- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042956-tricking-matted-50cf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") c471245bd9f2 ("nvmem: sec-qfprom: Add Qualcomm secure QFPROM support") 27f699e578b1 ("nvmem: core: add support for fixed cells *layout*") de6e05097f7d ("nvmem: mtk-efuse: Support postprocessing for GPU speed binning data") 266570f496b9 ("nvmem: core: introduce NVMEM layouts") 50014d659617 ("nvmem: core: use nvmem_add_one_cell() in nvmem_add_cells_from_of()") 2ded6830d376 ("nvmem: core: add nvmem_add_one_cell()") cc5bdd323dde ("nvmem: core: drop the removal of the cells in nvmem_add_cells()") db3546d58b5a ("nvmem: core: fix cell removal on error") edcf2fb66052 ("nvmem: core: fix device node refcounting") ab3428cfd9aa ("nvmem: core: fix registration vs use race") 560181d3ace6 ("nvmem: core: fix cleanup after dev_set_name()") 569653f022a2 ("nvmem: core: remove nvmem_config wp_gpio") 3bd747c7ea13 ("nvmem: core: initialise nvmem->id early") a3816a7d7c09 ("nvmem: stm32: add nvmem type attribute") a06d9e5a63b7 ("nvmem: sort config symbols alphabetically") 28fc7c986f01 ("nvmem: prefix all symbols with NVMEM_") 5544e90c8126 ("nvmem: core: add error handling for dev_set_name") d5542923f200 ("nvmem: add driver handling U-Boot environment variables") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042955-overture-backlight-50ec@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") c471245bd9f2 ("nvmem: sec-qfprom: Add Qualcomm secure QFPROM support") 27f699e578b1 ("nvmem: core: add support for fixed cells *layout*") de6e05097f7d ("nvmem: mtk-efuse: Support postprocessing for GPU speed binning data") 266570f496b9 ("nvmem: core: introduce NVMEM layouts") 50014d659617 ("nvmem: core: use nvmem_add_one_cell() in nvmem_add_cells_from_of()") 2ded6830d376 ("nvmem: core: add nvmem_add_one_cell()") cc5bdd323dde ("nvmem: core: drop the removal of the cells in nvmem_add_cells()") db3546d58b5a ("nvmem: core: fix cell removal on error") edcf2fb66052 ("nvmem: core: fix device node refcounting") ab3428cfd9aa ("nvmem: core: fix registration vs use race") 560181d3ace6 ("nvmem: core: fix cleanup after dev_set_name()") 569653f022a2 ("nvmem: core: remove nvmem_config wp_gpio") 3bd747c7ea13 ("nvmem: core: initialise nvmem->id early") a3816a7d7c09 ("nvmem: stm32: add nvmem type attribute") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-throwaway-recluse-d3a6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] macsec: Detect if Rx skb is macsec-related for offloading" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 642c984dd0e37dbaec9f87bd1211e5fac1f142bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042923-sufferer-anywhere-76a7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 642c984dd0e3 ("macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 642c984dd0e37dbaec9f87bd1211e5fac1f142bf Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:04 -0700 Subject: [PATCH] macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Can now correctly identify where the packets should be delivered by using md_dst or its absence on devices that provide it. This detection is not possible without device drivers that update md_dst. A fallback pattern should be used for supporting such device drivers. This fallback mode causes multicast messages to be cloned to both the non-macsec and macsec ports, independent of whether the multicast message received was encrypted over MACsec or not. Other non-macsec traffic may also fail to be handled correctly for devices in promiscuous mode. Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/ Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0206b84284ab..ff016c11b4a0 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -999,10 +999,12 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) struct metadata_dst *md_dst; struct macsec_rxh_data *rxd; struct macsec_dev *macsec; + bool is_macsec_md_dst; rcu_read_lock(); rxd = macsec_data_rcu(skb->dev); md_dst = skb_metadata_dst(skb); + is_macsec_md_dst = md_dst && md_dst->type == METADATA_MACSEC; list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct sk_buff *nskb; @@ -1013,14 +1015,42 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) * the SecTAG, so we have to deduce which port to deliver to. */ if (macsec_is_offloaded(macsec) && netif_running(ndev)) { - struct macsec_rx_sc *rx_sc = NULL; + const struct macsec_ops *ops; - if (md_dst && md_dst->type == METADATA_MACSEC) - rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci); + ops = macsec_get_ops(macsec, NULL); - if (md_dst && md_dst->type == METADATA_MACSEC && !rx_sc) + if (ops->rx_uses_md_dst && !is_macsec_md_dst) continue; + if (is_macsec_md_dst) { + struct macsec_rx_sc *rx_sc; + + /* All drivers that implement MACsec offload + * support using skb metadata destinations must + * indicate that they do so. + */ + DEBUG_NET_WARN_ON_ONCE(!ops->rx_uses_md_dst); + rx_sc = find_rx_sc(&macsec->secy, + md_dst->u.macsec_info.sci); + if (!rx_sc) + continue; + /* device indicated macsec offload occurred */ + skb->dev = ndev; + skb->pkt_type = PACKET_HOST; + eth_skb_pkt_type(skb, ndev); + ret = RX_HANDLER_ANOTHER; + goto out; + } + + /* This datapath is insecure because it is unable to + * enforce isolation of broadcast/multicast traffic and + * unicast traffic with promiscuous mode on the macsec + * netdev. Since the core stack has no mechanism to + * check that the hardware did indeed receive MACsec + * traffic, it is possible that the response handling + * done by the MACsec port was to a plaintext packet. + * This violates the MACsec protocol standard. + */ if (ether_addr_equal_64bits(hdr->h_dest, ndev->dev_addr)) { /* exact match, divert skb to this port */ @@ -1036,14 +1066,10 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) break; nskb->dev = ndev; - if (ether_addr_equal_64bits(hdr->h_dest, - ndev->broadcast)) - nskb->pkt_type = PACKET_BROADCAST; - else - nskb->pkt_type = PACKET_MULTICAST; + eth_skb_pkt_type(nskb, ndev); __netif_rx(nskb); - } else if (rx_sc || ndev->flags & IFF_PROMISC) { + } else if (ndev->flags & IFF_PROMISC) { skb->dev = ndev; skb->pkt_type = PACKET_HOST; ret = RX_HANDLER_ANOTHER;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] macsec: Enable devices to advertise whether they update" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 475747a19316b08e856c666a20503e73d7ed67ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042910-reopen-tiara-5796@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 475747a19316 ("macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads") a73d8779d61a ("net: macsec: introduce mdo_insert_tx_tag") eb97b9bd38f9 ("net: macsec: documentation for macsec_context and macsec_ops") 15f1735520f9 ("macsec: add support for IFLA_MACSEC_OFFLOAD in macsec_changelink") f3b4a00f0f62 ("net: macsec: fix net device access prior to holding a lock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475747a19316b08e856c666a20503e73d7ed67ed Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:02 -0700 Subject: [PATCH] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/macsec.h b/include/net/macsec.h index dbd22180cc5c..de216cbc6b05 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -321,6 +321,7 @@ struct macsec_context { * for the TX tag * @needed_tailroom: number of bytes reserved at the end of the sk_buff for the * TX tag + * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ @@ -352,6 +353,7 @@ struct macsec_ops { struct sk_buff *skb); unsigned int needed_headroom; unsigned int needed_tailroom; + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] macsec: Enable devices to advertise whether they update" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 475747a19316b08e856c666a20503e73d7ed67ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042909-drab-untapped-78a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 475747a19316 ("macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads") a73d8779d61a ("net: macsec: introduce mdo_insert_tx_tag") eb97b9bd38f9 ("net: macsec: documentation for macsec_context and macsec_ops") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475747a19316b08e856c666a20503e73d7ed67ed Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:02 -0700 Subject: [PATCH] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/macsec.h b/include/net/macsec.h index dbd22180cc5c..de216cbc6b05 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -321,6 +321,7 @@ struct macsec_context { * for the TX tag * @needed_tailroom: number of bytes reserved at the end of the sk_buff for the * TX tag + * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ @@ -352,6 +353,7 @@ struct macsec_ops { struct sk_buff *skb); unsigned int needed_headroom; unsigned int needed_tailroom; + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Use access_width over bit_width for system memory" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2f4a4d63a193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042921-pennant-gumming-5bd3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2f4a4d63a193be6fd530d180bb13c3592052904c Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Fri, 1 Mar 2024 11:25:59 -0800 Subject: [PATCH] ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ [ rjw: Subject and changelog edits, comment adjustments ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index d155a86a8614..b954ce3638a9 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -166,6 +166,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -780,6 +787,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; if (!osc_cpc_flexible_adr_space_confirmed) { pr_debug("Flexible address space capability not supported\n"); @@ -787,7 +795,8 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) goto out_free; } - addr = ioremap(gas_t->address, gas_t->bit_width/8); + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -983,6 +992,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val) static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1004,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = 0; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; @@ -1018,7 +1028,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -1037,18 +1049,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return 0; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, @@ -1070,7 +1086,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 05d92ee782eeb7b939bdd0189e6efcab9195bf95 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042941-fleshed-collide-d77b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 05d92ee782ee ("ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro") 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") 0651ab90e4ad ("ACPI: CPPC: Check _OSC for flexible address space") c42fa24b4475 ("ACPI: bus: Avoid using CPPC if not supported by firmware") 2ca8e6285250 ("Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag"") f684b1075128 ("ACPI: CPPC: Drop redundant local variable from cpc_read()") 5f51c7ce1dc3 ("ACPI: CPPC: Fix up I/O port access in cpc_read()") a2c8f92bea5f ("ACPI: CPPC: Implement support for SystemIO registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 05d92ee782eeb7b939bdd0189e6efcab9195bf95 Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Mon, 8 Apr 2024 22:23:09 -0700 Subject: [PATCH] ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Commit 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") neglected to properly wrap the bit_offset shift when it comes to applying the mask. This may cause incorrect values to be read and may cause the cpufreq module not be loaded. [ 11.059751] cpu_capacity: CPU0 missing/invalid highest performance. [ 11.066005] cpu_capacity: partial information: fallback to 1024 for all CPUs Also, corrected the bitmask generation in GENMASK (extra bit being added). Fixes: 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ Reviewed-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 4bfbe55553f4..00a30ca35e78 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -170,8 +170,8 @@ show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); #define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) /* Shift and apply the mask for CPC reads/writes */ -#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ - GENMASK(((reg)->bit_width), 0))) +#define MASK_VAL(reg, val) (((val) >> (reg)->bit_offset) & \ + GENMASK(((reg)->bit_width) - 1, 0)) static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf)

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042943-elves-patrol-347f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") 2962484dfef8 ("misc: eeprom: at24: check suspend status before disable regulator") 45df80d7605c ("misc: eeprom: at24: register nvmem only after eeprom is ready to use") 58d6fee50e67 ("misc: eeprom: at24: fix regulator underflow") cd5676db0574 ("misc: eeprom: at24: support pm_runtime control") 1c89074bf850 ("eeprom: at24: remove the write-protect pin support") 69afc4b62308 ("eeprom: at24: sort headers alphabetically") 285be87c79e1 ("eeprom: at24: Improve confusing log message") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042942-headboard-dweeb-a026@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") 2962484dfef8 ("misc: eeprom: at24: check suspend status before disable regulator") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042942-smirk-rectal-821f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042940-resize-urgent-402d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042941-payphone-elf-fac2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix wrong block_start calculation for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fe1c6c7acce10baf9521d6dccc17268d91ee2305 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042906-stapling-dosage-67ad@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fe1c6c7acce1 ("btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()") 92e1229b204d ("btrfs: tests: test invalid splitting when skipping pinned drop extent_map") f345dbdf2c9c ("btrfs: tests: add a test for btrfs_add_extent_mapping") 89c3760428db ("btrfs: tests: add extent_map tests for dropping with odd layouts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe1c6c7acce10baf9521d6dccc17268d91ee2305 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 9 Apr 2024 20:32:34 +0930 Subject: [PATCH] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() [BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 445f7716f1e2..24a048210b15 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -817,7 +817,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..47b5d301038e 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -847,6 +847,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fallback if compressed IO fails for ENOSPC" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 131a821a243f89be312ced9e62ccc37b2cf3846c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042924-filling-contact-97aa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 131a821a243f ("btrfs: fallback if compressed IO fails for ENOSPC") a994310aa26f ("btrfs: remove PAGE_SET_ERROR") 99a01bd6388e ("btrfs: use btrfs_inode inside compress_file_range") 99a81a444448 ("btrfs: switch async_chunk::inode to btrfs_inode") fd8d2951f478 ("btrfs: convert extent_io page op defines to enum bits") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 131a821a243f89be312ced9e62ccc37b2cf3846c Mon Sep 17 00:00:00 2001 From: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Date: Sat, 6 Apr 2024 04:45:02 -0400 Subject: [PATCH] btrfs: fallback if compressed IO fails for ENOSPC In commit b4ccace878f4 ("btrfs: refactor submit_compressed_extents()"), if an async extent compressed but failed to find enough space, we changed from falling back to an uncompressed write to just failing the write altogether. The principle was that if there's not enough space to write the compressed version of the data, there can't possibly be enough space to write the larger, uncompressed version of the data. However, this isn't necessarily true: due to fragmentation, there could be enough discontiguous free blocks to write the uncompressed version, but not enough contiguous free blocks to write the smaller but unsplittable compressed version. This has occurred to an internal workload which relied on write()'s return value indicating there was space. While rare, it has happened a few times. Thus, in order to prevent early ENOSPC, re-add a fallback to uncompressed writing. Fixes: b4ccace878f4 ("btrfs: refactor submit_compressed_extents()") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Co-developed-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index c65fe5de4022..7fed887e700c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1145,13 +1145,13 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, 0, *alloc_hint, &ins, 1, 1); if (ret) { /* - * Here we used to try again by going back to non-compressed - * path for ENOSPC. But we can't reserve space even for - * compressed size, how could it work for uncompressed size - * which requires larger size? So here we directly go error - * path. + * We can't reserve contiguous space for the compressed size. + * Unlikely, but it's possible that we could have enough + * non-contiguous space for the uncompressed size instead. So + * fall back to uncompressed. */ - goto out_free; + submit_uncompressed_range(inode, async_extent, locked_page); + goto done; } /* Here we're doing allocation and writeback of the compressed pages */ @@ -1203,7 +1203,6 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, out_free_reserve: btrfs_dec_block_group_reservations(fs_info, ins.objectid); btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, 1); -out_free: mapping_set_error(inode->vfs_inode.i_mapping, -EIO); extent_clear_unlock_delalloc(inode, start, end, NULL, EXTENT_LOCKED | EXTENT_DELALLOC |

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042955-boxer-slinky-3da2@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-savanna-reversing-7575@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042953-unstitch-causing-de1d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 6 months

1
0
0 0

[PATCH v3] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..e1c6dffe5f8b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1580,7 +1580,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1743,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4231,7 +4235,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4241,9 +4248,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,9 +4334,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4549,6 +4562,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 6 months

3
2
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042931-rejoice-waving-ec82@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042930-undone-willow-c057@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042930-gap-giant-6499@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042929-repave-emerald-63ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042917-regulate-exquisite-3f14@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042916-rebate-duct-2b7b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042915-underhand-decorator-fe82@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042915-serving-venus-b776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042914-scariness-polka-0293@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042912-scholar-flammable-0e87@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") 0472f8d3c054 ("mmc: sdhci-msm: Use OPP API to set clk/perf state") 9051db381fab ("mmc: sdhci-msm: Mark sdhci_msm_cqe_disable static") 87a8df0dce6a ("mmc: sdhci-msm: Add CQHCI support for sdhci-msm") 21f1e2d457ce ("mmc: sdhci-msm: Re-initialize DLL if MCLK is gated dynamically") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042911-librarian-armory-e9db@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") 0472f8d3c054 ("mmc: sdhci-msm: Use OPP API to set clk/perf state") 9051db381fab ("mmc: sdhci-msm: Mark sdhci_msm_cqe_disable static") 87a8df0dce6a ("mmc: sdhci-msm: Add CQHCI support for sdhci-msm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042910-obnoxious-sleep-f776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042950-distaste-resource-3555@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") 78fbe906cc90 ("mm/page-flags: reuse PG_mappedtodisk as PG_anon_exclusive for PageAnon() pages") c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") 84d60fdd3733 ("mm: slightly clarify KSM logic in do_swap_page()") 5cbf9942c963 ("mm: generalize the pgmap based page_free infrastructure") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042949-discolor-mop-d6e8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") 78fbe906cc90 ("mm/page-flags: reuse PG_mappedtodisk as PG_anon_exclusive for PageAnon() pages") c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") 84d60fdd3733 ("mm: slightly clarify KSM logic in do_swap_page()") 5cbf9942c963 ("mm: generalize the pgmap based page_free infrastructure") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042948-overstuff-untwist-805f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix invalid device address check" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-refract-eraser-aaf8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 32868e126c78 ("Bluetooth: qca: fix invalid device address check") 77f45cca8bc5 ("Bluetooth: qca: fix device-address endianness") 4790a73ace86 ("Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"") 7dcd3e014aa7 ("Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT") a7f8dedb4be2 ("Bluetooth: qca: add support for QCA2066") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 16 Apr 2024 11:15:09 +0200 Subject: [PATCH] Bluetooth: qca: fix invalid device address check Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This was previously believed to be due to lack of persistent storage for the address but it may also be due to integrators opting to not use the on-chip OTP memory and instead store the address elsewhere (e.g. in storage managed by secure world firmware). According to Qualcomm, at least WCN6750, WCN6855 and WCN7850 have on-chip OTP storage for the address. As the device type alone cannot be used to determine when the address is valid, instead read back the address during setup() and only set the HCI_QUIRK_USE_BDADDR_PROPERTY flag when needed. This specifically makes sure that controllers that have been provisioned with an address do not start as unconfigured. Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Link: https://lore.kernel.org/r/124a7d54-5a18-4be7-9a76-a12017f6cce5@quicinc.com/ Fixes: 5971752de44c ("Bluetooth: hci_qca: Set HCI_QUIRK_USE_BDADDR_PROPERTY for wcn3990") Fixes: e668eb1e1578 ("Bluetooth: hci_core: Don't stop BT if the BD address missing in dts") Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk") Cc: stable(a)vger.kernel.org # 6.5 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 19cfc342fc7b..216826c31ee3 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,6 +15,8 @@ #define VERSION "0.1" +#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) + int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); +static int qca_check_bdaddr(struct hci_dev *hdev) +{ + struct hci_rp_read_bd_addr *bda; + struct sk_buff *skb; + int err; + + if (bacmp(&hdev->public_addr, BDADDR_ANY)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "Failed to read device address (%d)", err); + return err; + } + + if (skb->len != sizeof(*bda)) { + bt_dev_err(hdev, "Device address length mismatch"); + kfree_skb(skb); + return -EIO; + } + + bda = (struct hci_rp_read_bd_addr *)skb->data; + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + kfree_skb(skb); + + return 0; +} + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, struct qca_btsoc_version ver, u8 rom_ver, u16 bid) { @@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } + err = qca_check_bdaddr(hdev); + if (err) + return err; + bt_dev_info(hdev, "QCA setup on UART is completed"); return 0; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index ecbc52eaf101..92fa20f5ac7d 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1905,8 +1905,6 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - qcadev = serdev_device_get_drvdata(hu->serdev); if (qcadev->bdaddr_property_broken) set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks);

1 year, 6 months

1
0
0 0

[PATCH 5.10.y] PM / devfreq: Fix buffer overflow in trans_stat_show

by Jan Kiszka

From: Christian Marangi <ansuelsmth(a)gmail.com> [ Upstream commit 08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 ] Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. Link: https://lore.kernel.org/all/20231024183016.14648-2-ansuelsmth@gmail.com/ Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218041 Fixes: e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing frequency transition information.") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> --- Original found by someone at Nvidia. But this backport is based on the 5.15 commit (796d3fad8c35ee9df9027899fb90ceaeb41b958f) where only a conflict in sysfs-class-devfreq needed manual resolution. Documentation/ABI/testing/sysfs-class-devfreq | 3 + drivers/devfreq/devfreq.c | 59 +++++++++++++------ 2 files changed, 43 insertions(+), 19 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-devfreq b/Documentation/ABI/testing/sysfs-class-devfreq index b8ebff4b1c4c..4514cf9fc7a1 100644 --- a/Documentation/ABI/testing/sysfs-class-devfreq +++ b/Documentation/ABI/testing/sysfs-class-devfreq @@ -66,6 +66,9 @@ Description: echo 0 > /sys/class/devfreq/.../trans_stat + If the transition table is bigger than PAGE_SIZE, reading + this will return an -EFBIG error. + What: /sys/class/devfreq/.../userspace/set_freq Date: September 2011 Contact: MyungJoo Ham <myungjoo.ham(a)samsung.com> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 216594b86119..93df6cef4f5a 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1639,7 +1639,7 @@ static ssize_t trans_stat_show(struct device *dev, struct device_attribute *attr, char *buf) { struct devfreq *df = to_devfreq(dev); - ssize_t len; + ssize_t len = 0; int i, j; unsigned int max_state; @@ -1648,7 +1648,7 @@ static ssize_t trans_stat_show(struct device *dev, max_state = df->profile->max_state; if (max_state == 0) - return sprintf(buf, "Not Supported.\n"); + return scnprintf(buf, PAGE_SIZE, "Not Supported.\n"); mutex_lock(&df->lock); if (!df->stop_polling && @@ -1658,33 +1658,54 @@ static ssize_t trans_stat_show(struct device *dev, } mutex_unlock(&df->lock); - len = sprintf(buf, " From : To\n"); - len += sprintf(buf + len, " :"); - for (i = 0; i < max_state; i++) - len += sprintf(buf + len, "%10lu", - df->profile->freq_table[i]); + len += scnprintf(buf + len, PAGE_SIZE - len, " From : To\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " :"); + for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu", + df->profile->freq_table[i]); + } + if (len >= PAGE_SIZE - 1) + return PAGE_SIZE - 1; - len += sprintf(buf + len, " time(ms)\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " time(ms)\n"); for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; if (df->profile->freq_table[i] == df->previous_freq) { - len += sprintf(buf + len, "*"); + len += scnprintf(buf + len, PAGE_SIZE - len, "*"); } else { - len += sprintf(buf + len, " "); + len += scnprintf(buf + len, PAGE_SIZE - len, " "); + } + if (len >= PAGE_SIZE - 1) + break; + + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu:", + df->profile->freq_table[i]); + for (j = 0; j < max_state; j++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10u", + df->stats.trans_table[(i * max_state) + j]); } - len += sprintf(buf + len, "%10lu:", - df->profile->freq_table[i]); - for (j = 0; j < max_state; j++) - len += sprintf(buf + len, "%10u", - df->stats.trans_table[(i * max_state) + j]); + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10llu\n", (u64) + jiffies64_to_msecs(df->stats.time_in_state[i])); + } + + if (len < PAGE_SIZE - 1) + len += scnprintf(buf + len, PAGE_SIZE - len, "Total transition : %u\n", + df->stats.total_trans); - len += sprintf(buf + len, "%10llu\n", (u64) - jiffies64_to_msecs(df->stats.time_in_state[i])); + if (len >= PAGE_SIZE - 1) { + pr_warn_once("devfreq transition table exceeds PAGE_SIZE. Disabling\n"); + return -EFBIG; } - len += sprintf(buf + len, "Total transition : %u\n", - df->stats.total_trans); return len; } -- 2.35.3

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] fork: defer linking file vma until vma is fully initialized" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042320-angled-goldmine-2cd7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") 2820b0f09be9 ("hugetlbfs: close race between MADV_DONTNEED and page fault") b5df09226450 ("mm: set up vma iterator for vma_iter_prealloc() calls") f72cf24a8686 ("mm: use vma_iter_clear_gfp() in nommu") da0892547b10 ("maple_tree: re-introduce entry to mas_preallocate() arguments") fd892593d44d ("mm: change do_vmi_align_munmap() tracking of VMAs to remove") 5502ea44f5ad ("mm/hugetlb: add page_mask for hugetlb_follow_page_mask()") dd767aaa2fc8 ("mm/hugetlb: handle FOLL_DUMP well in follow_page_mask()") 1279aa0656bb ("mm: make show_free_areas() static") 408579cd627a ("mm: Update do_vmi_align_munmap() return semantics") e4bd84c069f2 ("mm: Always downgrade mmap_lock if requested") 43ec8a620b38 ("Merge tag 'unmap-fix-20230629' of git://git.infradead.org/users/dwmw2/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Wed, 10 Apr 2024 17:14:41 +0800 Subject: [PATCH] fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..aebb3e6c96dc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out;

1 year, 6 months

3
2
0 0

[PATCH 5.15,5.10,5.4,4.19 0/2] Fix warning when tracing with large filenames

by Thadeu Lima de Souza Cascardo

The warning described on patch "tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together" can be triggered with a perf probe on do_execve with a large path. As PATH_MAX is larger than PERF_MAX_TRACE_SIZE (2048 before the patch), the warning will trigger. The fix was included in 5.16, so backporting to 5.15 and earlier LTS kernels. Also included is a patch that better describes the attempted allocation size. -- 2.34.1

1 year, 6 months

2
4
0 0

FAILED: patch "[PATCH] virtio_net: Do not send RSS key if it is not supported" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 059a49aa2e25c58f90b50151f109dd3c4cdb3a47 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041414-humming-alarm-eb41@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 059a49aa2e25 ("virtio_net: Do not send RSS key if it is not supported") fb6e30a72539 ("net: ethtool: pass a pointer to parameters to get/set_rxfh ethtool ops") 02cbfba1add5 ("idpf: add ethtool callbacks") a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") 3a8845af66ed ("idpf: add RX splitq napi poll support") c2d548cad150 ("idpf: add TX splitq napi poll support") 6818c4d5b3c2 ("idpf: add splitq start_xmit") d4d558718266 ("idpf: initialize interrupts and enable vport") 95af467d9a4e ("idpf: configure resources for RX queues") 1c325aac10a8 ("idpf: configure resources for TX queues") ce1b75d0635c ("idpf: add ptypes and MAC filter support") 0fe45467a104 ("idpf: add create vport and netdev configuration") 4930fbf419a7 ("idpf: add core init and interrupt request") 8077c727561a ("idpf: add controlq init and reset checks") e850efed5e15 ("idpf: add module register and probe functionality") b9335a757232 ("net/mlx5e: Make flow classification filters static") 4cab498f33f7 ("hv_netvsc: Allocate rx indirection table size dynamically") 4f3ed1293feb ("ixgbe: Allow flow hash to be set via ethtool") 2b30f8291a30 ("net: ethtool: add support for MAC Merge layer") 8580e16c28f3 ("net/ethtool: add netlink interface for the PLCA RS") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 059a49aa2e25c58f90b50151f109dd3c4cdb3a47 Mon Sep 17 00:00:00 2001 From: Breno Leitao <leitao(a)debian.org> Date: Wed, 3 Apr 2024 08:43:12 -0700 Subject: [PATCH] virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending RSS commands if the feature is not available in the device. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Reviewed-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c22d1118a133..115c3c5414f2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3807,6 +3807,7 @@ static int virtnet_set_rxfh(struct net_device *dev, struct netlink_ext_ack *extack) { struct virtnet_info *vi = netdev_priv(dev); + bool update = false; int i; if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE && @@ -3814,13 +3815,28 @@ static int virtnet_set_rxfh(struct net_device *dev, return -EOPNOTSUPP; if (rxfh->indir) { + if (!vi->has_rss) + return -EOPNOTSUPP; + for (i = 0; i < vi->rss_indir_table_size; ++i) vi->ctrl->rss.indirection_table[i] = rxfh->indir[i]; + update = true; } - if (rxfh->key) - memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); - virtnet_commit_rss_command(vi); + if (rxfh->key) { + /* If either _F_HASH_REPORT or _F_RSS are negotiated, the + * device provides hash calculation capabilities, that is, + * hash_key is configured. + */ + if (!vi->has_rss && !vi->has_rss_hash_report) + return -EOPNOTSUPP; + + memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); + update = true; + } + + if (update) + virtnet_commit_rss_command(vi); return 0; } @@ -4729,13 +4745,15 @@ static int virtnet_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) vi->has_rss_hash_report = true; - if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) + if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) { vi->has_rss = true; - if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_indir_table_size = virtio_cread16(vdev, offsetof(struct virtio_net_config, rss_max_indirection_table_length)); + } + + if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_key_size = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size));

1 year, 6 months

3
2
0 0

[Patch 5.4.y] net/mlx5e: Fix a race in command alloc flow

by Samasth Norway Ananda

From: Shifeng Li <lishifeng(a)sangfor.com.cn> [ Upstream commit 8f5100da56b3980276234e812ce98d8f075194cd ] Fix a cmd->ent use after free due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry. The process which handles commands flush may see this command as needed to be flushed if the other process allocated a ent->idx but didn't set ent to cmd->ent_arr in cmd_work_handler(). Fix it by moving the assignment of cmd->ent_arr into the spin lock. [70013.081955] BUG: KASAN: use-after-free in mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.081967] Write of size 4 at addr ffff88880b1510b4 by task kworker/26:1/1433361 [70013.081968] [70013.082028] Workqueue: events aer_isr [70013.082053] Call Trace: [70013.082067] dump_stack+0x8b/0xbb [70013.082086] print_address_description+0x6a/0x270 [70013.082102] kasan_report+0x179/0x2c0 [70013.082173] mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.082267] mlx5_cmd_flush+0x80/0x180 [mlx5_core] [70013.082304] mlx5_enter_error_state+0x106/0x1d0 [mlx5_core] [70013.082338] mlx5_try_fast_unload+0x2ea/0x4d0 [mlx5_core] [70013.082377] remove_one+0x200/0x2b0 [mlx5_core] [70013.082409] pci_device_remove+0xf3/0x280 [70013.082439] device_release_driver_internal+0x1c3/0x470 [70013.082453] pci_stop_bus_device+0x109/0x160 [70013.082468] pci_stop_and_remove_bus_device+0xe/0x20 [70013.082485] pcie_do_fatal_recovery+0x167/0x550 [70013.082493] aer_isr+0x7d2/0x960 [70013.082543] process_one_work+0x65f/0x12d0 [70013.082556] worker_thread+0x87/0xb50 [70013.082571] kthread+0x2e9/0x3a0 [70013.082592] ret_from_fork+0x1f/0x40 The logical relationship of this error is as follows: aer_recover_work | ent->work -------------------------------------------+------------------------------ aer_recover_work_func | |- pcie_do_recovery | |- report_error_detected | |- mlx5_pci_err_detected |cmd_work_handler |- mlx5_enter_error_state | |- cmd_alloc_index |- enter_error_state | |- lock cmd->alloc_lock |- mlx5_cmd_flush | |- clear_bit |- mlx5_cmd_trigger_completions| |- unlock cmd->alloc_lock |- lock cmd->alloc_lock | |- vector = ~dev->cmd.vars.bitmask |- for_each_set_bit | |- cmd_ent_get(cmd->ent_arr[i]) (UAF) |- unlock cmd->alloc_lock | |- cmd->ent_arr[ent->idx]=ent The cmd->ent_arr[ent->idx] assignment and the bit clearing are not protected by the cmd->alloc_lock in cmd_work_handler(). Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") Reviewed-by: Moshe Shemesh <moshe(a)nvidia.com> Signed-off-by: Shifeng Li <lishifeng(a)sangfor.com.cn> Signed-off-by: Saeed Mahameed <saeedm(a)nvidia.com> [Samasth: backport for 5.4.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: drivers/net/ethernet/mellanox/mlx5/core/cmd.c conflict caused due to the absence of commit 58db72869a9f ("net/mlx5: Re-organize mlx5_cmd struct") which is structural change of code and is not necessary for this patch. --- commit: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") is present from linux-5.4.y onwards but the current commit which fixes it is only present from linux-6.1.y. Would be nice to get an opinion from the author or maintainer. --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c index 93a6597366f5..ebf5b30b2100 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -114,15 +114,18 @@ static u8 alloc_token(struct mlx5_cmd *cmd) return token; } -static int cmd_alloc_index(struct mlx5_cmd *cmd) +static int cmd_alloc_index(struct mlx5_cmd *cmd, struct mlx5_cmd_work_ent *ent) { unsigned long flags; int ret; spin_lock_irqsave(&cmd->alloc_lock, flags); ret = find_first_bit(&cmd->bitmask, cmd->max_reg_cmds); - if (ret < cmd->max_reg_cmds) + if (ret < cmd->max_reg_cmds) { clear_bit(ret, &cmd->bitmask); + ent->idx = ret; + cmd->ent_arr[ent->idx] = ent; + } spin_unlock_irqrestore(&cmd->alloc_lock, flags); return ret < cmd->max_reg_cmds ? ret : -ENOMEM; @@ -905,7 +908,7 @@ static void cmd_work_handler(struct work_struct *work) sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; down(sem); if (!ent->page_queue) { - alloc_ret = cmd_alloc_index(cmd); + alloc_ret = cmd_alloc_index(cmd, ent); if (alloc_ret < 0) { mlx5_core_err(dev, "failed to allocate command entry\n"); if (ent->callback) { @@ -920,15 +923,14 @@ static void cmd_work_handler(struct work_struct *work) up(sem); return; } - ent->idx = alloc_ret; } else { ent->idx = cmd->max_reg_cmds; spin_lock_irqsave(&cmd->alloc_lock, flags); clear_bit(ent->idx, &cmd->bitmask); + cmd->ent_arr[ent->idx] = ent; spin_unlock_irqrestore(&cmd->alloc_lock, flags); } - cmd->ent_arr[ent->idx] = ent; lay = get_inst(cmd, ent->idx); ent->lay = lay; memset(lay, 0, sizeof(*lay)); -- 2.43.0

1 year, 6 months

2
1
0 0

Backport request for [PATCH 0/3] selftests/seccomp seccomp_bpf test fixes

by Terry Tritton

Please backport the following fixes for selftest/seccomp. I forgot to send the original patches to the stable list! They resolve some edge cases in the testing. commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 selftests/seccomp: user_notification_addfd check nextfd is available commit: 471dbc547612adeaa769e48498ef591c6c95a57a selftests/seccomp: Change the syscall used in KILL_THREAD test commit: ecaaa55c9fa5e8058445a8b891070b12208cdb6d selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Please backport to 6.6 onwards. Thanks, Terry.

1 year, 6 months

2
1
0 0

Re: [6.6.y] "selftests/bpf: Add netkit to tc_redirect selftest" needs to be reverted

by Geliang Tang

cc stable(a)vger.kernel.org On Fri, 2024-04-26 at 10:50 +0200, Greg Kroah-Hartman wrote: > Hi, > > This is the friendly email-bot of Greg Kroah-Hartman's inbox. I've > detected that you have sent him a direct question that might be > better > sent to a public mailing list which is much faster in responding to > questions than Greg normally is. > > Please try asking one of the following mailing lists for your > questions: > > For udev and hotplug related questions, please ask on the > linux-hotplug(a)vger.kernel.org mailing list > > For USB related questions, please ask on the > linux-usb(a)vger.kernel.org > mailing list > > For PCI related questions, please ask on the > linux-pci(a)vger.kernel.org or linux-kernel(a)vger.kernel.org mailing > lists > > For serial and tty related questions, please ask on the > linux-serial(a)vger.kernel.org mailing list. > > For staging tree related questions, please ask on the > linux-staging(a)lists.linux.dev mailing list. > > For general kernel related questions, please ask on the > kernelnewbies(a)nl.linux.org or linux-kernel(a)vger.kernel.org mailing > lists, depending on the type of question. More basic, beginner > questions are better asked on the kernelnewbies list, after reading > the wiki at www.kernelnewbies.org. > > For Linux stable and longterm kernel release questions or patches > to > be included in the stable or longterm kernel trees, please email > stable(a)vger.kernel.org and Cc: the linux-kernel(a)vger.kernel.org > mailing list so all of the stable kernel developers can be > notified. > Also please read Documentation/process/stable-kernel-rules.rst in > the > Linux kernel tree for the proper procedure to get patches accepted > into the stable or longterm kernel releases. > > If you really want to ask Greg the question, please read the > following > two links as to why emailing a single person directly is usually not > a > good thing, and causes extra work on a single person: > http://www.arm.linux.org.uk/news/?newsitem=11 > http://www.eyrie.org/~eagle/faqs/questions.html > > After reading those messages, and you still feel that you want to > email > Greg instead of posting on a mailing list, then resend your message > within 24 hours and it will go through to him. But be forewarned, > his > email inbox currently looks like: > 912 messages in /home/greg/mail/INBOX/ > so it might be a while before he gets to the message. > > Thank you for your understanding. > > The email triggering this response has been automatically discarded. > > thanks, > > greg k-h's email bot

1 year, 6 months

2
3
0 0

v5.15 backport request

by Ard Biesheuvel

Please consider the commits below for backporting to v5.15. These patches are prerequisites for the backport of the x86 EFI stub refactor that is needed for distros to sign v5.15 images for secure boot in a way that complies with new MS requirements for memory protections while running in the EFI firmware. All patches either predate v6.1 or have been backported to it already. The remaining ~50 changes will be posted as a patch series in due time, as they will not apply cleanly to v5.15. Please apply in the order that they appear below. Thanks, Ard. 44f155b4b07b8293472c9797d5b39839b91041ca 4da87c51705815fe1fbd41cc61640bb80da5bc54 7c4146e8885512719a50b641e9277a1712e052ff 176db622573f028f85221873ea4577e096785315 950d00558a920227b5703d1fcc4751cfe03853cd ec1c66af3a30d45c2420da0974c01d3515dba26e a9ee679b1f8c3803490ed2eeffb688aaee56583f 3ba75c1316390b2bc39c19cb8f0f85922ab3f9ed 82e0d6d76a2a74bd6a31141d555d53b4cc22c2a3 31f1a0edff78c43e8a3bd3692af0db1b25c21b17 9cf42bca30e98a1c6c9e8abf876940a551eaa3d1 cb8bda8ad4438b4bcfcf89697fc84803fb210017 e2ab9eab324cdf240de89741e4a1aa79919f0196 5c3a85f35b583259cf5ca0344cd79c8899ba1bb7 91592b5c0c2f076ff9d8cc0c14aa563448ac9fc4 73a6dec80e2acedaef3ca603d4b5799049f6e9f8 7f22ca396778fea9332d83ec2359dbe8396e9a06 4b52016247aeaa55ca3e3bc2e03cd91114c145c2 630f337f0c4fd80390e8600adcab31550aea33df db14655ad7854b69a2efda348e30d02dbc19e8a1 bad267f9e18f8e9e628abd1811d2899b1735a4e1 62b71cd73d41ddac6b1760402bbe8c4932e23531 cc3fdda2876e58a7e83e558ab51853cf106afb6a d2d7a54f69b67cd0a30e0ebb5307cb2de625baac

1 year, 6 months

3
5
0 0

Linux 6.1.89

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.89 kernel. Only users of the 6.1 kernel series that had build problems with 6.1.88 need to upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm/mach-omap2/pdata-quirks.c | 10 ----- sound/soc/ti/omap3pandora.c | 63 +++++++++++++++++++++++-------------- 3 files changed, 41 insertions(+), 34 deletions(-) Greg Kroah-Hartman (2): Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors" Linux 6.1.89

1 year, 6 months

1
1
0 0

[PATCH 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and `MADV_DONTNEED` semantics). Consider this race: 1. T1 performs page removal in sgx_encl_remove_pages() and stops right after removing the page table entry and right before re-acquiring the enclave lock to EREMOVE and xa_erase(&encl->page_array) the page. 2. T2 tries to access the page, and #PF[not_present] is raised. The condition to EAUG in sgx_vma_fault() is not satisfied because the page is still present in encl->page_array, thus the SGX driver assumes that the fault happened because the page was swapped out. The driver continues on a code path that installs a page table entry *without* performing EAUG. 3. The enclave page metadata is in inconsistent state: the PTE is installed but there was no EAUG. Thus, T2 in userspace infinitely receives SIGSEGV on this page (and EACCEPT always fails). Fix this by making sure that T1 (the page-removing thread) always wins this data race. In particular, the page-being-removed is marked as such, and T2 retries until the page is fully removed. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This error handling path contains two bugs: (1) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread, and (2) sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed. The first bug is less severe because it impacts only the user space; the second bug is more severe because it also impacts the OS state by ripping the page (added by the winning thread) from the enclave. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 6.1 000/141] 6.1.88-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.88 release. There are 141 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.88-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.88-rc1 Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Vladimir Oltean <olteanv(a)gmail.com> net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Extend mtk_clk_simple_probe() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mux: Propagate struct device for mtk-mux AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Propagate struct device for composites AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-gate: Propagate struct device with mtk_clk_register_gates() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8192: Propagate struct device for gate clocks AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8192: Correctly unregister and free clocks on failure Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Vishal Badole <badolevishal1116(a)gmail.com> clk: Show active consumers of clocks in debugfs Yu Zhe <yuzhe(a)nfschina.com> clk: remove unnecessary (void*) conversions Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: new quirk to reduce the SET_ADDRESS request timeout Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Brenton Simpson <appsforartists(a)google.com> drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Use FIELD_GET() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add correct product series name to messages Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Default mixer driver to enabled Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: group AMD specific quirk code together Linus Walleij <linus.walleij(a)linaro.org> ASoC: ti: Convert Pandora ASoC to GPIO descriptors Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add support for Clarett 8Pre USB Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Rob Herring <robh(a)kernel.org> ARM: davinci: Drop unused includes Kelvin Cao <kelvin.cao(a)microchip.com> PCI: switchtec: Add support for PCIe Gen5 devices Kelvin Cao <kelvin.cao(a)microchip.com> PCI: switchtec: Use normal comment style Niklas Schnelle <schnelle(a)linux.ibm.com> PCI: Make quirk using inw() depend on HAS_IOPORT Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Execute quirk_enable_clear_retrain_link() earlier Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add debug log for link controller power quirk Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Log function name of the called quirk Arnd Bergmann <arnd(a)arndb.de> x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() Mike Pastore <mike(a)oobak.org> PCI: Delay after FLR of Solidigm P44 Pro NVMe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: pci-quirks: Reduce the length of a spinlock section in usb_amd_find_chipset_info() David Yang <mmyangfl(a)gmail.com> HID: kye: Sort kye devices Alvaro Karsz <alvaro.karsz(a)solid-run.com> PCI: Avoid FLR for SolidRun SNET DPU rev 1 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: OMAP2+: pdata-quirks: stop including wl12xx.h Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: omap2: n8x0: stop instantiating codec platform data Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Add missing __head annotation to startup_64_load_idt() Pasha Tatashin <pasha.tatashin(a)soleen.com> x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Increase section and file alignment to 4k/512 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Split off PE/COFF .data section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop PE/COFF .reloc section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Construct PE/COFF .text section from assembler Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Derive file size from _edata symbol Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Define setup size in linker script Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Set EFI handover offset directly in header asm Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Grab kernel_info offset from zoffset header directly Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop references to startup_64 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop redundant code setting the root device Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Omit compression buffer from PE/COFF image memory footprint Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Remove the 'bugger off' message Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop alignment flags from PE section headers Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Disregard setup header of loaded image Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop EFI stub .bss from .data section Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: fix incorrect active rb bitmap for gfx11 Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/mach-davinci/pdata-quirks.c | 2 +- arch/arm/mach-omap2/board-n8x0.c | 5 - arch/arm/mach-omap2/common-board-devices.h | 2 - arch/arm/mach-omap2/pdata-quirks.c | 12 +- arch/arm64/mm/pageattr.c | 3 - arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 1 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/boot/compressed/vmlinux.lds.S | 6 +- arch/x86/boot/header.S | 211 +++++++--------- arch/x86/boot/setup.ld | 14 +- arch/x86/boot/tools/build.c | 273 +-------------------- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/page_types.h | 12 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/kernel/amd_gart_64.c | 2 +- arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kernel/head64.c | 7 +- arch/x86/kernel/platform-quirks.c | 1 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 11 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 + arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/vmx/vmx.c | 24 +- arch/x86/kvm/x86.c | 2 +- arch/x86/mm/mem_encrypt_boot.S | 4 +- arch/x86/mm/mem_encrypt_identity.c | 58 ++--- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pti.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 201 +++++++++++---- drivers/clk/mediatek/clk-gate.c | 23 +- drivers/clk/mediatek/clk-gate.h | 7 +- drivers/clk/mediatek/clk-mt2701-aud.c | 4 +- drivers/clk/mediatek/clk-mt2701-eth.c | 4 +- drivers/clk/mediatek/clk-mt2701-g3d.c | 2 +- drivers/clk/mediatek/clk-mt2701-hif.c | 4 +- drivers/clk/mediatek/clk-mt2701-mm.c | 4 +- drivers/clk/mediatek/clk-mt2701.c | 22 +- drivers/clk/mediatek/clk-mt2712-mm.c | 4 +- drivers/clk/mediatek/clk-mt2712.c | 24 +- drivers/clk/mediatek/clk-mt6765.c | 13 +- drivers/clk/mediatek/clk-mt6779-mm.c | 4 +- drivers/clk/mediatek/clk-mt6779.c | 21 +- drivers/clk/mediatek/clk-mt6795-infracfg.c | 3 +- drivers/clk/mediatek/clk-mt6795-mm.c | 3 +- drivers/clk/mediatek/clk-mt6795-pericfg.c | 6 +- drivers/clk/mediatek/clk-mt6795-topckgen.c | 6 +- drivers/clk/mediatek/clk-mt6797-mm.c | 4 +- drivers/clk/mediatek/clk-mt6797.c | 7 +- drivers/clk/mediatek/clk-mt7622-aud.c | 4 +- drivers/clk/mediatek/clk-mt7622-eth.c | 8 +- drivers/clk/mediatek/clk-mt7622-hif.c | 8 +- drivers/clk/mediatek/clk-mt7622.c | 22 +- drivers/clk/mediatek/clk-mt7629-eth.c | 7 +- drivers/clk/mediatek/clk-mt7629-hif.c | 8 +- drivers/clk/mediatek/clk-mt7629.c | 18 +- drivers/clk/mediatek/clk-mt7986-eth.c | 10 +- drivers/clk/mediatek/clk-mt7986-infracfg.c | 7 +- drivers/clk/mediatek/clk-mt7986-topckgen.c | 3 +- drivers/clk/mediatek/clk-mt8135.c | 18 +- drivers/clk/mediatek/clk-mt8167-aud.c | 2 +- drivers/clk/mediatek/clk-mt8167-img.c | 2 +- drivers/clk/mediatek/clk-mt8167-mfgcfg.c | 2 +- drivers/clk/mediatek/clk-mt8167-mm.c | 4 +- drivers/clk/mediatek/clk-mt8167-vdec.c | 3 +- drivers/clk/mediatek/clk-mt8167.c | 12 +- drivers/clk/mediatek/clk-mt8173-mm.c | 4 +- drivers/clk/mediatek/clk-mt8173.c | 34 +-- drivers/clk/mediatek/clk-mt8183-audio.c | 4 +- drivers/clk/mediatek/clk-mt8183-mm.c | 4 +- drivers/clk/mediatek/clk-mt8183.c | 36 +-- drivers/clk/mediatek/clk-mt8186-mcu.c | 3 +- drivers/clk/mediatek/clk-mt8186-mm.c | 3 +- drivers/clk/mediatek/clk-mt8186-topckgen.c | 9 +- drivers/clk/mediatek/clk-mt8192-aud.c | 3 +- drivers/clk/mediatek/clk-mt8192-mm.c | 3 +- drivers/clk/mediatek/clk-mt8192.c | 88 +++++-- drivers/clk/mediatek/clk-mt8195-apmixedsys.c | 3 +- drivers/clk/mediatek/clk-mt8195-topckgen.c | 9 +- drivers/clk/mediatek/clk-mt8195-vdo0.c | 3 +- drivers/clk/mediatek/clk-mt8195-vdo1.c | 3 +- drivers/clk/mediatek/clk-mt8365-mm.c | 5 +- drivers/clk/mediatek/clk-mt8365.c | 14 +- drivers/clk/mediatek/clk-mt8516-aud.c | 2 +- drivers/clk/mediatek/clk-mt8516.c | 12 +- drivers/clk/mediatek/clk-mtk.c | 127 +++++++++- drivers/clk/mediatek/clk-mtk.h | 13 +- drivers/clk/mediatek/clk-mux.c | 14 +- drivers/clk/mediatek/clk-mux.h | 3 +- drivers/comedi/drivers/vmk80xx.c | 35 +-- drivers/firmware/efi/libstub/Makefile | 7 - drivers/firmware/efi/libstub/x86-stub.c | 58 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++-- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 80 ++++-- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 - drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_vma.c | 42 +++- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/hid/hid-ids.h | 2 +- drivers/hid/hid-kye.c | 66 ++--- drivers/hid/hid-quirks.c | 6 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 58 +++-- drivers/net/dsa/mt7530.h | 6 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 ++ drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 4 +- drivers/pci/bus.c | 49 ++-- drivers/pci/pci.c | 78 ++++-- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 21 +- drivers/pci/pcie/dpc.c | 5 +- drivers/pci/quirks.c | 70 +++++- drivers/pci/switch/switchtec.c | 158 +++++++----- drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 ++- drivers/thunderbolt/quirks.c | 2 + drivers/thunderbolt/switch.c | 50 +++- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/stm32-usart.c | 13 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 15 +- drivers/usb/core/port.c | 4 +- drivers/usb/core/quirks.c | 7 + drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/host/pci-quirks.c | 123 +++++----- drivers/usb/host/pci-quirks.h | 14 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/serial/option.c | 40 +++ fs/nilfs2/dir.c | 2 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/sysfs/file.c | 2 + include/linux/bootconfig.h | 7 +- include/linux/pci.h | 5 + include/linux/pci_ids.h | 2 + include/linux/switchtec.h | 1 + include/linux/usb/hcd.h | 5 +- include/linux/usb/quirks.h | 3 + include/net/dsa.h | 8 + include/net/netfilter/nf_flow_table.h | 12 +- include/trace/events/rpcgss.h | 4 +- include/uapi/linux/pci_regs.h | 1 + init/main.c | 2 + io_uring/io_uring.c | 16 +- lib/bootconfig.c | 19 +- mm/memory-failure.c | 18 +- net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/dsa/dsa2.c | 24 +- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 16 +- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/ti/omap3pandora.c | 63 ++--- sound/usb/Makefile | 2 +- sound/usb/mixer_quirks.c | 9 +- .../{mixer_scarlett_gen2.c => mixer_scarlett2.c} | 257 +++++++++++++------ sound/usb/mixer_scarlett2.h | 7 + sound/usb/mixer_scarlett_gen2.h | 7 - .../ftrace/test.d/event/subsystem-enable.tc | 6 +- 199 files changed, 2147 insertions(+), 1497 deletions(-)

1 year, 6 months

16
163
0 0

[PATCH v1] usb: typec: tcpm: enforce ready state when queueing alt mode vdm

by RD Babiera

Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c26fb70c3ec6..6fa1601ac259 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, TCPC_TX_SOP); mutex_unlock(&port->lock); base-commit: 684e9f5f97eb4b7831298ffad140d5c1d426ff27 -- 2.44.0.769.g3c40516874-goog

1 year, 6 months

2
3
0 0

[REGRESSION] Serious regression on 6.1.x-stable caused by "bounds: support non-power-of-two CONFIG_NR_CPUS"

by Mikhail Novosyolov

Hello, colleagues. Commit f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a "bounds: support non-power-of-two CONFIG_NR_CPUS" (https://github.com/torvalds/linux/commit/f2d5dcb48f7ba9e3ff249d58fc1fa963d3…) was backported to 6.1.x-stable (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…), but causes a serious regression on quite a lot of hardware with AMD GPUs, kernel panics. It was backported to 6.1.84, 6.1.84 has problems, 6.1.83 does not, the newest 6.1.88 still has this problem. The problem is described here: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 #regzbot introduced: 428ca0000f0abd5c99354c52a36becf2b815ca21

1 year, 6 months

1
0
0 0

[PATCH 1/1] serial: sc16is7xx: announce support of SER_RS485_RTS_ON_SEND

by Konstantin Pugin

From: Konstantin Pugin <ria.freelander(a)gmail.com> When specifying flag SER_RS485_RTS_ON_SEND in RS485 configuration, we get the following warning after commit 4afeced55baa ("serial: core: fix sanitizing check for RTS settings"): invalid RTS setting, using RTS_AFTER_SEND instead This results in SER_RS485_RTS_AFTER_SEND being set and the driver always write to the register field SC16IS7XX_EFCR_RTS_INVERT_BIT, which breaks some hardware using these chips. The hardware supports both RTS_ON_SEND and RTS_AFTER_SEND modes, so fix this by announcing support for RTS_ON_SEND. Cc: stable(a)vger.kernel.org Fixes: 267913ecf737 ("serial: sc16is7xx: Fill in rs485_supported") Tested-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Konstantin Pugin <ria.freelander(a)gmail.com> --- drivers/tty/serial/sc16is7xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 03cf30e20b75..dfcc804f558f 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1449,7 +1449,7 @@ static int sc16is7xx_setup_mctrl_ports(struct sc16is7xx_port *s, } static const struct serial_rs485 sc16is7xx_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_AFTER_SEND, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND, .delay_rts_before_send = 1, .delay_rts_after_send = 1, /* Not supported but keep returning -EINVAL */ }; -- 2.44.0

1 year, 6 months

1
0
0 0

[PATCH v3] Input: xen-kbdfront - drop keys to shrink modalias

by Jason Andryuk

xen kbdfront registers itself as being able to deliver *any* key since it doesn't know what keys the backend may produce. Unfortunately, the generated modalias gets too large and uevent creation fails with -ENOMEM. This can lead to gdm not using the keyboard since there is no seat associated [1] and the debian installer crashing [2]. Trim the ranges of key capabilities by removing some BTN_* ranges. While doing this, some neighboring undefined ranges are removed to trim it further. An upper limit of KEY_KBD_LCD_MENU5 is still too large. Use an upper limit of KEY_BRIGHTNESS_MENU. This removes: BTN_DPAD_UP(0x220)..BTN_DPAD_RIGHT(0x223) Empty space 0x224..0x229 Empty space 0x28a..0x28f KEY_MACRO1(0x290)..KEY_MACRO30(0x2ad) KEY_MACRO_RECORD_START 0x2b0 KEY_MACRO_RECORD_STOP 0x2b1 KEY_MACRO_PRESET_CYCLE 0x2b2 KEY_MACRO_PRESET1(0x2b3)..KEY_MACRO_PRESET3(0xb5) Empty space 0x2b6..0x2b7 KEY_KBD_LCD_MENU1(0x2b8)..KEY_KBD_LCD_MENU5(0x2bc) Empty space 0x2bd..0x2bf BTN_TRIGGER_HAPPY(0x2c0)..BTN_TRIGGER_HAPPY40(0x2e7) Empty space 0x2e8..0x2ff The modalias shrinks from 2082 to 1550 bytes. A chunk of keys need to be removed to allow the keyboard to be used. This may break some functionality, but the hope is these macro keys are uncommon and don't affect any users. [1] https://github.com/systemd/systemd/issues/22944 [2] https://lore.kernel.org/xen-devel/87o8dw52jc.fsf@vps.thesusis.net/T/ Cc: Phillip Susi <phill(a)thesusis.net> Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Mattijs Korpershoek <mkorpershoek(a)baylibre.com> --- v3: Add Mattijs R-b Put /* and */ on separate lines --- drivers/input/misc/xen-kbdfront.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/input/misc/xen-kbdfront.c b/drivers/input/misc/xen-kbdfront.c index 67f1c7364c95..d59ba8f9852e 100644 --- a/drivers/input/misc/xen-kbdfront.c +++ b/drivers/input/misc/xen-kbdfront.c @@ -256,7 +256,16 @@ static int xenkbd_probe(struct xenbus_device *dev, __set_bit(EV_KEY, kbd->evbit); for (i = KEY_ESC; i < KEY_UNKNOWN; i++) __set_bit(i, kbd->keybit); - for (i = KEY_OK; i < KEY_MAX; i++) + /* + * In theory we want to go KEY_OK..KEY_MAX, but that grows the + * modalias line too long. There is a gap of buttons from + * BTN_DPAD_UP..BTN_DPAD_RIGHT and KEY_ALS_TOGGLE is the next + * defined. Then continue up to KEY_BRIGHTNESS_MENU as an upper + * limit. + */ + for (i = KEY_OK; i < BTN_DPAD_UP; i++) + __set_bit(i, kbd->keybit); + for (i = KEY_ALS_TOGGLE; i <= KEY_BRIGHTNESS_MENU; i++) __set_bit(i, kbd->keybit); ret = input_register_device(kbd); -- 2.41.0

1 year, 6 months

2
5
0 0

[PATCH v2] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address 00000000000003c0 pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..454165776797 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4,7 +4,6 @@ * * USB Power Delivery protocol stack. */ - #include <linux/completion.h> #include <linux/debugfs.h> #include <linux/device.h> @@ -1580,7 +1579,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1742,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4231,7 +4234,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4241,9 +4247,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,9 +4333,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4549,6 +4561,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 6 months

1
1
0 0

[PATCH v1] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: [17514.377076][ T275] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003c0 [17514.378270][ T275] pc : run_state_machine+0x1bc8/0x1c08 [17514.378286][ T275] lr : run_state_machine+0x1b90/0x1c08 .. [17514.378377][ T275] Call trace: [17514.378381][ T275] run_state_machine+0x1bc8/0x1c08 [17514.378388][ T275] tcpm_state_machine_work+0x94/0xe4 [17514.378396][ T275] kthread_worker_fn+0x118/0x328 [17514.378406][ T275] kthread+0x1d0/0x23c [17514.378412][ T275] ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..8a4fa8d875c6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4,7 +4,6 @@ * * USB Power Delivery protocol stack. */ - #include <linux/completion.h> #include <linux/debugfs.h> #include <linux/device.h> @@ -1580,7 +1579,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (!IS_ERR_OR_NULL(port->partner)) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1742,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (IS_ERR_OR_NULL(port->partner)) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4244,7 +4247,8 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner = typec_register_partner(port->typec_port, &port->partner_desc); port->connected = true; - typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); + if (!IS_ERR_OR_NULL(port->partner)) + typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,8 +4327,10 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); + if (!IS_ERR_OR_NULL(port->partner)) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + } port->partner = NULL; port->connected = false; } @@ -4549,6 +4555,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (IS_ERR_OR_NULL(port->partner)) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 6 months

2
2
0 0

[PATCH 5.15 000/476] 5.15.149-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.149 release. There are 476 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.149-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.149-rc1 Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Ignore End Transfer delay on teardown Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Execute gadget stop after halting the controller Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't delay End Transfer on delayed_status Peter Suti <peter.suti(a)streamunlimited.com> staging: fbtft: core: set smem_len before fb_deferred_io_init call Kees Cook <keescook(a)chromium.org> smb3: Replace smb2pdu 1-element arrays with flex-arrays Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add null pointer checks Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Fix EEE implementation Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack" Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Enable runtime PM Douglas Anderson <dianders(a)chromium.org> PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Davidlohr Bueso <dave(a)stgolabs.net> hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Carlos Llamas <cmllamas(a)google.com> scripts/decode_stacktrace.sh: optionally use LLVM utilities Miguel Ojeda <ojeda(a)kernel.org> scripts: decode_stacktrace: demangle Rust symbols Schspa Shi <schspa(a)gmail.com> scripts/decode_stacktrace.sh: support old bash version Nam Cao <namcao(a)linutronix.de> fbdev: flush deferred IO before closing Takashi Iwai <tiwai(a)suse.de> fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() Takashi Iwai <tiwai(a)suse.de> fbdev: Fix invalid page access after closing deferred I/O devices Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Rename pagelist to pagereflist for deferred I/O Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Track deferred-I/O pages in pageref struct Chuansheng Liu <chuansheng.liu(a)intel.com> fbdev: defio: fix the pagelist corruption Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Don't sort deferred-I/O pages by default Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/defio: Early-out if page is already enlisted Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: 8250_exar: Set missing rs485_supported flag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_exar: Fill in rs485_supported Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Queue PM runtime idle on disconnect event Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Handle EP0 request dequeuing properly Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Submit endxfer command if delayed during disconnect Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Force sending delayed status during soft disconnect Mayank Rana <quic_mrana(a)quicinc.com> usb: dwc3: Fix ep0 handling when getting reset while doing control transfer Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Delay issuing End Transfer Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Only End Transfer for ep0 data phase Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't prepare beyond Setup stage Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Lukas Wunner <lukas(a)wunner.de> wifi: mwifiex: Support SD8978 chipset Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> mwifiex: Select firmware based on strapping Christian König <christian.koenig(a)amd.com> dma-buf: add dma_fence_timestamp helper Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Remove i801_set_block_buffer_mode Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_rbtree: skip end interval element from gc Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Justin Stitt <justinstitt(a)google.com> drivers: lkdtm: fix clang -Wformat warning Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Anson Jacob <Anson.Jacob(a)amd.com> drm/amd/display: Fix multiple memory leaks reported by coverity Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Johan Hovold <johan+linaro(a)kernel.org> ASoC: codecs: lpass-wsa-macro: fix compander volume hack Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Benjamin Berg <bberg(a)redhat.com> HID: apple: Add 2021 magic keyboard FN key mapping Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: Add support for the 2021 Magic Keyboard Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix use-after-free vulnerability Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for shadow call stack Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix available tunnels detection Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV Linus Lüssing <linus.luessing(a)c0d3.blue> bridge: mcast: fix disabled snooping after long uptime Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Piotr Skajewski <piotrx.skajewski(a)intel.com> ixgbe: Remove non-inclusive language Eric Dumazet <edumazet(a)google.com> tcp: add sanity checks to rx zerocopy Eric Dumazet <edumazet(a)google.com> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() Eric Dumazet <edumazet(a)google.com> ip6_tunnel: use dev_sw_netstats_rx_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: give more time for GRO aggregation Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Stephen Rothwell <sfr(a)canb.auug.org.au> drm: using mul_u32_u32() requires linux/math64.h Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Peter Zijlstra <peterz(a)infradead.org> perf: Fix the nr_addr_filters fix Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix lock dependency warning Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Bjorn Helgaas <bhelgaas(a)google.com> PCI/AER: Decode Requester ID when no error info found Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix 64GT/s effective data rate calculation Max Kellermann <max.kellermann(a)ionos.com> fs/kernfs/dir: obey S_ISGID Adrian Reber <areber(a)redhat.com> tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Fix linker script asserts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro James Clark <james.clark(a)arm.com> perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present Daniel Stodden <dns(a)arista.com> PCI: switchtec: Fix stdev_release() crash after surprise hot remove Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Xiaowu.ding <xiaowu.ding(a)jaguarmicro.com> mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com> xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Harshit Shah <harshitshah.opendev(a)gmail.com> i3c: master: cdns: Update maximum prescaler value for i2c clock Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time corruption Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Alexander Stein <alexander.stein(a)ew.tq-group.com> clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Werner Fischer <devlists(a)wefi.net> watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Wang, Beyond <Wang.Beyond(a)amd.com> drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Fix hblank min/max values Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during block migration Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Drop IRQF_SHARED Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix write pointers on zoned device after roll forward Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Fix tiled display misalignment Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Refer to correct stream index at loops Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Andrii Staikov <andrii.staikov(a)intel.com> i40e: Fix VF disable behavior to block all traffic Lin Ma <linma(a)zju.edu.cn> bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix possible multiple reject send Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Mingyi Zhang <zhangmingyi5(a)huawei.com> libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Christoph Hellwig <hch(a)lst.de> block: prevent an integer overflow in bvec_try_merge_hw_page Tobias Waldekranz <tobias(a)waldekranz.com> net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27: Pass timing0 Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25: Fix the iim compatible string Kees Cook <keescook(a)chromium.org> block/rnbd-srv: Check for unlikely string overflow Shannon Nelson <shannon.nelson(a)amd.com> ionic: pass opcode to devcmd_wait Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Hou Tao <houtao1(a)huawei.com> bpf: Set uattr->batch.count as zero before batched update or deletion Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7d: Fix coresight funnel ports ching Huang <ching2048(a)areca.com.tw> scsi: arcmsr: Support new PCI device IDs 1883 and 1886 Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Yafang Shao <laoar.shao(a)gmail.com> selftests/bpf: Fix issues in setup_classid_environment() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix pyperf180 compilation failure with clang18 Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: satisfy compiler by having explicit return in btf test Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: restart beacon queue when hardware reset Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Gabriel Krisman Bertazi <krisman(a)suse.de> ecryptfs: Reject casefold directory inodes Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Arnd Bergmann <arnd(a)arndb.de> arch: consolidate arch_irq_work_raise prototypes Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix cptvf driver cleanup Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Mukesh Ojha <quic_mojha(a)quicinc.com> PM / devfreq: Synchronize devfreq_monitor_[start/stop] Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Rui Zhang <zr.zhang(a)vivo.com> regulator: core: Only increment use_count when enable_count changes Andrzej Hajda <andrzej.hajda(a)intel.com> debugobjects: Stop accessing objects after releasing hash bucket lock Greg KH <gregkh(a)linuxfoundation.org> perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Zhiquan Li <zhiquan1.li(a)intel.com> x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Stephen Rothwell <sfr(a)canb.auug.org.au> powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE Jun'ichi Nomura <junichi.nomura(a)nec.com> x86/boot: Ignore NMIs during very early boot Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Mark Rutland <mark.rutland(a)arm.com> drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for VMAP stack Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Kamal Dasu <kamal.dasu(a)broadcom.com> spi: bcm-qspi: fix SFDP BFPT read by usig mspi read Li Lingfeng <lilingfeng3(a)huawei.com> block: Move checking GENHD_FL_NO_PART to bdev_add_partition() Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Arnd Bergmann <arnd(a)arndb.de> drm/exynos: fix accidental on-stack copy of exynos_drm_plane Markus Niebel <Markus.Niebel(a)ew.tq-group.com> drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Refine computation of P-state for given frequency Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call Lin Ma <linma(a)zju.edu.cn> ksmbd: fix global oob in ksmbd_nl_policy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Josef Bacik <josef(a)toxicpanda.com> btrfs: add definition for EXTENT_TREE_V2 Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Charan Teja Kalla <quic_charante(a)quicinc.com> mm/sparsemem: fix race in accessing memory_section->usage Rolf Eike Beer <eb(a)emlix.com> mm: use __pfn_to_section() instead of open coding it Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB wakeup interrupt types Lukas Schauer <lukas(a)schauer.dev> pipe: wakeup wr_wait after setting max_usage Max Kellermann <max.kellermann(a)ionos.com> fs/pipe: move check to pipe_has_watch_queue() Krishna chaitanya chundru <quic_krichai(a)quicinc.com> bus: mhi: host: Add alignment check for event ring read pointer Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: Rename "struct mhi_tre" to "struct mhi_ring_element" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix possible deadlocks in core system-wide PM code Li zeming <zeming(a)nfschina.com> PM: core: Remove unnecessary (void *) conversions Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix atomic_flush check Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Dave Chinner <dchinner(a)redhat.com> xfs: read only mounts with fsopen mount API are busted Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Check mailbox/SMT channel for consistency Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix a memory corruption Bernd Edlinger <bernd.edlinger(a)hotmail.de> exec: Fix error handling in begin_new_exec() Ilya Dryomov <idryomov(a)gmail.com> rbd: don't move requests to the running list on errors Omar Sandoval <osandov(a)fb.com> btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Chung-Chiang Cheng <cccheng(a)synology.com> btrfs: tree-checker: fix inline ref size in error messages Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: ref-verify: free ref cache before clearing mount opt Omar Sandoval <osandov(a)fb.com> btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between reading a directory and adding entries to it Filipe Manana <fdmanana(a)suse.com> btrfs: refresh dir last index during a rewinddir(3) call Filipe Manana <fdmanana(a)suse.com> btrfs: set last dir index to the current last index when opening dir Filipe Manana <fdmanana(a)suse.com> btrfs: fix infinite directory reads Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: fix the udp_tunnel_nic test Jenishkumar Maheshbhai Patel <jpatel2(a)marvell.com> net: mvpp2: clear BM pool before initialization Bernd Edlinger <bernd.edlinger(a)hotmail.de> net: stmmac: Wait a bit for the reset to take effect Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate NFPROTO_* family Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Florian Westphal <fw(a)strlen.de> netfilter: nft_limit: reject configurations that cause integer overflow Kees Cook <keescook(a)chromium.org> overflow: Allow mixed type arguments Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/mlx5e: fix a potential double-free in fs_any_create_groups Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Can't go to uplink vport on RX rule Shun Hao <shunh(a)nvidia.com> net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Use the right GVMI number for drop action Zhengchao Shao <shaozhengchao(a)huawei.com> ipv6: init the accept_queue's spinlocks in inet6_create Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() David Howells <dhowells(a)redhat.com> afs: Hide silly-rename files from userspace Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Wait for FLR to complete during probe Zhengchao Shao <shaozhengchao(a)huawei.com> tcp: make sure init the accept_queue's spinlocks once Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Add missing set_freezable() for freezable kthread Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send lease break notification on FILE_RENAME_INFORMATION Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't increment epoch if current state and request state are same Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential circular locking issue in smb2_set_ea() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease version on lease upgrade Al Viro <viro(a)zeniv.linux.org.uk> rename(): fix the locking of subdirectories Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Mario Limonciello <mario.limonciello(a)amd.com> rtc: Adjust failure return code for cmos_set_alarm() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mmc: mmc_spi: remove custom DMA mapped buffers Avri Altman <avri.altman(a)wdc.com> mmc: core: Use mrq.sbc in close-ended ffu Vegard Nossum <vegard.nossum(a)oracle.com> scripts/get_abi: fix source path leak Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180: fix USB wakeup interrupt types Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Introduce async_schedule_dev_nocall() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Split async_schedule_node_domain() Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Bhaumik Bhatt <bbhatt(a)codeaurora.org> bus: mhi: host: Add spinlock to protect WP access when queueing TREs Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Drop chan lock before queuing buffers Serge Semin <fancer.lancer(a)gmail.com> mips: Fix max_mapnr being uninitialized on early stages Bingbu Cao <bingbu.cao(a)intel.com> media: ov9734: Enable runtime PM before registering async sub-device Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Bingbu Cao <bingbu.cao(a)intel.com> media: imx355: Enable runtime PM before registering async sub-device Herbert Xu <herbert(a)gondor.apana.org.au> crypto: s390/aes - Fix buffer overread in CTR mode Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names David Disseldorp <ddiss(a)suse.de> btrfs: sysfs: validate scrub_speed_max value Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Simplify power management during async scan Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: fix NULL pointer in channel unregistration function Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Enable internal vref if external vref is not supplied Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Allow users to configure device events Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Set alert bit in config register Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: only v2 leases handle the directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix UAF issue in ksmbd_tcp_new_connection() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate mech token in session setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't allow O_TRUNC open on read-only share Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free ppace array on error in parse_dacl ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Documentation/ABI/testing/sysfs-class-net-queues | 22 +-- .../ABI/testing/sysfs-class-net-statistics | 48 ++--- Documentation/arm64/silicon-errata.rst | 7 + .../bindings/net/wireless/marvell-8xxx.txt | 4 +- Documentation/filesystems/directory-locking.rst | 29 +-- Documentation/filesystems/locking.rst | 5 +- Documentation/filesystems/porting.rst | 18 ++ Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arm/boot/dts/exynos4210-i9100.dts | 8 + arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 +- arch/arm/boot/dts/imx25-pdk.dts | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 4 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- .../boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7d.dtsi | 3 - arch/arm/boot/dts/imx7s.dtsi | 10 +- arch/arm/boot/dts/qcom-sdx55.dtsi | 10 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 +++ arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 ++-- arch/arm64/boot/dts/qcom/sc7180.dtsi | 4 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 8 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/irq_work.h | 2 - arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/irq.c | 7 +- arch/arm64/kernel/perf_event.c | 6 +- arch/csky/include/asm/irq_work.h | 2 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/kernel/elf.c | 6 + arch/mips/mm/init.c | 12 +- arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/include/asm/irq_work.h | 1 - arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 8 - arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/traps.c | 2 + arch/powerpc/lib/sstep.c | 10 + arch/powerpc/mm/book3s64/pgtable.c | 2 + arch/powerpc/mm/init-common.c | 5 +- arch/powerpc/mm/kasan/kasan_init_32.c | 1 + arch/powerpc/mm/mmu_decl.h | 5 + arch/riscv/include/asm/irq_work.h | 2 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/crypto/paes_s390.c | 4 +- arch/s390/include/asm/irq_work.h | 2 - arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/time.c | 32 +++- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/boot/compressed/ident_map_64.c | 5 + arch/x86/boot/compressed/idt_64.c | 1 + arch/x86/boot/compressed/idt_handlers_64.S | 1 + arch/x86/boot/compressed/misc.h | 1 + arch/x86/include/asm/irq_work.h | 1 - arch/x86/include/asm/syscall_wrapper.h | 25 ++- arch/x86/kernel/cpu/mce/core.c | 16 ++ arch/x86/mm/ident_map.c | 23 ++- block/bio.c | 2 +- block/blk-iocost.c | 7 + block/blk-mq.c | 16 ++ block/ioctl.c | 2 - block/partitions/core.c | 5 + crypto/algapi.c | 1 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 + drivers/acpi/apei/ghes.c | 29 ++- drivers/android/binder.c | 10 + drivers/atm/idt77252.c | 2 + drivers/base/arch_numa.c | 2 +- drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 160 ++++++++-------- drivers/base/power/runtime.c | 5 + drivers/block/rbd.c | 22 ++- drivers/block/rnbd/rnbd-srv.c | 19 +- drivers/bluetooth/hci_qca.c | 1 + drivers/bus/mhi/host/init.c | 6 +- drivers/bus/mhi/host/internal.h | 2 +- drivers/bus/mhi/host/main.c | 49 +++-- drivers/bus/moxtet.c | 7 + drivers/char/hw_random/core.c | 36 ++-- drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 24 ++- drivers/clk/imx/clk-scu.c | 4 +- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/cpufreq/intel_pstate.c | 67 ++++--- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 +- drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 + drivers/crypto/stm32/stm32-crc32.c | 2 +- drivers/devfreq/devfreq.c | 83 ++++++--- drivers/dma-buf/dma-fence-unwrap.c | 176 ++++++++++++++++++ drivers/dma-buf/sync_file.c | 9 +- drivers/dma/dmaengine.c | 3 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 +-- drivers/dma/ti/k3-udma.c | 10 +- drivers/firewire/core-device.c | 7 +- drivers/firmware/arm_scmi/common.h | 1 + drivers/firmware/arm_scmi/mailbox.c | 14 ++ drivers/firmware/arm_scmi/shmem.c | 6 + drivers/gpio/gpio-eic-sprd.c | 32 +++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 36 ++-- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 + drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 6 +- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 6 +- .../drm/amd/display/dc/dcn302/dcn302_resource.c | 6 +- .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 6 +- .../amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 +- drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/drm_fb_helper.c | 11 +- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/drm_plane.c | 1 + drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 ++ drivers/gpu/drm/exynos/exynos_drm_fimd.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/msm/dp/dp_link.c | 12 +- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 + drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/scheduler/sched_main.c | 3 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 8 +- drivers/hid/hid-apple.c | 33 +++- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-picolcd_fb.c | 2 +- drivers/hid/hid-quirks.c | 1 + drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +++++-- drivers/hid/wacom_wac.c | 9 +- drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 ++-- drivers/i2c/busses/i2c-i801.c | 19 +- drivers/i3c/master/i3c-master-cdns.c | 7 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7091r-base.c | 173 ++++++++++++++++- drivers/iio/adc/ad7091r-base.h | 8 + drivers/iio/adc/ad7091r5.c | 29 +-- drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/input/keyboard/atkbd.c | 13 +- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 22 ++- drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/mailbox/arm_mhuv2.c | 3 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/md.c | 54 +++++- drivers/media/i2c/imx335.c | 4 +- drivers/media/i2c/imx355.c | 12 +- drivers/media/i2c/ov9734.c | 19 +- drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 6 +- drivers/media/platform/rockchip/rga/rga.c | 15 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/fastrpc.c | 2 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/misc/lkdtm/bugs.c | 2 +- drivers/mmc/core/block.c | 46 ++++- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/mmc_spi.c | 186 +------------------ drivers/net/bonding/bond_alb.c | 3 +- drivers/net/dsa/mv88e6xxx/chip.h | 4 +- drivers/net/dsa/mv88e6xxx/serdes.c | 8 +- drivers/net/dsa/mv88e6xxx/serdes.h | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 +-- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/google/gve/gve_tx_dqo.c | 5 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 ++++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 177 +++++++++--------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 +++++------ drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 51 +----- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++++++-------- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 27 ++- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 +- .../mellanox/mlx5/core/en/fs_tt_redirect.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 +-- .../mellanox/mlx5/core/steering/dr_action.c | 19 +- .../mellanox/mlx5/core/steering/dr_domain.c | 2 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 4 +- .../mellanox/mlx5/core/steering/dr_types.h | 7 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/fjes/fjes_hw.c | 37 +++- drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 4 +- drivers/net/ppp/ppp_async.c | 4 + drivers/net/virtio_net.c | 9 +- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 2 +- drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 67 ++++++- drivers/net/wireless/marvell/mwifiex/sdio.h | 8 + drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 + drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 ++ .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 ++ .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/xen-netback/netback.c | 100 +++++----- drivers/of/property.c | 2 +- drivers/of/unittest.c | 12 +- drivers/pci/pci.h | 2 +- drivers/pci/pcie/aer.c | 9 +- drivers/pci/quirks.c | 24 ++- drivers/pci/switch/switchtec.c | 25 ++- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/regulator/core.c | 52 +++--- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/rtc/rtc-cmos.c | 4 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/arcmsr/arcmsr.h | 4 + drivers/scsi/arcmsr/arcmsr_hba.c | 6 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 +- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/scsi/scsi_error.c | 9 +- drivers/scsi/scsi_lib.c | 4 +- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/scsi/ufs/ufshcd.c | 14 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/fbtft/fbtft-core.c | 14 +- drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 13 ++ drivers/tty/serial/max310x.c | 33 +++- drivers/tty/tty_ioctl.c | 4 +- drivers/usb/core/hub.c | 34 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/ep0.c | 27 ++- drivers/usb/dwc3/gadget.c | 162 +++++++++++++--- drivers/usb/dwc3/gadget.h | 3 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/vhost/vhost.c | 5 +- drivers/video/fbdev/broadsheetfb.c | 14 +- drivers/video/fbdev/core/fb_defio.c | 168 +++++++++++++---- drivers/video/fbdev/core/fbmem.c | 4 + drivers/video/fbdev/hecubafb.c | 3 +- drivers/video/fbdev/hyperv_fb.c | 8 +- drivers/video/fbdev/metronomefb.c | 14 +- drivers/video/fbdev/sh_mobile_lcdcfb.c | 20 +- drivers/video/fbdev/smscufx.c | 9 +- drivers/video/fbdev/ssd1307fb.c | 3 +- drivers/video/fbdev/udlfb.c | 10 +- drivers/video/fbdev/xen-fbfront.c | 8 +- drivers/watchdog/it87_wdt.c | 14 +- drivers/xen/gntdev-dmabuf.c | 54 +++--- fs/afs/callback.c | 3 +- fs/afs/dir.c | 8 + fs/afs/server.c | 7 +- fs/btrfs/ctree.h | 22 +++ fs/btrfs/delayed-inode.c | 5 +- fs/btrfs/delayed-inode.h | 1 + fs/btrfs/disk-io.c | 13 +- fs/btrfs/extent-tree.c | 3 +- fs/btrfs/inode.c | 172 ++++++++++------- fs/btrfs/ioctl.c | 12 ++ fs/btrfs/qgroup.c | 14 ++ fs/btrfs/ref-verify.c | 6 +- fs/btrfs/send.c | 2 +- fs/btrfs/sysfs.c | 9 +- fs/btrfs/tree-checker.c | 2 +- fs/ceph/caps.c | 12 +- fs/cifs/smb2misc.c | 2 +- fs/cifs/smb2ops.c | 14 +- fs/cifs/smb2pdu.c | 13 +- fs/cifs/smb2pdu.h | 42 +++-- fs/dcache.c | 7 +- fs/ecryptfs/inode.c | 8 + fs/exec.c | 3 + fs/ext4/mballoc.c | 26 ++- fs/ext4/move_extent.c | 6 +- fs/ext4/resize.c | 37 ++-- fs/f2fs/compress.c | 4 +- fs/f2fs/file.c | 2 + fs/f2fs/recovery.c | 25 ++- fs/hugetlbfs/inode.c | 13 +- fs/ioctl.c | 3 +- fs/jfs/jfs_dmap.c | 57 +++--- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/kernfs/dir.c | 12 ++ fs/ksmbd/asn1.c | 5 + fs/ksmbd/connection.c | 7 +- fs/ksmbd/connection.h | 2 +- fs/ksmbd/ksmbd_netlink.h | 3 +- fs/ksmbd/oplock.c | 22 ++- fs/ksmbd/smb2pdu.c | 53 +++--- fs/ksmbd/smbacl.c | 11 +- fs/ksmbd/transport_ipc.c | 4 +- fs/ksmbd/transport_rdma.c | 11 +- fs/ksmbd/transport_tcp.c | 13 +- fs/namei.c | 60 +++--- fs/nfsd/nfs4state.c | 61 +++--- fs/nilfs2/dat.c | 27 ++- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/ntfs3/fsntfs.c | 16 +- fs/ntfs3/index.c | 3 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/pipe.c | 19 +- fs/pstore/ram.c | 1 + fs/ubifs/dir.c | 2 + fs/xfs/xfs_super.c | 27 ++- include/asm-generic/numa.h | 2 + include/drm/drm_color_mgmt.h | 1 + include/drm/drm_fb_helper.h | 3 +- include/drm/drm_mipi_dsi.h | 2 + include/linux/async.h | 2 + include/linux/bpf.h | 6 +- include/linux/dma-fence.h | 19 ++ include/linux/dmaengine.h | 3 +- include/linux/fb.h | 18 +- include/linux/hrtimer.h | 4 +- include/linux/irq_work.h | 3 + include/linux/lsm_hook_defs.h | 2 + include/linux/mmc/sdio_ids.h | 1 + include/linux/mmzone.h | 18 +- include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/overflow.h | 72 ++++---- include/linux/pci_ids.h | 1 + include/linux/pipe_fs_i.h | 16 ++ include/linux/pm_runtime.h | 4 + include/linux/security.h | 9 + include/linux/syscalls.h | 1 + include/net/af_unix.h | 20 +- include/net/inet_connection_sock.h | 8 + include/net/llc_pdu.h | 6 +- include/net/netfilter/nf_tables.h | 2 + include/uapi/linux/btrfs.h | 4 + include/uapi/linux/netfilter/nf_tables.h | 2 + kernel/async.c | 85 ++++++--- kernel/audit.c | 31 +++- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/map_in_map.c | 2 +- kernel/bpf/map_in_map.h | 2 +- kernel/bpf/syscall.c | 6 + kernel/events/core.c | 38 ++-- kernel/power/swap.c | 38 ++-- kernel/sched/membarrier.c | 9 + kernel/time/clocksource.c | 25 ++- kernel/time/hrtimer.c | 17 +- kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 ++++---- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 7 +- lib/debugobjects.c | 204 ++++++++------------- lib/mpi/ec.c | 3 + mm/page-writeback.c | 2 +- mm/sparse.c | 17 +- net/8021q/vlan_netlink.c | 4 + net/bluetooth/l2cap_core.c | 3 +- net/bridge/br_cfm_netlink.c | 2 +- net/bridge/br_multicast.c | 20 +- net/bridge/br_private.h | 4 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +++-- net/core/request_sock.c | 3 - net/core/skbuff.c | 3 +- net/hsr/hsr_device.c | 4 +- net/ipv4/af_inet.c | 9 +- net/ipv4/inet_connection_sock.c | 4 + net/ipv4/ip_output.c | 12 +- net/ipv4/ip_tunnel_core.c | 2 +- net/ipv4/tcp.c | 13 +- net/ipv6/addrconf_core.c | 21 ++- net/ipv6/af_inet6.c | 3 + net/ipv6/ip6_tunnel.c | 28 ++- net/llc/af_llc.c | 26 ++- net/llc/llc_core.c | 7 - net/mac80211/tx.c | 3 +- net/mptcp/protocol.c | 3 - net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 34 ++-- net/netfilter/nft_chain_filter.c | 11 +- net/netfilter/nft_compat.c | 23 ++- net/netfilter/nft_ct.c | 27 +++ net/netfilter/nft_flow_offload.c | 5 + net/netfilter/nft_limit.c | 23 ++- net/netfilter/nft_nat.c | 5 + net/netfilter/nft_rt.c | 5 + net/netfilter/nft_set_pipapo.c | 108 +++++------ net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/netfilter/nft_set_rbtree.c | 6 +- net/netfilter/nft_socket.c | 5 + net/netfilter/nft_synproxy.c | 7 +- net/netfilter/nft_tproxy.c | 5 + net/netfilter/nft_tunnel.c | 1 + net/netfilter/nft_xfrm.c | 5 + net/netlink/af_netlink.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +++-- net/rds/af_rds.c | 2 +- net/rxrpc/conn_event.c | 8 + net/rxrpc/conn_service.c | 3 +- net/smc/smc_diag.c | 2 +- net/sunrpc/xprtmultipath.c | 17 +- net/tipc/bearer.c | 6 + net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/unix/garbage.c | 12 ++ net/wireless/scan.c | 4 + scripts/decode_stacktrace.sh | 60 +++++- scripts/get_abi.pl | 2 +- scripts/link-vmlinux.sh | 9 +- scripts/mod/sumversion.c | 7 +- security/security.c | 32 +++- security/selinux/hooks.c | 28 +++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/hda/hdac_stream.c | 9 +- sound/hda/intel-dsp-config.c | 10 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 133 +++++++++++++- sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 7 - sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/wcd938x.c | 2 +- sound/usb/quirks.c | 4 + tools/build/feature/test-libopencsd.c | 4 +- tools/lib/bpf/libbpf.c | 2 + tools/lib/subcmd/help.c | 18 +- tools/testing/selftests/bpf/cgroup_helpers.c | 18 +- tools/testing/selftests/bpf/prog_tests/btf.c | 1 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 55 ------ tools/testing/selftests/bpf/progs/pyperf180.c | 22 +++ .../selftests/bpf/progs/tailcall_bpf2bpf6.c | 42 ----- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 9 + tools/testing/selftests/net/pmtu.sh | 34 ++-- tools/testing/selftests/net/setup_veth.sh | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 14 +- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/sgx/test_encl.lds | 6 +- 527 files changed, 5153 insertions(+), 2726 deletions(-)

1 year, 6 months

18
505
0 0

[PATCH v3] clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs

by Gabor Juhos

The clk_alpha_pll_stromer_set_rate() function writes inproper values into the ALPHA_VAL{,_U} registers which results in wrong clock rates when the alpha value is used. The broken behaviour can be seen on IPQ5018 for example, when dynamic scaling sets the CPU frequency to 800000 KHz. In this case the CPU cores are running only at 792031 KHz: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 792031 This happens because the function ignores the fact that the alpha value calculated by the alpha_pll_round_rate() function is only 32 bits wide which must be extended to 40 bits if it is used on a hardware which supports 40 bits wide values. Extend the clk_alpha_pll_stromer_set_rate() function to convert the alpha value to 40 bits before wrinting that into the registers in order to ensure that the hardware really uses the requested rate. After the change the CPU frequency is correct: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 800000 Cc: stable(a)vger.kernel.org Fixes: e47a4f55f240 ("clk: qcom: clk-alpha-pll: Add support for Stromer PLLs") Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v3: - remove constants' comparison (Konrad) - Link to v2: https://lore.kernel.org/r/20240326-alpha-pll-fix-stromer-set-rate-v2-1-48ae… Changes in v2: - fix subject prefix - rebase on v6.9-rc1 - Link to v1: https://lore.kernel.org/r/20240324-alpha-pll-fix-stromer-set-rate-v1-1-335b… Depends on the following patch: https://lore.kernel.org/r/20240315-apss-ipq-pll-ipq5018-hang-v2-1-6fe30ada2… --- drivers/clk/qcom/clk-alpha-pll.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 8a412ef47e16..8a8abb429577 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -2490,6 +2490,8 @@ static int clk_alpha_pll_stromer_set_rate(struct clk_hw *hw, unsigned long rate, rate = alpha_pll_round_rate(rate, prate, &l, &a, ALPHA_REG_BITWIDTH); regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + + a <<= ALPHA_REG_BITWIDTH - ALPHA_BITWIDTH; regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL_U(pll), a >> ALPHA_BITWIDTH); --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240324-alpha-pll-fix-stromer-set-rate-472376e624f0 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 6 months

2
1
0 0

[PATCH v2] clk: qcom: apss-ipq-pll: use stromer ops for IPQ5018 to fix boot failure

by Gabor Juhos

Booting v6.8 results in a hang on various IPQ5018 based boards. Investigating the problem showed that the hang happens when the clk_alpha_pll_stromer_plus_set_rate() function tries to write into the PLL_MODE register of the APSS PLL. Checking the downstream code revealed that it uses [1] stromer specific operations for IPQ5018, whereas in the current code the stromer plus specific operations are used. The ops in the 'ipq_pll_stromer_plus' clock definition can't be changed since that is needed for IPQ5332, so add a new alpha pll clock declaration which uses the correct stromer ops and use this new clock for IPQ5018 to avoid the boot failure. Also, change pll_type in 'ipq5018_pll_data' to CLK_ALPHA_PLL_TYPE_STROMER to better reflect that it is a Stromer PLL and change the apss_ipq_pll_probe() function accordingly. 1. https://git.codelinaro.org/clo/qsdk/oss/kernel/linux-ipq-5.4/-/blob/NHSS.QS… Cc: stable(a)vger.kernel.org Fixes: 50492f929486 ("clk: qcom: apss-ipq-pll: add support for IPQ5018") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v2: - extend commit description due to the changes - add a comment about why CLK_ALPHA_PLL_TYPE_STROMER_PLUS register offsets are used - constify hw clock init data (Stephen) - change pll_type in ipq5018_pll_data to CLK_ALPHA_PLL_TYPE_STROMER (Konrad) - Link to v1: https://lore.kernel.org/r/20240311-apss-ipq-pll-ipq5018-hang-v1-1-8ed42b7a9… --- Based on v6.8. --- drivers/clk/qcom/apss-ipq-pll.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/drivers/clk/qcom/apss-ipq-pll.c b/drivers/clk/qcom/apss-ipq-pll.c index 678b805f13d45..dfffec2f06ae7 100644 --- a/drivers/clk/qcom/apss-ipq-pll.c +++ b/drivers/clk/qcom/apss-ipq-pll.c @@ -55,6 +55,29 @@ static struct clk_alpha_pll ipq_pll_huayra = { }, }; +static struct clk_alpha_pll ipq_pll_stromer = { + .offset = 0x0, + /* + * Reuse CLK_ALPHA_PLL_TYPE_STROMER_PLUS register offsets. + * Although this is a bit confusing, but the offset values + * are correct nevertheless. + */ + .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], + .flags = SUPPORTS_DYNAMIC_UPDATE, + .clkr = { + .enable_reg = 0x0, + .enable_mask = BIT(0), + .hw.init = &(const struct clk_init_data) { + .name = "a53pll", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "xo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_stromer_ops, + }, + }, +}; + static struct clk_alpha_pll ipq_pll_stromer_plus = { .offset = 0x0, .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], @@ -144,8 +167,8 @@ struct apss_pll_data { }; static const struct apss_pll_data ipq5018_pll_data = { - .pll_type = CLK_ALPHA_PLL_TYPE_STROMER_PLUS, - .pll = &ipq_pll_stromer_plus, + .pll_type = CLK_ALPHA_PLL_TYPE_STROMER, + .pll = &ipq_pll_stromer, .pll_config = &ipq5018_pll_config, }; @@ -203,7 +226,8 @@ static int apss_ipq_pll_probe(struct platform_device *pdev) if (data->pll_type == CLK_ALPHA_PLL_TYPE_HUAYRA) clk_alpha_pll_configure(data->pll, regmap, data->pll_config); - else if (data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER_PLUS) + else if (data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER || + data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER_PLUS) clk_stromer_pll_configure(data->pll, regmap, data->pll_config); ret = devm_clk_register_regmap(dev, &data->pll->clkr); --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240311-apss-ipq-pll-ipq5018-hang-74d9a8f47136 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 6 months

3
3
0 0

Linux 6.8.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.8 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/head.S | 5 arch/arm64/mm/pageattr.c | 3 arch/x86/include/asm/barrier.h | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 5 arch/x86/kvm/mmu/tdp_mmu.c | 21 - arch/x86/kvm/vmx/vmx.c | 24 + arch/x86/kvm/x86.c | 2 block/bdev.c | 29 + block/ioctl.c | 3 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 161 +++++++-- drivers/clk/mediatek/clk-mt7988-infracfg.c | 2 drivers/clk/mediatek/clk-mtk.c | 15 drivers/comedi/drivers/vmk80xx.c | 35 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 drivers/gpu/drm/i915/display/intel_cdclk.c | 37 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 38 +- drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 + drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 + drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/interconnect/core.c | 8 drivers/interconnect/qcom/x1e80100.c | 26 - drivers/iommu/iommufd/Kconfig | 1 drivers/misc/cardreader/rtsx_pcr.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/platform-vsc.c | 17 drivers/misc/mei/vsc-tp.c | 84 +++- drivers/misc/mei/vsc-tp.h | 3 drivers/net/dsa/mt7530.c | 38 +- drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 drivers/net/ethernet/mediatek/mtk_wed.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 - drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 ++- drivers/net/ethernet/realtek/r8169.h | 4 drivers/net/ethernet/realtek/r8169_leds.c | 23 - drivers/net/ethernet/realtek/r8169_main.c | 7 drivers/net/ethernet/renesas/ravb.h | 6 drivers/net/ethernet/renesas/ravb_main.c | 93 ++--- drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 + drivers/net/tun.c | 18 - drivers/net/usb/ax88179_178a.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 + drivers/s390/net/ism_drv.c | 37 +- drivers/scsi/scsi_lib.c | 7 drivers/thermal/thermal_debugfs.c | 1 drivers/thunderbolt/domain.c | 5 drivers/thunderbolt/icm.c | 2 drivers/thunderbolt/lc.c | 45 ++ drivers/thunderbolt/nhi.c | 19 - drivers/thunderbolt/path.c | 13 drivers/thunderbolt/switch.c | 178 ++++++++-- drivers/thunderbolt/tb.c | 44 +- drivers/thunderbolt/tb.h | 10 drivers/thunderbolt/tb_regs.h | 6 drivers/thunderbolt/usb4.c | 52 ++ drivers/tty/serial/8250/8250_dw.c | 6 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/serial_base.h | 4 drivers/tty/serial/serial_core.c | 23 + drivers/tty/serial/serial_port.c | 34 + drivers/tty/serial/stm32-usart.c | 13 drivers/ufs/host/ufs-qcom.c | 8 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/misc/onboard_usb_hub.c | 6 drivers/usb/serial/option.c | 40 ++ drivers/usb/typec/tcpm/tcpm.c | 4 drivers/virt/vmgenid.c | 2 fs/btrfs/extent_io.c | 20 - fs/fuse/dir.c | 1 fs/nfsd/nfs4xdr.c | 47 +- fs/nilfs2/dir.c | 2 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/squashfs/inode.c | 5 fs/sysfs/file.c | 2 include/asm-generic/barrier.h | 8 include/linux/blkdev.h | 2 include/linux/bootconfig.h | 7 include/linux/gpio/property.h | 1 include/linux/shmem_fs.h | 9 include/linux/swapops.h | 65 +-- include/linux/udp.h | 2 include/net/netfilter/nf_flow_table.h | 12 include/net/netfilter/nf_tables.h | 14 include/net/sch_generic.h | 1 include/trace/events/rpcgss.h | 4 init/main.c | 2 io_uring/io_uring.c | 26 - kernel/fork.c | 33 - kernel/sched/sched.h | 20 - lib/bootconfig.c | 19 - mm/gup.c | 54 +-- mm/huge_memory.c | 6 mm/hugetlb.c | 10 mm/internal.h | 10 mm/madvise.c | 17 mm/memory-failure.c | 18 - mm/shmem.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/core/dev.c | 6 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 82 ++++ net/netfilter/nft_lookup.c | 1 net/netfilter/nft_set_bitmap.c | 4 net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_pipapo.c | 43 +- net/netfilter/nft_set_pipapo.h | 6 net/netfilter/nft_set_pipapo_avx2.c | 59 +-- net/netfilter/nft_set_rbtree.c | 4 net/sched/sch_generic.c | 1 net/unix/af_unix.c | 12 sound/core/seq/seq_ump_convert.c | 2 sound/pci/hda/patch_realtek.c | 7 sound/pci/hda/tas2781_hda_i2c.c | 4 tools/perf/ui/browsers/annotate.c | 2 tools/perf/util/annotate.c | 3 tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/iommu/config | 2 tools/testing/selftests/net/tcp_ao/lib/proc.c | 2 tools/testing/selftests/net/tcp_ao/lib/setup.c | 12 tools/testing/selftests/net/tcp_ao/rst.c | 23 - tools/testing/selftests/net/tcp_ao/setsockopt-closed.c | 2 tools/testing/selftests/net/udpgso.c | 2 tools/testing/selftests/powerpc/papr_vpd/papr_vpd.c | 2 178 files changed, 1902 insertions(+), 827 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/radeon: make -fstrict-flex-arrays=3 happy Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Andy Shevchenko (2): gpiolib: swnode: Remove wrong header inclusion serial: core: Clearing the circular buffer before NULLifying it Ard Biesheuvel (1): arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: fix port mirroring for MT7988 SoC switch net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Asbjørn Sloth Tønnesen (2): net: sparx5: flower: fix fragment flags handling octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Bart Van Assche (1): scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christian König (2): drm/amdgpu: remove invalid resource->start check v2 drm/ttm: stop pooling cached NUMA pages v2 Christoph Hellwig (1): block: propagate partition scanning errors to the BLKRRPART ioctl Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniel Golle (1): clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Danny Lin (1): fuse: fix leaked ENOSYS error on first statx call Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Hildenbrand (1): mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly David Matlack (1): KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dmitry Safonov (4): selftests/tcp_ao: Make RST tests less flaky selftests/tcp_ao: Zero-init tcp_ao_info_opt selftests/tcp_ao: Fix fscanf() call for format-security selftests/tcp_ao: Printing fixes to confirm with format-security Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Eric Dumazet (1): net/sched: Fix mirred deadlock on device recursion Fabio Estevam (1): usb: misc: onboard_usb_hub: Disable the USB hub clock on failure Felix Fietkau (1): net: ethernet: mtk_eth_soc: fix WED + wifi reset Felix Kuehling (1): drm/amdkfd: Fix memory leak in create_process failure Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (2): netfilter: nft_set_pipapo: constify lookup fn args where possible netfilter: nft_set_pipapo: do not free live element Gerd Bayer (1): s390/ism: Properly fix receive message buffer allocation Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.8.8 Hans de Goede (1): serial: 8250_dw: Revert: Do not reclock if already at correct rate Heiner Kallweit (2): r8169: fix LED-related deadlock on module removal r8169: add missing conditional compiling for call to r8169_remove_leds Huayu Zhang (1): ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 Jason A. Donenfeld (2): Revert "vmgenid: emit uevent when VMGENID updates" random: handle creditable entropy from atomic process context Jason Gunthorpe (1): iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Kyle Tso (1): usb: typec: tcpm: Correct the PDO counting in pd_set Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Lokesh Gidra (1): userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Maarten Lankhorst (1): drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Manivannan Sadhasivam (1): scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Marcin Szycik (1): ice: Fix checking for unsupported keys on non-tunnel device Mario Limonciello (1): platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Mathieu Desnoyers (1): sched: Add missing memory barrier in switch_mm_cid Mauro Carvalho Chehab (1): ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Maíra Canal (1): drm/v3d: Don't increment `enabled_ns` twice Miaohe Lin (2): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled fork: defer linking file vma until vma is fully initialized Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (2): ice: tc: check src_vsi in case of traffic from VF ice: tc: allow zero flags in parsing tc flower Mika Westerberg (2): thunderbolt: Do not create DisplayPort tunnels on adapters of the same router thunderbolt: Reset only non-USB4 host routers in resume Mike Tipton (1): interconnect: Don't access req_list while it's being manipulated Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Muhammad Usama Anjum (1): iommufd: Add config needed for iommufd_fail_nth Namhyung Kim (2): perf annotate: Make sure to call symbol__annotate2() in TUI perf lock contention: Add a missing NULL check Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Naohiro Aota (1): btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Nathan Lynch (1): selftests/powerpc/papr-vpd: Fix missing variable initialization Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Niklas Söderlund (1): ravb: Group descriptor types used in Rx ring Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Pablo Neira Ayuso (7): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple netfilter: nf_tables: missing iterator type in lookup walk netfilter: nf_tables: restore set elements when delete set fails netfilter: nf_tables: fix memleak in map from abort path Paul Barker (2): net: ravb: Count packets instead of descriptors in R-Car RX path net: ravb: Allow RX loop to move past DMA mapping errors Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Peter Xu (1): mm/userfaultfd: allow hugetlb change protection upon poison entry Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Qu Wenruo (1): btrfs: do not wait for short bulk allocation Rafael J. Wysocki (1): thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() Rick Edgecombe (1): KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Ricky Wu (1): misc: rtsx: Fix rts5264 driver status incorrect when card removed Sakari Ailus (2): Revert "mei: vsc: Call wake_up() in the threaded IRQ handler" mei: vsc: Unregister interrupt handler for system suspend Samuel Thibault (1): speakup: Avoid crash on very long word Sanath S (4): thunderbolt: Introduce tb_port_reset() thunderbolt: Introduce tb_path_deactivate_hop() thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers thunderbolt: Reset topology created by the boot firmware Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Serge Semin (3): net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only net: stmmac: Fix max-speed being ignored on queue re-init net: stmmac: Fix IP-cores specific MAC capabilities Shay Drory (3): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation net/mlx5: Restore mistakenly dropped parts in register devlink flow net/mlx5: E-switch, store eswitch pointer before registering devlink_param Shenghao Ding (2): ALSA: hda/tas2781: correct the register for pow calibrated data ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Sumanth Korikkar (1): mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Takashi Iwai (1): ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Tony Lindgren (2): serial: core: Fix regression when runtime PM is not enabled serial: core: Fix missing shutdown and startup for serial base port Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vasily Gorbik (1): NFSD: fix endianness issue in nfsd4_encode_fattr4 Ville Syrjälä (1): drm/i915/cdclk: Fix voltage_level programming edge case Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Yuri Benditovich (1): net: change maximum number of UDP segments to 128 Zack Rusin (3): drm/vmwgfx: Fix prime import/export drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 6 months

1
1
0 0

Linux 6.6.29

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.29 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 MAINTAINERS | 2 Makefile | 2 arch/arm/mach-omap2/pdata-quirks.c | 10 arch/arm64/include/asm/tlbflush.h | 40 arch/arm64/kernel/head.S | 5 arch/arm64/mm/pageattr.c | 3 arch/powerpc/include/asm/ftrace.h | 10 arch/powerpc/include/asm/sections.h | 1 arch/powerpc/kernel/trace/ftrace.c | 12 arch/powerpc/kernel/trace/ftrace_64_pg.c | 5 arch/powerpc/kernel/vmlinux.lds.S | 2 arch/x86/include/asm/barrier.h | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/mmu/tdp_mmu.c | 21 arch/x86/kvm/vmx/vmx.c | 24 arch/x86/kvm/x86.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 195 drivers/clk/mediatek/clk-mtk.c | 15 drivers/comedi/drivers/vmk80xx.c | 35 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/display/intel_atomic.c | 1 drivers/gpu/drm/i915/display/intel_cdclk.c | 37 drivers/gpu/drm/i915/display/intel_crtc.c | 96 drivers/gpu/drm/i915/display/intel_crtc.h | 6 drivers/gpu/drm/i915/display/intel_display.c | 43 drivers/gpu/drm/i915/display/intel_display_device.h | 1 drivers/gpu/drm/i915/display/intel_display_types.h | 2 drivers/gpu/drm/i915/display/intel_dp.c | 13 drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 drivers/gpu/drm/i915/i915_vma.c | 42 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 8 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/interconnect/core.c | 8 drivers/media/common/videobuf2/videobuf2-core.c | 9 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 38 drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 drivers/net/ethernet/mediatek/mtk_wed.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 drivers/net/tun.c | 18 drivers/net/usb/ax88179_178a.c | 4 drivers/net/virtio_net.c | 25 drivers/pci/bus.c | 49 drivers/pci/pci.c | 78 drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 21 drivers/pci/pcie/dpc.c | 5 drivers/pci/quirks.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 drivers/s390/net/ism_drv.c | 37 drivers/scsi/scsi_lib.c | 7 drivers/thunderbolt/domain.c | 5 drivers/thunderbolt/icm.c | 2 drivers/thunderbolt/lc.c | 45 drivers/thunderbolt/nhi.c | 19 drivers/thunderbolt/path.c | 13 drivers/thunderbolt/switch.c | 178 drivers/thunderbolt/tb.c | 38 drivers/thunderbolt/tb.h | 10 drivers/thunderbolt/tb_regs.h | 6 drivers/thunderbolt/usb4.c | 52 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/serial_base.h | 4 drivers/tty/serial/serial_core.c | 21 drivers/tty/serial/serial_port.c | 34 drivers/tty/serial/stm32-usart.c | 13 drivers/ufs/host/ufs-qcom.c | 8 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 15 drivers/usb/core/port.c | 4 drivers/usb/core/quirks.c | 7 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 9 drivers/usb/serial/option.c | 40 fs/ceph/addr.c | 22 fs/ceph/cache.c | 2 fs/ceph/caps.c | 53 fs/ceph/crypto.c | 2 fs/ceph/debugfs.c | 4 fs/ceph/dir.c | 24 fs/ceph/export.c | 10 fs/ceph/file.c | 26 fs/ceph/inode.c | 14 fs/ceph/ioctl.c | 8 fs/ceph/mds_client.c | 41 fs/ceph/mds_client.h | 3 fs/ceph/mdsmap.c | 3 fs/ceph/snap.c | 18 fs/ceph/super.c | 22 fs/ceph/super.h | 13 fs/ceph/xattr.c | 12 fs/fuse/dir.c | 1 fs/nilfs2/dir.c | 2 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsglob.h | 3 fs/smb/client/cifsproto.h | 20 fs/smb/client/connect.c | 131 fs/smb/client/dfs.c | 51 fs/smb/client/dfs.h | 33 fs/smb/client/dfs_cache.c | 53 fs/smb/client/misc.c | 7 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/sysfs/file.c | 2 include/asm-generic/barrier.h | 8 include/linux/bootconfig.h | 7 include/linux/ceph/mdsmap.h | 5 include/linux/gpio/property.h | 1 include/linux/pci.h | 5 include/linux/shmem_fs.h | 9 include/linux/swapops.h | 65 include/linux/udp.h | 2 include/linux/usb/hcd.h | 5 include/linux/usb/quirks.h | 3 include/net/netfilter/nf_flow_table.h | 12 include/trace/events/rpcgss.h | 4 include/uapi/linux/pci_regs.h | 1 init/main.c | 2 io_uring/io_uring.c | 26 kernel/sched/sched.h | 20 lib/bootconfig.c | 19 mm/hugetlb.c | 10 mm/memory-failure.c | 18 mm/shmem.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 16 net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 sound/core/seq/seq_ump_convert.c | 2 sound/pci/hda/patch_realtek.c | 3 sound/pci/hda/tas2781_hda_i2c.c | 4 sound/soc/ti/omap3pandora.c | 63 sound/usb/Makefile | 2 sound/usb/mixer_quirks.c | 9 sound/usb/mixer_scarlett2.c | 4391 ++++++++++ sound/usb/mixer_scarlett2.h | 7 sound/usb/mixer_scarlett_gen2.c | 4274 --------- sound/usb/mixer_scarlett_gen2.h | 7 tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/kselftest.h | 18 tools/testing/selftests/net/udpgso.c | 2 tools/testing/selftests/timers/posix_timers.c | 156 205 files changed, 6733 insertions(+), 5414 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/radeon: make -fstrict-flex-arrays=3 happy Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Andy Shevchenko (2): gpiolib: swnode: Remove wrong header inclusion serial: core: Clearing the circular buffer before NULLifying it Ard Biesheuvel (1): arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: fix port mirroring for MT7988 SoC switch net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Asbjørn Sloth Tønnesen (2): net: sparx5: flower: fix fragment flags handling octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Bart Van Assche (1): scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Bjorn Helgaas (1): PCI/DPC: Use FIELD_GET() Breno Leitao (1): virtio_net: Do not send RSS key if it is not supported Brenton Simpson (1): drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christian König (1): drm/amdgpu: remove invalid resource->start check v2 Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Danny Lin (1): fuse: fix leaked ENOSYS error on first statx call Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Matlack (1): KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Baryshkov (2): drm/msm/dpu: populate SSPP scaler block version drm/panel: visionox-rm69299: don't unregister DSI device Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Felix Fietkau (1): net: ethernet: mtk_eth_soc: fix WED + wifi reset Felix Kuehling (1): drm/amdkfd: Fix memory leak in create_process failure Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gavin Shan (1): arm64: tlb: Fix TLBI RANGE operand Geoffrey D. Bennett (7): ALSA: scarlett2: Move USB IDs out from device_info struct ALSA: scarlett2: Add support for Clarett 8Pre USB ALSA: scarlett2: Default mixer driver to enabled ALSA: scarlett2: Add correct product series name to messages ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Gerd Bayer (1): s390/ism: Properly fix receive message buffer allocation Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.6.29 Hans Verkuil (1): media: videobuf2: request more buffers for vb2_read Hardik Gajjar (2): usb: xhci: Add timeout argument in address_device USB HCD callback usb: new quirk to reduce the SET_ADDRESS request timeout Ilpo Järvinen (1): PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Janusz Krzysztofik (1): drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (1): random: handle creditable entropy from atomic process context Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM John Stultz (1): selftests: timers: Fix posix_timers ksft_print_msg() warning Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Linus Walleij (1): ASoC: ti: Convert Pandora ASoC to GPIO descriptors Manivannan Sadhasivam (1): scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Marcin Szycik (1): ice: Fix checking for unsupported keys on non-tunnel device Mario Limonciello (1): platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Brown (1): selftests: timers: Convert posix_timers test to generate KTAP output Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Mathieu Desnoyers (1): sched: Add missing memory barrier in switch_mm_cid Mauro Carvalho Chehab (1): ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Miaohe Lin (1): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (2): ice: tc: check src_vsi in case of traffic from VF ice: tc: allow zero flags in parsing tc flower Mika Westerberg (1): thunderbolt: Reset only non-USB4 host routers in resume Mike Tipton (1): interconnect: Don't access req_list while it's being manipulated Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namhyung Kim (1): perf lock contention: Add a missing NULL check Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Naveen N Rao (1): powerpc/ftrace: Ignore ftrace locations in exit text sections NeilBrown (1): ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Oleg Nesterov (2): selftests/timers/posix_timers: Reimplement check_timer_distribution() selftests: kselftest: Fix build failure with NOLIBC Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Paulo Alcantara (4): smb: client: remove extra @chan_count check in __cifs_put_smb_ses() smb: client: fix UAF in smb2_reconnect_server() smb: client: guarantee refcounted children from parent session smb: client: refresh referral without acquiring refpath_lock Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Peter Xu (1): mm/userfaultfd: allow hugetlb change protection upon poison entry Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Ryan Roberts (1): arm64/mm: Modify range-based tlbi to decrement scale Samuel Thibault (1): speakup: Avoid crash on very long word Sanath S (4): thunderbolt: Introduce tb_port_reset() thunderbolt: Introduce tb_path_deactivate_hop() thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers thunderbolt: Reset topology created by the boot firmware Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Serge Semin (3): net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only net: stmmac: Fix max-speed being ignored on queue re-init net: stmmac: Fix IP-cores specific MAC capabilities Shay Drory (2): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation net/mlx5: E-switch, store eswitch pointer before registering devlink_param Shenghao Ding (2): ALSA: hda/tas2781: correct the register for pow calibrated data ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steve French (1): smb3: show beginning time for per share stats Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Sumanth Korikkar (1): mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Takashi Iwai (1): ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Tony Lindgren (1): serial: core: Fix missing shutdown and startup for serial base port Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Ville Syrjälä (9): drm/i915: Fix FEC pipe A vs. DDI A mixup drm/i915/mst: Reject FEC+MST on ICL drm/i915/cdclk: Fix voltage_level programming edge case drm/i915: Change intel_pipe_update_{start,end}() calling convention drm/i915: Extract intel_crtc_vblank_evade_scanlines() drm/i915: Enable VRR later during fastsets drm/i915: Adjust seamless_m_n flag behaviour drm/i915: Disable live M/N updates when using bigjoiner drm/i915/mst: Limit MST+DSC to TGL+ Vishal Badole (1): clk: Show active consumers of clocks in debugfs Xiubo Li (2): ceph: pass the mdsc to several helpers ceph: rename _to_client() to _to_fs_client() Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Yuri Benditovich (1): net: change maximum number of UDP segments to 128 Zack Rusin (3): drm/vmwgfx: Fix prime import/export drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 6 months

1
1
0 0

Linux 6.1.88

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.88 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 MAINTAINERS | 2 Makefile | 2 arch/arm/mach-omap2/board-n8x0.c | 5 arch/arm/mach-omap2/common-board-devices.h | 2 arch/arm/mach-omap2/pdata-quirks.c | 11 arch/arm64/mm/pageattr.c | 3 arch/x86/boot/Makefile | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 1 arch/x86/boot/compressed/sev.c | 3 arch/x86/boot/compressed/vmlinux.lds.S | 6 arch/x86/boot/header.S | 211 arch/x86/boot/setup.ld | 14 arch/x86/boot/tools/build.c | 273 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/init.h | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/page_types.h | 12 arch/x86/include/asm/sev.h | 10 arch/x86/kernel/amd_gart_64.c | 2 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kernel/head64.c | 7 arch/x86/kernel/platform-quirks.c | 1 arch/x86/kernel/sev-shared.c | 23 arch/x86/kernel/sev.c | 11 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/vmx/vmx.c | 24 arch/x86/kvm/x86.c | 2 arch/x86/mm/mem_encrypt_boot.S | 4 arch/x86/mm/mem_encrypt_identity.c | 58 arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pti.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 201 drivers/clk/mediatek/clk-gate.c | 23 drivers/clk/mediatek/clk-gate.h | 7 drivers/clk/mediatek/clk-mt2701-aud.c | 4 drivers/clk/mediatek/clk-mt2701-eth.c | 4 drivers/clk/mediatek/clk-mt2701-g3d.c | 2 drivers/clk/mediatek/clk-mt2701-hif.c | 4 drivers/clk/mediatek/clk-mt2701-mm.c | 4 drivers/clk/mediatek/clk-mt2701.c | 22 drivers/clk/mediatek/clk-mt2712-mm.c | 4 drivers/clk/mediatek/clk-mt2712.c | 24 drivers/clk/mediatek/clk-mt6765.c | 13 drivers/clk/mediatek/clk-mt6779-mm.c | 4 drivers/clk/mediatek/clk-mt6779.c | 21 drivers/clk/mediatek/clk-mt6795-infracfg.c | 3 drivers/clk/mediatek/clk-mt6795-mm.c | 3 drivers/clk/mediatek/clk-mt6795-pericfg.c | 6 drivers/clk/mediatek/clk-mt6795-topckgen.c | 6 drivers/clk/mediatek/clk-mt6797-mm.c | 4 drivers/clk/mediatek/clk-mt6797.c | 7 drivers/clk/mediatek/clk-mt7622-aud.c | 4 drivers/clk/mediatek/clk-mt7622-eth.c | 8 drivers/clk/mediatek/clk-mt7622-hif.c | 8 drivers/clk/mediatek/clk-mt7622.c | 22 drivers/clk/mediatek/clk-mt7629-eth.c | 7 drivers/clk/mediatek/clk-mt7629-hif.c | 8 drivers/clk/mediatek/clk-mt7629.c | 18 drivers/clk/mediatek/clk-mt7986-eth.c | 10 drivers/clk/mediatek/clk-mt7986-infracfg.c | 7 drivers/clk/mediatek/clk-mt7986-topckgen.c | 3 drivers/clk/mediatek/clk-mt8135.c | 18 drivers/clk/mediatek/clk-mt8167-aud.c | 2 drivers/clk/mediatek/clk-mt8167-img.c | 2 drivers/clk/mediatek/clk-mt8167-mfgcfg.c | 2 drivers/clk/mediatek/clk-mt8167-mm.c | 4 drivers/clk/mediatek/clk-mt8167-vdec.c | 3 drivers/clk/mediatek/clk-mt8167.c | 12 drivers/clk/mediatek/clk-mt8173-mm.c | 4 drivers/clk/mediatek/clk-mt8173.c | 34 drivers/clk/mediatek/clk-mt8183-audio.c | 4 drivers/clk/mediatek/clk-mt8183-mm.c | 4 drivers/clk/mediatek/clk-mt8183.c | 36 drivers/clk/mediatek/clk-mt8186-mcu.c | 3 drivers/clk/mediatek/clk-mt8186-mm.c | 3 drivers/clk/mediatek/clk-mt8186-topckgen.c | 9 drivers/clk/mediatek/clk-mt8192-aud.c | 3 drivers/clk/mediatek/clk-mt8192-mm.c | 3 drivers/clk/mediatek/clk-mt8192.c | 90 drivers/clk/mediatek/clk-mt8195-apmixedsys.c | 3 drivers/clk/mediatek/clk-mt8195-topckgen.c | 9 drivers/clk/mediatek/clk-mt8195-vdo0.c | 3 drivers/clk/mediatek/clk-mt8195-vdo1.c | 3 drivers/clk/mediatek/clk-mt8365-mm.c | 5 drivers/clk/mediatek/clk-mt8365.c | 14 drivers/clk/mediatek/clk-mt8516-aud.c | 2 drivers/clk/mediatek/clk-mt8516.c | 12 drivers/clk/mediatek/clk-mtk.c | 127 drivers/clk/mediatek/clk-mtk.h | 13 drivers/clk/mediatek/clk-mux.c | 14 drivers/clk/mediatek/clk-mux.h | 3 drivers/comedi/drivers/vmk80xx.c | 35 drivers/firmware/efi/libstub/Makefile | 7 drivers/firmware/efi/libstub/x86-stub.c | 58 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 78 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_vma.c | 42 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/hid/hid-ids.h | 2 drivers/hid/hid-kye.c | 62 drivers/hid/hid-quirks.c | 6 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 58 drivers/net/dsa/mt7530.h | 6 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 drivers/net/tun.c | 18 drivers/net/usb/ax88179_178a.c | 4 drivers/pci/bus.c | 49 drivers/pci/pci.c | 78 drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 21 drivers/pci/pcie/dpc.c | 5 drivers/pci/quirks.c | 68 drivers/pci/switch/switchtec.c | 158 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 drivers/thunderbolt/quirks.c | 2 drivers/thunderbolt/switch.c | 48 drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/stm32-usart.c | 13 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 15 drivers/usb/core/port.c | 4 drivers/usb/core/quirks.c | 7 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/host/pci-quirks.c | 4 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 9 drivers/usb/serial/option.c | 40 fs/nilfs2/dir.c | 2 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/sysfs/file.c | 2 include/linux/bootconfig.h | 7 include/linux/pci.h | 5 include/linux/pci_ids.h | 2 include/linux/switchtec.h | 1 include/linux/usb/hcd.h | 5 include/linux/usb/quirks.h | 3 include/net/dsa.h | 8 include/net/netfilter/nf_flow_table.h | 12 include/trace/events/rpcgss.h | 4 include/uapi/linux/pci_regs.h | 1 init/main.c | 2 io_uring/io_uring.c | 16 lib/bootconfig.c | 19 mm/memory-failure.c | 18 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/dsa/dsa2.c | 24 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 16 net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 sound/pci/hda/patch_realtek.c | 1 sound/soc/ti/omap3pandora.c | 63 sound/usb/Makefile | 2 sound/usb/mixer_quirks.c | 9 sound/usb/mixer_scarlett2.c | 4391 ++++++++++ sound/usb/mixer_scarlett2.h | 7 sound/usb/mixer_scarlett_gen2.c | 4274 --------- sound/usb/mixer_scarlett_gen2.h | 7 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 198 files changed, 6276 insertions(+), 5630 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Alvaro Karsz (1): PCI: Avoid FLR for SolidRun SNET DPU rev 1 AngeloGioacchino Del Regno (6): clk: mediatek: mt8192: Correctly unregister and free clocks on failure clk: mediatek: mt8192: Propagate struct device for gate clocks clk: mediatek: clk-gate: Propagate struct device with mtk_clk_register_gates() clk: mediatek: clk-mtk: Propagate struct device for composites clk: mediatek: clk-mux: Propagate struct device for mtk-mux clk: mediatek: clk-mtk: Extend mtk_clk_simple_probe() Ard Biesheuvel (20): x86/efi: Drop EFI stub .bss from .data section x86/efi: Disregard setup header of loaded image x86/efistub: Reinstate soft limit for initrd loading x86/efi: Drop alignment flags from PE section headers x86/boot: Remove the 'bugger off' message x86/boot: Omit compression buffer from PE/COFF image memory footprint x86/boot: Drop redundant code setting the root device x86/boot: Drop references to startup_64 x86/boot: Grab kernel_info offset from zoffset header directly x86/boot: Set EFI handover offset directly in header asm x86/boot: Define setup size in linker script x86/boot: Derive file size from _edata symbol x86/boot: Construct PE/COFF .text section from assembler x86/boot: Drop PE/COFF .reloc section x86/boot: Split off PE/COFF .data section x86/boot: Increase section and file alignment to 4k/512 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Arnd Bergmann (1): x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Bjorn Helgaas (1): PCI/DPC: Use FIELD_GET() Brenton Simpson (1): drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christophe JAILLET (1): usb: pci-quirks: Reduce the length of a spinlock section in usb_amd_find_chipset_info() Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Yang (1): HID: kye: Sort kye devices Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dmitry Torokhov (1): ARM: omap2: n8x0: stop instantiating codec platform data Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Geoffrey D. Bennett (7): ALSA: scarlett2: Move USB IDs out from device_info struct ALSA: scarlett2: Add support for Clarett 8Pre USB ALSA: scarlett2: Default mixer driver to enabled ALSA: scarlett2: Add correct product series name to messages ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.1.88 Hardik Gajjar (2): usb: xhci: Add timeout argument in address_device USB HCD callback usb: new quirk to reduce the SET_ADDRESS request timeout Hawking Zhang (1): drm/amdgpu: fix incorrect active rb bitmap for gfx11 Hou Wenlong (2): x86/head/64: Add missing __head annotation to startup_64_load_idt() x86/head/64: Move the __head definition to <asm/init.h> Ilpo Järvinen (1): PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Janusz Krzysztofik (1): drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (1): random: handle creditable entropy from atomic process context Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Kelvin Cao (2): PCI: switchtec: Use normal comment style PCI: switchtec: Add support for PCIe Gen5 devices Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Linus Walleij (1): ASoC: ti: Convert Pandora ASoC to GPIO descriptors Maciej W. Rozycki (1): PCI: Execute quirk_enable_clear_retrain_link() earlier Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Miaohe Lin (1): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (1): ice: tc: allow zero flags in parsing tc flower Mika Westerberg (2): thunderbolt: Log function name of the called quirk thunderbolt: Add debug log for link controller power quirk Mike Pastore (1): PCI: Delay after FLR of Solidigm P44 Pro NVMe Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Pasha Tatashin (1): x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Samuel Thibault (1): speakup: Avoid crash on very long word Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Shay Drory (1): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Tim Huang (1): drm/amdgpu: fix incorrect number of active RBs for gfx11 Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vishal Badole (1): clk: Show active consumers of clocks in debugfs Vladimir Oltean (1): net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yu Zhe (1): clk: remove unnecessary (void*) conversions Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zack Rusin (3): drm/vmwgfx: Enable DMA mappings with SEV drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 6 months

1
1
0 0

Linux 5.15.157

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.157 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/nfs/exporting.rst | 7 Makefile | 2 arch/arm64/mm/pageattr.c | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/x86.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/clk/clk.c | 154 +++++++--- drivers/comedi/drivers/vmk80xx.c | 35 -- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 60 ++- drivers/net/dsa/mt7530.h | 6 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 + drivers/net/tun.c | 18 - drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 + drivers/thunderbolt/switch.c | 48 ++- drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/pmac_zilog.c | 14 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/serial/option.c | 40 ++ fs/btrfs/delayed-inode.c | 3 fs/ksmbd/ksmbd_netlink.h | 3 fs/ksmbd/mgmt/share_config.c | 7 fs/ksmbd/smb2ops.c | 10 fs/ksmbd/smb2pdu.c | 3 fs/ksmbd/transport_ipc.c | 37 ++ fs/lockd/svclock.c | 4 fs/nfsd/nfs4state.c | 10 fs/nilfs2/dir.c | 2 fs/sysfs/file.c | 2 include/linux/bpf.h | 9 include/linux/bpf_verifier.h | 4 include/linux/exportfs.h | 14 include/net/dsa.h | 8 include/net/net_namespace.h | 6 include/net/netfilter/nf_flow_table.h | 33 ++ include/net/netns/flow_table.h | 14 include/trace/events/rpcgss.h | 4 init/main.c | 2 kernel/bpf/btf.c | 93 ++++-- kernel/bpf/verifier.c | 66 +++- kernel/kprobes.c | 18 - kernel/trace/trace_events_trigger.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/dsa/dsa2.c | 24 + net/netfilter/Kconfig | 9 net/netfilter/Makefile | 1 net/netfilter/nf_flow_table_core.c | 62 +++- net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_flow_table_offload.c | 17 - net/netfilter/nf_flow_table_procfs.c | 80 +++++ net/netfilter/nf_tables_api.c | 16 - net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 79 files changed, 971 insertions(+), 319 deletions(-) Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Boris Burkov (1): btrfs: record delayed inode root in transaction Carlos Llamas (1): binder: check offset alignment in binder_get_object() Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Chuck Lever (1): Revert "lockd: introduce safe async lock op" Claudiu Beznea (1): clk: remove extra empty line Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniel Borkmann (4): bpf: Generalize check_ctx_reg for reuse with other types bpf: Generally fix helper register offset check bpf: Fix out of bounds access for ringbuf helpers bpf: Fix ringbuf memory type confusion when passing to helpers Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 5.15.157 Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kumar Kartikeya Dwivedi (1): bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Samuel Thibault (1): speakup: Avoid crash on very long word Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (1): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Siddh Raman Pant (1): Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Mark 'all_lists' as const clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vlad Buslov (1): netfilter: nf_flow_table: count pending offload workqueue tasks Vladimir Oltean (1): net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zack Rusin (1): drm/vmwgfx: Sort primary plane formats by order of preference Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 6 months

1
1
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042720-safeness-stowaway-2308@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042718-handset-kitty-0a0e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042707--b5a0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042706--0fec@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 6 months

1
0
0 0

[PATCH 5.15 00/71] 5.15.157-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.157 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.157-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.157-rc1 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Vladimir Oltean <olteanv(a)gmail.com> net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Vlad Buslov <vladbu(a)nvidia.com> netfilter: nf_flow_table: count pending offload workqueue tasks Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Chuck Lever <chuck.lever(a)oracle.com> Revert "lockd: introduce safe async lock op" Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix ringbuf memory type confusion when passing to helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix out of bounds access for ringbuf helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Generally fix helper register offset check Daniel Borkmann <daniel(a)iogearbox.net> bpf: Generalize check_ctx_reg for reuse with other types Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails ------------- Diffstat: Documentation/filesystems/nfs/exporting.rst | 7 - Makefile | 4 +- arch/arm64/mm/pageattr.c | 3 - arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 ++ arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/x86.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/comedi/drivers/vmk80xx.c | 35 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++---- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 60 +++++--- drivers/net/dsa/mt7530.h | 6 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 +++ drivers/net/tun.c | 18 +-- drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 +++- drivers/thunderbolt/switch.c | 50 +++++-- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ fs/btrfs/delayed-inode.c | 3 + fs/ksmbd/ksmbd_netlink.h | 3 +- fs/ksmbd/mgmt/share_config.c | 7 +- fs/ksmbd/smb2ops.c | 10 +- fs/ksmbd/smb2pdu.c | 3 +- fs/ksmbd/transport_ipc.c | 37 +++++ fs/lockd/svclock.c | 4 +- fs/nfsd/nfs4state.c | 10 +- fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/bpf.h | 9 +- include/linux/bpf_verifier.h | 4 +- include/linux/exportfs.h | 14 -- include/net/dsa.h | 8 ++ include/net/net_namespace.h | 6 + include/net/netfilter/nf_flow_table.h | 33 ++++- include/net/netns/flow_table.h | 14 ++ include/trace/events/rpcgss.h | 4 +- init/main.c | 2 + kernel/bpf/btf.c | 93 ++++++++++--- kernel/bpf/verifier.c | 66 ++++++--- kernel/kprobes.c | 18 ++- kernel/trace/trace_events_trigger.c | 6 +- net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/dsa/dsa2.c | 24 +++- net/netfilter/Kconfig | 9 ++ net/netfilter/Makefile | 1 + net/netfilter/nf_flow_table_core.c | 62 ++++++++- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_flow_table_offload.c | 17 ++- net/netfilter/nf_flow_table_procfs.c | 80 +++++++++++ net/netfilter/nf_tables_api.c | 16 ++- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- 79 files changed, 973 insertions(+), 321 deletions(-)

1 year, 6 months

10
82
0 0

[PATCH 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH 6.6 000/158] 6.6.29-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.29 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.29-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.29-rc1 Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Ignore ftrace locations in exit text sections Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime import/export Christian König <christian.koenig(a)amd.com> drm/amdgpu: remove invalid resource->start check v2 Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix memory leak in create_process failure xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Danny Lin <danny(a)orbstack.dev> fuse: fix leaked ENOSYS error on first statx call Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Peter Xu <peterx(a)redhat.com> mm/userfaultfd: allow hugetlb change protection upon poison entry Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Ard Biesheuvel <ardb(a)kernel.org> arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H David Matlack <dmatlack(a)google.com> KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Add missing memory barrier in switch_mm_cid Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Tony Lindgren <tony(a)atomide.com> serial: core: Fix missing shutdown and startup for serial base port Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Clearing the circular buffer before NULLifying it Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Mauro Carvalho Chehab <mchehab(a)kernel.org> ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: correct the register for pow calibrated data Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Shay Drory <shayd(a)nvidia.com> net/mlx5: E-switch, store eswitch pointer before registering devlink_param Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Vishal Badole <badolevishal1116(a)gmail.com> clk: Show active consumers of clocks in debugfs Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Don't access req_list while it's being manipulated Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: new quirk to reduce the SET_ADDRESS request timeout Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Brenton Simpson <appsforartists(a)google.com> drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Use FIELD_GET() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add correct product series name to messages Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Default mixer driver to enabled Sanath S <Sanath.S(a)amd.com> thunderbolt: Reset topology created by the boot firmware Sanath S <Sanath.S(a)amd.com> thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_path_deactivate_hop() Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_port_reset() Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: handle HAS_IOPORT dependency for UHCI handoff Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: handle HAS_IOPORT dependency for AMD quirk Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: group AMD specific quirk code together Linus Walleij <linus.walleij(a)linaro.org> ASoC: ti: Convert Pandora ASoC to GPIO descriptors Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add support for Clarett 8Pre USB Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: make -fstrict-flex-arrays=3 happy Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Add a missing NULL check Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix WED + wifi reset Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: swnode: Remove wrong header inclusion Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: Properly fix receive message buffer allocation Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix port mirroring for MT7988 SoC switch Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix checking for unsupported keys on non-tunnel device Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: check src_vsi in case of traffic from VF Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix IP-cores specific MAC capabilities Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix max-speed being ignored on queue re-init Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only Asbjørn Sloth Tønnesen <ast(a)fiberby.net> octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: sparx5: flower: fix fragment flags handling Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Modify range-based tlbi to decrement scale Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: videobuf2: request more buffers for vb2_read Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: populate SSPP scaler block version John Stultz <jstultz(a)google.com> selftests: timers: Fix posix_timers ksft_print_msg() warning NeilBrown <neilb(a)suse.de> ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Xiubo Li <xiubli(a)redhat.com> ceph: rename _to_client() to _to_fs_client() Xiubo Li <xiubli(a)redhat.com> ceph: pass the mdsc to several helpers Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Oleg Nesterov <oleg(a)redhat.com> selftests/timers/posix_timers: Reimplement check_timer_distribution() Mark Brown <broonie(a)kernel.org> selftests: timers: Convert posix_timers test to generate KTAP output Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable live M/N updates when using bigjoiner Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Adjust seamless_m_n flag behaviour Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Enable VRR later during fastsets Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Extract intel_crtc_vblank_evade_scanlines() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Change intel_pipe_update_{start,end}() calling convention Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix voltage_level programming edge case Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix FEC pipe A vs. DDI A mixup Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Steve French <stfrench(a)microsoft.com> smb3: show beginning time for per share stats Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Paulo Alcantara <pc(a)manguebit.com> smb: client: remove extra @chan_count check in __cifs_put_smb_ses() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/mach-omap2/pdata-quirks.c | 10 + arch/arm64/include/asm/tlbflush.h | 40 ++-- arch/arm64/kernel/head.S | 5 + arch/arm64/mm/pageattr.c | 3 - arch/powerpc/include/asm/ftrace.h | 10 +- arch/powerpc/include/asm/sections.h | 1 + arch/powerpc/kernel/trace/ftrace.c | 12 + arch/powerpc/kernel/trace/ftrace_64_pg.c | 5 + arch/powerpc/kernel/vmlinux.lds.S | 2 + arch/x86/include/asm/barrier.h | 3 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 + arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/mmu/tdp_mmu.c | 21 +- arch/x86/kvm/vmx/vmx.c | 24 +- arch/x86/kvm/x86.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 195 ++++++++++++---- drivers/clk/mediatek/clk-mtk.c | 15 ++ drivers/comedi/drivers/vmk80xx.c | 35 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 +++--- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 - drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/display/intel_atomic.c | 1 + drivers/gpu/drm/i915/display/intel_cdclk.c | 37 ++- drivers/gpu/drm/i915/display/intel_crtc.c | 96 +++++--- drivers/gpu/drm/i915/display/intel_crtc.h | 6 +- drivers/gpu/drm/i915/display/intel_display.c | 43 ++-- .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_display_types.h | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 13 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/i915_vma.c | 42 +++- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 8 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 8 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 ++++++-- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/radeon/radeon_atombios.c | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 ++- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 +++ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 ++-- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/interconnect/core.c | 8 + drivers/media/common/videobuf2/videobuf2-core.c | 9 +- drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 38 ++- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 +- drivers/net/ethernet/mediatek/mtk_wed.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- .../ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 +++-- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 +-- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 ++ drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 4 +- drivers/net/virtio_net.c | 27 ++- drivers/pci/bus.c | 49 ++-- drivers/pci/pci.c | 78 ++++--- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 21 +- drivers/pci/pcie/dpc.c | 5 +- drivers/pci/quirks.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 ++- drivers/s390/net/ism_drv.c | 37 ++- drivers/scsi/scsi_lib.c | 7 +- drivers/thunderbolt/domain.c | 5 +- drivers/thunderbolt/icm.c | 2 +- drivers/thunderbolt/lc.c | 45 ++++ drivers/thunderbolt/nhi.c | 19 +- drivers/thunderbolt/path.c | 13 ++ drivers/thunderbolt/switch.c | 180 +++++++++++++-- drivers/thunderbolt/tb.c | 30 ++- drivers/thunderbolt/tb.h | 10 +- drivers/thunderbolt/tb_regs.h | 6 + drivers/thunderbolt/usb4.c | 52 ++++- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/serial_base.h | 4 + drivers/tty/serial/serial_core.c | 21 +- drivers/tty/serial/serial_port.c | 34 +++ drivers/tty/serial/stm32-usart.c | 13 +- drivers/ufs/host/ufs-qcom.c | 8 +- drivers/usb/Kconfig | 10 + drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hcd-pci.c | 3 +- drivers/usb/core/hub.c | 15 +- drivers/usb/core/port.c | 4 +- drivers/usb/core/quirks.c | 7 + drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/host/pci-quirks.c | 144 ++++++------ drivers/usb/host/pci-quirks.h | 34 ++- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/serial/option.c | 40 ++++ fs/ceph/addr.c | 22 +- fs/ceph/cache.c | 2 +- fs/ceph/caps.c | 53 +++-- fs/ceph/crypto.c | 2 +- fs/ceph/debugfs.c | 4 +- fs/ceph/dir.c | 24 +- fs/ceph/export.c | 10 +- fs/ceph/file.c | 26 +-- fs/ceph/inode.c | 14 +- fs/ceph/ioctl.c | 8 +- fs/ceph/mds_client.c | 41 ++-- fs/ceph/mds_client.h | 3 +- fs/ceph/mdsmap.c | 3 +- fs/ceph/snap.c | 18 +- fs/ceph/super.c | 22 +- fs/ceph/super.h | 13 +- fs/ceph/xattr.c | 12 +- fs/fuse/dir.c | 1 + fs/nilfs2/dir.c | 2 +- fs/smb/client/cifs_debug.c | 6 +- fs/smb/client/cifsglob.h | 3 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 135 ++++++----- fs/smb/client/dfs.c | 51 ++-- fs/smb/client/dfs.h | 33 ++- fs/smb/client/dfs_cache.c | 53 ++--- fs/smb/client/misc.c | 7 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/sysfs/file.c | 2 + include/asm-generic/barrier.h | 8 + include/linux/bootconfig.h | 7 +- include/linux/ceph/mdsmap.h | 5 +- include/linux/gpio/property.h | 1 - include/linux/pci.h | 5 + include/linux/shmem_fs.h | 9 + include/linux/swapops.h | 65 +++--- include/linux/udp.h | 2 +- include/linux/usb/hcd.h | 22 +- include/linux/usb/quirks.h | 3 + include/net/netfilter/nf_flow_table.h | 12 +- include/trace/events/rpcgss.h | 4 +- include/uapi/linux/pci_regs.h | 1 + init/main.c | 2 + io_uring/io_uring.c | 26 +-- kernel/sched/sched.h | 20 +- lib/bootconfig.c | 19 +- mm/hugetlb.c | 10 +- mm/memory-failure.c | 18 +- mm/shmem.c | 6 - net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 16 +- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- sound/core/seq/seq_ump_convert.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/hda/tas2781_hda_i2c.c | 4 +- sound/soc/ti/omap3pandora.c | 63 ++--- sound/usb/Makefile | 2 +- sound/usb/mixer_quirks.c | 9 +- .../{mixer_scarlett_gen2.c => mixer_scarlett2.c} | 257 +++++++++++++++------ sound/usb/mixer_scarlett2.h | 7 + sound/usb/mixer_scarlett_gen2.h | 7 - tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/kselftest.h | 13 ++ tools/testing/selftests/net/udpgso.c | 2 +- tools/testing/selftests/timers/posix_timers.c | 156 ++++++------- 208 files changed, 2654 insertions(+), 1290 deletions(-)

1 year, 6 months

11
170
0 0

[PATCH net v2 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 6 months

2
3
0 0

+ kmsan-compiler_types-declare-__no_sanitize_or_inline.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: compiler_types: declare __no_sanitize_or_inline has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-compiler_types-declare-__no_sanitize_or_inline.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: compiler_types: declare __no_sanitize_or_inline Date: Fri, 26 Apr 2024 11:16:22 +0200 It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Link: https://lkml.kernel.org/r/20240426091622.3846771-1-glider@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Signed-off-by: Alexander Potapenko <glider(a)google.com> Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Cc: <stable(a)vger.kernel.org> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/include/linux/compiler_types.h~kmsan-compiler_types-declare-__no_sanitize_or_inline +++ a/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif _ Patches currently in -mm which might be from glider(a)google.com are kmsan-compiler_types-declare-__no_sanitize_or_inline.patch

1 year, 6 months

1
0
0 0

+ mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() Date: Fri, 26 Apr 2024 19:29:38 +0800 See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Link: https://lkml.kernel.org/r/20240426112938.124740-1-wangkefeng.wang@huawei.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Zhang Yi <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/readahead.c~mm-use-memalloc_nofs_save-in-page_cache_ra_order +++ a/mm/readahead.c @@ -490,6 +490,7 @@ void page_cache_ra_order(struct readahea pgoff_t index = readahead_index(ractl); pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT; pgoff_t mark = index + ra->size - ra->async_size; + unsigned int nofs; int err = 0; gfp_t gfp = readahead_gfp_mask(mapping); @@ -504,6 +505,8 @@ void page_cache_ra_order(struct readahea new_order = min_t(unsigned int, new_order, ilog2(ra->size)); } + /* See comment in page_cache_ra_unbounded() */ + nofs = memalloc_nofs_save(); filemap_invalidate_lock_shared(mapping); while (index <= limit) { unsigned int order = new_order; @@ -527,6 +530,7 @@ void page_cache_ra_order(struct readahea read_pages(ractl); filemap_invalidate_unlock_shared(mapping); + memalloc_nofs_restore(nofs); /* * If there were already pages in the page cache, then we may have _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch arm64-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch arm-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch mm-move-mm-counter-updating-out-of-set_pte_range.patch mm-filemap-batch-mm-counter-updating-in-filemap_map_pages.patch mm-swapfile-check-usable-swap-device-in-__folio_throttle_swaprate.patch mm-memory-check-userfaultfd_wp-in-vmf_orig_pte_uffd_wp.patch

1 year, 6 months

1
0
0 0

[PATCH net v2 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH net v2 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH v2] serial: kgdboc: Fix NMI-safety problems from keyboard reset code

by Daniel Thompson

Currently, when kdb is compiled with keyboard support, then we will use schedule_work() to provoke reset of the keyboard status. Unfortunately schedule_work() gets called from the kgdboc post-debug-exception handler. That risks deadlock since schedule_work() is not NMI-safe and, even on platforms where the NMI is not directly used for debugging, the debug trap can have NMI-like behaviour depending on where breakpoints are placed. Fix this by using the irq work system, which is NMI-safe, to defer the call to schedule_work() to a point when it is safe to call. Reported-by: Liuye <liu.yeC(a)h3c.com> Closes: https://lore.kernel.org/all/20240228025602.3087748-1-liu.yeC@h3c.com/ Cc: stable(a)vger.kernel.org Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- @Greg: I'm assuming this could/should go via your tree but feel free to share an ack if you want me to hoover it up instead. Changes in v2: - Fix typo in the big comment (thanks Doug) - Link to v1: https://lore.kernel.org/r/20240419-kgdboc_fix_schedule_work-v1-1-ff19881677… --- drivers/tty/serial/kgdboc.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c index 7ce7bb1640054..58ea1e1391cee 100644 --- a/drivers/tty/serial/kgdboc.c +++ b/drivers/tty/serial/kgdboc.c @@ -19,6 +19,7 @@ #include <linux/console.h> #include <linux/vt_kern.h> #include <linux/input.h> +#include <linux/irq_work.h> #include <linux/module.h> #include <linux/platform_device.h> #include <linux/serial_core.h> @@ -48,6 +49,25 @@ static struct kgdb_io kgdboc_earlycon_io_ops; static int (*earlycon_orig_exit)(struct console *con); #endif /* IS_BUILTIN(CONFIG_KGDB_SERIAL_CONSOLE) */ +/* + * When we leave the debug trap handler we need to reset the keyboard status + * (since the original keyboard state gets partially clobbered by kdb use of + * the keyboard). + * + * The path to deliver the reset is somewhat circuitous. + * + * To deliver the reset we register an input handler, reset the keyboard and + * then deregister the input handler. However, to get this done right, we do + * have to carefully manage the calling context because we can only register + * input handlers from task context. + * + * In particular we need to trigger the action from the debug trap handler with + * all its NMI and/or NMI-like oddities. To solve this the kgdboc trap exit code + * (the "post_exception" callback) uses irq_work_queue(), which is NMI-safe, to + * schedule a callback from a hardirq context. From there we have to defer the + * work again, this time using schedule_work(), to get a callback using the + * system workqueue, which runs in task context. + */ #ifdef CONFIG_KDB_KEYBOARD static int kgdboc_reset_connect(struct input_handler *handler, struct input_dev *dev, @@ -99,10 +119,17 @@ static void kgdboc_restore_input_helper(struct work_struct *dummy) static DECLARE_WORK(kgdboc_restore_input_work, kgdboc_restore_input_helper); +static void kgdboc_queue_restore_input_helper(struct irq_work *unused) +{ + schedule_work(&kgdboc_restore_input_work); +} + +static DEFINE_IRQ_WORK(kgdboc_restore_input_irq_work, kgdboc_queue_restore_input_helper); + static void kgdboc_restore_input(void) { if (likely(system_state == SYSTEM_RUNNING)) - schedule_work(&kgdboc_restore_input_work); + irq_work_queue(&kgdboc_restore_input_irq_work); } static int kgdboc_register_kbd(char **cptr) @@ -133,6 +160,7 @@ static void kgdboc_unregister_kbd(void) i--; } } + irq_work_sync(&kgdboc_restore_input_irq_work); flush_work(&kgdboc_restore_input_work); } #else /* ! CONFIG_KDB_KEYBOARD */ --- base-commit: 0bbac3facb5d6cc0171c45c9873a2dc96bea9680 change-id: 20240419-kgdboc_fix_schedule_work-f0cb44b8a354 Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 6 months

2
2
0 0

[PATCH v3 0/7] kdb: Refactor and fix bugs in kdb_read()

by Daniel Thompson

Inspired by a patch from [Justin][1] I took a closer look at kdb_read(). Despite Justin's patch being a (correct) one-line manipulation it was a tough patch to review because the surrounding code was hard to read and it looked like there were unfixed problems. This series isn't enough to make kdb_read() beautiful but it does make it shorter, easier to reason about and fixes two buffer overflows and a screen redraw problem! [1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1… Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- Changes in v3: - Collected tags from v2 - Added comment to describe the hidden depths of kdb_position_cursor() (thanks Doug) - Fixed a couple of typos in the patch descriptions (thanks Doug) - Link to v2: https://lore.kernel.org/r/20240422-kgdb_read_refactor-v2-0-ed51f7d145fe@lin… Changes in v2: - No code changes! - I belatedly realized that one of the cleanups actually fixed a buffer overflow so there are changes to Cc: (to add stable@...) and to one of the patch descriptions. - Link to v1: https://lore.kernel.org/r/20240416-kgdb_read_refactor-v1-0-b18c2d01076d@lin… --- Daniel Thompson (7): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Replace double memcpy() with memmove() in kdb_read() kdb: Simplify management of tmpbuffer in kdb_read() kernel/debug/kdb/kdb_io.c | 153 +++++++++++++++++++++++----------------------- 1 file changed, 78 insertions(+), 75 deletions(-) --- base-commit: dccce9b8780618986962ba37c373668bcf426866 change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 6 months

1
6
0 0

[PATCH 2/2] drm/nouveau/gsp: Use the sg allocator for level 2 of radix3

by Lyude Paul

Currently we allocate all 3 levels of radix3 page tables using nvkm_gsp_mem_ctor(), which uses dma_alloc_coherent() for allocating all of the relevant memory. This can end up failing in scenarios where the system has very high memory fragmentation, and we can't find enough contiguous memory to allocate level 2 of the page table. Currently, this can result in runtime PM issues on systems where memory fragmentation is high - as we'll fail to allocate the page table for our suspend/resume buffer: kworker/10:2: page allocation failure: order:7, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 10 PID: 479809 Comm: kworker/10:2 Not tainted 6.8.6-201.ChopperV6.fc39.x86_64 #1 Hardware name: SLIMBOOK Executive/Executive, BIOS N.1.10GRU06 02/02/2024 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x64/0x80 warn_alloc+0x165/0x1e0 ? __alloc_pages_direct_compact+0xb3/0x2b0 __alloc_pages_slowpath.constprop.0+0xd7d/0xde0 __alloc_pages+0x32d/0x350 __dma_direct_alloc_pages.isra.0+0x16a/0x2b0 dma_direct_alloc+0x70/0x270 nvkm_gsp_radix3_sg+0x5e/0x130 [nouveau] r535_gsp_fini+0x1d4/0x350 [nouveau] nvkm_subdev_fini+0x67/0x150 [nouveau] nvkm_device_fini+0x95/0x1e0 [nouveau] nvkm_udevice_fini+0x53/0x70 [nouveau] nvkm_object_fini+0xb9/0x240 [nouveau] nvkm_object_fini+0x75/0x240 [nouveau] nouveau_do_suspend+0xf5/0x280 [nouveau] nouveau_pmops_runtime_suspend+0x3e/0xb0 [nouveau] pci_pm_runtime_suspend+0x67/0x1e0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 __rpm_callback+0x41/0x170 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_callback+0x5d/0x70 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_suspend+0x120/0x6a0 pm_runtime_work+0x98/0xb0 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Luckily, we don't actually need to allocate coherent memory for the page table thanks to being able to pass the GPU a radix3 page table for suspend/resume data. So, let's rewrite nvkm_gsp_radix3_sg() to use the sg allocator for level 2. We continue using coherent allocations for lvl0 and 1, since they only take a single page. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 71 ++++++++++++------- 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h index 6f5d376d8fcc1..a11d16a16c3b2 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h @@ -15,7 +15,9 @@ struct nvkm_gsp_mem { }; struct nvkm_gsp_radix3 { - struct nvkm_gsp_mem mem[3]; + struct nvkm_gsp_mem lvl0; + struct nvkm_gsp_mem lvl1; + struct sg_table lvl2; }; int nvkm_gsp_sg(struct nvkm_device *, u64 size, struct sg_table *); diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c index 9858c1438aa7f..2bf9077d37118 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c @@ -1624,7 +1624,7 @@ r535_gsp_wpr_meta_init(struct nvkm_gsp *gsp) meta->magic = GSP_FW_WPR_META_MAGIC; meta->revision = GSP_FW_WPR_META_REVISION; - meta->sysmemAddrOfRadix3Elf = gsp->radix3.mem[0].addr; + meta->sysmemAddrOfRadix3Elf = gsp->radix3.lvl0.addr; meta->sizeOfRadix3Elf = gsp->fb.wpr2.elf.size; meta->sysmemAddrOfBootloader = gsp->boot.fw.addr; @@ -1919,8 +1919,9 @@ nvkm_gsp_sg(struct nvkm_device *device, u64 size, struct sg_table *sgt) static void nvkm_gsp_radix3_dtor(struct nvkm_gsp *gsp, struct nvkm_gsp_radix3 *rx3) { - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) - nvkm_gsp_mem_dtor(gsp, &rx3->mem[i]); + nvkm_gsp_sg_free(gsp->subdev.device, &rx3->lvl2); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } /** @@ -1960,36 +1961,52 @@ static int nvkm_gsp_radix3_sg(struct nvkm_gsp *gsp, struct sg_table *sgt, u64 size, struct nvkm_gsp_radix3 *rx3) { - u64 addr; + struct sg_dma_page_iter sg_dma_iter; + struct scatterlist *sg; + size_t bufsize; + u64 *pte; + int ret, i, page_idx = 0; - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) { - u64 *ptes; - size_t bufsize; - int ret, idx; - - bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); - ret = nvkm_gsp_mem_ctor(gsp, bufsize, &rx3->mem[i]); - if (ret) - return ret; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl0); + if (ret) + return ret; - ptes = rx3->mem[i].data; - if (i == 2) { - struct scatterlist *sgl; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl1); + if (ret) + goto lvl1_fail; - for_each_sgtable_dma_sg(sgt, sgl, idx) { - for (int j = 0; j < sg_dma_len(sgl) / GSP_PAGE_SIZE; j++) - *ptes++ = sg_dma_address(sgl) + (GSP_PAGE_SIZE * j); - } - } else { - for (int j = 0; j < size / GSP_PAGE_SIZE; j++) - *ptes++ = addr + GSP_PAGE_SIZE * j; + // Allocate level 2 + bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); + ret = nvkm_gsp_sg(gsp->subdev.device, bufsize, &rx3->lvl2); + if (ret) + goto lvl2_fail; + + // Write the bus address of level 1 to level 0 + pte = rx3->lvl0.data; + *pte = rx3->lvl1.addr; + + // Write the bus address of each page in level 2 to level 1 + pte = rx3->lvl1.data; + for_each_sgtable_dma_page(&rx3->lvl2, &sg_dma_iter, 0) + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + + // Finally, write the bus address of each page in sgt to level 2 + for_each_sgtable_sg(&rx3->lvl2, sg, i) { + pte = sg_virt(sg); + for_each_sgtable_dma_page(sgt, &sg_dma_iter, page_idx) { + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + page_idx++; } + } - size = rx3->mem[i].size; - addr = rx3->mem[i].addr; + if (ret) { +lvl2_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); +lvl1_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } - return 0; + return ret; } int @@ -2021,7 +2038,7 @@ r535_gsp_fini(struct nvkm_gsp *gsp, bool suspend) sr = gsp->sr.meta.data; sr->magic = GSP_FW_SR_META_MAGIC; sr->revision = GSP_FW_SR_META_REVISION; - sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.mem[0].addr; + sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.lvl0.addr; sr->sizeOfSuspendResumeData = len; mbox0 = lower_32_bits(gsp->sr.meta.addr); -- 2.44.0

1 year, 6 months

1
0
0 0

[PATCH] arm64: tegra: correct Tegra132 I2C alias

by Krzysztof Kozlowski

There is no such device as "as3722@40", because its name is "pmic". Use phandles for aliases to fix relying on full node path. This corrects aliases for RTC devices and also fixes dtc W=1 warning: tegra132-norrin.dts:12.3-36: Warning (alias_paths): /aliases:rtc0: aliases property is not a valid node (/i2c@7000d000/as3722@40) Fixes: 0f279ebdf3ce ("arm64: tegra: Add NVIDIA Tegra132 Norrin support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 ++-- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts b/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts index 14d58859bb55..683ac124523b 100644 --- a/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts +++ b/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts @@ -9,8 +9,8 @@ / { compatible = "nvidia,norrin", "nvidia,tegra132", "nvidia,tegra124"; aliases { - rtc0 = "/i2c@7000d000/as3722@40"; - rtc1 = "/rtc@7000e000"; + rtc0 = &as3722; + rtc1 = &tegra_rtc; serial0 = &uarta; }; diff --git a/arch/arm64/boot/dts/nvidia/tegra132.dtsi b/arch/arm64/boot/dts/nvidia/tegra132.dtsi index 7e24a212c7e4..5bcccfef3f7f 100644 --- a/arch/arm64/boot/dts/nvidia/tegra132.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra132.dtsi @@ -572,7 +572,7 @@ spi@7000de00 { status = "disabled"; }; - rtc@7000e000 { + tegra_rtc: rtc@7000e000 { compatible = "nvidia,tegra124-rtc", "nvidia,tegra20-rtc"; reg = <0x0 0x7000e000 0x0 0x100>; interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>; -- 2.34.1

1 year, 6 months

3
2
0 0

[PATCH] perf/x86/intel: Add a distinct name for Granite Rapids

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Currently, the Sapphire Rapids and Granite Rapids share the same PMU name, sapphire_rapids. Because from the kernel’s perspective, GNR is similar to SPR. The only key difference is that they support different extra MSRs. The code path and the PMU name are shared. However, from end users' perspective, they are quite different. Besides the extra MSRs, GNR has a newer PEBS format, supports Retire Latency, supports new CPUID enumeration architecture, doesn't required the load-latency AUX event, has additional TMA Level 1 Architectural Events, etc. The differences can be enumerated by CPUID or the PERF_CAPABILITIES MSR. They weren't reflected in the model-specific kernel setup. But it is worth to have a distinct PMU name for GNR. Fixes: a6742cb90b56 ("perf/x86/intel: Fix the FRONTEND encoding on GNR and MTL") Suggested-by: Ahmad Yasin <ahmad.yasin(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index f3315f13f920..da38a16b2cbc 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -6768,12 +6768,17 @@ __init int intel_pmu_init(void) case INTEL_FAM6_EMERALDRAPIDS_X: x86_pmu.flags |= PMU_FL_MEM_LOADS_AUX; x86_pmu.extra_regs = intel_glc_extra_regs; + pr_cont("Sapphire Rapids events, "); + name = "sapphire_rapids"; fallthrough; case INTEL_FAM6_GRANITERAPIDS_X: case INTEL_FAM6_GRANITERAPIDS_D: intel_pmu_init_glc(NULL); - if (!x86_pmu.extra_regs) + if (!x86_pmu.extra_regs) { x86_pmu.extra_regs = intel_rwc_extra_regs; + pr_cont("Granite Rapids events, "); + name = "granite_rapids"; + } x86_pmu.pebs_ept = 1; x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = glc_get_event_constraints; @@ -6784,8 +6789,6 @@ __init int intel_pmu_init(void) td_attr = glc_td_events_attrs; tsx_attr = glc_tsx_events_attrs; intel_pmu_pebs_data_source_skl(true); - pr_cont("Sapphire Rapids events, "); - name = "sapphire_rapids"; break; case INTEL_FAM6_ALDERLAKE: -- 2.35.1

1 year, 6 months

1
0
0 0

[PATCH] Bluetooth: qca: fix invalid device address check

by Johan Hovold

Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This was previously believed to be due to lack of persistent storage for the address but it may also be due to integrators opting to not use the on-chip OTP memory and instead store the address elsewhere (e.g. in storage managed by secure world firmware). According to Qualcomm, at least WCN6750, WCN6855 and WCN7850 have on-chip OTP storage for the address. As the device type alone cannot be used to determine when the address is valid, instead read back the address during setup() and only set the HCI_QUIRK_USE_BDADDR_PROPERTY flag when needed. This specifically makes sure that controllers that have been provisioned with an address do not start as unconfigured. Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Link: https://lore.kernel.org/r/124a7d54-5a18-4be7-9a76-a12017f6cce5@quicinc.com/ Fixes: 5971752de44c ("Bluetooth: hci_qca: Set HCI_QUIRK_USE_BDADDR_PROPERTY for wcn3990") Fixes: e668eb1e1578 ("Bluetooth: hci_core: Don't stop BT if the BD address missing in dts") Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk") Cc: stable(a)vger.kernel.org # 6.5 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 38 +++++++++++++++++++++++++++++++++++++ drivers/bluetooth/hci_qca.c | 2 -- 2 files changed, 38 insertions(+), 2 deletions(-) Matthias and Doug, As Chromium is the only known user of the 'local-bd-address' property, could you please confirm that your controllers use the 00:00:00:00:5a:ad address by default so that the quirk continues to be set as intended? Johan diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 19cfc342fc7b..216826c31ee3 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,6 +15,8 @@ #define VERSION "0.1" +#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) + int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); +static int qca_check_bdaddr(struct hci_dev *hdev) +{ + struct hci_rp_read_bd_addr *bda; + struct sk_buff *skb; + int err; + + if (bacmp(&hdev->public_addr, BDADDR_ANY)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "Failed to read device address (%d)", err); + return err; + } + + if (skb->len != sizeof(*bda)) { + bt_dev_err(hdev, "Device address length mismatch"); + kfree_skb(skb); + return -EIO; + } + + bda = (struct hci_rp_read_bd_addr *)skb->data; + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + kfree_skb(skb); + + return 0; +} + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, struct qca_btsoc_version ver, u8 rom_ver, u16 bid) { @@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } + err = qca_check_bdaddr(hdev); + if (err) + return err; + bt_dev_info(hdev, "QCA setup on UART is completed"); return 0; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index ecbc52eaf101..92fa20f5ac7d 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1905,8 +1905,6 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - qcadev = serdev_device_get_drvdata(hu->serdev); if (qcadev->bdaddr_property_broken) set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); -- 2.43.2

1 year, 6 months

5
14
0 0

[PATCH 4/6] HID: i2c-hid: elan: fix reset suspend current leakage

by Johan Hovold

The Elan eKTH5015M touch controller found on the Lenovo ThinkPad X13s shares the VCC33 supply with other peripherals that may remain powered during suspend (e.g. when enabled as wakeup sources). The reset line is also wired so that it can be left deasserted when the supply is off. This is important as it avoids holding the controller in reset for extended periods of time when it remains powered, which can lead to increased power consumption, and also avoids leaking current through the X13s reset circuitry during suspend (and after driver unbind). Use the new 'no-reset-on-power-off' devicetree property to determine when reset needs to be asserted on power down. Notably this also avoids wasting power on machine variants without a touchscreen for which the driver would otherwise exit probe with reset asserted. Fixes: bd3cba00dcc6 ("HID: i2c-hid: elan: Add support for Elan eKTH6915 i2c-hid touchscreens") Cc: stable(a)vger.kernel.org # 6.0 Cc: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 37 ++++++++++++++++++++------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/drivers/hid/i2c-hid/i2c-hid-of-elan.c b/drivers/hid/i2c-hid/i2c-hid-of-elan.c index 5b91fb106cfc..8a905027d5e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of-elan.c +++ b/drivers/hid/i2c-hid/i2c-hid-of-elan.c @@ -31,6 +31,7 @@ struct i2c_hid_of_elan { struct regulator *vcc33; struct regulator *vccio; struct gpio_desc *reset_gpio; + bool no_reset_on_power_off; const struct elan_i2c_hid_chip_data *chip_data; }; @@ -40,17 +41,17 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) container_of(ops, struct i2c_hid_of_elan, ops); int ret; + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->vcc33) { ret = regulator_enable(ihid_elan->vcc33); if (ret) - return ret; + goto err_deassert_reset; } ret = regulator_enable(ihid_elan->vccio); - if (ret) { - regulator_disable(ihid_elan->vcc33); - return ret; - } + if (ret) + goto err_disable_vcc33; if (ihid_elan->chip_data->post_power_delay_ms) msleep(ihid_elan->chip_data->post_power_delay_ms); @@ -60,6 +61,15 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) msleep(ihid_elan->chip_data->post_gpio_reset_on_delay_ms); return 0; + +err_disable_vcc33: + if (ihid_elan->vcc33) + regulator_disable(ihid_elan->vcc33); +err_deassert_reset: + if (ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 0); + + return ret; } static void elan_i2c_hid_power_down(struct i2chid_ops *ops) @@ -67,7 +77,14 @@ static void elan_i2c_hid_power_down(struct i2chid_ops *ops) struct i2c_hid_of_elan *ihid_elan = container_of(ops, struct i2c_hid_of_elan, ops); - gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + /* + * Do not assert reset when the hardware allows for it to remain + * deasserted regardless of the state of the (shared) power supply to + * avoid wasting power when the supply is left on. + */ + if (!ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->chip_data->post_gpio_reset_off_delay_ms) msleep(ihid_elan->chip_data->post_gpio_reset_off_delay_ms); @@ -87,12 +104,14 @@ static int i2c_hid_of_elan_probe(struct i2c_client *client) ihid_elan->ops.power_up = elan_i2c_hid_power_up; ihid_elan->ops.power_down = elan_i2c_hid_power_down; - /* Start out with reset asserted */ - ihid_elan->reset_gpio = - devm_gpiod_get_optional(&client->dev, "reset", GPIOD_OUT_HIGH); + ihid_elan->reset_gpio = devm_gpiod_get_optional(&client->dev, "reset", + GPIOD_ASIS); if (IS_ERR(ihid_elan->reset_gpio)) return PTR_ERR(ihid_elan->reset_gpio); + ihid_elan->no_reset_on_power_off = of_property_read_bool(client->dev.of_node, + "no-reset-on-power-off"); + ihid_elan->vccio = devm_regulator_get(&client->dev, "vccio"); if (IS_ERR(ihid_elan->vccio)) return PTR_ERR(ihid_elan->vccio); -- 2.43.2

1 year, 6 months

3
4
0 0

[PATCH v2] kmsan: compiler_types: declare __no_sanitize_or_inline

by Alexander Potapenko

It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 0caf354cb94b5..a6a28952836cb 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif -- 2.44.0.769.g3c40516874-goog

1 year, 6 months

1
0
0 0

[PATCH] drm/vmwgfx: Fix invalid reads in fence signaled events

by Zack Rusin

Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8b7de6aa8468 ("vmwgfx: Rework fence event action") Reported-by: zdi-disclosures(a)trendmicro.com # ZDI-CAN-23566 Cc: David Airlie <airlied(a)gmail.com> CC: Daniel Vetter <daniel(a)ffwll.ch> Cc: Zack Rusin <zack.rusin(a)broadcom.com> Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v3.4+ --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 2a0cda324703..5efc6a766f64 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -991,7 +991,7 @@ static int vmw_event_fence_action_create(struct drm_file *file_priv, } event->event.base.type = DRM_VMW_EVENT_FENCE_SIGNALED; - event->event.base.length = sizeof(*event); + event->event.base.length = sizeof(event->event); event->event.user_data = user_data; ret = drm_event_reserve_init(dev, file_priv, &event->base, &event->event.base); -- 2.40.1

1 year, 6 months

3
2
0 0

[PATCH] drm/vmwgfx: Fix Legacy Display Unit

by Ian Forbes

Legacy DU was broken by the referenced fixes commit because the placement and the busy_placement no longer pointed to the same object. This was later fixed indirectly by commit a78a8da51b36c7a0c0c16233f91d60aac03a5a49 ("drm/ttm: replace busy placement with flags v6") in v6.9. Fixes: 39985eea5a6d ("drm/vmwgfx: Abstract placement selection") Signed-off-by: Ian Forbes <ian.forbes(a)broadcom.com> Cc: <stable(a)vger.kernel.org> # v6.4+ --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 2bfac3aad7b7..98e73eb0ccf1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -204,6 +204,7 @@ int vmw_bo_pin_in_start_of_vram(struct vmw_private *dev_priv, VMW_BO_DOMAIN_VRAM, VMW_BO_DOMAIN_VRAM); buf->places[0].lpfn = PFN_UP(bo->resource->size); + buf->busy_places[0].lpfn = PFN_UP(bo->resource->size); ret = ttm_bo_validate(bo, &buf->placement, &ctx); /* For some reason we didn't end up at the start of vram */ -- 2.34.1

1 year, 6 months

3
2
0 0

FAILED: patch "[PATCH] fork: defer linking file vma until vma is fully initialized" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042319-freeing-degree-ca0d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Wed, 10 Apr 2024 17:14:41 +0800 Subject: [PATCH] fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..aebb3e6c96dc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out;

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] drm/xe/vm: prevent UAF with asid based lookup" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x ca7c52ac7ad384bcf299d89482c45fec7cd00da9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042358-esteemed-fastball-c2d8@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: ca7c52ac7ad3 ("drm/xe/vm: prevent UAF with asid based lookup") 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") be7d51c5b468 ("drm/xe: Add batch buffer addresses to devcoredump") 4376cee62092 ("drm/xe: Print more device information in devcoredump") 98fefec8c381 ("drm/xe: Change devcoredump functions parameters to xe_sched_job") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ca7c52ac7ad384bcf299d89482c45fec7cd00da9 Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 12 Apr 2024 12:31:45 +0100 Subject: [PATCH] drm/xe/vm: prevent UAF with asid based lookup The asid is only erased from the xarray when the vm refcount reaches zero, however this leads to potential UAF since the xe_vm_get() only works on a vm with refcount != 0. Since the asid is allocated in the vm create ioctl, rather erase it when closing the vm, prior to dropping the potential last ref. This should also work when user closes driver fd without explicit vm destroy. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240412113144.259426-4-matth… (cherry picked from commit 83967c57320d0d01ae512f10e79213f81e4bf594) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 62d1ef8867a8..3d4c8f342e21 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1577,6 +1577,16 @@ void xe_vm_close_and_put(struct xe_vm *vm) xe->usm.num_vm_in_fault_mode--; else if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe->usm.num_vm_in_non_fault_mode--; + + if (vm->usm.asid) { + void *lookup; + + xe_assert(xe, xe->info.has_asid); + xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION)); + + lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); + xe_assert(xe, lookup == vm); + } mutex_unlock(&xe->usm.lock); for_each_tile(tile, xe, id) @@ -1592,24 +1602,15 @@ static void vm_destroy_work_func(struct work_struct *w) struct xe_device *xe = vm->xe; struct xe_tile *tile; u8 id; - void *lookup; /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); mutex_destroy(&vm->snap_mutex); - if (!(vm->flags & XE_VM_FLAG_MIGRATION)) { + if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe_device_mem_access_put(xe); - if (xe->info.has_asid && vm->usm.asid) { - mutex_lock(&xe->usm.lock); - lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); - xe_assert(xe, lookup == vm); - mutex_unlock(&xe->usm.lock); - } - } - for_each_tile(tile, xe, id) XE_WARN_ON(vm->pt_root[id]);

1 year, 6 months

3
2
0 0

[PATCH v1] chrome/cros_ec: Handle events during suspend after resume completion

by Karthikeyan Ramasubramanian

On boards where EC IRQ is not wake capable, EC does not trigger IRQ to signal any non-wake events until EC receives host resume event. Commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") separated enabling IRQ and sending resume event host command into early_resume and resume_complete stages respectively. This separation leads to host not handling certain events posted during a small time window between early_resume and resume_complete stages. This change moves handling all events that happened during suspend after sending host resume event. Fixes: 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") Cc: stable(a)vger.kernel.org Cc: Lalith Rajendran <lalithkraj(a)chromium.org> Cc: chrome-platform(a)lists.linux.dev Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- drivers/platform/chrome/cros_ec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index badc68bbae8cc..41714df053916 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -432,6 +432,12 @@ static void cros_ec_send_resume_event(struct cros_ec_device *ec_dev) void cros_ec_resume_complete(struct cros_ec_device *ec_dev) { cros_ec_send_resume_event(ec_dev); + /* + * Let the mfd devices know about events that occur during + * suspend. This way the clients know what to do with them. + */ + cros_ec_report_events_during_suspend(ec_dev); + } EXPORT_SYMBOL(cros_ec_resume_complete); @@ -442,12 +448,6 @@ static void cros_ec_enable_irq(struct cros_ec_device *ec_dev) if (ec_dev->wake_enabled) disable_irq_wake(ec_dev->irq); - - /* - * Let the mfd devices know about events that occur during - * suspend. This way the clients know what to do with them. - */ - cros_ec_report_events_during_suspend(ec_dev); } /** @@ -475,8 +475,9 @@ EXPORT_SYMBOL(cros_ec_resume_early); */ int cros_ec_resume(struct cros_ec_device *ec_dev) { - cros_ec_enable_irq(ec_dev); - cros_ec_send_resume_event(ec_dev); + cros_ec_resume_early(ec_dev); + cros_ec_resume_complete(ec_dev); + return 0; } EXPORT_SYMBOL(cros_ec_resume); -- 2.44.0.769.g3c40516874-goog

1 year, 6 months

2
1
0 0

[merged mm-nonmm-stable] ocfs2-use-coarse-time-for-new-created-files.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: use coarse time for new created files has been removed from the -mm tree. Its filename was ocfs2-use-coarse-time-for-new-created-files.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: use coarse time for new created files Date: Mon, 8 Apr 2024 16:20:41 +0800 The default atime related mount option is '-o realtime' which means file atime should be updated if atime <= ctime or atime <= mtime. atime should be updated in the following scenario, but it is not: ========================================================== $ rm /mnt/testfile; $ echo test > /mnt/testfile $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 $ sleep 5 $ cat /mnt/testfile > /dev/null $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 ========================================================== And the reason the atime in the test is not updated is that ocfs2 calls ktime_get_real_ts64() in __ocfs2_mknod_locked during file creation. Then inode_set_ctime_current() is called in inode_set_ctime_current() calls ktime_get_coarse_real_ts64() to get current time. ktime_get_real_ts64() is more accurate than ktime_get_coarse_real_ts64(). In my test box, I saw ctime set by ktime_get_coarse_real_ts64() is less than ktime_get_real_ts64() even ctime is set later. The ctime of the new inode is smaller than atime. The call trace is like: ocfs2_create ocfs2_mknod __ocfs2_mknod_locked .... ktime_get_real_ts64 <------- set atime,ctime,mtime, more accurate ocfs2_populate_inode ... ocfs2_init_acl ocfs2_acl_set_mode inode_set_ctime_current current_time ktime_get_coarse_real_ts64 <-------less accurate ocfs2_file_read_iter ocfs2_inode_lock_atime ocfs2_should_update_atime atime <= ctime ? <-------- false, ctime < atime due to accuracy So here call ktime_get_coarse_real_ts64 to set inode time coarser while creating new files. It may lower the accuracy of file times. But it's not a big deal since we already use coarse time in other places like ocfs2_update_inode_atime and inode_set_ctime_current. Link: https://lkml.kernel.org/r/20240408082041.20925-5-glass.su@suse.com Fixes: c62c38f6b91b ("ocfs2: replace CURRENT_TIME macro") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ocfs2/namei.c~ocfs2-use-coarse-time-for-new-created-files +++ a/fs/ocfs2/namei.c @@ -566,7 +566,7 @@ static int __ocfs2_mknod_locked(struct i fe->i_last_eb_blk = 0; strcpy(fe->i_signature, OCFS2_INODE_SIGNATURE); fe->i_flags |= cpu_to_le32(OCFS2_VALID_FL); - ktime_get_real_ts64(&ts); + ktime_get_coarse_real_ts64(&ts); fe->i_atime = fe->i_ctime = fe->i_mtime = cpu_to_le64(ts.tv_sec); fe->i_mtime_nsec = fe->i_ctime_nsec = fe->i_atime_nsec = _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 6 months

1
0
0 0

[merged mm-nonmm-stable] ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link has been removed from the -mm tree. Its filename was ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link Date: Mon, 8 Apr 2024 16:20:40 +0800 transaction id should be updated in ocfs2_unlink and ocfs2_link. Otherwise, inode link will be wrong after journal replay even fsync was called before power failure: ======================================================================= $ touch testdir/bar $ ln testdir/bar testdir/bar_link $ fsync testdir/bar $ stat -c %h $SCRATCH_MNT/testdir/bar 1 $ stat -c %h $SCRATCH_MNT/testdir/bar 1 ======================================================================= Link: https://lkml.kernel.org/r/20240408082041.20925-4-glass.su@suse.com Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/namei.c~ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link +++ a/fs/ocfs2/namei.c @@ -797,6 +797,7 @@ static int ocfs2_link(struct dentry *old ocfs2_set_links_count(fe, inode->i_nlink); fe->i_ctime = cpu_to_le64(inode_get_ctime_sec(inode)); fe->i_ctime_nsec = cpu_to_le32(inode_get_ctime_nsec(inode)); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); err = ocfs2_add_entry(handle, dentry, inode, @@ -993,6 +994,7 @@ static int ocfs2_unlink(struct inode *di drop_nlink(inode); drop_nlink(inode); ocfs2_set_links_count(fe, inode->i_nlink); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); inode_set_mtime_to_ts(dir, inode_set_ctime_current(dir)); _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 6 months

1
0
0 0

[merged mm-nonmm-stable] ocfs2-fix-races-between-hole-punching-and-aiodio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix races between hole punching and AIO+DIO has been removed from the -mm tree. Its filename was ocfs2-fix-races-between-hole-punching-and-aiodio.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: fix races between hole punching and AIO+DIO Date: Mon, 8 Apr 2024 16:20:39 +0800 After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode. [ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found [ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 494.292018 ] OCFS2: File system is now read-only. [ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30 [ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3 fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072 ========================================================================= In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten extents to a list. extents are also inserted into extent tree in ocfs2_write_begin_nolock. Then another thread call fallocate to puch a hole at one of the unwritten extent. The extent at cpos was removed by ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list found there is no such extent at the cpos. T1 T2 T3 inode lock ... insert extents ... inode unlock ocfs2_fallocate __ocfs2_change_file_space inode lock lock ip_alloc_sem ocfs2_remove_inode_range inode ocfs2_remove_btree_range ocfs2_remove_extent ^---remove the extent at cpos 78723 ... unlock ip_alloc_sem inode unlock ocfs2_dio_end_io ocfs2_dio_end_io_write lock ip_alloc_sem ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_search_extent_list ^---failed to find extent ... unlock ip_alloc_sem In most filesystems, fallocate is not compatible with racing with AIO+DIO, so fix it by adding to wait for all dio before fallocate/punch_hole like ext4. Link: https://lkml.kernel.org/r/20240408082041.20925-3-glass.su@suse.com Fixes: b25801038da5 ("ocfs2: Support xfs style space reservation ioctls") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/file.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/file.c~ocfs2-fix-races-between-hole-punching-and-aiodio +++ a/fs/ocfs2/file.c @@ -1936,6 +1936,8 @@ static int __ocfs2_change_file_space(str inode_lock(inode); + /* Wait all existing dio workers, newcomers will block on i_rwsem */ + inode_dio_wait(inode); /* * This prevents concurrent writes on other nodes */ _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 6 months

1
0
0 0

[merged mm-stable] mm-hugetlb-pass-correct-order_per_bit-to-cma_declare_contiguous_nid.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid has been removed from the -mm tree. Its filename was mm-hugetlb-pass-correct-order_per_bit-to-cma_declare_contiguous_nid.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Frank van der Linden <fvdl(a)google.com> Subject: mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Date: Thu, 4 Apr 2024 16:25:15 +0000 The hugetlb_cma code passes 0 in the order_per_bit argument to cma_declare_contiguous_nid (the alignment, computed using the page order, is correctly passed in). This causes a bit in the cma allocation bitmap to always represent a 4k page, making the bitmaps potentially very large, and slower. It would create bitmaps that would be pretty big. E.g. for a 4k page size on x86, hugetlb_cma=64G would mean a bitmap size of (64G / 4k) / 8 == 2M. With HUGETLB_PAGE_ORDER as order_per_bit, as intended, this would be (64G / 2M) / 8 == 4k. So, that's quite a difference. Also, this restricted the hugetlb_cma area to ((PAGE_SIZE << MAX_PAGE_ORDER) * 8) * PAGE_SIZE (e.g. 128G on x86) , since bitmap_alloc uses normal page allocation, and is thus restricted by MAX_PAGE_ORDER. Specifying anything about that would fail the CMA initialization. So, correctly pass in the order instead. Link: https://lkml.kernel.org/r/20240404162515.527802-2-fvdl@google.com Fixes: cf11e85fc08c ("mm: hugetlb: optionally allocate gigantic hugepages using cma") Signed-off-by: Frank van der Linden <fvdl(a)google.com> Acked-by: Roman Gushchin <roman.gushchin(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Marek Szyprowski <m.szyprowski(a)samsung.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-pass-correct-order_per_bit-to-cma_declare_contiguous_nid +++ a/mm/hugetlb.c @@ -7794,9 +7794,9 @@ void __init hugetlb_cma_reserve(int orde * huge page demotion. */ res = cma_declare_contiguous_nid(0, size, 0, - PAGE_SIZE << HUGETLB_PAGE_ORDER, - 0, false, name, - &hugetlb_cma[nid], nid); + PAGE_SIZE << HUGETLB_PAGE_ORDER, + HUGETLB_PAGE_ORDER, false, name, + &hugetlb_cma[nid], nid); if (res) { pr_warn("hugetlb_cma: reservation failed: err %d, node %d", res, nid); _ Patches currently in -mm which might be from fvdl(a)google.com are

1 year, 6 months

1
0
0 0

[merged mm-stable] mm-cma-drop-incorrect-alignment-check-in-cma_init_reserved_mem.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/cma: drop incorrect alignment check in cma_init_reserved_mem has been removed from the -mm tree. Its filename was mm-cma-drop-incorrect-alignment-check-in-cma_init_reserved_mem.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Frank van der Linden <fvdl(a)google.com> Subject: mm/cma: drop incorrect alignment check in cma_init_reserved_mem Date: Thu, 4 Apr 2024 16:25:14 +0000 cma_init_reserved_mem uses IS_ALIGNED to check if the size represented by one bit in the cma allocation bitmask is aligned with CMA_MIN_ALIGNMENT_BYTES (pageblock size). However, this is too strict, as this will fail if order_per_bit > pageblock_order, which is a valid configuration. We could check IS_ALIGNED both ways, but since both numbers are powers of two, no check is needed at all. Link: https://lkml.kernel.org/r/20240404162515.527802-1-fvdl@google.com Fixes: de9e14eebf33 ("drivers: dma-contiguous: add initialization from device tree") Signed-off-by: Frank van der Linden <fvdl(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Marek Szyprowski <m.szyprowski(a)samsung.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/cma.c | 4 ---- 1 file changed, 4 deletions(-) --- a/mm/cma.c~mm-cma-drop-incorrect-alignment-check-in-cma_init_reserved_mem +++ a/mm/cma.c @@ -182,10 +182,6 @@ int __init cma_init_reserved_mem(phys_ad if (!size || !memblock_is_region_reserved(base, size)) return -EINVAL; - /* alignment should be aligned with order_per_bit */ - if (!IS_ALIGNED(CMA_MIN_ALIGNMENT_PAGES, 1 << order_per_bit)) - return -EINVAL; - /* ensure minimal alignment required by mm core */ if (!IS_ALIGNED(base | size, CMA_MIN_ALIGNMENT_BYTES)) return -EINVAL; _ Patches currently in -mm which might be from fvdl(a)google.com are

1 year, 6 months

1
0
0 0

[PATCH v5.10 v5.15] net/mlx5e: Fix a race in command alloc flow

by Samasth Norway Ananda

From: Shifeng Li <lishifeng(a)sangfor.com.cn> [ Upstream commit 8f5100da56b3980276234e812ce98d8f075194cd ] Fix a cmd->ent use after free due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry. The process which handles commands flush may see this command as needed to be flushed if the other process allocated a ent->idx but didn't set ent to cmd->ent_arr in cmd_work_handler(). Fix it by moving the assignment of cmd->ent_arr into the spin lock. [70013.081955] BUG: KASAN: use-after-free in mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.081967] Write of size 4 at addr ffff88880b1510b4 by task kworker/26:1/1433361 [70013.081968] [70013.082028] Workqueue: events aer_isr [70013.082053] Call Trace: [70013.082067] dump_stack+0x8b/0xbb [70013.082086] print_address_description+0x6a/0x270 [70013.082102] kasan_report+0x179/0x2c0 [70013.082173] mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.082267] mlx5_cmd_flush+0x80/0x180 [mlx5_core] [70013.082304] mlx5_enter_error_state+0x106/0x1d0 [mlx5_core] [70013.082338] mlx5_try_fast_unload+0x2ea/0x4d0 [mlx5_core] [70013.082377] remove_one+0x200/0x2b0 [mlx5_core] [70013.082409] pci_device_remove+0xf3/0x280 [70013.082439] device_release_driver_internal+0x1c3/0x470 [70013.082453] pci_stop_bus_device+0x109/0x160 [70013.082468] pci_stop_and_remove_bus_device+0xe/0x20 [70013.082485] pcie_do_fatal_recovery+0x167/0x550 [70013.082493] aer_isr+0x7d2/0x960 [70013.082543] process_one_work+0x65f/0x12d0 [70013.082556] worker_thread+0x87/0xb50 [70013.082571] kthread+0x2e9/0x3a0 [70013.082592] ret_from_fork+0x1f/0x40 The logical relationship of this error is as follows: aer_recover_work | ent->work -------------------------------------------+------------------------------ aer_recover_work_func | |- pcie_do_recovery | |- report_error_detected | |- mlx5_pci_err_detected |cmd_work_handler |- mlx5_enter_error_state | |- cmd_alloc_index |- enter_error_state | |- lock cmd->alloc_lock |- mlx5_cmd_flush | |- clear_bit |- mlx5_cmd_trigger_completions| |- unlock cmd->alloc_lock |- lock cmd->alloc_lock | |- vector = ~dev->cmd.vars.bitmask |- for_each_set_bit | |- cmd_ent_get(cmd->ent_arr[i]) (UAF) |- unlock cmd->alloc_lock | |- cmd->ent_arr[ent->idx]=ent The cmd->ent_arr[ent->idx] assignment and the bit clearing are not protected by the cmd->alloc_lock in cmd_work_handler(). Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") Reviewed-by: Moshe Shemesh <moshe(a)nvidia.com> Signed-off-by: Shifeng Li <lishifeng(a)sangfor.com.cn> Signed-off-by: Saeed Mahameed <saeedm(a)nvidia.com> [Samasth: backport for 5.10.y and 5.15.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: drivers/net/ethernet/mellanox/mlx5/core/cmd.c conflict caused due to the absence of commit 58db72869a9f ("net/mlx5: Re-organize mlx5_cmd struct") which is structural change of code and is not necessary for this patch. --- commit: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") is present from linux-5.4.y onwards but the current commit which fixes it is only present from linux-6.1.y. Would be nice to get an opinion from the author or maintainer. --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c index 41c15a65fb45..8d5dd8aba8cd 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -114,15 +114,18 @@ static u8 alloc_token(struct mlx5_cmd *cmd) return token; } -static int cmd_alloc_index(struct mlx5_cmd *cmd) +static int cmd_alloc_index(struct mlx5_cmd *cmd, struct mlx5_cmd_work_ent *ent) { unsigned long flags; int ret; spin_lock_irqsave(&cmd->alloc_lock, flags); ret = find_first_bit(&cmd->bitmask, cmd->max_reg_cmds); - if (ret < cmd->max_reg_cmds) + if (ret < cmd->max_reg_cmds) { clear_bit(ret, &cmd->bitmask); + ent->idx = ret; + cmd->ent_arr[ent->idx] = ent; + } spin_unlock_irqrestore(&cmd->alloc_lock, flags); return ret < cmd->max_reg_cmds ? ret : -ENOMEM; @@ -924,7 +927,7 @@ static void cmd_work_handler(struct work_struct *work) sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; down(sem); if (!ent->page_queue) { - alloc_ret = cmd_alloc_index(cmd); + alloc_ret = cmd_alloc_index(cmd, ent); if (alloc_ret < 0) { mlx5_core_err_rl(dev, "failed to allocate command entry\n"); if (ent->callback) { @@ -939,15 +942,14 @@ static void cmd_work_handler(struct work_struct *work) up(sem); return; } - ent->idx = alloc_ret; } else { ent->idx = cmd->max_reg_cmds; spin_lock_irqsave(&cmd->alloc_lock, flags); clear_bit(ent->idx, &cmd->bitmask); + cmd->ent_arr[ent->idx] = ent; spin_unlock_irqrestore(&cmd->alloc_lock, flags); } - cmd->ent_arr[ent->idx] = ent; lay = get_inst(cmd, ent->idx); ent->lay = lay; memset(lay, 0, sizeof(*lay)); -- 2.43.0

1 year, 6 months

1
0
0 0

kernel BUG at net/sunrpc/svc.c:570 after updating from v5.15.153 to v5.15.155

by Chris Packham

Hi Jeff, Chuck, Greg, After updating one of our builds along the 5.15.y LTS branch our testing caught a new kernel bug. Output below. I haven't dug into it yet but wondered if it rang any bells. Thanks, Chris [ 91.605109] ------------[ cut here ]------------ [ 91.605122] kernel BUG at net/sunrpc/svc.c:570! [ 91.605129] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 91.610643] Modules linked in: mvcpss(O) platform_driver(O) ipifwd(O) xt_l2tp xt_hashlimit xt_conntrack xt_addrtype xt_LOG xt_CHECKSUM wp512 vxlan veth twofish_generic twofish_common sr9800 smsc95xx smsc75xx smsc sm3_generic sha512_arm64 sha3_generic serpent_generic rtl8150 rpcsec_gss_krb5 rmd160 poly1305_generic plusb pegasus optee_rng nbd microchip md4 md_mod mcs7830 lrw libpoly1305 lan78xx l2tp_ip6 l2tp_ip l2tp_eth l2tp_netlink l2tp_core udp_tunnel ipt_REJECT nf_reject_ipv4 ip6table_nat ip6table_mangle ip6table_filter ip6t_ipv6header ip6t_REJECT ip6_udp_tunnel ip6_tables dm9601 dm_zero dm_mirror dm_region_hash dm_log dm_mod diag tipc cuse cts cpufreq_powersave cpufreq_conservative chacha_generic chacha20poly1305 chacha_neon libchacha cast6_generic cast5_generic cast_common camellia_generic blowfish_generic blowfish_common auth_rpcgss oid_registry at25 arm_smccc_trng aes_neon_blk idprom_mtd(O) idprom_i2c(O) epi3_boardinfo_i2c(O) x250(O) psuslot_epi3_register(O) psuslot_gpio_group(O) [ 91.610809] psuslot(O) [ 91.611822] watchdog: watchdog1: watchdog did not stop! [ 91.697065] gpiopins_boardinfo(O) idprom(O) epi3_boardinfo(O) boardinfo(O) i2c_gpio i2c_algo_bit i2c_mv64xxx pluggable(O) led_enable(O) omap_rng rng_core atl_reset(O) sbsa_gwdt uio_pdrv_genirq [ 91.697096] CPU: 2 PID: 1770 Comm: nfsd Kdump: loaded Tainted: G O 5.15.155 #1 [ 91.697103] Hardware name: Allied Telesis x250-28XTm (DT) [ 91.697107] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 91.697112] pc : svc_destroy+0x84/0xac [ 91.701202] watchdog: watchdog0: watchdog did not stop! [ 91.702215] lr : svc_destroy+0x2c/0xac [ 91.702220] sp : ffff80000bb3bde0 [ 91.702223] x29: ffff80000bb3bde0 x28: 0000000000000000 x27: 0000000000000000 [ 91.746095] x26: 0000000000000000 x25: ffff00000dbfaa40 x24: ffff000016c14000 [ 91.746101] x23: ffff800008395c00 x22: ffff00000ee9f284 x21: ffff00000eea9e10 [ 91.746108] x20: ffff00000eea9e00 x19: ffff00000eea9e14 x18: ffff800008e99000 [ 91.769526] x17: 0000000000000006 x16: 0000000000000000 x15: 0000000000000001 [ 91.776782] x14: 00000000fffffffd x13: fffffc0000000000 x12: ffff800076bc2000 [ 91.784031] x11: ffff00007fba5c10 x10: ffff800076bc2000 x9 : ffff8000092207c0 [ 91.784038] x8 : fffffc000055eb08 x7 : ffff00000ef6c4c0 x6 : fffffc0001f872c8 [ 91.795823] x5 : 0000000000000100 x4 : ffff00007fbaeda8 x3 : 0000000000000000 [ 91.801684] x2 : 0000000000000000 x1 : ffff00000d8f8018 x0 : ffff00000eea9e30 [ 91.807545] Call trace: [ 91.810088] svc_destroy+0x84/0xac [ 91.813586] svc_exit_thread+0x108/0x15c [ 91.816998] nfsd+0x178/0x1a0 [ 91.818673] kthread+0x150/0x160 [ 91.820610] ret_from_fork+0x10/0x20 [ 91.820620] Code: a94153f3 a8c27bfd d50323bf d65f03c0 (d4210000) [ 91.820629] SMP: stopping secondary CPUs [ 91.830433] Starting crashdump kernel... [ 91.833064] Bye!

1 year, 6 months

4
10
0 0

[PATCH 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 6 months

1
0
0 0

+ kmsan-compiler_types-declare-__no_sanitize_or_inline.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: compiler_types: declare __no_sanitize_or_inline has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-compiler_types-declare-__no_sanitize_or_inline.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: compiler_types: declare __no_sanitize_or_inline Date: Thu, 25 Apr 2024 11:28:59 +0200 It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not inline the annotated function. Link: https://lkml.kernel.org/r/20240425092859.3370297-1-glider@google.com Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Signed-off-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/include/linux/compiler_types.h~kmsan-compiler_types-declare-__no_sanitize_or_inline +++ a/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif _ Patches currently in -mm which might be from glider(a)google.com are kmsan-compiler_types-declare-__no_sanitize_or_inline.patch mm-kmsan-implement-kmsan_memmove.patch instrumentedh-add-instrument_memcpy_before-instrument_memcpy_after.patch x86-call-instrumentation-hooks-from-copy_mcc.patch

1 year, 6 months

1
0
0 0

[PATCH 6.8 000/158] 6.8.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.8 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.8-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.8-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Miaohe Lin <linmiaohe(a)huawei.com> fork: defer linking file vma until vma is fully initialized Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime import/export Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Christian König <ckoenig.leichtzumerken(a)gmail.com> drm/ttm: stop pooling cached NUMA pages v2 Christian König <christian.koenig(a)amd.com> drm/amdgpu: remove invalid resource->start check v2 Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix memory leak in create_process failure xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Danny Lin <danny(a)orbstack.dev> fuse: fix leaked ENOSYS error on first statx call Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Peter Xu <peterx(a)redhat.com> mm/userfaultfd: allow hugetlb change protection upon poison entry David Hildenbrand <david(a)redhat.com> mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Ard Biesheuvel <ardb(a)kernel.org> arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H David Matlack <dmatlack(a)google.com> KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Rick Edgecombe <rick.p.edgecombe(a)intel.com> KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Add missing memory barrier in switch_mm_cid Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Sakari Ailus <sakari.ailus(a)linux.intel.com> mei: vsc: Unregister interrupt handler for system suspend Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Correct the PDO counting in pd_set Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Sakari Ailus <sakari.ailus(a)linux.intel.com> Revert "mei: vsc: Call wake_up() in the threaded IRQ handler" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Tony Lindgren <tony(a)atomide.com> serial: core: Fix missing shutdown and startup for serial base port Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Clearing the circular buffer before NULLifying it Tony Lindgren <tony(a)atomide.com> serial: core: Fix regression when runtime PM is not enabled Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Hans de Goede <hdegoede(a)redhat.com> serial: 8250_dw: Revert: Do not reclock if already at correct rate Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Do not create DisplayPort tunnels on adapters of the same router Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: Fix rts5264 driver status incorrect when card removed Fabio Estevam <festevam(a)denx.de> usb: misc: onboard_usb_hub: Disable the USB hub clock on failure Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Mauro Carvalho Chehab <mchehab(a)kernel.org> ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: correct the register for pow calibrated data Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Shay Drory <shayd(a)nvidia.com> net/mlx5: E-switch, store eswitch pointer before registering devlink_param Christoph Hellwig <hch(a)lst.de> block: propagate partition scanning errors to the BLKRRPART ioctl Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Nathan Lynch <nathanl(a)linux.ibm.com> selftests/powerpc/papr-vpd: Fix missing variable initialization Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Don't access req_list while it's being manipulated Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() Huayu Zhang <zhanghuayu1233(a)qq.com> ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: make -fstrict-flex-arrays=3 happy Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Sanath S <Sanath.S(a)amd.com> thunderbolt: Reset topology created by the boot firmware Sanath S <Sanath.S(a)amd.com> thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_path_deactivate_hop() Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_port_reset() Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't increment `enabled_ns` twice Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Muhammad Usama Anjum <usama.anjum(a)collabora.com> iommufd: Add config needed for iommufd_fail_nth Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Add a missing NULL check Namhyung Kim <namhyung(a)kernel.org> perf annotate: Make sure to call symbol__annotate2() in TUI Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Vasily Gorbik <gor(a)linux.ibm.com> NFSD: fix endianness issue in nfsd4_encode_fattr4 Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Allow RX loop to move past DMA mapping errors Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Count packets instead of descriptors in R-Car RX path Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> ravb: Group descriptor types used in Rx ring Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix WED + wifi reset Eric Dumazet <edumazet(a)google.com> net/sched: Fix mirred deadlock on device recursion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix memleak in map from abort path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: swnode: Remove wrong header inclusion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore set elements when delete set fails Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: missing iterator type in lookup walk Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: Properly fix receive message buffer allocation Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix port mirroring for MT7988 SoC switch Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix checking for unsupported keys on non-tunnel device Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: check src_vsi in case of traffic from VF Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix IP-cores specific MAC capabilities Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix max-speed being ignored on queue re-init Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Printing fixes to confirm with format-security Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Fix fscanf() call for format-security Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Zero-init tcp_ao_info_opt Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Make RST tests less flaky Asbjørn Sloth Tønnesen <ast(a)fiberby.net> octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Restore mistakenly dropped parts in register devlink flow Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: sparx5: flower: fix fragment flags handling Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: walk over current view on netlink dump Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: constify lookup fn args where possible Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add missing conditional compiling for call to r8169_remove_leds Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix LED-related deadlock on module removal Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Jason A. Donenfeld <Jason(a)zx2c4.com> Revert "vmgenid: emit uevent when VMGENID updates" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix voltage_level programming edge case Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/head.S | 5 + arch/arm64/mm/pageattr.c | 3 - arch/x86/include/asm/barrier.h | 3 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 ++ arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 5 +- arch/x86/kvm/mmu/tdp_mmu.c | 21 ++- arch/x86/kvm/vmx/vmx.c | 24 ++- arch/x86/kvm/x86.c | 2 +- block/bdev.c | 29 ++-- block/ioctl.c | 3 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 161 ++++++++++++++---- drivers/clk/mediatek/clk-mt7988-infracfg.c | 2 +- drivers/clk/mediatek/clk-mtk.c | 15 ++ drivers/comedi/drivers/vmk80xx.c | 35 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++--- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 37 +++-- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/radeon/radeon_atombios.c | 8 +- drivers/gpu/drm/ttm/ttm_pool.c | 38 +++-- drivers/gpu/drm/v3d/v3d_irq.c | 4 - drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++-- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/interconnect/core.c | 8 + drivers/interconnect/qcom/x1e80100.c | 26 --- drivers/iommu/iommufd/Kconfig | 1 + drivers/misc/cardreader/rtsx_pcr.c | 2 +- drivers/misc/mei/pci-me.c | 2 +- drivers/misc/mei/platform-vsc.c | 17 +- drivers/misc/mei/vsc-tp.c | 84 +++++++--- drivers/misc/mei/vsc-tp.h | 3 + drivers/net/dsa/mt7530.c | 38 +++-- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 +- drivers/net/ethernet/mediatek/mtk_wed.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 ++-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 - .../ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 ++++--- drivers/net/ethernet/realtek/r8169.h | 4 +- drivers/net/ethernet/realtek/r8169_leds.c | 23 ++- drivers/net/ethernet/realtek/r8169_main.c | 7 +- drivers/net/ethernet/renesas/ravb.h | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 93 ++++++----- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 +-- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 ++-- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 +++ drivers/net/tun.c | 18 ++- drivers/net/usb/ax88179_178a.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 +++- drivers/s390/net/ism_drv.c | 37 +++-- drivers/scsi/scsi_lib.c | 7 +- drivers/thermal/thermal_debugfs.c | 1 + drivers/thunderbolt/domain.c | 5 +- drivers/thunderbolt/icm.c | 2 +- drivers/thunderbolt/lc.c | 45 ++++++ drivers/thunderbolt/nhi.c | 19 ++- drivers/thunderbolt/path.c | 13 ++ drivers/thunderbolt/switch.c | 180 ++++++++++++++++++--- drivers/thunderbolt/tb.c | 36 +++-- drivers/thunderbolt/tb.h | 10 +- drivers/thunderbolt/tb_regs.h | 6 + drivers/thunderbolt/usb4.c | 52 +++++- drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/serial_base.h | 4 + drivers/tty/serial/serial_core.c | 23 ++- drivers/tty/serial/serial_port.c | 34 ++++ drivers/tty/serial/stm32-usart.c | 13 +- drivers/ufs/host/ufs-qcom.c | 8 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/misc/onboard_usb_hub.c | 6 +- drivers/usb/serial/option.c | 40 +++++ drivers/usb/typec/tcpm/tcpm.c | 4 +- drivers/virt/vmgenid.c | 2 - fs/btrfs/extent_io.c | 20 +-- fs/fuse/dir.c | 1 + fs/nfsd/nfs4xdr.c | 47 +++--- fs/nilfs2/dir.c | 2 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/squashfs/inode.c | 5 +- fs/sysfs/file.c | 2 + include/asm-generic/barrier.h | 8 + include/linux/blkdev.h | 2 + include/linux/bootconfig.h | 7 +- include/linux/gpio/property.h | 1 - include/linux/shmem_fs.h | 9 ++ include/linux/swapops.h | 65 ++++---- include/linux/udp.h | 2 +- include/net/netfilter/nf_flow_table.h | 12 +- include/net/netfilter/nf_tables.h | 14 ++ include/net/sch_generic.h | 1 + include/trace/events/rpcgss.h | 4 +- init/main.c | 2 + io_uring/io_uring.c | 26 +-- kernel/fork.c | 33 ++-- kernel/sched/sched.h | 20 ++- lib/bootconfig.c | 19 ++- mm/gup.c | 54 ++++--- mm/huge_memory.c | 6 +- mm/hugetlb.c | 10 +- mm/internal.h | 10 +- mm/madvise.c | 17 +- mm/memory-failure.c | 18 ++- mm/shmem.c | 6 - net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/core/dev.c | 6 + net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 82 ++++++++-- net/netfilter/nft_lookup.c | 1 + net/netfilter/nft_set_bitmap.c | 4 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 43 ++--- net/netfilter/nft_set_pipapo.h | 6 +- net/netfilter/nft_set_pipapo_avx2.c | 59 ++++--- net/netfilter/nft_set_rbtree.c | 4 +- net/sched/sch_generic.c | 1 + net/unix/af_unix.c | 12 +- sound/core/seq/seq_ump_convert.c | 2 +- sound/pci/hda/patch_realtek.c | 7 +- sound/pci/hda/tas2781_hda_i2c.c | 4 +- tools/perf/ui/browsers/annotate.c | 2 +- tools/perf/util/annotate.c | 3 + tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/iommu/config | 2 + tools/testing/selftests/net/tcp_ao/lib/proc.c | 2 +- tools/testing/selftests/net/tcp_ao/lib/setup.c | 12 +- tools/testing/selftests/net/tcp_ao/rst.c | 23 +-- .../selftests/net/tcp_ao/setsockopt-closed.c | 2 +- tools/testing/selftests/net/udpgso.c | 2 +- .../testing/selftests/powerpc/papr_vpd/papr_vpd.c | 2 +- 178 files changed, 1898 insertions(+), 827 deletions(-)

1 year, 6 months

10
168
0 0

Industrial Edge Computing Gateway

by Aaron

Hi We have published a survey on Industrial Edge Computing Gateway. If you have further interest in this or related reports, we are happy to share sample reports for your reference, please contact: abby(a)vicmarketresearch.com Some of the prominent players reviewed in the research report include: DELL HPE Cisco Huawei ABB Advantech Fujitsu Eurotech Sierra Wireless AAEON Hirschmann ADLINK Technology Digi International Beijing InHand Networks Technology …… The primary objectives of this report are to provide 1) global market size and forecasts, growth rates, market dynamics, industry structure and developments, market situation, trends; 2) global market share and ranking by company; 3) comprehensive presentation of the global market for Industrial Edge Computing Gateway, with both quantitative and qualitative analysis through detailed segmentation; 4) detailed value chain analysis and review of growth factors essential for the existing market players and new entrants; 5) emerging opportunities in the market and the future impact of major drivers and restraints of the market. Segment by Type Embedded Wall-mounted Others Segment by Application Manufacturing Energy and Electricity Transportation Others More companies that not listed here are also available. Thanks for you reading.

1 year, 6 months

1
0
0 0