/Kconfig | 36 +- drivers/net/ethernet/aeroflex/greth.c | 3 +- drivers/net/ethernet/amd/mvme147.c | 7 +- drivers/net/ethernet/broadcom/bcmsysport.c | 1 + drivers/net/ethernet/cortina/gemini.c | 15 +- drivers/net/ethernet/emulex/benet/be_main.c | 10 +- drivers/net/ethernet/faraday/ftgmac100.c | 26 +- drivers/net/ethernet/faraday/ftgmac100.h | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 9 +- drivers/net/ethernet/freescale/fs_enet/Kconfig | 8 +- drivers/net/ethernet/hisilicon/hip04_eth.c | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 + drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + drivers/net/ethernet/i825xx/sun3_82586.c | 1 + drivers/net/ethernet/ibm/emac/mal.c | 2 +- drivers/net/ethernet/intel/ice/ice_sched.c | 6 +- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/igb/igb_main.c | 6 +- drivers/net/ethernet/jme.c | 10 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 4 + .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 + .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 35 +- drivers/net/ethernet/seeq/ether3.c | 2 + drivers/net/gtp.c | 27 +- drivers/net/hyperv/netvsc_drv.c | 30 + drivers/net/ieee802154/Kconfig | 13 +- drivers/net/ieee802154/mcr20a.c | 5 +- drivers/net/macsec.c | 18 - drivers/net/phy/vitesse.c | 14 - drivers/net/ppp/ppp_async.c | 2 +- drivers/net/slip/slhc.c | 57 +- drivers/net/usb/cdc_ncm.c | 8 +- drivers/net/usb/ipheth.c | 5 +- drivers/net/usb/usbnet.c | 3 +- drivers/net/wireless/ath/Kconfig | 12 +- drivers/net/wireless/ath/ar5523/Kconfig | 14 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 + drivers/net/wireless/ath/ath9k/Kconfig | 54 +- drivers/net/wireless/ath/ath9k/debug.c | 6 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 6 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 - drivers/net/wireless/atmel/Kconfig | 40 +- drivers/net/wireless/intel/iwlegacy/common.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/scan.c | 3 +- drivers/net/wireless/ralink/rt2x00/Kconfig | 44 +- drivers/net/wireless/realtek/rtw88/Kconfig | 1 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 12 +- drivers/net/wireless/ti/wl12xx/Kconfig | 8 +- drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 + drivers/nvdimm/nd_virtio.c | 9 + drivers/of/irq.c | 38 +- drivers/parport/procfs.c | 22 +- drivers/pci/controller/dwc/pci-keystone.c | 2 +- drivers/pci/controller/pcie-xilinx-nwl.c | 24 +- drivers/pci/quirks.c | 8 + drivers/pinctrl/mvebu/pinctrl-dove.c | 42 +- drivers/pinctrl/pinctrl-at91.c | 5 +- drivers/pinctrl/pinctrl-single.c | 3 +- drivers/power/reset/brcmstb-reboot.c | 3 - drivers/power/supply/axp20x_battery.c | 29 +- drivers/power/supply/max17042_battery.c | 5 +- drivers/pps/clients/pps_parport.c | 14 +- drivers/reset/reset-berlin.c | 3 +- drivers/rtc/rtc-at91sam9.c | 1 + drivers/s390/char/sclp_vt220.c | 4 +- drivers/scsi/aacraid/aacraid.h | 2 +- drivers/soc/versatile/soc-integrator.c | 1 + drivers/soc/versatile/soc-realview.c | 20 +- drivers/soundwire/stream.c | 8 +- drivers/spi/spi-bcm63xx.c | 2 + drivers/spi/spi-nxp-fspi.c | 5 +- drivers/spi/spi-ppc4xx.c | 7 +- drivers/spi/spi-s3c64xx.c | 4 +- drivers/staging/iio/frequency/ad9832.c | 7 +- drivers/staging/wilc1000/wilc_hif.c | 4 +- drivers/target/target_core_user.c | 2 +- drivers/tty/serial/rp2.c | 2 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/class/cdc-acm.c | 2 + drivers/usb/class/usbtmc.c | 2 +- drivers/usb/dwc2/platform.c | 26 +- drivers/usb/dwc3/core.c | 22 +- drivers/usb/dwc3/core.h | 4 - drivers/usb/dwc3/gadget.c | 11 - drivers/usb/host/xhci-pci.c | 5 + drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/misc/appledisplay.c | 15 +- drivers/usb/misc/cypress_cy7c63.c | 4 + drivers/usb/misc/yurex.c | 5 +- drivers/usb/phy/phy.c | 2 +- drivers/usb/serial/option.c | 8 + drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 4 + drivers/usb/storage/unusual_devs.h | 11 + drivers/usb/typec/class.c | 3 + drivers/video/fbdev/hpfb.c | 1 + drivers/video/fbdev/pxafb.c | 1 + drivers/video/fbdev/sis/sis_main.c | 2 +- drivers/watchdog/imx_sc_wdt.c | 24 - drivers/xen/swiotlb-xen.c | 6 + fs/btrfs/disk-io.c | 11 + fs/btrfs/relocation.c | 2 +- fs/ceph/addr.c | 1 - fs/cifs/smb2pdu.c | 9 + fs/erofs/decompressor.c | 24 +- fs/exec.c | 3 +- fs/ext4/extents.c | 5 +- fs/ext4/ialloc.c | 2 + fs/ext4/inline.c | 35 +- fs/ext4/inode.c | 11 +- fs/ext4/mballoc.c | 10 +- fs/ext4/migrate.c | 2 +- fs/ext4/namei.c | 14 +- fs/ext4/xattr.c | 4 +- fs/f2fs/acl.c | 23 +- fs/f2fs/dir.c | 3 +- fs/f2fs/f2fs.h | 4 +- fs/f2fs/file.c | 24 +- fs/f2fs/super.c | 4 +- fs/f2fs/xattr.c | 29 +- fs/fat/namei_vfat.c | 2 +- fs/fcntl.c | 14 +- fs/inode.c | 4 + fs/jbd2/checkpoint.c | 14 +- fs/jbd2/commit.c | 36 +- fs/jbd2/journal.c | 2 + fs/jfs/jfs_discard.c | 11 +- fs/jfs/jfs_dmap.c | 11 +- fs/jfs/jfs_imap.c | 2 +- fs/jfs/xattr.c | 2 + fs/namespace.c | 23 +- fs/nfs/callback_xdr.c | 2 + fs/nfs/nfs4state.c | 1 + fs/nfsd/nfs4idmap.c | 13 +- fs/nfsd/nfs4recover.c | 8 + fs/nfsd/nfs4state.c | 15 +- fs/nilfs2/btree.c | 12 +- fs/nilfs2/dir.c | 50 +- fs/nilfs2/namei.c | 42 +- fs/nilfs2/nilfs.h | 2 +- fs/nilfs2/page.c | 7 +- fs/ocfs2/aops.c | 5 +- fs/ocfs2/buffer_head_io.c | 4 +- fs/ocfs2/file.c | 8 + fs/ocfs2/journal.c | 7 +- fs/ocfs2/localalloc.c | 19 + fs/ocfs2/quota_local.c | 8 +- fs/ocfs2/refcounttree.c | 26 +- fs/ocfs2/xattr.c | 38 +- fs/proc/base.c | 61 +- fs/super.c | 3 + fs/udf/inode.c | 9 +- fs/unicode/mkutf8data.c | 70 - fs/unicode/utf8data.h_shipped | 6703 ++++++++++---------- include/drm/drm_print.h | 54 +- include/dt-bindings/power/r8a774b1-sysc.h | 26 + include/linux/fs.h | 2 + include/linux/jbd2.h | 4 + include/linux/pci_ids.h | 2 + include/linux/skbuff.h | 5 +- include/net/genetlink.h | 3 +- include/net/mac80211.h | 24 + include/net/sch_generic.h | 1 - include/net/sock.h | 8 +- include/net/tcp.h | 21 +- include/trace/events/f2fs.h | 3 +- include/trace/events/sched.h | 84 + include/uapi/linux/cec.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- kernel/bpf/arraymap.c | 3 + kernel/bpf/devmap.c | 9 +- kernel/bpf/hashtab.c | 3 + kernel/bpf/helpers.c | 4 +- kernel/bpf/lpm_trie.c | 2 +- kernel/cgroup/cgroup.c | 4 +- kernel/events/core.c | 6 +- kernel/events/uprobes.c | 2 +- kernel/kthread.c | 19 +- kernel/locking/lockdep.c | 215 +- kernel/resource.c | 58 +- kernel/signal.c | 11 +- kernel/time/posix-clock.c | 3 + kernel/trace/trace.c | 18 +- kernel/trace/trace_kprobe.c | 76 + kernel/trace/trace_output.c | 6 +- kernel/trace/trace_probe.c | 2 +- kernel/trace/trace_probe.h | 1 + lib/debugobjects.c | 5 +- lib/xz/xz_crc32.c | 2 +- lib/xz/xz_private.h | 4 - mm/shmem.c | 2 + mm/slab_common.c | 7 + mm/swapfile.c | 2 +- mm/util.c | 2 +- net/bluetooth/af_bluetooth.c | 1 + net/bluetooth/bnep/core.c | 3 +- net/bluetooth/rfcomm/sock.c | 2 - net/bridge/br_netfilter_hooks.c | 5 + net/can/bcm.c | 4 +- net/can/j1939/transport.c | 8 +- net/core/dev.c | 29 +- net/core/sock_destructor.h | 12 + net/core/sock_map.c | 1 + net/dccp/proto.c | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv4/devinet.c | 41 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/inet_fragment.c | 70 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 6 +- net/ipv4/netfilter/nf_dup_ipv4.c | 7 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_diag.c | 4 +- net/ipv4/tcp_input.c | 31 +- net/ipv4/tcp_ipv4.c | 5 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/netfilter/nf_dup_ipv6.c | 7 +- net/ipv6/netfilter/nf_reject_ipv6.c | 14 +- net/ipv6/tcp_ipv6.c | 2 +- net/l2tp/l2tp_netlink.c | 4 +- net/mac80211/cfg.c | 6 +- net/mac80211/ieee80211_i.h | 3 + net/mac80211/iface.c | 32 +- net/mac80211/key.c | 44 +- net/mac80211/mlme.c | 14 +- net/mac80211/tx.c | 78 +- net/mac80211/util.c | 45 +- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_payload.c | 3 + net/netlink/af_netlink.c | 3 +- net/netlink/genetlink.c | 28 +- net/qrtr/qrtr.c | 2 +- net/sched/em_meta.c | 4 +- net/sched/sch_api.c | 9 +- net/sched/sch_taprio.c | 7 +- net/sctp/diag.c | 4 +- net/sctp/socket.c | 24 +- net/tipc/bcast.c | 2 +- net/tipc/bearer.c | 8 +- net/wireless/nl80211.c | 11 +- net/wireless/scan.c | 6 +- net/wireless/sme.c | 3 +- net/xfrm/xfrm_user.c | 6 +- scripts/kconfig/merge_config.sh | 2 + security/Kconfig | 32 + security/selinux/selinuxfs.c | 31 +- security/smack/smackfs.c | 2 +- security/tomoyo/domain.c | 9 +- sound/core/init.c | 14 +- sound/firewire/amdtp-stream.c | 3 + sound/pci/asihpi/hpimsgx.c | 2 +- sound/pci/hda/hda_generic.c | 4 +- sound/pci/hda/patch_conexant.c | 24 +- sound/pci/hda/patch_realtek.c | 125 +- sound/pci/rme9652/hdsp.c | 6 +- sound/pci/rme9652/hdspm.c | 6 +- sound/soc/au1x/db1200.c | 1 + sound/soc/codecs/cs42l51.c | 7 +- sound/soc/codecs/tda7419.c | 1 + sound/soc/meson/Kconfig | 4 + sound/soc/meson/Makefile | 2 + sound/soc/meson/axg-card.c | 406 +- sound/soc/meson/meson-card-utils.c | 385 ++ sound/soc/meson/meson-card.h | 55 + tools/iio/iio_generic_buffer.c | 4 + tools/perf/builtin-sched.c | 8 +- tools/perf/util/time-utils.c | 4 +- tools/testing/ktest/ktest.pl | 2 +- .../selftests/bpf/map_tests/sk_storage_map.c | 2 +- .../selftests/bpf/prog_tests/flow_dissector.c | 1 + tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 + tools/testing/selftests/bpf/test_lru_map.c | 3 +- .../selftests/breakpoints/breakpoint_test_arm64.c | 2 +- .../breakpoints/step_after_suspend_test.c | 5 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/usb/usbip/src/usbip_detach.c | 1 + virt/kvm/kvm_main.c | 5 +- 438 files changed, 7183 insertions(+), 5448 deletions(-)

10 months, 2 weeks

6
6
0 0

FAILED: patch "[PATCH] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c462d56487e3abdbf8a61cedfe7c795a54f4a78 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110956-ungloved-yelp-6fba@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c462d56487e3abdbf8a61cedfe7c795a54f4a78 Mon Sep 17 00:00:00 2001 From: Mark Rutland <mark.rutland(a)arm.com> Date: Wed, 6 Nov 2024 16:04:48 +0000 Subject: [PATCH] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint SMCCCv1.3 added a hint bit which callers can set in an SMCCC function ID (AKA "FID") to indicate that it is acceptable for the SMCCC implementation to discard SVE and/or SME state over a specific SMCCC call. The kernel support for using this hint is broken and SMCCC calls may clobber the SVE and/or SME state of arbitrary tasks, though FPSIMD state is unaffected. The kernel support is intended to use the hint when there is no SVE or SME state to save, and to do this it checks whether TIF_FOREIGN_FPSTATE is set or TIF_SVE is clear in assembly code: | ldr <flags>, [<current_task>, #TSK_TI_FLAGS] | tbnz <flags>, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? | tbnz <flags>, #TIF_SVE, 2f // Does that state include SVE? | | 1: orr <fid>, <fid>, ARM_SMCCC_1_3_SVE_HINT | 2: | << SMCCC call using FID >> This is not safe as-is: (1) SMCCC calls can be made in a preemptible context and preemption can result in TIF_FOREIGN_FPSTATE being set or cleared at arbitrary points in time. Thus checking for TIF_FOREIGN_FPSTATE provides no guarantee. (2) TIF_FOREIGN_FPSTATE only indicates that the live FP/SVE/SME state in the CPU does not belong to the current task, and does not indicate that clobbering this state is acceptable. When the live CPU state is clobbered it is necessary to update fpsimd_last_state.st to ensure that a subsequent context switch will reload FP/SVE/SME state from memory rather than consuming the clobbered state. This and the SMCCC call itself must happen in a critical section with preemption disabled to avoid races. (3) Live SVE/SME state can exist with TIF_SVE clear (e.g. with only TIF_SME set), and checking TIF_SVE alone is insufficient. Remove the broken support for the SMCCCv1.3 SVE saving hint. This is effectively a revert of commits: * cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") * a7c3acca5380 ("arm64: smccc: Save lr before calling __arm_smccc_sve_check()") ... leaving behind the ARM_SMCCC_VERSION_1_3 and ARM_SMCCC_1_3_SVE_HINT definitions, since these are simply definitions from the SMCCC specification, and the latter is used in KVM via ARM_SMCCC_CALL_HINTS. If we want to bring this back in future, we'll probably want to handle this logic in C where we can use all the usual FPSIMD/SVE/SME helper functions, and that'll likely require some rework of the SMCCC code and/or its callers. Fixes: cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20241106160448.2712997-1-mark.rutland@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S index 487381164ff6..2def9d0dd3dd 100644 --- a/arch/arm64/kernel/smccc-call.S +++ b/arch/arm64/kernel/smccc-call.S @@ -7,48 +7,19 @@ #include <asm/asm-offsets.h> #include <asm/assembler.h> -#include <asm/thread_info.h> - -/* - * If we have SMCCC v1.3 and (as is likely) no SVE state in - * the registers then set the SMCCC hint bit to say there's no - * need to preserve it. Do this by directly adjusting the SMCCC - * function value which is already stored in x0 ready to be called. - */ -SYM_FUNC_START(__arm_smccc_sve_check) - - ldr_l x16, smccc_has_sve_hint - cbz x16, 2f - - get_current_task x16 - ldr x16, [x16, #TSK_TI_FLAGS] - tbnz x16, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? - tbnz x16, #TIF_SVE, 2f // Does that state include SVE? - -1: orr x0, x0, ARM_SMCCC_1_3_SVE_HINT - -2: ret -SYM_FUNC_END(__arm_smccc_sve_check) -EXPORT_SYMBOL(__arm_smccc_sve_check) .macro SMCCC instr - stp x29, x30, [sp, #-16]! - mov x29, sp -alternative_if ARM64_SVE - bl __arm_smccc_sve_check -alternative_else_nop_endif \instr #0 - ldr x4, [sp, #16] + ldr x4, [sp] stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS] stp x2, x3, [x4, #ARM_SMCCC_RES_X2_OFFS] - ldr x4, [sp, #24] + ldr x4, [sp, #8] cbz x4, 1f /* no quirk structure */ ldr x9, [x4, #ARM_SMCCC_QUIRK_ID_OFFS] cmp x9, #ARM_SMCCC_QUIRK_QCOM_A6 b.ne 1f str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS] -1: ldp x29, x30, [sp], #16 - ret +1: ret .endm /* diff --git a/drivers/firmware/smccc/smccc.c b/drivers/firmware/smccc/smccc.c index d670635914ec..a74600d9f2d7 100644 --- a/drivers/firmware/smccc/smccc.c +++ b/drivers/firmware/smccc/smccc.c @@ -16,7 +16,6 @@ static u32 smccc_version = ARM_SMCCC_VERSION_1_0; static enum arm_smccc_conduit smccc_conduit = SMCCC_CONDUIT_NONE; bool __ro_after_init smccc_trng_available = false; -u64 __ro_after_init smccc_has_sve_hint = false; s32 __ro_after_init smccc_soc_id_version = SMCCC_RET_NOT_SUPPORTED; s32 __ro_after_init smccc_soc_id_revision = SMCCC_RET_NOT_SUPPORTED; @@ -28,9 +27,6 @@ void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) smccc_conduit = conduit; smccc_trng_available = smccc_probe_trng(); - if (IS_ENABLED(CONFIG_ARM64_SVE) && - smccc_version >= ARM_SMCCC_VERSION_1_3) - smccc_has_sve_hint = true; if ((smccc_version >= ARM_SMCCC_VERSION_1_2) && (smccc_conduit != SMCCC_CONDUIT_NONE)) { diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h index f59099a213d0..67f6fdf2e7cd 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -315,8 +315,6 @@ u32 arm_smccc_get_version(void); void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit); -extern u64 smccc_has_sve_hint; - /** * arm_smccc_get_soc_id_version() * @@ -414,15 +412,6 @@ struct arm_smccc_quirk { } state; }; -/** - * __arm_smccc_sve_check() - Set the SVE hint bit when doing SMC calls - * - * Sets the SMCCC hint bit to indicate if there is live state in the SVE - * registers, this modifies x0 in place and should never be called from C - * code. - */ -asmlinkage unsigned long __arm_smccc_sve_check(unsigned long x0); - /** * __arm_smccc_smc() - make SMC calls * @a0-a7: arguments passed in registers 0 to 7 @@ -490,20 +479,6 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #endif -/* nVHE hypervisor doesn't have a current thread so needs separate checks */ -#if defined(CONFIG_ARM64_SVE) && !defined(__KVM_NVHE_HYPERVISOR__) - -#define SMCCC_SVE_CHECK ALTERNATIVE("nop \n", "bl __arm_smccc_sve_check \n", \ - ARM64_SVE) -#define smccc_sve_clobbers "x16", "x30", "cc", - -#else - -#define SMCCC_SVE_CHECK -#define smccc_sve_clobbers - -#endif - #define __constraint_read_2 "r" (arg0) #define __constraint_read_3 __constraint_read_2, "r" (arg1) #define __constraint_read_4 __constraint_read_3, "r" (arg2) @@ -574,12 +549,11 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, register unsigned long r3 asm("r3"); \ CONCATENATE(__declare_arg_, \ COUNT_ARGS(__VA_ARGS__))(__VA_ARGS__); \ - asm volatile(SMCCC_SVE_CHECK \ - inst "\n" : \ + asm volatile(inst "\n" : \ "=r" (r0), "=r" (r1), "=r" (r2), "=r" (r3) \ : CONCATENATE(__constraint_read_, \ COUNT_ARGS(__VA_ARGS__)) \ - : smccc_sve_clobbers "memory"); \ + : "memory"); \ if (___res) \ *___res = (typeof(*___res)){r0, r1, r2, r3}; \ } while (0) @@ -628,7 +602,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, asm ("" : \ : CONCATENATE(__constraint_read_, \ COUNT_ARGS(__VA_ARGS__)) \ - : smccc_sve_clobbers "memory"); \ + : "memory"); \ if (___res) \ ___res->a0 = SMCCC_RET_NOT_SUPPORTED; \ } while (0)

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8c462d56487e3abdbf8a61cedfe7c795a54f4a78 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110954-gambling-matador-1fff@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c462d56487e3abdbf8a61cedfe7c795a54f4a78 Mon Sep 17 00:00:00 2001 From: Mark Rutland <mark.rutland(a)arm.com> Date: Wed, 6 Nov 2024 16:04:48 +0000 Subject: [PATCH] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint SMCCCv1.3 added a hint bit which callers can set in an SMCCC function ID (AKA "FID") to indicate that it is acceptable for the SMCCC implementation to discard SVE and/or SME state over a specific SMCCC call. The kernel support for using this hint is broken and SMCCC calls may clobber the SVE and/or SME state of arbitrary tasks, though FPSIMD state is unaffected. The kernel support is intended to use the hint when there is no SVE or SME state to save, and to do this it checks whether TIF_FOREIGN_FPSTATE is set or TIF_SVE is clear in assembly code: | ldr <flags>, [<current_task>, #TSK_TI_FLAGS] | tbnz <flags>, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? | tbnz <flags>, #TIF_SVE, 2f // Does that state include SVE? | | 1: orr <fid>, <fid>, ARM_SMCCC_1_3_SVE_HINT | 2: | << SMCCC call using FID >> This is not safe as-is: (1) SMCCC calls can be made in a preemptible context and preemption can result in TIF_FOREIGN_FPSTATE being set or cleared at arbitrary points in time. Thus checking for TIF_FOREIGN_FPSTATE provides no guarantee. (2) TIF_FOREIGN_FPSTATE only indicates that the live FP/SVE/SME state in the CPU does not belong to the current task, and does not indicate that clobbering this state is acceptable. When the live CPU state is clobbered it is necessary to update fpsimd_last_state.st to ensure that a subsequent context switch will reload FP/SVE/SME state from memory rather than consuming the clobbered state. This and the SMCCC call itself must happen in a critical section with preemption disabled to avoid races. (3) Live SVE/SME state can exist with TIF_SVE clear (e.g. with only TIF_SME set), and checking TIF_SVE alone is insufficient. Remove the broken support for the SMCCCv1.3 SVE saving hint. This is effectively a revert of commits: * cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") * a7c3acca5380 ("arm64: smccc: Save lr before calling __arm_smccc_sve_check()") ... leaving behind the ARM_SMCCC_VERSION_1_3 and ARM_SMCCC_1_3_SVE_HINT definitions, since these are simply definitions from the SMCCC specification, and the latter is used in KVM via ARM_SMCCC_CALL_HINTS. If we want to bring this back in future, we'll probably want to handle this logic in C where we can use all the usual FPSIMD/SVE/SME helper functions, and that'll likely require some rework of the SMCCC code and/or its callers. Fixes: cfa7ff959a78 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20241106160448.2712997-1-mark.rutland@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S index 487381164ff6..2def9d0dd3dd 100644 --- a/arch/arm64/kernel/smccc-call.S +++ b/arch/arm64/kernel/smccc-call.S @@ -7,48 +7,19 @@ #include <asm/asm-offsets.h> #include <asm/assembler.h> -#include <asm/thread_info.h> - -/* - * If we have SMCCC v1.3 and (as is likely) no SVE state in - * the registers then set the SMCCC hint bit to say there's no - * need to preserve it. Do this by directly adjusting the SMCCC - * function value which is already stored in x0 ready to be called. - */ -SYM_FUNC_START(__arm_smccc_sve_check) - - ldr_l x16, smccc_has_sve_hint - cbz x16, 2f - - get_current_task x16 - ldr x16, [x16, #TSK_TI_FLAGS] - tbnz x16, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? - tbnz x16, #TIF_SVE, 2f // Does that state include SVE? - -1: orr x0, x0, ARM_SMCCC_1_3_SVE_HINT - -2: ret -SYM_FUNC_END(__arm_smccc_sve_check) -EXPORT_SYMBOL(__arm_smccc_sve_check) .macro SMCCC instr - stp x29, x30, [sp, #-16]! - mov x29, sp -alternative_if ARM64_SVE - bl __arm_smccc_sve_check -alternative_else_nop_endif \instr #0 - ldr x4, [sp, #16] + ldr x4, [sp] stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS] stp x2, x3, [x4, #ARM_SMCCC_RES_X2_OFFS] - ldr x4, [sp, #24] + ldr x4, [sp, #8] cbz x4, 1f /* no quirk structure */ ldr x9, [x4, #ARM_SMCCC_QUIRK_ID_OFFS] cmp x9, #ARM_SMCCC_QUIRK_QCOM_A6 b.ne 1f str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS] -1: ldp x29, x30, [sp], #16 - ret +1: ret .endm /* diff --git a/drivers/firmware/smccc/smccc.c b/drivers/firmware/smccc/smccc.c index d670635914ec..a74600d9f2d7 100644 --- a/drivers/firmware/smccc/smccc.c +++ b/drivers/firmware/smccc/smccc.c @@ -16,7 +16,6 @@ static u32 smccc_version = ARM_SMCCC_VERSION_1_0; static enum arm_smccc_conduit smccc_conduit = SMCCC_CONDUIT_NONE; bool __ro_after_init smccc_trng_available = false; -u64 __ro_after_init smccc_has_sve_hint = false; s32 __ro_after_init smccc_soc_id_version = SMCCC_RET_NOT_SUPPORTED; s32 __ro_after_init smccc_soc_id_revision = SMCCC_RET_NOT_SUPPORTED; @@ -28,9 +27,6 @@ void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) smccc_conduit = conduit; smccc_trng_available = smccc_probe_trng(); - if (IS_ENABLED(CONFIG_ARM64_SVE) && - smccc_version >= ARM_SMCCC_VERSION_1_3) - smccc_has_sve_hint = true; if ((smccc_version >= ARM_SMCCC_VERSION_1_2) && (smccc_conduit != SMCCC_CONDUIT_NONE)) { diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h index f59099a213d0..67f6fdf2e7cd 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -315,8 +315,6 @@ u32 arm_smccc_get_version(void); void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit); -extern u64 smccc_has_sve_hint; - /** * arm_smccc_get_soc_id_version() * @@ -414,15 +412,6 @@ struct arm_smccc_quirk { } state; }; -/** - * __arm_smccc_sve_check() - Set the SVE hint bit when doing SMC calls - * - * Sets the SMCCC hint bit to indicate if there is live state in the SVE - * registers, this modifies x0 in place and should never be called from C - * code. - */ -asmlinkage unsigned long __arm_smccc_sve_check(unsigned long x0); - /** * __arm_smccc_smc() - make SMC calls * @a0-a7: arguments passed in registers 0 to 7 @@ -490,20 +479,6 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #endif -/* nVHE hypervisor doesn't have a current thread so needs separate checks */ -#if defined(CONFIG_ARM64_SVE) && !defined(__KVM_NVHE_HYPERVISOR__) - -#define SMCCC_SVE_CHECK ALTERNATIVE("nop \n", "bl __arm_smccc_sve_check \n", \ - ARM64_SVE) -#define smccc_sve_clobbers "x16", "x30", "cc", - -#else - -#define SMCCC_SVE_CHECK -#define smccc_sve_clobbers - -#endif - #define __constraint_read_2 "r" (arg0) #define __constraint_read_3 __constraint_read_2, "r" (arg1) #define __constraint_read_4 __constraint_read_3, "r" (arg2) @@ -574,12 +549,11 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, register unsigned long r3 asm("r3"); \ CONCATENATE(__declare_arg_, \ COUNT_ARGS(__VA_ARGS__))(__VA_ARGS__); \ - asm volatile(SMCCC_SVE_CHECK \ - inst "\n" : \ + asm volatile(inst "\n" : \ "=r" (r0), "=r" (r1), "=r" (r2), "=r" (r3) \ : CONCATENATE(__constraint_read_, \ COUNT_ARGS(__VA_ARGS__)) \ - : smccc_sve_clobbers "memory"); \ + : "memory"); \ if (___res) \ *___res = (typeof(*___res)){r0, r1, r2, r3}; \ } while (0) @@ -628,7 +602,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, asm ("" : \ : CONCATENATE(__constraint_read_, \ COUNT_ARGS(__VA_ARGS__)) \ - : smccc_sve_clobbers "memory"); \ + : "memory"); \ if (___res) \ ___res->a0 = SMCCC_RET_NOT_SUPPORTED; \ } while (0)

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64/sve: Discard stale CPU state when handling SVE traps" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 751ecf6afd6568adc98f2a6052315552c0483d18 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110930-pelt-think-f459@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 751ecf6afd6568adc98f2a6052315552c0483d18 Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Wed, 30 Oct 2024 20:23:50 +0000 Subject: [PATCH] arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgq… https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@googl… The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers") Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Link: https://lore.kernel.org/r/20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd669… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 77006df20a75..6d21971ae559 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1367,6 +1367,7 @@ static void sve_init_regs(void) } else { fpsimd_to_sve(current); current->thread.fp_type = FP_STATE_SVE; + fpsimd_flush_task_state(current); } }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64/sve: Discard stale CPU state when handling SVE traps" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 751ecf6afd6568adc98f2a6052315552c0483d18 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110929-splendid-engine-1d44@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 751ecf6afd6568adc98f2a6052315552c0483d18 Mon Sep 17 00:00:00 2001 From: Mark Brown <broonie(a)kernel.org> Date: Wed, 30 Oct 2024 20:23:50 +0000 Subject: [PATCH] arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgq… https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@googl… The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers") Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Link: https://lore.kernel.org/r/20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd669… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 77006df20a75..6d21971ae559 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1367,6 +1367,7 @@ static void sve_init_regs(void) } else { fpsimd_to_sve(current); current->thread.fp_type = FP_STATE_SVE; + fpsimd_flush_task_state(current); } }

10 months, 2 weeks

1
0
0 0

[PATCH 6.1.y] ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3

by Werner Sembach

From: Christoffer Sandberg <cs(a)tuxedo.de> Quirk is needed to enable headset microphone on missing pin 0x19. Signed-off-by: Christoffer Sandberg <cs(a)tuxedo.de> Signed-off-by: Werner Sembach <wse(a)tuxedocomputers.com> Cc: <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20241029151653.80726-1-wse@tuxedocomputers.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index a8bc95ffa41a3..da14ab97783f8 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10001,6 +10001,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x1558, 0x1403, "Clevo N140CU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0x1404, "Clevo N150CU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0x14a1, "Clevo L141MU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1558, 0x28c1, "Clevo V370VND", ALC2XX_FIXUP_HEADSET_MIC), SND_PCI_QUIRK(0x1558, 0x4018, "Clevo NV40M[BE]", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0x4019, "Clevo NV40MZ", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0x4020, "Clevo NV40MB", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), -- 2.43.0

10 months, 2 weeks

2
3
0 0

FAILED: patch "[PATCH] dm cache: fix flushing uninitialized delayed_work on" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 135496c208ba26fd68cdef10b64ed7a91ac9a7ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110948-marathon-slouching-399d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 135496c208ba26fd68cdef10b64ed7a91ac9a7ff Mon Sep 17 00:00:00 2001 From: Ming-Hung Tsai <mtsai(a)redhat.com> Date: Tue, 22 Oct 2024 15:12:49 +0800 Subject: [PATCH] dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. Signed-off-by: Ming-Hung Tsai <mtsai(a)redhat.com> Fixes: 6a459d8edbdb ("dm cache: Fix UAF in destroy()") Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Acked-by: Joe Thornber <thornber(a)redhat.com> diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c index 90772b42c234..68e9a1abd303 100644 --- a/drivers/md/dm-cache-target.c +++ b/drivers/md/dm-cache-target.c @@ -1905,16 +1905,13 @@ static void check_migrations(struct work_struct *ws) * This function gets called on the error paths of the constructor, so we * have to cope with a partially initialised struct. */ -static void destroy(struct cache *cache) +static void __destroy(struct cache *cache) { - unsigned int i; - mempool_exit(&cache->migration_pool); if (cache->prison) dm_bio_prison_destroy_v2(cache->prison); - cancel_delayed_work_sync(&cache->waker); if (cache->wq) destroy_workqueue(cache->wq); @@ -1942,13 +1939,22 @@ static void destroy(struct cache *cache) if (cache->policy) dm_cache_policy_destroy(cache->policy); + bioset_exit(&cache->bs); + + kfree(cache); +} + +static void destroy(struct cache *cache) +{ + unsigned int i; + + cancel_delayed_work_sync(&cache->waker); + for (i = 0; i < cache->nr_ctr_args ; i++) kfree(cache->ctr_args[i]); kfree(cache->ctr_args); - bioset_exit(&cache->bs); - - kfree(cache); + __destroy(cache); } static void cache_dtr(struct dm_target *ti) @@ -2561,7 +2567,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) *result = cache; return 0; bad: - destroy(cache); + __destroy(cache); return r; } @@ -2612,7 +2618,7 @@ static int cache_ctr(struct dm_target *ti, unsigned int argc, char **argv) r = copy_ctr_args(cache, argc - 3, (const char **)argv + 3); if (r) { - destroy(cache); + __destroy(cache); goto out; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dm cache: fix flushing uninitialized delayed_work on" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 135496c208ba26fd68cdef10b64ed7a91ac9a7ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110946-juniper-subfloor-2651@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 135496c208ba26fd68cdef10b64ed7a91ac9a7ff Mon Sep 17 00:00:00 2001 From: Ming-Hung Tsai <mtsai(a)redhat.com> Date: Tue, 22 Oct 2024 15:12:49 +0800 Subject: [PATCH] dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. Signed-off-by: Ming-Hung Tsai <mtsai(a)redhat.com> Fixes: 6a459d8edbdb ("dm cache: Fix UAF in destroy()") Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Acked-by: Joe Thornber <thornber(a)redhat.com> diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c index 90772b42c234..68e9a1abd303 100644 --- a/drivers/md/dm-cache-target.c +++ b/drivers/md/dm-cache-target.c @@ -1905,16 +1905,13 @@ static void check_migrations(struct work_struct *ws) * This function gets called on the error paths of the constructor, so we * have to cope with a partially initialised struct. */ -static void destroy(struct cache *cache) +static void __destroy(struct cache *cache) { - unsigned int i; - mempool_exit(&cache->migration_pool); if (cache->prison) dm_bio_prison_destroy_v2(cache->prison); - cancel_delayed_work_sync(&cache->waker); if (cache->wq) destroy_workqueue(cache->wq); @@ -1942,13 +1939,22 @@ static void destroy(struct cache *cache) if (cache->policy) dm_cache_policy_destroy(cache->policy); + bioset_exit(&cache->bs); + + kfree(cache); +} + +static void destroy(struct cache *cache) +{ + unsigned int i; + + cancel_delayed_work_sync(&cache->waker); + for (i = 0; i < cache->nr_ctr_args ; i++) kfree(cache->ctr_args[i]); kfree(cache->ctr_args); - bioset_exit(&cache->bs); - - kfree(cache); + __destroy(cache); } static void cache_dtr(struct dm_target *ti) @@ -2561,7 +2567,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) *result = cache; return 0; bad: - destroy(cache); + __destroy(cache); return r; } @@ -2612,7 +2618,7 @@ static int cache_ctr(struct dm_target *ti, unsigned int argc, char **argv) r = copy_ctr_args(cache, argc - 3, (const char **)argv + 3); if (r) { - destroy(cache); + __destroy(cache); goto out; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dm cache: fix flushing uninitialized delayed_work on" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 135496c208ba26fd68cdef10b64ed7a91ac9a7ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110947-footbath-census-7efa@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 135496c208ba26fd68cdef10b64ed7a91ac9a7ff Mon Sep 17 00:00:00 2001 From: Ming-Hung Tsai <mtsai(a)redhat.com> Date: Tue, 22 Oct 2024 15:12:49 +0800 Subject: [PATCH] dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. Signed-off-by: Ming-Hung Tsai <mtsai(a)redhat.com> Fixes: 6a459d8edbdb ("dm cache: Fix UAF in destroy()") Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Acked-by: Joe Thornber <thornber(a)redhat.com> diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c index 90772b42c234..68e9a1abd303 100644 --- a/drivers/md/dm-cache-target.c +++ b/drivers/md/dm-cache-target.c @@ -1905,16 +1905,13 @@ static void check_migrations(struct work_struct *ws) * This function gets called on the error paths of the constructor, so we * have to cope with a partially initialised struct. */ -static void destroy(struct cache *cache) +static void __destroy(struct cache *cache) { - unsigned int i; - mempool_exit(&cache->migration_pool); if (cache->prison) dm_bio_prison_destroy_v2(cache->prison); - cancel_delayed_work_sync(&cache->waker); if (cache->wq) destroy_workqueue(cache->wq); @@ -1942,13 +1939,22 @@ static void destroy(struct cache *cache) if (cache->policy) dm_cache_policy_destroy(cache->policy); + bioset_exit(&cache->bs); + + kfree(cache); +} + +static void destroy(struct cache *cache) +{ + unsigned int i; + + cancel_delayed_work_sync(&cache->waker); + for (i = 0; i < cache->nr_ctr_args ; i++) kfree(cache->ctr_args[i]); kfree(cache->ctr_args); - bioset_exit(&cache->bs); - - kfree(cache); + __destroy(cache); } static void cache_dtr(struct dm_target *ti) @@ -2561,7 +2567,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) *result = cache; return 0; bad: - destroy(cache); + __destroy(cache); return r; } @@ -2612,7 +2618,7 @@ static int cache_ctr(struct dm_target *ti, unsigned int argc, char **argv) r = copy_ctr_args(cache, argc - 3, (const char **)argv + 3); if (r) { - destroy(cache); + __destroy(cache); goto out; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dm cache: fix flushing uninitialized delayed_work on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 135496c208ba26fd68cdef10b64ed7a91ac9a7ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110945-caress-unmasked-1f81@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 135496c208ba26fd68cdef10b64ed7a91ac9a7ff Mon Sep 17 00:00:00 2001 From: Ming-Hung Tsai <mtsai(a)redhat.com> Date: Tue, 22 Oct 2024 15:12:49 +0800 Subject: [PATCH] dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. Signed-off-by: Ming-Hung Tsai <mtsai(a)redhat.com> Fixes: 6a459d8edbdb ("dm cache: Fix UAF in destroy()") Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Acked-by: Joe Thornber <thornber(a)redhat.com> diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c index 90772b42c234..68e9a1abd303 100644 --- a/drivers/md/dm-cache-target.c +++ b/drivers/md/dm-cache-target.c @@ -1905,16 +1905,13 @@ static void check_migrations(struct work_struct *ws) * This function gets called on the error paths of the constructor, so we * have to cope with a partially initialised struct. */ -static void destroy(struct cache *cache) +static void __destroy(struct cache *cache) { - unsigned int i; - mempool_exit(&cache->migration_pool); if (cache->prison) dm_bio_prison_destroy_v2(cache->prison); - cancel_delayed_work_sync(&cache->waker); if (cache->wq) destroy_workqueue(cache->wq); @@ -1942,13 +1939,22 @@ static void destroy(struct cache *cache) if (cache->policy) dm_cache_policy_destroy(cache->policy); + bioset_exit(&cache->bs); + + kfree(cache); +} + +static void destroy(struct cache *cache) +{ + unsigned int i; + + cancel_delayed_work_sync(&cache->waker); + for (i = 0; i < cache->nr_ctr_args ; i++) kfree(cache->ctr_args[i]); kfree(cache->ctr_args); - bioset_exit(&cache->bs); - - kfree(cache); + __destroy(cache); } static void cache_dtr(struct dm_target *ti) @@ -2561,7 +2567,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) *result = cache; return 0; bad: - destroy(cache); + __destroy(cache); return r; } @@ -2612,7 +2618,7 @@ static int cache_ctr(struct dm_target *ti, unsigned int argc, char **argv) r = copy_ctr_args(cache, argc - 3, (const char **)argv + 3); if (r) { - destroy(cache); + __destroy(cache); goto out; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix brightness level not retained over" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4f26c95ffc21a91281429ed60180619bae19ae92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110902-backslid-snagged-6d02@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f26c95ffc21a91281429ed60180619bae19ae92 Mon Sep 17 00:00:00 2001 From: Tom Chung <chiahsuan.chung(a)amd.com> Date: Wed, 9 Oct 2024 17:09:38 +0800 Subject: [PATCH] drm/amd/display: Fix brightness level not retained over reboot [Why] During boot up and resume the DC layer will reset the panel brightness to fix a flicker issue. It will cause the dm->actual_brightness is not the current panel brightness level. (the dm->brightness is the correct panel level) [How] Set the backlight level after do the set mode. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Fixes: d9e865826c20 ("drm/amd/display: Simplify brightness initialization") Reported-by: Mark Herbert <mark.herbert42(a)gmail.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3655 Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 7875afafba84817b791be6d2282b836695146060) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 13421a58210d..07e9ce99694f 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -9429,6 +9429,7 @@ static void amdgpu_dm_commit_streams(struct drm_atomic_state *state, bool mode_set_reset_required = false; u32 i; struct dc_commit_streams_params params = {dc_state->streams, dc_state->stream_count}; + bool set_backlight_level = false; /* Disable writeback */ for_each_old_connector_in_state(state, connector, old_con_state, i) { @@ -9548,6 +9549,7 @@ static void amdgpu_dm_commit_streams(struct drm_atomic_state *state, acrtc->hw_mode = new_crtc_state->mode; crtc->hwmode = new_crtc_state->mode; mode_set_reset_required = true; + set_backlight_level = true; } else if (modereset_required(new_crtc_state)) { drm_dbg_atomic(dev, "Atomic commit: RESET. crtc id %d:[%p]\n", @@ -9599,6 +9601,19 @@ static void amdgpu_dm_commit_streams(struct drm_atomic_state *state, acrtc->otg_inst = status->primary_otg_inst; } } + + /* During boot up and resume the DC layer will reset the panel brightness + * to fix a flicker issue. + * It will cause the dm->actual_brightness is not the current panel brightness + * level. (the dm->brightness is the correct panel level) + * So we set the backlight level with dm->brightness value after set mode + */ + if (set_backlight_level) { + for (i = 0; i < dm->num_of_edps; i++) { + if (dm->backlight_dev[i]) + amdgpu_dm_backlight_set_level(dm, i, dm->brightness[i]); + } + } } static void dm_set_writeback(struct amdgpu_display_manager *dm,

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tpm: Lock TPM chip in tpm_pm_suspend() first" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9265fed6db601ee2ec47577815387458ef4f047a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110927-staple-scotch-2d0a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9265fed6db601ee2ec47577815387458ef4f047a Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Thu, 31 Oct 2024 02:16:09 +0200 Subject: [PATCH] tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is in progress. The recent bug report gives also evidence of this behaviour. Aadress this by locking the TPM chip before checking any chip->flags both in tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED check inside tpm_get_random() so that it will be always checked only when the lock is reserved. Cc: stable(a)vger.kernel.org # v6.4+ Fixes: 99d464506255 ("tpm: Prevent hwrng from activating during resume") Reported-by: Mike Seo <mikeseohyungjin(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219383 Reviewed-by: Jerry Snitselaar <jsnitsel(a)redhat.com> Tested-by: Mike Seo <mikeseohyungjin(a)gmail.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 1ff99a7091bb..7df7abaf3e52 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -525,10 +525,6 @@ static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) { struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng); - /* Give back zero bytes, as TPM chip has not yet fully resumed: */ - if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) - return 0; - return tpm_get_random(chip, data, max); } diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 8134f002b121..b1daa0d7b341 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -370,6 +370,13 @@ int tpm_pm_suspend(struct device *dev) if (!chip) return -ENODEV; + rc = tpm_try_get_ops(chip); + if (rc) { + /* Can be safely set out of locks, as no action cannot race: */ + chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + goto out; + } + if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) goto suspended; @@ -377,21 +384,19 @@ int tpm_pm_suspend(struct device *dev) !pm_suspend_via_firmware()) goto suspended; - rc = tpm_try_get_ops(chip); - if (!rc) { - if (chip->flags & TPM_CHIP_FLAG_TPM2) { - tpm2_end_auth_session(chip); - tpm2_shutdown(chip, TPM2_SU_STATE); - } else { - rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); - } - - tpm_put_ops(chip); + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_end_auth_session(chip); + tpm2_shutdown(chip, TPM2_SU_STATE); + goto suspended; } + rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); + suspended: chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + tpm_put_ops(chip); +out: if (rc) dev_err(dev, "Ignoring error %d while suspending\n", rc); return 0; @@ -440,11 +445,18 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) if (!chip) return -ENODEV; + /* Give back zero bytes, as TPM chip has not yet fully resumed: */ + if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) { + rc = 0; + goto out; + } + if (chip->flags & TPM_CHIP_FLAG_TPM2) rc = tpm2_get_random(chip, out, max); else rc = tpm1_get_random(chip, out, max); +out: tpm_put_ops(chip); return rc; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tpm: Lock TPM chip in tpm_pm_suspend() first" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9265fed6db601ee2ec47577815387458ef4f047a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110926-shortness-stark-e2ea@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9265fed6db601ee2ec47577815387458ef4f047a Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Thu, 31 Oct 2024 02:16:09 +0200 Subject: [PATCH] tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is in progress. The recent bug report gives also evidence of this behaviour. Aadress this by locking the TPM chip before checking any chip->flags both in tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED check inside tpm_get_random() so that it will be always checked only when the lock is reserved. Cc: stable(a)vger.kernel.org # v6.4+ Fixes: 99d464506255 ("tpm: Prevent hwrng from activating during resume") Reported-by: Mike Seo <mikeseohyungjin(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219383 Reviewed-by: Jerry Snitselaar <jsnitsel(a)redhat.com> Tested-by: Mike Seo <mikeseohyungjin(a)gmail.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 1ff99a7091bb..7df7abaf3e52 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -525,10 +525,6 @@ static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) { struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng); - /* Give back zero bytes, as TPM chip has not yet fully resumed: */ - if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) - return 0; - return tpm_get_random(chip, data, max); } diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 8134f002b121..b1daa0d7b341 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -370,6 +370,13 @@ int tpm_pm_suspend(struct device *dev) if (!chip) return -ENODEV; + rc = tpm_try_get_ops(chip); + if (rc) { + /* Can be safely set out of locks, as no action cannot race: */ + chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + goto out; + } + if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) goto suspended; @@ -377,21 +384,19 @@ int tpm_pm_suspend(struct device *dev) !pm_suspend_via_firmware()) goto suspended; - rc = tpm_try_get_ops(chip); - if (!rc) { - if (chip->flags & TPM_CHIP_FLAG_TPM2) { - tpm2_end_auth_session(chip); - tpm2_shutdown(chip, TPM2_SU_STATE); - } else { - rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); - } - - tpm_put_ops(chip); + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_end_auth_session(chip); + tpm2_shutdown(chip, TPM2_SU_STATE); + goto suspended; } + rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); + suspended: chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + tpm_put_ops(chip); +out: if (rc) dev_err(dev, "Ignoring error %d while suspending\n", rc); return 0; @@ -440,11 +445,18 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) if (!chip) return -ENODEV; + /* Give back zero bytes, as TPM chip has not yet fully resumed: */ + if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) { + rc = 0; + goto out; + } + if (chip->flags & TPM_CHIP_FLAG_TPM2) rc = tpm2_get_random(chip, out, max); else rc = tpm1_get_random(chip, out, max); +out: tpm_put_ops(chip); return rc; }

10 months, 2 weeks

1
0
0 0

[PATCH] iio: imu: inv_icm42600: fix spi burst write not supported

by Jean-Baptiste Maneyrol via B4 Relay

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Burst write with SPI is not working for all icm42600 chips. It was only used for setting user offsets with regmap_bulk_write. Allow tweak of common regmap_config for using only single write for spi. Fixes: 9f9ff91b775b ("iio: imu: inv_icm42600: add SPI driver for inv_icm42600 driver") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600.h b/drivers/iio/imu/inv_icm42600/inv_icm42600.h index 3a07e43e4cf154f3107c015c30248330d8e677f8..36a3b0795fb7d6cb0c178fadd93896fbc346ba0d 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600.h @@ -402,7 +402,7 @@ struct inv_icm42600_sensor_state { typedef int (*inv_icm42600_bus_setup)(struct inv_icm42600_state *); -extern const struct regmap_config inv_icm42600_regmap_config; +extern struct regmap_config inv_icm42600_regmap_config; extern const struct dev_pm_ops inv_icm42600_pm_ops; const struct iio_mount_matrix * diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 93b5d7a3339ccff16b21bf6c40ed7b2311317cf4..680373f6267b37d386e4e7bda543ba4efe97e66b 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -74,7 +74,7 @@ static const struct regmap_access_table inv_icm42600_regmap_rd_noinc_accesses[] }, }; -const struct regmap_config inv_icm42600_regmap_config = { +struct regmap_config inv_icm42600_regmap_config = { .name = "inv_icm42600", .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c index 3b6d05fce65d544524b25299c6d342af92cfd1e0..73cacfd157a4538ae8c9d1c8d97157afa28aa672 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c @@ -59,6 +59,9 @@ static int inv_icm42600_probe(struct spi_device *spi) return -EINVAL; chip = (uintptr_t)match; + /* spi doesn't support burst write */ + inv_icm42600_regmap_config.use_single_write = true; + regmap = devm_regmap_init_spi(spi, &inv_icm42600_regmap_config); if (IS_ERR(regmap)) return PTR_ERR(regmap); --- base-commit: c9f8285ec18c08fae0de08835eb8e5953339e664 change-id: 20241107-inv-icm42600-fix-spi-burst-write-not-supported-efe78d7379a5 Best regards, -- Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>

10 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 1491efb39acee3848b61fcb3e5cc4be8de304352 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110929-reveler-elevate-b941@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1491efb39acee3848b61fcb3e5cc4be8de304352 Mon Sep 17 00:00:00 2001 From: Nirmoy Das <nirmoy.das(a)intel.com> Date: Tue, 29 Oct 2024 13:01:17 +0100 Subject: [PATCH] drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout Flush the g2h worker explicitly if TLB timeout happens which is observed on LNL and that points to the recent scheduling issue with E-cores on LNL. This is similar to the recent fix: commit e51527233804 ("drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout") and should be removed once there is E core scheduling fix. v2: Add platform check(Himal) v3: Remove gfx platform check as the issue related to cpu platform(John) Use the common WA macro(John) and print when the flush resolves timeout(Matt B) v4: Remove the resolves log and do the flush before taking pending_lock(Matt A) Cc: Badal Nilawar <badal.nilawar(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: John Harrison <John.C.Harrison(a)Intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: stable(a)vger.kernel.org # v6.11+ Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2687 Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241029120117.449694-3-nirmo… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit e1f6fa55664a0eeb0a641f497e1adfcf6672e995) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index bbb9e411d21f..9d82ea30f4df 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -72,6 +72,8 @@ static void xe_gt_tlb_fence_timeout(struct work_struct *work) struct xe_device *xe = gt_to_xe(gt); struct xe_gt_tlb_invalidation_fence *fence, *next; + LNL_FLUSH_WORK(&gt->uc.guc.ct.g2h_worker); + spin_lock_irq(&gt->tlb_invalidation.pending_lock); list_for_each_entry_safe(fence, next, &gt->tlb_invalidation.pending_fences, link) {

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 7d1e2580ed166f36949b468373b468d188880cd3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110930-partition-dislike-9711@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7d1e2580ed166f36949b468373b468d188880cd3 Mon Sep 17 00:00:00 2001 From: Nirmoy Das <nirmoy.das(a)intel.com> Date: Tue, 29 Oct 2024 13:01:16 +0100 Subject: [PATCH] drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout Flush xe ordered_wq in case of ufence timeout which is observed on LNL and that points to recent scheduling issue with E-cores. This is similar to the recent fix: commit e51527233804 ("drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout") and should be removed once there is a E-core scheduling fix for LNL. v2: Add platform check(Himal) s/__flush_workqueue/flush_workqueue(Jani) v3: Remove gfx platform check as the issue related to cpu platform(John) v4: Use the Common macro(John) and print when the flush resolves timeout(Matt B) Cc: Badal Nilawar <badal.nilawar(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: John Harrison <John.C.Harrison(a)Intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: stable(a)vger.kernel.org # v6.11+ Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2754 Suggested-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241029120117.449694-2-nirmo… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 38c4c8722bd74452280951edc44c23de47612001) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_wait_user_fence.c b/drivers/gpu/drm/xe/xe_wait_user_fence.c index f5deb81eba01..5b4264ea38bd 100644 --- a/drivers/gpu/drm/xe/xe_wait_user_fence.c +++ b/drivers/gpu/drm/xe/xe_wait_user_fence.c @@ -155,6 +155,13 @@ int xe_wait_user_fence_ioctl(struct drm_device *dev, void *data, } if (!timeout) { + LNL_FLUSH_WORKQUEUE(xe->ordered_wq); + err = do_compare(addr, args->value, args->mask, + args->op); + if (err <= 0) { + drm_dbg(&xe->drm, "LNL_FLUSH_WORKQUEUE resolved ufence timeout\n"); + break; + } err = -ETIME; break; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Move LNL scheduling WA to xe_device.h" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 55e8a3f37e54eb1c7b914d6d5565a37282ec1978 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110922-submitter-street-a3f8@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 55e8a3f37e54eb1c7b914d6d5565a37282ec1978 Mon Sep 17 00:00:00 2001 From: Nirmoy Das <nirmoy.das(a)intel.com> Date: Tue, 29 Oct 2024 13:01:15 +0100 Subject: [PATCH] drm/xe: Move LNL scheduling WA to xe_device.h Move LNL scheduling WA to xe_device.h so this can be used in other places without needing keep the same comment about removal of this WA in the future. The WA, which flushes work or workqueues, is now wrapped in macros and can be reused wherever needed. Cc: Badal Nilawar <badal.nilawar(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> cc: stable(a)vger.kernel.org # v6.11+ Suggested-by: John Harrison <John.C.Harrison(a)Intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241029120117.449694-1-nirmo… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit cbe006a6492c01a0058912ae15d473f4c149896c) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_device.h b/drivers/gpu/drm/xe/xe_device.h index 894f04770454..34620ef855c0 100644 --- a/drivers/gpu/drm/xe/xe_device.h +++ b/drivers/gpu/drm/xe/xe_device.h @@ -178,4 +178,18 @@ void xe_device_declare_wedged(struct xe_device *xe); struct xe_file *xe_file_get(struct xe_file *xef); void xe_file_put(struct xe_file *xef); +/* + * Occasionally it is seen that the G2H worker starts running after a delay of more than + * a second even after being queued and activated by the Linux workqueue subsystem. This + * leads to G2H timeout error. The root cause of issue lies with scheduling latency of + * Lunarlake Hybrid CPU. Issue disappears if we disable Lunarlake atom cores from BIOS + * and this is beyond xe kmd. + * + * TODO: Drop this change once workqueue scheduling delay issue is fixed on LNL Hybrid CPU. + */ +#define LNL_FLUSH_WORKQUEUE(wq__) \ + flush_workqueue(wq__) +#define LNL_FLUSH_WORK(wrk__) \ + flush_work(wrk__) + #endif diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 17986bfd8818..9c505d3517cd 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -897,17 +897,8 @@ static int guc_ct_send_recv(struct xe_guc_ct *ct, const u32 *action, u32 len, ret = wait_event_timeout(ct->g2h_fence_wq, g2h_fence.done, HZ); - /* - * Occasionally it is seen that the G2H worker starts running after a delay of more than - * a second even after being queued and activated by the Linux workqueue subsystem. This - * leads to G2H timeout error. The root cause of issue lies with scheduling latency of - * Lunarlake Hybrid CPU. Issue dissappears if we disable Lunarlake atom cores from BIOS - * and this is beyond xe kmd. - * - * TODO: Drop this change once workqueue scheduling delay issue is fixed on LNL Hybrid CPU. - */ if (!ret) { - flush_work(&ct->g2h_worker); + LNL_FLUSH_WORK(&ct->g2h_worker); if (g2h_fence.done) { xe_gt_warn(gt, "G2H fence %u, action %04x, done\n", g2h_fence.seqno, action[0]);

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b8fc56fbca7482c1e5c0e3351c6ae78982e25ada # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110908-basin-unrefined-82bf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b8fc56fbca7482c1e5c0e3351c6ae78982e25ada Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Mon, 4 Nov 2024 13:40:41 +0900 Subject: [PATCH] ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp(). Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Norbert Szetei <norbert(a)doyensec.com> Tested-by: Norbert Szetei <norbert(a)doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/server.c b/fs/smb/server/server.c index 9670c97f14b3..e7f14f8df943 100644 --- a/fs/smb/server/server.c +++ b/fs/smb/server/server.c @@ -238,11 +238,11 @@ static void __handle_ksmbd_work(struct ksmbd_work *work, } while (is_chained == true); send: - if (work->sess) - ksmbd_user_session_put(work->sess); if (work->tcon) ksmbd_tree_connect_put(work->tcon); smb3_preauth_hash_rsp(work); + if (work->sess) + ksmbd_user_session_put(work->sess); if (work->sess && work->sess->enc && work->encrypted && conn->ops->encrypt_resp) { rc = conn->ops->encrypt_resp(work);

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: Fix the missing xa_store error check" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3abab905b14f4ba756d413f37f1fb02b708eee93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110956-unwired-hence-eb8d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3abab905b14f4ba756d413f37f1fb02b708eee93 Mon Sep 17 00:00:00 2001 From: Jinjie Ruan <ruanjinjie(a)huawei.com> Date: Mon, 28 Oct 2024 08:28:30 +0900 Subject: [PATCH] ksmbd: Fix the missing xa_store error check xa_store() can fail, it return xa_err(-EINVAL) if the entry cannot be stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed, so check error for xa_store() to fix it. Cc: stable(a)vger.kernel.org Fixes: b685757c7b08 ("ksmbd: Implements sess->rpc_handle_list as xarray") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/mgmt/user_session.c b/fs/smb/server/mgmt/user_session.c index 1e4624e9d434..9756a4bbfe54 100644 --- a/fs/smb/server/mgmt/user_session.c +++ b/fs/smb/server/mgmt/user_session.c @@ -90,7 +90,7 @@ static int __rpc_method(char *rpc_name) int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name) { - struct ksmbd_session_rpc *entry; + struct ksmbd_session_rpc *entry, *old; struct ksmbd_rpc_command *resp; int method; @@ -106,16 +106,19 @@ int ksmbd_session_rpc_open(struct ksmbd_session *sess, char *rpc_name) entry->id = ksmbd_ipc_id_alloc(); if (entry->id < 0) goto free_entry; - xa_store(&sess->rpc_handle_list, entry->id, entry, GFP_KERNEL); + old = xa_store(&sess->rpc_handle_list, entry->id, entry, GFP_KERNEL); + if (xa_is_err(old)) + goto free_id; resp = ksmbd_rpc_open(sess, entry->id); if (!resp) - goto free_id; + goto erase_xa; kvfree(resp); return entry->id; -free_id: +erase_xa: xa_erase(&sess->rpc_handle_list, entry->id); +free_id: ksmbd_rpc_id_free(entry->id); free_entry: kfree(entry);

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: check outstanding simultaneous SMB operations" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0a77d947f599b1f39065015bec99390d0c0022ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110945-emission-stegosaur-f847@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a77d947f599b1f39065015bec99390d0c0022ee Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Mon, 4 Nov 2024 13:43:06 +0900 Subject: [PATCH] ksmbd: check outstanding simultaneous SMB operations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit. Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Norbert Szetei <norbert(a)doyensec.com> Tested-by: Norbert Szetei <norbert(a)doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c index aa2a37a7ce84..e6a72f75ab94 100644 --- a/fs/smb/server/connection.c +++ b/fs/smb/server/connection.c @@ -70,6 +70,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) atomic_set(&conn->req_running, 0); atomic_set(&conn->r_count, 0); atomic_set(&conn->refcnt, 1); + atomic_set(&conn->mux_smb_requests, 0); conn->total_credits = 1; conn->outstanding_credits = 0; diff --git a/fs/smb/server/connection.h b/fs/smb/server/connection.h index b379ae4fdcdf..8ddd5a3c7baf 100644 --- a/fs/smb/server/connection.h +++ b/fs/smb/server/connection.h @@ -107,6 +107,7 @@ struct ksmbd_conn { __le16 signing_algorithm; bool binding; atomic_t refcnt; + atomic_t mux_smb_requests; }; struct ksmbd_conn_ops { diff --git a/fs/smb/server/server.c b/fs/smb/server/server.c index e7f14f8df943..e6cfedba9992 100644 --- a/fs/smb/server/server.c +++ b/fs/smb/server/server.c @@ -270,6 +270,7 @@ static void handle_ksmbd_work(struct work_struct *wk) ksmbd_conn_try_dequeue_request(work); ksmbd_free_work_struct(work); + atomic_dec(&conn->mux_smb_requests); /* * Checking waitqueue to dropping pending requests on * disconnection. waitqueue_active is safe because it @@ -291,6 +292,15 @@ static int queue_ksmbd_work(struct ksmbd_conn *conn) struct ksmbd_work *work; int err; + err = ksmbd_init_smb_server(conn); + if (err) + return 0; + + if (atomic_inc_return(&conn->mux_smb_requests) >= conn->vals->max_credits) { + atomic_dec_return(&conn->mux_smb_requests); + return -ENOSPC; + } + work = ksmbd_alloc_work_struct(); if (!work) { pr_err("allocation for work failed\n"); @@ -301,12 +311,6 @@ static int queue_ksmbd_work(struct ksmbd_conn *conn) work->request_buf = conn->request_buf; conn->request_buf = NULL; - err = ksmbd_init_smb_server(work); - if (err) { - ksmbd_free_work_struct(work); - return 0; - } - ksmbd_conn_enqueue_request(work); atomic_inc(&conn->r_count); /* update activity on connection */ diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index a2ebbe604c8c..75b4eb856d32 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -388,6 +388,10 @@ static struct smb_version_ops smb1_server_ops = { .set_rsp_status = set_smb1_rsp_status, }; +static struct smb_version_values smb1_server_values = { + .max_credits = SMB2_MAX_CREDITS, +}; + static int smb1_negotiate(struct ksmbd_work *work) { return ksmbd_smb_negotiate_common(work, SMB_COM_NEGOTIATE); @@ -399,18 +403,18 @@ static struct smb_version_cmds smb1_server_cmds[1] = { static int init_smb1_server(struct ksmbd_conn *conn) { + conn->vals = &smb1_server_values; conn->ops = &smb1_server_ops; conn->cmds = smb1_server_cmds; conn->max_cmds = ARRAY_SIZE(smb1_server_cmds); return 0; } -int ksmbd_init_smb_server(struct ksmbd_work *work) +int ksmbd_init_smb_server(struct ksmbd_conn *conn) { - struct ksmbd_conn *conn = work->conn; __le32 proto; - proto = *(__le32 *)((struct smb_hdr *)work->request_buf)->Protocol; + proto = *(__le32 *)((struct smb_hdr *)conn->request_buf)->Protocol; if (conn->need_neg == false) { if (proto == SMB1_PROTO_NUMBER) return -EINVAL; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index cc1d6dfe29d5..a3d8a905b07e 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -427,7 +427,7 @@ bool ksmbd_smb_request(struct ksmbd_conn *conn); int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count); -int ksmbd_init_smb_server(struct ksmbd_work *work); +int ksmbd_init_smb_server(struct ksmbd_conn *conn); struct ksmbd_kstat; int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work,

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: check outstanding simultaneous SMB operations" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0a77d947f599b1f39065015bec99390d0c0022ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110945-blot-unsaid-0239@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a77d947f599b1f39065015bec99390d0c0022ee Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Mon, 4 Nov 2024 13:43:06 +0900 Subject: [PATCH] ksmbd: check outstanding simultaneous SMB operations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit. Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Norbert Szetei <norbert(a)doyensec.com> Tested-by: Norbert Szetei <norbert(a)doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c index aa2a37a7ce84..e6a72f75ab94 100644 --- a/fs/smb/server/connection.c +++ b/fs/smb/server/connection.c @@ -70,6 +70,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) atomic_set(&conn->req_running, 0); atomic_set(&conn->r_count, 0); atomic_set(&conn->refcnt, 1); + atomic_set(&conn->mux_smb_requests, 0); conn->total_credits = 1; conn->outstanding_credits = 0; diff --git a/fs/smb/server/connection.h b/fs/smb/server/connection.h index b379ae4fdcdf..8ddd5a3c7baf 100644 --- a/fs/smb/server/connection.h +++ b/fs/smb/server/connection.h @@ -107,6 +107,7 @@ struct ksmbd_conn { __le16 signing_algorithm; bool binding; atomic_t refcnt; + atomic_t mux_smb_requests; }; struct ksmbd_conn_ops { diff --git a/fs/smb/server/server.c b/fs/smb/server/server.c index e7f14f8df943..e6cfedba9992 100644 --- a/fs/smb/server/server.c +++ b/fs/smb/server/server.c @@ -270,6 +270,7 @@ static void handle_ksmbd_work(struct work_struct *wk) ksmbd_conn_try_dequeue_request(work); ksmbd_free_work_struct(work); + atomic_dec(&conn->mux_smb_requests); /* * Checking waitqueue to dropping pending requests on * disconnection. waitqueue_active is safe because it @@ -291,6 +292,15 @@ static int queue_ksmbd_work(struct ksmbd_conn *conn) struct ksmbd_work *work; int err; + err = ksmbd_init_smb_server(conn); + if (err) + return 0; + + if (atomic_inc_return(&conn->mux_smb_requests) >= conn->vals->max_credits) { + atomic_dec_return(&conn->mux_smb_requests); + return -ENOSPC; + } + work = ksmbd_alloc_work_struct(); if (!work) { pr_err("allocation for work failed\n"); @@ -301,12 +311,6 @@ static int queue_ksmbd_work(struct ksmbd_conn *conn) work->request_buf = conn->request_buf; conn->request_buf = NULL; - err = ksmbd_init_smb_server(work); - if (err) { - ksmbd_free_work_struct(work); - return 0; - } - ksmbd_conn_enqueue_request(work); atomic_inc(&conn->r_count); /* update activity on connection */ diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index a2ebbe604c8c..75b4eb856d32 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -388,6 +388,10 @@ static struct smb_version_ops smb1_server_ops = { .set_rsp_status = set_smb1_rsp_status, }; +static struct smb_version_values smb1_server_values = { + .max_credits = SMB2_MAX_CREDITS, +}; + static int smb1_negotiate(struct ksmbd_work *work) { return ksmbd_smb_negotiate_common(work, SMB_COM_NEGOTIATE); @@ -399,18 +403,18 @@ static struct smb_version_cmds smb1_server_cmds[1] = { static int init_smb1_server(struct ksmbd_conn *conn) { + conn->vals = &smb1_server_values; conn->ops = &smb1_server_ops; conn->cmds = smb1_server_cmds; conn->max_cmds = ARRAY_SIZE(smb1_server_cmds); return 0; } -int ksmbd_init_smb_server(struct ksmbd_work *work) +int ksmbd_init_smb_server(struct ksmbd_conn *conn) { - struct ksmbd_conn *conn = work->conn; __le32 proto; - proto = *(__le32 *)((struct smb_hdr *)work->request_buf)->Protocol; + proto = *(__le32 *)((struct smb_hdr *)conn->request_buf)->Protocol; if (conn->need_neg == false) { if (proto == SMB1_PROTO_NUMBER) return -EINVAL; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index cc1d6dfe29d5..a3d8a905b07e 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -427,7 +427,7 @@ bool ksmbd_smb_request(struct ksmbd_conn *conn); int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count); -int ksmbd_init_smb_server(struct ksmbd_work *work); +int ksmbd_init_smb_server(struct ksmbd_conn *conn); struct ksmbd_kstat; int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work,

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0a77715db22611df50b178374c51e2ba0d58866e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110929-darwinism-jailbird-48ab@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a77715db22611df50b178374c51e2ba0d58866e Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Sat, 2 Nov 2024 18:46:38 +0900 Subject: [PATCH] ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_expire_session. This patch add missing sessions_table_lock while adding/deleting session from global session table. Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Norbert Szetei <norbert(a)doyensec.com> Tested-by: Norbert Szetei <norbert(a)doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/mgmt/user_session.c b/fs/smb/server/mgmt/user_session.c index 9756a4bbfe54..ad02fe555fda 100644 --- a/fs/smb/server/mgmt/user_session.c +++ b/fs/smb/server/mgmt/user_session.c @@ -178,6 +178,7 @@ static void ksmbd_expire_session(struct ksmbd_conn *conn) unsigned long id; struct ksmbd_session *sess; + down_write(&sessions_table_lock); down_write(&conn->session_lock); xa_for_each(&conn->sessions, id, sess) { if (atomic_read(&sess->refcnt) == 0 && @@ -191,6 +192,7 @@ static void ksmbd_expire_session(struct ksmbd_conn *conn) } } up_write(&conn->session_lock); + up_write(&sessions_table_lock); } int ksmbd_session_register(struct ksmbd_conn *conn, @@ -232,7 +234,6 @@ void ksmbd_sessions_deregister(struct ksmbd_conn *conn) } } } - up_write(&sessions_table_lock); down_write(&conn->session_lock); xa_for_each(&conn->sessions, id, sess) { @@ -252,6 +253,7 @@ void ksmbd_sessions_deregister(struct ksmbd_conn *conn) } } up_write(&conn->session_lock); + up_write(&sessions_table_lock); } struct ksmbd_session *ksmbd_session_lookup(struct ksmbd_conn *conn,

10 months, 2 weeks

1
0
0 0

FAILED: Patch "io_uring/rw: fix missing NOWAIT check for O_DIRECT start write" failed to apply to v5.15-stable tree

by Sasha Levin

The patch below does not apply to the v5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 1d60d74e852647255bd8e76f5a22dc42531e4389 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 31 Oct 2024 08:05:44 -0600 Subject: [PATCH] io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze side will grab that rwsem for writing, excluding any new writers from happening and waiting for existing writes to finish. But io_uring unconditionally uses kiocb_start_write(), which will block if someone is currently attempting to freeze the mount point. This causes a deadlock where freeze is waiting for previous writes to complete, but the previous writes cannot complete, as the task that is supposed to complete them is blocked waiting on starting a new write. This results in the following stuck trace showing that dependency with the write blocked starting a new write: task:fio state:D stack:0 pid:886 tgid:886 ppid:876 Call trace: __switch_to+0x1d8/0x348 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_rwsem_wait+0x1e8/0x3f8 __percpu_down_read+0xe8/0x500 io_write+0xbb8/0xff8 io_issue_sqe+0x10c/0x1020 io_submit_sqes+0x614/0x2110 __arm64_sys_io_uring_enter+0x524/0x1038 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 INFO: task fsfreeze:7364 blocked for more than 15 seconds. Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963 with the attempting freezer stuck trying to grab the rwsem: task:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995 Call trace: __switch_to+0x1d8/0x348 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_down_write+0x2b0/0x680 freeze_super+0x248/0x8a8 do_vfs_ioctl+0x149c/0x1b18 __arm64_sys_ioctl+0xd0/0x1a0 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 Fix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a blocking grab of the super block rwsem if it isn't set. For normal issue where IOCB_NOWAIT would always be set, this returns -EAGAIN which will have io_uring core issue a blocking attempt of the write. That will in turn also get completions run, ensuring forward progress. Since freezing requires CAP_SYS_ADMIN in the first place, this isn't something that can be triggered by a regular user. Cc: stable(a)vger.kernel.org # 5.10+ Reported-by: Peter Mann <peter.mann(a)sh.cz> Link: https://lore.kernel.org/io-uring/38c94aec-81c9-4f62-b44e-1d87f5597644@sh.cz Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/rw.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/io_uring/rw.c b/io_uring/rw.c index 354c4e175654c..155938f100931 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -1014,6 +1014,25 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) return IOU_OK; } +static bool io_kiocb_start_write(struct io_kiocb *req, struct kiocb *kiocb) +{ + struct inode *inode; + bool ret; + + if (!(req->flags & REQ_F_ISREG)) + return true; + if (!(kiocb->ki_flags & IOCB_NOWAIT)) { + kiocb_start_write(kiocb); + return true; + } + + inode = file_inode(kiocb->ki_filp); + ret = sb_start_write_trylock(inode->i_sb); + if (ret) + __sb_writers_release(inode->i_sb, SB_FREEZE_WRITE); + return ret; +} + int io_write(struct io_kiocb *req, unsigned int issue_flags) { bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; @@ -1051,8 +1070,8 @@ int io_write(struct io_kiocb *req, unsigned int issue_flags) if (unlikely(ret)) return ret; - if (req->flags & REQ_F_ISREG) - kiocb_start_write(kiocb); + if (unlikely(!io_kiocb_start_write(req, kiocb))) + return -EAGAIN; kiocb->ki_flags |= IOCB_WRITE; if (likely(req->file->f_op->write_iter)) -- 2.43.0

10 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] media: av7110: fix a spectre vulnerability" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 458ea1c0be991573ec436aa0afa23baacfae101a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110949-sinner-broadband-3aa8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 458ea1c0be991573ec436aa0afa23baacfae101a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Date: Tue, 15 Oct 2024 09:24:24 +0200 Subject: [PATCH] media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/staging/media/av7110/av7110.h b/drivers/staging/media/av7110/av7110.h index ec461fd187af..b584754f4be0 100644 --- a/drivers/staging/media/av7110/av7110.h +++ b/drivers/staging/media/av7110/av7110.h @@ -88,6 +88,8 @@ struct infrared { u32 ir_config; }; +#define MAX_CI_SLOTS 2 + /* place to store all the necessary device information */ struct av7110 { /* devices */ @@ -163,7 +165,7 @@ struct av7110 { /* CA */ - struct ca_slot_info ci_slot[2]; + struct ca_slot_info ci_slot[MAX_CI_SLOTS]; enum av7110_video_mode vidmode; struct dmxdev dmxdev; diff --git a/drivers/staging/media/av7110/av7110_ca.c b/drivers/staging/media/av7110/av7110_ca.c index 6ce212c64e5d..fce4023c9dea 100644 --- a/drivers/staging/media/av7110/av7110_ca.c +++ b/drivers/staging/media/av7110/av7110_ca.c @@ -26,23 +26,28 @@ void CI_handle(struct av7110 *av7110, u8 *data, u16 len) { + unsigned slot_num; + dprintk(8, "av7110:%p\n", av7110); if (len < 3) return; switch (data[0]) { case CI_MSG_CI_INFO: - if (data[2] != 1 && data[2] != 2) + if (data[2] != 1 && data[2] != MAX_CI_SLOTS) break; + + slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS); + switch (data[1]) { case 0: - av7110->ci_slot[data[2] - 1].flags = 0; + av7110->ci_slot[slot_num].flags = 0; break; case 1: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT; break; case 2: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY; break; } break; @@ -262,15 +267,19 @@ static int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) case CA_GET_SLOT_INFO: { struct ca_slot_info *info = (struct ca_slot_info *)parg; + unsigned int slot_num; if (info->num < 0 || info->num > 1) { mutex_unlock(&av7110->ioctl_mutex); return -EINVAL; } - av7110->ci_slot[info->num].num = info->num; - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? - CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info)); + slot_num = array_index_nospec(info->num, MAX_CI_SLOTS); + + av7110->ci_slot[slot_num].num = info->num; + av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + CA_CI_LINK : CA_CI; + memcpy(info, &av7110->ci_slot[slot_num], + sizeof(struct ca_slot_info)); break; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: av7110: fix a spectre vulnerability" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 458ea1c0be991573ec436aa0afa23baacfae101a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110949-unseeing-smolder-1b43@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 458ea1c0be991573ec436aa0afa23baacfae101a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Date: Tue, 15 Oct 2024 09:24:24 +0200 Subject: [PATCH] media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/staging/media/av7110/av7110.h b/drivers/staging/media/av7110/av7110.h index ec461fd187af..b584754f4be0 100644 --- a/drivers/staging/media/av7110/av7110.h +++ b/drivers/staging/media/av7110/av7110.h @@ -88,6 +88,8 @@ struct infrared { u32 ir_config; }; +#define MAX_CI_SLOTS 2 + /* place to store all the necessary device information */ struct av7110 { /* devices */ @@ -163,7 +165,7 @@ struct av7110 { /* CA */ - struct ca_slot_info ci_slot[2]; + struct ca_slot_info ci_slot[MAX_CI_SLOTS]; enum av7110_video_mode vidmode; struct dmxdev dmxdev; diff --git a/drivers/staging/media/av7110/av7110_ca.c b/drivers/staging/media/av7110/av7110_ca.c index 6ce212c64e5d..fce4023c9dea 100644 --- a/drivers/staging/media/av7110/av7110_ca.c +++ b/drivers/staging/media/av7110/av7110_ca.c @@ -26,23 +26,28 @@ void CI_handle(struct av7110 *av7110, u8 *data, u16 len) { + unsigned slot_num; + dprintk(8, "av7110:%p\n", av7110); if (len < 3) return; switch (data[0]) { case CI_MSG_CI_INFO: - if (data[2] != 1 && data[2] != 2) + if (data[2] != 1 && data[2] != MAX_CI_SLOTS) break; + + slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS); + switch (data[1]) { case 0: - av7110->ci_slot[data[2] - 1].flags = 0; + av7110->ci_slot[slot_num].flags = 0; break; case 1: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT; break; case 2: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY; break; } break; @@ -262,15 +267,19 @@ static int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) case CA_GET_SLOT_INFO: { struct ca_slot_info *info = (struct ca_slot_info *)parg; + unsigned int slot_num; if (info->num < 0 || info->num > 1) { mutex_unlock(&av7110->ioctl_mutex); return -EINVAL; } - av7110->ci_slot[info->num].num = info->num; - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? - CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info)); + slot_num = array_index_nospec(info->num, MAX_CI_SLOTS); + + av7110->ci_slot[slot_num].num = info->num; + av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + CA_CI_LINK : CA_CI; + memcpy(info, &av7110->ci_slot[slot_num], + sizeof(struct ca_slot_info)); break; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: av7110: fix a spectre vulnerability" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 458ea1c0be991573ec436aa0afa23baacfae101a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110948-sharply-unissued-74b9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 458ea1c0be991573ec436aa0afa23baacfae101a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Date: Tue, 15 Oct 2024 09:24:24 +0200 Subject: [PATCH] media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/staging/media/av7110/av7110.h b/drivers/staging/media/av7110/av7110.h index ec461fd187af..b584754f4be0 100644 --- a/drivers/staging/media/av7110/av7110.h +++ b/drivers/staging/media/av7110/av7110.h @@ -88,6 +88,8 @@ struct infrared { u32 ir_config; }; +#define MAX_CI_SLOTS 2 + /* place to store all the necessary device information */ struct av7110 { /* devices */ @@ -163,7 +165,7 @@ struct av7110 { /* CA */ - struct ca_slot_info ci_slot[2]; + struct ca_slot_info ci_slot[MAX_CI_SLOTS]; enum av7110_video_mode vidmode; struct dmxdev dmxdev; diff --git a/drivers/staging/media/av7110/av7110_ca.c b/drivers/staging/media/av7110/av7110_ca.c index 6ce212c64e5d..fce4023c9dea 100644 --- a/drivers/staging/media/av7110/av7110_ca.c +++ b/drivers/staging/media/av7110/av7110_ca.c @@ -26,23 +26,28 @@ void CI_handle(struct av7110 *av7110, u8 *data, u16 len) { + unsigned slot_num; + dprintk(8, "av7110:%p\n", av7110); if (len < 3) return; switch (data[0]) { case CI_MSG_CI_INFO: - if (data[2] != 1 && data[2] != 2) + if (data[2] != 1 && data[2] != MAX_CI_SLOTS) break; + + slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS); + switch (data[1]) { case 0: - av7110->ci_slot[data[2] - 1].flags = 0; + av7110->ci_slot[slot_num].flags = 0; break; case 1: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT; break; case 2: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY; break; } break; @@ -262,15 +267,19 @@ static int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) case CA_GET_SLOT_INFO: { struct ca_slot_info *info = (struct ca_slot_info *)parg; + unsigned int slot_num; if (info->num < 0 || info->num > 1) { mutex_unlock(&av7110->ioctl_mutex); return -EINVAL; } - av7110->ci_slot[info->num].num = info->num; - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? - CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info)); + slot_num = array_index_nospec(info->num, MAX_CI_SLOTS); + + av7110->ci_slot[slot_num].num = info->num; + av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + CA_CI_LINK : CA_CI; + memcpy(info, &av7110->ci_slot[slot_num], + sizeof(struct ca_slot_info)); break; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: av7110: fix a spectre vulnerability" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 458ea1c0be991573ec436aa0afa23baacfae101a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110948-repugnant-numbly-fe39@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 458ea1c0be991573ec436aa0afa23baacfae101a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Date: Tue, 15 Oct 2024 09:24:24 +0200 Subject: [PATCH] media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/staging/media/av7110/av7110.h b/drivers/staging/media/av7110/av7110.h index ec461fd187af..b584754f4be0 100644 --- a/drivers/staging/media/av7110/av7110.h +++ b/drivers/staging/media/av7110/av7110.h @@ -88,6 +88,8 @@ struct infrared { u32 ir_config; }; +#define MAX_CI_SLOTS 2 + /* place to store all the necessary device information */ struct av7110 { /* devices */ @@ -163,7 +165,7 @@ struct av7110 { /* CA */ - struct ca_slot_info ci_slot[2]; + struct ca_slot_info ci_slot[MAX_CI_SLOTS]; enum av7110_video_mode vidmode; struct dmxdev dmxdev; diff --git a/drivers/staging/media/av7110/av7110_ca.c b/drivers/staging/media/av7110/av7110_ca.c index 6ce212c64e5d..fce4023c9dea 100644 --- a/drivers/staging/media/av7110/av7110_ca.c +++ b/drivers/staging/media/av7110/av7110_ca.c @@ -26,23 +26,28 @@ void CI_handle(struct av7110 *av7110, u8 *data, u16 len) { + unsigned slot_num; + dprintk(8, "av7110:%p\n", av7110); if (len < 3) return; switch (data[0]) { case CI_MSG_CI_INFO: - if (data[2] != 1 && data[2] != 2) + if (data[2] != 1 && data[2] != MAX_CI_SLOTS) break; + + slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS); + switch (data[1]) { case 0: - av7110->ci_slot[data[2] - 1].flags = 0; + av7110->ci_slot[slot_num].flags = 0; break; case 1: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT; break; case 2: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY; break; } break; @@ -262,15 +267,19 @@ static int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) case CA_GET_SLOT_INFO: { struct ca_slot_info *info = (struct ca_slot_info *)parg; + unsigned int slot_num; if (info->num < 0 || info->num > 1) { mutex_unlock(&av7110->ioctl_mutex); return -EINVAL; } - av7110->ci_slot[info->num].num = info->num; - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? - CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info)); + slot_num = array_index_nospec(info->num, MAX_CI_SLOTS); + + av7110->ci_slot[slot_num].num = info->num; + av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + CA_CI_LINK : CA_CI; + memcpy(info, &av7110->ci_slot[slot_num], + sizeof(struct ca_slot_info)); break; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: av7110: fix a spectre vulnerability" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 458ea1c0be991573ec436aa0afa23baacfae101a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110947-probing-conform-ac38@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 458ea1c0be991573ec436aa0afa23baacfae101a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Date: Tue, 15 Oct 2024 09:24:24 +0200 Subject: [PATCH] media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/staging/media/av7110/av7110.h b/drivers/staging/media/av7110/av7110.h index ec461fd187af..b584754f4be0 100644 --- a/drivers/staging/media/av7110/av7110.h +++ b/drivers/staging/media/av7110/av7110.h @@ -88,6 +88,8 @@ struct infrared { u32 ir_config; }; +#define MAX_CI_SLOTS 2 + /* place to store all the necessary device information */ struct av7110 { /* devices */ @@ -163,7 +165,7 @@ struct av7110 { /* CA */ - struct ca_slot_info ci_slot[2]; + struct ca_slot_info ci_slot[MAX_CI_SLOTS]; enum av7110_video_mode vidmode; struct dmxdev dmxdev; diff --git a/drivers/staging/media/av7110/av7110_ca.c b/drivers/staging/media/av7110/av7110_ca.c index 6ce212c64e5d..fce4023c9dea 100644 --- a/drivers/staging/media/av7110/av7110_ca.c +++ b/drivers/staging/media/av7110/av7110_ca.c @@ -26,23 +26,28 @@ void CI_handle(struct av7110 *av7110, u8 *data, u16 len) { + unsigned slot_num; + dprintk(8, "av7110:%p\n", av7110); if (len < 3) return; switch (data[0]) { case CI_MSG_CI_INFO: - if (data[2] != 1 && data[2] != 2) + if (data[2] != 1 && data[2] != MAX_CI_SLOTS) break; + + slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS); + switch (data[1]) { case 0: - av7110->ci_slot[data[2] - 1].flags = 0; + av7110->ci_slot[slot_num].flags = 0; break; case 1: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT; break; case 2: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY; break; } break; @@ -262,15 +267,19 @@ static int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) case CA_GET_SLOT_INFO: { struct ca_slot_info *info = (struct ca_slot_info *)parg; + unsigned int slot_num; if (info->num < 0 || info->num > 1) { mutex_unlock(&av7110->ioctl_mutex); return -EINVAL; } - av7110->ci_slot[info->num].num = info->num; - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? - CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info)); + slot_num = array_index_nospec(info->num, MAX_CI_SLOTS); + + av7110->ci_slot[slot_num].num = info->num; + av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + CA_CI_LINK : CA_CI; + memcpy(info, &av7110->ci_slot[slot_num], + sizeof(struct ca_slot_info)); break; }

10 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: av7110: fix a spectre vulnerability" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 458ea1c0be991573ec436aa0afa23baacfae101a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024110947-passivism-unstirred-8a08@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 458ea1c0be991573ec436aa0afa23baacfae101a Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> Date: Tue, 15 Oct 2024 09:24:24 +0200 Subject: [PATCH] media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/staging/media/av7110/av7110.h b/drivers/staging/media/av7110/av7110.h index ec461fd187af..b584754f4be0 100644 --- a/drivers/staging/media/av7110/av7110.h +++ b/drivers/staging/media/av7110/av7110.h @@ -88,6 +88,8 @@ struct infrared { u32 ir_config; }; +#define MAX_CI_SLOTS 2 + /* place to store all the necessary device information */ struct av7110 { /* devices */ @@ -163,7 +165,7 @@ struct av7110 { /* CA */ - struct ca_slot_info ci_slot[2]; + struct ca_slot_info ci_slot[MAX_CI_SLOTS]; enum av7110_video_mode vidmode; struct dmxdev dmxdev; diff --git a/drivers/staging/media/av7110/av7110_ca.c b/drivers/staging/media/av7110/av7110_ca.c index 6ce212c64e5d..fce4023c9dea 100644 --- a/drivers/staging/media/av7110/av7110_ca.c +++ b/drivers/staging/media/av7110/av7110_ca.c @@ -26,23 +26,28 @@ void CI_handle(struct av7110 *av7110, u8 *data, u16 len) { + unsigned slot_num; + dprintk(8, "av7110:%p\n", av7110); if (len < 3) return; switch (data[0]) { case CI_MSG_CI_INFO: - if (data[2] != 1 && data[2] != 2) + if (data[2] != 1 && data[2] != MAX_CI_SLOTS) break; + + slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS); + switch (data[1]) { case 0: - av7110->ci_slot[data[2] - 1].flags = 0; + av7110->ci_slot[slot_num].flags = 0; break; case 1: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT; break; case 2: - av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY; + av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY; break; } break; @@ -262,15 +267,19 @@ static int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) case CA_GET_SLOT_INFO: { struct ca_slot_info *info = (struct ca_slot_info *)parg; + unsigned int slot_num; if (info->num < 0 || info->num > 1) { mutex_unlock(&av7110->ioctl_mutex); return -EINVAL; } - av7110->ci_slot[info->num].num = info->num; - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? - CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info)); + slot_num = array_index_nospec(info->num, MAX_CI_SLOTS); + + av7110->ci_slot[slot_num].num = info->num; + av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + CA_CI_LINK : CA_CI; + memcpy(info, &av7110->ci_slot[slot_num], + sizeof(struct ca_slot_info)); break; }

10 months, 2 weeks

1
0
0 0

FAILED: Patch "posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone" failed to apply to v6.1-stable tree

by Sasha Levin

The patch below does not apply to the v6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From b5413156bad91dc2995a5c4eab1b05e56914638a Mon Sep 17 00:00:00 2001 From: Benjamin Segall <bsegall(a)google.com> Date: Fri, 25 Oct 2024 18:35:35 -0700 Subject: [PATCH] posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone When cloning a new thread, its posix_cputimers are not inherited, and are cleared by posix_cputimers_init(). However, this does not clear the tick dependency it creates in tsk->tick_dep_mask, and the handler does not reach the code to clear the dependency if there were no timers to begin with. Thus if a thread has a cputimer running before clone/fork, all descendants will prevent nohz_full unless they create a cputimer of their own. Fix this by entirely clearing the tick_dep_mask in copy_process(). (There is currently no inherited state that needs a tick dependency) Process-wide timers do not have this problem because fork does not copy signal_struct as a baseline, it creates one from scratch. Fixes: b78783000d5c ("posix-cpu-timers: Migrate to use new tick dependency mask model") Signed-off-by: Ben Segall <bsegall(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Frederic Weisbecker <frederic(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/xm26o737bq8o.fsf@google.com --- include/linux/tick.h | 8 ++++++++ kernel/fork.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/include/linux/tick.h b/include/linux/tick.h index 72744638c5b0f..99c9c5a7252aa 100644 --- a/include/linux/tick.h +++ b/include/linux/tick.h @@ -251,12 +251,19 @@ static inline void tick_dep_set_task(struct task_struct *tsk, if (tick_nohz_full_enabled()) tick_nohz_dep_set_task(tsk, bit); } + static inline void tick_dep_clear_task(struct task_struct *tsk, enum tick_dep_bits bit) { if (tick_nohz_full_enabled()) tick_nohz_dep_clear_task(tsk, bit); } + +static inline void tick_dep_init_task(struct task_struct *tsk) +{ + atomic_set(&tsk->tick_dep_mask, 0); +} + static inline void tick_dep_set_signal(struct task_struct *tsk, enum tick_dep_bits bit) { @@ -290,6 +297,7 @@ static inline void tick_dep_set_task(struct task_struct *tsk, enum tick_dep_bits bit) { } static inline void tick_dep_clear_task(struct task_struct *tsk, enum tick_dep_bits bit) { } +static inline void tick_dep_init_task(struct task_struct *tsk) { } static inline void tick_dep_set_signal(struct task_struct *tsk, enum tick_dep_bits bit) { } static inline void tick_dep_clear_signal(struct signal_struct *signal, diff --git a/kernel/fork.c b/kernel/fork.c index 89ceb4a68af25..6fa9fe62e01e3 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -105,6 +105,7 @@ #include <linux/rseq.h> #include <uapi/linux/pidfd.h> #include <linux/pidfs.h> +#include <linux/tick.h> #include <asm/pgalloc.h> #include <linux/uaccess.h> @@ -2292,6 +2293,7 @@ __latent_entropy struct task_struct *copy_process( acct_clear_integrals(p); posix_cputimers_init(&p->posix_cputimers); + tick_dep_init_task(p); p->io_context = NULL; audit_set_context(p, NULL); -- 2.43.0

10 months, 2 weeks

2
2
0 0

[PATCH] USB: core: remove dead code in do_proc_bulk()

by Rex Nie

Since len1 is unsigned int, len1 < 0 always false. Remove it keep code simple. Signed-off-by: Rex Nie <rex.nie(a)jaguarmicro.com> --- drivers/usb/core/devio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 3beb6a862e80..712e290bab04 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1295,7 +1295,7 @@ static int do_proc_bulk(struct usb_dev_state *ps, return ret; len1 = bulk->len; - if (len1 < 0 || len1 >= (INT_MAX - sizeof(struct urb))) + if (len1 >= (INT_MAX - sizeof(struct urb))) return -EINVAL; if (bulk->ep & USB_DIR_IN) -- 2.17.1

10 months, 2 weeks

3
3
0 0

[PATCH 1/3] spmi: pmic-arb: fix return path in for_each_available_child_of_node()

by Stephen Boyd

From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> This loop requires explicit calls to of_node_put() upon early exits (break, goto, return) to decrement the child refcounter and avoid memory leaks if the child is not required out of the loop. A more robust solution is using the scoped variant of the macro, which automatically calls of_node_put() when the child goes out of scope. Cc: stable(a)vger.kernel.org Fixes: 979987371739 ("spmi: pmic-arb: Add multi bus support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://lore.kernel.org/r/20241001-spmi-pmic-arb-scoped-v1-1-5872bab34ed6@g… Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> --- drivers/spmi/spmi-pmic-arb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c index 9ba9495fcc4b..ea843159b745 100644 --- a/drivers/spmi/spmi-pmic-arb.c +++ b/drivers/spmi/spmi-pmic-arb.c @@ -1763,14 +1763,13 @@ static int spmi_pmic_arb_register_buses(struct spmi_pmic_arb *pmic_arb, { struct device *dev = &pdev->dev; struct device_node *node = dev->of_node; - struct device_node *child; int ret; /* legacy mode doesn't provide child node for the bus */ if (of_device_is_compatible(node, "qcom,spmi-pmic-arb")) return spmi_pmic_arb_bus_init(pdev, node, pmic_arb); - for_each_available_child_of_node(node, child) { + for_each_available_child_of_node_scoped(node, child) { if (of_node_name_eq(child, "spmi")) { ret = spmi_pmic_arb_bus_init(pdev, child, pmic_arb); if (ret) -- https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/ https://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi.git

10 months, 2 weeks

1
0
0 0

[PATCH v5 04/10] crypto: ccp: Fix uapi definitions of PSP errors

by Dionna Glaze

Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org From: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY = 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE = 0x0019, + SEV_RET_INVALID_PAGE_STATE = 0x001A, + SEV_RET_INVALID_MDATA_ENTRY = 0x001B, + SEV_RET_INVALID_PAGE_OWNER = 0x001C, + SEV_RET_AEAD_OFLOW = 0x001D, + SEV_RET_EXIT_RING_BUFFER = 0x001F, + SEV_RET_RMP_INIT_REQUIRED = 0x0020, + SEV_RET_BAD_SVN = 0x0021, + SEV_RET_BAD_VERSION = 0x0022, + SEV_RET_SHUTDOWN_REQUIRED = 0x0023, + SEV_RET_UPDATE_FAILED = 0x0024, + SEV_RET_RESTORE_REQUIRED = 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026, + SEV_RET_INVALID_KEY = 0x0027, SEV_RET_MAX, } sev_ret_code; -- 2.47.0.277.g8800431eea-goog

10 months, 2 weeks

3
2
0 0

Linux 6.6.60

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.60 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 2 arch/riscv/kernel/acpi.c | 4 arch/riscv/kernel/asm-offsets.c | 2 arch/riscv/kernel/cpu-hotplug.c | 2 arch/riscv/kernel/efi-header.S | 2 arch/riscv/kernel/traps_misaligned.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/x86/include/asm/bug.h | 12 arch/x86/kernel/traps.c | 71 ++ block/blk-map.c | 4 drivers/acpi/cppc_acpi.c | 9 drivers/base/core.c | 48 +- drivers/base/module.c | 4 drivers/cxl/acpi.c | 7 drivers/cxl/core/hdm.c | 50 +- drivers/cxl/core/port.c | 13 drivers/cxl/core/region.c | 48 -- drivers/cxl/core/trace.h | 17 drivers/cxl/cxl.h | 3 drivers/firmware/arm_sdei.c | 2 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 drivers/iio/adc/ad7124.c | 2 drivers/iio/industrialio-gts-helper.c | 4 drivers/iio/light/veml6030.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 38 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 drivers/infiniband/hw/cxgb4/provider.c | 1 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/input/joystick/xpad.c | 12 drivers/input/touchscreen/edt-ft5x06.c | 19 drivers/misc/mei/client.c | 4 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/mmc/host/sdhci-pci-gli.c | 38 + drivers/mtd/spi-nor/winbond.c | 7 drivers/net/ethernet/amd/mvme147.c | 7 drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 26 + drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 8 drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 drivers/net/gtp.c | 22 drivers/net/macsec.c | 3 drivers/net/mctp/mctp-i2c.c | 3 drivers/net/netdevsim/fib.c | 4 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 7 drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 drivers/net/wireless/intel/iwlegacy/common.c | 15 drivers/net/wireless/intel/iwlegacy/common.h | 12 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 24 - drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/nvme/target/auth.c | 1 drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 10 drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 drivers/scsi/scsi_transport_fc.c | 4 drivers/spi/spi-fsl-dspi.c | 6 drivers/spi/spi-geni-qcom.c | 8 drivers/staging/iio/frequency/ad9832.c | 7 drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c | 70 +- drivers/thermal/thermal_core.c | 25 - drivers/thunderbolt/tb.c | 48 +- drivers/usb/gadget/udc/dummy_hcd.c | 57 +- drivers/usb/host/xhci-pci.c | 6 drivers/usb/host/xhci-ring.c | 16 drivers/usb/phy/phy.c | 2 drivers/usb/typec/class.c | 1 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 4 fs/afs/dir.c | 25 + fs/afs/dir_edit.c | 91 +++ fs/afs/internal.h | 2 fs/dax.c | 45 + fs/iomap/buffered-io.c | 7 fs/nfs/delegation.c | 5 fs/nilfs2/namei.c | 3 fs/nilfs2/page.c | 1 fs/ntfs3/file.c | 9 fs/ntfs3/frecord.c | 4 fs/ntfs3/inode.c | 15 fs/ntfs3/lznt.c | 3 fs/ntfs3/namei.c | 2 fs/ntfs3/ntfs_fs.h | 2 fs/ntfs3/record.c | 31 - fs/ocfs2/file.c | 8 fs/smb/client/cifs_unicode.c | 17 fs/smb/client/reparse.c | 174 ++++++- fs/smb/client/reparse.h | 9 fs/smb/client/smb2inode.c | 3 fs/smb/client/smb2proto.h | 1 fs/xfs/xfs_filestream.c | 23 fs/xfs/xfs_trace.h | 15 include/acpi/cppc_acpi.h | 2 include/linux/compiler-gcc.h | 4 include/linux/device.h | 3 include/linux/huge_mm.h | 18 include/linux/iomap.h | 19 include/linux/sched.h | 2 include/linux/thermal.h | 2 include/linux/ubsan.h | 5 include/net/ip_tunnels.h | 2 include/trace/events/afs.h | 240 +--------- init/init_task.c | 1 io_uring/io_uring.c | 13 io_uring/rw.c | 23 kernel/bpf/cgroup.c | 19 kernel/bpf/lpm_trie.c | 2 kernel/bpf/verifier.c | 9 kernel/cgroup/cgroup.c | 4 kernel/fork.c | 1 kernel/rcu/tasks.h | 90 ++- kernel/sched/fair.c | 4 lib/Kconfig.ubsan | 4 lib/iov_iter.c | 6 mm/huge_memory.c | 13 mm/kasan/kasan_test.c | 27 - mm/memory.c | 9 mm/migrate.c | 2 mm/page_alloc.c | 10 mm/shmem.c | 2 net/bluetooth/hci_sync.c | 18 net/bpf/test_run.c | 1 net/core/dev.c | 4 net/core/rtnetlink.c | 4 net/ipv6/netfilter/nf_reject_ipv6.c | 15 net/mac80211/Kconfig | 2 net/mac80211/agg-tx.c | 4 net/mac80211/cfg.c | 3 net/mac80211/key.c | 42 + net/mptcp/protocol.c | 2 net/netfilter/nft_payload.c | 3 net/netfilter/x_tables.c | 2 net/sched/sch_api.c | 2 net/sunrpc/svc.c | 9 net/wireless/core.c | 1 sound/pci/hda/patch_realtek.c | 23 sound/soc/codecs/cs42l51.c | 7 sound/soc/sof/ipc4-control.c | 175 +++++++ sound/soc/sof/ipc4-topology.c | 49 +- sound/soc/sof/ipc4-topology.h | 19 sound/usb/mixer_quirks.c | 3 tools/mm/page-types.c | 9 tools/mm/slabinfo.c | 4 tools/testing/cxl/test/cxl.c | 14 tools/testing/selftests/bpf/bpf_experimental.h | 31 + tools/testing/selftests/mm/uffd-common.c | 5 tools/testing/selftests/mm/uffd-common.h | 3 tools/testing/selftests/mm/uffd-unit-tests.c | 21 tools/usb/usbip/src/usbip_detach.c | 1 154 files changed, 1653 insertions(+), 771 deletions(-) Alan Stern (1): USB: gadget: dummy-hcd: Fix "task hung" problem Alexander Usyskin (1): mei: use kvmalloc for read buffer Alexandre Ghiti (1): riscv: vdso: Prevent the compiler from inserting calls to memset() Amit Cohen (1): mlxsw: spectrum_ptp: Add missing verification before pushing Tx header Andrew Ballance (1): fs/ntfs3: Check if more than chunk-size bytes are written Andrey Konovalov (2): usb: gadget: dummy_hcd: execute hrtimer callback in softirq context kasan: remove vmalloc_percpu test Basavaraj Natikar (1): xhci: Use pm_runtime_get to prevent RPM on unsupported systems Ben Chuang (2): mmc: sdhci-pci-gli: GL9767: Fix low power mode on the set clock function mmc: sdhci-pci-gli: GL9767: Fix low power mode in the SD Express process Ben Hutchings (1): wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() Benjamin Marzinski (1): scsi: scsi_transport_fc: Allow setting rport state to current state Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Brenton Simpson (1): Input: xpad - sort xpad_device by vendor and product ID Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Chen Ridong (1): cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Christoffer Sandberg (2): ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Christoph Hellwig (3): iomap: improve shared block detection in iomap_unshare_iter iomap: turn iomap_want_unshare_iter into an inline function xfs: fix finding a last resort AG in xfs_filestream_pick_ag Christophe JAILLET (1): ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Chuck Lever (1): SUNRPC: Remove BUG_ON call sites Chunyan Zhang (2): riscv: Remove unused GENERATING_ASM_OFFSETS riscv: Remove duplicated GET_RM Dai Ngo (1): NFS: remove revoked delegation from server's delegation list Dan Williams (3): cxl/port: Fix use-after-free, permit out-of-order decoder shutdown cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() cxl/acpi: Ensure ports ready at cxl_acpi_probe() return Daniel Gabay (1): wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Darrick J. Wong (4): iomap: don't bother unsharing delalloc extents iomap: share iomap_unshare_iter predicate code with fsdax fsdax: remove zeroing code from dax_unshare_iter fsdax: dax_unshare_iter needs to copy entire blocks David Hildenbrand (1): mm: don't install PMD mappings when THPs are disabled by the hw/process/vma David Howells (2): afs: Automatically generate trace tag enums afs: Fix missing subdir edit when renamed between parent dirs Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Dmitry Torokhov (1): Input: edt-ft5x06 - fix regmap leak when probe fails Dong Chenchen (1): netfilter: Fix use-after-free in get_info() Eduard Zingerman (1): bpf: Force checkpoint when jmp history is too long Edward Adam Davis (1): ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Edward Liaw (2): Revert "selftests/mm: fix deadlock for fork after pthread_create on ARM" Revert "selftests/mm: replace atomic_bool with pthread_barrier_t" Emmanuel Grumbach (2): wifi: iwlwifi: mvm: disconnect station vifs if recovery failed wifi: iwlwifi: mvm: don't add default link in fw restart flow Eric Dumazet (1): netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Frank Li (1): spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Furong Xu (1): net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Gatlin Newhouse (1): x86/traps: Enable UBSAN traps on x86 Geert Uytterhoeven (2): mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING wifi: brcm80211: BRCM_TRACING should depend on TRACING Georgi Djakov (1): spi: geni-qcom: Fix boot warning related to pm_runtime and devres Gil Fine (1): thunderbolt: Honor TMU requirements in the domain when setting TMU mode Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 6.6.60 Gregory Price (1): vmscan,migrate: fix page count imbalance on node stats when demoting pages Haibo Chen (1): arm64: dts: imx8ulp: correct the flexspi compatible string Heinrich Schuchardt (1): riscv: efi: Set NX compat flag in PE/COFF header Hugh Dickins (1): iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP Ido Schimmel (2): ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Jan Schär (1): ALSA: usb-audio: Add quirks for Dell WD19 dock Javier Carrasco (3): usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() usb: typec: qcom-pmic-typec: use fwnode_handle_put() to release fwnodes iio: light: veml6030: fix microlux value calculation Jens Axboe (1): io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Jeongjun Park (1): mm: shmem: fix data-race in shmem_getattr() Jianbo Liu (1): macsec: Fix use-after-free while sending the offloading packet Jinjie Ruan (2): iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() Johan Hovold (2): phy: qcom: qmp-usb: fix NULL-deref on runtime suspend phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Johannes Berg (2): wifi: cfg80211: clear wdev->cqm_config pointer on free wifi: iwlwifi: mvm: fix 6 GHz scan construction Kailang Yang (1): ALSA: hda/realtek: Limit internal Mic boost on Dell platform Kefeng Wang (1): mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() Konstantin Komarov (8): fs/ntfs3: Fix warning possible deadlock in ntfs_set_state fs/ntfs3: Stale inode instead of bad fs/ntfs3: Add rough attr alloc_size check fs/ntfs3: Fix possible deadlock in mi_read fs/ntfs3: Additional check in ni_clear() fs/ntfs3: Fix general protection fault in run_is_mapped_full fs/ntfs3: Additional check in ntfs_file_release fs/ntfs3: Sequential field availability check in mi_enum_attr() Leon Romanovsky (1): RDMA/cxgb4: Dump vendor specific QP details Ley Foon Tan (1): net: stmmac: dwmac4: Fix high address display by updating reg_space[] from register values Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Marcello Sylvester Bauer (2): usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler usb: gadget: dummy_hcd: Set transfer interval to 1 microframe Marco Elver (1): kasan: Fix Software Tag-Based KASAN with GCC Matt Fleming (1): mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Matt Johnston (1): mctp i2c: handle NULL header address Matthieu Baerts (NGI0) (1): mptcp: init: protect sched with rcu_read_lock Michael Walle (1): mtd: spi-nor: winbond: fix w25q128 regression Pablo Neira Ayuso (2): gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Pali Rohár (2): cifs: Improve creating native symlinks pointing to directory cifs: Fix creating native symlinks pointing to current or parent directory Patrisious Haddad (1): RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Paul E. McKenney (3): rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop rcu-tasks: Add data to eliminate RCU-tasks/do_exit() deadlocks rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() deadlocks Paulo Alcantara (2): smb: client: fix parsing of device numbers smb: client: set correct device number on nfs reparse points Pavel Begunkov (1): io_uring: always lock __io_cqring_overflow_flush Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control ASoC: SOF: ipc4-control: Add support for ALSA switch control ASoC: SOF: ipc4-control: Add support for ALSA enum control Pierre Gondois (1): ACPI: CPPC: Make rmw_lock a raw_spin_lock Rafael J. Wysocki (3): thermal: core: Make thermal_zone_device_unregister() return after freeing the zone thermal: core: Rework thermal zone availability check thermal: core: Free tzp copy along with the thermal zone Remi Pommarel (1): wifi: ath11k: Fix invalid ring usage in full monitor mode Richard Zhu (1): phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Ryusuke Konishi (2): nilfs2: fix potential deadlock with newly created symlinks nilfs2: fix kernel bug due to missing clearing of checked flag Sabyrzhan Tasbolatov (1): x86/traps: move kmsan check after instrumentation_begin Selvin Xavier (2): RDMA/bnxt_re: Fix the usage of control path spin locks RDMA/bnxt_re: synchronize the qp-handle table array Shawn Wang (1): sched/numa: Fix the potential null pointer dereference in task_numa_work() Shiju Jose (1): cxl/events: Fix Trace DRAM Event Record Srinivasan Shanmugam (1): drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Stefan Kerkmann (1): Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller Sungwoo Kim (1): Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Toke Høiland-Jørgensen (1): bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device Vitaliy Shevtsov (1): nvmet-auth: assign dh_key to NULL after kfree_sensitive Wang Liang (1): net: fix crash when config small gso_max_size/gso_ipv4_max_size WangYuli (1): riscv: Use '%u' to format the output of 'cpu' Wladislav Wiebe (1): tools/mm: -Werror fixes in page-types/slabinfo Xinyu Zhang (1): block: fix sanity checks in blk_rq_map_user_bvec Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Yonghong Song (1): selftests/bpf: Add bpf_percpu_obj_{new,drop}() macro in bpf_experimental.h Yunhui Cui (1): RISC-V: ACPI: fix early_ioremap to early_memremap Zhang Rui (2): thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support thermal: intel: int340x: processor: Add MMIO RAPL PL4 support Zichen Xie (1): netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Zicheng Qu (2): staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zijun Hu (1): usb: phy: Fix API devm_usb_put_phy() can not release the phy Zong-Zhe Yang (1): wifi: mac80211: fix NULL dereference at band check in starting tx ba session Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path Zqiang (1): rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() lei lu (1): ntfs3: Add bounds checking to mi_enum_attr()

10 months, 2 weeks

1
1
0 0

Linux 6.11.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.7 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/adc/adi,ad7380.yaml | 21 Documentation/driver-api/dpll.rst | 21 Documentation/netlink/specs/dpll.yaml | 24 Documentation/rust/arch-support.rst | 2 Makefile | 2 arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 2 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 2 arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 34 - arch/mips/kernel/cmpxchg.c | 1 arch/riscv/Kconfig | 2 arch/riscv/boot/dts/starfive/jh7110-common.dtsi | 2 arch/riscv/boot/dts/starfive/jh7110-pine64-star64.dts | 3 arch/riscv/kernel/acpi.c | 4 arch/riscv/kernel/asm-offsets.c | 2 arch/riscv/kernel/cacheinfo.c | 7 arch/riscv/kernel/cpu-hotplug.c | 2 arch/riscv/kernel/efi-header.S | 2 arch/riscv/kernel/traps_misaligned.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/x86/include/asm/bug.h | 12 arch/x86/kernel/traps.c | 71 ++ block/blk-map.c | 4 drivers/accel/ivpu/ivpu_debugfs.c | 9 drivers/accel/ivpu/ivpu_hw.c | 1 drivers/accel/ivpu/ivpu_hw.h | 1 drivers/accel/ivpu/ivpu_hw_ip.c | 5 drivers/acpi/cppc_acpi.c | 9 drivers/acpi/resource.c | 18 drivers/base/core.c | 48 + drivers/base/module.c | 4 drivers/char/tpm/tpm-chip.c | 10 drivers/char/tpm/tpm-dev-common.c | 3 drivers/char/tpm/tpm-interface.c | 6 drivers/char/tpm/tpm2-sessions.c | 100 ++- drivers/cxl/Kconfig | 1 drivers/cxl/Makefile | 20 drivers/cxl/acpi.c | 7 drivers/cxl/core/hdm.c | 50 + drivers/cxl/core/port.c | 13 drivers/cxl/core/region.c | 48 - drivers/cxl/core/trace.h | 17 drivers/cxl/cxl.h | 3 drivers/cxl/port.c | 17 drivers/dpll/dpll_netlink.c | 130 ++++ drivers/dpll/dpll_nl.c | 5 drivers/firmware/arm_sdei.c | 2 drivers/firmware/microchip/mpfs-auto-update.c | 42 - drivers/gpio/gpio-sloppy-logic-analyzer.c | 4 drivers/gpio/gpiolib.c | 4 drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 9 drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 15 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 6 drivers/gpu/drm/i915/display/intel_alpm.c | 2 drivers/gpu/drm/i915/display/intel_backlight.c | 10 drivers/gpu/drm/i915/display/intel_display_device.c | 5 drivers/gpu/drm/i915/display/intel_display_device.h | 2 drivers/gpu/drm/i915/display/intel_display_power.c | 8 drivers/gpu/drm/i915/display/intel_display_power_well.c | 4 drivers/gpu/drm/i915/display/intel_display_types.h | 1 drivers/gpu/drm/i915/display/intel_display_wa.h | 8 drivers/gpu/drm/i915/display/intel_dp.c | 29 drivers/gpu/drm/i915/display/intel_dp.h | 1 drivers/gpu/drm/i915/display/intel_dp_aux.c | 4 drivers/gpu/drm/i915/display/intel_dp_hdcp.c | 11 drivers/gpu/drm/i915/display/intel_fbc.c | 6 drivers/gpu/drm/i915/display/intel_hdcp.c | 7 drivers/gpu/drm/i915/display/intel_pps.c | 14 drivers/gpu/drm/i915/display/intel_psr.c | 6 drivers/gpu/drm/i915/display/intel_tc.c | 3 drivers/gpu/drm/i915/display/intel_vrr.c | 3 drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 drivers/gpu/drm/i915/intel_device_info.c | 5 drivers/gpu/drm/i915/intel_device_info.h | 2 drivers/gpu/drm/mediatek/mtk_crtc.c | 47 - drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 9 drivers/gpu/drm/mediatek/mtk_dp.c | 85 ++ drivers/gpu/drm/panthor/panthor_fw.c | 4 drivers/gpu/drm/panthor/panthor_gem.c | 11 drivers/gpu/drm/panthor/panthor_mmu.c | 16 drivers/gpu/drm/panthor/panthor_mmu.h | 1 drivers/gpu/drm/panthor/panthor_sched.c | 20 drivers/gpu/drm/tegra/drm.c | 4 drivers/gpu/drm/tests/drm_connector_test.c | 24 drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 8 drivers/gpu/drm/tests/drm_kunit_helpers.c | 42 + drivers/gpu/drm/xe/Makefile | 1 drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 1 drivers/gpu/drm/xe/display/xe_display_wa.c | 16 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 17 drivers/gpu/drm/xe/regs/xe_regs.h | 10 drivers/gpu/drm/xe/regs/xe_sriov_regs.h | 23 drivers/gpu/drm/xe/xe_device_types.h | 6 drivers/gpu/drm/xe/xe_ggtt.c | 10 drivers/gpu/drm/xe/xe_gt.c | 10 drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 18 drivers/gpu/drm/xe/xe_lmtt.c | 2 drivers/gpu/drm/xe/xe_module.c | 39 + drivers/gpu/drm/xe/xe_sriov.c | 2 drivers/gpu/drm/xe/xe_tuning.c | 21 drivers/gpu/drm/xe/xe_wa.c | 4 drivers/iio/adc/ad7124.c | 2 drivers/iio/industrialio-gts-helper.c | 4 drivers/iio/light/veml6030.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 38 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 drivers/infiniband/hw/cxgb4/provider.c | 1 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/input/input.c | 134 ++-- drivers/input/touchscreen/edt-ft5x06.c | 19 drivers/misc/mei/client.c | 4 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/mmc/host/sdhci-pci-gli.c | 38 - drivers/net/ethernet/amd/mvme147.c | 7 drivers/net/ethernet/intel/ice/ice_dpll.c | 293 +++++++++- drivers/net/ethernet/intel/ice/ice_dpll.h | 1 drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 21 drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 1 drivers/net/ethernet/mediatek/mtk_wed_wo.h | 4 drivers/net/ethernet/mellanox/mlxsw/pci.c | 25 drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 26 drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 8 drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 drivers/net/gtp.c | 22 drivers/net/macsec.c | 3 drivers/net/mctp/mctp-i2c.c | 3 drivers/net/netdevsim/fib.c | 4 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 7 drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 drivers/net/wireless/intel/iwlegacy/common.c | 15 drivers/net/wireless/intel/iwlegacy/common.h | 12 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 28 drivers/net/wireless/intel/iwlwifi/iwl-drv.h | 3 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 12 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 34 - drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 6 drivers/net/wireless/realtek/rtlwifi/rtl8192du/sw.c | 1 drivers/net/wireless/realtek/rtw89/pci.c | 48 + drivers/nvme/host/core.c | 19 drivers/nvme/host/ioctl.c | 7 drivers/nvme/target/auth.c | 1 drivers/pci/pci.c | 14 drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 10 drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1 drivers/powercap/intel_rapl_msr.c | 1 drivers/scsi/scsi_debug.c | 10 drivers/scsi/scsi_transport_fc.c | 4 drivers/soc/qcom/pmic_glink.c | 25 drivers/spi/spi-fsl-dspi.c | 6 drivers/spi/spi-geni-qcom.c | 8 drivers/staging/iio/frequency/ad9832.c | 7 drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c | 70 -- drivers/thunderbolt/retimer.c | 5 drivers/thunderbolt/tb.c | 48 + drivers/ufs/core/ufshcd.c | 2 drivers/usb/host/xhci-pci.c | 6 drivers/usb/host/xhci-ring.c | 16 drivers/usb/phy/phy.c | 2 drivers/usb/typec/class.c | 1 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 10 drivers/usb/typec/tcpm/tcpm.c | 10 fs/afs/dir.c | 25 fs/afs/dir_edit.c | 91 +++ fs/afs/internal.h | 2 fs/btrfs/bio.c | 62 -- fs/btrfs/bio.h | 3 fs/btrfs/defrag.c | 10 fs/btrfs/extent_map.c | 7 fs/btrfs/volumes.c | 1 fs/dax.c | 45 - fs/iomap/buffered-io.c | 7 fs/nfs/delegation.c | 5 fs/nfsd/nfs4proc.c | 8 fs/nilfs2/namei.c | 3 fs/nilfs2/page.c | 1 fs/ntfs3/file.c | 9 fs/ntfs3/frecord.c | 4 fs/ntfs3/inode.c | 15 fs/ntfs3/lznt.c | 3 fs/ntfs3/namei.c | 2 fs/ntfs3/ntfs_fs.h | 2 fs/ntfs3/record.c | 31 - fs/ocfs2/file.c | 8 fs/smb/client/cifs_unicode.c | 17 fs/smb/client/reparse.c | 174 +++++ fs/smb/client/reparse.h | 9 fs/smb/client/smb2inode.c | 3 fs/smb/client/smb2proto.h | 1 fs/userfaultfd.c | 28 fs/xfs/xfs_filestream.c | 23 fs/xfs/xfs_trace.h | 15 include/acpi/cppc_acpi.h | 2 include/drm/drm_kunit_helpers.h | 4 include/linux/bpf_mem_alloc.h | 3 include/linux/compiler-gcc.h | 4 include/linux/device.h | 3 include/linux/dpll.h | 15 include/linux/input.h | 10 include/linux/iomap.h | 19 include/linux/ksm.h | 10 include/linux/mmzone.h | 7 include/linux/rcutiny.h | 5 include/linux/rcutree.h | 1 include/linux/tick.h | 8 include/linux/ubsan.h | 5 include/linux/userfaultfd_k.h | 5 include/net/ip_tunnels.h | 2 include/trace/events/afs.h | 7 include/uapi/linux/dpll.h | 3 io_uring/rw.c | 23 kernel/bpf/cgroup.c | 19 kernel/bpf/helpers.c | 21 kernel/bpf/lpm_trie.c | 2 kernel/bpf/memalloc.c | 14 kernel/bpf/verifier.c | 9 kernel/cgroup/cgroup.c | 4 kernel/fork.c | 14 kernel/rcu/tree.c | 118 +++- kernel/resource.c | 4 kernel/sched/fair.c | 4 lib/Kconfig.ubsan | 4 lib/codetag.c | 3 lib/iov_iter.c | 6 lib/slub_kunit.c | 2 mm/kasan/kasan_test.c | 27 mm/migrate.c | 2 mm/mmap.c | 3 mm/page_alloc.c | 10 mm/rmap.c | 24 mm/shmem.c | 2 mm/shrinker.c | 8 mm/vmscan.c | 109 ++- net/bluetooth/hci_sync.c | 18 net/bpf/test_run.c | 1 net/core/dev.c | 4 net/core/rtnetlink.c | 4 net/core/sock_map.c | 4 net/ipv4/ip_tunnel.c | 2 net/ipv6/netfilter/nf_reject_ipv6.c | 15 net/mac80211/Kconfig | 2 net/mac80211/cfg.c | 3 net/mac80211/key.c | 42 - net/mptcp/protocol.c | 2 net/netfilter/nft_payload.c | 3 net/netfilter/x_tables.c | 2 net/sched/cls_api.c | 1 net/sched/sch_api.c | 2 net/sunrpc/xprtrdma/ib_client.c | 1 net/wireless/core.c | 1 rust/kernel/device.rs | 15 rust/kernel/firmware.rs | 2 sound/pci/hda/patch_realtek.c | 23 sound/soc/codecs/cs42l51.c | 7 sound/soc/soc-dapm.c | 2 sound/usb/mixer_quirks.c | 3 tools/mm/page-types.c | 9 tools/mm/slabinfo.c | 4 tools/perf/util/python.c | 3 tools/perf/util/syscalltbl.c | 10 tools/testing/cxl/test/cxl.c | 14 tools/testing/selftests/mm/uffd-common.c | 5 tools/testing/selftests/mm/uffd-common.h | 3 tools/testing/selftests/mm/uffd-unit-tests.c | 21 tools/usb/usbip/src/usbip_detach.c | 1 280 files changed, 2925 insertions(+), 1075 deletions(-) Abel Vesa (1): arm64: dts: qcom: x1e80100: Add Broadcast_AND region in LLCC block Akshata Jahagirdar (1): drm/xe/xe2: Introduce performance changes Aleksei Vetrov (1): ASoC: dapm: fix bounds checker error in dapm_widget_list_create Alex Deucher (4): drm/amdgpu/smu13: fix profile reporting drm/amdgpu/swsmu: fix ordering for setting workload_mask drm/amdgpu/swsmu: default to fullscreen 3D profile for dGPUs drm/amdgpu: handle default profile on on devices without fullscreen 3D Alexander Usyskin (1): mei: use kvmalloc for read buffer Alexandre Ghiti (1): riscv: vdso: Prevent the compiler from inserting calls to memset() Amit Cohen (3): mlxsw: spectrum_ptp: Add missing verification before pushing Tx header mlxsw: pci: Sync Rx buffers for CPU mlxsw: pci: Sync Rx buffers for device Amit Sunil Dhamne (1): usb: typec: tcpm: restrict SNK_WAIT_CAPABILITIES_TIMEOUT transitions to non self-powered devices Andrew Ballance (1): fs/ntfs3: Check if more than chunk-size bytes are written Andrey Konovalov (1): kasan: remove vmalloc_percpu test Andrzej Kacprowski (1): accel/ivpu: Fix NOC firewall interrupt handling Andy Shevchenko (1): gpio: sloppy-logic-analyzer: Check for error code from devm_mutex_init() call Arkadiusz Kubalewski (3): dpll: add Embedded SYNC feature for a pin ice: add callbacks for Embedded SYNC enablement on dpll pins ice: fix crash on probe for DPLL enabled E810 LOM Arnaldo Carvalho de Melo (1): perf python: Fix up the build on architectures without HAVE_KVM_STAT_SUPPORT Basavaraj Natikar (1): xhci: Use pm_runtime_get to prevent RPM on unsupported systems Ben Chuang (2): mmc: sdhci-pci-gli: GL9767: Fix low power mode on the set clock function mmc: sdhci-pci-gli: GL9767: Fix low power mode in the SD Express process Ben Hutchings (1): wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() Benjamin Marzinski (1): scsi: scsi_transport_fc: Allow setting rport state to current state Benjamin Segall (1): posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Bitterblue Smith (1): wifi: rtlwifi: rtl8192du: Don't claim USB ID 0bda:8171 Bjorn Andersson (1): soc: qcom: pmic_glink: Handle GLINK intent allocation rejections Boris Brezillon (3): drm/panthor: Fix firmware initialization on systems with a page size > 4k drm/panthor: Fail job creation when the group is dead drm/panthor: Report group as timedout when we fail to properly suspend Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Chen Ridong (2): mm: shrinker: avoid memleak in alloc_shrinker_info cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Christoffer Sandberg (2): ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Christoph Hellwig (3): iomap: improve shared block detection in iomap_unshare_iter iomap: turn iomap_want_unshare_iter into an inline function xfs: fix finding a last resort AG in xfs_filestream_pick_ag Christophe JAILLET (1): ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Chuck Lever (3): NFSD: Initialize struct nfsd4_copy earlier NFSD: Never decrement pending_async_copies on error rpcrdma: Always release the rpcrdma_device's xa_array Chun-Kuang Hu (1): drm/mediatek: Use cmdq_pkt_create() and cmdq_pkt_destroy() Chunyan Zhang (2): riscv: Remove unused GENERATING_ASM_OFFSETS riscv: Remove duplicated GET_RM Cong Wang (1): sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() Conor Dooley (3): firmware: microchip: auto-update: fix poll_complete() to not report spurious timeout errors riscv: dts: starfive: disable unused csi/camss nodes RISC-V: disallow gcc + rust builds Dai Ngo (1): NFS: remove revoked delegation from server's delegation list Dan Carpenter (2): drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() drm/tegra: Fix NULL vs IS_ERR() check in probe() Dan Williams (4): cxl/port: Fix use-after-free, permit out-of-order decoder shutdown cxl/port: Fix CXL port initialization order when the subsystem is built-in cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() cxl/acpi: Ensure ports ready at cxl_acpi_probe() return Daniel Gabay (1): wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Daniel Golle (1): net: ethernet: mtk_wed: fix path of MT7988 WO firmware Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Darrick J. Wong (4): iomap: don't bother unsharing delalloc extents iomap: share iomap_unshare_iter predicate code with fsdax fsdax: remove zeroing code from dax_unshare_iter fsdax: dax_unshare_iter needs to copy entire blocks David Howells (1): afs: Fix missing subdir edit when renamed between parent dirs David Sterba (1): MIPS: export __cmpxchg_small() Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Dmitry Torokhov (2): Input: edt-ft5x06 - fix regmap leak when probe fails Input: fix regression when re-registering input handlers Dong Chenchen (1): netfilter: Fix use-after-free in get_info() E Shattow (1): riscv: dts: starfive: Update ethernet phy0 delay parameter values for Star64 Eduard Zingerman (1): bpf: Force checkpoint when jmp history is too long Edward Adam Davis (1): ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Edward Liaw (2): Revert "selftests/mm: fix deadlock for fork after pthread_create on ARM" Revert "selftests/mm: replace atomic_bool with pthread_barrier_t" Emmanuel Grumbach (3): wifi: iwlwifi: mvm: don't leak a link on AP removal wifi: iwlwifi: mvm: don't add default link in fw restart flow Revert "wifi: iwlwifi: remove retry loops in start" Eric Dumazet (1): netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Fabien Parent (1): arm64: dts: qcom: msm8939: revert use of APCS mbox for RPM Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Filipe Manana (2): btrfs: fix extent map merging not happening for adjacent extents btrfs: fix defrag not merging contiguous extents due to merged extent maps Florian Westphal (1): lib: alloc_tag_module_unload must wait for pending kfree_rcu calls Frank Li (1): spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Frank Min (1): drm/amdgpu: fix random data corruption for sdma 7 Furong Xu (1): net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Gatlin Newhouse (1): x86/traps: Enable UBSAN traps on x86 Geert Uytterhoeven (2): mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING wifi: brcm80211: BRCM_TRACING should depend on TRACING Georgi Djakov (1): spi: geni-qcom: Fix boot warning related to pm_runtime and devres Gil Fine (1): thunderbolt: Honor TMU requirements in the domain when setting TMU mode Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 6.11.7 Gregory Price (2): resource,kexec: walk_system_ram_res_rev must retain resource flags vmscan,migrate: fix page count imbalance on node stats when demoting pages Guilherme Giacomo Simoes (1): rust: device: change the from_raw() function Gustavo Sousa (1): drm/i915: Skip programming FIA link enable bits for MTL+ Haibo Chen (1): arm64: dts: imx8ulp: correct the flexspi compatible string Hans de Goede (1): ACPI: resource: Fold Asus Vivobook Pro N6506M* DMI quirks together Heinrich Schuchardt (1): riscv: efi: Set NX compat flag in PE/COFF header Hou Tao (3): bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf: Add bpf_mem_alloc_check_size() helper bpf: Check the validity of nr_words in bpf_iter_bits_new() Hsin-Te Yuan (1): drm/mediatek: Fix color format MACROs in OVL Hugh Dickins (1): iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP Ido Schimmel (3): ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Jan Schär (1): ALSA: usb-audio: Add quirks for Dell WD19 dock Jani Nikula (2): drm/i915: move rawclk from runtime to display runtime info drm/xe/display: drop unused rawclk_freq and RUNTIME_INFO() Jarkko Sakkinen (3): tpm: Return tpm2_sessions_init() when null key creation fails tpm: Rollback tpm2_load_null() tpm: Lazily flush the auth session Jason Gunthorpe (1): PCI: Fix pci_enable_acs() support for the ACS quirks Jason-JH.Lin (1): drm/mediatek: ovl: Remove the color format comment for ovl_fmt_convert() Javier Carrasco (4): usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() usb: typec: qcom-pmic-typec: use fwnode_handle_put() to release fwnodes usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path iio: light: veml6030: fix microlux value calculation Jens Axboe (1): io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Jeongjun Park (1): mm: shmem: fix data-race in shmem_getattr() Jianbo Liu (1): macsec: Fix use-after-free while sending the offloading packet Jinjie Ruan (5): iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() Jiri Slaby (1): perf trace: Fix non-listed archs in the syscalltbl routines Johan Hovold (11): phy: qcom: qmp-usb: fix NULL-deref on runtime suspend phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend gpiolib: fix debugfs newline separators gpiolib: fix debugfs dangling chip separator arm64: dts: qcom: x1e80100-yoga-slim7x: fix nvme regulator boot glitch arm64: dts: qcom: x1e80100-vivobook-s15: fix nvme regulator boot glitch arm64: dts: qcom: x1e80100: fix PCIe4 interconnect arm64: dts: qcom: x1e80100-qcp: fix nvme regulator boot glitch arm64: dts: qcom: x1e80100-crd: fix nvme regulator boot glitch arm64: dts: qcom: x1e80100: fix PCIe4 and PCIe6a PHY clocks Johannes Berg (2): wifi: cfg80211: clear wdev->cqm_config pointer on free wifi: iwlwifi: mvm: fix 6 GHz scan construction John Garry (1): scsi: scsi_debug: Fix do_device_access() handling of unexpected SG copy length Jouni Högander (1): drm/i915/psr: Prevent Panel Replay if CRC calculation is enabled Juha-Pekka Heikkila (1): drm/i915/display: Don't enable decompression on Xe2 with Tile4 Julien Stephan (1): dt-bindings: iio: adc: ad7380: fix ad7380-4 reference supply Kailang Yang (1): ALSA: hda/realtek: Limit internal Mic boost on Dell platform Keith Busch (2): nvme: module parameter to disable pi with offsets nvme: re-fix error-handling for io_uring nvme-passthrough Konrad Dybcio (1): arm64: dts: qcom: x1e80100: Fix up BAR spaces Konstantin Komarov (8): fs/ntfs3: Fix warning possible deadlock in ntfs_set_state fs/ntfs3: Stale inode instead of bad fs/ntfs3: Add rough attr alloc_size check fs/ntfs3: Fix possible deadlock in mi_read fs/ntfs3: Additional check in ni_clear() fs/ntfs3: Fix general protection fault in run_is_mapped_full fs/ntfs3: Additional check in ntfs_file_release fs/ntfs3: Sequential field availability check in mi_enum_attr() Leon Romanovsky (1): RDMA/cxgb4: Dump vendor specific QP details Ley Foon Tan (1): net: stmmac: dwmac4: Fix high address display by updating reg_space[] from register values Liankun Yang (1): drm/mediatek: Fix get efuse issue for MT8188 DPTX Lorenzo Stoakes (2): fork: do not invoke uffd on fork if error occurs fork: only invoke khugepaged, ksm hooks if no error Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Marco Elver (1): kasan: Fix Software Tag-Based KASAN with GCC Matt Fleming (1): mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Matt Johnston (1): mctp i2c: handle NULL header address Matthew Auld (1): drm/i915: disable fbc due to Wa_16023588340 Matthew Brost (2): drm/xe: Add mmio read before GGTT invalidate drm/xe: Don't short circuit TDR on jobs not started Matthieu Baerts (NGI0) (1): mptcp: init: protect sched with rcu_read_lock Michal Wajdeczko (2): drm/xe: Fix register definition order in xe_regs.h drm/xe: Kill regs/xe_sriov_regs.h Mika Westerberg (1): thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() Miquel Sabaté Solà (1): riscv: Prevent a bad reference count on CPU nodes Miri Korenblit (1): wifi: iwlwifi: mvm: really send iwl_txpower_constraints_cmd Mitul Golani (3): drm/i915/display: Cache adpative sync caps to use it later drm/i915/display: WA for Re-initialize dispcnlunitt1 xosc clock drm/i915/display/dp: Compute AS SDP when vrr is also enabled Naohiro Aota (1): btrfs: fix error propagation of split bios Ovidiu Bunea (1): Revert "drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35" Pablo Neira Ayuso (2): gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Pali Rohár (2): cifs: Improve creating native symlinks pointing to directory cifs: Fix creating native symlinks pointing to current or parent directory Patrisious Haddad (1): RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Paulo Alcantara (2): smb: client: fix parsing of device numbers smb: client: set correct device number on nfs reparse points Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pei Xiao (1): slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof Peter Wang (1): scsi: ufs: core: Fix another deadlock during RTC update Pierre Gondois (1): ACPI: CPPC: Make rmw_lock a raw_spin_lock Ping-Ke Shih (1): wifi: rtw89: pci: early chips only enable 36-bit DMA on specific PCI hosts Qu Wenruo (1): btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() Remi Pommarel (1): wifi: ath11k: Fix invalid ring usage in full monitor mode Richard Zhu (1): phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Ryusuke Konishi (2): nilfs2: fix kernel bug due to missing clearing of checked flag nilfs2: fix potential deadlock with newly created symlinks Sabyrzhan Tasbolatov (1): x86/traps: move kmsan check after instrumentation_begin Sai Teja Pottumuttu (1): drm/xe/xe2hpg: Introduce performance tuning changes for Xe2_HPG Selvin Xavier (2): RDMA/bnxt_re: Fix the usage of control path spin locks RDMA/bnxt_re: synchronize the qp-handle table array Shawn Wang (1): sched/numa: Fix the potential null pointer dereference in task_numa_work() Shekhar Chauhan (1): drm/xe/xe2: Add performance turning changes Shiju Jose (1): cxl/events: Fix Trace DRAM Event Record Sumeet Pawnikar (1): powercap: intel_rapl_msr: Add PL4 support for Arrowlake-U Sungwoo Kim (1): Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Suraj Kandpal (4): drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability drm/i915/hdcp: Add encoder check in hdcp2_get_capability drm/i915/dp: Clear VSC SDP during post ddi disable routine drm/i915/pps: Disable DPLS_GATING around pps sequence Tejas Upadhyay (4): drm/xe/xe2hpg: Add Wa_15016589081 drm/xe: Move enable host l2 VRAM post MCR init drm/xe: Define STATELESS_COMPRESSION_CTRL as mcr register drm/xe: Write all slices if its mcr register Thomas Zimmermann (1): drm/xe: Support 'nomodeset' kernel command-line option Toke Høiland-Jørgensen (1): bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled Tvrtko Ursulin (1): drm/amd/pm: Vangogh: Fix kernel memory out of bounds write Uladzislau Rezki (Sony) (2): rcu/kvfree: Add kvfree_rcu_barrier() API rcu/kvfree: Refactor kvfree_rcu_queue_batch() Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device Vitaliy Shevtsov (1): nvmet-auth: assign dh_key to NULL after kfree_sensitive Vladimir Oltean (1): net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() Vlastimil Babka (1): mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes Wang Liang (1): net: fix crash when config small gso_max_size/gso_ipv4_max_size WangYuli (1): riscv: Use '%u' to format the output of 'cpu' Wladislav Wiebe (1): tools/mm: -Werror fixes in page-types/slabinfo Xinyu Zhang (1): block: fix sanity checks in blk_rq_map_user_bvec Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Yu Zhao (2): mm: multi-gen LRU: remove MM_LEAF_OLD and MM_NONLEAF_TOTAL stats mm: multi-gen LRU: use {ptep,pmdp}_clear_young_notify() Yuanchu Xie (1): mm: multi-gen LRU: ignore non-leaf pmd_young for force_scan=true Yunhui Cui (1): RISC-V: ACPI: fix early_ioremap to early_memremap Zhang Rui (2): thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support thermal: intel: int340x: processor: Add MMIO RAPL PL4 support Zhiguo Jiang (1): mm: shrink skip folio mapped by an exiting process Zhihao Cheng (1): btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Zichen Xie (1): netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Zicheng Qu (2): staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zijun Hu (1): usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path lei lu (1): ntfs3: Add bounds checking to mi_enum_attr()

10 months, 2 weeks

1
1
0 0

Linux 6.1.116

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.116 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/include/asm/pgtable.h | 2 arch/arc/include/asm/pgtable-bits-arcv2.h | 2 arch/arm/include/asm/pgtable-nommu.h | 2 arch/arm/include/asm/pgtable.h | 4 arch/arm64/include/asm/pgtable.h | 2 arch/arm64/mm/mmu.c | 47 - arch/arm64/mm/pageattr.c | 3 arch/csky/include/asm/pgtable.h | 3 arch/hexagon/include/asm/page.h | 7 arch/ia64/include/asm/pgtable.h | 16 arch/loongarch/include/asm/pgtable.h | 2 arch/loongarch/kernel/vdso.c | 28 arch/m68k/include/asm/pgtable_mm.h | 2 arch/m68k/include/asm/pgtable_no.h | 1 arch/microblaze/include/asm/pgtable.h | 3 arch/mips/include/asm/pgtable.h | 2 arch/nios2/include/asm/pgtable.h | 2 arch/openrisc/include/asm/pgtable.h | 2 arch/parisc/include/asm/pgtable.h | 15 arch/powerpc/include/asm/pgtable.h | 7 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/asm-offsets.c | 2 arch/riscv/kernel/cpu-hotplug.c | 2 arch/riscv/kernel/efi-header.S | 2 arch/riscv/kernel/traps_misaligned.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/s390/include/asm/io.h | 2 arch/s390/include/asm/pgtable.h | 2 arch/sh/include/asm/pgtable.h | 2 arch/sparc/include/asm/pgtable_32.h | 6 arch/sparc/mm/init_32.c | 3 arch/sparc/mm/init_64.c | 1 arch/um/include/asm/pgtable.h | 2 arch/x86/include/asm/nospec-branch.h | 11 arch/x86/include/asm/pgtable_32.h | 9 arch/x86/include/asm/pgtable_64.h | 1 arch/x86/mm/init_64.c | 41 - arch/xtensa/include/asm/pgtable.h | 2 block/blk-map.c | 4 drivers/acpi/cppc_acpi.c | 9 drivers/base/core.c | 13 drivers/base/module.c | 4 drivers/cpufreq/mediatek-cpufreq-hw.c | 14 drivers/cxl/acpi.c | 17 drivers/cxl/core/port.c | 26 drivers/cxl/cxl.h | 3 drivers/firmware/arm_sdei.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 drivers/iio/adc/ad7124.c | 2 drivers/iio/light/veml6030.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 drivers/infiniband/hw/cxgb4/provider.c | 1 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/mtd/spi-nor/winbond.c | 7 drivers/net/ethernet/amd/mvme147.c | 7 drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 119 ++- drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.h | 1 drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 drivers/net/gtp.c | 22 drivers/net/macsec.c | 3 drivers/net/mctp/mctp-i2c.c | 3 drivers/net/netdevsim/fib.c | 4 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 7 drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 drivers/net/wireless/intel/iwlegacy/common.c | 15 drivers/net/wireless/intel/iwlegacy/common.h | 12 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/nvme/target/auth.c | 1 drivers/scsi/scsi_transport_fc.c | 4 drivers/staging/iio/frequency/ad9832.c | 7 drivers/tty/vt/vt.c | 2 drivers/usb/gadget/udc/dummy_hcd.c | 57 + drivers/usb/host/xhci-pci.c | 6 drivers/usb/host/xhci-ring.c | 16 drivers/usb/phy/phy.c | 2 drivers/usb/typec/class.c | 1 fs/afs/dir.c | 25 fs/afs/dir_edit.c | 91 ++ fs/afs/internal.h | 2 fs/dax.c | 45 - fs/iomap/buffered-io.c | 31 fs/nfs/delegation.c | 5 fs/nilfs2/namei.c | 3 fs/nilfs2/page.c | 1 fs/ntfs3/frecord.c | 4 fs/ntfs3/inode.c | 10 fs/ntfs3/lznt.c | 3 fs/ntfs3/namei.c | 2 fs/ntfs3/ntfs_fs.h | 2 fs/ocfs2/file.c | 8 fs/proc/kcore.c | 94 +- include/acpi/cppc_acpi.h | 2 include/linux/compiler-gcc.h | 12 include/linux/cpufreq.h | 34 include/linux/fs.h | 36 + include/linux/iomap.h | 19 include/linux/migrate.h | 1 include/net/ip_tunnels.h | 2 include/trace/events/afs.h | 240 ------ io_uring/io_uring.c | 11 io_uring/rw.c | 52 - kernel/bpf/cgroup.c | 19 kernel/bpf/lpm_trie.c | 2 kernel/cgroup/cgroup.c | 4 mm/huge_memory.c | 4 mm/internal.h | 13 mm/kasan/kasan_test.c | 27 mm/migrate.c | 636 ++++++++++++------ mm/page_alloc.c | 93 +- mm/shmem.c | 2 net/bluetooth/hci_sync.c | 18 net/core/dev.c | 4 net/ipv6/netfilter/nf_reject_ipv6.c | 15 net/mac80211/Kconfig | 2 net/mac80211/agg-tx.c | 4 net/mac80211/cfg.c | 3 net/mac80211/key.c | 42 - net/netfilter/nft_payload.c | 3 net/netfilter/x_tables.c | 2 net/sched/sch_api.c | 2 net/wireless/core.c | 1 sound/pci/hda/patch_realtek.c | 22 sound/soc/codecs/cs42l51.c | 7 sound/usb/mixer_quirks.c | 3 tools/testing/selftests/vm/hmm-tests.c | 2 tools/usb/usbip/src/usbip_detach.c | 1 138 files changed, 1421 insertions(+), 995 deletions(-) Alan Stern (1): USB: gadget: dummy-hcd: Fix "task hung" problem Alex Hung (1): drm/amd/display: Skip on writeback when it's not applicable Alexander Gordeev (1): fs/proc/kcore.c: allow translation of physical memory addresses Alexandre Ghiti (1): riscv: vdso: Prevent the compiler from inserting calls to memset() Amir Goldstein (3): io_uring: rename kiocb_end_write() local helper fs: create kiocb_{start,end}_write() helpers io_uring: use kiocb_{start,end}_write() helpers Amit Cohen (1): mlxsw: spectrum_ptp: Add missing verification before pushing Tx header Andrew Ballance (1): fs/ntfs3: Check if more than chunk-size bytes are written Andrey Konovalov (2): usb: gadget: dummy_hcd: execute hrtimer callback in softirq context kasan: remove vmalloc_percpu test Baolin Wang (1): mm: migrate: try again if THP split is failed due to page refcnt Basavaraj Natikar (1): xhci: Use pm_runtime_get to prevent RPM on unsupported systems Ben Hutchings (1): wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() Benjamin Marzinski (1): scsi: scsi_transport_fc: Allow setting rport state to current state Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Chen Ridong (1): cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Christoffer Sandberg (1): ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Christoph Hellwig (2): iomap: improve shared block detection in iomap_unshare_iter iomap: turn iomap_want_unshare_iter into an inline function Christophe JAILLET (1): ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Chunyan Zhang (2): riscv: Remove unused GENERATING_ASM_OFFSETS riscv: Remove duplicated GET_RM Dai Ngo (1): NFS: remove revoked delegation from server's delegation list Dan Williams (2): cxl/acpi: Move rescan to the workqueue cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() Daniel Gabay (1): wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Darrick J. Wong (5): iomap: convert iomap_unshare_iter to use large folios iomap: don't bother unsharing delalloc extents iomap: share iomap_unshare_iter predicate code with fsdax fsdax: remove zeroing code from dax_unshare_iter fsdax: dax_unshare_iter needs to copy entire blocks David Howells (2): afs: Automatically generate trace tag enums afs: Fix missing subdir edit when renamed between parent dirs Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Donet Tom (1): selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Dong Chenchen (1): netfilter: Fix use-after-free in get_info() Edward Adam Davis (1): ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Emmanuel Grumbach (1): wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Eric Dumazet (1): netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Furong Xu (1): net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Geert Uytterhoeven (2): mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING wifi: brcm80211: BRCM_TRACING should depend on TRACING Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 6.1.116 Gregory Price (1): vmscan,migrate: fix page count imbalance on node stats when demoting pages Hector Martin (1): cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format Heinrich Schuchardt (1): riscv: efi: Set NX compat flag in PE/COFF header Huacai Chen (1): LoongArch: Fix build errors due to backported TIMENS Huang Ying (7): migrate: convert unmap_and_move() to use folios migrate: convert migrate_pages() to use folios migrate_pages: organize stats with struct migrate_pages_stats migrate_pages: separate hugetlb folios migration migrate_pages: restrict number of pages to migrate in batch migrate_pages: split unmap_and_move() to _unmap() and _move() migrate_pages_batch: fix statistics for longterm pin retry Ido Schimmel (4): ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() mlxsw: spectrum_router: Add support for double entry RIFs mlxsw: spectrum_ipip: Rename Spectrum-2 ip6gre operations mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Jan Schär (1): ALSA: usb-audio: Add quirks for Dell WD19 dock Javier Carrasco (2): usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() iio: light: veml6030: fix microlux value calculation Jens Axboe (1): io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Jeongjun Park (2): mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Jianbo Liu (1): macsec: Fix use-after-free while sending the offloading packet Johannes Berg (2): wifi: cfg80211: clear wdev->cqm_config pointer on free wifi: iwlwifi: mvm: fix 6 GHz scan construction Kailang Yang (1): ALSA: hda/realtek: Limit internal Mic boost on Dell platform Kefeng Wang (1): mm: remove kern_addr_valid() completely Konstantin Komarov (4): fs/ntfs3: Fix warning possible deadlock in ntfs_set_state fs/ntfs3: Stale inode instead of bad fs/ntfs3: Fix possible deadlock in mi_read fs/ntfs3: Additional check in ni_clear() Leon Romanovsky (1): RDMA/cxgb4: Dump vendor specific QP details Linus Torvalds (1): mm: avoid gcc complaint about pointer casting Lorenzo Stoakes (3): fs/proc/kcore: avoid bounce buffer for ktext data fs/proc/kcore: convert read_kcore() to read_kcore_iter() fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Marcello Sylvester Bauer (2): usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler usb: gadget: dummy_hcd: Set transfer interval to 1 microframe Marco Elver (1): kasan: Fix Software Tag-Based KASAN with GCC Matt Fleming (1): mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Matt Johnston (1): mctp i2c: handle NULL header address Mel Gorman (5): mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE mm/page_alloc: treat RT tasks similar to __GFP_HIGH mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags mm/page_alloc: explicitly define what alloc flags deplete min reserves mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves Michael Walle (1): mtd: spi-nor: winbond: fix w25q128 regression Miguel Ojeda (2): compiler-gcc: be consistent with underscores use for `no_sanitize` compiler-gcc: remove attribute support check for `__no_sanitize_address__` Miquel Sabaté Solà (1): cpufreq: Avoid a bad reference count on CPU node Pablo Neira Ayuso (2): gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Patrisious Haddad (1): RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Pavel Begunkov (1): io_uring: always lock __io_cqring_overflow_flush Pawan Gupta (1): x86/bugs: Use code segment selector for VERW operand Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pierre Gondois (1): ACPI: CPPC: Make rmw_lock a raw_spin_lock Remi Pommarel (1): wifi: ath11k: Fix invalid ring usage in full monitor mode Ryusuke Konishi (2): nilfs2: fix potential deadlock with newly created symlinks nilfs2: fix kernel bug due to missing clearing of checked flag Selvin Xavier (1): RDMA/bnxt_re: synchronize the qp-handle table array Srinivasan Shanmugam (1): drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Sungwoo Kim (1): Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device Vitaliy Shevtsov (1): nvmet-auth: assign dh_key to NULL after kfree_sensitive WangYuli (1): riscv: Use '%u' to format the output of 'cpu' Xinyu Zhang (1): block: fix sanity checks in blk_rq_map_user_bvec Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Yang Li (1): mm/migrate.c: stop using 0 as NULL pointer Zichen Xie (1): netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Zicheng Qu (2): staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zijun Hu (1): usb: phy: Fix API devm_usb_put_phy() can not release the phy Zong-Zhe Yang (1): wifi: mac80211: fix NULL dereference at band check in starting tx ba session Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path

10 months, 2 weeks

1
1
0 0

Linux 5.15.171

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.171 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/riscv/kernel/asm-offsets.c | 2 arch/riscv/kernel/cpu-hotplug.c | 2 arch/riscv/kernel/efi-header.S | 2 arch/riscv/kernel/traps_misaligned.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/x86/include/asm/nospec-branch.h | 11 + drivers/acpi/cppc_acpi.c | 9 - drivers/acpi/prmt.c | 33 ++- drivers/base/core.c | 13 - drivers/base/module.c | 4 drivers/firmware/arm_sdei.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 2 drivers/gpu/drm/i915/gem/i915_gem_context.c | 24 ++ drivers/iio/adc/ad7124.c | 2 drivers/iio/light/veml6030.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 + drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 drivers/infiniband/hw/cxgb4/provider.c | 1 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/net/ethernet/amd/mvme147.c | 7 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 ++ drivers/net/gtp.c | 22 +- drivers/net/netdevsim/fib.c | 4 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 drivers/net/wireless/intel/iwlegacy/common.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/scsi/scsi_transport_fc.c | 4 drivers/staging/iio/frequency/ad9832.c | 7 drivers/tty/vt/vt.c | 2 drivers/usb/host/xhci-pci.c | 6 drivers/usb/host/xhci-ring.c | 16 - drivers/usb/phy/phy.c | 2 drivers/usb/typec/class.c | 1 fs/ksmbd/mgmt/user_session.c | 26 ++- fs/ksmbd/mgmt/user_session.h | 4 fs/ksmbd/server.c | 2 fs/ksmbd/smb2pdu.c | 8 fs/nfs/delegation.c | 5 fs/nilfs2/namei.c | 3 fs/nilfs2/page.c | 1 fs/ntfs3/frecord.c | 4 fs/ntfs3/lznt.c | 3 fs/ntfs3/namei.c | 2 fs/ntfs3/ntfs_fs.h | 2 fs/ocfs2/file.c | 8 include/acpi/cppc_acpi.h | 2 include/net/ip_tunnels.h | 2 include/net/mac80211.h | 10 + include/trace/events/kmem.h | 14 + kernel/bpf/lpm_trie.c | 2 kernel/cgroup/cgroup.c | 4 mm/internal.h | 13 + mm/page_alloc.c | 183 +++++++++++++--------- mm/shmem.c | 2 net/core/dev.c | 4 net/mac80211/Kconfig | 2 net/mac80211/cfg.c | 3 net/mac80211/ieee80211_i.h | 3 net/mac80211/key.c | 42 +++-- net/mac80211/mlme.c | 14 + net/mac80211/util.c | 45 ++++- net/netfilter/nft_payload.c | 3 net/netfilter/x_tables.c | 2 net/sched/sch_api.c | 2 sound/soc/codecs/cs42l51.c | 7 tools/testing/selftests/vm/hmm-tests.c | 2 tools/usb/usbip/src/usbip_detach.c | 1 75 files changed, 478 insertions(+), 227 deletions(-) Alexandre Ghiti (1): riscv: vdso: Prevent the compiler from inserting calls to memset() Andrew Ballance (1): fs/ntfs3: Check if more than chunk-size bytes are written Aubrey Li (1): ACPI: PRM: Remove unnecessary blank lines Basavaraj Natikar (1): xhci: Use pm_runtime_get to prevent RPM on unsupported systems Benjamin Marzinski (1): scsi: scsi_transport_fc: Allow setting rport state to current state Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Christophe JAILLET (1): ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Chunyan Zhang (2): riscv: Remove unused GENERATING_ASM_OFFSETS riscv: Remove duplicated GET_RM Dai Ngo (1): NFS: remove revoked delegation from server's delegation list Daniel Gabay (1): wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Donet Tom (1): selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Dong Chenchen (1): netfilter: Fix use-after-free in get_info() Edward Adam Davis (1): ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Emmanuel Grumbach (1): wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Eric Dumazet (1): mm/page_alloc: call check_new_pages() while zone spinlock is not held Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Furong Xu (1): net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Geert Uytterhoeven (2): mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING wifi: brcm80211: BRCM_TRACING should depend on TRACING Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 5.15.171 Heinrich Schuchardt (1): riscv: efi: Set NX compat flag in PE/COFF header Ido Schimmel (1): ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Jason-JH.Lin (1): Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" Javier Carrasco (2): usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() iio: light: veml6030: fix microlux value calculation Jeongjun Park (2): mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Johannes Berg (3): mac80211: do drv_reconfig_complete() before restarting all wifi: iwlwifi: mvm: fix 6 GHz scan construction mac80211: always have ieee80211_sta_restart() Koba Ko (1): ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context Konstantin Komarov (3): fs/ntfs3: Fix warning possible deadlock in ntfs_set_state fs/ntfs3: Fix possible deadlock in mi_read fs/ntfs3: Additional check in ni_clear() Leon Romanovsky (1): RDMA/cxgb4: Dump vendor specific QP details Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Matt Fleming (1): mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Mel Gorman (6): mm/page_alloc: split out buddy removal code from rmqueue into separate helper mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE mm/page_alloc: treat RT tasks similar to __GFP_HIGH mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags mm/page_alloc: explicitly define what alloc flags deplete min reserves mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves Namjae Jeon (1): ksmbd: fix user-after-free from session log off Pablo Neira Ayuso (2): gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Patrisious Haddad (1): RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Pawan Gupta (1): x86/bugs: Use code segment selector for VERW operand Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pierre Gondois (1): ACPI: CPPC: Make rmw_lock a raw_spin_lock Rob Clark (1): drm/i915: Fix potential context UAFs Ryusuke Konishi (2): nilfs2: fix potential deadlock with newly created symlinks nilfs2: fix kernel bug due to missing clearing of checked flag Selvin Xavier (1): RDMA/bnxt_re: synchronize the qp-handle table array Sudeep Holla (1): ACPI: PRM: Change handler_addr type to void pointer Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device WangYuli (1): riscv: Use '%u' to format the output of 'cpu' Wonhyuk Yang (1): mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Youghandhar Chintala (1): mac80211: Add support to trigger sta disconnect on hardware restart Zichen Xie (1): netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Zicheng Qu (2): staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zijun Hu (1): usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path

10 months, 2 weeks

1
1
0 0

Linux 5.10.229

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.229 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 2 arch/arm64/Makefile | 2 arch/arm64/include/asm/uprobes.h | 12 - arch/arm64/kernel/probes/uprobes.c | 4 arch/riscv/kernel/asm-offsets.c | 2 arch/riscv/kernel/cpu-hotplug.c | 2 arch/riscv/kernel/efi-header.S | 2 arch/riscv/kernel/traps_misaligned.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/s390/include/asm/perf_event.h | 1 arch/s390/kvm/gaccess.c | 162 ++++++++++++++---------- arch/s390/kvm/gaccess.h | 14 +- arch/x86/include/asm/nospec-branch.h | 11 + arch/x86/kvm/svm/nested.c | 6 block/bfq-iosched.c | 33 ++-- drivers/acpi/button.c | 11 + drivers/acpi/resource.c | 7 + drivers/base/core.c | 13 - drivers/base/module.c | 4 drivers/firmware/arm_sdei.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 5 drivers/gpu/drm/drm_mipi_dsi.c | 2 drivers/gpu/drm/msm/dsi/dsi_host.c | 2 drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 + drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 drivers/iio/light/veml6030.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 15 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 21 --- drivers/infiniband/hw/cxgb4/cm.c | 9 - drivers/infiniband/hw/cxgb4/provider.c | 1 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/net/ethernet/aeroflex/greth.c | 3 drivers/net/ethernet/amd/mvme147.c | 7 - drivers/net/ethernet/broadcom/bcmsysport.c | 1 drivers/net/ethernet/emulex/benet/be_main.c | 10 - drivers/net/ethernet/i825xx/sun3_82586.c | 1 drivers/net/ethernet/realtek/r8169_main.c | 4 drivers/net/gtp.c | 22 +-- drivers/net/hyperv/netvsc_drv.c | 30 ++++ drivers/net/macsec.c | 18 -- drivers/net/phy/dp83822.c | 4 drivers/net/usb/usbnet.c | 3 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 - drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 drivers/net/wireless/intel/iwlegacy/common.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 ++- drivers/staging/iio/frequency/ad9832.c | 7 - drivers/target/target_core_device.c | 2 drivers/target/target_core_user.c | 2 drivers/tty/serial/serial_core.c | 16 +- drivers/tty/vt/vt.c | 2 drivers/usb/host/xhci-pci.c | 6 drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/phy/phy.c | 2 drivers/usb/typec/class.c | 3 fs/cifs/smb2pdu.c | 9 + fs/exec.c | 21 +-- fs/iomap/direct-io.c | 18 +- fs/jfs/jfs_dmap.c | 2 fs/nfs/delegation.c | 5 fs/nilfs2/namei.c | 3 fs/nilfs2/page.c | 7 - fs/ocfs2/file.c | 8 + fs/open.c | 2 include/linux/compiler-gcc.h | 12 - include/linux/mm.h | 2 include/net/genetlink.h | 3 include/net/ip_tunnels.h | 2 include/net/mac80211.h | 10 + include/net/xfrm.h | 28 ++-- kernel/bpf/lpm_trie.c | 2 kernel/cgroup/cgroup.c | 4 kernel/time/posix-clock.c | 6 kernel/trace/trace_probe.c | 2 mm/memory.c | 70 +++++++--- mm/shmem.c | 2 net/bluetooth/bnep/core.c | 3 net/core/dev.c | 17 ++ net/ipv4/devinet.c | 35 +++-- net/ipv4/xfrm4_policy.c | 40 ++--- net/ipv6/xfrm6_policy.c | 31 ++-- net/l2tp/l2tp_netlink.c | 4 net/mac80211/Kconfig | 2 net/mac80211/cfg.c | 3 net/mac80211/ieee80211_i.h | 3 net/mac80211/key.c | 42 +++--- net/mac80211/mlme.c | 14 +- net/mac80211/util.c | 45 +++++- net/netfilter/nft_payload.c | 3 net/netlink/genetlink.c | 28 ++-- net/sched/sch_api.c | 2 net/sched/sch_taprio.c | 3 net/smc/smc_pnet.c | 2 net/wireless/nl80211.c | 8 - net/xfrm/xfrm_device.c | 11 + net/xfrm/xfrm_policy.c | 50 +++++-- net/xfrm/xfrm_user.c | 6 security/selinux/selinuxfs.c | 27 ++-- sound/firewire/amdtp-stream.c | 3 sound/pci/hda/patch_realtek.c | 48 ++++--- sound/soc/codecs/cs42l51.c | 7 - sound/soc/fsl/fsl_sai.c | 5 sound/soc/fsl/fsl_sai.h | 1 sound/soc/qcom/lpass-cpu.c | 2 tools/testing/selftests/vm/hmm-tests.c | 2 tools/usb/usbip/src/usbip_detach.c | 1 115 files changed, 789 insertions(+), 471 deletions(-) Aleksa Sarai (1): openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) Alexandre Ghiti (1): riscv: vdso: Prevent the compiler from inserting calls to memset() Andrey Shumilin (1): ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Anumula Murali Mohan Reddy (1): RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Basavaraj Natikar (1): xhci: Use pm_runtime_get to prevent RPM on unsupported systems Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Bhargava Chenna Marreddy (1): RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Christian Heusel (1): ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] Christoph Hellwig (2): iomap: update ki_pos a little later in iomap_dio_complete mm: add remap_pfn_range_notrack Christophe JAILLET (1): ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Chunyan Zhang (2): riscv: Remove unused GENERATING_ASM_OFFSETS riscv: Remove duplicated GET_RM Dai Ngo (1): NFS: remove revoked delegation from server's delegation list Daniel Gabay (1): wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Dave Kleikamp (1): jfs: Fix sanity check in dbMount Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Dmitry Antipov (1): net: sched: fix use-after-free in taprio_change() Donet Tom (1): selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Edward Adam Davis (1): ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Emmanuel Grumbach (1): wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Eric Dumazet (1): genetlink: hold RCU in genlmsg_mcast() Eyal Birger (2): xfrm: extract dst lookup parameters into a struct xfrm: respect ip protocols rules criteria when performing dst lookups Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Florian Klink (1): ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin Geert Uytterhoeven (2): mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING wifi: brcm80211: BRCM_TRACING should depend on TRACING Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 5.10.229 Haiyang Zhang (1): hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event Hans de Goede (1): drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Heiko Carstens (1): s390: Initialize psw mask in perf_arch_fetch_caller_regs() Heiner Kallweit (1): r8169: avoid unsolicited interrupts Heinrich Schuchardt (1): riscv: efi: Set NX compat flag in PE/COFF header Ido Schimmel (1): ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Janis Schoetterl-Glausch (3): KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages Jason-JH.Lin (1): Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" Javier Carrasco (1): iio: light: veml6030: fix microlux value calculation Jeongjun Park (2): mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Jinjie Ruan (1): posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Jiri Slaby (SUSE) (1): serial: protect uart_port_dtr_rts() in uart_shutdown() too Johannes Berg (2): mac80211: do drv_reconfig_complete() before restarting all mac80211: always have ieee80211_sta_restart() Jonathan Marek (1): drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation José Relvas (1): ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 Kailang Yang (1): ALSA: hda/realtek: Update default depop procedure Kalesh AP (2): RDMA/bnxt_re: Add a check for memory allocation RDMA/bnxt_re: Return more meaningful error Leo Yan (1): tracing: Consider the NULL character when validating the event length Leon Romanovsky (1): RDMA/cxgb4: Dump vendor specific QP details Li RongQing (1): net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid Linus Torvalds (1): mm: avoid leaving partial pfn mappings around in error case Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Marco Elver (1): kasan: Fix Software Tag-Based KASAN with GCC Mario Limonciello (1): drm/amd: Guard against bad data for ATIF ACPI method Mark Rutland (2): arm64: probes: Fix uprobes for big-endian kernels arm64: Force position-independent veneers Mateusz Guzik (1): exec: don't WARN for racy path_noexec check Michel Alex (1): net: phy: dp83822: Fix reset pin definitions Miguel Ojeda (2): compiler-gcc: be consistent with underscores use for `no_sanitize` compiler-gcc: remove attribute support check for `__no_sanitize_address__` Nico Boehr (1): KVM: s390: gaccess: Check if guest address is in memslot Oliver Neukum (1): net: usb: usbnet: fix name regression Pablo Neira Ayuso (2): gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Patrisious Haddad (1): RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Paul Moore (1): selinux: improve error checking in sel_write_load() Paulo Alcantara (1): smb: client: fix OOBs when building SMB2_IOCTL request Pawan Gupta (1): x86/bugs: Use code segment selector for VERW operand Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Ryusuke Konishi (3): nilfs2: fix kernel bug due to missing clearing of buffer delay flag nilfs2: fix potential deadlock with newly created symlinks nilfs2: fix kernel bug due to missing clearing of checked flag Sabrina Dubroca (2): macsec: don't increment counters for an unrelated SA xfrm: validate new SA's prefixlen using SA family when sel.family is unset Saravanan Vajravel (1): RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Sean Christopherson (1): KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Selvin Xavier (1): RDMA/bnxt_re: synchronize the qp-handle table array Shengjiu Wang (1): ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit Shubham Panwar (1): ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Thadeu Lima de Souza Cascardo (1): usb: typec: altmode should keep reference to parent Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device Wachowski, Karol (1): drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) Wang Hai (5): net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net: systemport: fix potential memory leak in bcm_sysport_xmit() scsi: target: core: Fix null-ptr-deref in target_alloc_device() net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() WangYuli (1): riscv: Use '%u' to format the output of 'cpu' Xin Long (2): ipv4: give an IPv4 dev to blackhole_netdev net: support ip generic csum processing in skb_csum_hwoffload_help Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Ye Bin (1): Bluetooth: bnep: fix wild-memory-access in proto_unregister Youghandhar Chintala (1): mac80211: Add support to trigger sta disconnect on hardware restart Yu Kuai (1): block, bfq: fix procress reference leakage for bfqq in merge chain Zichen Xie (1): ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() Zicheng Qu (1): staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Zijun Hu (1): usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path junhua huang (2): arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning

10 months, 2 weeks

1
1
0 0

Linux 5.4.285

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.285 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .gitignore | 1 Documentation/IPMI.txt | 2 Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/arm64/silicon-errata.rst | 4 Documentation/devicetree/bindings/gpu/samsung-rotator.txt | 28 Documentation/devicetree/bindings/gpu/samsung-rotator.yaml | 48 Makefile | 2 arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 2 arch/arm/boot/dts/imx7d-zii-rmu2.dts | 2 arch/arm/mach-realview/platsmp-dt.c | 1 arch/arm64/Kconfig | 2 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 23 arch/arm64/include/asm/cputype.h | 4 arch/arm64/include/asm/uprobes.h | 12 arch/arm64/kernel/cpu_errata.c | 2 arch/arm64/kernel/probes/decode-insn.c | 16 arch/arm64/kernel/probes/simulate-insn.c | 18 arch/arm64/kernel/probes/uprobes.c | 4 arch/microblaze/mm/init.c | 5 arch/parisc/kernel/entry.S | 6 arch/parisc/kernel/syscall.S | 14 arch/riscv/Kconfig | 5 arch/riscv/kernel/asm-offsets.c | 2 arch/riscv/kernel/perf_callchain.c | 2 arch/s390/include/asm/facility.h | 6 arch/s390/kernel/perf_cpum_sf.c | 12 arch/s390/kvm/diag.c | 2 arch/s390/kvm/gaccess.c | 162 arch/s390/kvm/gaccess.h | 14 arch/s390/mm/cmm.c | 18 arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/syscall.h | 7 arch/x86/kernel/apic/apic.c | 14 arch/x86/kernel/cpu/mshyperv.c | 1 arch/x86/kernel/cpu/resctrl/core.c | 4 arch/x86/xen/setup.c | 2 block/bfq-iosched.c | 13 block/blk-rq-qos.c | 2 crypto/aead.c | 3 crypto/cipher.c | 3 drivers/acpi/acpica/dbconvert.c | 2 drivers/acpi/acpica/exprep.c | 3 drivers/acpi/acpica/psargs.c | 47 drivers/acpi/battery.c | 28 drivers/acpi/button.c | 11 drivers/acpi/device_sysfs.c | 5 drivers/acpi/ec.c | 55 drivers/acpi/pmic/tps68470_pmic.c | 6 drivers/acpi/resource.c | 27 drivers/ata/sata_sil.c | 12 drivers/base/bus.c | 6 drivers/base/core.c | 13 drivers/base/firmware_loader/main.c | 30 drivers/base/module.c | 4 drivers/block/aoe/aoecmd.c | 13 drivers/block/drbd/drbd_main.c | 6 drivers/block/drbd/drbd_state.c | 2 drivers/bluetooth/btmrvl_sdio.c | 16 drivers/bluetooth/btusb.c | 10 drivers/char/hw_random/mtk-rng.c | 2 drivers/char/tpm/tpm-dev-common.c | 2 drivers/char/tpm/tpm2-space.c | 3 drivers/char/virtio_console.c | 18 drivers/clk/bcm/clk-bcm53573-ilp.c | 2 drivers/clk/qcom/clk-rpmh.c | 33 drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/rockchip/clk.c | 3 drivers/clk/ti/clk-dra7-atl.c | 1 drivers/clocksource/timer-qcom.c | 7 drivers/firmware/arm_sdei.c | 2 drivers/firmware/tegra/bpmp.c | 6 drivers/gpio/gpio-aspeed.c | 4 drivers/gpio/gpio-davinci.c | 8 drivers/gpio/gpiolib.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 26 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 drivers/gpu/drm/amd/display/modules/freesync/freesync.c | 2 drivers/gpu/drm/amd/include/atombios.h | 2 drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 drivers/gpu/drm/drm_atomic_uapi.c | 2 drivers/gpu/drm/drm_crtc.c | 1 drivers/gpu/drm/drm_mipi_dsi.c | 2 drivers/gpu/drm/drm_print.c | 13 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 8 drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 1 drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 26 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 drivers/gpu/drm/msm/dsi/dsi_host.c | 2 drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 drivers/gpu/drm/omapdrm/omap_drv.c | 5 drivers/gpu/drm/radeon/atombios.h | 2 drivers/gpu/drm/radeon/evergreen_cs.c | 62 drivers/gpu/drm/radeon/r100.c | 70 drivers/gpu/drm/radeon/radeon_atombios.c | 26 drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/stm/drv.c | 4 drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/hid/hid-ids.h | 2 drivers/hid/hid-plantronics.c | 23 drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 drivers/hwmon/max16065.c | 5 drivers/hwmon/ntc_thermistor.c | 1 drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 drivers/i2c/busses/i2c-aspeed.c | 16 drivers/i2c/busses/i2c-i801.c | 9 drivers/i2c/busses/i2c-isch.c | 3 drivers/i2c/busses/i2c-qcom-geni.c | 59 drivers/i2c/busses/i2c-stm32f7.c | 6 drivers/i2c/busses/i2c-xiic.c | 19 drivers/iio/adc/Kconfig | 4 drivers/iio/adc/ad7606.c | 8 drivers/iio/adc/ad7606_spi.c | 5 drivers/iio/common/hid-sensors/hid-sensor-trigger.c | 2 drivers/iio/dac/Kconfig | 2 drivers/iio/light/opt3001.c | 4 drivers/iio/magnetometer/ak8975.c | 32 drivers/iio/proximity/Kconfig | 2 drivers/infiniband/core/iwcm.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 14 drivers/infiniband/hw/hns/hns_roce_hem.c | 10 drivers/infiniband/sw/rxe/rxe_comp.c | 6 drivers/input/keyboard/adp5589-keys.c | 13 drivers/input/rmi4/rmi_driver.c | 6 drivers/mailbox/bcm2835-mailbox.c | 3 drivers/mailbox/rockchip-mailbox.c | 2 drivers/media/common/videobuf2/videobuf2-core.c | 8 drivers/media/dvb-frontends/rtl2830.c | 2 drivers/media/dvb-frontends/rtl2832.c | 2 drivers/media/platform/qcom/venus/core.c | 1 drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/misc/ti-st/st_core.c | 4 drivers/mtd/devices/powernv_flash.c | 3 drivers/mtd/devices/slram.c | 2 drivers/net/Kconfig | 64 drivers/net/caif/Kconfig | 36 drivers/net/ethernet/aeroflex/greth.c | 3 drivers/net/ethernet/amd/mvme147.c | 7 drivers/net/ethernet/broadcom/bcmsysport.c | 1 drivers/net/ethernet/cortina/gemini.c | 15 drivers/net/ethernet/emulex/benet/be_main.c | 10 drivers/net/ethernet/faraday/ftgmac100.c | 26 drivers/net/ethernet/faraday/ftgmac100.h | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 9 drivers/net/ethernet/freescale/fs_enet/Kconfig | 8 drivers/net/ethernet/hisilicon/hip04_eth.c | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 drivers/net/ethernet/hisilicon/hns_mdio.c | 1 drivers/net/ethernet/i825xx/sun3_82586.c | 1 drivers/net/ethernet/ibm/emac/mal.c | 2 drivers/net/ethernet/intel/ice/ice_sched.c | 6 drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/intel/igb/igb_main.c | 4 drivers/net/ethernet/jme.c | 10 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 35 drivers/net/ethernet/seeq/ether3.c | 2 drivers/net/gtp.c | 27 drivers/net/hyperv/netvsc_drv.c | 30 drivers/net/ieee802154/Kconfig | 13 drivers/net/ieee802154/mcr20a.c | 5 drivers/net/macsec.c | 18 drivers/net/phy/vitesse.c | 14 drivers/net/ppp/ppp_async.c | 2 drivers/net/slip/slhc.c | 57 drivers/net/usb/cdc_ncm.c | 8 drivers/net/usb/ipheth.c | 5 drivers/net/usb/usbnet.c | 3 drivers/net/wireless/ath/Kconfig | 12 drivers/net/wireless/ath/ar5523/Kconfig | 14 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/ath/ath9k/Kconfig | 58 drivers/net/wireless/ath/ath9k/debug.c | 6 drivers/net/wireless/ath/ath9k/hif_usb.c | 6 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 drivers/net/wireless/atmel/Kconfig | 42 drivers/net/wireless/intel/iwlegacy/common.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/scan.c | 3 drivers/net/wireless/ralink/rt2x00/Kconfig | 44 drivers/net/wireless/realtek/rtw88/Kconfig | 1 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 10 drivers/net/wireless/ti/wl12xx/Kconfig | 8 drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 drivers/nvdimm/nd_virtio.c | 9 drivers/of/irq.c | 38 drivers/parport/procfs.c | 22 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/pcie-xilinx-nwl.c | 24 drivers/pci/quirks.c | 8 drivers/pinctrl/mvebu/pinctrl-dove.c | 42 drivers/pinctrl/pinctrl-at91.c | 5 drivers/pinctrl/pinctrl-single.c | 3 drivers/power/reset/brcmstb-reboot.c | 3 drivers/power/supply/axp20x_battery.c | 31 drivers/power/supply/max17042_battery.c | 5 drivers/pps/clients/pps_parport.c | 14 drivers/reset/reset-berlin.c | 3 drivers/rtc/rtc-at91sam9.c | 1 drivers/s390/char/sclp_vt220.c | 4 drivers/scsi/aacraid/aacraid.h | 2 drivers/soc/versatile/soc-integrator.c | 1 drivers/soc/versatile/soc-realview.c | 20 drivers/soundwire/stream.c | 8 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-nxp-fspi.c | 5 drivers/spi/spi-ppc4xx.c | 7 drivers/spi/spi-s3c64xx.c | 4 drivers/staging/iio/frequency/ad9832.c | 7 drivers/staging/wilc1000/wilc_hif.c | 4 drivers/target/target_core_user.c | 2 drivers/tty/serial/rp2.c | 2 drivers/tty/vt/vt.c | 2 drivers/usb/chipidea/udc.c | 8 drivers/usb/class/cdc-acm.c | 2 drivers/usb/class/usbtmc.c | 2 drivers/usb/dwc2/platform.c | 26 drivers/usb/dwc3/core.c | 22 drivers/usb/dwc3/core.h | 4 drivers/usb/dwc3/gadget.c | 11 drivers/usb/host/xhci-pci.c | 5 drivers/usb/host/xhci-ring.c | 16 drivers/usb/host/xhci.h | 2 drivers/usb/misc/appledisplay.c | 15 drivers/usb/misc/cypress_cy7c63.c | 4 drivers/usb/misc/yurex.c | 5 drivers/usb/phy/phy.c | 2 drivers/usb/serial/option.c | 8 drivers/usb/serial/pl2303.c | 1 drivers/usb/serial/pl2303.h | 4 drivers/usb/storage/unusual_devs.h | 11 drivers/usb/typec/class.c | 3 drivers/video/fbdev/hpfb.c | 1 drivers/video/fbdev/pxafb.c | 1 drivers/video/fbdev/sis/sis_main.c | 2 drivers/watchdog/imx_sc_wdt.c | 24 drivers/xen/swiotlb-xen.c | 6 fs/btrfs/disk-io.c | 11 fs/btrfs/relocation.c | 2 fs/ceph/addr.c | 1 fs/cifs/smb2pdu.c | 9 fs/erofs/decompressor.c | 24 fs/exec.c | 3 fs/ext4/extents.c | 5 fs/ext4/ialloc.c | 2 fs/ext4/inline.c | 35 fs/ext4/inode.c | 11 fs/ext4/mballoc.c | 10 fs/ext4/migrate.c | 2 fs/ext4/namei.c | 14 fs/ext4/xattr.c | 4 fs/f2fs/acl.c | 23 fs/f2fs/dir.c | 3 fs/f2fs/f2fs.h | 4 fs/f2fs/file.c | 24 fs/f2fs/super.c | 4 fs/f2fs/xattr.c | 27 fs/fat/namei_vfat.c | 2 fs/fcntl.c | 14 fs/inode.c | 4 fs/jbd2/checkpoint.c | 14 fs/jbd2/commit.c | 36 fs/jbd2/journal.c | 2 fs/jfs/jfs_discard.c | 11 fs/jfs/jfs_dmap.c | 11 fs/jfs/jfs_imap.c | 2 fs/jfs/xattr.c | 2 fs/namespace.c | 23 fs/nfs/callback_xdr.c | 2 fs/nfs/nfs4state.c | 1 fs/nfsd/nfs4idmap.c | 13 fs/nfsd/nfs4recover.c | 8 fs/nfsd/nfs4state.c | 15 fs/nilfs2/btree.c | 12 fs/nilfs2/dir.c | 50 fs/nilfs2/namei.c | 42 fs/nilfs2/nilfs.h | 2 fs/nilfs2/page.c | 7 fs/ocfs2/aops.c | 5 fs/ocfs2/buffer_head_io.c | 4 fs/ocfs2/file.c | 8 fs/ocfs2/journal.c | 7 fs/ocfs2/localalloc.c | 19 fs/ocfs2/quota_local.c | 8 fs/ocfs2/refcounttree.c | 26 fs/ocfs2/xattr.c | 38 fs/proc/base.c | 61 fs/super.c | 3 fs/udf/inode.c | 9 fs/unicode/mkutf8data.c | 70 fs/unicode/utf8data.h_shipped | 6703 ++++------ include/drm/drm_print.h | 54 include/linux/fs.h | 2 include/linux/jbd2.h | 4 include/linux/pci_ids.h | 2 include/linux/skbuff.h | 5 include/net/genetlink.h | 3 include/net/mac80211.h | 24 include/net/sch_generic.h | 1 include/net/sock.h | 8 include/net/tcp.h | 21 include/trace/events/f2fs.h | 3 include/trace/events/sched.h | 84 include/uapi/linux/cec.h | 6 include/uapi/linux/netfilter/nf_tables.h | 2 kernel/bpf/arraymap.c | 3 kernel/bpf/devmap.c | 9 kernel/bpf/hashtab.c | 3 kernel/bpf/helpers.c | 4 kernel/bpf/lpm_trie.c | 2 kernel/cgroup/cgroup.c | 4 kernel/events/core.c | 6 kernel/events/uprobes.c | 2 kernel/kthread.c | 19 kernel/locking/lockdep.c | 215 kernel/resource.c | 58 kernel/signal.c | 11 kernel/time/posix-clock.c | 3 kernel/trace/trace.c | 18 kernel/trace/trace_kprobe.c | 76 kernel/trace/trace_output.c | 6 kernel/trace/trace_probe.c | 2 kernel/trace/trace_probe.h | 1 lib/debugobjects.c | 5 lib/xz/xz_crc32.c | 2 lib/xz/xz_private.h | 4 mm/shmem.c | 2 mm/slab_common.c | 7 mm/swapfile.c | 2 mm/util.c | 2 net/bluetooth/af_bluetooth.c | 1 net/bluetooth/bnep/core.c | 3 net/bluetooth/rfcomm/sock.c | 2 net/bridge/br_netfilter_hooks.c | 5 net/can/bcm.c | 4 net/can/j1939/transport.c | 8 net/core/dev.c | 29 net/core/sock_destructor.h | 12 net/core/sock_map.c | 1 net/dccp/proto.c | 2 net/ipv4/af_inet.c | 2 net/ipv4/devinet.c | 41 net/ipv4/fib_frontend.c | 2 net/ipv4/inet_connection_sock.c | 2 net/ipv4/inet_fragment.c | 70 net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 6 net/ipv4/netfilter/nf_dup_ipv4.c | 7 net/ipv4/tcp.c | 4 net/ipv4/tcp_diag.c | 4 net/ipv4/tcp_input.c | 31 net/ipv4/tcp_ipv4.c | 5 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/netfilter/nf_dup_ipv6.c | 7 net/ipv6/netfilter/nf_reject_ipv6.c | 14 net/ipv6/tcp_ipv6.c | 2 net/l2tp/l2tp_netlink.c | 4 net/mac80211/cfg.c | 6 net/mac80211/ieee80211_i.h | 3 net/mac80211/iface.c | 32 net/mac80211/key.c | 44 net/mac80211/mlme.c | 14 net/mac80211/tx.c | 78 net/mac80211/util.c | 45 net/netfilter/nf_conntrack_netlink.c | 7 net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_payload.c | 3 net/netlink/af_netlink.c | 3 net/netlink/genetlink.c | 28 net/qrtr/qrtr.c | 2 net/sched/em_meta.c | 4 net/sched/sch_api.c | 9 net/sched/sch_taprio.c | 7 net/sctp/diag.c | 4 net/sctp/socket.c | 24 net/tipc/bcast.c | 2 net/tipc/bearer.c | 8 net/wireless/nl80211.c | 11 net/wireless/scan.c | 6 net/wireless/sme.c | 3 net/xfrm/xfrm_user.c | 6 scripts/kconfig/merge_config.sh | 2 security/Kconfig | 32 security/selinux/selinuxfs.c | 31 security/smack/smackfs.c | 2 security/tomoyo/domain.c | 9 sound/core/init.c | 14 sound/firewire/amdtp-stream.c | 3 sound/pci/asihpi/hpimsgx.c | 2 sound/pci/hda/hda_generic.c | 4 sound/pci/hda/patch_conexant.c | 24 sound/pci/hda/patch_realtek.c | 125 sound/pci/rme9652/hdsp.c | 6 sound/pci/rme9652/hdspm.c | 6 sound/soc/au1x/db1200.c | 1 sound/soc/codecs/cs42l51.c | 7 sound/soc/codecs/tda7419.c | 1 sound/soc/meson/Kconfig | 4 sound/soc/meson/Makefile | 2 sound/soc/meson/axg-card.c | 406 sound/soc/meson/meson-card-utils.c | 385 sound/soc/meson/meson-card.h | 55 tools/iio/iio_generic_buffer.c | 4 tools/perf/builtin-sched.c | 8 tools/perf/util/time-utils.c | 4 tools/testing/ktest/ktest.pl | 2 tools/testing/selftests/bpf/map_tests/sk_storage_map.c | 2 tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 1 tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 tools/testing/selftests/bpf/test_lru_map.c | 3 tools/testing/selftests/breakpoints/breakpoint_test_arm64.c | 2 tools/testing/selftests/breakpoints/step_after_suspend_test.c | 5 tools/testing/selftests/vDSO/parse_vdso.c | 3 tools/usb/usbip/src/usbip_detach.c | 1 virt/kvm/kvm_main.c | 5 437 files changed, 7154 insertions(+), 5445 deletions(-) Aaron Thompson (1): Bluetooth: Remove debugfs directory on module init failure Abhishek Pandit-Subedi (1): Bluetooth: btmrvl_sdio: Refactor irq wakeup Adrian Ratiu (1): proc: add config & param to block forcing mem writes Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix memory disclosure Aleksandr Mishin (3): ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() drm/msm: Fix incorrect file name output in adreno_request_fw() ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Aleksandrs Vinarskis (1): ACPICA: iasl: handle empty connection_node Alex Bee (1): drm/rockchip: vop: Allow 4096px width scaling Alex Deucher (2): drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: properly handle vbios fake edid sizing Alex Hung (2): drm/amd/display: Check stream before comparing them drm/amd/display: Initialize get_bytes_per_element's default to 1 Alex Williamson (1): PCI: Mark Creative Labs EMU20k2 INTx masking as broken Anastasia Kovaleva (1): net: Fix an unsafe loop on the list Anders Roxell (1): scripts: kconfig: merge_config: config files: add a trailing newline Andrew Davis (1): power: reset: brcmstb: Do not go into infinite loop if reset fails Andrew Jones (1): of/irq: Support #msi-cells=<0> in of_msi_get_domain Andrey Shumilin (2): fbdev: sisfb: Fix strbuf array overflow ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Andy Roulin (1): netfilter: br_netfilter: fix panic with metadata_dst skb Andy Shevchenko (3): fs/namespace: fnic: Switch to use %ptTd spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ i2c: isch: Add missed 'else' Ankit Agrawal (1): clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Anshuman Khandual (1): arm64: Add Cortex-715 CPU part definition Anthony Iliopoulos (1): mount: warn only once about timestamp range expiration Anton Danilov (1): ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Anumula Murali Mohan Reddy (1): RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Armin Wolf (4): ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook Arnd Bergmann (1): nfsd: use ktime_get_seconds() for timestamps Arseniy Krasnov (1): ASoC: meson: axg-card: fix 'use-after-free' Artem Sadovnikov (1): ext4: fix i_data_sem unlock order in ext4_ind_migrate() Artur Weber (1): power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Baokun Li (4): ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Barnabás Czémán (1): iio: magnetometer: ak8975: Fix reading for ak099xx sensors Ben Dooks (1): spi: s3c64xx: fix timeout counters in flush_fifo Benjamin B. Frost (1): USB: serial: option: add support for Quectel EG916Q-GL Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Billy Tsai (2): gpio: aspeed: Add the flush write to ensure the write complete. gpio: aspeed: Use devm_clk api to manage clock source Bitterblue Smith (1): wifi: rtw88: 8822c: Fix reported RX band width Bob Pearson (1): RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Breno Leitao (1): KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Chao Yu (4): f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: reduce expensive checkpoint trigger frequency Charles Han (1): mtd: powernv: Add check devm_kasprintf() returned value Chen Yu (1): kthread: fix task state in kthread worker if being frozen Chris Morgan (1): power: supply: axp20x_battery: Remove design from min and max voltage Christian Heusel (1): ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] Christoph Hellwig (1): fs: explicitly unregister per-superblock BDIs Christophe JAILLET (6): fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() pps: remove usage of the deprecated ida_simple_xx() API iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() gtp: simplify error handling code in 'gtp_encap_enable()' Christophe Leroy (1): selftests: vDSO: fix vDSO symbols lookup for powerpc64 Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in more places Chunyan Zhang (1): riscv: Remove unused GENERATING_ASM_OFFSETS Colin Ian King (1): r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Damien Le Moal (1): ata: sata_sil: Rename sil_blacklist to sil_quirks Dan Carpenter (2): PCI: keystone: Fix if-statement expression in ks_pcie_quirk() SUNRPC: Fix integer overflow in decode_rc_list() Daniel Borkmann (1): bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Daniel Gabay (2): wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Daniel Jordan (1): ktest.pl: Avoid false positives with grub2 skip regex Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Daniele Palmas (1): USB: serial: option: add Telit FN920C04 MBIM compositions Danilo Krummrich (1): mm: krealloc: consider spare memory for __GFP_ZERO Dave Ertman (1): ice: fix VLAN replay after reset Dave Kleikamp (1): jfs: Fix sanity check in dbMount David Gow (1): mm: only enforce minimum stack gap size if it's sensible David Lechner (1): clk: ti: dra7-atl: Fix leak of of_nodes Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Dmitry Antipov (5): wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() net: sched: consistently use rcu_replace_pointer() in taprio_change() net: sched: fix use-after-free in taprio_change() Dmitry Kandybka (1): wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Edward Adam Davis (5): USB: usbtmc: prevent kernel-usb-infoleak jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree ext4: no need to continue when the number of entries is 1 ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Emanuele Ghidoli (1): gpio: davinci: fix lazy disable Emil Gedenryd (1): iio: light: opt3001: add missing full-scale range value Emmanuel Grumbach (2): wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Eric Dumazet (11): sock_map: Add a cond_resched() in sock_hash_free() netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() netfilter: nf_tables: prevent nf_skb_duplicated corruption net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() net/sched: accept TCA_STAB only for root qdisc net: annotate lockless accesses to sk->sk_ack_backlog net: annotate lockless accesses to sk->sk_max_ack_backlog ppp: fix ppp_async_encode() illegal access slip: make slhc_remember() more robust against malicious packets genetlink: hold RCU in genlmsg_mcast() Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Ferry Meng (2): ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Filipe Manana (1): btrfs: wait for fixup workers before stopping cleaner kthread during umount Florian Fainelli (1): tty: rp2: Fix reset with non forgiving PCIe host bridges Florian Klink (1): ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Foster Snowhill (1): usbnet: ipheth: fix carrier detection in modes 1 and 4 Francis Laniel (1): tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols Gabriel Krisman Bertazi (1): unicode: Don't special case ignorable code points Gao Xiang (1): erofs: fix lz4 inplace decompression Gautham Ananthakrishna (1): ocfs2: reserve space for inline xattr before attaching reflink tree Geert Uytterhoeven (2): drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() Gerald Schaefer (1): s390/mm: Add cond_resched() to cmm_alloc/free_pages() Gianfranco Trad (1): udf: fix uninit-value use in udf_get_fileshortad Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 5.4.285 Guenter Roeck (1): hwmon: (max16065) Fix overflows seen when writing limits Guillaume Stols (2): iio: adc: ad7606: fix oversampling gpio array iio: adc: ad7606: fix standby gpio state to match the documentation Guoqing Jiang (2): nfsd: call cache_put if xdr_reserve_space returns NULL hwrng: mtk - Use devm_pm_runtime_enable Gustavo A. R. Silva (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Hagar Hemdan (1): gpio: prevent potential speculation leaks in gpio_device_get_desc() Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use Haiyang Zhang (1): hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event Han Xu (1): spi: nxp-fspi: fix the KASAN report out-of-bounds bug Hans Verkuil (1): media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Hans de Goede (4): ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] i2c: i801: Use a different adapter-name for IDF adapters drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Harshit Mogalapalli (1): usb: yurex: Fix inconsistent locking bug in yurex_read() Heiko Carstens (1): s390/facility: Disable compile time optimization for decompressor code Heiner Kallweit (2): r8169: add tally counter fields added with RTL8125 r8169: avoid unsolicited interrupts Helge Deller (3): parisc: Fix itlb miss handler for 64-bit programs parisc: Fix 64-bit userspace syscall path parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Heming Zhao (1): ocfs2: fix the la space leak when unmounting an ocfs2 volume Hermann Lauer (1): power: supply: axp20x_battery: allow disabling battery charging Hongbo Li (1): ASoC: allow module autoloading for table db1200_pids Huang Ying (1): resource: fix region_intersects() vs add_memory_driver_managed() Ian Rogers (1): perf time-utils: Fix 32-bit nsec parsing Icenowy Zheng (1): usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Ido Schimmel (1): ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Jacky Chou (2): net: ftgmac100: Enable TX interrupt to avoid TX timeout net: ftgmac100: Ensure tx descriptor updates are visible Jacob Keller (1): ice: fix accounting for filters shared by multiple VSIs Janis Schoetterl-Glausch (3): KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages Jann Horn (2): firmware_loader: Block path traversal f2fs: Require FMODE_WRITE for atomic write ioctls Jaroslav Kysela (1): ALSA: core: add isascii() check to card ID generator Jason Xing (1): tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Jason-JH.Lin (1): Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" Javier Carrasco (5): iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Jeongjun Park (3): jfs: fix out-of-bounds in dbNextAG() and diAlloc() mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Jerome Brunet (1): ASoC: meson: axg: extract sound card utils Jiawei Ye (2): wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Jim Mattson (1): x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET Jinjie Ruan (10): riscv: Fix fp alignment bug in perf_callchain_user() ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() ieee802154: Fix build error net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() nfp: Use IRQF_NO_AUTOEN flag in request_irq() spi: bcm63xx: Fix module autoloading i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() posix-clock: Fix missing timespec64 check in pc_clock_settime() posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Jisheng Zhang (1): riscv: define ILLEGAL_POINTER_VALUE for 64bit Johannes Berg (3): wifi: mac80211: fix potential key use-after-free mac80211: do drv_reconfig_complete() before restarting all mac80211: always have ieee80211_sta_restart() Jonas Blixt (1): watchdog: imx_sc_wdt: Don't disable WDT in suspend Jonas Karlman (2): drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Jonathan Marek (1): drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation Jonathan McDowell (1): tpm: Clean up TPM space after command failure Jose Alberto Reguero (1): usb: xhci: Fix problem with xhci resume from suspend Joseph Qi (2): ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: cancel dqi_sync_work before freeing oinfo Josh Hunt (1): tcp: check skb is non-NULL in tcp_rto_delta_us() José Relvas (1): ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 Juergen Gross (2): xen: use correct end address of kernel for conflict checking xen/swiotlb: add alignment check for dma buffers Julian Sun (2): vfs: fix race between evice_inodes() and find_inode()&iput() ocfs2: fix null-ptr-deref when journal load failed. Junhao Xie (1): USB: serial: pl2303: add device id for Macrosilicon MS3020 Junlin Li (2): drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junxian Huang (1): RDMA/hns: Optimize hem allocation performance Kailang Yang (3): ALSA: hda/realtek - Fixed ALC256 headphone no sound ALSA: hda/realtek - FIxed ALC285 headphone no sound ALSA: hda/realtek: Update default depop procedure Kaixin Wang (3): net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition fbdev: pxafb: Fix possible use after free in pxafb_task() ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Kalesh AP (1): RDMA/bnxt_re: Return more meaningful error Kees Cook (2): x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() scsi: aacraid: Rearrange order of struct aac_srb_unit Kemeng Shi (1): ext4: avoid negative min_clusters in find_group_orlov() Krzysztof Kozlowski (14): soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path soc: versatile: integrator: fix OF node leak in probe() error path soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove drivers: net: Fix Kconfig indentation, continued net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() rtc: at91sam9: fix OF node leak in probe() error path clk: bcm: bcm53573: fix OF node leak in init Kuniyuki Iwashima (2): can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Lasse Collin (1): xz: cleanup CRC32 edits from 2018 Laurent Pinchart (2): Remove *.orig pattern from .gitignore media: sun4i_csi: Implement link validate for sun4i_csi subdev Lee Jones (1): usb: yurex: Replace snprintf() with the safer scnprintf() variant Leo Yan (1): tracing: Consider the NULL character when validating the event length Li Lingfeng (2): nfsd: return -EINVAL when namelen is 0 nfs: fix memory leak in error path of nfs4_do_reclaim Liao Chen (3): ASoC: tda7419: fix module autoloading spi: bcm63xx: Enable module autoloading mailbox: rockchip: fix a typo in module autoloading Linus Walleij (1): net: ethernet: cortina: Drop TSO support Liu Shixin (1): mm/swapfile: skip HugeTLB pages for unuse_vma Lizhi Xu (2): ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Luis Henriques (SUSE) (2): ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Luiz Augusto von Dentz (3): Bluetooth: btusb: Fix not handling ZPL/short-transfer Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Luo Gengkun (1): perf/core: Fix small negative period being ignored Ma Ke (3): spi: ppc4xx: handle irq_of_parse_and_map() errors pps: add an error check in parport_attach drm: omapdrm: Add missing check for alloc_ordered_workqueue Maciej Falkowski (1): dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Marek Vasut (1): i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Mario Limonciello (1): drm/amd: Guard against bad data for ATIF ACPI method Mark Rutland (5): arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more arm64: probes: Remove broken LDR (literal) uprobe support arm64: probes: Fix simulate_ldr*_literal() arm64: probes: Fix uprobes for big-endian kernels Masami Hiramatsu (1): selftests: breakpoints: Fix a typo of function name Mathias Krause (1): Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal Mathias Nyman (1): xhci: Fix incorrect stream context type macro Mathy Vanhoef (2): mac80211: parse radiotap header when selecting Tx queue mac80211: Fix NULL ptr deref for injected rate info Matthew Brost (1): drm/printer: Allow NULL data in devcoredump printer Mauricio Faria de Oliveira (1): jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() Michael Kelley (1): x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Michael Mueller (1): KVM: s390: Change virtual to physical address access in diag 0x258 handler Michael S. Tsirkin (1): virtio_console: fix misc probe bugs Mickaël Salaün (1): fs: Fix file_set_fowner LSM hook inconsistencies Mike Rapoport (1): microblaze: don't treat zero reserved memory regions as error Mike Tipton (1): clk: qcom: clk-rpmh: Fix overflow in BCM vote Mikhail Lobanov (2): RDMA/cxgb4: Added NULL check for lookup_atid drbd: Add NULL check for net_conf to prevent dereference in state validation Minjie Du (1): wifi: ath9k: fix parameter check in ath9k_init_debug() Mirsad Todorovac (1): mtd: slram: insert break after errors in parsing the map Mohamed Khalfella (2): net/mlx5: Added cond_resched() to crdump collection igb: Do not bring the device up after non-fatal error Moon Yeounsu (1): net: ethernet: use ip_hdrlen() instead of bit shift Nathan Chancellor (1): x86/resctrl: Annotate get_mem_config() functions as __init Neal Cardwell (2): tcp: fix to allow timestamp undo if no retransmits were sent tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe NeilBrown (1): nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Nico Boehr (1): KVM: s390: gaccess: Check if guest address is in memslot Nikita Zhandarovich (3): drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikolay Kuratov (1): drm/vmwgfx: Handle surface check failure correctly Nuno Sa (1): Input: adp5589-keys - fix adp5589_gpio_get_value() OGAWA Hirofumi (1): fat: fix uninitialized variable Oder Chiou (1): ALSA: hda/realtek: Fix the push button function for the ALC257 Olaf Hering (1): mount: handle OOM on mnt_warn_timestamp_expiry Oleg Nesterov (1): uprobes: fix kernel info leak via "[uprobes]" vma Oliver Neukum (7): USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer USB: class: CDC-ACM: fix race between get_serial and set_serial USB: misc: yurex: fix race between read and write CDC-NCM: avoid overflow in sanity checking Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" net: usb: usbnet: fix name regression Omar Sandoval (1): blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race Pablo Neira Ayuso (5): netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire netfilter: nf_tables: reject element expiration with no timeout netfilter: nf_tables: reject expiration higher than timeout gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Paul Moore (1): selinux: improve error checking in sel_write_load() Paulo Alcantara (1): smb: client: fix OOBs when building SMB2_IOCTL request Paulo Miguel Almeida (2): drm/amdgpu: Replace one-element array with flexible-array member drm/radeon: Replace one-element array with flexible-array member Pawel Dembicki (1): net: phy: vitesse: repair vsc73xx autonegotiation Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pei Xiao (1): ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Peter Zijlstra (2): locking/lockdep: Fix bad recursion pattern locking/lockdep: Rework lockdep_lock Phil Sutter (1): netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Philip Chen (1): virtio_pmem: Check device status before requesting flush Qiu-ji Chen (1): drbd: Fix atomicity violation in drbd_uuid_set_bm() Qu Wenruo (1): btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Quentin Schulz (1): arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma Qun-Wei Lin (1): mm: krealloc: Fix MTE false alarm in __do_krealloc Rafael J. Wysocki (1): ACPI: EC: Do not release locks during operation region accesses Remington Brasga (1): jfs: UBSAN: shift-out-of-bounds in dbFindBits Rob Clark (2): kthread: add kthread_work tracepoints drm/crtc: fix uninitialized variable use even harder Robert Hancock (1): i2c: xiic: Wait for TX empty to avoid missed TX NAKs Robin Chen (1): drm/amd/display: Round calculated vtotal Rosen Penev (1): net: ibm: emac: mal: fix wrong goto Ryusuke Konishi (7): nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() nilfs2: propagate directory read errors from nilfs_find_entry() nilfs2: fix kernel bug due to missing clearing of buffer delay flag nilfs2: fix potential deadlock with newly created symlinks nilfs2: fix kernel bug due to missing clearing of checked flag Sabrina Dubroca (2): macsec: don't increment counters for an unrelated SA xfrm: validate new SA's prefixlen using SA family when sel.family is unset Saravanan Vajravel (1): RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Sean Anderson (3): net: dpaa: Pad packets to ETH_ZLEN PCI: xilinx-nwl: Fix register misspelling PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Sebastian Reichel (1): clk: rockchip: fix error for unknown clocks Selvarasu Ganesan (1): usb: dwc3: core: Stop processing of pending events if controller is halted Shahar Shitrit (1): net/mlx5e: Add missing link modes to ptys2ethtool_map Shawn Shao (1): usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Sherry Yang (1): drm/msm: fix %s null argument error Shubham Panwar (1): ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Simon Horman (3): netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer Srinivasan Shanmugam (1): drm/amd/display: Fix index out of bounds in degamma hardware format translation Stefan Wahren (1): mailbox: bcm2835: Fix timeout during suspend mode Stephen Boyd (3): i2c: qcom-geni: Let firmware specify irq trigger flags i2c: qcom-geni: Grow a dev pointer to simplify code clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd() Steven Rostedt (Google) (2): tracing: Remove precision vsnprintf() check from print event tracing: Have saved_cmdlines arrays all in one allocation Su Hui (1): net: tipc: avoid possible garbage value Subramanian Ananthanarayanan (1): PCI: Add ACS quirk for Qualcomm SA8775P SurajSonawane2415 (1): hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma Suzuki K Poulose (1): coresight: tmc: sg: Do not leak sg_table Takashi Iwai (5): ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop parport: Proper fix for array out-of-bounds access Tao Chen (1): bpf: Check percpu map value size first Tetsuo Handa (1): tomoyo: fallback to realpath if symlink's pathname does not exist Thadeu Lima de Souza Cascardo (4): ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem ext4: ext4_search_dir should return a proper error usb: typec: altmode should keep reference to parent Thomas Blocher (1): pinctrl: at91: make it work with current gpiolib Thomas Gleixner (2): PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() signal: Replace BUG_ON()s Thomas Richter (1): s390/cpum_sf: Remove WARN_ON_ONCE statements Thomas Weißschuh (2): ACPI: sysfs: validate return type of _STR method s390/sclp_vt220: Convert newlines to CRLF instead of LFCR Thomas Zimmermann (1): drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Toke Høiland-Jørgensen (3): bpf: Fix DEVMAP_HASH overflow check on 32-bit arches wifi: ath9k: Remove error checks when creating debugfs entries wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Tommy Huang (1): i2c: aspeed: Update the stop sw state when the bus recovery occurs Tony Ambardar (4): selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c selftests/bpf: Fix compiling flow_dissector.c with musl-libc selftests/bpf: Fix compiling tcp_rtt.c with musl-libc selftests/bpf: Fix error compiling test_lru_map.c Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device Vladimir Lypak (3): drm/msm/a5xx: disable preemption in submits by default drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage Wade Wang (1): HID: plantronics: Workaround for an unexcepted opposite volume key Waiman Long (1): locking/lockdep: Avoid potential access of invalid memory in lock_class Wang Hai (4): net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net: systemport: fix potential memory leak in bcm_sysport_xmit() net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() Wang Jianzheng (1): pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function WangYuli (1): PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Werner Sembach (1): ACPI: resource: Add another DMI match for the TongFang GMxXGxx Wojciech Gładysz (1): ext4: nested locking for xattr inode Wolfram Sang (1): ipmi: docs: don't advertise deprecated sysfs entries Xin Long (4): sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start ipv4: give an IPv4 dev to blackhole_netdev net: support ip generic csum processing in skb_csum_hwoffload_help Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Xiubo Li (1): ceph: remove the incorrect Fw reference check when dirtying pages Xu Yang (1): usb: chipidea: udc: enable suspend interrupt after usb reset Yang Jihong (2): perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yang Yingliang (1): pinctrl: single: fix missing error code in pcs_probe() Ye Bin (1): Bluetooth: bnep: fix wild-memory-access in proto_unregister Yifei Liu (1): selftests: breakpoints: use remaining time to check if suspend succeed Yonatan Maman (1): nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Yonggil Song (1): f2fs: fix typo Youghandhar Chintala (1): mac80211: Add support to trigger sta disconnect on hardware restart Youssef Samir (1): net: qrtr: Update packets cloning when broadcasting Yu Kuai (3): block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() Yuesong Li (1): drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Yunke Cao (1): media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Yuntao Liu (1): hwmon: (ntc_thermistor) fix module autoloading Zhang Changzhong (1): can: j1939: use correct function name in comment Zhang Rui (1): x86/apic: Always explicitly disarm TSC-deadline timer Zhao Mengmeng (1): jfs: Fix uninit-value access of new_ea in ea_buffer Zhen Lei (1): debugobjects: Fix conditions in fill_pool() Zheng Wang (1): media: venus: fix use after free bug in venus_remove due to race condition Zhiguo Niu (1): lockdep: fix deadlock issue between lockdep and rcu Zhu Jun (1): tools/iio: Add memory allocation failure check for trigger_name Zhu Yanjun (1): RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Zicheng Qu (1): staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Zijun Hu (2): driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute usb: phy: Fix API devm_usb_put_phy() can not release the phy Zong-Zhe Yang (1): wifi: rtw88: select WANT_DEV_COREDUMP Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path hongchi.peng (1): drm: komeda: Fix an issue related to normalized zpos junhua huang (2): arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning rd.dunlab(a)gmail.com (1): Minor fixes to the CAIF Transport drivers Kconfig file yangerkun (1): ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard zhanchengbin (1): ext4: fix inode tree inconsistency caused by ENOMEM zhong jiang (1): drivers/misc: ti-st: Remove unneeded variable in st_tty_open

10 months, 2 weeks

1
1
0 0

Linux 4.19.323

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.323 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .gitignore | 1 Documentation/IPMI.txt | 2 Documentation/arm64/silicon-errata.txt | 2 Documentation/driver-model/devres.txt | 1 Makefile | 2 arch/arm/mach-realview/platsmp-dt.c | 1 arch/arm64/Kconfig | 2 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 23 arch/arm64/include/asm/cputype.h | 4 arch/arm64/include/asm/uprobes.h | 12 arch/arm64/kernel/cpu_errata.c | 2 arch/arm64/kernel/probes/decode-insn.c | 16 arch/arm64/kernel/probes/simulate-insn.c | 18 arch/arm64/kernel/probes/uprobes.c | 4 arch/microblaze/mm/init.c | 5 arch/parisc/kernel/entry.S | 6 arch/parisc/kernel/syscall.S | 14 arch/riscv/Kconfig | 5 arch/s390/include/asm/facility.h | 6 arch/s390/kernel/perf_cpum_sf.c | 12 arch/s390/kvm/diag.c | 2 arch/s390/kvm/gaccess.c | 162 ++- arch/s390/kvm/gaccess.h | 14 arch/s390/mm/cmm.c | 18 arch/x86/include/asm/cpufeatures.h | 3 arch/x86/kernel/apic/apic.c | 14 arch/x86/kernel/cpu/mshyperv.c | 1 arch/x86/xen/setup.c | 2 block/bfq-iosched.c | 13 crypto/aead.c | 3 crypto/cipher.c | 3 drivers/acpi/acpica/dbconvert.c | 2 drivers/acpi/acpica/exprep.c | 3 drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/battery.c | 28 drivers/acpi/button.c | 11 drivers/acpi/device_sysfs.c | 5 drivers/acpi/ec.c | 55 + drivers/acpi/pmic/tps68470_pmic.c | 6 drivers/ata/sata_sil.c | 12 drivers/base/bus.c | 6 drivers/base/core.c | 13 drivers/base/firmware_loader/main.c | 30 drivers/base/module.c | 4 drivers/block/aoe/aoecmd.c | 13 drivers/block/drbd/drbd_main.c | 6 drivers/block/drbd/drbd_state.c | 2 drivers/bluetooth/btusb.c | 10 drivers/char/virtio_console.c | 18 drivers/clk/bcm/clk-bcm53573-ilp.c | 2 drivers/clk/clk-devres.c | 105 +- drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/rockchip/clk.c | 3 drivers/clk/ti/clk-dra7-atl.c | 1 drivers/clocksource/timer-qcom.c | 7 drivers/firmware/arm_sdei.c | 2 drivers/gpio/gpio-aspeed.c | 4 drivers/gpio/gpio-davinci.c | 8 drivers/gpio/gpiolib.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 15 drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 26 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 drivers/gpu/drm/amd/include/atombios.h | 4 drivers/gpu/drm/drm_crtc.c | 17 drivers/gpu/drm/drm_print.c | 13 drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 1 drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 26 drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 drivers/gpu/drm/msm/dsi/dsi_host.c | 2 drivers/gpu/drm/radeon/atombios.h | 2 drivers/gpu/drm/radeon/evergreen_cs.c | 62 - drivers/gpu/drm/radeon/r100.c | 70 - drivers/gpu/drm/radeon/radeon_atombios.c | 26 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/stm/drv.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/hid/hid-ids.h | 2 drivers/hid/hid-plantronics.c | 23 drivers/hwmon/max16065.c | 5 drivers/hwmon/ntc_thermistor.c | 1 drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 drivers/i2c/busses/i2c-aspeed.c | 16 drivers/i2c/busses/i2c-i801.c | 9 drivers/i2c/busses/i2c-isch.c | 3 drivers/i2c/busses/i2c-xiic.c | 19 drivers/iio/adc/Kconfig | 2 drivers/iio/common/hid-sensors/hid-sensor-trigger.c | 2 drivers/iio/dac/Kconfig | 1 drivers/iio/light/opt3001.c | 4 drivers/iio/magnetometer/ak8975.c | 32 drivers/infiniband/core/iwcm.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 14 drivers/input/keyboard/adp5589-keys.c | 13 drivers/input/rmi4/rmi_driver.c | 6 drivers/mailbox/bcm2835-mailbox.c | 3 drivers/mailbox/rockchip-mailbox.c | 2 drivers/media/common/videobuf2/videobuf2-core.c | 8 drivers/media/dvb-frontends/rtl2830.c | 2 drivers/media/dvb-frontends/rtl2832.c | 2 drivers/media/platform/qcom/venus/core.c | 1 drivers/misc/sgi-gru/grukservices.c | 2 drivers/misc/sgi-gru/grumain.c | 4 drivers/misc/sgi-gru/grutlbpurge.c | 2 drivers/mtd/devices/slram.c | 2 drivers/net/dsa/mv88e6xxx/global1_atu.c | 3 drivers/net/ethernet/aeroflex/greth.c | 3 drivers/net/ethernet/amd/mvme147.c | 7 drivers/net/ethernet/broadcom/bcmsysport.c | 1 drivers/net/ethernet/cortina/gemini.c | 15 drivers/net/ethernet/emulex/benet/be_main.c | 10 drivers/net/ethernet/faraday/ftgmac100.c | 26 drivers/net/ethernet/faraday/ftgmac100.h | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 9 drivers/net/ethernet/hisilicon/hip04_eth.c | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 drivers/net/ethernet/hisilicon/hns_mdio.c | 1 drivers/net/ethernet/i825xx/sun3_82586.c | 1 drivers/net/ethernet/ibm/emac/mal.c | 2 drivers/net/ethernet/intel/igb/igb_main.c | 4 drivers/net/ethernet/jme.c | 10 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 drivers/net/ethernet/seeq/ether3.c | 2 drivers/net/gtp.c | 27 drivers/net/hyperv/netvsc_drv.c | 30 drivers/net/macsec.c | 18 drivers/net/phy/vitesse.c | 14 drivers/net/ppp/ppp_async.c | 2 drivers/net/usb/cdc_ncm.c | 8 drivers/net/usb/ipheth.c | 5 drivers/net/usb/r8152.c | 73 - drivers/net/usb/usbnet.c | 3 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/wireless/ath/ath9k/debug.c | 6 drivers/net/wireless/ath/ath9k/hif_usb.c | 6 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 drivers/net/wireless/intel/iwlegacy/common.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/scan.c | 3 drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 drivers/of/irq.c | 38 drivers/parport/procfs.c | 22 drivers/pci/controller/pcie-xilinx-nwl.c | 24 drivers/pci/quirks.c | 6 drivers/pinctrl/mvebu/pinctrl-dove.c | 42 drivers/pinctrl/pinctrl-at91.c | 5 drivers/pinctrl/pinctrl-single.c | 3 drivers/power/reset/brcmstb-reboot.c | 3 drivers/power/supply/max17042_battery.c | 5 drivers/pps/clients/pps_parport.c | 14 drivers/reset/reset-berlin.c | 3 drivers/rtc/Kconfig | 2 drivers/rtc/rtc-at91sam9.c | 45 drivers/s390/char/sclp_vt220.c | 4 drivers/scsi/aacraid/aacraid.h | 2 drivers/soc/versatile/soc-integrator.c | 1 drivers/soc/versatile/soc-realview.c | 20 drivers/soundwire/stream.c | 8 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-ppc4xx.c | 7 drivers/spi/spi-s3c64xx.c | 4 drivers/staging/iio/frequency/ad9834.c | 54 - drivers/staging/iio/frequency/ad9834.h | 28 drivers/tty/serial/rp2.c | 2 drivers/tty/vt/vt.c | 2 drivers/usb/chipidea/udc.c | 8 drivers/usb/dwc3/core.c | 49 - drivers/usb/dwc3/core.h | 11 drivers/usb/dwc3/gadget.c | 11 drivers/usb/host/xhci-pci.c | 5 drivers/usb/host/xhci-ring.c | 16 drivers/usb/host/xhci.h | 2 drivers/usb/misc/appledisplay.c | 15 drivers/usb/misc/cypress_cy7c63.c | 4 drivers/usb/misc/yurex.c | 5 drivers/usb/phy/phy.c | 2 drivers/usb/serial/option.c | 8 drivers/usb/serial/pl2303.c | 1 drivers/usb/serial/pl2303.h | 4 drivers/usb/storage/unusual_devs.h | 11 drivers/usb/typec/class.c | 3 drivers/video/fbdev/hpfb.c | 1 drivers/video/fbdev/pxafb.c | 1 drivers/video/fbdev/sis/sis_main.c | 2 drivers/xen/swiotlb-xen.c | 34 fs/btrfs/disk-io.c | 11 fs/ceph/addr.c | 1 fs/ext4/ext4.h | 1 fs/ext4/extents.c | 70 + fs/ext4/ialloc.c | 2 fs/ext4/inline.c | 35 fs/ext4/inode.c | 11 fs/ext4/mballoc.c | 10 fs/ext4/migrate.c | 2 fs/ext4/move_extent.c | 1 fs/ext4/namei.c | 14 fs/ext4/xattr.c | 4 fs/f2fs/acl.c | 23 fs/f2fs/dir.c | 3 fs/f2fs/f2fs.h | 4 fs/f2fs/file.c | 24 fs/f2fs/super.c | 4 fs/f2fs/xattr.c | 27 fs/fat/namei_vfat.c | 2 fs/fcntl.c | 14 fs/inode.c | 4 fs/jbd2/checkpoint.c | 14 fs/jbd2/commit.c | 36 fs/jbd2/journal.c | 2 fs/jfs/jfs_discard.c | 11 fs/jfs/jfs_dmap.c | 11 fs/jfs/jfs_imap.c | 2 fs/jfs/xattr.c | 2 fs/lockd/clnt4xdr.c | 14 fs/lockd/clntxdr.c | 14 fs/nfs/callback_xdr.c | 61 - fs/nfs/nfs2xdr.c | 84 - fs/nfs/nfs3xdr.c | 163 +-- fs/nfs/nfs42xdr.c | 21 fs/nfs/nfs4state.c | 1 fs/nfs/nfs4xdr.c | 451 ++-------- fs/nfsd/nfs4callback.c | 13 fs/nfsd/nfs4idmap.c | 13 fs/nfsd/nfs4state.c | 15 fs/nilfs2/btree.c | 12 fs/nilfs2/dir.c | 50 - fs/nilfs2/namei.c | 42 fs/nilfs2/nilfs.h | 2 fs/nilfs2/page.c | 7 fs/ocfs2/aops.c | 5 fs/ocfs2/buffer_head_io.c | 4 fs/ocfs2/file.c | 8 fs/ocfs2/journal.c | 7 fs/ocfs2/localalloc.c | 19 fs/ocfs2/quota_local.c | 8 fs/ocfs2/refcounttree.c | 26 fs/ocfs2/xattr.c | 38 fs/udf/inode.c | 9 include/drm/drm_print.h | 54 + include/linux/clk.h | 145 +++ include/linux/jbd2.h | 4 include/linux/pci_ids.h | 2 include/net/sock.h | 2 include/net/tcp.h | 27 include/trace/events/f2fs.h | 3 include/trace/events/sched.h | 84 + include/uapi/linux/cec.h | 6 include/uapi/linux/netfilter/nf_tables.h | 2 kernel/bpf/arraymap.c | 3 kernel/bpf/hashtab.c | 3 kernel/bpf/lpm_trie.c | 2 kernel/cgroup/cgroup.c | 4 kernel/events/core.c | 6 kernel/events/uprobes.c | 2 kernel/kthread.c | 19 kernel/signal.c | 11 kernel/time/posix-clock.c | 3 kernel/trace/trace_output.c | 6 lib/xz/xz_crc32.c | 2 lib/xz/xz_private.h | 4 mm/shmem.c | 2 net/bluetooth/af_bluetooth.c | 1 net/bluetooth/bnep/core.c | 3 net/bluetooth/rfcomm/sock.c | 2 net/bridge/br_netfilter_hooks.c | 5 net/can/bcm.c | 4 net/core/dev.c | 29 net/ipv4/devinet.c | 6 net/ipv4/fib_frontend.c | 2 net/ipv4/ip_gre.c | 6 net/ipv4/netfilter/nf_dup_ipv4.c | 7 net/ipv4/tcp_input.c | 24 net/ipv4/tcp_ipv4.c | 5 net/ipv4/tcp_output.c | 2 net/ipv4/tcp_rate.c | 15 net/ipv4/tcp_recovery.c | 5 net/ipv6/addrconf.c | 8 net/ipv6/netfilter/nf_dup_ipv6.c | 7 net/ipv6/netfilter/nf_reject_ipv6.c | 14 net/mac80211/cfg.c | 3 net/mac80211/iface.c | 17 net/mac80211/key.c | 42 net/netfilter/nf_conntrack_netlink.c | 7 net/netfilter/nf_tables_api.c | 2 net/netfilter/nft_payload.c | 3 net/netlink/af_netlink.c | 3 net/qrtr/qrtr.c | 2 net/sched/sch_api.c | 2 net/sctp/socket.c | 4 net/tipc/bearer.c | 8 net/wireless/nl80211.c | 3 net/wireless/scan.c | 6 net/wireless/sme.c | 3 net/xfrm/xfrm_user.c | 6 scripts/kconfig/merge_config.sh | 2 security/selinux/selinuxfs.c | 31 security/smack/smackfs.c | 2 security/tomoyo/domain.c | 9 sound/core/init.c | 14 sound/pci/asihpi/hpimsgx.c | 2 sound/pci/hda/hda_generic.c | 4 sound/pci/hda/patch_conexant.c | 24 sound/pci/hda/patch_realtek.c | 38 sound/pci/rme9652/hdsp.c | 6 sound/pci/rme9652/hdspm.c | 6 sound/soc/au1x/db1200.c | 1 sound/soc/codecs/tda7419.c | 1 tools/iio/iio_generic_buffer.c | 4 tools/perf/builtin-sched.c | 8 tools/perf/util/time-utils.c | 4 tools/testing/ktest/ktest.pl | 2 tools/testing/selftests/bpf/test_lru_map.c | 3 tools/testing/selftests/breakpoints/step_after_suspend_test.c | 5 tools/testing/selftests/kcmp/kcmp_test.c | 1 tools/testing/selftests/vDSO/parse_vdso.c | 3 tools/testing/selftests/vm/compaction_test.c | 2 tools/usb/usbip/src/usbip_detach.c | 1 virt/kvm/kvm_main.c | 5 325 files changed, 2608 insertions(+), 1776 deletions(-) Aaron Thompson (1): Bluetooth: Remove debugfs directory on module init failure Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix memory disclosure Aleksandr Mishin (2): staging: iio: frequency: ad9834: Validate frequency parameter value ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() Aleksandrs Vinarskis (1): ACPICA: iasl: handle empty connection_node Alex Bee (1): drm/rockchip: vop: Allow 4096px width scaling Alex Deucher (2): drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: properly handle vbios fake edid sizing Alex Hung (1): drm/amd/display: Check stream before comparing them Alex Williamson (1): PCI: Mark Creative Labs EMU20k2 INTx masking as broken Alexandre Belloni (1): rtc: at91sam9: drop platform_data support Anastasia Kovaleva (1): net: Fix an unsafe loop on the list Anders Roxell (1): scripts: kconfig: merge_config: config files: add a trailing newline Andrew Davis (1): power: reset: brcmstb: Do not go into infinite loop if reset fails Andrew Jones (1): of/irq: Support #msi-cells=<0> in of_msi_get_domain Andrey Shumilin (1): fbdev: sisfb: Fix strbuf array overflow Andrey Skvortsov (1): clk: Fix slab-out-of-bounds error in devm_clk_release() Andy Roulin (1): netfilter: br_netfilter: fix panic with metadata_dst skb Andy Shevchenko (2): spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ i2c: isch: Add missed 'else' Ankit Agrawal (1): clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Anshuman Khandual (1): arm64: Add Cortex-715 CPU part definition Anton Danilov (1): ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Anumula Murali Mohan Reddy (1): RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP Armin Wolf (4): ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook Arnd Bergmann (1): nfsd: use ktime_get_seconds() for timestamps Artem Sadovnikov (1): ext4: fix i_data_sem unlock order in ext4_ind_migrate() Artur Weber (1): power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Baokun Li (6): ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: update orig_path in ext4_find_extent() Barnabás Czémán (1): iio: magnetometer: ak8975: Fix reading for ak099xx sensors Ben Dooks (1): spi: s3c64xx: fix timeout counters in flush_fifo Beniamin Bia (2): staging: iio: frequency: ad9833: Get frequency value statically staging: iio: frequency: ad9833: Load clock using clock framework Benjamin B. Frost (1): USB: serial: option: add support for Quectel EG916Q-GL Benoît Monin (1): net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Billy Tsai (2): gpio: aspeed: Add the flush write to ensure the write complete. gpio: aspeed: Use devm_clk api to manage clock source Breno Leitao (1): KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() Byeonguk Jeong (1): bpf: Fix out-of-bounds write in trie_get_next_key() Chao Yu (4): f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: reduce expensive checkpoint trigger frequency Chen Yu (1): kthread: fix task state in kthread worker if being frozen Christophe JAILLET (5): fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() pps: remove usage of the deprecated ida_simple_xx() API iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() gtp: simplify error handling code in 'gtp_encap_enable()' Christophe Leroy (1): selftests: vDSO: fix vDSO symbols lookup for powerpc64 Chuck Lever (1): NFS: Remove print_overflow_msg() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in more places Damien Le Moal (1): ata: sata_sil: Rename sil_blacklist to sil_quirks Dan Carpenter (1): SUNRPC: Fix integer overflow in decode_rc_list() Daniel Gabay (1): wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Daniel Jordan (1): ktest.pl: Avoid false positives with grub2 skip regex Daniel Palmer (1): net: amd: mvme147: Fix probe banner message Daniele Palmas (1): USB: serial: option: add Telit FN920C04 MBIM compositions Dave Kleikamp (1): jfs: Fix sanity check in dbMount David Lechner (1): clk: ti: dra7-atl: Fix leak of of_nodes Dimitri Sivanich (1): misc: sgi-gru: Don't disable preemption in GRU driver Dmitry Antipov (3): wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Kandybka (1): wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Edward Adam Davis (4): jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree ext4: no need to continue when the number of entries is 1 ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Emanuele Ghidoli (1): gpio: davinci: fix lazy disable Emil Gedenryd (1): iio: light: opt3001: add missing full-scale range value Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead Eran Ben Elisha (1): net/mlx5: Update the list of the PCI supported devices Eric Dumazet (6): netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() tcp: introduce tcp_skb_timestamp_us() helper netfilter: nf_tables: prevent nf_skb_duplicated corruption net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() ppp: fix ppp_async_encode() illegal access Faisal Hassan (1): xhci: Fix Link TRB DMA in command ring stopped completion event Felix Fietkau (2): wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Ferry Meng (2): ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Filipe Manana (1): btrfs: wait for fixup workers before stopping cleaner kthread during umount Florian Fainelli (1): tty: rp2: Fix reset with non forgiving PCIe host bridges Foster Snowhill (1): usbnet: ipheth: fix carrier detection in modes 1 and 4 Gautham Ananthakrishna (1): ocfs2: reserve space for inline xattr before attaching reflink tree Geert Uytterhoeven (2): drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() Gerald Schaefer (1): s390/mm: Add cond_resched() to cmm_alloc/free_pages() Gianfranco Trad (1): udf: fix uninit-value use in udf_get_fileshortad Greg Kroah-Hartman (2): Revert "driver core: Fix uevent_show() vs driver detach race" Linux 4.19.323 Guenter Roeck (1): hwmon: (max16065) Fix overflows seen when writing limits Guoqing Jiang (1): nfsd: call cache_put if xdr_reserve_space returns NULL Gustavo A. R. Silva (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Hagar Hemdan (1): gpio: prevent potential speculation leaks in gpio_device_get_desc() Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use Haiyang Zhang (1): hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event Hans Verkuil (1): media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Hans de Goede (1): i2c: i801: Use a different adapter-name for IDF adapters Harshit Mogalapalli (1): usb: yurex: Fix inconsistent locking bug in yurex_read() Heiko Carstens (1): s390/facility: Disable compile time optimization for decompressor code Helge Deller (2): parisc: Fix itlb miss handler for 64-bit programs parisc: Fix 64-bit userspace syscall path Heming Zhao (1): ocfs2: fix the la space leak when unmounting an ocfs2 volume Hongbo Li (1): ASoC: allow module autoloading for table db1200_pids Ian Rogers (1): perf time-utils: Fix 32-bit nsec parsing Icenowy Zheng (1): usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Ido Schimmel (1): ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Jacky Chou (2): net: ftgmac100: Enable TX interrupt to avoid TX timeout net: ftgmac100: Ensure tx descriptor updates are visible Janis Schoetterl-Glausch (3): KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages Jann Horn (2): firmware_loader: Block path traversal f2fs: Require FMODE_WRITE for atomic write ioctls Jaroslav Kysela (1): ALSA: core: add isascii() check to card ID generator Jason Xing (1): tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Javier Carrasco (2): iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Jeongjun Park (3): jfs: fix out-of-bounds in dbNextAG() and diAlloc() mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Jiawei Ye (1): smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Jim Mattson (1): x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET Jinjie Ruan (4): ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() spi: bcm63xx: Fix module autoloading posix-clock: Fix missing timespec64 check in pc_clock_settime() posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() Jisheng Zhang (1): riscv: define ILLEGAL_POINTER_VALUE for 64bit Jonas Karlman (1): clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Jonathan Marek (1): drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation Jose Alberto Reguero (1): usb: xhci: Fix problem with xhci resume from suspend Joseph Huang (1): net: dsa: mv88e6xxx: Fix out-of-bound access Joseph Qi (2): ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: cancel dqi_sync_work before freeing oinfo Josh Hunt (1): tcp: check skb is non-NULL in tcp_rto_delta_us() Juergen Gross (3): xen: use correct end address of kernel for conflict checking xen/swiotlb: simplify range_straddles_page_boundary() xen/swiotlb: add alignment check for dma buffers Julian Sun (2): vfs: fix race between evice_inodes() and find_inode()&iput() ocfs2: fix null-ptr-deref when journal load failed. Junhao Xie (1): USB: serial: pl2303: add device id for Macrosilicon MS3020 Junlin Li (2): drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Kailang Yang (1): ALSA: hda/realtek: Update default depop procedure Kaixin Wang (2): net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition fbdev: pxafb: Fix possible use after free in pxafb_task() Kalesh AP (1): RDMA/bnxt_re: Return more meaningful error Kees Cook (1): scsi: aacraid: Rearrange order of struct aac_srb_unit Kemeng Shi (1): ext4: avoid negative min_clusters in find_group_orlov() Krzysztof Kozlowski (11): soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path soc: versatile: integrator: fix OF node leak in probe() error path soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() rtc: at91sam9: fix OF node leak in probe() error path clk: bcm: bcm53573: fix OF node leak in init Kuniyuki Iwashima (2): can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Lasse Collin (1): xz: cleanup CRC32 edits from 2018 Laurent Pinchart (1): Remove *.orig pattern from .gitignore Lee Jones (1): usb: yurex: Replace snprintf() with the safer scnprintf() variant Li Lingfeng (1): nfs: fix memory leak in error path of nfs4_do_reclaim Liao Chen (3): ASoC: tda7419: fix module autoloading spi: bcm63xx: Enable module autoloading mailbox: rockchip: fix a typo in module autoloading Linus Walleij (1): net: ethernet: cortina: Drop TSO support Lizhi Xu (2): ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Luis Henriques (SUSE) (2): ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Luiz Augusto von Dentz (3): Bluetooth: btusb: Fix not handling ZPL/short-transfer Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Luo Gengkun (1): perf/core: Fix small negative period being ignored Ma Ke (2): spi: ppc4xx: handle irq_of_parse_and_map() errors pps: add an error check in parport_attach Manikanta Pubbisetty (1): wifi: ath10k: Fix memory leak in management tx Marek Szyprowski (1): usb: dwc3: remove generic PHY calibrate() calls Mario Limonciello (1): drm/amd: Guard against bad data for ATIF ACPI method Mark Rutland (5): arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more arm64: probes: Remove broken LDR (literal) uprobe support arm64: probes: Fix simulate_ldr*_literal() arm64: probes: Fix uprobes for big-endian kernels Mathias Krause (1): Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal Mathias Nyman (1): xhci: Fix incorrect stream context type macro Matteo Croce (1): drm/amd: fix typo Matthew Brost (1): drm/printer: Allow NULL data in devcoredump printer Mauricio Faria de Oliveira (1): jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() Michael Kelley (1): x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Michael Mueller (1): KVM: s390: Change virtual to physical address access in diag 0x258 handler Michael S. Tsirkin (1): virtio_console: fix misc probe bugs Mickaël Salaün (1): fs: Fix file_set_fowner LSM hook inconsistencies Mike Rapoport (1): microblaze: don't treat zero reserved memory regions as error Mikhail Lobanov (2): RDMA/cxgb4: Added NULL check for lookup_atid drbd: Add NULL check for net_conf to prevent dereference in state validation Minjie Du (1): wifi: ath9k: fix parameter check in ath9k_init_debug() Mirsad Todorovac (1): mtd: slram: insert break after errors in parsing the map Mohamed Khalfella (1): igb: Do not bring the device up after non-fatal error Moon Yeounsu (1): net: ethernet: use ip_hdrlen() instead of bit shift Neal Cardwell (1): tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe NeilBrown (1): nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Nico Boehr (1): KVM: s390: gaccess: Check if guest address is in memslot Nikita Zhandarovich (3): drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikolay Kuratov (1): drm/vmwgfx: Handle surface check failure correctly Nuno Sa (1): Input: adp5589-keys - fix adp5589_gpio_get_value() OGAWA Hirofumi (1): fat: fix uninitialized variable Oleg Nesterov (1): uprobes: fix kernel info leak via "[uprobes]" vma Oliver Neukum (6): USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer USB: misc: yurex: fix race between read and write CDC-NCM: avoid overflow in sanity checking Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" net: usb: usbnet: fix name regression Pablo Neira Ayuso (3): netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire gtp: allow -1 to be specified as file description from userspace netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Paul Moore (1): selinux: improve error checking in sel_write_load() Paulo Miguel Almeida (2): drm/amdgpu: Replace one-element array with flexible-array member drm/radeon: Replace one-element array with flexible-array member Pawel Dembicki (1): net: phy: vitesse: repair vsc73xx autonegotiation Pedro Tammela (1): net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pei Xiao (1): ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Phil Edworthy (1): clk: Add (devm_)clk_get_optional() functions Phil Sutter (1): netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Prashant Malani (1): r8152: Factor out OOB link list waits Qiu-ji Chen (1): drbd: Fix atomicity violation in drbd_uuid_set_bm() Quentin Schulz (1): arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma Rafael J. Wysocki (1): ACPI: EC: Do not release locks during operation region accesses Remington Brasga (1): jfs: UBSAN: shift-out-of-bounds in dbFindBits Rob Clark (2): kthread: add kthread_work tracepoints drm/crtc: fix uninitialized variable use even harder Robert Hancock (1): i2c: xiic: Wait for TX empty to avoid missed TX NAKs Rosen Penev (1): net: ibm: emac: mal: fix wrong goto Ryusuke Konishi (7): nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() nilfs2: propagate directory read errors from nilfs_find_entry() nilfs2: fix kernel bug due to missing clearing of buffer delay flag nilfs2: fix potential deadlock with newly created symlinks nilfs2: fix kernel bug due to missing clearing of checked flag Sabrina Dubroca (2): macsec: don't increment counters for an unrelated SA xfrm: validate new SA's prefixlen using SA family when sel.family is unset Samasth Norway Ananda (2): selftests/vm: remove call to ksft_set_plan() selftests/kcmp: remove call to ksft_set_plan() Saravanan Vajravel (1): RDMA/bnxt_re: Fix incorrect AVID type in WQE structure Sean Anderson (3): net: dpaa: Pad packets to ETH_ZLEN PCI: xilinx-nwl: Fix register misspelling PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Sean Paul (1): drm: Move drm_mode_setcrtc() local re-init to failure path Sebastian Reichel (1): clk: rockchip: fix error for unknown clocks Selvarasu Ganesan (1): usb: dwc3: core: Stop processing of pending events if controller is halted Sherry Yang (1): drm/msm: fix %s null argument error Shubham Panwar (1): ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue Simon Horman (3): netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer Srinivasan Shanmugam (1): drm/amd/display: Fix index out of bounds in degamma hardware format translation Stefan Wahren (1): mailbox: bcm2835: Fix timeout during suspend mode Steven Rostedt (Google) (1): tracing: Remove precision vsnprintf() check from print event Suzuki K Poulose (1): coresight: tmc: sg: Do not leak sg_table Takashi Iwai (5): ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop parport: Proper fix for array out-of-bounds access Tao Chen (1): bpf: Check percpu map value size first Tetsuo Handa (1): tomoyo: fallback to realpath if symlink's pathname does not exist Thadeu Lima de Souza Cascardo (4): ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem ext4: ext4_search_dir should return a proper error usb: typec: altmode should keep reference to parent Theodore Ts'o (1): ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path Thomas Blocher (1): pinctrl: at91: make it work with current gpiolib Thomas Gleixner (2): PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() signal: Replace BUG_ON()s Thomas Richter (1): s390/cpum_sf: Remove WARN_ON_ONCE statements Thomas Weißschuh (2): ACPI: sysfs: validate return type of _STR method s390/sclp_vt220: Convert newlines to CRLF instead of LFCR Toke Høiland-Jørgensen (2): wifi: ath9k: Remove error checks when creating debugfs entries wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Tommy Huang (1): i2c: aspeed: Update the stop sw state when the bus recovery occurs Tony Ambardar (1): selftests/bpf: Fix error compiling test_lru_map.c Uwe Kleine-König (3): clk: generalize devm_clk_get() a bit clk: Provide new devm_clk helpers for prepared and enabled clocks clk: Fix pointer casting to prevent oops in devm_clk_release() Ville Syrjälä (1): wifi: iwlegacy: Clear stale interrupts before resuming device Vladimir Lypak (2): drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage Wade Wang (1): HID: plantronics: Workaround for an unexcepted opposite volume key Wang Hai (4): net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net: systemport: fix potential memory leak in bcm_sysport_xmit() net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() Wang Jianzheng (1): pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function WangYuli (1): PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Wojciech Gładysz (1): ext4: nested locking for xattr inode Wolfram Sang (1): ipmi: docs: don't advertise deprecated sysfs entries Xin Long (2): sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start net: support ip generic csum processing in skb_csum_hwoffload_help Xiongfeng Wang (1): firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Xiu Jianfeng (1): cgroup: Fix potential overflow issue when checking max_depth Xiubo Li (1): ceph: remove the incorrect Fw reference check when dirtying pages Xu Yang (1): usb: chipidea: udc: enable suspend interrupt after usb reset Yang Jihong (2): perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yang Yingliang (1): pinctrl: single: fix missing error code in pcs_probe() Ye Bin (1): Bluetooth: bnep: fix wild-memory-access in proto_unregister Yifei Liu (1): selftests: breakpoints: use remaining time to check if suspend succeed Yonggil Song (1): f2fs: fix typo Youssef Samir (1): net: qrtr: Update packets cloning when broadcasting Yu Chen (1): usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc Yu Kuai (3): block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() Yunke Cao (1): media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Yuntao Liu (1): hwmon: (ntc_thermistor) fix module autoloading Zhang Rui (1): x86/apic: Always explicitly disarm TSC-deadline timer Zhao Mengmeng (1): jfs: Fix uninit-value access of new_ea in ea_buffer Zheng Wang (1): media: venus: fix use after free bug in venus_remove due to race condition Zhu Jun (1): tools/iio: Add memory allocation failure check for trigger_name Zhu Yanjun (1): RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Zijun Hu (2): driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou (1): usbip: tools: Fix detach_port() invalid port error path j.nixdorf(a)avm.de (1): net: ipv6: ensure we call ipv6_mc_down() at most once junhua huang (2): arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning yangerkun (1): ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard zhanchengbin (1): ext4: fix inode tree inconsistency caused by ENOMEM

10 months, 2 weeks

1
1
0 0

patch "iio: accel: kx022a: Fix raw read format" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: kx022a: Fix raw read format to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From b7d2bc99b3bdc03fff9b416dd830632346d83530 Mon Sep 17 00:00:00 2001 From: Matti Vaittinen <mazziesaccount(a)gmail.com> Date: Wed, 30 Oct 2024 15:16:11 +0200 Subject: iio: accel: kx022a: Fix raw read format The KX022A provides the accelerometer data in two subsequent registers. The registers are laid out so that the value obtained via bulk-read of these registers can be interpreted as signed 16-bit little endian value. The read value is converted to cpu_endianes and stored into 32bit integer. The le16_to_cpu() casts value to unsigned 16-bit value, and when this is assigned to 32-bit integer the resulting value will always be positive. This has not been a problem to users (at least not all users) of the sysfs interface, who know the data format based on the scan info and who have converted the read value back to 16-bit signed value. This isn't compliant with the ABI however. This, however, will be a problem for those who use the in-kernel interfaces, especially the iio_read_channel_processed_scale(). The iio_read_channel_processed_scale() performs multiplications to the returned (always positive) raw value, which will cause strange results when the data from the sensor has been negative. Fix the read_raw format by casting the result of the le_to_cpu() to signed 16-bit value before assigning it to the integer. This will make the negative readings to be correctly reported as negative. This fix will be visible to users by changing values returned via sysfs to appear in correct (negative) format. Reported-by: Kalle Niemi <kaleposti(a)gmail.com> Fixes: 7c1d1677b322 ("iio: accel: Support Kionix/ROHM KX022A accelerometer") Signed-off-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Tested-by: Kalle Niemi <kaleposti(a)gmail.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/ZyIxm_zamZfIGrnB@mva-rohm Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/kionix-kx022a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/accel/kionix-kx022a.c b/drivers/iio/accel/kionix-kx022a.c index 53d59a04ae15..b6a828a6df93 100644 --- a/drivers/iio/accel/kionix-kx022a.c +++ b/drivers/iio/accel/kionix-kx022a.c @@ -594,7 +594,7 @@ static int kx022a_get_axis(struct kx022a_data *data, if (ret) return ret; - *val = le16_to_cpu(data->buffer[0]); + *val = (s16)le16_to_cpu(data->buffer[0]); return IIO_VAL_INT; } -- 2.47.0

10 months, 2 weeks

1
0
0 0

patch "iio: accel: kx022a: Fix raw read format" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: kx022a: Fix raw read format to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From b7d2bc99b3bdc03fff9b416dd830632346d83530 Mon Sep 17 00:00:00 2001 From: Matti Vaittinen <mazziesaccount(a)gmail.com> Date: Wed, 30 Oct 2024 15:16:11 +0200 Subject: iio: accel: kx022a: Fix raw read format The KX022A provides the accelerometer data in two subsequent registers. The registers are laid out so that the value obtained via bulk-read of these registers can be interpreted as signed 16-bit little endian value. The read value is converted to cpu_endianes and stored into 32bit integer. The le16_to_cpu() casts value to unsigned 16-bit value, and when this is assigned to 32-bit integer the resulting value will always be positive. This has not been a problem to users (at least not all users) of the sysfs interface, who know the data format based on the scan info and who have converted the read value back to 16-bit signed value. This isn't compliant with the ABI however. This, however, will be a problem for those who use the in-kernel interfaces, especially the iio_read_channel_processed_scale(). The iio_read_channel_processed_scale() performs multiplications to the returned (always positive) raw value, which will cause strange results when the data from the sensor has been negative. Fix the read_raw format by casting the result of the le_to_cpu() to signed 16-bit value before assigning it to the integer. This will make the negative readings to be correctly reported as negative. This fix will be visible to users by changing values returned via sysfs to appear in correct (negative) format. Reported-by: Kalle Niemi <kaleposti(a)gmail.com> Fixes: 7c1d1677b322 ("iio: accel: Support Kionix/ROHM KX022A accelerometer") Signed-off-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Tested-by: Kalle Niemi <kaleposti(a)gmail.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/ZyIxm_zamZfIGrnB@mva-rohm Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/kionix-kx022a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/accel/kionix-kx022a.c b/drivers/iio/accel/kionix-kx022a.c index 53d59a04ae15..b6a828a6df93 100644 --- a/drivers/iio/accel/kionix-kx022a.c +++ b/drivers/iio/accel/kionix-kx022a.c @@ -594,7 +594,7 @@ static int kx022a_get_axis(struct kx022a_data *data, if (ret) return ret; - *val = le16_to_cpu(data->buffer[0]); + *val = (s16)le16_to_cpu(data->buffer[0]); return IIO_VAL_INT; } -- 2.47.0

10 months, 2 weeks

1
0
0 0

[PATCH 6.1 000/126] 6.1.116-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.116 release. There are 126 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 08 Nov 2024 12:02:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.116-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.116-rc1 Huang Ying <ying.huang(a)intel.com> migrate_pages_batch: fix statistics for longterm pin retry Linus Torvalds <torvalds(a)linux-foundation.org> mm: avoid gcc complaint about pointer casting Jeongjun Park <aha310510(a)gmail.com> vt: prevent kernel-infoleak in con_font_get() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: winbond: fix w25q128 regression Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix build errors due to backported TIMENS Jeongjun Park <aha310510(a)gmail.com> mm: shmem: fix data-race in shmem_getattr() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix 6 GHz scan construction Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of checked flag Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211: fix NULL dereference at band check in starting tx ba session Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use code segment selector for VERW operand Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always lock __io_cqring_overflow_flush Gregory Price <gourry(a)gourry.net> vmscan,migrate: fix page count imbalance on node stats when demoting pages Huang Ying <ying.huang(a)intel.com> migrate_pages: split unmap_and_move() to _unmap() and _move() Huang Ying <ying.huang(a)intel.com> migrate_pages: restrict number of pages to migrate in batch Huang Ying <ying.huang(a)intel.com> migrate_pages: separate hugetlb folios migration Huang Ying <ying.huang(a)intel.com> migrate_pages: organize stats with struct migrate_pages_stats Yang Li <yang.lee(a)linux.alibaba.com> mm/migrate.c: stop using 0 as NULL pointer Huang Ying <ying.huang(a)intel.com> migrate: convert migrate_pages() to use folios Huang Ying <ying.huang(a)intel.com> migrate: convert unmap_and_move() to use folios Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: migrate: try again if THP split is failed due to page refcnt Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Amir Goldstein <amir73il(a)gmail.com> io_uring: use kiocb_{start,end}_write() helpers Amir Goldstein <amir73il(a)gmail.com> fs: create kiocb_{start,end}_write() helpers Amir Goldstein <amir73il(a)gmail.com> io_uring: rename kiocb_end_write() local helper Andrey Konovalov <andreyknvl(a)gmail.com> kasan: remove vmalloc_percpu test Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> nvmet-auth: assign dh_key to NULL after kfree_sensitive Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Matt Johnston <matt(a)codeconstruct.com.au> mctp i2c: handle NULL header address Edward Adam Davis <eadavis(a)qq.com> ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Matt Fleming <mfleming(a)cloudflare.com> mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: explicitly define what alloc flags deplete min reserves Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: treat RT tasks similar to __GFP_HIGH Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Move rescan to the workqueue Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove duplicated GET_RM Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove unused GENERATING_ASM_OFFSETS WangYuli <wangyuli(a)uniontech.com> riscv: Use '%u' to format the output of 'cpu' Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: efi: Set NX compat flag in PE/COFF header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Limit internal Mic boost on Dell platform Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: vdso: Prevent the compiler from inserting calls to memset() Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Xinyu Zhang <xizhang(a)purestorage.com> block: fix sanity checks in blk_rq_map_user_bvec Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential deadlock with newly created symlinks Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix microlux value calculation Zicheng Qu <quzicheng(a)huawei.com> iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zicheng Qu <quzicheng(a)huawei.com> staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlegacy: Clear stale interrupts before resuming device Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: clear wdev->cqm_config pointer on free Manikanta Pubbisetty <quic_mpubbise(a)quicinc.com> wifi: ath10k: Fix memory leak in management tx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Fix uevent_show() vs driver detach race" Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Use pm_runtime_get to prevent RPM on unsupported systems Faisal Hassan <quic_faisalh(a)quicinc.com> xhci: Fix Link TRB DMA in command ring stopped completion event Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() Zijun Hu <quic_zijuhu(a)quicinc.com> usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou <zhouzongmin(a)kylinos.cn> usbip: tools: Fix detach_port() invalid port error path Jan Schär <jan(a)jschaer.ch> ALSA: usb-audio: Add quirks for Dell WD19 dock Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: dummy-hcd: Fix "task hung" problem Andrey Konovalov <andreyknvl(a)gmail.com> usb: gadget: dummy_hcd: execute hrtimer callback in softirq context Marcello Sylvester Bauer <sylv(a)sylv.io> usb: gadget: dummy_hcd: Set transfer interval to 1 microframe Marcello Sylvester Bauer <sylv(a)sylv.io> usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler Dimitri Sivanich <sivanich(a)hpe.com> misc: sgi-gru: Don't disable preemption in GRU driver Dai Ngo <dai.ngo(a)oracle.com> NFS: remove revoked delegation from server's delegation list Daniel Palmer <daniel(a)0x0f.com> net: amd: mvme147: Fix probe banner message Benjamin Marzinski <bmarzins(a)redhat.com> scsi: scsi_transport_fc: Allow setting rport state to current state Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ni_clear() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix possible deadlock in mi_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Stale inode instead of bad Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix warning possible deadlock in ntfs_set_state Andrew Ballance <andrewjballance(a)gmail.com> fs/ntfs3: Check if more than chunk-size bytes are written Pierre Gondois <pierre.gondois(a)arm.com> ACPI: CPPC: Make rmw_lock a raw_spin_lock David Howells <dhowells(a)redhat.com> afs: Fix missing subdir edit when renamed between parent dirs David Howells <dhowells(a)redhat.com> afs: Automatically generate trace tag enums Xiongfeng Wang <wangxiongfeng2(a)huawei.com> firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Marco Elver <elver(a)google.com> kasan: Fix Software Tag-Based KASAN with GCC Miguel Ojeda <ojeda(a)kernel.org> compiler-gcc: remove attribute support check for `__no_sanitize_address__` Miguel Ojeda <ojeda(a)kernel.org> compiler-gcc: be consistent with underscores use for `no_sanitize` Christoph Hellwig <hch(a)lst.de> iomap: turn iomap_want_unshare_iter into an inline function Darrick J. Wong <djwong(a)kernel.org> fsdax: dax_unshare_iter needs to copy entire blocks Darrick J. Wong <djwong(a)kernel.org> fsdax: remove zeroing code from dax_unshare_iter Darrick J. Wong <djwong(a)kernel.org> iomap: share iomap_unshare_iter predicate code with fsdax Darrick J. Wong <djwong(a)kernel.org> iomap: don't bother unsharing delalloc extents Christoph Hellwig <hch(a)lst.de> iomap: improve shared block detection in iomap_unshare_iter Darrick J. Wong <djwong(a)kernel.org> iomap: convert iomap_unshare_iter to use large folios Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_ipip: Rename Spectrum-2 ip6gre operations Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Add support for double entry RIFs Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_ptp: Add missing verification before pushing Tx header Benoît Monin <benoit.monin(a)gmx.fr> net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Dong Chenchen <dongchenchen2(a)huawei.com> netfilter: Fix use-after-free in get_info() Byeonguk Jeong <jungbu2855(a)gmail.com> bpf: Fix out-of-bounds write in trie_get_next_key() Zichen Xie <zichenxie0106(a)gmail.com> netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: allow -1 to be specified as file description from userspace Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Wander Lairson Costa <wander(a)redhat.com> igb: Disable threaded IRQ for igb_msix_other Furong Xu <0x1207(a)gmail.com> net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Jianbo Liu <jianbol(a)nvidia.com> macsec: Fix use-after-free while sending the offloading packet Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: synchronize the qp-handle table array Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Dump vendor specific QP details Geert Uytterhoeven <geert(a)linux-m68k.org> wifi: brcm80211: BRCM_TRACING should depend on TRACING Remi Pommarel <repk(a)triplefau.lt> wifi: ath11k: Fix invalid ring usage in full monitor mode Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys Geert Uytterhoeven <geert(a)linux-m68k.org> mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING Ben Hutchings <ben(a)decadent.org.uk> wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Fix potential overflow issue when checking max_depth Alexander Gordeev <agordeev(a)linux.ibm.com> fs/proc/kcore.c: allow translation of physical memory addresses Lorenzo Stoakes <lstoakes(a)gmail.com> fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions Lorenzo Stoakes <lstoakes(a)gmail.com> fs/proc/kcore: convert read_kcore() to read_kcore_iter() Lorenzo Stoakes <lstoakes(a)gmail.com> fs/proc/kcore: avoid bounce buffer for ktext data Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: remove kern_addr_valid() completely Donet Tom <donettom(a)linux.ibm.com> selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Miquel Sabaté Solà <mikisabate(a)gmail.com> cpufreq: Avoid a bad reference count on CPU node Hector Martin <marcan(a)marcan.st> cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format ------------- Diffstat: Makefile | 4 +- arch/alpha/include/asm/pgtable.h | 2 - arch/arc/include/asm/pgtable-bits-arcv2.h | 2 - arch/arm/include/asm/pgtable-nommu.h | 2 - arch/arm/include/asm/pgtable.h | 4 - arch/arm64/include/asm/pgtable.h | 2 - arch/arm64/mm/mmu.c | 47 -- arch/arm64/mm/pageattr.c | 3 +- arch/csky/include/asm/pgtable.h | 3 - arch/hexagon/include/asm/page.h | 7 - arch/ia64/include/asm/pgtable.h | 16 - arch/loongarch/include/asm/pgtable.h | 2 - arch/loongarch/kernel/vdso.c | 28 +- arch/m68k/include/asm/pgtable_mm.h | 2 - arch/m68k/include/asm/pgtable_no.h | 1 - arch/microblaze/include/asm/pgtable.h | 3 - arch/mips/include/asm/pgtable.h | 2 - arch/nios2/include/asm/pgtable.h | 2 - arch/openrisc/include/asm/pgtable.h | 2 - arch/parisc/include/asm/pgtable.h | 15 - arch/powerpc/include/asm/pgtable.h | 7 - arch/riscv/include/asm/pgtable.h | 2 - arch/riscv/kernel/asm-offsets.c | 2 - arch/riscv/kernel/cpu-hotplug.c | 2 +- arch/riscv/kernel/efi-header.S | 2 +- arch/riscv/kernel/traps_misaligned.c | 2 - arch/riscv/kernel/vdso/Makefile | 1 + arch/s390/include/asm/io.h | 2 + arch/s390/include/asm/pgtable.h | 2 - arch/sh/include/asm/pgtable.h | 2 - arch/sparc/include/asm/pgtable_32.h | 6 - arch/sparc/mm/init_32.c | 3 +- arch/sparc/mm/init_64.c | 1 - arch/um/include/asm/pgtable.h | 2 - arch/x86/include/asm/nospec-branch.h | 11 +- arch/x86/include/asm/pgtable_32.h | 9 - arch/x86/include/asm/pgtable_64.h | 1 - arch/x86/mm/init_64.c | 41 -- arch/xtensa/include/asm/pgtable.h | 2 - block/blk-map.c | 4 +- drivers/acpi/cppc_acpi.c | 9 +- drivers/base/core.c | 13 +- drivers/base/module.c | 4 - drivers/cpufreq/mediatek-cpufreq-hw.c | 14 +- drivers/cxl/acpi.c | 17 +- drivers/cxl/core/port.c | 26 +- drivers/cxl/cxl.h | 3 +- drivers/firmware/arm_sdei.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 + drivers/iio/adc/ad7124.c | 2 +- drivers/iio/light/veml6030.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 + drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 + drivers/infiniband/hw/cxgb4/provider.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/misc/sgi-gru/grukservices.c | 2 - drivers/misc/sgi-gru/grumain.c | 4 - drivers/misc/sgi-gru/grutlbpurge.c | 2 - drivers/mtd/spi-nor/winbond.c | 7 +- drivers/net/ethernet/amd/mvme147.c | 7 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 119 ++-- .../net/ethernet/mellanox/mlxsw/spectrum_ipip.h | 1 + drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +- drivers/net/gtp.c | 22 +- drivers/net/macsec.c | 3 +- drivers/net/mctp/mctp-i2c.c | 3 + drivers/net/netdevsim/fib.c | 4 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 7 +- drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 + drivers/net/wireless/intel/iwlegacy/common.c | 15 +- drivers/net/wireless/intel/iwlegacy/common.h | 12 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/nvme/target/auth.c | 1 + drivers/scsi/scsi_transport_fc.c | 4 +- drivers/staging/iio/frequency/ad9832.c | 7 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/dummy_hcd.c | 57 +- drivers/usb/host/xhci-pci.c | 6 +- drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/phy/phy.c | 2 +- drivers/usb/typec/class.c | 1 + fs/afs/dir.c | 25 + fs/afs/dir_edit.c | 91 ++- fs/afs/internal.h | 2 + fs/dax.c | 49 +- fs/iomap/buffered-io.c | 31 +- fs/nfs/delegation.c | 5 + fs/nilfs2/namei.c | 3 + fs/nilfs2/page.c | 1 + fs/ntfs3/frecord.c | 4 +- fs/ntfs3/inode.c | 10 +- fs/ntfs3/lznt.c | 3 + fs/ntfs3/namei.c | 2 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/ocfs2/file.c | 8 + fs/proc/kcore.c | 94 ++- include/acpi/cppc_acpi.h | 2 +- include/linux/compiler-gcc.h | 12 +- include/linux/cpufreq.h | 34 +- include/linux/fs.h | 36 ++ include/linux/iomap.h | 19 + include/linux/migrate.h | 1 + include/net/ip_tunnels.h | 2 +- include/trace/events/afs.h | 240 +------ io_uring/io_uring.c | 11 +- io_uring/rw.c | 52 +- kernel/bpf/cgroup.c | 19 +- kernel/bpf/lpm_trie.c | 2 +- kernel/cgroup/cgroup.c | 4 +- mm/huge_memory.c | 4 +- mm/internal.h | 13 +- mm/kasan/kasan_test.c | 27 - mm/migrate.c | 690 ++++++++++++++------- mm/page_alloc.c | 95 ++- mm/shmem.c | 2 + net/bluetooth/hci_sync.c | 18 +- net/core/dev.c | 4 + net/ipv6/netfilter/nf_reject_ipv6.c | 15 +- net/mac80211/Kconfig | 2 +- net/mac80211/agg-tx.c | 4 +- net/mac80211/cfg.c | 3 +- net/mac80211/key.c | 42 +- net/netfilter/nft_payload.c | 3 + net/netfilter/x_tables.c | 2 +- net/sched/sch_api.c | 2 +- net/wireless/core.c | 1 + sound/pci/hda/patch_realtek.c | 22 +- sound/soc/codecs/cs42l51.c | 7 +- sound/usb/mixer_quirks.c | 3 + tools/testing/selftests/vm/hmm-tests.c | 2 +- tools/usb/usbip/src/usbip_detach.c | 1 + 139 files changed, 1453 insertions(+), 1027 deletions(-)

10 months, 2 weeks

12
137
0 0

[PATCH] iommu/dma: Reserve iova ranges for reserved regions of all devices

by Jerry Snitselaar

Only the first device that is passed when the domain is set up will have its reserved regions reserved in the iova address space. So if there are other devices in the group with unique reserved regions, those regions will not get reserved in the iova address space. All of the ranges do get set up in the iopagetables via calls to iommu_create_device_direct_mappings for all devices in a group. In the case of vt-d system this resulted in messages like the following: [ 1632.693264] DMAR: ERROR: DMA PTE for vPFN 0xf1f7e already set (to f1f7e003 not 173025001) To make sure iova ranges are reserved for the reserved regions all of the devices, call iova_reserve_iommu_regions in iommu_dma_init_domain prior to exiting in the case where the domain is already initialized. Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Will Deacon <will(a)kernel.org> Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org Fixes: 7c1b058c8b5a ("iommu/dma: Handle IOMMU API reserved regions") Signed-off-by: Jerry Snitselaar <jsnitsel(a)redhat.com> --- Robin: I wasn't positive if this is the correct solution, or if it should be done for the entire group at once. drivers/iommu/dma-iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c index 2a9fa0c8cc00..5fd3cccbb233 100644 --- a/drivers/iommu/dma-iommu.c +++ b/drivers/iommu/dma-iommu.c @@ -707,7 +707,7 @@ static int iommu_dma_init_domain(struct iommu_domain *domain, struct device *dev goto done_unlock; } - ret = 0; + ret = iova_reserve_iommu_regions(dev, domain); goto done_unlock; } -- 2.44.0

10 months, 2 weeks

2
2
0 0

[PATCH 1/2 net V3] net: vertexcom: mse102x: Fix possible double free of TX skb

by Stefan Wahren

The scope of the TX skb is wider than just mse102x_tx_frame_spi(), so in case the TX skb room needs to be expanded, we should free the the temporary skb instead of the original skb. Otherwise the original TX skb pointer would be freed again in mse102x_tx_work(), which leads to crashes: Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23 Hardware name: chargebyte Charge SOM DC-ONE (DT) Workqueue: events mse102x_tx_work [mse102x] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_release_data+0xb8/0x1d8 lr : skb_release_data+0x1ac/0x1d8 sp : ffff8000819a3cc0 x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0 x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50 x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000 x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8 x8 : fffffc00001bc008 x7 : 0000000000000000 x6 : 0000000000000008 x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009 x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000 Call trace: skb_release_data+0xb8/0x1d8 kfree_skb_reason+0x48/0xb0 mse102x_tx_work+0x164/0x35c [mse102x] process_one_work+0x138/0x260 worker_thread+0x32c/0x438 kthread+0x118/0x11c ret_from_fork+0x10/0x20 Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660) Cc: stable(a)vger.kernel.org Fixes: 2f207cbf0dd4 ("net: vertexcom: Add MSE102x SPI support") Signed-off-by: Stefan Wahren <wahrenst(a)gmx.net> --- drivers/net/ethernet/vertexcom/mse102x.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/vertexcom/mse102x.c b/drivers/net/ethernet/vertexcom/mse102x.c index a04d4073def9..2c37957478fb 100644 --- a/drivers/net/ethernet/vertexcom/mse102x.c +++ b/drivers/net/ethernet/vertexcom/mse102x.c @@ -222,7 +222,7 @@ static int mse102x_tx_frame_spi(struct mse102x_net *mse, struct sk_buff *txp, struct mse102x_net_spi *mses = to_mse102x_spi(mse); struct spi_transfer *xfer = &mses->spi_xfer; struct spi_message *msg = &mses->spi_msg; - struct sk_buff *tskb; + struct sk_buff *tskb = NULL; int ret; netif_dbg(mse, tx_queued, mse->ndev, "%s: skb %p, %d@%p\n", @@ -235,7 +235,6 @@ static int mse102x_tx_frame_spi(struct mse102x_net *mse, struct sk_buff *txp, if (!tskb) return -ENOMEM; - dev_kfree_skb(txp); txp = tskb; } @@ -257,6 +256,8 @@ static int mse102x_tx_frame_spi(struct mse102x_net *mse, struct sk_buff *txp, mse->stats.xfer_err++; } + dev_kfree_skb(tskb); + return ret; } -- 2.34.1

10 months, 2 weeks

1
0
0 0

[PATCH 6.1 resend] Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link"

by Fedor Pchelkin

This reverts commit 7c887efda1201110211fed8921a92a713e0b6bcd which is commit 8151a6c13111b465dbabe07c19f572f7cbd16fef upstream. It is a duplicate of the change made in 6.1.105 by commit 282f0a482ee6 ("drm/amd/display: Skip Recompute DSC Params if no Stream on Link"). This is a consequence of two different upstream commits performing the exact same change and one of which has been cherry-picked. No point to keep it in the stable branch. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. Reported-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- Dropped from other stables by Jonathan Gray https://lore.kernel.org/stable/20241007035711.46624-1-jsg@jsg.id.au/T/#u drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 1acef5f3838f..855cd71f636f 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1255,9 +1255,6 @@ static bool is_dsc_need_re_compute( } } - if (new_stream_on_link_num == 0) - return false; - if (new_stream_on_link_num == 0) return false; -- 2.39.5

10 months, 2 weeks

1
0
0 0

[PATCH 0/1] On DRM -> stable process

by Fedor Pchelkin

Hi all, I'm writing as a bystander working with 6.1.y stable branch and possibly lacking some context with the established DRM -> stable patch flow, Cc'ing a large number of people. The commit being reverted from 6.1.y is the one that duplicates the changes already backported to that branch with another commit. It is essentially a "similar" commit but cherry-picked at some point during the DRM development process. The duplicate has no runtime effect but should not actually remain in the stable trees. It was already reverted [1] from 6.6/6.10/6.11 but still made its way later to 6.1. [1]: https://lore.kernel.org/stable/20241007035711.46624-1-jsg@jsg.id.au/T/#u At [1] Greg KH also stated that the observed problems are quite common while backporting DRM patches to stable trees. The current duplicate patch has in every sense a cosmetic impact but in other circumstances and for other patches this may have gone wrong. So, is there any way to adjust this process? BTW, a question to the stable-team: what Git magic (3-way-merge?) let the duplicate patch be applied successfully? The patch context in stable trees was different to that moment so should the duplicate have been expected to fail to be applied? -- Fedor

10 months, 2 weeks

4
8
0 0

🚀 Drive Unlimited Organic Traffic for 6 Months!

by Unlimited Organic Traffic

Hi there, Imagine unlimited organic traffic flowing to your site for 6 months—all based on the keywords you choose. With our service, we can deliver consistent traffic to help grow your online presence, all at an affordable rate! Get Started Today: https://www.1unlimitedtraffic.net/get-started/ (https://www.1unlimitedtraffic.net/get-started/) Note: Daily traffic may vary depending on your selected keywords. Don’t miss out on this opportunity to boost your website’s traffic and visibility! Cheers, Mike Plummer WhatsApp us (https://wa.link/p22nfi) Unsubscribe (https://clicks.1unlimitedtraffic.net/?na=u&nk=979918-746207ce49&nek=18-) | Manage your subscription (https://clicks.1unlimitedtraffic.net/?na=p&nk=979918-746207ce49&nek=18-) | View online (https://clicks.1unlimitedtraffic.net/?na=v&nk=979918-746207ce49&id=18) whatsapp

10 months, 2 weeks

1
0
0 0

[PATCH 6.11 000/245] 6.11.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.7 release. There are 245 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 08 Nov 2024 12:02:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.7-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: handle default profile on on devices without fullscreen 3D Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Sequential field availability check in mi_enum_attr() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: default to fullscreen 3D profile for dGPUs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: fix ordering for setting workload_mask Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: Write all slices if its mcr register Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: Define STATELESS_COMPRESSION_CTRL as mcr register Shekhar Chauhan <shekhar.chauhan(a)intel.com> drm/xe/xe2: Add performance turning changes Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> drm/xe/xe2: Introduce performance changes Sai Teja Pottumuttu <sai.teja.pottumuttu(a)intel.com> drm/xe/xe2hpg: Introduce performance tuning changes for Xe2_HPG Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: Move enable host l2 VRAM post MCR init Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/xe2hpg: Add Wa_15016589081 Thomas Zimmermann <tzimmermann(a)suse.de> drm/xe: Support 'nomodeset' kernel command-line option Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Don't enable decompression on Xe2 with Tile4 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Prevent Panel Replay if CRC calculation is enabled Jani Nikula <jani.nikula(a)intel.com> drm/xe/display: drop unused rawclk_freq and RUNTIME_INFO() Jani Nikula <jani.nikula(a)intel.com> drm/i915: move rawclk from runtime to display runtime info Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/pps: Disable DPLS_GATING around pps sequence Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> drm/i915/display/dp: Compute AS SDP when vrr is also enabled Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/dp: Clear VSC SDP during post ddi disable routine Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Add encoder check in hdcp2_get_capability Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> drm/i915/display: WA for Re-initialize dispcnlunitt1 xosc clock Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> drm/i915/display: Cache adpative sync caps to use it later Matthew Auld <matthew.auld(a)intel.com> drm/i915: disable fbc due to Wa_16023588340 Gustavo Sousa <gustavo.sousa(a)intel.com> drm/i915: Skip programming FIA link enable bits for MTL+ Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100: fix PCIe4 and PCIe6a PHY clocks Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Add Broadcast_AND region in LLCC block Haibo Chen <haibo.chen(a)nxp.com> arm64: dts: imx8ulp: correct the flexspi compatible string Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix nvme regulator boot glitch Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix nvme regulator boot glitch Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100: fix PCIe4 interconnect Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-vivobook-s15: fix nvme regulator boot glitch Konrad Dybcio <konradybcio(a)kernel.org> arm64: dts: qcom: x1e80100: Fix up BAR spaces Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-yoga-slim7x: fix nvme regulator boot glitch Fabien Parent <fabien.parent(a)linaro.org> arm64: dts: qcom: msm8939: revert use of APCS mbox for RPM Conor Dooley <conor.dooley(a)microchip.com> riscv: dts: starfive: disable unused csi/camss nodes E Shattow <e(a)freeshell.de> riscv: dts: starfive: Update ethernet phy0 delay parameter values for Star64 Yu Zhao <yuzhao(a)google.com> mm: multi-gen LRU: use {ptep,pmdp}_clear_young_notify() Zhiguo Jiang <justinjiang(a)vivo.com> mm: shrink skip folio mapped by an exiting process Yu Zhao <yuzhao(a)google.com> mm: multi-gen LRU: remove MM_LEAF_OLD and MM_NONLEAF_TOTAL stats Yuanchu Xie <yuanchu(a)google.com> mm: multi-gen LRU: ignore non-leaf pmd_young for force_scan=true Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: fix regression when re-registering input handlers Vlastimil Babka <vbabka(a)suse.cz> mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes Gregory Price <gourry(a)gourry.net> vmscan,migrate: fix page count imbalance on node stats when demoting pages Johan Hovold <johan+linaro(a)kernel.org> gpiolib: fix debugfs dangling chip separator Johan Hovold <johan+linaro(a)kernel.org> gpiolib: fix debugfs newline separators Filipe Manana <fdmanana(a)suse.com> btrfs: fix defrag not merging contiguous extents due to merged extent maps Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map merging not happening for adjacent extents Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't short circuit TDR on jobs not started Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add mmio read before GGTT invalidate Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Kill regs/xe_sriov_regs.h Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Fix register definition order in xe_regs.h Jinjie Ruan <ruanjinjie(a)huawei.com> drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() Andrey Konovalov <andreyknvl(a)gmail.com> kasan: remove vmalloc_percpu test Keith Busch <kbusch(a)kernel.org> nvme: re-fix error-handling for io_uring nvme-passthrough Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> nvmet-auth: assign dh_key to NULL after kfree_sensitive Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 Christoph Hellwig <hch(a)lst.de> xfs: fix finding a last resort AG in xfs_filestream_pick_ag Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Fix NOC firewall interrupt handling Zhihao Cheng <chengzhihao1(a)huawei.com> btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Matt Johnston <matt(a)codeconstruct.com.au> mctp i2c: handle NULL header address Gregory Price <gourry(a)gourry.net> resource,kexec: walk_system_ram_res_rev must retain resource flags Edward Adam Davis <eadavis(a)qq.com> ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Sabyrzhan Tasbolatov <snovitoll(a)gmail.com> x86/traps: move kmsan check after instrumentation_begin Gatlin Newhouse <gatlin.newhouse(a)gmail.com> x86/traps: Enable UBSAN traps on x86 Matt Fleming <mfleming(a)cloudflare.com> mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> fork: only invoke khugepaged, ksm hooks if no error Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> fork: do not invoke uffd on fork if error occurs Alexander Usyskin <alexander.usyskin(a)intel.com> mei: use kvmalloc for read buffer Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: init: protect sched with rcu_read_lock Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Lazily flush the auth session Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/smu13: fix profile reporting Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amd/pm: Vangogh: Fix kernel memory out of bounds write Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Rollback tpm2_load_null() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Return tpm2_sessions_init() when null key creation fails Hugh Dickins <hughd(a)google.com> iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP Benjamin Segall <bsegall(a)google.com> posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone Shawn Wang <shawnwang(a)linux.alibaba.com> sched/numa: Fix the potential null pointer dereference in task_numa_work() Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Ensure ports ready at cxl_acpi_probe() return Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix another deadlock during RTC update Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove duplicated GET_RM Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove unused GENERATING_ASM_OFFSETS WangYuli <wangyuli(a)uniontech.com> riscv: Use '%u' to format the output of 'cpu' Miquel Sabaté Solà <mikisabate(a)gmail.com> riscv: Prevent a bad reference count on CPU nodes Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: efi: Set NX compat flag in PE/COFF header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Limit internal Mic boost on Dell platform Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: edt-ft5x06 - fix regmap leak when probe fails Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: vdso: Prevent the compiler from inserting calls to memset() Frank Li <Frank.Li(a)nxp.com> spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix error propagation of split bios Qu Wenruo <wqu(a)suse.com> btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Xinyu Zhang <xizhang(a)purestorage.com> block: fix sanity checks in blk_rq_map_user_bvec Ben Chuang <ben.chuang(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9767: Fix low power mode in the SD Express process Ben Chuang <ben.chuang(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9767: Fix low power mode on the set clock function Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix CXL port initialization order when the subsystem is built-in Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix use-after-free, permit out-of-order decoder shutdown Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: pmic_glink: Handle GLINK intent allocation rejections Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Honor TMU requirements in the domain when setting TMU mode Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: auto-update: fix poll_complete() to not report spurious timeout errors Chen Ridong <chenridong(a)huawei.com> mm: shrinker: avoid memleak in alloc_shrinker_info Wladislav Wiebe <wladislav.kw(a)gmail.com> tools/mm: -Werror fixes in page-types/slabinfo Jeongjun Park <aha310510(a)gmail.com> mm: shmem: fix data-race in shmem_getattr() Yunhui Cui <cuiyunhui(a)bytedance.com> RISC-V: ACPI: fix early_ioremap to early_memremap Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential deadlock with newly created symlinks Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of checked flag Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix microlux value calculation Jinjie Ruan <ruanjinjie(a)huawei.com> iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() Jinjie Ruan <ruanjinjie(a)huawei.com> iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() Zicheng Qu <quzicheng(a)huawei.com> iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Julien Stephan <jstephan(a)baylibre.com> dt-bindings: iio: adc: ad7380: fix ad7380-4 reference supply Zicheng Qu <quzicheng(a)huawei.com> staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix 6 GHz scan construction Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlegacy: Clear stale interrupts before resuming device Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: clear wdev->cqm_config pointer on free Manikanta Pubbisetty <quic_mpubbise(a)quicinc.com> wifi: ath10k: Fix memory leak in management tx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Edward Liaw <edliaw(a)google.com> Revert "selftests/mm: replace atomic_bool with pthread_barrier_t" Edward Liaw <edliaw(a)google.com> Revert "selftests/mm: fix deadlock for fork after pthread_create on ARM" Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> Revert "drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Fix uevent_show() vs driver detach race" Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Use pm_runtime_get to prevent RPM on unsupported systems Faisal Hassan <quic_faisalh(a)quicinc.com> xhci: Fix Link TRB DMA in command ring stopped completion event Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usb: fix NULL-deref on runtime suspend Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: qcom-pmic-typec: use fwnode_handle_put() to release fwnodes Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: restrict SNK_WAIT_CAPABILITIES_TIMEOUT transitions to non self-powered devices Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() Zijun Hu <quic_zijuhu(a)quicinc.com> usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou <zhouzongmin(a)kylinos.cn> usbip: tools: Fix detach_port() invalid port error path Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192du: Don't claim USB ID 0bda:8171 Jan Schär <jan(a)jschaer.ch> ALSA: usb-audio: Add quirks for Dell WD19 dock Chuck Lever <chuck.lever(a)oracle.com> rpcrdma: Always release the rpcrdma_device's xa_array Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never decrement pending_async_copies on error Chuck Lever <chuck.lever(a)oracle.com> NFSD: Initialize struct nfsd4_copy earlier Dimitri Sivanich <sivanich(a)hpe.com> misc: sgi-gru: Don't disable preemption in GRU driver Dai Ngo <dai.ngo(a)oracle.com> NFS: remove revoked delegation from server's delegation list Daniel Palmer <daniel(a)0x0f.com> net: amd: mvme147: Fix probe banner message Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Add MMIO RAPL PL4 support Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support Sumeet Pawnikar <sumeet.r.pawnikar(a)intel.com> powercap: intel_rapl_msr: Add PL4 support for Arrowlake-U Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Fold Asus Vivobook Pro N6506M* DMI quirks together Pali Rohár <pali(a)kernel.org> cifs: Fix creating native symlinks pointing to current or parent directory Pali Rohár <pali(a)kernel.org> cifs: Improve creating native symlinks pointing to directory Benjamin Marzinski <bmarzins(a)redhat.com> scsi: scsi_transport_fc: Allow setting rport state to current state Guilherme Giacomo Simoes <trintaeoitogc(a)gmail.com> rust: device: change the from_raw() function Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ntfs_file_release Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix general protection fault in run_is_mapped_full Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ni_clear() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix possible deadlock in mi_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add rough attr alloc_size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Stale inode instead of bad Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix warning possible deadlock in ntfs_set_state Andrew Ballance <andrewjballance(a)gmail.com> fs/ntfs3: Check if more than chunk-size bytes are written lei lu <llfamsec(a)gmail.com> ntfs3: Add bounds checking to mi_enum_attr() Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Report group as timedout when we fail to properly suspend Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fail job creation when the group is dead Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix firmware initialization on systems with a page size > 4k Keith Busch <kbusch(a)kernel.org> nvme: module parameter to disable pi with offsets Jason Gunthorpe <jgg(a)ziepe.ca> PCI: Fix pci_enable_acs() support for the ACS quirks Shiju Jose <shiju.jose(a)huawei.com> cxl/events: Fix Trace DRAM Event Record Dan Carpenter <dan.carpenter(a)linaro.org> drm/tegra: Fix NULL vs IS_ERR() check in probe() Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() Chun-Kuang Hu <chunkuang.hu(a)kernel.org> drm/mediatek: Use cmdq_pkt_create() and cmdq_pkt_destroy() Liankun Yang <liankun.yang(a)mediatek.com> drm/mediatek: Fix get efuse issue for MT8188 DPTX Hsin-Te Yuan <yuanhsinte(a)chromium.org> drm/mediatek: Fix color format MACROs in OVL Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: ovl: Remove the color format comment for ovl_fmt_convert() Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct device number on nfs reparse points Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of device numbers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: sloppy-logic-analyzer: Check for error code from devm_mutex_init() call Pierre Gondois <pierre.gondois(a)arm.com> ACPI: CPPC: Make rmw_lock a raw_spin_lock David Howells <dhowells(a)redhat.com> afs: Fix missing subdir edit when renamed between parent dirs Xiongfeng Wang <wangxiongfeng2(a)huawei.com> firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Marco Elver <elver(a)google.com> kasan: Fix Software Tag-Based KASAN with GCC Christoph Hellwig <hch(a)lst.de> iomap: turn iomap_want_unshare_iter into an inline function Darrick J. Wong <djwong(a)kernel.org> fsdax: dax_unshare_iter needs to copy entire blocks Darrick J. Wong <djwong(a)kernel.org> fsdax: remove zeroing code from dax_unshare_iter Darrick J. Wong <djwong(a)kernel.org> iomap: share iomap_unshare_iter predicate code with fsdax Darrick J. Wong <djwong(a)kernel.org> iomap: don't bother unsharing delalloc extents Christoph Hellwig <hch(a)lst.de> iomap: improve shared block detection in iomap_unshare_iter Toke Høiland-Jørgensen <toke(a)redhat.com> bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mtk_wed: fix path of MT7988 WO firmware Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Amit Cohen <amcohen(a)nvidia.com> mlxsw: pci: Sync Rx buffers for device Amit Cohen <amcohen(a)nvidia.com> mlxsw: pci: Sync Rx buffers for CPU Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_ptp: Add missing verification before pushing Tx header Benoît Monin <benoit.monin(a)gmx.fr> net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Hou Tao <houtao1(a)huawei.com> bpf: Check the validity of nr_words in bpf_iter_bits_new() Hou Tao <houtao1(a)huawei.com> bpf: Add bpf_mem_alloc_check_size() helper Hou Tao <houtao1(a)huawei.com> bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Dong Chenchen <dongchenchen2(a)huawei.com> netfilter: Fix use-after-free in get_info() Wang Liang <wangliang74(a)huawei.com> net: fix crash when config small gso_max_size/gso_ipv4_max_size Byeonguk Jeong <jungbu2855(a)gmail.com> bpf: Fix out-of-bounds write in trie_get_next_key() Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() Zichen Xie <zichenxie0106(a)gmail.com> netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Eduard Zingerman <eddyz87(a)gmail.com> bpf: Force checkpoint when jmp history is too long Pedro Tammela <pctammela(a)mojatatu.com> net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: allow -1 to be specified as file description from userspace Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix crash on probe for DPLL enabled E810 LOM Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: add callbacks for Embedded SYNC enablement on dpll pins Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> dpll: add Embedded SYNC feature for a pin Wander Lairson Costa <wander(a)redhat.com> igb: Disable threaded IRQ for igb_msix_other Furong Xu <0x1207(a)gmail.com> net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Ley Foon Tan <leyfoon.tan(a)starfivetech.com> net: stmmac: dwmac4: Fix high address display by updating reg_space[] from register values Cong Wang <cong.wang(a)bytedance.com> sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() Aleksei Vetrov <vvvvvv(a)google.com> ASoC: dapm: fix bounds checker error in dapm_widget_list_create Jianbo Liu <jianbol(a)nvidia.com> macsec: Fix use-after-free while sending the offloading packet Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Revert "wifi: iwlwifi: remove retry loops in start" Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't add default link in fw restart flow Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: really send iwl_txpower_constraints_cmd Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't leak a link on AP removal Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: synchronize the qp-handle table array Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the usage of control path spin locks Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Dump vendor specific QP details Geert Uytterhoeven <geert(a)linux-m68k.org> wifi: brcm80211: BRCM_TRACING should depend on TRACING Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: early chips only enable 36-bit DMA on specific PCI hosts Remi Pommarel <repk(a)triplefau.lt> wifi: ath11k: Fix invalid ring usage in full monitor mode Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys Geert Uytterhoeven <geert(a)linux-m68k.org> mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING Ben Hutchings <ben(a)decadent.org.uk> wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() John Garry <john.g.garry(a)oracle.com> scsi: scsi_debug: Fix do_device_access() handling of unexpected SG copy length Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fix up the build on architectures without HAVE_KVM_STAT_SUPPORT Jiri Slaby <jirislaby(a)kernel.org> perf trace: Fix non-listed archs in the syscalltbl routines Pei Xiao <xiaopei01(a)kylinos.cn> slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof Georgi Djakov <djakov(a)kernel.org> spi: geni-qcom: Fix boot warning related to pm_runtime and devres Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Fix potential overflow issue when checking max_depth Frank Min <Frank.Min(a)amd.com> drm/amdgpu: fix random data corruption for sdma 7 Florian Westphal <fw(a)strlen.de> lib: alloc_tag_module_unload must wait for pending kfree_rcu calls ------------- Diffstat: .../devicetree/bindings/iio/adc/adi,ad7380.yaml | 21 ++ Documentation/driver-api/dpll.rst | 21 ++ Documentation/netlink/specs/dpll.yaml | 24 ++ Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 2 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 + .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 2 + arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 34 ++- arch/riscv/boot/dts/starfive/jh7110-common.dtsi | 2 - .../boot/dts/starfive/jh7110-pine64-star64.dts | 3 +- arch/riscv/kernel/acpi.c | 4 +- arch/riscv/kernel/asm-offsets.c | 2 - arch/riscv/kernel/cacheinfo.c | 7 +- arch/riscv/kernel/cpu-hotplug.c | 2 +- arch/riscv/kernel/efi-header.S | 2 +- arch/riscv/kernel/traps_misaligned.c | 2 - arch/riscv/kernel/vdso/Makefile | 1 + arch/x86/include/asm/bug.h | 12 + arch/x86/kernel/traps.c | 71 ++++- block/blk-map.c | 4 +- drivers/accel/ivpu/ivpu_debugfs.c | 9 + drivers/accel/ivpu/ivpu_hw.c | 1 + drivers/accel/ivpu/ivpu_hw.h | 1 + drivers/accel/ivpu/ivpu_hw_ip.c | 5 +- drivers/acpi/cppc_acpi.c | 9 +- drivers/acpi/resource.c | 18 +- drivers/base/core.c | 48 +++- drivers/base/module.c | 4 - drivers/char/tpm/tpm-chip.c | 10 + drivers/char/tpm/tpm-dev-common.c | 3 + drivers/char/tpm/tpm-interface.c | 6 +- drivers/char/tpm/tpm2-sessions.c | 100 ++++--- drivers/cxl/Kconfig | 1 + drivers/cxl/Makefile | 20 +- drivers/cxl/acpi.c | 7 + drivers/cxl/core/hdm.c | 50 +++- drivers/cxl/core/port.c | 13 +- drivers/cxl/core/region.c | 48 +--- drivers/cxl/core/trace.h | 17 +- drivers/cxl/cxl.h | 3 +- drivers/cxl/port.c | 17 +- drivers/dpll/dpll_netlink.c | 130 +++++++++ drivers/dpll/dpll_nl.c | 5 +- drivers/firmware/arm_sdei.c | 2 +- drivers/firmware/microchip/mpfs-auto-update.c | 42 +-- drivers/gpio/gpio-sloppy-logic-analyzer.c | 4 +- drivers/gpio/gpiolib.c | 4 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 9 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 6 +- drivers/gpu/drm/i915/display/intel_alpm.c | 2 +- drivers/gpu/drm/i915/display/intel_backlight.c | 10 +- .../gpu/drm/i915/display/intel_display_device.c | 5 + .../gpu/drm/i915/display/intel_display_device.h | 2 + drivers/gpu/drm/i915/display/intel_display_power.c | 8 + .../drm/i915/display/intel_display_power_well.c | 4 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_display_wa.h | 8 + drivers/gpu/drm/i915/display/intel_dp.c | 29 +- drivers/gpu/drm/i915/display/intel_dp.h | 1 - drivers/gpu/drm/i915/display/intel_dp_aux.c | 4 +- drivers/gpu/drm/i915/display/intel_dp_hdcp.c | 11 +- drivers/gpu/drm/i915/display/intel_fbc.c | 6 + drivers/gpu/drm/i915/display/intel_hdcp.c | 7 +- drivers/gpu/drm/i915/display/intel_pps.c | 14 +- drivers/gpu/drm/i915/display/intel_psr.c | 6 + drivers/gpu/drm/i915/display/intel_tc.c | 3 + drivers/gpu/drm/i915/display/intel_vrr.c | 3 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 - drivers/gpu/drm/i915/intel_device_info.c | 5 - drivers/gpu/drm/i915/intel_device_info.h | 2 - drivers/gpu/drm/mediatek/mtk_crtc.c | 47 +--- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 9 +- drivers/gpu/drm/mediatek/mtk_dp.c | 85 +++++- drivers/gpu/drm/panthor/panthor_fw.c | 4 +- drivers/gpu/drm/panthor/panthor_gem.c | 11 +- drivers/gpu/drm/panthor/panthor_mmu.c | 16 +- drivers/gpu/drm/panthor/panthor_mmu.h | 1 + drivers/gpu/drm/panthor/panthor_sched.c | 20 +- drivers/gpu/drm/tegra/drm.c | 4 +- drivers/gpu/drm/tests/drm_connector_test.c | 24 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 8 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 42 +++ drivers/gpu/drm/xe/Makefile | 1 + drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 1 - drivers/gpu/drm/xe/display/xe_display_wa.c | 16 ++ drivers/gpu/drm/xe/regs/xe_gt_regs.h | 17 +- drivers/gpu/drm/xe/regs/xe_regs.h | 10 +- drivers/gpu/drm/xe/regs/xe_sriov_regs.h | 23 -- drivers/gpu/drm/xe/xe_device_types.h | 6 - drivers/gpu/drm/xe/xe_ggtt.c | 10 + drivers/gpu/drm/xe/xe_gt.c | 10 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 18 +- drivers/gpu/drm/xe/xe_lmtt.c | 2 +- drivers/gpu/drm/xe/xe_module.c | 39 ++- drivers/gpu/drm/xe/xe_sriov.c | 2 +- drivers/gpu/drm/xe/xe_tuning.c | 21 +- drivers/gpu/drm/xe/xe_wa.c | 4 + drivers/iio/adc/ad7124.c | 2 +- drivers/iio/industrialio-gts-helper.c | 4 +- drivers/iio/light/veml6030.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 + drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 38 +-- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 + drivers/infiniband/hw/cxgb4/provider.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/input/input.c | 134 +++++----- drivers/input/touchscreen/edt-ft5x06.c | 19 +- drivers/misc/mei/client.c | 4 +- drivers/misc/sgi-gru/grukservices.c | 2 - drivers/misc/sgi-gru/grumain.c | 4 - drivers/misc/sgi-gru/grutlbpurge.c | 2 - drivers/mmc/host/sdhci-pci-gli.c | 38 ++- drivers/net/ethernet/amd/mvme147.c | 7 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 293 ++++++++++++++++++++- drivers/net/ethernet/intel/ice/ice_dpll.h | 1 + drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 21 +- drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 1 + drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_wed_wo.h | 4 +- drivers/net/ethernet/mellanox/mlxsw/pci.c | 25 +- .../net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 26 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 8 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +- drivers/net/gtp.c | 22 +- drivers/net/macsec.c | 3 +- drivers/net/mctp/mctp-i2c.c | 3 + drivers/net/netdevsim/fib.c | 4 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 7 +- drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 + drivers/net/wireless/intel/iwlegacy/common.c | 15 +- drivers/net/wireless/intel/iwlegacy/common.h | 12 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 34 ++- drivers/net/wireless/intel/iwlwifi/iwl-drv.h | 3 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 12 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 34 ++- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192du/sw.c | 1 - drivers/net/wireless/realtek/rtw89/pci.c | 48 +++- drivers/nvme/host/core.c | 19 +- drivers/nvme/host/ioctl.c | 7 +- drivers/nvme/target/auth.c | 1 + drivers/pci/pci.c | 14 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 10 +- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 + drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 + drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1 + drivers/powercap/intel_rapl_msr.c | 1 + drivers/scsi/scsi_debug.c | 10 +- drivers/scsi/scsi_transport_fc.c | 4 +- drivers/soc/qcom/pmic_glink.c | 25 +- drivers/spi/spi-fsl-dspi.c | 6 +- drivers/spi/spi-geni-qcom.c | 8 +- drivers/staging/iio/frequency/ad9832.c | 7 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 70 ++--- drivers/thunderbolt/retimer.c | 5 +- drivers/thunderbolt/tb.c | 48 +++- drivers/ufs/core/ufshcd.c | 2 +- drivers/usb/host/xhci-pci.c | 6 +- drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/phy/phy.c | 2 +- drivers/usb/typec/class.c | 1 + drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 10 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- fs/afs/dir.c | 25 ++ fs/afs/dir_edit.c | 91 ++++++- fs/afs/internal.h | 2 + fs/btrfs/bio.c | 62 ++--- fs/btrfs/bio.h | 3 + fs/btrfs/defrag.c | 10 +- fs/btrfs/extent_map.c | 7 +- fs/btrfs/volumes.c | 1 + fs/dax.c | 49 ++-- fs/iomap/buffered-io.c | 7 +- fs/nfs/delegation.c | 5 + fs/nfsd/nfs4proc.c | 10 +- fs/nilfs2/namei.c | 3 + fs/nilfs2/page.c | 1 + fs/ntfs3/file.c | 9 +- fs/ntfs3/frecord.c | 4 +- fs/ntfs3/inode.c | 15 +- fs/ntfs3/lznt.c | 3 + fs/ntfs3/namei.c | 2 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/ntfs3/record.c | 31 ++- fs/ocfs2/file.c | 8 + fs/smb/client/cifs_unicode.c | 17 +- fs/smb/client/reparse.c | 174 +++++++++++- fs/smb/client/reparse.h | 9 +- fs/smb/client/smb2inode.c | 3 +- fs/smb/client/smb2proto.h | 1 + fs/userfaultfd.c | 28 ++ fs/xfs/xfs_filestream.c | 23 +- fs/xfs/xfs_trace.h | 15 +- include/acpi/cppc_acpi.h | 2 +- include/drm/drm_kunit_helpers.h | 4 + include/linux/bpf_mem_alloc.h | 3 + include/linux/compiler-gcc.h | 4 + include/linux/device.h | 3 + include/linux/dpll.h | 15 ++ include/linux/input.h | 10 +- include/linux/iomap.h | 19 ++ include/linux/ksm.h | 10 +- include/linux/mmzone.h | 7 +- include/linux/tick.h | 8 + include/linux/ubsan.h | 5 + include/linux/userfaultfd_k.h | 5 + include/net/ip_tunnels.h | 2 +- include/trace/events/afs.h | 7 +- include/uapi/linux/dpll.h | 3 + io_uring/rw.c | 23 +- kernel/bpf/cgroup.c | 19 +- kernel/bpf/helpers.c | 21 +- kernel/bpf/lpm_trie.c | 2 +- kernel/bpf/memalloc.c | 14 +- kernel/bpf/verifier.c | 9 +- kernel/cgroup/cgroup.c | 4 +- kernel/fork.c | 14 +- kernel/resource.c | 4 +- kernel/sched/fair.c | 4 +- lib/Kconfig.ubsan | 4 +- lib/codetag.c | 3 + lib/iov_iter.c | 6 +- lib/slub_kunit.c | 2 +- mm/kasan/kasan_test.c | 27 -- mm/migrate.c | 2 +- mm/mmap.c | 3 +- mm/page_alloc.c | 10 +- mm/rmap.c | 24 +- mm/shmem.c | 2 + mm/shrinker.c | 8 +- mm/vmscan.c | 109 ++++---- net/bluetooth/hci_sync.c | 18 +- net/bpf/test_run.c | 1 + net/core/dev.c | 4 + net/core/rtnetlink.c | 4 +- net/core/sock_map.c | 4 + net/ipv4/ip_tunnel.c | 2 +- net/ipv6/netfilter/nf_reject_ipv6.c | 15 +- net/mac80211/Kconfig | 2 +- net/mac80211/cfg.c | 3 +- net/mac80211/key.c | 42 +-- net/mptcp/protocol.c | 2 + net/netfilter/nft_payload.c | 3 + net/netfilter/x_tables.c | 2 +- net/sched/cls_api.c | 1 + net/sched/sch_api.c | 2 +- net/sunrpc/xprtrdma/ib_client.c | 1 + net/wireless/core.c | 1 + rust/kernel/device.rs | 15 +- rust/kernel/firmware.rs | 2 +- sound/pci/hda/patch_realtek.c | 23 +- sound/soc/codecs/cs42l51.c | 7 +- sound/soc/soc-dapm.c | 2 + sound/usb/mixer_quirks.c | 3 + tools/mm/page-types.c | 9 +- tools/mm/slabinfo.c | 4 +- tools/perf/util/python.c | 3 + tools/perf/util/syscalltbl.c | 10 + tools/testing/cxl/test/cxl.c | 14 +- tools/testing/selftests/mm/uffd-common.c | 5 +- tools/testing/selftests/mm/uffd-common.h | 3 +- tools/testing/selftests/mm/uffd-unit-tests.c | 21 +- tools/usb/usbip/src/usbip_detach.c | 1 + 275 files changed, 2818 insertions(+), 1069 deletions(-)

10 months, 2 weeks

10
254
0 0

[PATCH] media: uvcvideo: Fix double free in error path

by Laurent Pinchart

If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Fixes: a31a4055473b ("V4L/DVB:usbvideo:don't use part of buffer for USB transfer #4") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> --- drivers/media/usb/uvc/uvc_status.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/usb/uvc/uvc_status.c b/drivers/media/usb/uvc/uvc_status.c index 02c90acf6964..d269d163b579 100644 --- a/drivers/media/usb/uvc/uvc_status.c +++ b/drivers/media/usb/uvc/uvc_status.c @@ -269,6 +269,7 @@ int uvc_status_init(struct uvc_device *dev) dev->int_urb = usb_alloc_urb(0, GFP_KERNEL); if (!dev->int_urb) { kfree(dev->status); + dev->status = NULL; return -ENOMEM; } base-commit: ed61c59139509f76d3592683c90dc3fdc6e23cd6 -- Regards, Laurent Pinchart

10 months, 2 weeks

2
1
0 0

[PATCH] media: uvcvideo:Create input device for all uvc devices with status endpoints.

by chenchangcheng

Some applications need to check if there is an input device on the camera before proceeding to the next step. When there is no input device, the application will report an error. Create input device for all uvc devices with status endpoints. and only when bTriggerSupport and bTriggerUsage are one are allowed to report camera button. Fixes: 3bc22dc66a4f ("media: uvcvideo: Only create input devs if hw supports it") Signed-off-by: chenchangcheng <ccc194101(a)163.com> --- drivers/media/usb/uvc/uvc_status.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_status.c b/drivers/media/usb/uvc/uvc_status.c index a78a88c710e2..177640c6a813 100644 --- a/drivers/media/usb/uvc/uvc_status.c +++ b/drivers/media/usb/uvc/uvc_status.c @@ -44,9 +44,6 @@ static int uvc_input_init(struct uvc_device *dev) struct input_dev *input; int ret; - if (!uvc_input_has_button(dev)) - return 0; - input = input_allocate_device(); if (input == NULL) return -ENOMEM; @@ -110,10 +107,12 @@ static void uvc_event_streaming(struct uvc_device *dev, if (len <= offsetof(struct uvc_status, streaming)) return; - uvc_dbg(dev, STATUS, "Button (intf %u) %s len %d\n", - status->bOriginator, - status->streaming.button ? "pressed" : "released", len); - uvc_input_report_key(dev, KEY_CAMERA, status->streaming.button); + if (uvc_input_has_button(dev)) { + uvc_dbg(dev, STATUS, "Button (intf %u) %s len %d\n", + status->bOriginator, + status->streaming.button ? "pressed" : "released", len); + uvc_input_report_key(dev, KEY_CAMERA, status->streaming.button); + } } else { uvc_dbg(dev, STATUS, "Stream %u error event %02x len %d\n", status->bOriginator, status->bEvent, len); base-commit: ff7afaeca1a15fbeaa2c4795ee806c0667bd77b2 -- 2.25.1

10 months, 2 weeks

3
2
0 0

[PATCH 4/4] f2fs: fix to requery extent which cross boundary of inquiry

by Chao Yu

dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/data.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) || -- 2.40.1

10 months, 2 weeks

1
0
0 0

[PATCH v5 02/10] KVM: SVM: Fix snp_context_create error reporting

by Dionna Glaze

Failure to allocate should not return -ENOTTY. Command failure has multiple possible error modes. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 357906375ec59..d0e0152aefb32 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2171,7 +2171,7 @@ static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) /* Allocate memory for context page */ context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); if (!context) - return NULL; + return ERR_PTR(-ENOMEM); data.address = __psp_pa(context); rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); @@ -2179,7 +2179,7 @@ static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", rc, argp->error); snp_free_firmware_page(context); - return NULL; + return ERR_PTR(rc); } return context; @@ -2227,8 +2227,8 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) return -EINVAL; sev->snp_context = snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; + if (IS_ERR(sev->snp_context)) + return PTR_ERR(sev->snp_context); start.gctx_paddr = __psp_pa(sev->snp_context); start.policy = params.policy; -- 2.47.0.277.g8800431eea-goog

10 months, 2 weeks

1
0
0 0

[PATCH v5 01/10] KVM: SVM: Fix gctx page leak on invalid inputs

by Dionna Glaze

Ensure that snp gctx page allocation is adequately deallocated on failure during snp_launch_start. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> Acked-by: Sean Christopherson <seanjc(a)google.com> --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c6c8524859001..357906375ec59 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2212,10 +2212,6 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) if (sev->snp_context) return -EINVAL; - sev->snp_context = snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; - if (params.flags) return -EINVAL; @@ -2230,6 +2226,10 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; + sev->snp_context = snp_context_create(kvm, argp); + if (!sev->snp_context) + return -ENOTTY; + start.gctx_paddr = __psp_pa(sev->snp_context); start.policy = params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); -- 2.47.0.277.g8800431eea-goog

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() has been removed from the -mm tree. Its filename was ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrew Kanner <andrew.kanner(a)gmail.com> Subject: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Date: Sun, 3 Nov 2024 20:38:45 +0100 Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Call Trace: [ 57.331477] <TASK> [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10 [ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0 [ 57.335164] ocfs2_xa_set+0x704/0xcf0 [ 57.335381] ? _raw_spin_unlock+0x1a/0x40 [ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20 [ 57.335915] ? trace_preempt_on+0x1e/0x70 [ 57.336153] ? start_this_handle+0x16c/0x500 [ 57.336410] ? preempt_count_sub+0x50/0x80 [ 57.336656] ? _raw_read_unlock+0x20/0x40 [ 57.336906] ? start_this_handle+0x16c/0x500 [ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0 [ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0 [ 57.337706] ? ocfs2_start_trans+0x13d/0x290 [ 57.337971] ocfs2_xattr_set+0xb13/0xfb0 [ 57.338207] ? dput+0x46/0x1c0 [ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338948] __vfs_removexattr+0x92/0xc0 [ 57.339182] __vfs_removexattr_locked+0xd5/0x190 [ 57.339456] ? preempt_count_sub+0x50/0x80 [ 57.339705] vfs_removexattr+0x5f/0x100 [...] Reproducer uses faultinject facility to fail ocfs2_xa_remove() -> ocfs2_xa_value_truncate() with -ENOMEM. In this case the comment mentions that we can return 0 if ocfs2_xa_cleanup_value_truncate() is going to wipe the entry anyway. But the following 'rc' check is wrong and execution flow do 'ocfs2_xa_remove_entry(loc);' twice: * 1st: in ocfs2_xa_cleanup_value_truncate(); * 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'. Fix this by skipping the 2nd removal of the same entry and making syzkaller repro happy. Link: https://lkml.kernel.org/r/20241103193845.2940988-1-andrew.kanner@gmail.com Fixes: 399ff3a748cf ("ocfs2: Handle errors while setting external xattr values.") Signed-off-by: Andrew Kanner <andrew.kanner(a)gmail.com> Reported-by: syzbot+386ce9e60fa1b18aac5b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/671e13ab.050a0220.2b8c0f.01d0.GAE@google.com/T/ Tested-by: syzbot+386ce9e60fa1b18aac5b(a)syzkaller.appspotmail.com Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/xattr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/ocfs2/xattr.c~ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove +++ a/fs/ocfs2/xattr.c @@ -2036,8 +2036,7 @@ static int ocfs2_xa_remove(struct ocfs2_ rc = 0; ocfs2_xa_cleanup_value_truncate(loc, "removing", orig_clusters); - if (rc) - goto out; + goto out; } } _ Patches currently in -mm which might be from andrew.kanner(a)gmail.com are

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] signal-restore-the-override_rlimit-logic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: signal: restore the override_rlimit logic has been removed from the -mm tree. Its filename was signal-restore-the-override_rlimit-logic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Roman Gushchin <roman.gushchin(a)linux.dev> Subject: signal: restore the override_rlimit logic Date: Mon, 4 Nov 2024 19:54:19 +0000 Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now it's enforced unconditionally, even if override_rlimit is set. This behavior change caused production issues. For example, if the limit is reached and a process receives a SIGSEGV signal, sigqueue_alloc fails to allocate the necessary resources for the signal delivery, preventing the signal from being delivered with siginfo. This prevents the process from correctly identifying the fault address and handling the error. From the user-space perspective, applications are unaware that the limit has been reached and that the siginfo is effectively 'corrupted'. This can lead to unpredictable behavior and crashes, as we observed with java applications. Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip the comparison to max there if override_rlimit is set. This effectively restores the old behavior. Link: https://lkml.kernel.org/r/20241104195419.3962584-1-roman.gushchin@linux.dev Fixes: d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") Signed-off-by: Roman Gushchin <roman.gushchin(a)linux.dev> Co-developed-by: Andrei Vagin <avagin(a)google.com> Signed-off-by: Andrei Vagin <avagin(a)google.com> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Acked-by: Alexey Gladkov <legion(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/user_namespace.h | 3 ++- kernel/signal.c | 3 ++- kernel/ucount.c | 6 ++++-- 3 files changed, 8 insertions(+), 4 deletions(-) --- a/include/linux/user_namespace.h~signal-restore-the-override_rlimit-logic +++ a/include/linux/user_namespace.h @@ -141,7 +141,8 @@ static inline long get_rlimit_value(stru long inc_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, long v); bool dec_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, long v); -long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type); +long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, + bool override_rlimit); void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type); bool is_rlimit_overlimit(struct ucounts *ucounts, enum rlimit_type type, unsigned long max); --- a/kernel/signal.c~signal-restore-the-override_rlimit-logic +++ a/kernel/signal.c @@ -419,7 +419,8 @@ __sigqueue_alloc(int sig, struct task_st */ rcu_read_lock(); ucounts = task_ucounts(t); - sigpending = inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING); + sigpending = inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING, + override_rlimit); rcu_read_unlock(); if (!sigpending) return NULL; --- a/kernel/ucount.c~signal-restore-the-override_rlimit-logic +++ a/kernel/ucount.c @@ -307,7 +307,8 @@ void dec_rlimit_put_ucounts(struct ucoun do_dec_rlimit_put_ucounts(ucounts, NULL, type); } -long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type) +long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, + bool override_rlimit) { /* Caller must hold a reference to ucounts */ struct ucounts *iter; @@ -320,7 +321,8 @@ long inc_rlimit_get_ucounts(struct ucoun goto dec_unwind; if (iter == ucounts) ret = new; - max = get_userns_rlimit_max(iter->ns, type); + if (!override_rlimit) + max = get_userns_rlimit_max(iter->ns, type); /* * Grab an extra ucount reference for the caller when * the rlimit count was previously 0. _ Patches currently in -mm which might be from roman.gushchin(a)linux.dev are mm-page_alloc-move-mlocked-flag-clearance-into-free_pages_prepare.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] ucounts-fix-counter-leak-in-inc_rlimit_get_ucounts.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ucounts: fix counter leak in inc_rlimit_get_ucounts() has been removed from the -mm tree. Its filename was ucounts-fix-counter-leak-in-inc_rlimit_get_ucounts.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrei Vagin <avagin(a)google.com> Subject: ucounts: fix counter leak in inc_rlimit_get_ucounts() Date: Fri, 1 Nov 2024 19:19:40 +0000 The inc_rlimit_get_ucounts() increments the specified rlimit counter and then checks its limit. If the value exceeds the limit, the function returns an error without decrementing the counter. Link: https://lkml.kernel.org/r/20241101191940.3211128-1-roman.gushchin@linux.dev Fixes: 15bc01effefe ("ucounts: Fix signal ucount refcounting") Signed-off-by: Andrei Vagin <avagin(a)google.com> Co-developed-by: Roman Gushchin <roman.gushchin(a)linux.dev> Signed-off-by: Roman Gushchin <roman.gushchin(a)linux.dev> Tested-by: Roman Gushchin <roman.gushchin(a)linux.dev> Acked-by: Alexey Gladkov <legion(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: Andrei Vagin <avagin(a)google.com> Cc: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: Alexey Gladkov <legion(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/ucount.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/kernel/ucount.c~ucounts-fix-counter-leak-in-inc_rlimit_get_ucounts +++ a/kernel/ucount.c @@ -317,7 +317,7 @@ long inc_rlimit_get_ucounts(struct ucoun for (iter = ucounts; iter; iter = iter->ns->ucounts) { long new = atomic_long_add_return(1, &iter->rlimit[type]); if (new < 0 || new > max) - goto unwind; + goto dec_unwind; if (iter == ucounts) ret = new; max = get_userns_rlimit_max(iter->ns, type); @@ -334,7 +334,6 @@ long inc_rlimit_get_ucounts(struct ucoun dec_unwind: dec = atomic_long_sub_return(1, &iter->rlimit[type]); WARN_ON_ONCE(dec < 0); -unwind: do_dec_rlimit_put_ucounts(ucounts, iter, type); return 0; } _ Patches currently in -mm which might be from avagin(a)google.com are

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-hugetlb_dio-check-for-initial-conditions-to-skip-in-the-start.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests: hugetlb_dio: check for initial conditions to skip in the start has been removed from the -mm tree. Its filename was selftests-hugetlb_dio-check-for-initial-conditions-to-skip-in-the-start.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Subject: selftests: hugetlb_dio: check for initial conditions to skip in the start Date: Fri, 1 Nov 2024 19:15:57 +0500 The test should be skipped if initial conditions aren't fulfilled in the start instead of failing and outputting non-compliant TAP logs. This kind of failure pollutes the results. The initial conditions are: - The test should only execute if /tmp file can be allocated. - The test should only execute if huge pages are free. Before: TAP version 13 1..4 Bail out! Error opening file : Read-only file system (30) # Planned tests != run tests (4 != 0) # Totals: pass:0 fail:0 xfail:0 xpass:0 skip:0 error:0 After: TAP version 13 1..0 # SKIP Unable to allocate file: Read-only file system Link: https://lkml.kernel.org/r/20241101141557.3159432-1-usama.anjum@collabora.com Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Fixes: 3a103b5315b7 ("selftest: mm: Test if hugepage does not get leaked during __bio_release_pages()") Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Donet Tom <donettom(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugetlb_dio.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) --- a/tools/testing/selftests/mm/hugetlb_dio.c~selftests-hugetlb_dio-check-for-initial-conditions-to-skip-in-the-start +++ a/tools/testing/selftests/mm/hugetlb_dio.c @@ -44,13 +44,6 @@ void run_dio_using_hugetlb(unsigned int if (fd < 0) ksft_exit_fail_perror("Error opening file\n"); - /* Get the free huge pages before allocation */ - free_hpage_b = get_free_hugepages(); - if (free_hpage_b == 0) { - close(fd); - ksft_exit_skip("No free hugepage, exiting!\n"); - } - /* Allocate a hugetlb page */ orig_buffer = mmap(NULL, h_pagesize, mmap_prot, mmap_flags, -1, 0); if (orig_buffer == MAP_FAILED) { @@ -94,8 +87,20 @@ void run_dio_using_hugetlb(unsigned int int main(void) { size_t pagesize = 0; + int fd; ksft_print_header(); + + /* Open the file to DIO */ + fd = open("/tmp", O_TMPFILE | O_RDWR | O_DIRECT, 0664); + if (fd < 0) + ksft_exit_skip("Unable to allocate file: %s\n", strerror(errno)); + close(fd); + + /* Check if huge pages are free */ + if (!get_free_hugepages()) + ksft_exit_skip("No free hugepage, exiting\n"); + ksft_set_plan(4); /* Get base page size */ _ Patches currently in -mm which might be from usama.anjum(a)collabora.com are

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-avoid-overflow-in-damon_feed_loop_next_input.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: avoid overflow in damon_feed_loop_next_input() has been removed from the -mm tree. Its filename was mm-damon-core-avoid-overflow-in-damon_feed_loop_next_input.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: avoid overflow in damon_feed_loop_next_input() Date: Thu, 31 Oct 2024 09:12:03 -0700 damon_feed_loop_next_input() is inefficient and fragile to overflows. Specifically, 'score_goal_diff_bp' calculation can overflow when 'score' is high. The calculation is actually unnecessary at all because 'goal' is a constant of value 10,000. Calculation of 'compensation' is again fragile to overflow. Final calculation of return value for under-achiving case is again fragile to overflow when the current score is under-achieving the target. Add two corner cases handling at the beginning of the function to make the body easier to read, and rewrite the body of the function to avoid overflows and the unnecessary bp value calcuation. Link: https://lkml.kernel.org/r/20241031161203.47751-1-sj@kernel.org Fixes: 9294a037c015 ("mm/damon/core: implement goal-oriented feedback-driven quota auto-tuning") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Closes: https://lore.kernel.org/944f3d5b-9177-48e7-8ec9-7f1331a3fea3@roeck-us.net Tested-by: Guenter Roeck <linux(a)roeck-us.net> Cc: <stable(a)vger.kernel.org> [6.8.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) --- a/mm/damon/core.c~mm-damon-core-avoid-overflow-in-damon_feed_loop_next_input +++ a/mm/damon/core.c @@ -1456,17 +1456,31 @@ static unsigned long damon_feed_loop_nex unsigned long score) { const unsigned long goal = 10000; - unsigned long score_goal_diff = max(goal, score) - min(goal, score); - unsigned long score_goal_diff_bp = score_goal_diff * 10000 / goal; - unsigned long compensation = last_input * score_goal_diff_bp / 10000; /* Set minimum input as 10000 to avoid compensation be zero */ const unsigned long min_input = 10000; + unsigned long score_goal_diff, compensation; + bool over_achieving = score > goal; - if (goal > score) + if (score == goal) + return last_input; + if (score >= goal * 2) + return min_input; + + if (over_achieving) + score_goal_diff = score - goal; + else + score_goal_diff = goal - score; + + if (last_input < ULONG_MAX / score_goal_diff) + compensation = last_input * score_goal_diff / goal; + else + compensation = last_input / goal * score_goal_diff; + + if (over_achieving) + return max(last_input - compensation, min_input); + if (last_input < ULONG_MAX - compensation) return last_input + compensation; - if (last_input > compensation + min_input) - return last_input - compensation; - return min_input; + return ULONG_MAX; } #ifdef CONFIG_PSI _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-huge_count_read_write-remove-unnecessary-debugging-message.patch selftests-damon-_debugfs_common-hide-expected-error-message-from-test_write_result.patch selftests-damon-debugfs_duplicate_context_creation-hide-errors-from-expected-file-write-failures.patch mm-damon-kconfig-update-dbgfs_kunit-prompt-copy-for-sysfs_kunit.patch mm-damon-tests-dbgfs-kunit-fix-the-header-double-inclusion-guarding-ifdef-comment.patch docs-mm-damon-recommend-academic-papers-to-read-and-or-cite.patch maintainers-memory-management-add-document-files-for-mm.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-handle-zero-schemes-apply-interval.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: handle zero schemes apply interval has been removed from the -mm tree. Its filename was mm-damon-core-handle-zero-schemes-apply-interval.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: handle zero schemes apply interval Date: Thu, 31 Oct 2024 11:37:57 -0700 DAMON's logics to determine if this is the time to apply damos schemes assumes next_apply_sis is always set larger than current passed_sample_intervals. And therefore assume continuously incrementing passed_sample_intervals will make it reaches to the next_apply_sis in future. The logic hence does apply the scheme and update next_apply_sis only if passed_sample_intervals is same to next_apply_sis. If Schemes apply interval is set as zero, however, next_apply_sis is set same to current passed_sample_intervals, respectively. And passed_sample_intervals is incremented before doing the next_apply_sis check. Hence, next_apply_sis becomes larger than next_apply_sis, and the logic says it is not the time to apply schemes and update next_apply_sis. In other words, DAMON stops applying schemes until passed_sample_intervals overflows. Based on the documents and the common sense, a reasonable behavior for such inputs would be applying the schemes for every sampling interval. Handle the case by removing the assumption. Link: https://lkml.kernel.org/r/20241031183757.49610-3-sj@kernel.org Fixes: 42f994b71404 ("mm/damon/core: implement scheme-specific apply interval") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.7.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-handle-zero-schemes-apply-interval +++ a/mm/damon/core.c @@ -1412,7 +1412,7 @@ static void damon_do_apply_schemes(struc damon_for_each_scheme(s, c) { struct damos_quota *quota = &s->quota; - if (c->passed_sample_intervals != s->next_apply_sis) + if (c->passed_sample_intervals < s->next_apply_sis) continue; if (!s->wmarks.activated) @@ -1622,7 +1622,7 @@ static void kdamond_apply_schemes(struct bool has_schemes_to_apply = false; damon_for_each_scheme(s, c) { - if (c->passed_sample_intervals != s->next_apply_sis) + if (c->passed_sample_intervals < s->next_apply_sis) continue; if (!s->wmarks.activated) @@ -1642,9 +1642,9 @@ static void kdamond_apply_schemes(struct } damon_for_each_scheme(s, c) { - if (c->passed_sample_intervals != s->next_apply_sis) + if (c->passed_sample_intervals < s->next_apply_sis) continue; - s->next_apply_sis += + s->next_apply_sis = c->passed_sample_intervals + (s->apply_interval_us ? s->apply_interval_us : c->attrs.aggr_interval) / sample_interval; } _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-huge_count_read_write-remove-unnecessary-debugging-message.patch selftests-damon-_debugfs_common-hide-expected-error-message-from-test_write_result.patch selftests-damon-debugfs_duplicate_context_creation-hide-errors-from-expected-file-write-failures.patch mm-damon-kconfig-update-dbgfs_kunit-prompt-copy-for-sysfs_kunit.patch mm-damon-tests-dbgfs-kunit-fix-the-header-double-inclusion-guarding-ifdef-comment.patch docs-mm-damon-recommend-academic-papers-to-read-and-or-cite.patch maintainers-memory-management-add-document-files-for-mm.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-handle-zero-aggregationops_update-intervals.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: handle zero {aggregation,ops_update} intervals has been removed from the -mm tree. Its filename was mm-damon-core-handle-zero-aggregationops_update-intervals.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: handle zero {aggregation,ops_update} intervals Date: Thu, 31 Oct 2024 11:37:56 -0700 Patch series "mm/damon/core: fix handling of zero non-sampling intervals". DAMON's internal intervals accounting logic is not correctly handling non-sampling intervals of zero values for a wrong assumption. This could cause unexpected monitoring behavior, and even result in infinite hang of DAMON sysfs interface user threads in case of zero aggregation interval. Fix those by updating the intervals accounting logic. For details of the root case and solutions, please refer to commit messages of fixes. This patch (of 2): DAMON's logics to determine if this is the time to do aggregation and ops update assumes next_{aggregation,ops_update}_sis are always set larger than current passed_sample_intervals. And therefore it further assumes continuously incrementing passed_sample_intervals every sampling interval will make it reaches to the next_{aggregation,ops_update}_sis in future. The logic therefore make the action and update next_{aggregation,ops_updaste}_sis only if passed_sample_intervals is same to the counts, respectively. If Aggregation interval or Ops update interval are zero, however, next_aggregation_sis or next_ops_update_sis are set same to current passed_sample_intervals, respectively. And passed_sample_intervals is incremented before doing the next_{aggregation,ops_update}_sis check. Hence, passed_sample_intervals becomes larger than next_{aggregation,ops_update}_sis, and the logic says it is not the time to do the action and update next_{aggregation,ops_update}_sis forever, until an overflow happens. In other words, DAMON stops doing aggregations or ops updates effectively forever, and users cannot get monitoring results. Based on the documents and the common sense, a reasonable behavior for such inputs is doing an aggregation and an ops update for every sampling interval. Handle the case by removing the assumption. Note that this could incur particular real issue for DAMON sysfs interface users, in case of zero Aggregation interval. When user starts DAMON with zero Aggregation interval and asks online DAMON parameter tuning via DAMON sysfs interface, the request is handled by the aggregation callback. Until the callback finishes the work, the user who requested the online tuning just waits. Hence, the user will be stuck until the passed_sample_intervals overflows. Link: https://lkml.kernel.org/r/20241031183757.49610-1-sj@kernel.org Link: https://lkml.kernel.org/r/20241031183757.49610-2-sj@kernel.org Fixes: 4472edf63d66 ("mm/damon/core: use number of passed access sampling as a timer") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.7.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/damon/core.c~mm-damon-core-handle-zero-aggregationops_update-intervals +++ a/mm/damon/core.c @@ -2000,7 +2000,7 @@ static int kdamond_fn(void *data) if (ctx->ops.check_accesses) max_nr_accesses = ctx->ops.check_accesses(ctx); - if (ctx->passed_sample_intervals == next_aggregation_sis) { + if (ctx->passed_sample_intervals >= next_aggregation_sis) { kdamond_merge_regions(ctx, max_nr_accesses / 10, sz_limit); @@ -2018,7 +2018,7 @@ static int kdamond_fn(void *data) sample_interval = ctx->attrs.sample_interval ? ctx->attrs.sample_interval : 1; - if (ctx->passed_sample_intervals == next_aggregation_sis) { + if (ctx->passed_sample_intervals >= next_aggregation_sis) { ctx->next_aggregation_sis = next_aggregation_sis + ctx->attrs.aggr_interval / sample_interval; @@ -2028,7 +2028,7 @@ static int kdamond_fn(void *data) ctx->ops.reset_aggregated(ctx); } - if (ctx->passed_sample_intervals == next_ops_update_sis) { + if (ctx->passed_sample_intervals >= next_ops_update_sis) { ctx->next_ops_update_sis = next_ops_update_sis + ctx->attrs.ops_update_interval / sample_interval; _ Patches currently in -mm which might be from sj(a)kernel.org are selftests-damon-huge_count_read_write-remove-unnecessary-debugging-message.patch selftests-damon-_debugfs_common-hide-expected-error-message-from-test_write_result.patch selftests-damon-debugfs_duplicate_context_creation-hide-errors-from-expected-file-write-failures.patch mm-damon-kconfig-update-dbgfs_kunit-prompt-copy-for-sysfs_kunit.patch mm-damon-tests-dbgfs-kunit-fix-the-header-double-inclusion-guarding-ifdef-comment.patch docs-mm-damon-recommend-academic-papers-to-read-and-or-cite.patch maintainers-memory-management-add-document-files-for-mm.patch

10 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-mlock-set-the-correct-prev-on-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mlock: set the correct prev on failure has been removed from the -mm tree. Its filename was mm-mlock-set-the-correct-prev-on-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: mm/mlock: set the correct prev on failure Date: Sun, 27 Oct 2024 12:33:21 +0000 After commit 94d7d9233951 ("mm: abstract the vma_merge()/split_vma() pattern for mprotect() et al."), if vma_modify_flags() return error, the vma is set to an error code. This will lead to an invalid prev be returned. Generally this shouldn't matter as the caller should treat an error as indicating state is now invalidated, however unfortunately apply_mlockall_flags() does not check for errors and assumes that mlock_fixup() correctly maintains prev even if an error were to occur. This patch fixes that assumption. [lorenzo.stoakes(a)oracle.com: provide a better fix and rephrase the log] Link: https://lkml.kernel.org/r/20241027123321.19511-1-richard.weiyang@gmail.com Fixes: 94d7d9233951 ("mm: abstract the vma_merge()/split_vma() pattern for mprotect() et al.") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mlock.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/mm/mlock.c~mm-mlock-set-the-correct-prev-on-failure +++ a/mm/mlock.c @@ -725,14 +725,17 @@ static int apply_mlockall_flags(int flag } for_each_vma(vmi, vma) { + int error; vm_flags_t newflags; newflags = vma->vm_flags & ~VM_LOCKED_MASK; newflags |= to_add; - /* Ignore errors */ - mlock_fixup(&vmi, vma, &prev, vma->vm_start, vma->vm_end, - newflags); + error = mlock_fixup(&vmi, vma, &prev, vma->vm_start, vma->vm_end, + newflags); + /* Ignore errors, but prev needs fixing up. */ + if (error) + prev = vma; cond_resched(); } out: _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are maple_tree-print-empty-for-an-empty-tree-on-mt_dump.patch maple_tree-the-return-value-of-mas_root_expand-is-not-used.patch maple_tree-not-necessary-to-check-index-last-again.patch maple_tree-refine-mas_store_root-on-storing-null.patch maple_tree-add-a-test-checking-storing-null.patch

10 months, 2 weeks

1
0
0 0

[PATCH v6] media: uvcvideo: Fix crash during unbind if gpio unit is in use

by Ricardo Ribalda

We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb interface, the cleanup functions are never called. In our case, the IRQ is never disabled. If an IRQ is triggered, it will try to access memory sections that are already free, causing an OOPS. We cannot use the function devm_request_threaded_irq here. The devm_* clean functions may be called after the main structure is released by uvc_delete. Luckily this bug has small impact, as it is only affected by devices with gpio units and the user has to unbind the device, a disconnect will not trigger this error. Cc: stable(a)vger.kernel.org Fixes: 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT") Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v6: - Rename cleanup as deinit - Move cleanup to the beginning of the uvc_unregister_video. - Fix commit message. - Link to v5: https://lore.kernel.org/r/20241105-uvc-crashrmmod-v5-1-8623fa51a74f@chromiu… Changes in v5: - Revert non refcount, that belongs to a different set - Move cleanup to a different function - Link to v4: https://lore.kernel.org/r/20241105-uvc-crashrmmod-v4-0-410e548f097a@chromiu… Changes in v4: Thanks Laurent. - Remove refcounted cleaup to support devres. - Link to v3: https://lore.kernel.org/r/20241105-uvc-crashrmmod-v3-1-c0959c8906d3@chromiu… Changes in v3: Thanks Sakari. - Rename variable to initialized. - Other CodeStyle. - Link to v2: https://lore.kernel.org/r/20241105-uvc-crashrmmod-v2-1-547ce6a6962e@chromiu… Changes in v2: Thanks to Laurent. - The main structure is not allocated with devres so there is a small period of time where we can get an irq with the structure free. Do not use devres for the IRQ. - Link to v1: https://lore.kernel.org/r/20241031-uvc-crashrmmod-v1-1-059fe593b1e6@chromiu… --- drivers/media/usb/uvc/uvc_driver.c | 28 +++++++++++++++++++++------- drivers/media/usb/uvc/uvcvideo.h | 1 + 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index a96f6ca0889f..cd13bf01265d 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -1295,14 +1295,14 @@ static int uvc_gpio_parse(struct uvc_device *dev) struct gpio_desc *gpio_privacy; int irq; - gpio_privacy = devm_gpiod_get_optional(&dev->udev->dev, "privacy", + gpio_privacy = devm_gpiod_get_optional(&dev->intf->dev, "privacy", GPIOD_IN); if (IS_ERR_OR_NULL(gpio_privacy)) return PTR_ERR_OR_ZERO(gpio_privacy); irq = gpiod_to_irq(gpio_privacy); if (irq < 0) - return dev_err_probe(&dev->udev->dev, irq, + return dev_err_probe(&dev->intf->dev, irq, "No IRQ for privacy GPIO\n"); unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT, @@ -1329,15 +1329,27 @@ static int uvc_gpio_parse(struct uvc_device *dev) static int uvc_gpio_init_irq(struct uvc_device *dev) { struct uvc_entity *unit = dev->gpio_unit; + int ret; if (!unit || unit->gpio.irq < 0) return 0; - return devm_request_threaded_irq(&dev->udev->dev, unit->gpio.irq, NULL, - uvc_gpio_irq, - IRQF_ONESHOT | IRQF_TRIGGER_FALLING | - IRQF_TRIGGER_RISING, - "uvc_privacy_gpio", dev); + ret = request_threaded_irq(unit->gpio.irq, NULL, uvc_gpio_irq, + IRQF_ONESHOT | IRQF_TRIGGER_FALLING | + IRQF_TRIGGER_RISING, + "uvc_privacy_gpio", dev); + + unit->gpio.initialized = !ret; + + return ret; +} + +static void uvc_gpio_deinit(struct uvc_device *dev) +{ + if (!dev->gpio_unit || !dev->gpio_unit->gpio.initialized) + return; + + free_irq(dev->gpio_unit->gpio.irq, dev); } /* ------------------------------------------------------------------------ @@ -1934,6 +1946,8 @@ static void uvc_unregister_video(struct uvc_device *dev) { struct uvc_streaming *stream; + uvc_gpio_deinit(dev); + list_for_each_entry(stream, &dev->streams, list) { /* Nothing to do here, continue. */ if (!video_is_registered(&stream->vdev)) diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 07f9921d83f2..965a789ed03e 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -234,6 +234,7 @@ struct uvc_entity { u8 *bmControls; struct gpio_desc *gpio_privacy; int irq; + bool initialized; } gpio; }; --- base-commit: c7ccf3683ac9746b263b0502255f5ce47f64fe0a change-id: 20241031-uvc-crashrmmod-666de3fc9141 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

10 months, 2 weeks

2
1
0 0

[to-be-updated] mm-fix-__wp_page_copy_user-fallback-path-for-remote-mm.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix __wp_page_copy_user fallback path for remote mm has been removed from the -mm tree. Its filename was mm-fix-__wp_page_copy_user-fallback-path-for-remote-mm.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Asahi Lina <lina(a)asahilina.net> Subject: mm: fix __wp_page_copy_user fallback path for remote mm Date: Fri, 01 Nov 2024 21:08:02 +0900 If the source page is a PFN mapping, we copy back from userspace. However, if this fault is a remote access, we cannot use __copy_from_user_inatomic. Instead, use access_remote_vm() in this case. Fixes WARN and incorrect zero-filling when writing to CoW mappings in a remote process, such as when using gdb on a binary present on a DAX filesystem. [ 143.683782] ------------[ cut here ]------------ [ 143.683784] WARNING: CPU: 1 PID: 350 at mm/memory.c:2904 __wp_page_copy_user+0x120/0x2bc [ 143.683793] CPU: 1 PID: 350 Comm: gdb Not tainted 6.6.52 #1 [ 143.683794] Hardware name: linux,dummy-virt (DT) [ 143.683795] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 143.683796] pc : __wp_page_copy_user+0x120/0x2bc [ 143.683798] lr : __wp_page_copy_user+0x254/0x2bc [ 143.683799] sp : ffff80008272b8b0 [ 143.683799] x29: ffff80008272b8b0 x28: 0000000000000000 x27: ffff000083bad580 [ 143.683801] x26: 0000000000000000 x25: 0000fffff7fd5000 x24: ffff000081db04c0 [ 143.683802] x23: ffff00014f24b000 x22: fffffc00053c92c0 x21: ffff000083502150 [ 143.683803] x20: 0000fffff7fd5000 x19: ffff80008272b9d0 x18: 0000000000000000 [ 143.683804] x17: ffff000081db0500 x16: ffff800080fe52a0 x15: 0000fffff7fd5000 [ 143.683804] x14: 0000000000bb1845 x13: 0000000000000080 x12: ffff80008272b880 [ 143.683805] x11: ffff000081d13600 x10: ffff000081d13608 x9 : ffff000081d1360c [ 143.683806] x8 : ffff000083a16f00 x7 : 0000000000000010 x6 : ffff00014f24b000 [ 143.683807] x5 : ffff00014f24c000 x4 : 0000000000000000 x3 : ffff000083582000 [ 143.683807] x2 : 0000000000000f80 x1 : 0000fffff7fd5000 x0 : 0000000000001000 [ 143.683808] Call trace: [ 143.683809] __wp_page_copy_user+0x120/0x2bc [ 143.683810] wp_page_copy+0x98/0x5c0 [ 143.683813] do_wp_page+0x250/0x530 [ 143.683814] __handle_mm_fault+0x278/0x284 [ 143.683817] handle_mm_fault+0x64/0x1e8 [ 143.683819] faultin_page+0x5c/0x110 [ 143.683820] __get_user_pages+0xc8/0x2f4 [ 143.683821] get_user_pages_remote+0xac/0x30c [ 143.683823] __access_remote_vm+0xb4/0x368 [ 143.683824] access_remote_vm+0x10/0x1c [ 143.683826] mem_rw.isra.0+0xc4/0x218 [ 143.683831] mem_write+0x18/0x24 [ 143.683831] vfs_write+0xa0/0x37c [ 143.683834] ksys_pwrite64+0x7c/0xc0 [ 143.683834] __arm64_sys_pwrite64+0x20/0x2c [ 143.683835] invoke_syscall+0x48/0x10c [ 143.683837] el0_svc_common.constprop.0+0x40/0xe0 [ 143.683839] do_el0_svc+0x1c/0x28 [ 143.683841] el0_svc+0x3c/0xdc [ 143.683846] el0t_64_sync_handler+0x120/0x12c [ 143.683848] el0t_64_sync+0x194/0x198 [ 143.683849] ---[ end trace 0000000000000000 ]--- [akpm(a)linux-foundation.org: coding style tweaks] Link: https://lkml.kernel.org/r/20241101-mm-remote-pfn-v1-1-080b609270b7@asahilin… Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Signed-off-by: Asahi Lina <lina(a)asahilina.net> Cc: Jia He <justin.he(a)arm.com> Cc: Yibo Cai <Yibo.Cai(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Asahi Lina <lina(a)asahilina.net> Cc: Sergio Lopez Pascual <slp(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) --- a/mm/memory.c~mm-fix-__wp_page_copy_user-fallback-path-for-remote-mm +++ a/mm/memory.c @@ -3082,12 +3082,19 @@ static inline int __wp_page_copy_user(st } /* - * This really shouldn't fail, because the page is there - * in the page tables. But it might just be unreadable, - * in which case we just give up and fill the result with - * zeroes. + * If the mm is a remote mm, copy in the page using access_remote_vm() */ - if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) { + if (current->mm != mm) { + if (access_remote_vm(mm, (unsigned long)uaddr, kaddr, + PAGE_SIZE, 0) != PAGE_SIZE) + goto warn; + } else if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) { + /* + * This really shouldn't fail, because the page is there + * in the page tables. But it might just be unreadable, + * in which case we just give up and fill the result with + * zeroes. + */ if (vmf->pte) goto warn; _ Patches currently in -mm which might be from lina(a)asahilina.net are

10 months, 2 weeks

1
0
0 0

[PATCH net v2] net: phy: dp83869: fix status reporting for 1000base-x autonegotiation

by Romain Gantois

The DP83869 PHY transceiver supports converting from RGMII to 1000base-x. In this operation mode, autonegotiation can be performed, as described in IEEE802.3. The DP83869 has a set of fiber-specific registers located at offset 0xc00. When the transceiver is configured in RGMII-to-1000base-x mode, these registers are mapped onto offset 0, which should, in theory, make reading the autonegotiation status transparent. However, the fiber registers at offset 0xc04 and 0xc05 do not follow the bit layout of their standard counterparts. Thus, genphy_read_status() doesn't properly read the capabilities advertised by the link partner, resulting in incorrect link parameters. Similarly, genphy_config_aneg() doesn't properly write advertised capabilities. Fix the 1000base-x autonegotiation procedure by replacing genphy_read_status() and genphy_config_aneg() with driver-specific functions which take into account the nonstandard bit layout of the DP83869 registers in 1000base-x mode. Fixes: a29de52ba2a1 ("net: dp83869: Add ability to advertise Fiber connection") Cc: stable(a)vger.kernel.org Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> --- Changes in v2: - Fixed an uninitialized use. - Link to v1: https://lore.kernel.org/r/20241029-dp83869-1000base-x-v1-1-fcafe360bd98@boo… --- drivers/net/phy/dp83869.c | 130 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 127 insertions(+), 3 deletions(-) diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index 5f056d7db83eed23f1cab42365fdc566a0d8e47f..ca1c247d478ced890a3c7ae97b855f20056eb916 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -41,6 +41,8 @@ #define DP83869_IO_MUX_CFG 0x0170 #define DP83869_OP_MODE 0x01df #define DP83869_FX_CTRL 0x0c00 +#define DP83869_FX_ANADV 0x0c04 +#define DP83869_FX_LPABL 0x0c05 #define DP83869_SW_RESET BIT(15) #define DP83869_SW_RESTART BIT(14) @@ -135,6 +137,17 @@ #define DP83869_DOWNSHIFT_4_COUNT 4 #define DP83869_DOWNSHIFT_8_COUNT 8 +/* FX_ANADV bits */ +#define DP83869_BP_FULL_DUPLEX BIT(5) +#define DP83869_BP_PAUSE BIT(7) +#define DP83869_BP_ASYMMETRIC_PAUSE BIT(8) + +/* FX_LPABL bits */ +#define DP83869_LPA_1000FULL BIT(5) +#define DP83869_LPA_PAUSE_CAP BIT(7) +#define DP83869_LPA_PAUSE_ASYM BIT(8) +#define DP83869_LPA_LPACK BIT(14) + enum { DP83869_PORT_MIRRORING_KEEP, DP83869_PORT_MIRRORING_EN, @@ -153,19 +166,129 @@ struct dp83869_private { int mode; }; +static int dp83869_config_aneg(struct phy_device *phydev) +{ + struct dp83869_private *dp83869 = phydev->priv; + unsigned long *advertising; + int err, changed = false; + u32 adv = 0; + + if (dp83869->mode != DP83869_RGMII_1000_BASE) + return genphy_config_aneg(phydev); + + /* Forcing speed or duplex isn't supported in 1000base-x mode */ + if (phydev->autoneg != AUTONEG_ENABLE) + return 0; + + /* In fiber modes, register locations 0xc0... get mapped to offset 0. + * Unfortunately, the fiber-specific autonegotiation advertisement + * register at address 0xc04 does not have the same bit layout as the + * corresponding standard MII_ADVERTISE register. Thus, functions such + * as genphy_config_advert() will write the advertisement register + * incorrectly. + */ + advertising = phydev->advertising; + + /* Only allow advertising what this PHY supports */ + linkmode_and(advertising, advertising, + phydev->supported); + + if (linkmode_test_bit(ETHTOOL_LINK_MODE_1000baseX_Full_BIT, advertising)) + adv |= DP83869_BP_FULL_DUPLEX; + if (linkmode_test_bit(ETHTOOL_LINK_MODE_Pause_BIT, advertising)) + adv |= DP83869_BP_PAUSE; + if (linkmode_test_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT, advertising)) + adv |= DP83869_BP_ASYMMETRIC_PAUSE; + + err = phy_modify_changed(phydev, DP83869_FX_ANADV, + DP83869_BP_FULL_DUPLEX | DP83869_BP_PAUSE | + DP83869_BP_ASYMMETRIC_PAUSE, + adv); + + if (err < 0) + return err; + else if (err) + changed = true; + + return genphy_check_and_restart_aneg(phydev, changed); +} + +static int dp83869_read_status_fiber(struct phy_device *phydev) +{ + int err, lpa, old_link = phydev->link; + unsigned long *lp_advertising; + + err = genphy_update_link(phydev); + if (err) + return err; + + if (phydev->autoneg == AUTONEG_ENABLE && old_link && phydev->link) + return 0; + + phydev->speed = SPEED_UNKNOWN; + phydev->duplex = DUPLEX_UNKNOWN; + phydev->pause = 0; + phydev->asym_pause = 0; + + lp_advertising = phydev->lp_advertising; + + if (phydev->autoneg != AUTONEG_ENABLE) { + linkmode_zero(lp_advertising); + + phydev->duplex = DUPLEX_FULL; + phydev->speed = SPEED_1000; + + return 0; + } + + if (!phydev->autoneg_complete) { + linkmode_zero(lp_advertising); + return 0; + } + + /* In fiber modes, register locations 0xc0... get mapped to offset 0. + * Unfortunately, the fiber-specific link partner capabilities register + * at address 0xc05 does not have the same bit layout as the + * corresponding standard MII_LPA register. Thus, functions such as + * genphy_read_lpa() will read autonegotiation results incorrectly. + */ + + lpa = phy_read(phydev, DP83869_FX_LPABL); + if (lpa < 0) + return lpa; + + linkmode_mod_bit(ETHTOOL_LINK_MODE_1000baseX_Full_BIT, + lp_advertising, lpa & DP83869_LPA_1000FULL); + + linkmode_mod_bit(ETHTOOL_LINK_MODE_Pause_BIT, lp_advertising, + lpa & DP83869_LPA_PAUSE_CAP); + + linkmode_mod_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT, lp_advertising, + lpa & DP83869_LPA_PAUSE_ASYM); + + linkmode_mod_bit(ETHTOOL_LINK_MODE_Autoneg_BIT, + lp_advertising, lpa & DP83869_LPA_LPACK); + + phy_resolve_aneg_linkmode(phydev); + + return 0; +} + static int dp83869_read_status(struct phy_device *phydev) { struct dp83869_private *dp83869 = phydev->priv; int ret; + if (dp83869->mode == DP83869_RGMII_1000_BASE) + return dp83869_read_status_fiber(phydev); + ret = genphy_read_status(phydev); if (ret) return ret; - if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported)) { + if (dp83869->mode == DP83869_RGMII_100_BASE) { if (phydev->link) { - if (dp83869->mode == DP83869_RGMII_100_BASE) - phydev->speed = SPEED_100; + phydev->speed = SPEED_100; } else { phydev->speed = SPEED_UNKNOWN; phydev->duplex = DUPLEX_UNKNOWN; @@ -898,6 +1021,7 @@ static int dp83869_phy_reset(struct phy_device *phydev) .soft_reset = dp83869_phy_reset, \ .config_intr = dp83869_config_intr, \ .handle_interrupt = dp83869_handle_interrupt, \ + .config_aneg = dp83869_config_aneg, \ .read_status = dp83869_read_status, \ .get_tunable = dp83869_get_tunable, \ .set_tunable = dp83869_set_tunable, \ --- base-commit: 5ccdcdf186aec6b9111845fd37e1757e9b413e2f change-id: 20241025-dp83869-1000base-x-0f0a61725784 Best regards, -- Romain Gantois <romain.gantois(a)bootlin.com>

10 months, 2 weeks

3
2
0 0

[PATCH] drm/panthor: Be stricter about IO mapping flags

by Jann Horn

The current panthor_device_mmap_io() implementation has two issues: 1. For mapping DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET, panthor_device_mmap_io() bails if VM_WRITE is set, but does not clear VM_MAYWRITE. That means userspace can use mprotect() to make the mapping writable later on. This is a classic Linux driver gotcha. I don't think this actually has any impact in practice: When the GPU is powered, writes to the FLUSH_ID seem to be ignored; and when the GPU is not powered, the dummy_latest_flush page provided by the driver is deliberately designed to not do any flushes, so the only thing writing to the dummy_latest_flush could achieve would be to make *more* flushes happen. 2. panthor_device_mmap_io() does not block MAP_PRIVATE mappings (which are mappings without the VM_SHARED flag). MAP_PRIVATE in combination with VM_MAYWRITE indicates that the VMA has copy-on-write semantics, which for VM_PFNMAP are semi-supported but fairly cursed. In particular, in such a mapping, the driver can only install PTEs during mmap() by calling remap_pfn_range() (because remap_pfn_range() wants to **store the physical address of the mapped physical memory into the vm_pgoff of the VMA**); installing PTEs later on with a fault handler (as panthor does) is not supported in private mappings, and so if you try to fault in such a mapping, vmf_insert_pfn_prot() splats when it hits a BUG() check. Fix it by clearing the VM_MAYWRITE flag (userspace writing to the FLUSH_ID doesn't make sense) and requiring VM_SHARED (copy-on-write semantics for the FLUSH_ID don't make sense). Reproducers for both scenarios are in the notes of my patch on the mailing list; I tested that these bugs exist on a Rock 5B machine. Note that I only compile-tested the patch, I haven't tested it; I don't have a working kernel build setup for the test machine yet. Please test it before applying it. Cc: stable(a)vger.kernel.org Fixes: 5fe909cae118 ("drm/panthor: Add the device logical block") Signed-off-by: Jann Horn <jannh(a)google.com> --- First testcase (can write to the FLUSH_ID): ``` typeof(x) __res = (x); \ if (__res == (typeof(x))-1) \ err(1, "SYSCHK(" #x ")"); \ __res; \ }) int main(void) { int fd = SYSCHK(open(GPU_PATH, O_RDWR)); // sanity-check that PROT_WRITE+MAP_SHARED fails void *mmap_write_res = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, fd, DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET); if (mmap_write_res == MAP_FAILED) { perror("mmap() with PROT_WRITE+MAP_SHARED failed as expected"); } else { errx(1, "mmap() with PROT_WRITE+MAP_SHARED worked???"); } // make a PROT_READ+MAP_SHARED mapping, and upgrade it to writable void *mmio_page = SYSCHK(mmap(NULL, 0x1000, PROT_READ, MAP_SHARED, fd, DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET)); SYSCHK(mprotect(mmio_page, 0x1000, PROT_READ|PROT_WRITE)); volatile uint32_t *flush_counter = (volatile uint32_t*)mmio_page; uint32_t last_old = -1; while (1) { uint32_t old_val = *flush_counter; *flush_counter = 1111; uint32_t new_val = *flush_counter; if (old_val != last_old) printf("flush counter: old=%u, new=%u\n", old_val, new_val); last_old = old_val; } } ``` Second testcase (triggers BUG() splat): ``` typeof(x) __res = (x); \ if (__res == (typeof(x))-1) \ err(1, "SYSCHK(" #x ")"); \ __res; \ }) int main(void) { int fd = SYSCHK(open(GPU_PATH, O_RDWR)); // make a PROT_READ+**MAP_PRIVATE** mapping void *ptr = SYSCHK(mmap(NULL, 0x1000, PROT_READ, MAP_PRIVATE, fd, DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET)); // trigger a read fault *(volatile char *)ptr; } ``` The second testcase splats like this: ``` [ 2918.411814] ------------[ cut here ]------------ [ 2918.411857] kernel BUG at mm/memory.c:2220! [ 2918.411955] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [...] [ 2918.416147] CPU: 3 PID: 2934 Comm: private_user_fl Tainted: G O 6.1.43-19-rk2312 #428a0a5e6 [ 2918.417043] Hardware name: Radxa ROCK 5B (DT) [ 2918.417464] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2918.418119] pc : vmf_insert_pfn_prot+0x40/0xe4 [ 2918.418567] lr : panthor_mmio_vm_fault+0xb0/0x12c [panthor] [...] [ 2918.425746] Call trace: [ 2918.425972] vmf_insert_pfn_prot+0x40/0xe4 [ 2918.426342] __do_fault+0x38/0x7c [ 2918.426648] __handle_mm_fault+0x404/0x6dc [ 2918.427018] handle_mm_fault+0x13c/0x18c [ 2918.427374] do_page_fault+0x194/0x33c [ 2918.427716] do_translation_fault+0x60/0x7c [ 2918.428095] do_mem_abort+0x44/0x90 [ 2918.428410] el0_da+0x40/0x68 [ 2918.428685] el0t_64_sync_handler+0x9c/0xf8 [ 2918.429067] el0t_64_sync+0x174/0x178 ``` --- drivers/gpu/drm/panthor/panthor_device.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/panthor/panthor_device.c b/drivers/gpu/drm/panthor/panthor_device.c index 4082c8f2951dfdace7f73a24d6fe34e9e7f920eb..6fbff516c1c1f047fcb4dee17b87d8263616dc0c 100644 --- a/drivers/gpu/drm/panthor/panthor_device.c +++ b/drivers/gpu/drm/panthor/panthor_device.c @@ -390,11 +390,15 @@ int panthor_device_mmap_io(struct panthor_device *ptdev, struct vm_area_struct * { u64 offset = (u64)vma->vm_pgoff << PAGE_SHIFT; + if ((vma->vm_flags & VM_SHARED) == 0) + return -EINVAL; + switch (offset) { case DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET: if (vma->vm_end - vma->vm_start != PAGE_SIZE || (vma->vm_flags & (VM_WRITE | VM_EXEC))) return -EINVAL; + vm_flags_clear(vma, VM_MAYWRITE); break; --- base-commit: d78f0ee0406803cda8801fd5201746ccf89e5e4a change-id: 20241104-panthor-flush-page-fixes-fe4202bb18c0 -- Jann Horn <jannh(a)google.com>

10 months, 2 weeks

4
5
0 0

Re: [PATCH 6.11 000/249] 6.11.7-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

10 months, 2 weeks

1
0
0 0

[PATCH v2 1/8] perf jevents: fix breakage when do perf stat on system metric

by Ian Rogers

From: Xu Yang <xu.yang_2(a)nxp.com> When do perf stat on sys metric, perf tool output nothing now: $ perf stat -a -M imx95_ddr_read.all -I 1000 $ This command runs on an arm64 machine and the Soc has one DDR hw pmu except one armv8_cortex_a55 pmu. Their maps show as follows: const struct pmu_events_map pmu_events_map[] = { { .arch = "arm64", .cpuid = "0x00000000410fd050", .event_table = { .pmus = pmu_events__arm_cortex_a55, .num_pmus = ARRAY_SIZE(pmu_events__arm_cortex_a55) }, .metric_table = { .pmus = NULL, .num_pmus = 0 } }, static const struct pmu_sys_events pmu_sys_event_tables[] = { { .event_table = { .pmus = pmu_events__freescale_imx95_sys, .num_pmus = ARRAY_SIZE(pmu_events__freescale_imx95_sys) }, .metric_table = { .pmus = pmu_metrics__freescale_imx95_sys, .num_pmus = ARRAY_SIZE(pmu_metrics__freescale_imx95_sys) }, .name = "pmu_events__freescale_imx95_sys", }, Currently, pmu_metrics_table__find() will return NULL when only do perf stat on sys metric. Then parse_groups() will never be called to parse sys metric_name, finally perf tool will exit directly. This should be a common problem. To fix the issue, this will keep the logic before commit f20c15d13f01 ("perf pmu-events: Remember the perf_events_map for a PMU") to return a empty metric table rather than a NULL pointer. This should be fine since the removed part just check if the table match provided metric_name. Without these code, the code in parse_groups() will also check the validity of metrci_name too. Fixes: f20c15d13f01 ("perf pmu-events: Remember the perf_events_map for a PMU") Cc: stable(a)vger.kernel.org Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Acked-by: Ian Rogers <irogers(a)google.com> Signed-off-by: Ian Rogers <irogers(a)google.com> --- tools/perf/pmu-events/empty-pmu-events.c | 12 +----------- tools/perf/pmu-events/jevents.py | 12 +----------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/tools/perf/pmu-events/empty-pmu-events.c b/tools/perf/pmu-events/empty-pmu-events.c index 2b7516946ded..b8719dab264d 100644 --- a/tools/perf/pmu-events/empty-pmu-events.c +++ b/tools/perf/pmu-events/empty-pmu-events.c @@ -585,17 +585,7 @@ const struct pmu_metrics_table *perf_pmu__find_metrics_table(struct perf_pmu *pm if (!map) return NULL; - if (!pmu) - return &map->metric_table; - - for (size_t i = 0; i < map->metric_table.num_pmus; i++) { - const struct pmu_table_entry *table_pmu = &map->metric_table.pmus[i]; - const char *pmu_name = &big_c_string[table_pmu->pmu_name.offset]; - - if (pmu__name_match(pmu, pmu_name)) - return &map->metric_table; - } - return NULL; + return &map->metric_table; } const struct pmu_events_table *find_core_events_table(const char *arch, const char *cpuid) diff --git a/tools/perf/pmu-events/jevents.py b/tools/perf/pmu-events/jevents.py index 6e71b09dbc2a..70f4fd5395fb 100755 --- a/tools/perf/pmu-events/jevents.py +++ b/tools/perf/pmu-events/jevents.py @@ -1101,17 +1101,7 @@ const struct pmu_metrics_table *perf_pmu__find_metrics_table(struct perf_pmu *pm if (!map) return NULL; - if (!pmu) - return &map->metric_table; - - for (size_t i = 0; i < map->metric_table.num_pmus; i++) { - const struct pmu_table_entry *table_pmu = &map->metric_table.pmus[i]; - const char *pmu_name = &big_c_string[table_pmu->pmu_name.offset]; - - if (pmu__name_match(pmu, pmu_name)) - return &map->metric_table; - } - return NULL; + return &map->metric_table; } const struct pmu_events_table *find_core_events_table(const char *arch, const char *cpuid) -- 2.47.0.199.ga7371fff76-goog

10 months, 2 weeks

1
0
0 0

[PATCH] [SCSI] esas2r: fix possible buffer overflow caused by bad DMA value in esas2r_process_vda_ioctl()

by Qiu-ji Chen

In line 1854 of the file esas2r_ioctl.c, the function esas2r_process_vda_ioctl() is called with the parameter vi being assigned the value of a->vda_buffer. On line 1892, a->vda_buffer is stored in DMA memory with the statement a->vda_buffer = dma_alloc_coherent(&a->pcid->dev, ..., indicating that the parameter vi passed to the function is also stored in DMA memory. This suggests that the parameter vi could be altered at any time by malicious hardware. If vi’s value is changed after the first conditional check if (vi->function >= vercnt), it is likely that an array out-of-bounds access could occur in the subsequent check if (vi->version > esas2r_vdaioctl_versions[vi_function]), leading to serious issues. To fix this issue, we will store the value of vi->function in a local variable to ensure that the subsequent checks remain valid. Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 26780d9e12ed ("[SCSI] esas2r: ATTO Technology ExpressSAS 6G SAS/SATA RAID Adapter Driver") --- drivers/scsi/esas2r/esas2r_vda.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/esas2r/esas2r_vda.c b/drivers/scsi/esas2r/esas2r_vda.c index 30028e56df63..48af8c05b01d 100644 --- a/drivers/scsi/esas2r/esas2r_vda.c +++ b/drivers/scsi/esas2r/esas2r_vda.c @@ -70,16 +70,17 @@ bool esas2r_process_vda_ioctl(struct esas2r_adapter *a, u32 datalen = 0; struct atto_vda_sge *firstsg = NULL; u8 vercnt = (u8)ARRAY_SIZE(esas2r_vdaioctl_versions); + u8 vi_function = vi->function; vi->status = ATTO_STS_SUCCESS; vi->vda_status = RS_PENDING; - if (vi->function >= vercnt) { + if (vi_function >= vercnt) { vi->status = ATTO_STS_INV_FUNC; return false; } - if (vi->version > esas2r_vdaioctl_versions[vi->function]) { + if (vi->version > esas2r_vdaioctl_versions[vi_function]) { vi->status = ATTO_STS_INV_VERSION; return false; } @@ -89,14 +90,14 @@ bool esas2r_process_vda_ioctl(struct esas2r_adapter *a, return false; } - if (vi->function != VDA_FUNC_SCSI) + if (vi_function != VDA_FUNC_SCSI) clear_vda_request(rq); - rq->vrq->scsi.function = vi->function; + rq->vrq->scsi.function = vi_function; rq->interrupt_cb = esas2r_complete_vda_ioctl; rq->interrupt_cx = vi; - switch (vi->function) { + switch (vi_function) { case VDA_FUNC_FLASH: if (vi->cmd.flash.sub_func != VDA_FLASH_FREAD -- 2.34.1

10 months, 2 weeks

2
1
0 0

Re: Kernel 6.11 breaks power-profiles-daemon on NixOS unstable

by me＠meirisoda.online

Upgrading to kernel version 6.11 breaks the ability to switch between power modes on KDE Plasma 6.2.2 and NixOS 24.11 (unstable). I am using a ROG Zephyrus 14 GA401 with a 4060. I thought it may be Nvidia acting up so I've tried: Re-enabling power-profiles-daemon in my NixOS configuration (did not fix the issues) Disabling supergfxctl on NixOS configuration (did not fix the issue) Switching between nvidia latest and beta (did not fix the issue) Switching back to kernel version 6.10 fixes the issue. Since 6.10 is considered EOL upstream, I had to manually switch back to a specific commit hash to get 6.10 to work. Hoping this gets fixed on 6.11. Thank you, soda Sent with Proton Mail secure email.

10 months, 2 weeks

2
1
0 0

[PATCH v2 6.11.y 1/2] rcu/kvfree: Add kvfree_rcu_barrier() API

by Suren Baghdasaryan

From: Uladzislau Rezki <urezki(a)gmail.com> commit 3c5d61ae919cc377c71118ccc76fa6e8518023f8 upstream. Add a kvfree_rcu_barrier() function. It waits until all in-flight pointers are freed over RCU machinery. It does not wait any GP completion and it is within its right to return immediately if there are no outstanding pointers. This function is useful when there is a need to guarantee that a memory is fully freed before destroying memory caches. For example, during unloading a kernel module. Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> --- Changes since v1 [1]: - Added SOB, per Greg KH [1] https://lore.kernel.org/all/20241021171003.2907935-1-surenb@google.com/ include/linux/rcutiny.h | 5 ++ include/linux/rcutree.h | 1 + kernel/rcu/tree.c | 109 +++++++++++++++++++++++++++++++++++++--- 3 files changed, 107 insertions(+), 8 deletions(-) diff --git a/include/linux/rcutiny.h b/include/linux/rcutiny.h index d9ac7b136aea..522123050ff8 100644 --- a/include/linux/rcutiny.h +++ b/include/linux/rcutiny.h @@ -111,6 +111,11 @@ static inline void __kvfree_call_rcu(struct rcu_head *head, void *ptr) kvfree(ptr); } +static inline void kvfree_rcu_barrier(void) +{ + rcu_barrier(); +} + #ifdef CONFIG_KASAN_GENERIC void kvfree_call_rcu(struct rcu_head *head, void *ptr); #else diff --git a/include/linux/rcutree.h b/include/linux/rcutree.h index 254244202ea9..58e7db80f3a8 100644 --- a/include/linux/rcutree.h +++ b/include/linux/rcutree.h @@ -35,6 +35,7 @@ static inline void rcu_virt_note_context_switch(void) void synchronize_rcu_expedited(void); void kvfree_call_rcu(struct rcu_head *head, void *ptr); +void kvfree_rcu_barrier(void); void rcu_barrier(void); void rcu_momentary_dyntick_idle(void); diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index e641cc681901..be00aac5f4e7 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -3584,18 +3584,15 @@ kvfree_rcu_drain_ready(struct kfree_rcu_cpu *krcp) } /* - * This function is invoked after the KFREE_DRAIN_JIFFIES timeout. + * Return: %true if a work is queued, %false otherwise. */ -static void kfree_rcu_monitor(struct work_struct *work) +static bool +kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) { - struct kfree_rcu_cpu *krcp = container_of(work, - struct kfree_rcu_cpu, monitor_work.work); unsigned long flags; + bool queued = false; int i, j; - // Drain ready for reclaim. - kvfree_rcu_drain_ready(krcp); - raw_spin_lock_irqsave(&krcp->lock, flags); // Attempt to start a new batch. @@ -3634,11 +3631,27 @@ static void kfree_rcu_monitor(struct work_struct *work) // be that the work is in the pending state when // channels have been detached following by each // other. - queue_rcu_work(system_wq, &krwp->rcu_work); + queued = queue_rcu_work(system_wq, &krwp->rcu_work); } } raw_spin_unlock_irqrestore(&krcp->lock, flags); + return queued; +} + +/* + * This function is invoked after the KFREE_DRAIN_JIFFIES timeout. + */ +static void kfree_rcu_monitor(struct work_struct *work) +{ + struct kfree_rcu_cpu *krcp = container_of(work, + struct kfree_rcu_cpu, monitor_work.work); + + // Drain ready for reclaim. + kvfree_rcu_drain_ready(krcp); + + // Queue a batch for a rest. + kvfree_rcu_queue_batch(krcp); // If there is nothing to detach, it means that our job is // successfully done here. In case of having at least one @@ -3859,6 +3872,86 @@ void kvfree_call_rcu(struct rcu_head *head, void *ptr) } EXPORT_SYMBOL_GPL(kvfree_call_rcu); +/** + * kvfree_rcu_barrier - Wait until all in-flight kvfree_rcu() complete. + * + * Note that a single argument of kvfree_rcu() call has a slow path that + * triggers synchronize_rcu() following by freeing a pointer. It is done + * before the return from the function. Therefore for any single-argument + * call that will result in a kfree() to a cache that is to be destroyed + * during module exit, it is developer's responsibility to ensure that all + * such calls have returned before the call to kmem_cache_destroy(). + */ +void kvfree_rcu_barrier(void) +{ + struct kfree_rcu_cpu_work *krwp; + struct kfree_rcu_cpu *krcp; + bool queued; + int i, cpu; + + /* + * Firstly we detach objects and queue them over an RCU-batch + * for all CPUs. Finally queued works are flushed for each CPU. + * + * Please note. If there are outstanding batches for a particular + * CPU, those have to be finished first following by queuing a new. + */ + for_each_possible_cpu(cpu) { + krcp = per_cpu_ptr(&krc, cpu); + + /* + * Check if this CPU has any objects which have been queued for a + * new GP completion. If not(means nothing to detach), we are done + * with it. If any batch is pending/running for this "krcp", below + * per-cpu flush_rcu_work() waits its completion(see last step). + */ + if (!need_offload_krc(krcp)) + continue; + + while (1) { + /* + * If we are not able to queue a new RCU work it means: + * - batches for this CPU are still in flight which should + * be flushed first and then repeat; + * - no objects to detach, because of concurrency. + */ + queued = kvfree_rcu_queue_batch(krcp); + + /* + * Bail out, if there is no need to offload this "krcp" + * anymore. As noted earlier it can run concurrently. + */ + if (queued || !need_offload_krc(krcp)) + break; + + /* There are ongoing batches. */ + for (i = 0; i < KFREE_N_BATCHES; i++) { + krwp = &(krcp->krw_arr[i]); + flush_rcu_work(&krwp->rcu_work); + } + } + } + + /* + * Now we guarantee that all objects are flushed. + */ + for_each_possible_cpu(cpu) { + krcp = per_cpu_ptr(&krc, cpu); + + /* + * A monitor work can drain ready to reclaim objects + * directly. Wait its completion if running or pending. + */ + cancel_delayed_work_sync(&krcp->monitor_work); + + for (i = 0; i < KFREE_N_BATCHES; i++) { + krwp = &(krcp->krw_arr[i]); + flush_rcu_work(&krwp->rcu_work); + } + } +} +EXPORT_SYMBOL_GPL(kvfree_rcu_barrier); + static unsigned long kfree_rcu_shrink_count(struct shrinker *shrink, struct shrink_control *sc) { base-commit: 163b38476c50d64b89c1dfdf4fd57a368b6ebbec -- 2.47.0.199.ga7371fff76-goog

10 months, 2 weeks

2
4
0 0

[RFC] PCI: Fix the issue of link speed downgrade after link retraining

by Jinhui Guo

The link speed is downgraded to 2.5 GT/s when a Samsung NVMe device is hotplugged into a Intel PCIe root port [8086:0db0]. ``` +-[0000:3c]-+-00.0 Intel Corporation Ice Lake Memory Map/VT-d | ... | +02.0-[3d]----00.0 Samsung Electronics Co Ltd Device a80e ``` Some printing information can be obtained when the issue emerges. "Card present" is reported twice via external interrupts due to a slight tremor when the Samsung NVMe device is plugged in. The failure of the link activation for the first time leads to the link speed of the root port being mistakenly downgraded to 2.5G/s. ``` [ 8223.419682] pcieport 0000:3d:02.0: pciehp: Slot(1): Card present [ 8224.449714] pcieport 0000:3d:02.0: broken device, retraining non-functional downstream link at 2.5GT/s [ 8225.518723] pcieport 0000:3d:02.0: pciehp: Slot(1): Card present [ 8225.518726] pcieport 0000:3d:02.0: pciehp: Slot(1): Link up ``` To avoid wrongly setting the link speed to 2.5GT/s, only allow specific pcie devices to perform link retrain. Fixes: a89c82249c37 ("PCI: Work around PCIe link training failures") Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> --- drivers/pci/quirks.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index dccb60c1d9cc..59858156003b 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -91,7 +91,8 @@ int pcie_failed_link_retrain(struct pci_dev *dev) int ret = -ENOTTY; if (!pci_is_pcie(dev) || !pcie_downstream_port(dev) || - !pcie_cap_has_lnkctl2(dev) || !dev->link_active_reporting) + !pcie_cap_has_lnkctl2(dev) || !dev->link_active_reporting || + !pci_match_id(ids, dev)) return ret; pcie_capability_read_word(dev, PCI_EXP_LNKCTL2, &lnkctl2); @@ -119,8 +120,7 @@ int pcie_failed_link_retrain(struct pci_dev *dev) } if ((lnksta & PCI_EXP_LNKSTA_DLLLA) && - (lnkctl2 & PCI_EXP_LNKCTL2_TLS) == PCI_EXP_LNKCTL2_TLS_2_5GT && - pci_match_id(ids, dev)) { + (lnkctl2 & PCI_EXP_LNKCTL2_TLS) == PCI_EXP_LNKCTL2_TLS_2_5GT) { u32 lnkcap; pci_info(dev, "removing 2.5GT/s downstream link speed restriction\n"); -- 2.20.1

10 months, 2 weeks

2
1
0 0

[PATCH v2] [SCSI] esas2r: fix possible array out-of-bounds caused by bad DMA value in esas2r_process_vda_ioctl()

by Qiu-ji Chen

In line 1854 of the file esas2r_ioctl.c, the function esas2r_process_vda_ioctl() is called with the parameter vi being assigned the value of a->vda_buffer. On line 1892, a->vda_buffer is stored in DMA memory with the statement a->vda_buffer = dma_alloc_coherent(&a->pcid->dev, ..., indicating that the parameter vi passed to the function is also stored in DMA memory. This suggests that the parameter vi could be altered at any time by malicious hardware. If vi’s value is changed after the first conditional check if (vi->function >= vercnt), it is likely that an array out-of-bounds access could occur in the subsequent check if (vi->version > esas2r_vdaioctl_versions[vi_function]), leading to serious issues. To fix this issue, we will store the value of vi->function in a local variable to ensure that the subsequent checks remain valid. Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 26780d9e12ed ("[SCSI] esas2r: ATTO Technology ExpressSAS 6G SAS/SATA RAID Adapter Driver") --- V2: Changed the incorrect patch title --- drivers/scsi/esas2r/esas2r_vda.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/esas2r/esas2r_vda.c b/drivers/scsi/esas2r/esas2r_vda.c index 30028e56df63..48af8c05b01d 100644 --- a/drivers/scsi/esas2r/esas2r_vda.c +++ b/drivers/scsi/esas2r/esas2r_vda.c @@ -70,16 +70,17 @@ bool esas2r_process_vda_ioctl(struct esas2r_adapter *a, u32 datalen = 0; struct atto_vda_sge *firstsg = NULL; u8 vercnt = (u8)ARRAY_SIZE(esas2r_vdaioctl_versions); + u8 vi_function = vi->function; vi->status = ATTO_STS_SUCCESS; vi->vda_status = RS_PENDING; - if (vi->function >= vercnt) { + if (vi_function >= vercnt) { vi->status = ATTO_STS_INV_FUNC; return false; } - if (vi->version > esas2r_vdaioctl_versions[vi->function]) { + if (vi->version > esas2r_vdaioctl_versions[vi_function]) { vi->status = ATTO_STS_INV_VERSION; return false; } @@ -89,14 +90,14 @@ bool esas2r_process_vda_ioctl(struct esas2r_adapter *a, return false; } - if (vi->function != VDA_FUNC_SCSI) + if (vi_function != VDA_FUNC_SCSI) clear_vda_request(rq); - rq->vrq->scsi.function = vi->function; + rq->vrq->scsi.function = vi_function; rq->interrupt_cb = esas2r_complete_vda_ioctl; rq->interrupt_cx = vi; - switch (vi->function) { + switch (vi_function) { case VDA_FUNC_FLASH: if (vi->cmd.flash.sub_func != VDA_FLASH_FREAD -- 2.34.1

10 months, 2 weeks

2
1
0 0

[PATCH v2] mm: fix a possible null pointer dereference in setup_zone_pageset()

by Qiu-ji Chen

The function call alloc_percpu() returns a pointer to the memory address, but it hasn't been checked. Our static analysis tool indicates that null pointer dereference may exist in pointer zone->per_cpu_pageset. It is always safe to judge the null pointer before use. Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 9420f89db2dd ("mm: move most of core MM initialization to mm/mm_init.c") --- V2: Fixed the incorrect code logic. Thanks David Hildenbrand for helpful suggestion. --- mm/page_alloc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 8afab64814dc..7c8a74fd02d6 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -5703,8 +5703,14 @@ void __meminit setup_zone_pageset(struct zone *zone) /* Size may be 0 on !SMP && !NUMA */ if (sizeof(struct per_cpu_zonestat) > 0) zone->per_cpu_zonestats = alloc_percpu(struct per_cpu_zonestat); + if (!zone->per_cpu_zonestats) + return; zone->per_cpu_pageset = alloc_percpu(struct per_cpu_pages); + if (!zone->per_cpu_pageset) { + free_percpu(zone->per_cpu_zonestats); + return; + } for_each_possible_cpu(cpu) { struct per_cpu_pages *pcp; struct per_cpu_zonestat *pzstats; -- 2.34.1

10 months, 2 weeks

2
3
0 0

[PATCH] arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint

by Mark Rutland

SMCCCv1.3 added a hint bit which callers can set in an SMCCC function ID (AKA "FID") to indicate that it is acceptable for the SMCCC implementation to discard SVE and/or SME state over a specific SMCCC call. The kernel support for using this hint is broken and SMCCC calls may clobber the SVE and/or SME state of arbitrary tasks, though FPSIMD state is unaffected. The kernel support is intended to use the hint when there is no SVE or SME state to save, and to do this it checks whether TIF_FOREIGN_FPSTATE is set or TIF_SVE is clear in assembly code: | ldr <flags>, [<current_task>, #TSK_TI_FLAGS] | tbnz <flags>, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? | tbnz <flags>, #TIF_SVE, 2f // Does that state include SVE? | | 1: orr <fid>, <fid>, ARM_SMCCC_1_3_SVE_HINT | 2: | << SMCCC call using FID >> This is not safe as-is: (1) SMCCC calls can be made in a preemptible context and preemption can result in TIF_FOREIGN_FPSTATE being set or cleared at arbitrary points in time. Thus checking for TIF_FOREIGN_FPSTATE provides no guarantee. (2) TIF_FOREIGN_FPSTATE only indicates that the live FP/SVE/SME state in the CPU does not belong to the current task, and does not indicate that clobbering this state is acceptable. When the live CPU state is clobbered it is necessary to update fpsimd_last_state.st to ensure that a subsequent context switch will reload FP/SVE/SME state from memory rather than consuming the clobbered state. This and the SMCCC call itself must happen in a critical section with preemption disabled to avoid races. (3) Live SVE/SME state can exist with TIF_SVE clear (e.g. with only TIF_SME set), and checking TIF_SVE alone is insufficient. Remove the broken support for the SMCCCv1.3 SVE saving hint. This is effectively a revert of commits: * cfa7ff959a789a95 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") * a7c3acca53801e10 ("arm64: smccc: Save lr before calling __arm_smccc_sve_check()") ... leaving behind the ARM_SMCCC_VERSION_1_3 and ARM_SMCCC_1_3_SVE_HINT definitions, since these are simply definitions from the SMCCC specification, and the latter is used in KVM via ARM_SMCCC_CALL_HINTS. If we want to bring this back in future, we'll probably want to handle this logic in C where we can use all the usual FPSIMD/SVE/SME helper functions, and that'll likely require some rework of the SMCCC code and/or its callers. Fixes: cfa7ff959a789a95 ("arm64: smccc: Support SMCCC v1.3 SVE register saving hint") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kernel/smccc-call.S | 35 +++------------------------------- drivers/firmware/smccc/smccc.c | 4 ---- include/linux/arm-smccc.h | 32 +++---------------------------- 3 files changed, 6 insertions(+), 65 deletions(-) diff --git a/arch/arm64/kernel/smccc-call.S b/arch/arm64/kernel/smccc-call.S index 487381164ff6b..2def9d0dd3ddb 100644 --- a/arch/arm64/kernel/smccc-call.S +++ b/arch/arm64/kernel/smccc-call.S @@ -7,48 +7,19 @@ #include <asm/asm-offsets.h> #include <asm/assembler.h> -#include <asm/thread_info.h> - -/* - * If we have SMCCC v1.3 and (as is likely) no SVE state in - * the registers then set the SMCCC hint bit to say there's no - * need to preserve it. Do this by directly adjusting the SMCCC - * function value which is already stored in x0 ready to be called. - */ -SYM_FUNC_START(__arm_smccc_sve_check) - - ldr_l x16, smccc_has_sve_hint - cbz x16, 2f - - get_current_task x16 - ldr x16, [x16, #TSK_TI_FLAGS] - tbnz x16, #TIF_FOREIGN_FPSTATE, 1f // Any live FP state? - tbnz x16, #TIF_SVE, 2f // Does that state include SVE? - -1: orr x0, x0, ARM_SMCCC_1_3_SVE_HINT - -2: ret -SYM_FUNC_END(__arm_smccc_sve_check) -EXPORT_SYMBOL(__arm_smccc_sve_check) .macro SMCCC instr - stp x29, x30, [sp, #-16]! - mov x29, sp -alternative_if ARM64_SVE - bl __arm_smccc_sve_check -alternative_else_nop_endif \instr #0 - ldr x4, [sp, #16] + ldr x4, [sp] stp x0, x1, [x4, #ARM_SMCCC_RES_X0_OFFS] stp x2, x3, [x4, #ARM_SMCCC_RES_X2_OFFS] - ldr x4, [sp, #24] + ldr x4, [sp, #8] cbz x4, 1f /* no quirk structure */ ldr x9, [x4, #ARM_SMCCC_QUIRK_ID_OFFS] cmp x9, #ARM_SMCCC_QUIRK_QCOM_A6 b.ne 1f str x6, [x4, ARM_SMCCC_QUIRK_STATE_OFFS] -1: ldp x29, x30, [sp], #16 - ret +1: ret .endm /* diff --git a/drivers/firmware/smccc/smccc.c b/drivers/firmware/smccc/smccc.c index d670635914ecb..a74600d9f2d72 100644 --- a/drivers/firmware/smccc/smccc.c +++ b/drivers/firmware/smccc/smccc.c @@ -16,7 +16,6 @@ static u32 smccc_version = ARM_SMCCC_VERSION_1_0; static enum arm_smccc_conduit smccc_conduit = SMCCC_CONDUIT_NONE; bool __ro_after_init smccc_trng_available = false; -u64 __ro_after_init smccc_has_sve_hint = false; s32 __ro_after_init smccc_soc_id_version = SMCCC_RET_NOT_SUPPORTED; s32 __ro_after_init smccc_soc_id_revision = SMCCC_RET_NOT_SUPPORTED; @@ -28,9 +27,6 @@ void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit) smccc_conduit = conduit; smccc_trng_available = smccc_probe_trng(); - if (IS_ENABLED(CONFIG_ARM64_SVE) && - smccc_version >= ARM_SMCCC_VERSION_1_3) - smccc_has_sve_hint = true; if ((smccc_version >= ARM_SMCCC_VERSION_1_2) && (smccc_conduit != SMCCC_CONDUIT_NONE)) { diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h index f59099a213d0d..67f6fdf2e7cd8 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -315,8 +315,6 @@ u32 arm_smccc_get_version(void); void __init arm_smccc_version_init(u32 version, enum arm_smccc_conduit conduit); -extern u64 smccc_has_sve_hint; - /** * arm_smccc_get_soc_id_version() * @@ -414,15 +412,6 @@ struct arm_smccc_quirk { } state; }; -/** - * __arm_smccc_sve_check() - Set the SVE hint bit when doing SMC calls - * - * Sets the SMCCC hint bit to indicate if there is live state in the SVE - * registers, this modifies x0 in place and should never be called from C - * code. - */ -asmlinkage unsigned long __arm_smccc_sve_check(unsigned long x0); - /** * __arm_smccc_smc() - make SMC calls * @a0-a7: arguments passed in registers 0 to 7 @@ -490,20 +479,6 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, #endif -/* nVHE hypervisor doesn't have a current thread so needs separate checks */ -#if defined(CONFIG_ARM64_SVE) && !defined(__KVM_NVHE_HYPERVISOR__) - -#define SMCCC_SVE_CHECK ALTERNATIVE("nop \n", "bl __arm_smccc_sve_check \n", \ - ARM64_SVE) -#define smccc_sve_clobbers "x16", "x30", "cc", - -#else - -#define SMCCC_SVE_CHECK -#define smccc_sve_clobbers - -#endif - #define __constraint_read_2 "r" (arg0) #define __constraint_read_3 __constraint_read_2, "r" (arg1) #define __constraint_read_4 __constraint_read_3, "r" (arg2) @@ -574,12 +549,11 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, register unsigned long r3 asm("r3"); \ CONCATENATE(__declare_arg_, \ COUNT_ARGS(__VA_ARGS__))(__VA_ARGS__); \ - asm volatile(SMCCC_SVE_CHECK \ - inst "\n" : \ + asm volatile(inst "\n" : \ "=r" (r0), "=r" (r1), "=r" (r2), "=r" (r3) \ : CONCATENATE(__constraint_read_, \ COUNT_ARGS(__VA_ARGS__)) \ - : smccc_sve_clobbers "memory"); \ + : "memory"); \ if (___res) \ *___res = (typeof(*___res)){r0, r1, r2, r3}; \ } while (0) @@ -628,7 +602,7 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, asm ("" : \ : CONCATENATE(__constraint_read_, \ COUNT_ARGS(__VA_ARGS__)) \ - : smccc_sve_clobbers "memory"); \ + : "memory"); \ if (___res) \ ___res->a0 = SMCCC_RET_NOT_SUPPORTED; \ } while (0) -- 2.30.2

10 months, 2 weeks

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror