- Linux-stable-mirror - lists.linaro.org

[PATCH 4.14-openela 013/190] iio: exynos-adc: request second interupt only when touchscreen mode is used

by Sasha Levin

From: Marek Szyprowski <m.szyprowski(a)samsung.com> [ Upstream commit 865b080e3229102f160889328ce2e8e97aa65ea0 ] Second interrupt is needed only when touchscreen mode is used, so don't request it unconditionally. This removes the following annoying warning during boot: exynos-adc 14d10000.adc: error -ENXIO: IRQ index 1 not found Fixes: 2bb8ad9b44c5 ("iio: exynos-adc: add experimental touchscreen support") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Link: https://lore.kernel.org/r/20231009101412.916922-1-m.szyprowski@samsung.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/adc/exynos_adc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/iio/adc/exynos_adc.c b/drivers/iio/adc/exynos_adc.c index 019153882e700..f8324261e74d4 100644 --- a/drivers/iio/adc/exynos_adc.c +++ b/drivers/iio/adc/exynos_adc.c @@ -787,6 +787,12 @@ static int exynos_adc_probe(struct platform_device *pdev) } } + /* leave out any TS related code if unreachable */ + if (IS_REACHABLE(CONFIG_INPUT)) { + has_ts = of_property_read_bool(pdev->dev.of_node, + "has-touchscreen") || pdata; + } + irq = platform_get_irq(pdev, 0); if (irq < 0) { dev_err(&pdev->dev, "no irq resource?\n"); @@ -794,11 +800,15 @@ static int exynos_adc_probe(struct platform_device *pdev) } info->irq = irq; - irq = platform_get_irq(pdev, 1); - if (irq == -EPROBE_DEFER) - return irq; + if (has_ts) { + irq = platform_get_irq(pdev, 1); + if (irq == -EPROBE_DEFER) + return irq; - info->tsirq = irq; + info->tsirq = irq; + } else { + info->tsirq = -1; + } info->dev = &pdev->dev; @@ -865,12 +875,6 @@ static int exynos_adc_probe(struct platform_device *pdev) if (info->data->init_hw) info->data->init_hw(info); - /* leave out any TS related code if unreachable */ - if (IS_REACHABLE(CONFIG_INPUT)) { - has_ts = of_property_read_bool(pdev->dev.of_node, - "has-touchscreen") || pdata; - } - if (pdata) info->delay = pdata->delay; else -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH 4.14-openela 012/190] selftests/ftrace: Add new test case which checks non unique symbol

by Sasha Levin

From: Francis Laniel <flaniel(a)linux.microsoft.com> [ Upstream commit 03b80ff8023adae6780e491f66e932df8165e3a0 ] If name_show() is non unique, this test will try to install a kprobe on this function which should fail returning EADDRNOTAVAIL. On kernel where name_show() is not unique, this test is skipped. Link: https://lore.kernel.org/all/20231020104250.9537-3-flaniel@linux.microsoft.c… Cc: stable(a)vger.kernel.org Signed-off-by: Francis Laniel <flaniel(a)linux.microsoft.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc new file mode 100644 index 0000000000000..bc9514428dbaf --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc @@ -0,0 +1,13 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test failure of registering kprobe on non unique symbol +# requires: kprobe_events + +SYMBOL='name_show' + +# We skip this test on kernel where SYMBOL is unique or does not exist. +if [ "$(grep -c -E "[[:alnum:]]+ t ${SYMBOL}" /proc/kallsyms)" -le '1' ]; then + exit_unsupported +fi + +! echo "p:test_non_unique ${SYMBOL}" > kprobe_events -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH 4.14-openela 008/190] iio: addac: stx104: Fix race condition for stx104_write_raw()

by Sasha Levin

From: William Breathitt Gray <william.gray(a)linaro.org> [ Upstream commit 9740827468cea80c42db29e7171a50e99acf7328 ] The priv->chan_out_states array and actual DAC value can become mismatched if stx104_write_raw() is called concurrently. Prevent such a race condition by utilizing a mutex. Fixes: 97a445dad37a ("iio: Add IIO support for the DAC on the Apex Embedded Systems STX104") Signed-off-by: William Breathitt Gray <william.gray(a)linaro.org> Link: https://lore.kernel.org/r/c95c9a77fcef36b2a052282146950f23bbc1ebdc.16807905… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/adc/stx104.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/iio/adc/stx104.c b/drivers/iio/adc/stx104.c index 2da741d27540f..edc3b29eed621 100644 --- a/drivers/iio/adc/stx104.c +++ b/drivers/iio/adc/stx104.c @@ -23,6 +23,7 @@ #include <linux/kernel.h> #include <linux/module.h> #include <linux/moduleparam.h> +#include <linux/mutex.h> #include <linux/spinlock.h> #define STX104_OUT_CHAN(chan) { \ @@ -54,10 +55,12 @@ MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses"); /** * struct stx104_iio - IIO device private data structure + * @lock: synchronization lock to prevent I/O race conditions * @chan_out_states: channels' output states * @base: base port address of the IIO device */ struct stx104_iio { + struct mutex lock; unsigned int chan_out_states[STX104_NUM_OUT_CHAN]; unsigned int base; }; @@ -160,9 +163,12 @@ static int stx104_write_raw(struct iio_dev *indio_dev, if ((unsigned int)val > 65535) return -EINVAL; + mutex_lock(&priv->lock); + priv->chan_out_states[chan->channel] = val; outw(val, priv->base + 4 + 2 * chan->channel); + mutex_unlock(&priv->lock); return 0; } return -EINVAL; @@ -323,6 +329,8 @@ static int stx104_probe(struct device *dev, unsigned int id) priv = iio_priv(indio_dev); priv->base = base[id]; + mutex_init(&priv->lock); + /* configure device for software trigger operation */ outb(0, base[id] + 9); -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH 4.14-openela 007/190] IMA: allow/fix UML builds

by Sasha Levin

From: Randy Dunlap <rdunlap(a)infradead.org> [ Upstream commit 644f17412f5acf01a19af9d04a921937a2bc86c6 ] UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling NO_IOMEM). Current IMA build on UML fails on allmodconfig (with TCG_TPM=m): ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry': ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend' ld: security/integrity/ima/ima_init.o: in function `ima_init': ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip' ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm': ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read' ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read' Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM is set, regardless of the UML Kconfig setting. This updates TCG_TPM from =m to =y and fixes the linker errors. Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") Cc: Stable <stable(a)vger.kernel.org> # v5.14+ Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: Fabio Estevam <festevam(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Anton Ivanov <anton.ivanov(a)cambridgegreys.com> Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: linux-um(a)lists.infradead.org Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 6a8f67714c831..a8bf67557eb54 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -8,7 +8,7 @@ config IMA select CRYPTO_MD5 select CRYPTO_SHA1 select CRYPTO_HASH_INFO - select TCG_TPM if HAS_IOMEM && !UML + select TCG_TPM if HAS_IOMEM select TCG_TIS if TCG_TPM && X86 select TCG_CRB if TCG_TPM && ACPI select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH 4.14-openela 005/190] btrfs: fix extent buffer leak after tree mod log failure at split_node()

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit ede600e497b1461d06d22a7d17703d9096868bc3 ] At split_node(), if we fail to log the tree mod log copy operation, we return without unlocking the split extent buffer we just allocated and without decrementing the reference we own on it. Fix this by unlocking it and decrementing the ref count before returning. Fixes: 5de865eebb83 ("Btrfs: fix tree mod logging") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/ctree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 156716f9e3e21..61ed69c688d58 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -3537,6 +3537,8 @@ static noinline int split_node(struct btrfs_trans_handle *trans, ret = tree_mod_log_eb_copy(fs_info, split, c, 0, mid, c_nritems - mid); if (ret) { + btrfs_tree_unlock(split); + free_extent_buffer(split); btrfs_abort_transaction(trans, ret); return ret; } -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH 4.14-openela 004/190] pinctrl: amd: Detect internal GPIO0 debounce handling

by Sasha Levin

From: Mario Limonciello <mario.limonciello(a)amd.com> [ Upstream commit 968ab9261627fa305307e3935ca1a32fcddd36cb ] commit 4e5a04be88fe ("pinctrl: amd: disable and mask interrupts on probe") had a mistake in loop iteration 63 that it would clear offset 0xFC instead of 0x100. Offset 0xFC is actually `WAKE_INT_MASTER_REG`. This was clearing bits 13 and 15 from the register which significantly changed the expected handling for some platforms for GPIO0. commit b26cd9325be4 ("pinctrl: amd: Disable and mask interrupts on resume") actually fixed this bug, but lead to regressions on Lenovo Z13 and some other systems. This is because there was no handling in the driver for bit 15 debounce behavior. Quoting a public BKDG: ``` EnWinBlueBtn. Read-write. Reset: 0. 0=GPIO0 detect debounced power button; Power button override is 4 seconds. 1=GPIO0 detect debounced power button in S3/S5/S0i3, and detect "pressed less than 2 seconds" and "pressed 2~10 seconds" in S0; Power button override is 10 seconds ``` Cross referencing the same master register in Windows it's obvious that Windows doesn't use debounce values in this configuration. So align the Linux driver to do this as well. This fixes wake on lid when WAKE_INT_MASTER_REG is properly programmed. Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=217315 Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20230421120625.3366-2-mario.limonciello@amd.com Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/pinctrl-amd.c | 7 +++++++ drivers/pinctrl/pinctrl-amd.h | 1 + 2 files changed, 8 insertions(+) diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c index 509ba4bceefcb..41f12fa15143c 100644 --- a/drivers/pinctrl/pinctrl-amd.c +++ b/drivers/pinctrl/pinctrl-amd.c @@ -114,6 +114,12 @@ static int amd_gpio_set_debounce(struct gpio_chip *gc, unsigned offset, struct amd_gpio *gpio_dev = gpiochip_get_data(gc); raw_spin_lock_irqsave(&gpio_dev->lock, flags); + + /* Use special handling for Pin0 debounce */ + pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); + if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) + debounce = 0; + pin_reg = readl(gpio_dev->base + offset * 4); if (debounce) { @@ -191,6 +197,7 @@ static void amd_gpio_dbg_show(struct seq_file *s, struct gpio_chip *gc) char *output_value; char *output_enable; + seq_printf(s, "WAKE_INT_MASTER_REG: 0x%08x\n", readl(gpio_dev->base + WAKE_INT_MASTER_REG)); for (bank = 0; bank < gpio_dev->hwbank_num; bank++) { seq_printf(s, "GPIO bank%d\t", bank); diff --git a/drivers/pinctrl/pinctrl-amd.h b/drivers/pinctrl/pinctrl-amd.h index 884f48f7a6a36..c6be602c3df73 100644 --- a/drivers/pinctrl/pinctrl-amd.h +++ b/drivers/pinctrl/pinctrl-amd.h @@ -21,6 +21,7 @@ #define AMD_GPIO_PINS_BANK3 32 #define WAKE_INT_MASTER_REG 0xfc +#define INTERNAL_GPIO0_DEBOUNCE (1 << 15) #define EOI_MASK (1 << 29) #define WAKE_INT_STATUS_REG0 0x2f8 -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH 4.14-openela 003/190] ALSA: jack: Fix mutex call in snd_jack_report()

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit 89dbb335cb6a627a4067bc42caa09c8bc3326d40 ] snd_jack_report() is supposed to be callable from an IRQ context, too, and it's indeed used in that way from virtsnd driver. The fix for input_dev race in commit 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex"), however, introduced a mutex lock in snd_jack_report(), and this resulted in a potential sleep-in-atomic. For addressing that problem, this patch changes the relevant code to use the object get/put and removes the mutex usage. That is, snd_jack_report(), it takes input_get_device() and leaves with input_put_device() for assuring the input_dev being assigned. Although the whole mutex could be reduced, we keep it because it can be still a protection for potential races between creation and deletion. Fixes: 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex") Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/r/cf95f7fe-a748-4990-8378-000491b40329@moroto.mount… Tested-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20230706155357.3470-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/core/jack.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sound/core/jack.c b/sound/core/jack.c index d2f9a92453f2f..6340de60f26ef 100644 --- a/sound/core/jack.c +++ b/sound/core/jack.c @@ -378,6 +378,7 @@ void snd_jack_report(struct snd_jack *jack, int status) { struct snd_jack_kctl *jack_kctl; #ifdef CONFIG_SND_JACK_INPUT_DEV + struct input_dev *idev; int i; #endif @@ -389,30 +390,28 @@ void snd_jack_report(struct snd_jack *jack, int status) status & jack_kctl->mask_bits); #ifdef CONFIG_SND_JACK_INPUT_DEV - mutex_lock(&jack->input_dev_lock); - if (!jack->input_dev) { - mutex_unlock(&jack->input_dev_lock); + idev = input_get_device(jack->input_dev); + if (!idev) return; - } for (i = 0; i < ARRAY_SIZE(jack->key); i++) { int testbit = SND_JACK_BTN_0 >> i; if (jack->type & testbit) - input_report_key(jack->input_dev, jack->key[i], + input_report_key(idev, jack->key[i], status & testbit); } for (i = 0; i < ARRAY_SIZE(jack_switch_types); i++) { int testbit = 1 << i; if (jack->type & testbit) - input_report_switch(jack->input_dev, + input_report_switch(idev, jack_switch_types[i], status & testbit); } - input_sync(jack->input_dev); - mutex_unlock(&jack->input_dev_lock); + input_sync(idev); + input_put_device(idev); #endif /* CONFIG_SND_JACK_INPUT_DEV */ } EXPORT_SYMBOL(snd_jack_report); -- 2.43.0

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040520-unselect-antitrust-a41b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 6 months

4
14
0 0

Re: Patch "arm64: dts: qcom: Add support for Xiaomi Redmi Note 9S" has been added to the 6.8-stable tree

by Konrad Dybcio

On 4/10/24 17:57, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: qcom: Add support for Xiaomi Redmi Note 9S autosel has been reeaaaaaly going over the top lately, particularly with dts patches.. I'm not sure adding support for a device is something that should go to stable Konrad

1 year, 6 months

6
9
0 0

[PATCH v5] mtd: limit OTP NVMEM cell parse to non-NAND devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v5: - Lower case of cell and use non-NAND Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH AUTOSEL 4.19 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index 2399d500b8812..8970d4b3b42c3 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -216,7 +216,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -694,7 +694,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -703,7 +703,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 6 months

1
3
0 0

[PATCH AUTOSEL 5.4 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index 22104cb84b1ca..efa8fb59d3ad2 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -201,7 +201,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -679,7 +679,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 6 months

1
3
0 0

[PATCH AUTOSEL 5.10 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index b67617b68e509..f4437015d43a7 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 6 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index b67617b68e509..f4437015d43a7 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 6 months

1
3
0 0

[PATCH AUTOSEL 6.1 1/6] scsi: ufs: core: WLUN suspend dev/link state error recovery

by Sasha Levin

From: Peter Wang <peter.wang(a)mediatek.com> [ Upstream commit 6bc5e70b1c792b31b497e48b4668a9a2909aca0d ] When wl suspend error occurs, for example BKOP or SSU timeout, the host triggers an error handler and returns -EBUSY to break the wl suspend process. However, it is possible for the runtime PM to enter wl suspend again before the error handler has finished, and return -EINVAL because the device is in an error state. To address this, ensure that the rumtime PM waits for the error handler to finish, or trigger the error handler in such cases, because returning -EINVAL can cause the I/O to hang. Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Link: https://lore.kernel.org/r/20240329015036.15707-1-peter.wang@mediatek.com Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufshcd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f3c25467e571f..948449a13247c 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -9044,7 +9044,10 @@ static int __ufshcd_wl_suspend(struct ufs_hba *hba, enum ufs_pm_op pm_op) /* UFS device & link must be active before we enter in this function */ if (!ufshcd_is_ufs_dev_active(hba) || !ufshcd_is_link_active(hba)) { - ret = -EINVAL; + /* Wait err handler finish or trigger err recovery */ + if (!ufshcd_eh_in_progress(hba)) + ufshcd_force_error_recovery(hba); + ret = -EBUSY; goto enable_scaling; } -- 2.43.0

1 year, 6 months

1
5
0 0

[PATCH AUTOSEL 6.6 01/12] ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend

by Sasha Levin

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> [ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] SoCs with ACE architecture are tailored to use s2idle instead deep (S3) suspend state and the IMR content is lost when the system is forced to enter even to S3. When waking up from S3 state the IMR boot will fail as the content is lost. Set the skip_imr_boot flag to make sure that we don't try IMR in this case. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c index 44f39a520bb39..e80a2a5ec56a1 100644 --- a/sound/soc/sof/intel/hda-dsp.c +++ b/sound/soc/sof/intel/hda-dsp.c @@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; struct hdac_bus *bus = sof_to_bus(sdev); + bool imr_lost = false; int ret, j; /* - * The memory used for IMR boot loses its content in deeper than S3 state - * We must not try IMR boot on next power up (as it will fail). - * + * The memory used for IMR boot loses its content in deeper than S3 + * state on CAVS platforms. + * On ACE platforms due to the system architecture the IMR content is + * lost at S3 state already, they are tailored for s2idle use. + * We must not try IMR boot on next power up in these cases as it will + * fail. + */ + if (sdev->system_suspend_target > SOF_SUSPEND_S3 || + (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && + sdev->system_suspend_target == SOF_SUSPEND_S3)) + imr_lost = true; + + /* * In case of firmware crash or boot failure set the skip_imr_boot to true * as well in order to try to re-load the firmware to do a 'cold' boot. */ - if (sdev->system_suspend_target > SOF_SUSPEND_S3 || - sdev->fw_state == SOF_FW_CRASHED || + if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || sdev->fw_state == SOF_FW_BOOT_FAILED) hda->skip_imr_boot = true; -- 2.43.0

1 year, 6 months

1
11
0 0

[PATCH AUTOSEL 6.8 01/15] ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend

by Sasha Levin

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> [ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] SoCs with ACE architecture are tailored to use s2idle instead deep (S3) suspend state and the IMR content is lost when the system is forced to enter even to S3. When waking up from S3 state the IMR boot will fail as the content is lost. Set the skip_imr_boot flag to make sure that we don't try IMR in this case. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c index 2445ae7f6b2e9..1506982a56c30 100644 --- a/sound/soc/sof/intel/hda-dsp.c +++ b/sound/soc/sof/intel/hda-dsp.c @@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; struct hdac_bus *bus = sof_to_bus(sdev); + bool imr_lost = false; int ret, j; /* - * The memory used for IMR boot loses its content in deeper than S3 state - * We must not try IMR boot on next power up (as it will fail). - * + * The memory used for IMR boot loses its content in deeper than S3 + * state on CAVS platforms. + * On ACE platforms due to the system architecture the IMR content is + * lost at S3 state already, they are tailored for s2idle use. + * We must not try IMR boot on next power up in these cases as it will + * fail. + */ + if (sdev->system_suspend_target > SOF_SUSPEND_S3 || + (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && + sdev->system_suspend_target == SOF_SUSPEND_S3)) + imr_lost = true; + + /* * In case of firmware crash or boot failure set the skip_imr_boot to true * as well in order to try to re-load the firmware to do a 'cold' boot. */ - if (sdev->system_suspend_target > SOF_SUSPEND_S3 || - sdev->fw_state == SOF_FW_CRASHED || + if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || sdev->fw_state == SOF_FW_BOOT_FAILED) hda->skip_imr_boot = true; -- 2.43.0

1 year, 6 months

1
14
0 0

[PATCH] fuse: fix leaked ENOSYS error on first statx call

by Danny Lin

FUSE attempts to detect server support for statx by trying it once and setting no_statx=1 if it fails with ENOSYS, but consider the following scenario: - Userspace (e.g. sh) calls stat() on a file * succeeds - Userspace (e.g. lsd) calls statx(BTIME) on the same file - request_mask = STATX_BASIC_STATS | STATX_BTIME - first pass: sync=true due to differing cache_mask - statx fails and returns ENOSYS - set no_statx and retry - retry sets mask = STATX_BASIC_STATS - now mask == cache_mask; sync=false (time_before: still valid) - so we take the "else if (stat)" path - "err" is still ENOSYS from the failed statx call Fix this by zeroing "err" before retrying the failed call. Fixes: d3045530bdd2 ("fuse: implement statx") Cc: stable(a)vger.kernel.org # v6.6 Signed-off-by: Danny Lin <danny(a)orbstack.dev> --- fs/fuse/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index de452cdbf3cf..a63125ce70a4 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1362,6 +1362,7 @@ static int fuse_update_get_attr(struct inode *inode, struct file *file, err = fuse_do_statx(inode, file, stat); if (err == -ENOSYS) { fc->no_statx = 1; + err = 0; goto retry; } } else { -- 2.44.0

1 year, 6 months

2
1
0 0

[PATCH 1/2] USB: serial: option: add Lonsung U8300/U9300 product Update the USB serial option driver to support Longsung U8300/U9300.

by Coia Prant

ID 1c9e:9b05 OMEGA TECHNOLOGY (U8300) ID 1c9e:9b3c OMEGA TECHNOLOGY (U9300) U8300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=option, 480M (Debug) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 5, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b05 OMEGA TECHNOLOGY U9300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b3c OMEGA TECHNOLOGY Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 6 months

3
2
0 0

[PATCH v2 01/43] drm/fbdev-generic: Do not set physical framebuffer address

by Thomas Zimmermann

Framebuffer memory is allocated via vzalloc() from non-contiguous physical pages. The physical framebuffer start address is therefore meaningless. Do not set it. The value is not used within the kernel and only exported to userspace on dedicated ARM configs. No functional change is expected. v2: - refer to vzalloc() in commit message (Javier) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: a5b44c4adb16 ("drm/fbdev-generic: Always use shadow buffering") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Zack Rusin <zackr(a)vmware.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.4+ Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Reviewed-by: Zack Rusin <zack.rusin(a)broadcom.com> Reviewed-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> Tested-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> --- drivers/gpu/drm/drm_fbdev_generic.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_fbdev_generic.c b/drivers/gpu/drm/drm_fbdev_generic.c index be357f926faec..97e579c33d84a 100644 --- a/drivers/gpu/drm/drm_fbdev_generic.c +++ b/drivers/gpu/drm/drm_fbdev_generic.c @@ -113,7 +113,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper, /* screen */ info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST; info->screen_buffer = screen_buffer; - info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer)); info->fix.smem_len = screen_size; /* deferred I/O */ -- 2.44.0

1 year, 6 months

2
1
0 0

[PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

by Jeff Mahoney

Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2) appears to have been accidentially reverted as part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload allocation/removement). I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2 due to state->dev being NULL in the debug message printed if the payload allocation has failed. This commit restores mgr->dev to avoid the Oops. Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement") Cc: stable(a)vger.kernel.org Signed-off-by: Jeff Mahoney <jeffm(a)suse.com> --- drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 03d528209426..3dc966f25c0c 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr, /* Skip failed payloads */ if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) { - drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", + drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", payload->port->connector->name); return -EIO; } -- 2.44.0

1 year, 6 months

2
2
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041448-washcloth-flanked-1878@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 6 months

1
0
0 0

6.8.3+ panic at boot with CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y

by Mihai Moldovan

Hi Since you backported 41044b41ad2c8c8165a42ec6e9a4096826dcf153 to 6.8.3 and higher, the kernel crashes hard on boot if BTRFS's sanity checks have been enabled (CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y). Please backport b2136cc288fce2f24a92f3d656531b2d50ebec5a to the stable/mainline series fix this issue. Best regards Mihai Moldovan

1 year, 6 months

2
1
0 0

[PATCH] media: cec: core: remove length check of Timer Status solution applies to 5.4 and 4.19

by Nini Song (宋宛妮)

Hi @stable@vger.kernel.org<mailto:stable@vger.kernel.org> This patch has been merged in mainline as commit ce5d241c3ad45. [patch diff] [cid:image001.png@01DA8D04.BCD8A070] Because of our customer used v5.15, v5.4 and 4.19 for MP production, which requires this solution. We need your help apply the patch in v5.15, v5.4 and 4.19. Thanks! BR, Nini Song

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] r8169: fix LED-related deadlock on module removal" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 19fa4f2a85d777a8052e869c1b892a2f7556569d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041459-lagging-tiny-7189@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 19fa4f2a85d7 ("r8169: fix LED-related deadlock on module removal") be51ed104ba9 ("r8169: add LED support for RTL8125/RTL8126") 3907f1ffc0ec ("r8169: add support for RTL8126A") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fa4f2a85d777a8052e869c1b892a2f7556569d Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon, 8 Apr 2024 20:47:40 +0200 Subject: [PATCH] r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case. Fixes: 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101") Cc: stable(a)vger.kernel.org Reported-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/realtek/r8169.h b/drivers/net/ethernet/realtek/r8169.h index 4c043052198d..00882ffc7a02 100644 --- a/drivers/net/ethernet/realtek/r8169.h +++ b/drivers/net/ethernet/realtek/r8169.h @@ -73,6 +73,7 @@ enum mac_version { }; struct rtl8169_private; +struct r8169_led_classdev; void r8169_apply_firmware(struct rtl8169_private *tp); u16 rtl8168h_2_get_adc_bias_ioffset(struct rtl8169_private *tp); @@ -84,7 +85,8 @@ void r8169_get_led_name(struct rtl8169_private *tp, int idx, char *buf, int buf_len); int rtl8168_get_led_mode(struct rtl8169_private *tp); int rtl8168_led_mod_ctrl(struct rtl8169_private *tp, u16 mask, u16 val); -void rtl8168_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev); int rtl8125_get_led_mode(struct rtl8169_private *tp, int index); int rtl8125_set_led_mode(struct rtl8169_private *tp, int index, u16 mode); -void rtl8125_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev); +void r8169_remove_leds(struct r8169_led_classdev *leds); diff --git a/drivers/net/ethernet/realtek/r8169_leds.c b/drivers/net/ethernet/realtek/r8169_leds.c index 7c5dc9d0df85..e10bee706bc6 100644 --- a/drivers/net/ethernet/realtek/r8169_leds.c +++ b/drivers/net/ethernet/realtek/r8169_leds.c @@ -146,22 +146,22 @@ static void rtl8168_setup_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8168_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8168_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8168_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8168_NUM_LEDS; i++) rtl8168_setup_ldev(leds + i, ndev, i); + + return leds; } static int rtl8125_led_hw_control_is_supported(struct led_classdev *led_cdev, @@ -245,20 +245,31 @@ static void rtl8125_setup_led_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8125_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8125_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8125_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8125_NUM_LEDS; i++) rtl8125_setup_led_ldev(leds + i, ndev, i); + + return leds; +} + +void r8169_remove_leds(struct r8169_led_classdev *leds) +{ + if (!leds) + return; + + for (struct r8169_led_classdev *l = leds; l->ndev; l++) + led_classdev_unregister(&l->led); + + kfree(leds); } diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 6f1e6f386b7b..8a27328eae34 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -647,6 +647,8 @@ struct rtl8169_private { const char *fw_name; struct rtl_fw *rtl_fw; + struct r8169_led_classdev *leds; + u32 ocp_base; }; @@ -5044,6 +5046,8 @@ static void rtl_remove_one(struct pci_dev *pdev) cancel_work_sync(&tp->wk.work); + r8169_remove_leds(tp->leds); + unregister_netdev(tp->dev); if (tp->dash_type != RTL_DASH_NONE) @@ -5501,9 +5505,9 @@ static int rtl_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) if (IS_ENABLED(CONFIG_R8169_LEDS)) { if (rtl_is_8125(tp)) - rtl8125_init_leds(dev); + tp->leds = rtl8125_init_leds(dev); else if (tp->mac_version > RTL_GIGA_MAC_VER_06) - rtl8168_init_leds(dev); + tp->leds = rtl8168_init_leds(dev); } netdev_info(dev, "%s, %pM, XID %03x, IRQ %d\n",

1 year, 6 months

1
0
0 0

S4 fix for Phoenix laptops

by Mario Limonciello

Hi, This fix was sent out for fixing S4 under stress on some Phoenix laptops. 31729e8c21ec ("drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11") David Markey confirmed[1] it helps Framework 13 under S4 stress testing. Can you please bring it to 6.1.y and later? [1] https://community.frame.work/t/responded-arch-hibernation-woes-on-amd-13/45… Thanks

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041442-grumble-saggy-01f0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 25 Mar 2024 09:21:20 +1100 Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE The page has been marked clean before writepage is called. If we don't redirty it before postponing the write, it might never get written. Cc: stable(a)vger.kernel.org Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Xiubo Li <xiubli(a)redhat.org> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 1340d77124ae..ee9caf7916fb 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc) ihold(inode); if (wbc->sync_mode == WB_SYNC_NONE && - ceph_inode_to_fs_client(inode)->write_congested) + ceph_inode_to_fs_client(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } wait_on_page_fscache(page);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041441-unabashed-swarm-244d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 25 Mar 2024 09:21:20 +1100 Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE The page has been marked clean before writepage is called. If we don't redirty it before postponing the write, it might never get written. Cc: stable(a)vger.kernel.org Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Xiubo Li <xiubli(a)redhat.org> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 1340d77124ae..ee9caf7916fb 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc) ihold(inode); if (wbc->sync_mode == WB_SYNC_NONE && - ceph_inode_to_fs_client(inode)->write_congested) + ceph_inode_to_fs_client(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } wait_on_page_fscache(page);

1 year, 6 months

1
0
0 0

Add commit "eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init" to kernel 6.8.y

by Gong, Richard

Hi, The commit below resolves s2idle failure on processor for AMD Family 1Ah Model 20h, eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init Please add this commit to stable kernel 6.8.y. Thanks! Regards, Richard

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041458-gurgle-mulled-5492@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041457-sequester-eclipse-f130@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 6 months

1
0
0 0

[PATCH v3] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- v3: - add NULL pointer check in memblock_free_late() path. v2: - add an early flag in xbc_free_mem() to free memory back to memblock in xbc_init error path or put memory to buddy allocator in normal xbc_exit. --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h index e5ee2c694401..3f4b4ac527ca 100644 --- a/include/linux/bootconfig.h +++ b/include/linux/bootconfig.h @@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos); int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..8841554432d5 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size) return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else if (addr) + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size) return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; -- 2.39.2

1 year, 6 months

2
1
0 0

[PATCH v2] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- v2: - add an early flag in xbc_free_mem() to free memory back to memblock in xbc_init error path or put memory to buddy allocator in normal xbc_exit. --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h index e5ee2c694401..3f4b4ac527ca 100644 --- a/include/linux/bootconfig.h +++ b/include/linux/bootconfig.h @@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos); int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..f9a45adc6307 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size) return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size) return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; -- 2.39.2

1 year, 6 months

3
3
0 0

Linux 6.8.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.6 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 + arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 + arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++ arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 ++ arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 ++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 + arch/x86/entry/vdso/Makefile | 10 - arch/x86/events/amd/lbr.c | 6 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/pci/fixup.c | 48 +++++ arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 32 +++ arch/x86/xen/enlighten_pvh.c | 68 ++++++++ arch/x86/xen/setup.c | 44 ----- arch/x86/xen/xen-ops.h | 14 + block/blk-stat.c | 2 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/acpi/resource.c | 7 drivers/acpi/sleep.c | 12 - drivers/acpi/x86/utils.c | 38 ++++ drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 - drivers/bus/mhi/host/pm.c | 20 ++ drivers/cpufreq/cpufreq.c | 17 +- drivers/cpuidle/driver.c | 3 drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/dc/dc.h | 1 drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/ci/gitlab-ci.yml | 14 + drivers/gpu/drm/ci/test.yml | 1 drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 + drivers/gpu/drm/drm_probe_helper.c | 21 ++ drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 - drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 drivers/gpu/drm/panel/panel-simple.c | 20 ++ drivers/gpu/drm/ttm/ttm_bo.c | 7 drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 2 drivers/i2c/busses/i2c-designware-core.h | 2 drivers/infiniband/core/cm.c | 20 ++ drivers/input/joystick/xpad.c | 3 drivers/input/rmi4/rmi_driver.c | 6 drivers/input/touchscreen/imagis.c | 20 -- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/net/dsa/qca/qca8k-8xxx.c | 3 drivers/net/dummy.c | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++ drivers/net/geneve.c | 1 drivers/net/loopback.c | 1 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/phy/phy_device.c | 13 - drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 ++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/pci.c | 60 ++++++- drivers/net/wireless/realtek/rtw89/pci.h | 6 drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 drivers/nvme/host/pci.c | 3 drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++ drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/acer-wmi.c | 17 +- drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 - drivers/pmdomain/ti/omap_prm.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/soundwire/dmi-quirks.c | 8 drivers/thermal/thermal_of.c | 12 - drivers/thunderbolt/quirks.c | 14 + drivers/thunderbolt/tb.c | 49 +++++ drivers/thunderbolt/tb.h | 4 drivers/thunderbolt/tunnel.c | 16 - drivers/tty/serial/8250/8250_of.c | 44 ++++- drivers/tty/serial/8250/8250_port.c | 24 -- drivers/ufs/host/ufs-qcom.c | 13 + drivers/usb/gadget/function/uvc_video.c | 10 - drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 26 ++- drivers/usb/typec/ucsi/ucsi.h | 11 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/xen/balloon.c | 2 fs/btrfs/export.c | 9 - fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 + fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 + fs/isofs/inode.c | 18 +- fs/kernfs/dir.c | 31 ++- fs/kernfs/kernfs-internal.h | 2 fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/acpi/acpi_bus.h | 14 - include/linux/kernfs.h | 2 include/linux/overflow.h | 12 - include/linux/printk.h | 2 include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 + include/linux/sunrpc/sched.h | 2 include/net/bluetooth/hci.h | 8 include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +- kernel/dma/direct.c | 9 - kernel/panic.c | 8 kernel/printk/internal.h | 1 kernel/printk/printk.c | 3 kernel/rcu/tree_nocb.h | 2 kernel/trace/ring_buffer.c | 2 lib/dump_stack.c | 16 + net/bluetooth/hci_event.c | 3 net/core/netdev-genl.c | 15 - net/core/page_pool_user.c | 2 net/ipv4/ip_tunnel.c | 1 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/sit.c | 1 net/mpls/mpls_gso.c | 3 net/smc/smc_pnet.c | 10 + net/wireless/util.c | 14 + scripts/gcc-plugins/stackleak_plugin.c | 2 scripts/mod/modpost.c | 4 sound/firewire/amdtp-stream.c | 12 - sound/firewire/amdtp-stream.h | 4 sound/pci/hda/patch_realtek.c | 12 + sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/avs/board_selection.c | 85 ++++++++++ sound/soc/intel/boards/sof_rt5682.c | 40 ---- sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/soc-core.c | 3 sound/soc/sof/amd/acp.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 191 files changed, 1530 insertions(+), 450 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Limit read size on v1.2 Adam Ford (1): pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Ahmad Rehman (1): drm/amdgpu: Init zone device and drm client after mode-1 reset on reload Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Andre Werner (1): net: phy: phy_device: Prevent nullptr exceptions on ISR Andy Shevchenko (1): serial: 8250_of: Drop quirk fot NPCM from 8250_port Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB Bjorn Andersson (1): arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected Borislav Petkov (AMD) (1): x86/vdso: Fix rethunk patching for vdso-image-x32.o too Brent Lu (1): ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Cezary Rojewski (1): ASoC: Intel: avs: Populate board selection with new I2S entries Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Christian König (1): drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Cristian Ciocaltea (2): net: stmmac: dwmac-starfive: Add support for JH7100 SoC ASoC: SOF: amd: Optimize quirk for Valve Galileo Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (2): PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (2): amdkfd: use calloc instead of kzalloc to avoid integer overflow nouveau: fix devinit paths to only handle display on GSP. David McFarland (1): platform/x86/intel/hid: Don't wake on 5-button releases David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dmitry Baryshkov (1): arm64: dts: qcom: qrb2210-rb1: disable cluster power domains Dmitry Torokhov (1): HID: input: avoid polling stylus battery on Chromebook Pompom Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Chanudet (1): scsi: ufs: qcom: Avoid re-init quirk when gears match Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Gil Fine (1): thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read Greg Kroah-Hartman (1): Linux 6.8.6 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (3): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration() Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Hui Liu (1): arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jakub Kicinski (1): netdev: let netlink core handle -EMSGSIZE errors Jarkko Nikula (1): i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Jason Gunthorpe (1): iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Jichi Zhang (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Johan Jonker (4): ARM: dts: rockchip: fix rk3288 hdmi ports node ARM: dts: rockchip: fix rk322x hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node Johannes Berg (1): wifi: cfg80211: check A-MSDU format more carefully John Ogness (3): printk: For @suppress_panic_printk check for other CPU in panic panic: Flush kernel log buffer at the end dump_stack: Do not get cpu_sync for panic CPU Josh Poimboeuf (1): x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Junhao He (1): drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (3): bnx2x: Fix firmware version string character counts overflow: Allow non-type arg to type_max() and type_min() randomize_kstack: Improve entropy diffusion Koby Elbaz (1): accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (3): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luca Weiss (1): usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression M Cooley (1): ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Matt Scialabba (1): Input: xpad - add support for Snakebyte GAMEPADs Max Kellermann (1): modpost: fix null pointer dereference Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (2): usb: gadget: uvc: refactor the check for a valid buffer in the pump worker usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (2): wifi: iwlwifi: pcie: Add the PCI device id for new hardware wifi: iwlwifi: pcie: Add new PCI device id and CNVI Nicholas Kazlauskas (1): drm/amd/display: Disable idle reallow as part of command/gpint execution Nicolas Dufresne (1): media: mediatek: vcodec: Fix oops when HEVC init fails Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Peter Chiu (1): wifi: mt76: mt7996: disable AMSDU for non-data frames Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (2): wifi: rtw89: pci: validate RX tag for RXQ and RPQ wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Po-Hao Huang (1): wifi: rtw89: fix null pointer access when abort scan Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roger Pau Monne (1): x86/xen: attempt to inflate the memory balloon on PVH Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Shayne Chen (2): wifi: mt76: mt7915: add locking for accessing mapped registers wifi: mt76: mt7996: add locking for accessing mapped registers Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Sohaib Nadeem (1): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Stanley.Yang (1): drm/amdgpu: Skip do PCI error slot reset during RAS recovery SungHwan Jung (2): platform/x86: acer-wmi: Add support for Acer PH16-71 platform/x86: acer-wmi: Add predator_v4 module parameter Sviatoslav Harasymchuk (1): ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA Takashi Iwai (2): wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tejun Heo (1): kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Tom Zanussi (1): crypto: iaa - Fix async_disable descriptor leak Tony Lindgren (1): drm/panel: simple: Add BOE BP082WX1-100 8.2" panel Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vignesh Raman (1): drm/ci: uprev mesa version: fix kdl commit fetch Vinicius Peixoto (1): Bluetooth: Add new quirk for broken read key length on ATS2851 Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Vladimir Oltean (1): net: dsa: qca8k: put MDIO controller OF node if unavailable Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yunfei Dong (2): media: mediatek: vcodec: adding lock to protect decoder context list media: mediatek: vcodec: adding lock to protect encoder context list Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups Zqiang (1): rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 6 months

1
1
0 0

Linux 6.6.27

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.27 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 + arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 + arch/x86/events/amd/lbr.c | 6 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/pci/fixup.c | 48 +++++ arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 32 +++ arch/x86/xen/enlighten_pvh.c | 68 ++++++++ arch/x86/xen/setup.c | 44 ----- arch/x86/xen/xen-ops.h | 14 + block/blk-stat.c | 2 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/acpi/sleep.c | 12 - drivers/acpi/x86/utils.c | 18 +- drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 - drivers/bus/mhi/host/pm.c | 20 ++ drivers/cpufreq/cpufreq.c | 17 +- drivers/cpuidle/driver.c | 3 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 + drivers/gpu/drm/drm_probe_helper.c | 21 ++ drivers/gpu/drm/ttm/ttm_bo.c | 7 drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 2 drivers/i2c/busses/i2c-designware-core.h | 2 drivers/infiniband/core/cm.c | 20 ++ drivers/input/joystick/xpad.c | 3 drivers/input/rmi4/rmi_driver.c | 6 drivers/input/touchscreen/imagis.c | 20 -- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/net/dummy.c | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++ drivers/net/geneve.c | 1 drivers/net/loopback.c | 1 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/phy/phy_device.c | 13 - drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/pci.h | 2 drivers/nvme/host/pci.c | 3 drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++ drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 - drivers/pmdomain/ti/omap_prm.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/soundwire/dmi-quirks.c | 8 drivers/thermal/thermal_of.c | 12 - drivers/thunderbolt/quirks.c | 14 + drivers/thunderbolt/tb.c | 49 +++++ drivers/thunderbolt/tb.h | 4 drivers/usb/gadget/function/uvc_video.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 26 ++- drivers/usb/typec/ucsi/ucsi.h | 11 + drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/xen/balloon.c | 2 fs/btrfs/export.c | 9 - fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 + fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 + fs/isofs/inode.c | 18 +- fs/kernfs/dir.c | 31 ++- fs/kernfs/kernfs-internal.h | 2 fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/acpi/acpi_bus.h | 14 - include/linux/kernfs.h | 2 include/linux/overflow.h | 12 - include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 + include/linux/sunrpc/sched.h | 2 include/net/bluetooth/hci.h | 8 include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +- kernel/dma/direct.c | 9 - kernel/panic.c | 8 kernel/printk/printk.c | 3 kernel/rcu/tree_nocb.h | 2 kernel/trace/ring_buffer.c | 2 net/bluetooth/hci_event.c | 3 net/ipv4/ip_tunnel.c | 1 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/sit.c | 1 net/mpls/mpls_gso.c | 3 net/smc/smc_pnet.c | 10 + net/wireless/util.c | 14 + scripts/gcc-plugins/stackleak_plugin.c | 2 scripts/mod/modpost.c | 4 sound/firewire/amdtp-stream.c | 12 - sound/firewire/amdtp-stream.h | 4 sound/pci/hda/patch_realtek.c | 12 + sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/avs/board_selection.c | 85 ++++++++++ sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/soc-core.c | 3 sound/soc/sof/amd/acp.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 151 files changed, 1134 insertions(+), 309 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Limit read size on v1.2 Adam Ford (1): pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Andre Werner (1): net: phy: phy_device: Prevent nullptr exceptions on ISR Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Cezary Rojewski (1): ASoC: Intel: avs: Populate board selection with new I2S entries Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Christian König (1): drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Cristian Ciocaltea (2): net: stmmac: dwmac-starfive: Add support for JH7100 SoC ASoC: SOF: amd: Optimize quirk for Valve Galileo Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (2): PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dmitry Torokhov (1): HID: input: avoid polling stylus battery on Chromebook Pompom Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Geliang Tang (1): selftests: mptcp: display simult in extra_msg Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (1): Linux 6.6.27 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (2): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jarkko Nikula (1): i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Jichi Zhang (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Johan Jonker (4): ARM: dts: rockchip: fix rk3288 hdmi ports node ARM: dts: rockchip: fix rk322x hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node Johannes Berg (1): wifi: cfg80211: check A-MSDU format more carefully John Ogness (2): printk: For @suppress_panic_printk check for other CPU in panic panic: Flush kernel log buffer at the end Junhao He (1): drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (3): bnx2x: Fix firmware version string character counts overflow: Allow non-type arg to type_max() and type_min() randomize_kstack: Improve entropy diffusion Koby Elbaz (1): accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (3): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression M Cooley (1): ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Matt Scialabba (1): Input: xpad - add support for Snakebyte GAMEPADs Max Kellermann (1): modpost: fix null pointer dereference Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (1): usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (1): wifi: iwlwifi: pcie: Add the PCI device id for new hardware Nicolas Dufresne (1): media: mediatek: vcodec: Fix oops when HEVC init fails Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Peter Chiu (1): wifi: mt76: mt7996: disable AMSDU for non-data frames Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (1): wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Po-Hao Huang (1): wifi: rtw89: fix null pointer access when abort scan Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roger Pau Monne (1): x86/xen: attempt to inflate the memory balloon on PVH Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Shayne Chen (2): wifi: mt76: mt7915: add locking for accessing mapped registers wifi: mt76: mt7996: add locking for accessing mapped registers Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Takashi Iwai (2): wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tejun Heo (1): kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vinicius Peixoto (1): Bluetooth: Add new quirk for broken read key length on ATS2851 Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yunfei Dong (2): media: mediatek: vcodec: adding lock to protect decoder context list media: mediatek: vcodec: adding lock to protect encoder context list Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups Zqiang (1): rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 6 months

1
1
0 0

Linux 6.1.86

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.86 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +- arch/x86/events/amd/lbr.c | 6 - block/blk-stat.c | 2 drivers/acpi/sleep.c | 12 -- drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 + drivers/bus/mhi/host/pm.c | 20 +++ drivers/cpufreq/cpufreq.c | 17 ++- drivers/cpuidle/driver.c | 3 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++ drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/infiniband/core/cm.c | 20 +++ drivers/input/rmi4/rmi_driver.c | 6 - drivers/input/touchscreen/imagis.c | 20 +-- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/misc/vmw_vmci/vmci_datagram.c | 6 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 drivers/net/wireless/realtek/rtw89/pci.h | 2 drivers/nvme/host/pci.c | 3 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 - drivers/scsi/scsi_lib.c | 52 +++++----- drivers/scsi/sd.c | 4 drivers/soundwire/dmi-quirks.c | 8 + drivers/thermal/thermal_of.c | 12 +- drivers/thunderbolt/quirks.c | 14 ++ drivers/thunderbolt/tb.c | 49 +++++++++ drivers/thunderbolt/tb.h | 4 drivers/tty/n_gsm.c | 3 drivers/usb/gadget/function/uvc_video.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/video/fbdev/core/fbmon.c | 7 - drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 + fs/btrfs/export.c | 9 + fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 ++ fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 ++ fs/isofs/inode.c | 18 +++ fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 ++ include/linux/sunrpc/sched.h | 2 include/scsi/scsi_device.h | 51 ++------- include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +++- kernel/dma/direct.c | 9 - kernel/panic.c | 8 + kernel/trace/ring_buffer.c | 2 net/mpls/mpls_gso.c | 3 net/netfilter/nf_tables_api.c | 47 ++++++--- net/smc/smc_pnet.c | 10 + scripts/gcc-plugins/stackleak_plugin.c | 2 sound/firewire/amdtp-stream.c | 12 +- sound/firewire/amdtp-stream.h | 4 sound/soc/intel/boards/sof_sdw.c | 11 ++ sound/soc/soc-core.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 ++- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 87 files changed, 544 insertions(+), 224 deletions(-) Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (1): virtio: reenable config if freezing device failed David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (1): net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (3): Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Revert "scsi: core: Add struct for args to execution functions" Linux 6.1.86 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (1): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): panic: Flush kernel log buffer at the end Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (2): bnx2x: Fix firmware version string character counts randomize_kstack: Improve entropy diffusion Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Martin K. Petersen (1): scsi: sd: usb_storage: uas: Access media prior to querying device properties Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (1): usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (1): wifi: iwlwifi: pcie: Add the PCI device id for new hardware Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (1): wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Takashi Iwai (1): Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 6 months

1
1
0 0

Linux 5.15.155

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.155 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++ arch/x86/mm/pat/memtype.c | 49 +++++++--- block/blk-stat.c | 2 drivers/acpi/cppc_acpi.c | 27 ----- drivers/acpi/sleep.c | 12 -- drivers/bluetooth/btintel.c | 2 drivers/cpuidle/driver.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/infiniband/core/cm.c | 20 +++- drivers/input/rmi4/rmi_driver.c | 6 + drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/misc/vmw_vmci/vmci_datagram.c | 6 - drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 - drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/nvme/host/pci.c | 3 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 - drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 - drivers/tty/n_gsm.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/video/fbdev/core/fbmon.c | 7 - drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 +- fs/btrfs/export.c | 9 + fs/btrfs/send.c | 10 +- fs/btrfs/volumes.c | 12 ++ fs/ext4/mballoc.c | 5 - fs/ext4/super.c | 12 ++ fs/isofs/inode.c | 18 +++ fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 -- include/linux/randomize_kstack.h | 2 include/linux/sunrpc/sched.h | 2 include/uapi/linux/input-event-codes.h | 1 kernel/panic.c | 8 + kernel/trace/ring_buffer.c | 2 mm/memory.c | 4 net/dsa/dsa2.c | 25 +---- net/netfilter/nf_tables_api.c | 47 +++++++-- net/smc/smc_pnet.c | 10 ++ scripts/gcc-plugins/stackleak_plugin.c | 6 + sound/firewire/amdtp-stream.c | 12 +- sound/firewire/amdtp-stream.h | 4 sound/soc/soc-core.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 ++- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 56 files changed, 321 insertions(+), 145 deletions(-) Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (1): net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (2): Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses" Linux 5.15.155 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): panic: Flush kernel log buffer at the end Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (2): gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text randomize_kstack: Improve entropy diffusion Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vladimir Oltean (1): net: dsa: fix panic when DSA master device unbinds on shutdown Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment

1 year, 6 months

1
1
0 0

Linux 5.10.215

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.215 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++++ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 27 - Documentation/block/queue-sysfs.rst | 7 Documentation/x86/mds.rst | 38 + Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/riscv/include/asm/uaccess.h | 4 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 18 arch/x86/Makefile | 8 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 59 -- arch/x86/entry/entry_64.S | 10 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 5 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 5 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/irqflags.h | 1 arch/x86/include/asm/msr-index.h | 10 arch/x86/include/asm/nospec-branch.h | 47 + arch/x86/include/asm/processor.h | 15 arch/x86/include/asm/ptrace.h | 5 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/segment.h | 30 - arch/x86/include/asm/setup.h | 1 arch/x86/include/asm/stackprotector.h | 79 --- arch/x86/include/asm/suspend_32.h | 12 arch/x86/kernel/Makefile | 1 arch/x86/kernel/asm-offsets_32.c | 5 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 245 ++++++---- arch/x86/kernel/cpu/common.c | 64 ++ arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/doublefault_32.c | 4 arch/x86/kernel/head64.c | 9 arch/x86/kernel/head_32.S | 18 arch/x86/kernel/head_64.S | 24 arch/x86/kernel/nmi.c | 3 arch/x86/kernel/setup_percpu.c | 1 arch/x86/kernel/tls.c | 8 arch/x86/kvm/cpuid.h | 2 arch/x86/kvm/svm/sev.c | 16 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 12 arch/x86/kvm/x86.c | 5 arch/x86/lib/insn-eval.c | 4 arch/x86/lib/retpoline.S | 6 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat/memtype.c | 50 +- arch/x86/platform/pvh/head.S | 14 arch/x86/power/cpu.c | 6 arch/x86/xen/enlighten_pv.c | 1 block/blk-settings.c | 41 + block/blk-stat.c | 2 block/blk-sysfs.c | 8 block/ioctl.c | 11 drivers/accessibility/speakup/synth.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/acpi/sleep.c | 12 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 - drivers/base/cpu.c | 8 drivers/base/power/wakeirq.c | 4 drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_lrc.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/ttm/ttm_memory.c | 2 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_binding.c | 20 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 92 ++- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 11 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_mob.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_so.c | 3 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 50 -- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/hwmon/amc6821.c | 11 drivers/infiniband/core/cm.c | 20 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/intel/i40e/i40e_main.c | 7 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/neterion/vxge/vxge-config.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/renesas/ravb_main.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 + drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/nvme/host/pci.c | 3 drivers/nvmem/meson-efuse.c | 25 - drivers/of/dynamic.c | 12 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/pci-driver.c | 23 drivers/pci/pci.c | 6 drivers/pci/pci.h | 17 drivers/pci/pcie/Makefile | 2 drivers/pci/pcie/dpc.c | 15 drivers/pci/pcie/err.c | 33 + drivers/pci/pcie/rcec.c | 59 ++ drivers/pci/probe.c | 7 drivers/pci/quirks.c | 100 ++++ drivers/pci/setup-res.c | 8 drivers/phy/tegra/xusb.c | 13 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/touchscreen_dmi.c | 9 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 102 +--- drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/sd.c | 7 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 +++- drivers/staging/comedi/drivers/comedi_test.c | 30 + drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/tty/n_gsm.c | 3 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/max310x.c | 7 drivers/tty/serial/sc16is7xx.c | 15 drivers/tty/serial/serial_core.c | 12 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 +- drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 53 +- drivers/usb/host/sl811-hcd.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 42 + drivers/usb/typec/ucsi/ucsi.h | 4 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/vfio_pci_intrs.c | 176 ++++--- drivers/vfio/platform/vfio_platform_irq.c | 106 ++-- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 drivers/xen/events/events_base.c | 5 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 - fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 14 fs/exec.c | 1 fs/ext4/mballoc.c | 22 fs/ext4/resize.c | 3 fs/ext4/super.c | 12 fs/fat/nfs.c | 6 fs/fuse/dir.c | 4 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nfs/direct.c | 11 fs/nfs/write.c | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 fs/vboxsf/super.c | 3 include/linux/blkdev.h | 15 include/linux/cpu.h | 2 include/linux/device.h | 1 include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/nfs_fs.h | 1 include/linux/objtool.h | 8 include/linux/pci.h | 6 include/linux/phy/tegra/xusb.h | 2 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/linux/udp.h | 28 + include/linux/vfio.h | 2 include/net/cfg802154.h | 1 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 2 io_uring/io_uring.c | 2 kernel/bounds.c | 2 kernel/bpf/verifier.c | 5 kernel/events/core.c | 9 kernel/panic.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 63 +- kernel/time/timer.c | 164 +++--- kernel/trace/ring_buffer.c | 193 ++++--- mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/swapfile.c | 13 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 + net/bluetooth/hci_event.c | 25 + net/bridge/netfilter/ebtables.c | 6 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 13 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 3 net/netfilter/nf_tables_api.c | 74 ++- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/smc/smc_pnet.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 scripts/dummy-tools/gcc | 6 scripts/gcc-x86_32-has-stack-protector.sh | 6 scripts/kernel-doc | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/include/linux/objtool.h | 8 tools/lib/perf/evlist.c | 18 tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 + 334 files changed, 3242 insertions(+), 1521 deletions(-) Alan Stern (3): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in usb_deauthorize_interface() Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (7): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Amey Narkhede (1): PCI: Cache PCIe Device Capabilities register Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Andy Lutomirski (1): x86/stackprotector/32: Make the canary into a regular percpu variable Antoine Tenart (2): udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: do not accept non-tunnel GSO skbs landing in a tunnel Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (6): staging: vc04_services: changen strncpy() to strscpy_pad() dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Bikash Hazarika (2): scsi: qla2xxx: Update manufacturer details scsi: qla2xxx: Update manufacturer detail Bjorn Helgaas (1): PCI: Work around Intel I210 ROM BAR overlap defect Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (5): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (2): usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christian König (2): drm/vmwgfx: stop using ttm_bo_create v2 drm/vmwgfx: switch over to the new pin interface v2 Christophe JAILLET (2): slimbus: core: Remove usage of the deprecated ida_simple_xx() API vboxsf: Avoid an spurious warning if load_nls_xxx() fails Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (2): block: introduce zone_write_granularity limit block: Clear zone limits for a non-zoned stacked queue Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (4): clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (2): cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Linux 5.10.215 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Hariprasad Kelam (1): Octeontx2-af: fix pause frame configuration in GMP mode Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Hugo Villeneuve (2): serial: max310x: fix NULL pointer dereference in I2C instantiation serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (4): drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jason A. Donenfeld (2): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer Jens Axboe (1): io_uring: ensure '0' is returned on file registration success Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Hovold (1): arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (2): printk: Update @console_may_schedule in console_trylock_spinning() panic: Flush kernel log buffer at the end John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Jon Hunter (1): usb: gadget: tegra-xudc: Use dev_err_probe() Josef Bacik (1): nfs: fix UAF in direct writes Josh Poimboeuf (1): objtool: Add asm version of STACK_FRAME_NON_STANDARD Josua Mayer (1): hwmon: (amc6821) add of_match table Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lee Jones (1): drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (1): Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Michael Roth (1): x86/head/64: Re-enable stack protection Michal Kubecek (1): kbuild: dummy-tools: adjust to stricter stackprotector check Mika Westerberg (3): PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (2): fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Min Li (1): block: add check that partition length needs to be aligned with block size Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (4): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS hexagon: vmlinux.lds.S: handle attributes section Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (9): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (1): net: ravb: Always process TX descriptor ring Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Pawan Gupta (11): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Peter Collingbourne (1): serial: Lock console when calling into driver before registration Petr Mladek (1): printk/console: Split out code that enables default console Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Wen (1): x86/srso: Add SRSO mitigation for Hygon processors Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (3): scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Salvatore Bonaccorso (1): scripts: kernel-doc: Fix syntax error due to undeclared args variable Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (3): KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sean V Kelley (2): PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() PCI/ERR: Clear AER status only when we control AER SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shannon Nelson (1): ionic: set adminq irq affinity Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Shin'ichiro Kawasaki (1): scsi: sd: Fix wrong zone_write_granularity value during revalidate Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (5): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll net: hns3: tracing: fix hclgevf trace event strings Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Venkata Lakshmi Narayana Gubba (1): arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xu Wang (1): vxge: remove unnecessary cast in kfree() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zack Rusin (2): drm/vmwgfx: Fix some static checker warnings drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zhang Yi (2): ubi: correct the calculation of fastmap size ext4: add a hint for block bitmap corrupt state in mb_groups Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 6 months

1
1
0 0

Linux 5.4.274

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.274 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 6 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/parisc/include/asm/checksum.h | 107 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/include/asm/cpufeature.h | 6 arch/x86/include/asm/cpufeatures.h | 4 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/mmu_context.h | 9 arch/x86/include/asm/msr-index.h | 2 arch/x86/include/asm/nospec-branch.h | 7 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/unwind_hints.h | 2 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 117 +-- arch/x86/kernel/cpu/common.c | 19 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat.c | 50 + block/blk-stat.c | 2 drivers/acpi/sleep.c | 12 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/power/wakeirq.c | 4 drivers/block/loop.c | 185 +++-- drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/firmware/meson/meson_sm.c | 96 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_lrc.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vkms/vkms_drv.c | 2 drivers/hwmon/amc6821.c | 11 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/renesas/ravb_main.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 - drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/nvmem/meson-efuse.c | 45 - drivers/pci/pci-driver.c | 23 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 ++ drivers/staging/comedi/drivers/comedi_test.c | 30 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/speakup/synth.c | 4 drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 40 - drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 2 drivers/tty/n_gsm.c | 3 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/max310x.c | 7 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 + drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/vfio/pci/vfio_pci_intrs.c | 176 +++-- drivers/vfio/platform/vfio_platform_irq.c | 106 ++- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 drivers/xen/events/events_base.c | 5 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 14 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/fat/nfs.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nilfs2/alloc.c | 38 - fs/nilfs2/btree.c | 51 - fs/nilfs2/cpfile.c | 10 fs/nilfs2/dat.c | 14 fs/nilfs2/direct.c | 23 fs/nilfs2/gcinode.c | 2 fs/nilfs2/ifile.c | 4 fs/nilfs2/inode.c | 31 fs/nilfs2/ioctl.c | 37 - fs/nilfs2/mdt.c | 2 fs/nilfs2/namei.c | 6 fs/nilfs2/nilfs.h | 9 fs/nilfs2/page.c | 11 fs/nilfs2/recovery.c | 32 fs/nilfs2/segbuf.c | 2 fs/nilfs2/segment.c | 38 - fs/nilfs2/sufile.c | 29 fs/nilfs2/super.c | 57 - fs/nilfs2/sysfs.c | 29 fs/nilfs2/the_nilfs.c | 85 +- fs/open.c | 38 - fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 include/linux/firmware/meson/meson_sm.h | 15 include/linux/frame.h | 11 include/linux/fs.h | 3 include/linux/gfp.h | 9 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/linux/vfio.h | 2 include/net/erspan.h | 19 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 47 - kernel/bounds.c | 2 kernel/events/core.c | 9 kernel/panic.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 6 kernel/time/timer.c | 164 ++-- kernel/trace/ring_buffer.c | 51 + mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 104 ++- net/ipv4/tcp.c | 2 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/mac80211/cfg.c | 5 net/netfilter/nf_tables_api.c | 74 +- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/objtool/Documentation/stack-validation.txt | 8 tools/objtool/arch/x86/decode.c | 6 tools/objtool/check.c | 64 + tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 208 files changed, 2528 insertions(+), 1429 deletions(-) Alan Stern (2): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (1): i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (6): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (6): dm integrity: fix out-of-range warning staging: vc04_services: changen strncpy() to strscpy_pad() ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (2): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Carlo Caione (1): firmware: meson_sm: Rework driver as a proper platform driver Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christoph Hellwig (3): fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow Dave Stevenson (2): staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (3): tcp: properly terminate timers for kernel sockets net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (3): clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (1): Linux 5.4.274 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Guo Mengqi (1): drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Hangbin Liu (1): ip_gre: do not report erspan version on GRE interface Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Helge Deller (1): parisc: Do not hardcode registers in checksum functions Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (3): drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Joe Perches (1): nilfs2: use a more common logging style Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (2): printk: Update @console_may_schedule in console_trylock_spinning() panic: Flush kernel log buffer at the end John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josua Mayer (1): hwmon: (amc6821) add of_match table Juergen Gross (1): x86/alternative: Don't call text_poke() in lazy TLB mode Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (1): Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Lubomir Rintel (1): ARM: dts: mmp2-brownstone: Don't redeclare phandle references Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): ubifs: Set page uptodate in the correct place bounds: support non-power-of-two CONFIG_NR_CPUS Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (1): fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (3): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (9): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (1): net: ravb: Always process TX descriptor ring Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (1): scsi: qla2xxx: Fix command flush on cable pull Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Rui Qi (1): x86/speculation: Support intra-function call validation Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shannon Nelson (1): ionic: set adminq irq affinity Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Siddh Raman Pant (1): loop: Check for overflow while configuring loop Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (2): ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations William Tu (2): erspan: Add type I version 0 support. erspan: Check IFLA_GRE_ERSPAN_VER is set. Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Yangxi Xiang (1): vt: fix memory overlapping when deleting chars in the buffer Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zhang Shurong (1): firmware: meson_sm: fix to avoid potential NULL pointer dereference Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 6 months

1
1
0 0

Linux 4.19.312

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.312 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 6 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/parisc/include/asm/checksum.h | 107 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/msr-index.h | 2 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 117 +-- arch/x86/kernel/cpu/common.c | 17 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat.c | 50 + block/blk-stat.c | 2 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/power/wakeirq.c | 4 drivers/block/loop.c | 204 +++--- drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vkms/vkms_drv.c | 2 drivers/hwmon/amc6821.c | 11 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-raid.c | 2 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 10 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 40 - drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/pci/pci-driver.c | 23 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 ++ drivers/staging/comedi/drivers/comedi_test.c | 30 drivers/staging/speakup/synth.c | 4 drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 52 + drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 6 drivers/tty/n_gsm.c | 3 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 + drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/vfio/platform/vfio_platform_irq.c | 5 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 12 fs/exec.c | 1 fs/ext4/resize.c | 3 fs/fat/nfs.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nilfs2/alloc.c | 38 - fs/nilfs2/btree.c | 51 - fs/nilfs2/cpfile.c | 10 fs/nilfs2/dat.c | 14 fs/nilfs2/direct.c | 23 fs/nilfs2/gcinode.c | 2 fs/nilfs2/ifile.c | 4 fs/nilfs2/inode.c | 31 fs/nilfs2/ioctl.c | 37 - fs/nilfs2/mdt.c | 2 fs/nilfs2/namei.c | 6 fs/nilfs2/nilfs.h | 9 fs/nilfs2/page.c | 11 fs/nilfs2/recovery.c | 32 fs/nilfs2/segbuf.c | 2 fs/nilfs2/segment.c | 38 - fs/nilfs2/sufile.c | 29 fs/nilfs2/super.c | 57 - fs/nilfs2/sysfs.c | 29 fs/nilfs2/the_nilfs.c | 85 +- fs/open.c | 38 - fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 include/linux/fs.h | 3 include/linux/gfp.h | 9 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/net/erspan.h | 19 include/net/inet_connection_sock.h | 1 include/net/sock.h | 9 include/soc/fsl/qman.h | 9 include/trace/events/timer.h | 17 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 77 +- kernel/events/core.c | 9 kernel/power/suspend.c | 1 kernel/printk/printk.c | 6 kernel/time/timer.c | 282 ++++++-- mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/core/sock.c | 7 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 104 ++- net/ipv4/tcp.c | 2 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/mac80211/cfg.c | 5 net/netfilter/nf_tables_api.c | 22 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 166 files changed, 2098 insertions(+), 1189 deletions(-) Alan Stern (2): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (1): i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (1): vfio/platform: Disable virqfds on cleanup Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Anna-Maria Gleixner (3): timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps timer/trace: Improve timer tracing timers: Prepare support for PREEMPT_RT Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (4): staging: vc04_services: changen strncpy() to strscpy_pad() ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (1): x86/CPU/AMD: Update the Zenbleed microcode revisions Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christoph Hellwig (4): initramfs: factor out a helper to populate the initrd image fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow Dave Stevenson (3): staging: mmal-vchiq: Avoid use of bool in structures staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (3): tcp: properly terminate timers for kernel sockets net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Gabor Juhos (3): clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geert Uytterhoeven (1): initramfs: fix populate_initrd_image() section mismatch Geliang Tang (1): mptcp: add sk_stop_timer_sync helper Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (1): Linux 4.19.312 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guo Mengqi (1): drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Hangbin Liu (1): ip_gre: do not report erspan version on GRE interface Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Helge Deller (1): parisc: Do not hardcode registers in checksum functions Holger Hoffstätte (1): loop: properly observe rotational flag of underlying device Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (2): drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Joe Perches (1): nilfs2: use a more common logging style Johan Jonker (1): arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josua Mayer (1): hwmon: (amc6821) add of_match table Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (1): Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Lubomir Rintel (1): ARM: dts: mmp2-brownstone: Don't redeclare phandle references Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (1): ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Miklos Szeredi (1): fuse: don't unhash root Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (3): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (3): netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (1): scsi: qla2xxx: Fix command flush on cable pull Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Siddh Raman Pant (1): loop: Check for overflow while configuring loop Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations William Tu (2): erspan: Add type I version 0 support. erspan: Check IFLA_GRE_ERSPAN_VER is set. Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Yangxi Xiang (1): vt: fix memory overlapping when deleting chars in the buffer Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 6 months

1
1
0 0

+ mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Fri, 12 Apr 2024 10:57:54 +0800 extend comment per Oscar Link: https://lkml.kernel.org/r/20240412025754.1897615-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2 +++ a/mm/memory-failure.c @@ -159,6 +159,10 @@ static int __page_handle_poison(struct p * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() * when hugetlb vmemmap optimization is enabled. This will break current lock * dependency chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic approach because + * we made sure that those pages cannot end up in any PCP list. Draining PCP lists + * expels those pages to the buddy system, but nothing guarantees that those pages + * do not get back to a PCP queue if we need to refill those. */ ret = dissolve_free_huge_page(page); if (!ret) { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 6 months

1
0
0 0

[PATCH 1/3] drm/xe/vm: prevent UAF with asid based lookup

by Matthew Auld

The asid is only erased from the xarray when the vm refcount reaches zero, however this leads to potential UAF since the xe_vm_get() only works on a vm with refcount != 0. Since the asid is allocated in the vm create ioctl, rather erase it when closing the vm, prior to dropping the potential last ref. This should also work when user closes driver fd without explicit vm destroy. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_vm.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index a196dbe65252..c5c26b3d1b76 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1581,6 +1581,16 @@ void xe_vm_close_and_put(struct xe_vm *vm) xe->usm.num_vm_in_fault_mode--; else if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe->usm.num_vm_in_non_fault_mode--; + + if (vm->usm.asid) { + void *lookup; + + xe_assert(xe, xe->info.has_asid); + xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION)); + + lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); + xe_assert(xe, lookup == vm); + } mutex_unlock(&xe->usm.lock); for_each_tile(tile, xe, id) @@ -1596,24 +1606,15 @@ static void vm_destroy_work_func(struct work_struct *w) struct xe_device *xe = vm->xe; struct xe_tile *tile; u8 id; - void *lookup; /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); mutex_destroy(&vm->snap_mutex); - if (!(vm->flags & XE_VM_FLAG_MIGRATION)) { + if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe_device_mem_access_put(xe); - if (xe->info.has_asid && vm->usm.asid) { - mutex_lock(&xe->usm.lock); - lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); - xe_assert(xe, lookup == vm); - mutex_unlock(&xe->usm.lock); - } - } - for_each_tile(tile, xe, id) XE_WARN_ON(vm->pt_root[id]); -- 2.44.0

1 year, 6 months

3
3
0 0

[PATCH 6.6 000/114] 6.6.27-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.27 release. There are 114 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.27-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect encoder context list Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect decoder context list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: mediatek: vcodec: Fix oops when HEVC init fails Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Max Kellermann <max.kellermann(a)ionos.com> modpost: fix null pointer dereference Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: attempt to inflate the memory balloon on PVH Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent M Cooley <m.cooley.198(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Limit read size on v1.2 Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Tejun Heo <tj(a)kernel.org> kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Matt Scialabba <matt.git(a)fastmail.fm> Input: xpad - add support for Snakebyte GAMEPADs Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Jichi Zhang <i(a)jichi.ca> ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Drake <drake(a)endlessos.org> PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: avoid polling stylus battery on Chromebook Pompom Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Koby Elbaz <kelbaz(a)habana.ai> accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Populate board selection with new I2S entries Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Christian König <christian.koenig(a)amd.com> drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Optimize quirk for Valve Galileo Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Vinicius Peixoto <nukelet64(a)gmail.com> Bluetooth: Add new quirk for broken read key length on ATS2851 Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Takashi Iwai <tiwai(a)suse.de> wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Kees Cook <keescook(a)chromium.org> overflow: Allow non-type arg to type_max() and type_min() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: add locking for accessing mapped registers Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: disable AMSDU for non-data frames Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add locking for accessing mapped registers Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Adam Ford <aford173(a)gmail.com> pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk322x hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3288 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end John Ogness <john.ogness(a)linutronix.de> printk: For @suppress_panic_printk check for other CPU in panic Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Andre Werner <andre.werner(a)systec-electronic.com> net: phy: phy_device: Prevent nullptr exceptions on ISR Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> net: stmmac: dwmac-starfive: Add support for JH7100 SoC Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix null pointer access when abort scan Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++-- arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++- arch/x86/events/amd/lbr.c | 6 +- arch/x86/include/asm/xen/hypervisor.h | 5 ++ arch/x86/pci/fixup.c | 48 ++++++++++++ arch/x86/platform/pvh/enlighten.c | 3 + arch/x86/xen/enlighten.c | 32 ++++++++ arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++ arch/x86/xen/setup.c | 44 ----------- arch/x86/xen/xen-ops.h | 14 ++++ block/blk-stat.c | 2 +- drivers/accel/habanalabs/common/habanalabs.h | 2 +- drivers/acpi/sleep.c | 12 --- drivers/acpi/x86/utils.c | 18 ++++- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++- drivers/bus/mhi/host/pm.c | 20 ++++- drivers/cpufreq/cpufreq.c | 17 +++-- drivers/cpuidle/driver.c | 3 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_modeset_helper.c | 19 ++++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++ drivers/gpu/drm/drm_probe_helper.c | 13 +++- drivers/gpu/drm/ttm/ttm_bo.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 5 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 2 + drivers/i2c/busses/i2c-designware-core.h | 2 +- drivers/infiniband/core/cm.c | 20 ++++- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/touchscreen/imagis.c | 20 ++--- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +-- .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++ .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 + .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 + .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++ .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/net/dummy.c | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +-- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +- .../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++- drivers/net/geneve.c | 1 + drivers/net/loopback.c | 1 + drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/phy/phy_device.c | 13 ++-- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++ drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++ drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++-- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------ drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/pci.h | 2 +- drivers/nvme/host/pci.c | 3 + drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++- drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 9 +++ drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +-- drivers/pmdomain/ti/omap_prm.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/soundwire/dmi-quirks.c | 8 ++ drivers/thermal/thermal_of.c | 12 ++- drivers/thunderbolt/quirks.c | 14 ++++ drivers/thunderbolt/tb.c | 49 ++++++++++++- drivers/thunderbolt/tb.h | 4 + drivers/usb/gadget/function/uvc_video.c | 3 + drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 26 ++++++- drivers/usb/typec/ucsi/ucsi.h | 11 +++ drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/xen/balloon.c | 2 - fs/btrfs/export.c | 9 ++- fs/btrfs/send.c | 10 ++- fs/btrfs/volumes.c | 12 ++- fs/ext4/mballoc.c | 5 +- fs/ext4/super.c | 12 +++ fs/isofs/inode.c | 18 ++++- fs/kernfs/dir.c | 31 +++++--- fs/kernfs/kernfs-internal.h | 2 + fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +-- include/acpi/acpi_bus.h | 22 +++--- include/linux/kernfs.h | 2 + include/linux/overflow.h | 12 +-- include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++ include/linux/sunrpc/sched.h | 2 +- include/net/bluetooth/hci.h | 8 ++ include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 ++++--- kernel/dma/direct.c | 9 ++- kernel/panic.c | 8 ++ kernel/printk/printk.c | 3 +- kernel/rcu/tree_nocb.h | 2 +- kernel/trace/ring_buffer.c | 2 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++-- net/bluetooth/hci_event.c | 3 +- net/ipv4/ip_tunnel.c | 1 + net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/sit.c | 1 + net/mpls/mpls_gso.c | 3 + net/smc/smc_pnet.c | 10 +++ net/wireless/util.c | 14 +++- scripts/gcc-plugins/stackleak_plugin.c | 2 + scripts/mod/modpost.c | 4 +- sound/firewire/amdtp-stream.c | 12 ++- sound/firewire/amdtp-stream.h | 4 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++ sound/soc/intel/boards/sof_sdw.c | 11 +++ sound/soc/soc-core.c | 3 + sound/soc/sof/amd/acp.c | 3 +- tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++-- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +- 152 files changed, 1140 insertions(+), 318 deletions(-)

1 year, 6 months

11
125
0 0

[PATCH 6.1 00/83] 6.1.86-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.86 release. There are 83 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.86-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.86-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Add struct for args to execution functions" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++++- arch/x86/events/amd/lbr.c | 6 ++- block/blk-stat.c | 2 +- drivers/acpi/sleep.c | 12 ----- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++-- drivers/bus/mhi/host/pm.c | 20 +++++++-- drivers/cpufreq/cpufreq.c | 17 ++++--- drivers/cpuidle/driver.c | 3 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++++ drivers/gpu/drm/vc4/vc4_plane.c | 5 +-- drivers/infiniband/core/cm.c | 20 ++++++++- drivers/input/rmi4/rmi_driver.c | 6 ++- drivers/input/touchscreen/imagis.c | 20 ++++----- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++-- drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++-- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +++--- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +--- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 ++++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++- drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 ++++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + drivers/net/wireless/realtek/rtw89/pci.h | 2 +- drivers/nvme/host/pci.c | 3 ++ drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 ++- drivers/platform/x86/touchscreen_dmi.c | 9 ++++ drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++- drivers/scsi/scsi_lib.c | 52 +++++++++++----------- drivers/scsi/sd.c | 4 +- drivers/soundwire/dmi-quirks.c | 8 ++++ drivers/thermal/thermal_of.c | 12 +++-- drivers/thunderbolt/quirks.c | 14 ++++++ drivers/thunderbolt/tb.c | 49 +++++++++++++++++++- drivers/thunderbolt/tb.h | 4 ++ drivers/tty/n_gsm.c | 3 ++ drivers/usb/gadget/function/uvc_video.c | 3 ++ drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 +-- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 ++++- fs/btrfs/export.c | 9 +++- fs/btrfs/send.c | 10 ++++- fs/btrfs/volumes.c | 12 ++++- fs/ext4/mballoc.c | 5 ++- fs/ext4/super.c | 12 +++++ fs/isofs/inode.c | 18 +++++++- fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 ++--- include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++++ include/linux/sunrpc/sched.h | 2 +- include/scsi/scsi_device.h | 51 ++++++--------------- include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 +++++++---- kernel/dma/direct.c | 9 ++-- kernel/panic.c | 8 ++++ kernel/trace/ring_buffer.c | 2 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 +++--- net/mpls/mpls_gso.c | 3 ++ net/netfilter/nf_tables_api.c | 47 ++++++++++++++----- net/smc/smc_pnet.c | 10 +++++ scripts/gcc-plugins/stackleak_plugin.c | 2 + sound/firewire/amdtp-stream.c | 12 +++-- sound/firewire/amdtp-stream.h | 4 ++ sound/soc/intel/boards/sof_sdw.c | 11 +++++ sound/soc/soc-core.c | 3 ++ tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++++--- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 88 files changed, 552 insertions(+), 231 deletions(-)

1 year, 6 months

12
97
0 0

[to-be-updated] bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been removed from the -mm tree. Its filename was bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Fri, 12 Apr 2024 10:41:04 +0800 At the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are

1 year, 6 months

1
0
0 0

+ bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been added to the -mm mm-hotfixes-unstable branch. Its filename is bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Fri, 12 Apr 2024 10:41:04 +0800 At the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch

1 year, 6 months

1
0
0 0

[PATCH 6.8 000/143] 6.8.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.6 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.6-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.6-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Borislav Petkov (AMD) <bp(a)alien8.de> x86/vdso: Fix rethunk patching for vdso-image-x32.o too Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Dave Airlie <airlied(a)gmail.com> nouveau: fix devinit paths to only handle display on GSP. Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe David McFarland <corngood(a)gmail.com> platform/x86/intel/hid: Don't wake on 5-button releases Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect encoder context list Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect decoder context list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: mediatek: vcodec: Fix oops when HEVC init fails Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Ahmad Rehman <Ahmad.Rehman(a)amd.com> drm/amdgpu: Init zone device and drm client after mode-1 reset on reload Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Max Kellermann <max.kellermann(a)ionos.com> modpost: fix null pointer dereference Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: attempt to inflate the memory balloon on PVH Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent M Cooley <m.cooley.198(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_of: Drop quirk fot NPCM from 8250_port Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Limit read size on v1.2 Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: refactor the check for a valid buffer in the pump worker Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read Luca Weiss <luca.weiss(a)fairphone.com> usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk Tejun Heo <tj(a)kernel.org> kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Matt Scialabba <matt.git(a)fastmail.fm> Input: xpad - add support for Snakebyte GAMEPADs Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Jichi Zhang <i(a)jichi.ca> ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet SungHwan Jung <onenowy(a)gmail.com> platform/x86: acer-wmi: Add predator_v4 module parameter SungHwan Jung <onenowy(a)gmail.com> platform/x86: acer-wmi: Add support for Acer PH16-71 Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Tom Zanussi <tom.zanussi(a)linux.intel.com> crypto: iaa - Fix async_disable descriptor leak Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Drake <drake(a)endlessos.org> PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: avoid polling stylus battery on Chromebook Pompom Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Koby Elbaz <kelbaz(a)habana.ai> accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Populate board selection with new I2S entries Josh Poimboeuf <jpoimboe(a)kernel.org> x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Tony Lindgren <tony(a)atomide.com> drm/panel: simple: Add BOE BP082WX1-100 8.2" panel Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Brent Lu <brent.lu(a)intel.com> ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Disable idle reallow as part of command/gpint execution Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Eric Chanudet <echanude(a)redhat.com> scsi: ufs: qcom: Avoid re-init quirk when gears match Christian König <christian.koenig(a)amd.com> drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Optimize quirk for Valve Galileo Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Skip do PCI error slot reset during RAS recovery Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: uprev mesa version: fix kdl commit fetch Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Vinicius Peixoto <nukelet64(a)gmail.com> Bluetooth: Add new quirk for broken read key length on ATS2851 Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Jakub Kicinski <kuba(a)kernel.org> netdev: let netlink core handle -EMSGSIZE errors Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Takashi Iwai <tiwai(a)suse.de> wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Kees Cook <keescook(a)chromium.org> overflow: Allow non-type arg to type_max() and type_min() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration() Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: add locking for accessing mapped registers Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: disable AMSDU for non-data frames Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add locking for accessing mapped registers Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Sviatoslav Harasymchuk <sviatoslav.harasymchuk(a)gmail.com> ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA Adam Ford <aford173(a)gmail.com> pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk322x hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3288 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add new PCI device id and CNVI John Ogness <john.ogness(a)linutronix.de> dump_stack: Do not get cpu_sync for panic CPU John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end John Ogness <john.ogness(a)linutronix.de> printk: For @suppress_panic_printk check for other CPU in panic Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb2210-rb1: disable cluster power domains Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: qca8k: put MDIO controller OF node if unavailable Hui Liu <quic_huliu(a)quicinc.com> arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: validate RX tag for RXQ and RPQ Andre Werner <andre.werner(a)systec-electronic.com> net: phy: phy_device: Prevent nullptr exceptions on ISR Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> net: stmmac: dwmac-starfive: Add support for JH7100 SoC Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix null pointer access when abort scan Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++-- arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++- arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++++++ arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 +++++ arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 +++++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++- arch/x86/entry/vdso/Makefile | 10 ++- arch/x86/events/amd/lbr.c | 6 +- arch/x86/include/asm/xen/hypervisor.h | 5 ++ arch/x86/pci/fixup.c | 48 ++++++++++++ arch/x86/platform/pvh/enlighten.c | 3 + arch/x86/xen/enlighten.c | 32 ++++++++ arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++ arch/x86/xen/setup.c | 44 ----------- arch/x86/xen/xen-ops.h | 14 ++++ block/blk-stat.c | 2 +- drivers/accel/habanalabs/common/habanalabs.h | 2 +- drivers/acpi/resource.c | 7 ++ drivers/acpi/sleep.c | 12 --- drivers/acpi/x86/utils.c | 38 +++++++++- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++- drivers/bus/mhi/host/pm.c | 20 ++++- drivers/cpufreq/cpufreq.c | 17 +++-- drivers/cpuidle/driver.c | 3 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 ++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +- drivers/gpu/drm/amd/display/dc/dc.h | 1 + drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 1 + .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/ci/gitlab-ci.yml | 14 +++- drivers/gpu/drm/ci/test.yml | 1 + drivers/gpu/drm/drm_modeset_helper.c | 19 ++++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++ drivers/gpu/drm/drm_probe_helper.c | 13 +++- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 ++- drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 20 +++++ drivers/gpu/drm/ttm/ttm_bo.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 5 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 2 + drivers/i2c/busses/i2c-designware-core.h | 2 +- drivers/infiniband/core/cm.c | 20 ++++- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/touchscreen/imagis.c | 20 ++--- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +++--- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +-- .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++ .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 + .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 + .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++ .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/net/dsa/qca/qca8k-8xxx.c | 3 +- drivers/net/dummy.c | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +-- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +- .../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++- drivers/net/geneve.c | 1 + drivers/net/loopback.c | 1 + drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/phy/phy_device.c | 13 ++-- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++ drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++ drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 + drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 +++++++++- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 +++- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++-- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------ drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/pci.c | 60 +++++++++++++-- drivers/net/wireless/realtek/rtw89/pci.h | 6 +- drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 + drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 + drivers/nvme/host/pci.c | 3 + drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++- drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/acer-wmi.c | 17 ++++- drivers/platform/x86/intel/hid.c | 7 +- drivers/platform/x86/intel/vbtn.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 9 +++ drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +-- drivers/pmdomain/ti/omap_prm.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/soundwire/dmi-quirks.c | 8 ++ drivers/thermal/thermal_of.c | 12 ++- drivers/thunderbolt/quirks.c | 14 ++++ drivers/thunderbolt/tb.c | 49 ++++++++++++- drivers/thunderbolt/tb.h | 4 + drivers/thunderbolt/tunnel.c | 16 ++-- drivers/tty/serial/8250/8250_of.c | 44 ++++++++++- drivers/tty/serial/8250/8250_port.c | 24 ------ drivers/ufs/host/ufs-qcom.c | 13 +++- drivers/usb/gadget/function/uvc_video.c | 10 ++- drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 26 ++++++- drivers/usb/typec/ucsi/ucsi.h | 11 +++ drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/xen/balloon.c | 2 - fs/btrfs/export.c | 9 ++- fs/btrfs/send.c | 10 ++- fs/btrfs/volumes.c | 12 ++- fs/ext4/mballoc.c | 5 +- fs/ext4/super.c | 12 +++ fs/isofs/inode.c | 18 ++++- fs/kernfs/dir.c | 31 +++++--- fs/kernfs/kernfs-internal.h | 2 + fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +-- include/acpi/acpi_bus.h | 22 +++--- include/linux/kernfs.h | 2 + include/linux/overflow.h | 12 +-- include/linux/printk.h | 2 + include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++ include/linux/sunrpc/sched.h | 2 +- include/net/bluetooth/hci.h | 8 ++ include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 ++++--- kernel/dma/direct.c | 9 ++- kernel/panic.c | 8 ++ kernel/printk/internal.h | 1 - kernel/printk/printk.c | 3 +- kernel/rcu/tree_nocb.h | 2 +- kernel/trace/ring_buffer.c | 2 +- lib/dump_stack.c | 16 +++- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++-- net/bluetooth/hci_event.c | 3 +- net/core/netdev-genl.c | 15 +--- net/core/page_pool_user.c | 2 - net/ipv4/ip_tunnel.c | 1 + net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/sit.c | 1 + net/mpls/mpls_gso.c | 3 + net/smc/smc_pnet.c | 10 +++ net/wireless/util.c | 14 +++- scripts/gcc-plugins/stackleak_plugin.c | 2 + scripts/mod/modpost.c | 4 +- sound/firewire/amdtp-stream.c | 12 ++- sound/firewire/amdtp-stream.h | 4 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++ sound/soc/intel/boards/sof_rt5682.c | 40 ---------- sound/soc/intel/boards/sof_sdw.c | 11 +++ sound/soc/soc-core.c | 3 + sound/soc/sof/amd/acp.c | 3 +- tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++-- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 192 files changed, 1536 insertions(+), 459 deletions(-)

1 year, 6 months

11
154
0 0

[PATCH v2] arm64: dts: qcom: sa8155p-adp: fix SDHC2 configuration

by Volodymyr Babchuk

There are multiple issues with SDHC2 configuration for SA8155P-ADP, which prevent use of SDHC2 and causes issues with ethernet: - Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC TX. If sdhc driver probes after dwmac driver, it reconfigures gpio4 and this breaks Ethernet MAC. - pinctrl configuration mentions gpio96 as CD pin. It seems it was copied from some SM8150 example, because as mentioned above, correct CD pin is gpio4 on PMM8155AU_1. - L13C voltage regulator limits minimal voltage to 2.504V, which prevents use 1.8V to power SD card, which in turns does not allow card to work in UHS mode. This patch fixes all the mentioned issues. Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card") Cc: stable(a)vger.kernel.org Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> --- In v2: - Added "Fixes:" tag - CCed stable ML - Fixed pinctrl configuration - Extended voltage range for L13C voltage regulator --- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 32 +++++++++++------------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts index 5e4287f8c8cd1..b9d56bda96759 100644 --- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts +++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts @@ -283,7 +283,7 @@ vreg_l12c_1p808: ldo12 { vreg_l13c_2p96: ldo13 { regulator-name = "vreg_l13c_2p96"; - regulator-min-microvolt = <2504000>; + regulator-min-microvolt = <1800000>; regulator-max-microvolt = <2960000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; }; @@ -384,10 +384,10 @@ &remoteproc_cdsp { &sdhc_2 { status = "okay"; - cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>; + cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>; pinctrl-names = "default", "sleep"; - pinctrl-0 = <&sdc2_on>; - pinctrl-1 = <&sdc2_off>; + pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>; + pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>; vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */ vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */ bus-width = <4>; @@ -505,13 +505,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <16>; /* 16 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; sdc2_off: sdc2-off-state { @@ -532,13 +525,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <2>; /* 2 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; usb2phy_ac_en1_default: usb2phy-ac-en1-default-state { @@ -604,3 +590,13 @@ phy-reset-pins { }; }; }; + +&pmm8155au_1_gpios { + pmm8155au_1_sdc2_cd: pmm8155au_1-sdc2-cd { + pins = "gpio4"; + function = "normal"; + input-enable; + bias-pull-up; + power-source = <0>; + }; +}; -- 2.44.0

1 year, 6 months

3
4
0 0

[PATCH] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm() happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64 Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86 Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: linux-arch(a)vger.kernel.org Cc: linux-mm(a)kvack.org Cc: x86(a)kernel.org --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 0216f63a366b..d0795b5fab46 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> #endif /* _ASM_X86_BARRIER_H */ diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 961f4d88f9ef..5a6c94d7a598 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -296,5 +296,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 001fe047bd5d..35717359d3ca 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.25.1

1 year, 6 months

2
2
0 0

[PATCH 1/3] tracing/kprobes: Fix symbol counting logic by looking at modules as well

by Maxime MERE

From: Andrii Nakryiko <andrii(a)kernel.org> Recent changes to count number of matching symbols when creating a kprobe event failed to take into account kernel modules. As such, it breaks kprobes on kernel module symbols, by assuming there is no match. Fix this my calling module_kallsyms_on_each_symbol() in addition to kallsyms_on_each_match_symbol() to perform a proper counting. Link: https://lore.kernel.org/all/20231027233126.2073148-1-andrii@kernel.org/ Cc: Francis Laniel <flaniel(a)linux.microsoft.com> Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Song Liu <song(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> --- kernel/trace/trace_kprobe.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 95c5b0668cb7..e834f149695b 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -714,14 +714,30 @@ static int count_symbols(void *data, unsigned long unused) return 0; } +struct sym_count_ctx { + unsigned int count; + const char *name; +}; + +static int count_mod_symbols(void *data, const char *name, unsigned long unused) +{ + struct sym_count_ctx *ctx = data; + + if (strcmp(name, ctx->name) == 0) + ctx->count++; + + return 0; +} + static unsigned int number_of_same_symbols(char *func_name) { - unsigned int count; + struct sym_count_ctx ctx = { .count = 0, .name = func_name }; + + kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count); - count = 0; - kallsyms_on_each_match_symbol(count_symbols, func_name, &count); + module_kallsyms_on_each_symbol(NULL, count_mod_symbols, &ctx); - return count; + return ctx.count; } static int __trace_kprobe_create(int argc, const char *argv[]) -- 2.25.1

1 year, 6 months

2
2
0 0

[for-linus][PATCH 4/4] ring-buffer: Only update pages_touched when a new page is touched

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } } -- 2.43.0

1 year, 6 months

1
0
0 0

[tip: timers/urgent] selftests: timers: Fix posix_timers ksft_print_msg() warning

by tip-bot2 for John Stultz

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: e4a6bceac98eba3c00e874892736b34ea5fdaca3 Gitweb: https://git.kernel.org/tip/e4a6bceac98eba3c00e874892736b34ea5fdaca3 Author: John Stultz <jstultz(a)google.com> AuthorDate: Wed, 10 Apr 2024 16:26:28 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: timers: Fix posix_timers ksft_print_msg() warning After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") the following warning occurs when building with an older gcc: posix_timers.c:250:2: warning: format not a string literal and no format arguments [-Wformat-security] 250 | ksft_print_msg(errmsg); | ^~~~~~~~~~~~~~ Fix this up by changing it to ksft_print_msg("%s", errmsg) Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Justin Stitt <justinstitt(a)google.com> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240410232637.4135564-1-jstultz@google.com --- tools/testing/selftests/timers/posix_timers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index d86a0e0..348f471 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -247,7 +247,7 @@ static int check_timer_distribution(void) ksft_test_result_skip("check signal distribution (old kernel)\n"); return 0; err: - ksft_print_msg(errmsg); + ksft_print_msg("%s", errmsg); return -1; }

1 year, 6 months

1
0
0 0

[tip: timers/urgent] selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn

by tip-bot2 for Nathan Chancellor

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: f7d5bcd35d427daac7e206b1073ca14f5db85c27 Gitweb: https://git.kernel.org/tip/f7d5bcd35d427daac7e206b1073ca14f5db85c27 Author: Nathan Chancellor <nathan(a)kernel.org> AuthorDate: Thu, 11 Apr 2024 11:45:40 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()"), clang warns: tools/testing/selftests/timers/../kselftest.h:398:6: warning: variable 'major' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized] 398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) | ^~~~~~~~~~~~ tools/testing/selftests/timers/../kselftest.h:401:9: note: uninitialized use occurs here 401 | return major > min_major || (major == min_major && minor >= min_minor); | ^~~~~ tools/testing/selftests/timers/../kselftest.h:398:6: note: remove the '||' if its condition is always false 398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) | ^~~~~~~~~~~~~~~ tools/testing/selftests/timers/../kselftest.h:395:20: note: initialize the variable 'major' to silence this warning 395 | unsigned int major, minor; | ^ | = 0 This is a false positive because if uname() fails, ksft_exit_fail_msg() will be called, which unconditionally calls exit(), a noreturn function. However, clang does not know that ksft_exit_fail_msg() will call exit() at the point in the pipeline that the warning is emitted because inlining has not occurred, so it assumes control flow will resume normally after ksft_exit_fail_msg() is called. Make it clear to clang that all of the functions that call exit() unconditionally in kselftest.h are noreturn transitively by marking them explicitly with '__attribute__((__noreturn__))', which clears up the warning above and any future warnings that may appear for the same reason. Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") Reported-by: John Stultz <jstultz(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240411-mark-kselftest-exit-funcs-noreturn-v1-1-… Closes: https://lore.kernel.org/all/20240410232637.4135564-2-jstultz@google.com/ --- tools/testing/selftests/kselftest.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index 973b18e..0591974 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -80,6 +80,9 @@ #define KSFT_XPASS 3 #define KSFT_SKIP 4 +#ifndef __noreturn +#define __noreturn __attribute__((__noreturn__)) +#endif #define __printf(a, b) __attribute__((format(printf, a, b))) /* counters */ @@ -300,13 +303,13 @@ void ksft_test_result_code(int exit_code, const char *test_name, va_end(args); } -static inline int ksft_exit_pass(void) +static inline __noreturn int ksft_exit_pass(void) { ksft_print_cnts(); exit(KSFT_PASS); } -static inline int ksft_exit_fail(void) +static inline __noreturn int ksft_exit_fail(void) { ksft_print_cnts(); exit(KSFT_FAIL); @@ -333,7 +336,7 @@ static inline int ksft_exit_fail(void) ksft_cnt.ksft_xfail + \ ksft_cnt.ksft_xskip) -static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) +static inline __noreturn __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) { int saved_errno = errno; va_list args; @@ -348,19 +351,19 @@ static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) exit(KSFT_FAIL); } -static inline int ksft_exit_xfail(void) +static inline __noreturn int ksft_exit_xfail(void) { ksft_print_cnts(); exit(KSFT_XFAIL); } -static inline int ksft_exit_xpass(void) +static inline __noreturn int ksft_exit_xpass(void) { ksft_print_cnts(); exit(KSFT_XPASS); } -static inline __printf(1, 2) int ksft_exit_skip(const char *msg, ...) +static inline __noreturn __printf(1, 2) int ksft_exit_skip(const char *msg, ...) { int saved_errno = errno; va_list args;

1 year, 6 months

1
0
0 0

[tip: timers/urgent] selftests: timers: Fix abs() warning in posix_timers test

by tip-bot2 for John Stultz

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: ed366de8ec89d4f960d66c85fc37d9de22f7bf6d Gitweb: https://git.kernel.org/tip/ed366de8ec89d4f960d66c85fc37d9de22f7bf6d Author: John Stultz <jstultz(a)google.com> AuthorDate: Wed, 10 Apr 2024 16:26:30 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: timers: Fix abs() warning in posix_timers test Building with clang results in the following warning: posix_timers.c:69:6: warning: absolute value function 'abs' given an argument of type 'long long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value] if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { ^ So switch to using llabs() instead. Fixes: 0bc4b0cf1570 ("selftests: add basic posix timers selftests") Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240410232637.4135564-3-jstultz@google.com --- tools/testing/selftests/timers/posix_timers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index 348f471..c001dd7 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -66,7 +66,7 @@ static int check_diff(struct timeval start, struct timeval end) diff = end.tv_usec - start.tv_usec; diff += (end.tv_sec - start.tv_sec) * USECS_PER_SEC; - if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { + if (llabs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { printf("Diff too high: %lld..", diff); return -1; }

1 year, 6 months

1
0
0 0

[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6

by Johan Hovold

Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 2 ++ drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h | 1 + drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h | 1 + 3 files changed, 4 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index a03b6f6881df..e48e87c3cb05 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4 -- 2.43.2

1 year, 6 months

5
4
0 0

[PATCH RESEND] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..4524ee944df0 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_mem(size_t size) static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ -- 2.39.2

1 year, 6 months

3
2
0 0

RE: [PATCH 6.8 000/143] 6.8.6-rc1 review

by Chris Rankin

The SCSI sg driver oopsed on my 6.8.4 kernel, and I noticed that a patch (presumably) to fix this was pulled from 6.8.5. However, I also noticed this email: >> Reverted this patch and I couldn't see the reposted warning. >> scsi: sg: Avoid sg device teardown race >> [ Upstream commit 27f58c04a8f438078583041468ec60597841284d ] > > Fix is here: > > https://git.kernel.org/mkp/scsi/c/d4e655c49f47 Is this unsuitable for 6.8.6 please? Thanks, Chris

1 year, 6 months

3
7
0 0

[PATCH 6.8 000/399] 6.8.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.3 release. There are 399 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.3-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.3-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Drop duplicate ID Dave Hansen <dave.hansen(a)linux.intel.com> Revert "x86/bugs: Use fixed addressing for VERW operand" Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use fixed addressing for VERW operand Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: fix IPX enablement Baoquan He <bhe(a)redhat.com> crash: use macro to add crashk_res into iomem early for specific arch Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of the ha->vp_map pointer Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Update PD of Type-C port upon pd_set Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Correct port source pdo array in pd_set callback Xu Yang <xu.yang_2(a)nxp.com> usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Properly set system wakeup Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> scsi: ufs: qcom: Provide default cycles_in_1us value Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Make wake once of ring_buffer_wait() more robust Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Make sure migration file isn't accessed after reset Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Yongzhi Liu <hyperlyzcs(a)gmail.com> usb: misc: ljca: Fix double free in error handling path Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> mtd: spinand: Add support for 5-byte IDs Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Roman Li <roman.li(a)amd.com> drm/amd/display: Fix bounds check for dcn35 DcfClocks Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Jonathon Hall <jonathon.hall(a)puri.sm> drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsb: Fix DSB vblank waits when using VRR Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Generate VRR "safe window" for DSB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/hwmon: Fix locking inversion in sysfs getter Xi Liu <xi.liu(a)amd.com> drm/amd/display: Set DCN351 BB and IP the same as DCN35 George Shen <george.shen(a)amd.com> drm/amd/display: Remove MPC rate control logic from DCN30 and above Johannes Weiner <hannes(a)cmpxchg.org> drm/amdgpu: fix deadlock while reading mqd from debugfs Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau Matthew Auld <matthew.auld(a)intel.com> drm/xe/query: fix gt_id bounds check Christian Marangi <ansuelsmth(a)gmail.com> net: phy: qcom: at803x: fix kernel panic with at8031_probe Herve Codina <herve.codina(a)bootlin.com> net: wan: framer: Add missing static inline qualifiers Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Daniel Lezcano <daniel.lezcano(a)linaro.org> Revert "thermal: core: Don't update trip points inside the hysteresis range" Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Liming Sun <limings(a)nvidia.com> sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Edward Liaw <edliaw(a)google.com> selftests/mm: fix ARM related issue with fork after pthread_create Edward Liaw <edliaw(a)google.com> selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Johannes Weiner <hannes(a)cmpxchg.org> mm: cachestat: fix two shmem bugs Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Select I/O-memory framebuffer ops for SBus Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Harry Wentland <harry.wentland(a)amd.com> Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: handle debugfs names more carefully Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: disable MLO for the time being Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: add a flag to disable wireless extensions Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix use-after-free in do_zone_finish() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Tavian Barnes <tavianator(a)tavianator.com> btrfs: fix race in read_extent_buffer_pages() Anand Jain <anand.jain(a)oracle.com> btrfs: validate device maj:min during open Carlos Maiolino <cem(a)kernel.org> tmpfs: fix race on handling dquot rbtree Zev Weiss <zev(a)bewilderbeest.net> ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zev Weiss <zev(a)bewilderbeest.net> prctl: generalize PR_SET_MDWE support check to be per-arch Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Johannes Weiner <hannes(a)cmpxchg.org> mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: add locks to kcontrols Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: remove digital gain kcontrol Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Tom Zanussi <tom.zanussi(a)linux.intel.com> crypto: iaa - Fix nr_cpus < nr_iaa case Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Include the PLL name in the debug messages Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Replace a memset() with zero initialization Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Switch to generalized quirk table Anand Jain <anand.jain(a)oracle.com> btrfs: do not skip re-registration for the mounted device Filipe Manana <fdmanana(a)suse.com> btrfs: fix warning messages not printing interval at unpin_extent_range() David Sterba <dsterba(a)suse.com> btrfs: handle errors returned from unpin_extent_cache() Vitaly Chikunov <vt(a)altlinux.org> selftests/mm: Fix build with _FORTIFY_SOURCE Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Thomas Gleixner <tglx(a)linutronix.de> x86/mpparse: Register APIC address only once KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present Will Deacon <will(a)kernel.org> swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Will Deacon <will(a)kernel.org> swiotlb: Fix double-allocation of slots due to broken alignment handling André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Yongqiang Liu <liuyongqiang13(a)huawei.com> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Ard Biesheuvel <ardb(a)kernel.org> ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8821cu: Fix connection failure Linus Torvalds <torvalds(a)linux-foundation.org> Fix memory leak in posix_clock_open() Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "add new YC platform variant (0x63) support" Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Eric Biggers <ebiggers(a)google.com> Revert "crypto: pkcs7 - remove sha1 support" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Audra Mitchell <audra(a)redhat.com> workqueue: Shorten events_freezable_power_efficient name Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Revert Remove pixle rate limit for subvp Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Remove pixle rate limit for subvp Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: clear the EDID property on failures Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: use drm_bridge_edid_read() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: validate btrfs_qgroup_inherit parameter David Sterba <dsterba(a)suse.com> btrfs: add helper to get fs_info from struct inode pointer David Sterba <dsterba(a)suse.com> btrfs: add helpers to get fs_info from page/folio pointers David Sterba <dsterba(a)suse.com> btrfs: add helpers to get inode from page/folio pointers David Sterba <dsterba(a)suse.com> btrfs: replace sb::s_blocksize by fs_info::sectorsize Matthew Wilcox (Oracle) <willy(a)infradead.org> btrfs: add set_folio_extent_mapped() helper Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for exiting idle in DC Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Unify optimize_required flags and VRR adjustments Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Make sure the mapped tt pages are decrypted when needed Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: add per-vendor feature detection callback Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Allen Pan <allen.pan(a)amd.com> drm/amd/display: Add a dc_state NULL check in dc_state_release Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Implement wait_for_odm_update_pending_complete Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Lock all enabled otg pipes even with no planes ChunTao Tso <chuntao.tso(a)amd.com> drm/amd/display: Amend coasting vtotal for replay low hz Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle check for shared firmware state Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Init DPPCLK from SMU on dcn32 Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: Allow dirty rects to be sent to dmub when abm is active Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: Override min required DCFCLK in dml1_validate Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the validity of overdiver power limit Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Change default size for dummy plane in DML2 Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Yuli Wang <wangyuli(a)uniontech.com> LoongArch/crypto: Clean up useless assignment operations Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Properly initialize cxl_poison region name Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> drm/i915: Add missing ; to __assign_str() macros in tracepoint code Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Dragos Tatulea <dtatulea(a)nvidia.com> net: esp: fix bad handling of pages from page_pool Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Jens Axboe <axboe(a)kernel.dk> io_uring/waitid: always remove waitid entry for cancel all Jens Axboe <axboe(a)kernel.dk> io_uring/futex: always remove futex entry for cancel all Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Constrain even more when continuous reads are enabled Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure all continuous terms are always in sync Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Add a helper for calculating a page index Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix and simplify again the continuous read derivations Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Shyam Prasad N <sprasad(a)microsoft.com> cifs: reduce warning log level for server not advertising interfaces Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure server interfaces are requested only for SMB3+ Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Paul Moore <paul(a)paul-moore.com> lsm: handle the NULL buffer case in lsm_fill_user_ctx() Casey Schaufler <casey(a)schaufler-ca.com> lsm: use 32-bit compatible data types in LSM syscalls Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Ley Foon Tan <leyfoon.tan(a)starfivetech.com> clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lkb refcounting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/ring-buffer: Fix wait_on_pipe() race Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Pavel Begunkov <asml.silence(a)gmail.com> io_uring: clean rings on NO_MMAP alloc fail Jens Axboe <axboe(a)kernel.dk> io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Change vsec offset to u64 Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: replace generic_fillattr with vfs_getattr Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm,tpm_tis: Avoid warning splat at shutdown Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Frank Wunderlich <frank-w(a)public-files.de> thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Steve French <stfrench(a)microsoft.com> cifs: allow changing password during remount Bharath SM <bharathsm(a)microsoft.com> cifs: prevent updating file size from server if we have a read/write lease Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom: Enable BDF to SID translation properly Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Benjamin Coddington <bcodding(a)redhat.com> NFS: Read unlock folio on nfs_page_create_from_folio() error Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot io-wq checks Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Johannes Berg <johannes.berg(a)intel.com> debugfs: fix wait/cancellation handling during remove Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_queue_proc modifying req->flags Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot read defer taskrun cqe posting Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Fix kernel panic on interface rename trig notify Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Bluetooth: btnxpuart: Fix btnxpuart_close Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Yu Kuai <yukuai3(a)huawei.com> dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape Yu Kuai <yukuai3(a)huawei.com> dm-raid: add a new helper prepare_suspend() in md_personality Yu Kuai <yukuai3(a)huawei.com> md/dm-raid: don't call md_reap_sync_thread() directly Yu Kuai <yukuai3(a)huawei.com> dm-raid: really frozen sync_thread during suspend Yu Kuai <yukuai3(a)huawei.com> md: add a new helper reshape_interrupted() Yu Kuai <yukuai3(a)huawei.com> md: export helper md_is_rdwr() Yu Kuai <yukuai3(a)huawei.com> md: export helpers to stop sync_thread Yu Kuai <yukuai3(a)huawei.com> md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume Song Liu <song(a)kernel.org> Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Akira Yokosawa <akiyks(a)gmail.com> docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: only stop transmit when HW fifo is empty Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: Disable wakeup at remove Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Miklos Szeredi <mszeredi(a)redhat.com> fuse: replace remaining make_bad_inode() with fuse_make_bad() Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Always clear the save/restore FDs on reset Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Akira Yokosawa <akiyks(a)gmail.com> docs: Restore "smart quotes" for quotes Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: use mask for write_enable bitfield Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Breno Leitao <leitao(a)debian.org> x86/nmi: Fix the inverse "in NMI handler" check Heming Zhao <heming.zhao(a)suse.com> md/md-bitmap: fix incorrect usage for sb_index Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Alexander Sverdlin <alexander.sverdlin(a)siemens.com> mfd: twl: Select MFD_CORE Bernd Schubert <bschubert(a)ddn.com> fuse: fix VM_MAYSHARE and direct_io_allow_mmap Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - change SLAs cleanup flow at shutdown Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix a register bug Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix locking in TPMI RAPL Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix a NULL pointer dereference Zhang Rui <rui.zhang(a)intel.com> thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Li Lingfeng <lilingfeng3(a)huawei.com> md: use RCU lock to protect traversal in md_spares_need_change() Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Marek Vasut <marex(a)denx.de> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix the lifetime of the bo cursor memory Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: avoid invalid list operation when vendor attach fails Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Unmap the surface before resetting it on a plane state ------------- Diffstat: Documentation/Makefile | 4 +- Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/x86/amd-memory-encryption.rst | 16 +- Documentation/conf.py | 6 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Makefile | 4 +- arch/arm/Kconfig | 4 +- arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +- arch/arm/include/asm/mman.h | 14 ++ arch/arm/kernel/Makefile | 2 - arch/arm/kernel/iwmmxt.S | 51 ++-- arch/arm/kernel/pj4-cp0.c | 135 ----------- arch/arm/mm/flush.c | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/crypto/crc32-loongarch.c | 2 - arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/loongarch/include/asm/qspinlock.h | 18 -- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/include/asm/mman.h | 14 ++ arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/include/asm/parport.h | 259 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 7 +- arch/x86/events/amd/core.c | 20 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 8 +- arch/x86/include/asm/crash_core.h | 2 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/nospec-branch.h | 21 +- arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/nmi.c | 2 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/lib/retpoline.S | 11 +- arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 7 +- block/blk-mq.c | 9 +- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- crypto/asymmetric_keys/mscode_parser.c | 3 + crypto/asymmetric_keys/pkcs7_parser.c | 4 + crypto/asymmetric_keys/public_key.c | 3 +- crypto/asymmetric_keys/signature.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 8 + crypto/testmgr.h | 80 +++++++ drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 13 -- drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/bluetooth/btnxpuart.c | 3 + drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/qcom/camcc-sc8280xp.c | 21 ++ drivers/clk/qcom/gcc-ipq5018.c | 3 + drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-ipq9574.c | 1 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/clocksource/timer-riscv.c | 3 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 10 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +- drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 +- drivers/cxl/core/trace.h | 14 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 1 + drivers/gpio/gpiolib-cdev.c | 38 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 34 +-- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 2 +- .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 127 ++++++++-- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 18 ++ drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 + drivers/gpu/drm/amd/display/dc/dc.h | 2 +- drivers/gpu/drm/amd/display/dc/dc_stream.h | 2 - drivers/gpu/drm/amd/display/dc/dc_types.h | 4 +- drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 + drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 ++ drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 + drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c | 1 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +++-- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 +- .../amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 + .../amd/display/dc/dml2/dml2_translation_helper.c | 24 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 28 ++- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 3 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 53 ++--- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 +- .../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 ---- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 71 +++--- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 + .../gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c | 2 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 ---- drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 + .../drm/amd/display/dc/inc/hw/timing_generator.h | 1 + drivers/gpu/drm/amd/display/dc/inc/link.h | 4 +- .../dc/link/protocols/link_edp_panel_control.c | 4 +- .../dc/link/protocols/link_edp_panel_control.h | 4 +- .../gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h | 3 +- .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 8 + .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h | 1 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 3 + .../amd/display/dc/resource/dcn32/dcn32_resource.h | 3 + .../display/dc/resource/dcn321/dcn321_resource.c | 2 + drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + .../amd/display/modules/info_packet/info_packet.c | 13 +- .../drm/amd/display/modules/power/power_helpers.c | 2 +- .../drm/amd/display/modules/power/power_helpers.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 +-- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +- drivers/gpu/drm/display/drm_dp_helper.c | 7 + drivers/gpu/drm/drm_bridge.c | 46 +++- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 46 +++- drivers/gpu/drm/i915/display/intel_cursor.c | 4 +- drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 76 +++--- drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 + drivers/gpu/drm/i915/display/intel_dsb.c | 14 ++ drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/i915/i915_hwmon.c | 37 +-- drivers/gpu/drm/i915/i915_reg.h | 2 +- drivers/gpu/drm/i915/i915_vma.c | 50 +++- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/ttm/ttm_tt.c | 13 ++ drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +- drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/hwmon/amc6821.c | 11 + drivers/iio/adc/rockchip_saradc.c | 6 +- drivers/iommu/dma-iommu.c | 9 + drivers/irqchip/irq-renesas-rzg2l.c | 67 ++++-- drivers/leds/trigger/ledtrig-netdev.c | 4 +- drivers/md/dm-raid.c | 93 ++++++-- drivers/md/dm-snap.c | 4 +- drivers/md/md-bitmap.c | 9 +- drivers/md/md.c | 82 +++++-- drivers/md/md.h | 38 ++- drivers/md/raid5.c | 58 ++++- drivers/media/mc/mc-entity.c | 93 ++++++-- .../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/mfd/Kconfig | 1 + drivers/mfd/intel-lpss-pci.c | 28 ++- drivers/mfd/intel-lpss.c | 9 +- drivers/mfd/intel-lpss.h | 14 +- drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 87 ++++--- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/at803x.c | 4 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++--- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 + .../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 + .../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++-- .../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- .../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw88/mac.c | 7 + drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++-- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 41 +++- drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/pinctrl/pinctrl-amd.c | 2 +- drivers/pinctrl/qcom/Kconfig | 2 +- drivers/platform/x86/intel/tpmi.c | 9 +- drivers/powercap/intel_rapl_common.c | 34 ++- drivers/powercap/intel_rapl_msr.c | 8 +- drivers/powercap/intel_rapl_tpmi.c | 15 ++ drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 3 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 23 +- drivers/scsi/sg.c | 4 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/thermal/devfreq_cooling.c | 2 +- .../int340x_thermal/processor_thermal_device.c | 8 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 8 +- drivers/thermal/intel/intel_tcc.c | 12 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +- drivers/thermal/mediatek/auxadc_thermal.c | 3 + drivers/thermal/thermal_trip.c | 19 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/serial_core.c | 12 + drivers/ufs/host/ufs-qcom.c | 6 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 38 ++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/core.c | 2 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-am62.c | 13 +- drivers/usb/dwc3/dwc3-pci.c | 2 - drivers/usb/dwc3/gadget.c | 10 + drivers/usb/dwc3/host.c | 11 + drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci.c | 2 + drivers/usb/misc/usb-ljca.c | 22 +- drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/tcpm.c | 6 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/usb/typec/ucsi/ucsi_glink.c | 14 ++ drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/pds/lm.c | 13 ++ drivers/vfio/pci/pds/lm.h | 1 + drivers/vfio/pci/pds/vfio_dev.c | 4 +- drivers/vfio/pci/vfio_pci_intrs.c | 180 ++++++++------ drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++--- drivers/vfio/virqfd.c | 21 ++ drivers/video/fbdev/Kconfig | 3 + drivers/virtio/virtio.c | 4 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/compression.c | 8 +- fs/btrfs/defrag.c | 4 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/export.c | 2 +- fs/btrfs/extent_io.c | 61 +++-- fs/btrfs/extent_io.h | 1 + fs/btrfs/extent_map.c | 16 +- fs/btrfs/file.c | 14 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/fs.h | 11 + fs/btrfs/inode.c | 54 +++-- fs/btrfs/ioctl.c | 58 ++--- fs/btrfs/lzo.c | 4 +- fs/btrfs/props.c | 2 +- fs/btrfs/qgroup.c | 61 ++++- fs/btrfs/qgroup.h | 3 + fs/btrfs/reflink.c | 12 +- fs/btrfs/relocation.c | 2 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/send.c | 2 +- fs/btrfs/super.c | 2 +- fs/btrfs/volumes.c | 69 +++++- fs/btrfs/zoned.c | 14 +- fs/debugfs/inode.c | 25 +- fs/dlm/user.c | 10 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 6 +- fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/read.c | 2 + fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifs_debug.c | 2 + fs/smb/client/cifsglob.h | 4 + fs/smb/client/cifsproto.h | 6 +- fs/smb/client/connect.c | 6 +- fs/smb/client/file.c | 8 +- fs/smb/client/fs_context.c | 27 ++- fs/smb/client/inode.c | 13 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/sess.c | 4 +- fs/smb/client/smb2ops.c | 2 + fs/smb/client/smb2pdu.c | 10 +- fs/smb/server/smb2misc.c | 26 ++- fs/smb/server/smb2pdu.c | 228 +++++++++++------- fs/smb/server/smb_common.c | 11 +- fs/smb/server/vfs.c | 12 +- fs/ubifs/dir.c | 2 + fs/ubifs/file.c | 13 +- include/drm/drm_bridge.h | 33 +++ include/drm/drm_modeset_helper_vtables.h | 3 +- include/drm/ttm/ttm_tt.h | 9 +- include/linux/cpufreq.h | 15 +- include/linux/framer/framer.h | 4 +- include/linux/intel_rapl.h | 6 + include/linux/intel_tcc.h | 2 +- include/linux/interrupt.h | 3 + include/linux/libata.h | 1 + include/linux/lsm_hook_defs.h | 4 +- include/linux/mman.h | 8 + include/linux/mtd/spinand.h | 2 +- include/linux/nfs_fs.h | 1 + include/linux/oid_registry.h | 4 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 4 +- include/linux/security.h | 8 +- include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 10 + include/linux/syscalls.h | 6 +- include/linux/trace_events.h | 5 +- include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg80211.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + include/uapi/linux/btrfs.h | 1 + init/initramfs.c | 2 +- io_uring/futex.c | 1 + io_uring/io_uring.c | 5 +- io_uring/net.c | 5 +- io_uring/poll.c | 19 +- io_uring/rw.c | 4 + io_uring/waitid.c | 7 +- kernel/bounds.c | 2 +- kernel/crash_core.c | 8 + kernel/dma/swiotlb.c | 37 +-- kernel/entry/common.c | 8 +- kernel/irq/manage.c | 9 +- kernel/module/Kconfig | 5 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/sys.c | 7 +- kernel/time/posix-clock.c | 16 +- kernel/trace/ring_buffer.c | 161 ++++++++----- kernel/trace/trace.c | 43 +++- kernel/workqueue.c | 2 +- lib/pci_iomap.c | 2 +- mm/filemap.c | 16 ++ mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/shmem_quota.c | 10 +- mm/swapfile.c | 13 +- mm/zswap.c | 8 + net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/ipv4/esp4.c | 8 +- net/ipv6/esp6.c | 8 +- net/mac80211/cfg.c | 7 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 46 ++-- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 3 + net/wireless/wext-core.c | 7 +- scripts/Makefile.extrawarn | 2 + security/apparmor/lsm.c | 4 +- security/landlock/syscalls.c | 18 +- security/lsm_syscalls.c | 10 +- security/security.c | 20 +- security/selinux/hooks.c | 4 +- security/smack/smack_lsm.c | 16 +- sound/pci/hda/tas2781_hda_i2c.c | 83 ++++--- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - sound/soc/amd/yc/pci-acp6x.c | 1 - tools/include/linux/btf_ids.h | 2 + tools/testing/selftests/lsm/common.h | 6 +- .../testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +- .../testing/selftests/lsm/lsm_list_modules_test.c | 8 +- .../testing/selftests/lsm/lsm_set_self_attr_test.c | 6 +- tools/testing/selftests/mm/gup_test.c | 2 +- tools/testing/selftests/mm/soft-dirty.c | 2 +- tools/testing/selftests/mm/split_huge_page_test.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 3 + tools/testing/selftests/mm/uffd-common.h | 2 + tools/testing/selftests/mm/uffd-unit-tests.c | 13 +- tools/testing/selftests/mqueue/setting | 1 + .../selftests/wireguard/qemu/arch/riscv32.config | 1 + .../selftests/wireguard/qemu/arch/riscv64.config | 1 + virt/kvm/async_pf.c | 31 ++- 482 files changed, 4826 insertions(+), 2566 deletions(-)

1 year, 6 months

19
425
0 0

[PATCH v3 2/2] PCI: of: Attach created of_node to existing device

by Herve Codina

The commit 407d1a51921e ("PCI: Create device tree node for bridge") creates of_node for PCI devices. During the insertion handling of these new DT nodes done by of_platform, new devices (struct device) are created. For each PCI devices a struct device is already present (created and handled by the PCI core). Having a second struct device to represent the exact same PCI device is not correct. On the of_node creation: - tell the of_platform that there is no need to create a device for this node (OF_POPULATED flag), - link this newly created of_node to the already present device, - tell fwnode that the device attached to this of_node is ready using fwnode_dev_initialized(). With this fix, the of_node are available in the sysfs device tree: /sys/devices/platform/soc/d0070000.pcie/ + of_node -> .../devicetree/base/soc/pcie@d0070000 + pci0000:00 + 0000:00:00.0 + of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0 + 0000:01:00.0 + of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0/dev@0,0 On the of_node removal, revert the operations. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/pci/of.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/pci/of.c b/drivers/pci/of.c index 51e3dd0ea5ab..5afd2731e876 100644 --- a/drivers/pci/of.c +++ b/drivers/pci/of.c @@ -615,7 +615,8 @@ void of_pci_remove_node(struct pci_dev *pdev) np = pci_device_to_OF_node(pdev); if (!np || !of_node_check_flag(np, OF_DYNAMIC)) return; - pdev->dev.of_node = NULL; + + device_remove_of_node(&pdev->dev); of_changeset_revert(np->data); of_changeset_destroy(np->data); @@ -668,12 +669,22 @@ void of_pci_make_dev_node(struct pci_dev *pdev) if (ret) goto out_free_node; + /* + * This of_node will be added to an existing device. + * Avoid any device creation and use the existing device + */ + of_node_set_flag(np, OF_POPULATED); + np->fwnode.dev = &pdev->dev; + fwnode_dev_initialized(&np->fwnode, true); + ret = of_changeset_apply(cset); if (ret) goto out_free_node; np->data = cset; - pdev->dev.of_node = np; + + /* Add the of_node to the existing device */ + device_add_of_node(&pdev->dev, np); kfree(name); return; -- 2.44.0

1 year, 6 months

3
4
0 0

[PATCH] misc/pvpanic-pci: register attributes via pci_driver

by Thomas Weißschuh

In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Greg, does it make sense to duplicate fields between struct pci_driver and struct device_driver? The fields "name", "groups" and "dev_groups" are duplicated. pci_driver::dev_groups was introduced in commit ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") because "this helps converting PCI drivers sysfs attributes to static" I don't understand the reasoning. The embedded device_driver shares the same storage lifetime and the fields have the exact same type. --- drivers/misc/pvpanic/pvpanic-pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver); --- base-commit: 00dcf5d862e86e57f5ce46344039f11bb1ad61f6 change-id: 20240411-pvpanic-pci-dev-groups-e3beebcbc4e4 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 6 months

2
2
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033027-expensive-footage-f3ea@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 6 months

3
2
0 0

[PATCH v4] mtd: limit OTP NVMEM Cell parse to non Nand devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM Cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM Cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how Cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM Cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no Cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 6 months

3
3
0 0

[PATCH v2 5.10.y 1/1] mailbox: imx: fix suspend failure

by Daisuke Mizobuchi

imx_mu_isr() always calls pm_system_wakeup() even when it should not, making the system unable to enter sleep. Suspend fails as follows: armadillo:~# echo mem > /sys/power/state [ 2614.602432] PM: suspend entry (deep) [ 2614.610640] Filesystems sync: 0.004 seconds [ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 2614.626555] OOM killer disabled. [ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug) [ 2614.649504] PM: Some devices failed to suspend, or early wake event detected [ 2614.730103] PM: resume devices took 0.080 seconds [ 2614.741924] OOM killer enabled. [ 2614.745073] Restarting tasks ... done. [ 2614.754532] PM: suspend exit ash: write error: Resource busy armadillo:~# Upstream commit 892cb524ae8a is correct, so this seems to be a mistake during cherry-pick. Cc: <stable(a)vger.kernel.org> Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode") Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com> Reviewed-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- drivers/mailbox/imx-mailbox.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c index c5663398c6b7..28f5450e4130 100644 --- a/drivers/mailbox/imx-mailbox.c +++ b/drivers/mailbox/imx-mailbox.c @@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan) break; } - priv->suspend = true; - return 0; } @@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev) clk_disable_unprepare(priv->clk); - priv->suspend = false; - return 0; disable_runtime_pm: @@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev) if (!priv->clk) priv->xcr = imx_mu_read(priv, priv->dcfg->xCR); + priv->suspend = true; + return 0; } @@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev) if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk) imx_mu_write(priv, priv->xcr, priv->dcfg->xCR); + priv->suspend = false; + return 0; } -- 2.30.2

1 year, 6 months

3
2
0 0

[PATCH v2 5/5] drm/vmwgfx: Sort primary plane formats by order of preference

by Zack Rusin

The table of primary plane formats wasn't sorted at all, leading to applications picking our least desirable formats by defaults. Sort the primary plane formats according to our order of preference. Nice side-effect of this change is that it makes IGT's kms_atomic plane-invalid-params pass because the test picks the first format which for vmwgfx was DRM_FORMAT_XRGB1555 and uses fb's with odd sizes which make Pixman, which IGT depends on assert due to the fact that our 16bpp formats aren't 32 bit aligned like Pixman requires all formats to be. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 36cc79bc9077 ("drm/vmwgfx: Add universal plane support") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Acked-by: Pekka Paalanen <pekka.paalanen(a)collabora.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf9931e3a728..bf24f2f0dcfc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -233,10 +233,10 @@ struct vmw_framebuffer_bo { static const uint32_t __maybe_unused vmw_primary_plane_formats[] = { - DRM_FORMAT_XRGB1555, - DRM_FORMAT_RGB565, DRM_FORMAT_XRGB8888, DRM_FORMAT_ARGB8888, + DRM_FORMAT_RGB565, + DRM_FORMAT_XRGB1555, }; static const uint32_t __maybe_unused vmw_cursor_plane_formats[] = { -- 2.40.1

1 year, 6 months

1
0
0 0

[PATCH v2 4/5] drm/vmwgfx: Fix crtc's atomic check conditional

by Zack Rusin

The conditional was supposed to prevent enabling of a crtc state without a set primary plane. Accidently it also prevented disabling crtc state with a set primary plane. Neither is correct. Fix the conditional and just driver-warn when a crtc state has been enabled without a primary plane which will help debug broken userspace. Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Reviewed-by: Ian Forbes <ian.forbes(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index e33e5993d8fc..13b2820cae51 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state) { + struct vmw_private *vmw = vmw_priv(crtc->dev); struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state, crtc); struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc); @@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, bool has_primary = new_state->plane_mask & drm_plane_mask(crtc->primary); - /* We always want to have an active plane with an active CRTC */ - if (has_primary != new_state->enable) - return -EINVAL; + /* + * This is fine in general, but broken userspace might expect + * some actual rendering so give a clue as why it's blank. + */ + if (new_state->enable && !has_primary) + drm_dbg_driver(&vmw->drm, + "CRTC without a primary plane will be blank.\n"); if (new_state->connector_mask != connector_mask && -- 2.40.1

1 year, 6 months

1
0
0 0

[PATCH v2 3/5] drm/vmwgfx: Fix prime import/export

by Zack Rusin

vmwgfx never supported prime import of external buffers. Furthermore the driver exposes two different objects to userspace: vmw_surface's and gem buffers but prime import/export only worked with vmw_surfaces. Because gem buffers are used through the dumb_buffer interface this meant that the driver created buffers couldn't have been prime exported or imported. Fix prime import/export. Makes IGT's kms_prime pass. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Cc: <stable(a)vger.kernel.org> # v6.6+ Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++ drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++------- 8 files changed, 117 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index c52c7bf1485b..717d624e9a05 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, .no_wait_gpu = false }; u32 j, initial_line = dst_offset / dst_stride; - struct vmw_bo_blit_line_data d; + struct vmw_bo_blit_line_data d = {0}; int ret = 0; + struct page **dst_pages = NULL; + struct page **src_pages = NULL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (!src->ttm->pages && src->ttm->sg) { + src_pages = kvmalloc_array(src->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!src_pages) + return -ENOMEM; + ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages, + src->ttm->num_pages); + if (ret) + goto out; + } + if (!dst->ttm->pages && dst->ttm->sg) { + dst_pages = kvmalloc_array(dst->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!dst_pages) { + ret = -ENOMEM; + goto out; + } + ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages, + dst->ttm->num_pages); + if (ret) + goto out; + } + d.mapped_dst = 0; d.mapped_src = 0; d.dst_addr = NULL; d.src_addr = NULL; - d.dst_pages = dst->ttm->pages; - d.src_pages = src->ttm->pages; + d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages; + d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages; d.dst_num_pages = PFN_UP(dst->resource->size); d.src_num_pages = PFN_UP(src->resource->size); d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL); @@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, kunmap_atomic(d.src_addr); if (d.dst_addr) kunmap_atomic(d.dst_addr); + if (src_pages) + kvfree(src_pages); + if (dst_pages) + kvfree(dst_pages); return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index bfd41ce3c8f4..e5eb21a471a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, { struct ttm_operation_ctx ctx = { .interruptible = params->bo_type != ttm_bo_type_kernel, - .no_wait_gpu = false + .no_wait_gpu = false, + .resv = params->resv, }; struct ttm_device *bdev = &dev_priv->bdev; struct drm_device *vdev = &dev_priv->drm; @@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain); ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type, - &vmw_bo->placement, 0, &ctx, NULL, - NULL, destroy); + &vmw_bo->placement, 0, &ctx, + params->sg, params->resv, destroy); if (unlikely(ret)) return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 0d496dc9c6af..f349642e6190 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -55,6 +55,8 @@ struct vmw_bo_params { enum ttm_bo_type bo_type; size_t size; bool pin; + struct dma_resv *resv; + struct sg_table *sg; }; /** diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 89d3679d2608..41ad13e45554 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1631,6 +1631,7 @@ static const struct drm_driver driver = { .prime_fd_to_handle = vmw_prime_fd_to_handle, .prime_handle_to_fd = vmw_prime_handle_to_fd, + .gem_prime_import_sg_table = vmw_prime_import_sg_table, .fops = &vmwgfx_driver_fops, .name = VMWGFX_DRIVER_NAME, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index ddbceaa31b59..4ecaea0026fc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev, struct drm_file *file_priv, uint32_t handle, uint32_t flags, int *prime_fd); +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table); /* * MemoryOBject management - vmwgfx_mob.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c index 186150f41fbc..2132a8ad8c0c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c @@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv, return ret; } +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table) +{ + int ret; + struct vmw_private *dev_priv = vmw_priv(dev); + struct drm_gem_object *gem = NULL; + struct vmw_bo *vbo; + struct vmw_bo_params params = { + .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM, + .busy_domain = VMW_BO_DOMAIN_SYS, + .bo_type = ttm_bo_type_sg, + .size = attach->dmabuf->size, + .pin = false, + .resv = attach->dmabuf->resv, + .sg = table, + + }; + + dma_resv_lock(params.resv, NULL); + + ret = vmw_bo_create(dev_priv, &params, &vbo); + if (ret != 0) + goto out_no_bo; + + vbo->tbo.base.funcs = &vmw_gem_object_funcs; + + gem = &vbo->tbo.base; +out_no_bo: + dma_resv_unlock(params.resv); + return gem; +} int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index 2d72a5ee7c0c..c99cad444991 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev, int fd, u32 *handle) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + int ret = ttm_prime_fd_to_handle(tfile, fd, handle); - return ttm_prime_fd_to_handle(tfile, fd, handle); + if (ret) + ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle); + + return ret; } int vmw_prime_handle_to_fd(struct drm_device *dev, @@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, int *prime_fd) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + int ret; + + if (handle > VMWGFX_NUM_MOB) + ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c index 4d23d0a70bcb..621d98b376bb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c @@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) switch (dev_priv->map_mode) { case vmw_dma_map_bind: case vmw_dma_map_populate: - vsgt->sgt = &vmw_tt->sgt; - ret = sg_alloc_table_from_pages_segment( - &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0, - (unsigned long)vsgt->num_pages << PAGE_SHIFT, - dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL); - if (ret) - goto out_sg_alloc_fail; + if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) { + vsgt->sgt = vmw_tt->dma_ttm.sg; + } else { + vsgt->sgt = &vmw_tt->sgt; + ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt, + vsgt->pages, vsgt->num_pages, 0, + (unsigned long)vsgt->num_pages << PAGE_SHIFT, + dma_get_max_seg_size(dev_priv->drm.dev), + GFP_KERNEL); + if (ret) + goto out_sg_alloc_fail; + } ret = vmw_ttm_map_for_dma(vmw_tt); if (unlikely(ret != 0)) @@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) return 0; out_map_fail: - sg_free_table(vmw_tt->vsgt.sgt); - vmw_tt->vsgt.sgt = NULL; + drm_warn(&dev_priv->drm, "VSG table map failed!"); + sg_free_table(vsgt->sgt); + vsgt->sgt = NULL; out_sg_alloc_fail: return ret; } @@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm) static int vmw_ttm_populate(struct ttm_device *bdev, struct ttm_tt *ttm, struct ttm_operation_ctx *ctx) { - int ret; + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; - /* TODO: maybe completely drop this ? */ if (ttm_tt_is_populated(ttm)) return 0; - ret = ttm_pool_alloc(&bdev->pool, ttm, ctx); + if (external && ttm->sg) + return drm_prime_sg_to_dma_addr_array(ttm->sg, + ttm->dma_address, + ttm->num_pages); - return ret; + return ttm_pool_alloc(&bdev->pool, ttm, ctx); } static void vmw_ttm_unpopulate(struct ttm_device *bdev, @@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev, { struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt, dma_ttm); + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (external) + return; vmw_ttm_unbind(bdev, ttm); @@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, { struct vmw_ttm_tt *vmw_be; int ret; + bool external = bo->type == ttm_bo_type_sg; vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL); if (!vmw_be) @@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev); vmw_be->mob = NULL; - if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent) + if (external) + page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE; + + if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external) ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags, ttm_cached); else -- 2.40.1

1 year, 6 months

1
0
0 0

[PATCH v2] firmware: qcom: uefisecapp: Fix memory related IO errors and crashes

by Maximilian Luz

It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory region. Failure to adhere to this has (so far) resulted in either no response being written to the response buffer (causing an EIO to be emitted down the line), the SCM call to fail with EINVAL (i.e., directly from TZ/firmware), or the device to be hard-reset. While this issue can be triggered deterministically, in the current form it seems to happen rather sporadically (which is why it has gone unnoticed during earlier testing). This is likely due to the two kzalloc() calls (for request and response) being directly after each other. Which means that those likely return consecutive regions most of the time, especially when not much else is going on in the system. Fix this by allocating a single memory region for both request and response buffers, properly aligning both structs inside it. This unfortunately also means that the qcom_scm_qseecom_app_send() interface needs to be restructured, as it should no longer map the DMA regions separately. Therefore, move the responsibility of DMA allocation (or mapping) to the caller. Fixes: 759e7a2b62eb ("firmware: Add support for Qualcomm UEFI Secure Application") Cc: stable(a)vger.kernel.org # 6.7 Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Maximilian Luz <luzmaximilian(a)gmail.com> --- Changes in v2: - rename DMA related variables - replace _phys suffix with _dma - drop _virt suffix - use DMA-based naming in comments instead of referring to physical addresses/memory --- .../firmware/qcom/qcom_qseecom_uefisecapp.c | 137 ++++++++++++------ drivers/firmware/qcom/qcom_scm.c | 37 +---- include/linux/firmware/qcom/qcom_qseecom.h | 55 ++++++- include/linux/firmware/qcom/qcom_scm.h | 10 +- 4 files changed, 153 insertions(+), 86 deletions(-) diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c index 32188f098ef34..bc550ad0dbe0c 100644 --- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c +++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c @@ -221,6 +221,19 @@ struct qsee_rsp_uefi_query_variable_info { * alignment of 8 bytes (64 bits) for GUIDs. Our definition of efi_guid_t, * however, has an alignment of 4 byte (32 bits). So far, this seems to work * fine here. See also the comment on the typedef of efi_guid_t. + * + * Note: It looks like uefisecapp is quite picky about how the memory passed to + * it is structured and aligned. In particular the request/response setup used + * for QSEE_CMD_UEFI_GET_VARIABLE. While qcom_qseecom_app_send(), in theory, + * accepts separate buffers/addresses for the request and response parts, in + * practice, however, it seems to expect them to be both part of a larger + * contiguous block. We initially allocated separate buffers for the request + * and response but this caused the QSEE_CMD_UEFI_GET_VARIABLE command to + * either not write any response to the response buffer or outright crash the + * device. Therefore, we now allocate a single contiguous block of DMA memory + * for both and properly align the data using the macros below. In particular, + * request and response structs are aligned at 8 byte (via __reqdata_offs()), + * following the driver that this has been reverse-engineered from. */ #define qcuefi_buf_align_fields(fields...) \ ({ \ @@ -244,6 +257,12 @@ struct qsee_rsp_uefi_query_variable_info { #define __array_offs(type, count, offset) \ __field_impl(sizeof(type) * (count), __alignof__(type), offset) +#define __array_offs_aligned(type, count, align, offset) \ + __field_impl(sizeof(type) * (count), align, offset) + +#define __reqdata_offs(size, offset) \ + __array_offs_aligned(u8, size, 8, offset) + #define __array(type, count) __array_offs(type, count, NULL) #define __field_offs(type, offset) __array_offs(type, 1, offset) #define __field(type) __array_offs(type, 1, NULL) @@ -277,10 +296,15 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e unsigned long buffer_size = *data_size; efi_status_t efi_status = EFI_SUCCESS; unsigned long name_length; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t guid_offs; size_t name_offs; size_t req_size; size_t rsp_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name || !guid) @@ -304,17 +328,19 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e __array(u8, buffer_size) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(rsp_size, &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(rsp_size, GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_GET_VARIABLE; req_data->data_size = buffer_size; @@ -332,7 +358,9 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size); - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, rsp_size); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -407,9 +435,7 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e memcpy(data, ((void *)rsp_data) + rsp_data->data_offset, rsp_data->data_size); out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -422,10 +448,15 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e struct qsee_rsp_uefi_set_variable *rsp_data; efi_status_t efi_status = EFI_SUCCESS; unsigned long name_length; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t name_offs; size_t guid_offs; size_t data_offs; size_t req_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name || !guid) @@ -450,17 +481,19 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e __array_offs(u8, data_size, &data_offs) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(sizeof(*rsp_data), &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_SET_VARIABLE; req_data->attributes = attributes; @@ -483,8 +516,9 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e if (data_size) memcpy(((void *)req_data) + req_data->data_offset, data, req_data->data_size); - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, - sizeof(*rsp_data)); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, sizeof(*rsp_data)); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -507,9 +541,7 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e } out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -521,10 +553,15 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, struct qsee_req_uefi_get_next_variable *req_data; struct qsee_rsp_uefi_get_next_variable *rsp_data; efi_status_t efi_status = EFI_SUCCESS; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t guid_offs; size_t name_offs; size_t req_size; size_t rsp_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name_size || !name || !guid) @@ -545,17 +582,19 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, __array(*name, *name_size / sizeof(*name)) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(rsp_size, &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(rsp_size, GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_GET_NEXT_VARIABLE; req_data->guid_offset = guid_offs; @@ -572,7 +611,9 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, goto out_free; } - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, rsp_size); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -645,9 +686,7 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, } out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -659,26 +698,34 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi, struct qsee_req_uefi_query_variable_info *req_data; struct qsee_rsp_uefi_query_variable_info *rsp_data; efi_status_t efi_status = EFI_SUCCESS; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; + size_t req_offs; + size_t rsp_offs; int status; - req_data = kzalloc(sizeof(*req_data), GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(sizeof(*req_data), &req_offs) + __reqdata_offs(sizeof(*rsp_data), &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_QUERY_VARIABLE_INFO; req_data->attributes = attr; req_data->length = sizeof(*req_data); - status = qcom_qseecom_app_send(qcuefi->client, req_data, sizeof(*req_data), rsp_data, - sizeof(*rsp_data)); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, sizeof(*req_data), + cmd_buf_dma + rsp_offs, sizeof(*rsp_data)); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -711,9 +758,7 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi, *max_variable_size = rsp_data->max_variable_size; out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 81c15aeff934a..f9c9fcfeaadaf 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1579,9 +1579,9 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id); /** * qcom_scm_qseecom_app_send() - Send to and receive data from a given QSEE app. * @app_id: The ID of the target app. - * @req: Request buffer sent to the app (must be DMA-mappable). + * @req: DMA address of the request buffer sent to the app. * @req_size: Size of the request buffer. - * @rsp: Response buffer, written to by the app (must be DMA-mappable). + * @rsp: DMA address of the response buffer, written to by the app. * @rsp_size: Size of the response buffer. * * Sends a request to the QSEE app associated with the given ID and read back @@ -1592,33 +1592,13 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id); * * Return: Zero on success, nonzero on failure. */ -int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, - size_t rsp_size) +int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { struct qcom_scm_qseecom_resp res = {}; struct qcom_scm_desc desc = {}; - dma_addr_t req_phys; - dma_addr_t rsp_phys; int status; - /* Map request buffer */ - req_phys = dma_map_single(__scm->dev, req, req_size, DMA_TO_DEVICE); - status = dma_mapping_error(__scm->dev, req_phys); - if (status) { - dev_err(__scm->dev, "qseecom: failed to map request buffer\n"); - return status; - } - - /* Map response buffer */ - rsp_phys = dma_map_single(__scm->dev, rsp, rsp_size, DMA_FROM_DEVICE); - status = dma_mapping_error(__scm->dev, rsp_phys); - if (status) { - dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE); - dev_err(__scm->dev, "qseecom: failed to map response buffer\n"); - return status; - } - - /* Set up SCM call data */ desc.owner = QSEECOM_TZ_OWNER_TZ_APPS; desc.svc = QSEECOM_TZ_SVC_APP_ID_PLACEHOLDER; desc.cmd = QSEECOM_TZ_CMD_APP_SEND; @@ -1626,18 +1606,13 @@ int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, QCOM_SCM_RW, QCOM_SCM_VAL, QCOM_SCM_RW, QCOM_SCM_VAL); desc.args[0] = app_id; - desc.args[1] = req_phys; + desc.args[1] = req; desc.args[2] = req_size; - desc.args[3] = rsp_phys; + desc.args[3] = rsp; desc.args[4] = rsp_size; - /* Perform call */ status = qcom_scm_qseecom_call(&desc, &res); - /* Unmap buffers */ - dma_unmap_single(__scm->dev, rsp_phys, rsp_size, DMA_FROM_DEVICE); - dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE); - if (status) return status; diff --git a/include/linux/firmware/qcom/qcom_qseecom.h b/include/linux/firmware/qcom/qcom_qseecom.h index 5c28298a98bec..366243ee96096 100644 --- a/include/linux/firmware/qcom/qcom_qseecom.h +++ b/include/linux/firmware/qcom/qcom_qseecom.h @@ -10,6 +10,7 @@ #define __QCOM_QSEECOM_H #include <linux/auxiliary_bus.h> +#include <linux/dma-mapping.h> #include <linux/types.h> #include <linux/firmware/qcom/qcom_scm.h> @@ -24,12 +25,57 @@ struct qseecom_client { u32 app_id; }; +/** + * qseecom_scm_dev() - Get the SCM device associated with the QSEECOM client. + * @client: The QSEECOM client device. + * + * Returns the SCM device under which the provided QSEECOM client device + * operates. This function is intended to be used for DMA allocations. + */ +static inline struct device *qseecom_scm_dev(struct qseecom_client *client) +{ + return client->aux_dev.dev.parent->parent; +} + +/** + * qseecom_dma_alloc() - Allocate DMA memory for a QSEECOM client. + * @client: The QSEECOM client to allocate the memory for. + * @size: The number of bytes to allocate. + * @dma_handle: Pointer to where the DMA address should be stored. + * @gfp: Allocation flags. + * + * Wrapper function for dma_alloc_coherent(), allocating DMA memory usable for + * TZ/QSEECOM communication. Refer to dma_alloc_coherent() for details. + */ +static inline void *qseecom_dma_alloc(struct qseecom_client *client, size_t size, + dma_addr_t *dma_handle, gfp_t gfp) +{ + return dma_alloc_coherent(qseecom_scm_dev(client), size, dma_handle, gfp); +} + +/** + * dma_free_coherent() - Free QSEECOM DMA memory. + * @client: The QSEECOM client for which the memory has been allocated. + * @size: The number of bytes allocated. + * @cpu_addr: Virtual memory address to free. + * @dma_handle: DMA memory address to free. + * + * Wrapper function for dma_free_coherent(), freeing memory previously + * allocated with qseecom_dma_alloc(). Refer to dma_free_coherent() for + * details. + */ +static inline void qseecom_dma_free(struct qseecom_client *client, size_t size, + void *cpu_addr, dma_addr_t dma_handle) +{ + return dma_free_coherent(qseecom_scm_dev(client), size, cpu_addr, dma_handle); +} + /** * qcom_qseecom_app_send() - Send to and receive data from a given QSEE app. * @client: The QSEECOM client associated with the target app. - * @req: Request buffer sent to the app (must be DMA-mappable). + * @req: DMA address of the request buffer sent to the app. * @req_size: Size of the request buffer. - * @rsp: Response buffer, written to by the app (must be DMA-mappable). + * @rsp: DMA address of the response buffer, written to by the app. * @rsp_size: Size of the response buffer. * * Sends a request to the QSEE app associated with the given client and read @@ -43,8 +89,9 @@ struct qseecom_client { * * Return: Zero on success, nonzero on failure. */ -static inline int qcom_qseecom_app_send(struct qseecom_client *client, void *req, size_t req_size, - void *rsp, size_t rsp_size) +static inline int qcom_qseecom_app_send(struct qseecom_client *client, + dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { return qcom_scm_qseecom_app_send(client->app_id, req, req_size, rsp, rsp_size); } diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h index ccaf288460546..aaa19f93ac430 100644 --- a/include/linux/firmware/qcom/qcom_scm.h +++ b/include/linux/firmware/qcom/qcom_scm.h @@ -118,8 +118,8 @@ bool qcom_scm_lmh_dcvsh_available(void); #ifdef CONFIG_QCOM_QSEECOM int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id); -int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, - size_t rsp_size); +int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size); #else /* CONFIG_QCOM_QSEECOM */ @@ -128,9 +128,9 @@ static inline int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id) return -EINVAL; } -static inline int qcom_scm_qseecom_app_send(u32 app_id, void *req, - size_t req_size, void *rsp, - size_t rsp_size) +static inline int qcom_scm_qseecom_app_send(u32 app_id, + dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { return -EINVAL; } -- 2.44.0

1 year, 6 months

3
2
0 0

[PATCH v2 5.10/5.15] ata: libata-scsi: check cdb length for VARIABLE_LENGTH_CMD commands

by Mikhail Ukhin

No upstream commit exists for this patch. Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in ata_scsi_pass_thru. The error is fixed in 5.18 by commit ce70fd9a551a ("scsi: core: Remove the cmd field from struct scsi_request") upstream. Backporting this commit would require significant changes to the code so it is bettter to use a simple fix for that particular error. The problem is that the length of the received SCSI command is not validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds reading if the user sends a request with SCSI command of length less than 32. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> --- v2: The new addresses were added and the text was updated. drivers/ata/libata-scsi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index dfa090ccd21c..77589e911d3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4065,6 +4065,9 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev) if (unlikely(!scmd->cmd_len)) goto bad_cdb_len; + + if (scsi_op == VARIABLE_LENGTH_CMD && scmd->cmd_len < 32) + goto bad_cdb_len; if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) { if (unlikely(scmd->cmd_len > dev->cdb_len)) -- 2.25.1

1 year, 6 months

2
1
0 0

[PATCH v2] ACPI: CPPC: Fix access width used for PCC registers

by Vanshidhar Konda

commit 2f4a4d63a193be6fd530d180bb13c3592052904c modified cpc_read/cpc_write to use access_width to read CPC registers. For PCC registers the access width field in the ACPI register macro specifies the PCC subspace id. For non-zero PCC subspace id the access width is incorrectly treated as access width. This causes errors when reading from PCC registers in the CPPC driver. For PCC registers base the size of read/write on the bit width field. The debug message in cpc_read/cpc_write is updated to print relevant information for the address space type used to read the register. Signed-off-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Tested-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Jarred White <jarredwhite(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ --- When testing v6.9-rc1 kernel on AmpereOne system dmesg showed that cpufreq policy had failed to initialize on some cores during boot because cpufreq->get() always returned 0. On this system CPPC registers are in PCC subspace index 2 that are 32 bits wide. With this patch the CPPC driver interpreted the access width field as 16 bits, causing the register read to roll over too quickly to provide valid values during frequency computation. v2: - Use size variable in debug print message - Use size instead of reg->bit_width for acpi_os_read_memory and acpi_os_write_memory drivers/acpi/cppc_acpi.c | 53 ++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 4bfbe55553f4..a037e9d15f48 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -1002,14 +1002,14 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) } *val = 0; + size = GET_BIT_WIDTH(reg); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; status = acpi_os_read_port((acpi_io_address)reg->address, - &val_u32, width); + &val_u32, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to read SystemIO port %llx\n", reg->address); @@ -1018,17 +1018,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = val_u32; return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_read_ffh(cpu, reg, val); else return acpi_os_read_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); switch (size) { case 8: @@ -1044,8 +1049,13 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = readq_relaxed(vaddr); break; default: - pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot read %u width from for system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot read %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } return -EFAULT; } @@ -1063,12 +1073,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; + size = GET_BIT_WIDTH(reg); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, - (u32)val, width); + (u32)val, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to write SystemIO port %llx\n", reg->address); @@ -1076,17 +1087,22 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) } return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_write_ffh(cpu, reg, val); else return acpi_os_write_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) val = MASK_VAL(reg, val); @@ -1105,8 +1121,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) writeq_relaxed(val, vaddr); break; default: - pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot write %u width from for system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } ret_val = -EFAULT; break; } -- 2.43.1

1 year, 6 months

2
1
0 0

[PATCH RESEND 0/2] usb: typec: tipd: fix event checking in interrupt service routines

by Javier Carrasco

The ISRs of the tps25750 and tps6598x do not handle generated events properly under all circumstances. The tps6598x ISR does not read all bits of the INT_EVENTX registers, leaving events signaled with bits above 64 unattended. Moreover, these events are not cleared, leaving the interrupt enabled. The tps25750 reads all bits of the INT_EVENT1 register, but the event checking is not right because the same event is checked in two different regions of the same register by means of an OR operation. This series aims to fix both issues by reading all bits of the INT_EVENTX registers, and limiting the event checking to the region where the supported events are defined (currently they are limited to the first 64 bits of the registers, as the are defined as BIT_ULL()). If the need for events above the first 64 bits of the INT_EVENTX registers arises, a different mechanism might be required. But for the current needs, all definitions can be left as they are. Note: resend to add the Cc tag for 'stable' (fixes in the series). Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> --- Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x drivers/usb/typec/tipd/core.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240328-tps6598x_fix_event_handling-3398d3d82f85 Best regards, -- Javier Carrasco <javier.carrasco(a)wolfvision.net>

1 year, 6 months

2
9
0 0

[PATCH net] Bluetooth: hci_event: fix double hci_conn_drop() when conn->state == BT_CONNECTED

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> There is no need to drop the connection of some functions in which the conn->state in BT_CONNECTED is marked, since in the future the same check takes place (for example, in the hci_encrypt_change_evt() function) and the hci_conn_drop() is called. Otherwise, the conn->refcnt will become below zero, which will trigger a warning and may cause a crash on kernels with the panic_on_warn parameter enabled. Syzkaller hit 'WARNING in hci_conn_timeout' bug. [ 23.485892] Bluetooth: Core ver 2.22 [ 23.485916] NET: Registered PF_BLUETOOTH protocol family [ 23.485917] Bluetooth: HCI device and connection manager initialized [ 23.486407] Bluetooth: HCI socket layer initialized [ 23.486410] Bluetooth: L2CAP socket layer initialized [ 23.486413] Bluetooth: SCO socket layer initialized [ 24.507112] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 24.507142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 24.507165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 24.508091] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 24.508109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 24.508117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 24.545962] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 24.545969] Bluetooth: BNEP filters: protocol multicast [ 24.545973] Bluetooth: BNEP socket layer initialized [ 24.547521] Bluetooth: MGMT ver 1.22 [ 26.553008] Bluetooth: hci0: command tx timeout [ 26.561518] Bluetooth: RFCOMM TTY layer initialized [ 26.561526] Bluetooth: RFCOMM socket layer initialized [ 26.561532] Bluetooth: RFCOMM ver 1.11 [ 28.602024] Bluetooth: hci0: Opcode 0x0c13 failed: -110 [ 28.602054] Bluetooth: hci0: command tx timeout [ 30.650011] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 30.650021] Bluetooth: hci0: command tx timeout [ 32.696973] Bluetooth: hci0: command tx timeout [ 32.696985] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 34.744973] Bluetooth: hci0: command 0x0406 tx timeout [ 34.745008] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 36.792966] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 36.792980] Bluetooth: hci0: command 0x0406 tx timeout [ 38.841027] Bluetooth: hci0: command 0x0406 tx timeout [ 38.841035] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.889026] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.889999] Bluetooth: hci0: command 0x0406 tx timeout [ 40.890012] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.893629] NET: Registered PF_ALG protocol family [ 42.937008] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 42.937023] Bluetooth: hci0: command 0x0406 tx timeout [ 44.984984] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 44.985008] Bluetooth: hci0: command 0x0406 tx timeout [ 47.033023] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 47.033044] Bluetooth: hci0: command 0x0406 tx timeout [ 49.080976] Bluetooth: hci0: command 0x0406 tx timeout [ 49.080985] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 51.129140] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 51.130051] Bluetooth: hci0: command 0x0406 tx timeout [ 53.177011] Bluetooth: hci0: command 0x0406 tx timeout [ 55.225969] Bluetooth: hci0: command 0x0406 tx timeout [ 57.272968] Bluetooth: hci0: command 0x0406 tx timeout [ 59.320982] Bluetooth: hci0: command 0x0406 tx timeout [ 61.368989] Bluetooth: hci0: command 0x0406 tx timeout [ 148.474066] ------------[ cut here ]------------ [ 148.474072] WARNING: CPU: 0 PID: 3835 at net/bluetooth/hci_conn.c:612 hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474115] Modules linked in: cmac algif_hash algif_skcipher af_alg rfcomm bnep hci_vhci bluetooth ecdh_generic uinput af_packet rfkill joydev hid_generic usbhid hid qrtr intel_rapl_msr intel_rapl_common intel_pmc_core kvm_intel nls_utf8 iTCO_wdt intel_pmc_bxt iTCO_vendor_support nls_cp866 vfat fat kvm irqbypass crct10dif_pclmul crc32_pclmul snd_hda_codec_generic crc32c_intel ghash_clmulni_intel ledtrig_audio sha512_ssse3 snd_hda_intel sha256_ssse3 sha1_ssse3 snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec aesni_intel crypto_simd cryptd i2c_i801 snd_hda_core psmouse snd_hwdep i2c_smbus xhci_pci pcspkr snd_pcm lpc_ich xhci_pci_renesas xhci_hcd tiny_power_button qemu_fw_cfg button sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod ip_tables x_tables autofs4 virtio_gpu virtio_net virtio_dma_buf drm_shmem_helper net_failover drm_kms_helper [ 148.474210] virtio_rng drm virtio_scsi rng_core virtio_console virtio_balloon virtio_blk failover ahci libahci libata evdev input_leds serio_raw scsi_mod scsi_common virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio_ring virtio intel_agp intel_gtt [ 148.474234] CPU: 0 PID: 3835 Comm: kworker/u5:2 Not tainted 6.1.85-un-def-alt1 #1 [ 148.474238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 148.474241] Workqueue: hci0 hci_conn_timeout [bluetooth] [ 148.474265] RIP: 0010:hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474288] Code: 00 00 66 89 44 24 06 e8 58 a7 ff ff eb a8 e8 41 7b ee c1 90 0f 1f 44 00 00 8b 87 20 fd ff ff 85 c0 78 07 74 07 c3 cc cc cc cc <0f> 0b 55 0f b6 87 49 fd ff ff 48 8d af 10 fd ff ff 3c 01 74 12 be [ 148.474291] RSP: 0018:ffffa7fd80b53e90 EFLAGS: 00010286 [ 148.474295] RAX: 00000000fffe728b RBX: ffff8959c46ab180 RCX: ffff8959c3b70028 [ 148.474297] RDX: 0000000000000001 RSI: ffff8959c86ce0b0 RDI: ffff895a105aeaf0 [ 148.474299] RBP: ffff895a105aeaf0 R08: ffff8959c86ce0b0 R09: ffff8959c46ab1f4 [ 148.474301] R10: 0000000000000005 R11: 0000000000000005 R12: ffff8959c3b70000 [ 148.474302] R13: ffff8959ec495400 R14: 0000000000000000 R15: ffff8959ec495405 [ 148.474305] FS: 0000000000000000(0000) GS:ffff895a3dc00000(0000) knlGS:0000000000000000 [ 148.474308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.474310] CR2: 00007f2a1b7baa48 CR3: 0000000034b98000 CR4: 0000000000750ef0 [ 148.474317] PKRU: 55555554 [ 148.474319] Call Trace: [ 148.474323] <TASK> [ 148.474327] ? __warn+0x79/0xc0 [ 148.474343] ? hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474364] ? report_bug+0xff/0x150 [ 148.474375] ? handle_bug+0x49/0xa0 [ 148.474398] ? exc_invalid_op+0x14/0x70 [ 148.474402] ? asm_exc_invalid_op+0x16/0x20 [ 148.474408] ? hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474441] process_one_work+0x217/0x3e0 [ 148.474467] worker_thread+0x4d/0x3c0 [ 148.474473] ? process_one_work+0x3e0/0x3e0 [ 148.474478] kthread+0xd6/0x100 [ 148.474482] ? kthread_complete_and_exit+0x20/0x20 [ 148.474486] ret_from_fork+0x1f/0x30 [ 148.474500] </TASK> [ 148.474502] ---[ end trace 0000000000000000 ]--- Fixes: 0fe29fd1cd77 ("Bluetooth: Read LE remote features during connection establishment") Fixes: 769be974d0c7 ("[Bluetooth] Use ACL config stage to retrieve remote features") Fixes: f8558555f31e ("[Bluetooth] Initiate authentication during connection establishment") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/bluetooth/hci_event.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index a8b8cfebe0180c..64477e1bde7cec 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -3529,7 +3529,6 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, void *data, } else { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } } else { hci_auth_cfm(conn, ev->status); @@ -3776,7 +3775,6 @@ static void hci_remote_features_evt(struct hci_dev *hdev, void *data, if (!hci_outgoing_auth_needed(hdev, conn)) { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } unlock: @@ -5030,7 +5028,6 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, void *data, if (!hci_outgoing_auth_needed(hdev, conn)) { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } unlock: @@ -6561,7 +6558,6 @@ static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev, void *data, conn->state = BT_CONNECTED; hci_connect_cfm(conn, status); - hci_conn_drop(conn); } } -- 2.33.8

1 year, 6 months

2
2
0 0

[git:media_tree/master] media: rc: bpf attach/detach requires write permission

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: rc: bpf attach/detach requires write permission Author: Sean Young <sean(a)mess.org> Date: Thu Apr 13 10:50:32 2023 +0200 Note that bpf attach/detach also requires CAP_NET_ADMIN. Cc: stable(a)vger.kernel.org Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/rc/bpf-lirc.c | 6 +++--- drivers/media/rc/lirc_dev.c | 5 ++++- drivers/media/rc/rc-core-priv.h | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c index fe17c7f98e81..52d82cbe7685 100644 --- a/drivers/media/rc/bpf-lirc.c +++ b/drivers/media/rc/bpf-lirc.c @@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog) if (attr->attach_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); @@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_attr *attr) if (IS_ERR(prog)) return PTR_ERR(prog); - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) { bpf_prog_put(prog); return PTR_ERR(rcdev); @@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr) if (attr->query.query_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->query.target_fd); + rcdev = rc_dev_get_from_fd(attr->query.target_fd, false); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index a537734832c5..caad59f76793 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void) unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX); } -struct rc_dev *rc_dev_get_from_fd(int fd) +struct rc_dev *rc_dev_get_from_fd(int fd, bool write) { struct fd f = fdget(fd); struct lirc_fh *fh; @@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd) return ERR_PTR(-EINVAL); } + if (write && !(f.file->f_mode & FMODE_WRITE)) + return ERR_PTR(-EPERM); + fh = f.file->private_data; dev = fh->rc; diff --git a/drivers/media/rc/rc-core-priv.h b/drivers/media/rc/rc-core-priv.h index ef1e95e1af7f..7df949fc65e2 100644 --- a/drivers/media/rc/rc-core-priv.h +++ b/drivers/media/rc/rc-core-priv.h @@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, struct ir_raw_event ev); void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc); int lirc_register(struct rc_dev *dev); void lirc_unregister(struct rc_dev *dev); -struct rc_dev *rc_dev_get_from_fd(int fd); +struct rc_dev *rc_dev_get_from_fd(int fd, bool write); #else static inline int lirc_dev_init(void) { return 0; } static inline void lirc_dev_exit(void) {}

1 year, 6 months

1
0
0 0

[PATCH 6.1 0/6] backport xfs fix patches reported by xfs/179/270/557/606

by Mahmoud Adam

Hi, These patches fix and reported by xfstests tests xfs/179 xfs/270 xfs/557 xfs/606, the patchset were tested to confirm they fix those tests. all are clean picks. thanks, MNAdam

1 year, 6 months

5
13
0 0

[PATCH net] Bluetooth: hci_event: fix possible multiple drops by marked conn->state after hci_disconnect()

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> When returning from the hci_disconnect() function, the conn->state continues to be set to BT_CONNECTED and hci_conn_drop() is executed, which decrements the conn->refcnt. Syzkaller has generated a reproducer that results in multiple calls to hci_encrypt_change_evt() of the same conn object. -- hci_encrypt_change_evt(){ // conn->state == BT_CONNECTED hci_disconnect(){ hci_abort_conn(); } hci_conn_drop(); // conn->state == BT_CONNECTED } -- This behavior can cause the conn->refcnt to go far into negative values and cause problems. To get around this, you need to change the conn->state, namely to BT_DISCONN, as it was before. Fixes: a13f316e90fd ("Bluetooth: hci_conn: Consolidate code for aborting connections") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/bluetooth/hci_event.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 64477e1bde7cec..e0477021183f9b 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2989,6 +2989,7 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; unlock: hci_dev_unlock(hdev); @@ -3654,6 +3655,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, void *data, hci_encrypt_cfm(conn, ev->status); hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; goto unlock; } @@ -5248,6 +5250,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, void *data, if (ev->status && conn->state == BT_CONNECTED) { hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; goto unlock; } -- 2.33.8

1 year, 6 months

1
1
0 0

[PATCH v1 0/4] docs: stable-kernel-rules: fine-tuning and 'no semi-automatic backport'

by Thorsten Leemhuis

After a recent discussion regarding "do we need a 'nobackport' tag" I set out to create one change for stable-kernel-rules.rst. This is now the second patch in the series, which links to that discussion; the other stuff is fine-tuning that happened along the way. Ciao, Thorsten Thorsten Leemhuis (4): docs: stable-kernel-rules: reduce redundancy docs: stable-kernel-rules: mention "no semi-automatic backport" docs: stable-kernel-rules: call mainline by its name and change example docs: stable-kernel-rules: remove code-labels tags Documentation/process/stable-kernel-rules.rst | 50 +++++++------------ 1 file changed, 18 insertions(+), 32 deletions(-) base-commit: 3f86ed6ec0b390c033eae7f9c487a3fea268e027 -- 2.44.0

1 year, 6 months

3
21
0 0

[RESEND. PATCH v2] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853

by WangYuli

Add the support ID(0x0bda, 0x4853) to usb_device_id table for Realtek RTL8852BE. Without this change the device utilizes an obsolete version of the firmware that is encoded in it rather than the updated Realtek firmware and config files from the firmware directory. The latter files implement many new features. The device table is as follows: T: Bus=03 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4853 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index c391e612b83b..3356af3a7f61 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = { /* Realtek 8852BE Bluetooth devices */ { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 35389b2af88e..0d5e54201eb2 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> /* diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 961f4d88f9ef..5a6c94d7a598 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -296,5 +296,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 2e5a95486a42..044d842c696c 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3481,13 +3483,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.39.2

1 year, 6 months

4
6
0 0

[RESEND PATCH net v4 1/2] soc: fsl: qbman: Always disable interrupts when taking cgr_lock

by Sean Anderson

smp_call_function_single disables IRQs when executing the callback. To prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere. This is already done by qman_update_cgr and qman_delete_cgr; fix the other lockers. Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()") CC: stable(a)vger.kernel.org Signed-off-by: Sean Anderson <sean.anderson(a)seco.com> Reviewed-by: Camelia Groza <camelia.groza(a)nxp.com> Tested-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> --- I got no response the first time I sent this, so I am resending to net. This issue was introduced in a series which went through net, so I hope it makes sense to take it via net. [1] https://lore.kernel.org/linux-arm-kernel/20240108161904.2865093-1-sean.ande… (no changes since v3) Changes in v3: - Change blamed commit to something more appropriate Changes in v2: - Fix one additional call to spin_unlock drivers/soc/fsl/qbman/qman.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c index 739e4eee6b75..1bf1f1ea67f0 100644 --- a/drivers/soc/fsl/qbman/qman.c +++ b/drivers/soc/fsl/qbman/qman.c @@ -1456,11 +1456,11 @@ static void qm_congestion_task(struct work_struct *work) union qm_mc_result *mcr; struct qman_cgr *cgr; - spin_lock(&p->cgr_lock); + spin_lock_irq(&p->cgr_lock); qm_mc_start(&p->p); qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION); if (!qm_mc_result_timeout(&p->p, &mcr)) { - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); dev_crit(p->config->dev, "QUERYCONGESTION timeout\n"); qman_p_irqsource_add(p, QM_PIRQ_CSCI); return; @@ -1476,7 +1476,7 @@ static void qm_congestion_task(struct work_struct *work) list_for_each_entry(cgr, &p->cgr_cbs, node) if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid)) cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid)); - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); qman_p_irqsource_add(p, QM_PIRQ_CSCI); } @@ -2440,7 +2440,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, preempt_enable(); cgr->chan = p->config->channel; - spin_lock(&p->cgr_lock); + spin_lock_irq(&p->cgr_lock); if (opts) { struct qm_mcc_initcgr local_opts = *opts; @@ -2477,7 +2477,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, qman_cgrs_get(&p->cgrs[1], cgr->cgrid)) cgr->cb(p, cgr, 1); out: - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); put_affine_portal(); return ret; } -- 2.35.1.1320.gc452695387.dirty [Embedded World 2024, SECO SpA]<https://www.messe-ticket.de/Nuernberg/embeddedworld2024/Register/ew24517689>

1 year, 6 months

4
5
0 0

Re: 6.8.5 does not boot (regression)

by Linux regression tracking (Thorsten Leemhuis)

On 11.04.24 09:20, Toralf Förster wrote: > It is a remote system, nothing in the logs, system is a hardened Gentoo > Linux, 6.8.4 was fine. > > Linux mr-fox 6.8.4 #4 SMP Thu Apr 4 22:10:47 UTC 2024 x86_64 AMD Ryzen > 9 5950X 16-Core Processor AuthenticAMD GNU/Linux > > Another Gentoo dev reported problems too. > > config is below. Thx for the report, but the harsh reality is: nearly no developer will see your initial report, as you just sent it to LKML, which nearly nobody ready. I CCed a few lists, which might help. But that is unlikely, as this could be cause by all sorts of changes. Which is why we likely need a bisection ( https://docs.kernel.org/admin-guide/verify-bugs-and-bisect-regressions.html ) from somebody affected to make some progress here. That being said: there are a few EFI changes in there that in a case like this are a suspect. I CCed the developer, maybe something rings a bell. Ciao, Thorsten

1 year, 7 months

3
2
0 0

[PATCH v2] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by Viken Dadhaniya

In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> --- v1 -> v2: - Remove macro and add value inline. - add fix, cc and review tag. --- --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

1 year, 7 months

2
1
0 0

Backported patch for linux-5.4

by Jürgen Groß

Hi, there has been a report of a failure in a 5.4 based kernel, which has been fixed in kernel 5.10 with commit abee7c494d8c41bb388839bccc47e06247f0d7de. Please apply the attached backported patch to the stable 5.4 kernel. Juergen

1 year, 7 months

2
1
0 0

[PATCH 4.19.y v3 0/2] Fix stable-4.19 use-after-free bug

by George Guo

1. About v3-0001-tracing-Remove-unnecessary-hist_data-destroy-in-d.patch: The reason I write the changelog by myself is that no one found the bug at that time, then later the code was removed on upstream, but 4.19-stable has the bug. 2. About v3-0002-tracing-Remove-unnecessary-var-destroy-in-onmax_d.patch I also write the changelog by myself is that the upstream api is changed. refs commits: 466f4528fbc6 ("tracing: Generalize hist trigger onmax and save action") ff9d31d0d466 ("tracing: Remove unnecessary var_ref destroy in track_data_destroy()") George Guo (2): tracing: Remove unnecessary hist_data destroy in destroy_synth_var_refs() tracing: Remove unnecessary var destroy in onmax_destroy() kernel/trace/trace_events_hist.c | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) -- 2.34.1

1 year, 7 months

2
3
0 0

FAILED: patch "[PATCH] drm/i915/gt: Reset queue_priority_hint on parking" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4a3859ea5240365d21f6053ee219bb240d520895 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033046-mobility-coherence-2055@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4a3859ea5240365d21f6053ee219bb240d520895 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Mon, 18 Mar 2024 14:58:47 +0100 Subject: [PATCH] drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 167.304839] RIP: 0010:__engine_park+0x3fd/0x680 [i915] <4>[ 167.304937] Code: 00 48 c7 c2 b0 e5 86 a0 48 8d 3d 00 00 00 00 e8 79 48 d4 e0 bf 01 00 00 00 e8 ef 0a d4 e0 31 f6 bf 09 00 00 00 e8 03 49 c0 e0 <0f> 0b 0f 0b be 01 00 00 00 e8 f5 61 fd ff 31 c0 e9 34 fd ff ff 48 <4>[ 167.304940] RSP: 0018:ffffc9000059fce0 EFLAGS: 00010246 <4>[ 167.304942] RAX: 0000000000000200 RBX: 0000000000000000 RCX: 0000000000000006 <4>[ 167.304944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 <4>[ 167.304946] RBP: ffff8881330ca1b0 R08: 0000000000000001 R09: 0000000000000001 <4>[ 167.304947] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881330ca000 <4>[ 167.304948] R13: ffff888110f02aa0 R14: ffff88812d1d0205 R15: ffff88811277d4f0 <4>[ 167.304950] FS: 0000000000000000(0000) GS:ffff88844f780000(0000) knlGS:0000000000000000 <4>[ 167.304952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 167.304953] CR2: 00007fc362200c40 CR3: 000000013306e003 CR4: 0000000000770ef0 <4>[ 167.304955] PKRU: 55555554 <4>[ 167.304957] Call Trace: <4>[ 167.304958] <TASK> <4>[ 167.305573] ____intel_wakeref_put_last+0x1d/0x80 [i915] <4>[ 167.305685] i915_request_retire.part.0+0x34f/0x600 [i915] <4>[ 167.305800] retire_requests+0x51/0x80 [i915] <4>[ 167.305892] intel_gt_retire_requests_timeout+0x27f/0x700 [i915] <4>[ 167.305985] process_scheduled_works+0x2db/0x530 <4>[ 167.305990] worker_thread+0x18c/0x350 <4>[ 167.305993] kthread+0xfe/0x130 <4>[ 167.305997] ret_from_fork+0x2c/0x50 <4>[ 167.306001] ret_from_fork_asm+0x1b/0x30 <4>[ 167.306004] </TASK> It is necessary for the queue_priority_hint to be lower than the next request submission upon waking up, as we rely on the hint to decide when to kick the tasklet to submit that first request. Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") Closes: https://gitlab.freedesktop.org/drm/intel/issues/10154 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v5.4+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240318135906.716055-2-janus… (cherry picked from commit 98850e96cf811dc2d0a7d0af491caff9f5d49c1e) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/intel_engine_pm.c b/drivers/gpu/drm/i915/gt/intel_engine_pm.c index 96bdb93a948d..fb7bff27b45a 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_pm.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_pm.c @@ -279,9 +279,6 @@ static int __engine_park(struct intel_wakeref *wf) intel_engine_park_heartbeat(engine); intel_breadcrumbs_park(engine->breadcrumbs); - /* Must be reset upon idling, or we may miss the busy wakeup. */ - GEM_BUG_ON(engine->sched_engine->queue_priority_hint != INT_MIN); - if (engine->park) engine->park(engine); diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 42aade0faf2d..b061a0a0d6b0 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -3272,6 +3272,9 @@ static void execlists_park(struct intel_engine_cs *engine) { cancel_timer(&engine->execlists.timer); cancel_timer(&engine->execlists.preempt); + + /* Reset upon idling, or we may delay the busy wakeup. */ + WRITE_ONCE(engine->sched_engine->queue_priority_hint, INT_MIN); } static void add_to_engine(struct i915_request *rq)

1 year, 7 months

3
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040851-hamster-canary-7b07@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 7 months

3
3
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 6.1-stable tree

by Sasha Levin

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 7 months

3
2
0 0

[PATCH 4.19.y] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ null pointer access Using 4.19 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 142.135449] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 142.138713] [drm] Driver supports precise vblank timestamp query. [ 142.142390] [drm] Initialized vkms 1.0.0 20180514 for virtual device on minor 0 root:~ # rmmod vkms.ko [ 144.093710] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 [ 144.097491] PGD 800000023624e067 P4D 800000023624e067 PUD 22ab59067 PMD 0 [ 144.100802] Oops: 0000 [#1] SMP PTI [ 144.102502] CPU: 0 PID: 3615 Comm: rmmod Not tainted 4.19.310 #1 [ 144.104452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 144.107238] RIP: 0010:device_del+0x34/0x3a0 ... [ 144.131323] Call Trace: [ 144.131962] ? __die+0x7d/0xc0 [ 144.132711] ? no_context+0x152/0x3b0 [ 144.133605] ? wake_up_q+0x70/0x70 [ 144.134436] ? __do_page_fault+0x342/0x4b0 [ 144.135445] ? __switch_to_asm+0x41/0x70 [ 144.136416] ? __switch_to_asm+0x35/0x70 [ 144.137366] ? page_fault+0x1e/0x30 [ 144.138214] ? __drm_atomic_state_free+0x51/0x60 [ 144.139331] ? device_del+0x34/0x3a0 [ 144.140197] platform_device_del.part.14+0x19/0x70 [ 144.141348] platform_device_unregister+0xe/0x20 [ 144.142458] vkms_release+0x10/0x30 [vkms] [ 144.143449] __drm_atomic_helper_disable_all.constprop.31+0x13b/0x150 [ 144.144980] drm_atomic_helper_shutdown+0x4b/0x90 [ 144.146102] vkms_release+0x18/0x30 [vkms] [ 144.147107] vkms_exit+0x29/0x8ec [vkms] [ 144.148053] __x64_sys_delete_module+0x155/0x220 [ 144.149168] do_syscall_64+0x43/0x100 [ 144.150056] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Note that vkms exit code is refactored by 53d77aaa3f76 ("drm/vkms: Use devm_drm_dev_alloc") in tags/v5.10-rc1. So this bug only exists on 4.19 and 5.4. Fixes: 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index b1201c18d3eb..d32e08f17427 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -39,7 +39,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); } @@ -137,6 +136,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 7 months

3
3
0 0

Re: Broken Domain Validation in 6.1.84+

by Martin K. Petersen

Dave, >> Could you please try the patch below on top of v6.1.80? > Works okay on top of v6.1.80: > > [ 30.952668] scsi 6:0:0:0: Direct-Access HP 73.4G ST373207LW HPC1 PQ: 0 ANSI: 3 > [ 31.072592] scsi target6:0:0: Beginning Domain Validation > [ 31.139334] scsi 6:0:0:0: Power-on or device reset occurred > [ 31.186227] scsi target6:0:0: Ending Domain Validation > [ 31.240482] scsi target6:0:0: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRFLOW PCOMP (6.25 ns, offset 63) > [ 31.462587] ata5: SATA link down (SStatus 0 SControl 0) > [ 31.618798] scsi 6:0:2:0: Direct-Access HP 73.4G ST373207LW HPC1 PQ: 0 ANSI: 3 > [ 31.732588] scsi target6:0:2: Beginning Domain Validation > [ 31.799201] scsi 6:0:2:0: Power-on or device reset occurred > [ 31.846724] scsi target6:0:2: Ending Domain Validation > [ 31.900822] scsi target6:0:2: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRFLOW PCOMP (6.25 ns, offset 63) Great, thanks for testing! Greg, please revert the following commits from linux-6.1.y: b73dd5f99972 ("scsi: sd: usb_storage: uas: Access media prior to querying device properties") cf33e6ca12d8 ("scsi: core: Add struct for args to execution functions") and include the patch below instead. Thank you! -- Martin K. Petersen Oracle Linux Engineering From 87441914d491c01b73b949663c101056a9d9b8c7 Mon Sep 17 00:00:00 2001 From: "Martin K. Petersen" <martin.petersen(a)oracle.com> Date: Tue, 13 Feb 2024 09:33:06 -0500 Subject: [PATCH] scsi: sd: usb_storage: uas: Access media prior to querying device properties [ Upstream commit 321da3dc1f3c92a12e3c5da934090d2992a8814c ] It has been observed that some USB/UAS devices return generic properties hardcoded in firmware for mode pages for a period of time after a device has been discovered. The reported properties are either garbage or they do not accurately reflect the characteristics of the physical storage device attached in the case of a bridge. Prior to commit 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") we would call revalidate several times during device discovery. As a result, incorrect values would eventually get replaced with ones accurately describing the attached storage. When we did away with the redundant revalidate pass, several cases were reported where devices reported nonsensical values or would end up in write-protected state. An initial attempt at addressing this issue involved introducing a delayed second revalidate invocation. However, this approach still left some devices reporting incorrect characteristics. Tasos Sahanidis debugged the problem further and identified that introducing a READ operation prior to MODE SENSE fixed the problem and that it wasn't a timing issue. Issuing a READ appears to cause the devices to update their state to reflect the actual properties of the storage media. Device properties like vendor, model, and storage capacity appear to be correctly reported from the get-go. It is unclear why these devices defer populating the remaining characteristics. Match the behavior of a well known commercial operating system and trigger a READ operation prior to querying device characteristics to force the device to populate the mode pages. The additional READ is triggered by a flag set in the USB storage and UAS drivers. We avoid issuing the READ for other transport classes since some storage devices identify Linux through our particular discovery command sequence. Link: https://lore.kernel.org/r/20240213143306.2194237-1-martin.petersen@oracle.c… Fixes: 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") Cc: stable(a)vger.kernel.org Reported-by: Tasos Sahanidis <tasos(a)tasossah.com> Reviewed-by: Ewan D. Milne <emilne(a)redhat.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Tested-by: Tasos Sahanidis <tasos(a)tasossah.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 31b5273f43a7..349b1455a2c6 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3284,6 +3284,24 @@ static bool sd_validate_opt_xfer_size(struct scsi_disk *sdkp, return true; } +static void sd_read_block_zero(struct scsi_disk *sdkp) +{ + unsigned int buf_len = sdkp->device->sector_size; + char *buffer, cmd[10] = { }; + + buffer = kmalloc(buf_len, GFP_KERNEL); + if (!buffer) + return; + + cmd[0] = READ_10; + put_unaligned_be32(0, &cmd[2]); /* Logical block address 0 */ + put_unaligned_be16(1, &cmd[7]); /* Transfer 1 logical block */ + + scsi_execute_req(sdkp->device, cmd, DMA_FROM_DEVICE, buffer, buf_len, + NULL, SD_TIMEOUT, sdkp->max_retries, NULL); + kfree(buffer); +} + /** * sd_revalidate_disk - called the first time a new disk is seen, * performs disk spin up, read_capacity, etc. @@ -3323,7 +3341,13 @@ static int sd_revalidate_disk(struct gendisk *disk) */ if (sdkp->media_present) { sd_read_capacity(sdkp, buffer); - + /* + * Some USB/UAS devices return generic values for mode pages + * until the media has been accessed. Trigger a READ operation + * to force the device to populate mode pages. + */ + if (sdp->read_before_ms) + sd_read_block_zero(sdkp); /* * set the default to rotational. All non-rotational devices * support the block characteristics VPD page, which will diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index c54e9805da53..12cf9940e5b6 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -179,6 +179,13 @@ static int slave_configure(struct scsi_device *sdev) */ sdev->use_192_bytes_for_3f = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index de3836412bf3..ed22053b3252 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -878,6 +878,13 @@ static int uas_slave_configure(struct scsi_device *sdev) if (devinfo->flags & US_FL_CAPACITY_HEURISTICS) sdev->guess_capacity = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index d2751ed536df..1504d3137cc6 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -204,6 +204,7 @@ struct scsi_device { unsigned use_10_for_rw:1; /* first try 10-byte read / write */ unsigned use_10_for_ms:1; /* first try 10-byte mode sense/select */ unsigned set_dbd_for_ms:1; /* Set "DBD" field in mode sense */ + unsigned read_before_ms:1; /* perform a READ before MODE SENSE */ unsigned no_report_opcodes:1; /* no REPORT SUPPORTED OPERATION CODES */ unsigned no_write_same:1; /* no WRITE SAME command */ unsigned use_16_for_rw:1; /* Use read/write(16) over read/write(10) */

1 year, 7 months

3
2
0 0

v5.15+ backport request

by Ard Biesheuvel

please backport e7d24c0aa8e678f41 gcc-plugins/stackleak: Avoid .head.text section to stable kernels v5.15 and newer. This addresses the regression reported here: https://lkml.kernel.org/r/dc118105-b97c-4e51-9a42-a918fa875967%40hardfalcon… On v5.15, there is a dependency that needs to be backported first: ae978009fc013e3166c9f523f8b17e41a3c0286e gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text The particular issue that this patch fixes does not exist [yet] in v6.1 and v5.15, but I am working on backports that would introduce it. But even without those backports, this change is important as it prevents input sections from being instrumented by stackleak that may not tolerate this for other reasons too. Thanks, Ard.

1 year, 7 months

2
1
0 0

Hibernate stuck after recent kernel/workqueue.c changes in Stable 6.6.23

by Linux regression tracking (Thorsten Leemhuis)

Hi stable team, there is a report that the recent backport of 5797b1c18919cd ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") [from Tejun] to 6.6.y (as 5a70baec2294) broke hibernate for a user. 6.6.24-rc1 did not fix this problem; reverting the culprit does. > With kernel 6.6.23 hibernating usually hangs here: the display stays > on but the mouse pointer does not move and the keyboard does not work. > But SysRq REISUB does reboot. Sometimes it seems to hibernate: the > computer powers down and can be waked up and the previous display comes > visible, but it is stuck there. See https://bugzilla.kernel.org/show_bug.cgi?id=218658 for details. Note, you have to use bugzilla to reach the reporter, as I sadly[1] can not CCed them in mails like this. Side note: there is a mainline report about problems due to 5797b1c18919cd ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") as well, but it's about "nohz_full=0 prevents kernel from booting": https://bugzilla.kernel.org/show_bug.cgi?id=218665; will forward that separately to Tejun. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page. [1] because bugzilla.kernel.org tells users upon registration their "email address will never be displayed to logged out users" #regzbot introduced: 5a70baec2294e8a7d0fcc4558741c23e752dad #regzbot from: Petri Kaukasoina #regzbot duplicate: https://bugzilla.kernel.org/show_bug.cgi?id=218658 #regzbot title: workqueue: hubernate usually hangs when going to sleep #regzbot ignore-activity

1 year, 7 months

5
11
0 0

[REGRESSION] Loss of some SMART information in v6.1.81

by Cyril Brulebois

Hi, Munin uses the following command to get sensor-type information out of SMART-aware disks (e.g. temperature): /usr/sbin/smartctl -A --nocheck=standby -d ata /dev/sda This broke following an upgrade from v6.1.76 (as found in Debian 12) to v6.1.82 (as currently found in the proposed-updates repository for the next point release of Debian 12), with smartctl's now reporting: smartctl 7.3 2022-02-28 r5338 [x86_64-linux-6.1.0-19-amd64] (local build) Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org Device is in SLEEP mode, exit(2) This happens on baremetal with 2 pairs of disks: - 2×ST4000VN008-2DR1 (sda, sdb) - 2×ST8000VN004-2M21 (sdc, sdd) and that's an obvious lie with one pair doing system stuff and the other one doing media stuff. This also happens within a Debian 12 QEMU VM running on a Debian 12 libvirt host, when using a SATA disk, which is what I've used to test various builds from the stable/linux-6.1.y branch and associated tags. Building stable releases, I pinpointed it as a regression between v6.1.80 and v6.1.81, then pinpointed it to commit cf33e6ca12d8. #regzbot introduced: v6.1.80..v6.1.81 #regzbot introduced: cf33e6ca12d8 This is also affecting v6.1.84 and v6.1.85 (released during my git bisect session). Reported in Debian via: https://bugs.debian.org/1068675 (which included a trace with the distribution-provided v6.1.82 package). Most recent trace, with v6.1.85 (mainline, using the distribution's config but without any patches): [ 30.547027] ------------[ cut here ]------------ [ 30.547034] WARNING: CPU: 0 PID: 697 at drivers/scsi/scsi_lib.c:214 scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547082] Modules linked in: tls tun intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi aesni_intel snd_hda_codec crypto_simd cryptd rapl snd_hda_core snd_hwdep bochs drm_vram_helper pcspkr drm_ttm_helper snd_pcm iTCO_wdt snd_timer intel_pmc_bxt ttm iTCO_vendor_support snd watchdog soundcore virtio_console virtio_balloon drm_kms_helper button joydev evdev serio_raw sg binfmt_misc fuse loop drm efi_pstore dm_mod configfs qemu_fw_cfg virtio_rng ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci virtio_scsi virtio_blk virtio_net net_failover failover xhci_pci crct10dif_pclmul crct10dif_common crc32_pclmul libata crc32c_intel xhci_hcd psmouse i2c_i801 i2c_smbus scsi_mod scsi_common lpc_ich virtio_pci [ 30.547194] virtio_pci_legacy_dev virtio_pci_modern_dev usbcore usb_common virtio virtio_ring [ 30.547205] CPU: 0 PID: 697 Comm: smartctl Not tainted 6.1.85 #1 [ 30.547210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 30.547217] RIP: 0010:scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547247] Code: 55 48 89 fd 53 48 83 ec 10 4c 8b 64 24 50 48 89 0c 24 4d 85 e4 0f 84 02 02 00 00 49 83 3c 24 00 74 24 41 83 7c 24 08 60 74 1c <0f> 0b bd ea ff ff ff 48 83 c4 10 89 e8 5b 5d 41 5c 41 5d 41 5e 41 [ 30.547251] RSP: 0018:ffffa70f80defbd0 EFLAGS: 00010287 [ 30.547256] RAX: ffffa70f80defc30 RBX: ffff9ab18b085000 RCX: 0000000000000000 [ 30.547259] RDX: 0000000000000022 RSI: 0000000000000022 RDI: ffff9ab18b085000 [ 30.547262] RBP: ffff9ab18b085000 R08: 0000000000000000 R09: 00000000000009c4 [ 30.547265] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa70f80defc30 [ 30.547268] R13: 0000000000000000 R14: 00000000000009c4 R15: ffffa70f80defc60 [ 30.547271] FS: 00007f8ee64ad840(0000) GS:ffff9ab1bec00000(0000) knlGS:0000000000000000 [ 30.547275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.547278] CR2: 00007fff08df0bc0 CR3: 000000000439a003 CR4: 0000000000170ef0 [ 30.547291] Call Trace: [ 30.547296] <TASK> [ 30.547301] ? __warn+0x7d/0xc0 [ 30.547308] ? scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547338] ? report_bug+0xe2/0x150 [ 30.547348] ? handle_bug+0x41/0x70 [ 30.547354] ? exc_invalid_op+0x13/0x60 [ 30.547358] ? asm_exc_invalid_op+0x16/0x20 [ 30.547368] ? scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547397] ata_cmd_ioctl+0x144/0x2f0 [libata] [ 30.547448] scsi_ioctl+0x3f5/0x930 [scsi_mod] [ 30.547477] ? scsi_block_when_processing_errors+0x22/0x100 [scsi_mod] [ 30.547503] ? __mod_lruvec_page_state+0x93/0x140 [ 30.547508] ? scsi_ioctl_block_when_processing_errors+0x45/0x50 [scsi_mod] [ 30.547535] blkdev_ioctl+0x133/0x270 [ 30.547553] __x64_sys_ioctl+0x90/0xd0 [ 30.547564] do_syscall_64+0x55/0xb0 [ 30.547574] ? handle_mm_fault+0xdb/0x2d0 [ 30.547582] ? do_user_addr_fault+0x1b0/0x580 [ 30.547589] ? exit_to_user_mode_prepare+0x40/0x1e0 [ 30.547596] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 30.547608] RIP: 0033:0x7f8ee611cc5b [ 30.547617] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 30.547621] RSP: 002b:00007fff08df0960 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.547626] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f8ee611cc5b [ 30.547629] RDX: 00007fff08df0bc0 RSI: 000000000000031f RDI: 0000000000000003 [ 30.547632] RBP: 00007fff08df1040 R08: 0000000000000000 R09: 0000000000000000 [ 30.547634] R10: e7e85eefeeee1b19 R11: 0000000000000246 R12: 000056348ba28600 [ 30.547637] R13: 00007fff08df0bc0 R14: 00007fff08df12e0 R15: 0000000000000000 [ 30.547642] </TASK> [ 30.547644] ---[ end trace 0000000000000000 ]--- Cheers, -- Cyril Brulebois (kibi(a)debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant

1 year, 7 months

2
2
0 0

RE: [RFC] rtw88: Fix startup problems for SDIO wifi plus UART Bluetooth

by Ping-Ke Shih

Larry Finger <Larry.Finger(a)gmail.com> wrote: > As discussed in the links below, the SDIO part of RTW8821CS fails to > start correctly if such startup happens while the UART portion of > the chip is initializing. I checked with SDIO team internally, but they didn't meet this case, so we may take this workaround. SDIO team wonder if something other than BT cause this failure, and after system boots everything will be well. Could you boot the system without WiFi/BT drivers, but insmod drivers manually after booting? > --- > drivers/net/wireless/realtek/rtw88/sdio.c | 28 +++++++++++++++++++++++ > 1 file changed, 28 insertions(+) > > diff --git a/drivers/net/wireless/realtek/rtw88/sdio.c b/drivers/net/wireless/realtek/rtw88/sdio.c > index 0cae5746f540..eec0ad85be72 100644 > --- a/drivers/net/wireless/realtek/rtw88/sdio.c > +++ b/drivers/net/wireless/realtek/rtw88/sdio.c > @@ -1325,6 +1325,34 @@ int rtw_sdio_probe(struct sdio_func *sdio_func, [...] > + mdelay(500); Will it better to use sleep function?

1 year, 7 months

2
2
0 0

[RFC] rtw88: Fix startup problems for SDIO wifi plus UART Bluetooth

by Larry Finger

As discussed in the links below, the SDIO part of RTW8821CS fails to start correctly if such startup happens while the UART portion of the chip is initializing. The logged results with such failure is [ 10.230516] rtw_8821cs mmc3:0001:1: Start of rtw_sdio_probe [ 10.306569] Bluetooth: HCI UART driver ver 2.3 [ 10.306717] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 10.307167] of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' missing or empty [ 10.307199] dw-apb-uart fe650000.serial: failed to request DMA [ 10.543474] rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 [ 10.730744] rtw_8821cs mmc3:0001:1: sdio read32 failed (0x11080): -110 [ 10.730923] rtw_8821cs mmc3:0001:1: sdio write32 failed (0x11080): -110 Due to the above errors, wifi fails to work. For those instances when wifi works, the following is logged: [ 10.452861] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 10.453580] of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' missing or empty [ 10.453621] dw-apb-uart fe650000.serial: failed to request DMA [ 10.455741] rtw_8821cs mmc3:0001:1: Start of rtw_sdio_probe [ 10.639186] rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 In this case, SDIO wifi works correctly. The correct case is ensured by adding an mdelay(500) statement before the call to rtw_core_init(). No adverse effects are observed. Link: https://1EHFQ.trk.elasticemail.com/tracking/click?d=1UfsVowwwMAM6kBoyumkHP3… Link: https://1EHFQ.trk.elasticemail.com/tracking/click?d=XUEf4t8W9xt0czASPOeeDt8… Fixes: 65371a3f14e7 ("wifi: rtw88: sdio: Add HCI implementation for SDIO based chipsets") Signed-off-by: Larry Finger <Larry.Finger(a)gmail.com> Cc: stable(a)vger.kernel.org # v6.4+ --- drivers/net/wireless/realtek/rtw88/sdio.c | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/drivers/net/wireless/realtek/rtw88/sdio.c b/drivers/net/wireless/realtek/rtw88/sdio.c index 0cae5746f540..eec0ad85be72 100644 --- a/drivers/net/wireless/realtek/rtw88/sdio.c +++ b/drivers/net/wireless/realtek/rtw88/sdio.c @@ -1325,6 +1325,34 @@ int rtw_sdio_probe(struct sdio_func *sdio_func, rtwdev->hci.ops = &rtw_sdio_ops; rtwdev->hci.type = RTW_HCI_TYPE_SDIO; + /* Insert a delay of 500 ms. Without the delay, the wifi part + * and the UART that controls Bluetooth interfere with one + * another resulting in the following being logged: + * + * Start of SDIO probe function. + * Bluetooth: HCI UART driver ver 2.3 + * Bluetooth: HCI UART protocol Three-wire (H5) registered + * of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' + * missing or empty + * dw-apb-uart fe650000.serial: failed to request DMA +` * rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 + * rtw_8821cs mmc3:0001:1: sdio read32 failed (0x11080): -110 + * + * If the UART is finished initializing before the SDIO probe + * function startw, the following is logged: + * + * Bluetooth: HCI UART protocol Three-wire (H5) registered + * of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' + * missing or empty + * dw-apb-uart fe650000.serial: failed to request DMA + * Start of SDIO probe function. + * rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 + * Bluetooth: hci0: RTL: examining hci_ver=08 hci_rev=000c lmp_ver=08 lmp_subver=8821 + * SDIO wifi works correctly. + * + * No adverse effects are observed from the delay. + */ + mdelay(500); ret = rtw_core_init(rtwdev); if (ret) goto err_release_hw; -- 2.44.0 https://1EHFQ.trk.elasticemail.com/tracking/unsubscribe?d=XjvOA0R6jwFES_UmJ…

1 year, 7 months

1
0
0 0

Re: KASAN: slab-out-of-bounds Write in ops_init

by Eric Dumazet

On Wed, Apr 10, 2024 at 10:31 PM Cem Topcuoglu <topcuoglu.c(a)northeastern.edu> wrote: > > Hi, > > > > We encountered a bug labelled “KASAN: slab-out-of-bounds Write in ops_init” while fuzzing kernel version 5.15.124 with Syzkaller (lines exist in 5.15.154 as well). > > > > In the net_namespace.c file, we have an if condition at line 89. Subsequently, Syzkaller encounters the bug at line 90. > > > > 89 if (old_ng->s.len > id) { > > 90 old_ng->ptr[id] = data; > > 91 return 0; > > 92 } > > > > Upon inspecting the net_generic struct, we noticed that this struct uses union which puts the array and the header (including the array length information) together. > > We suspect that with this union, modifying the ng->ptr[0] is essentially modifying ng->s.len, which might fail the check in 89. This might be the cause for Syzkaller detecting this slab-out-of-bound. > Look for MIN_PERNET_OPS_ID (this should be 3) ng->ptr[0] , [1], [2] can not be overwritten. Do you have a repro ? Also please use the latest stable (5.15.154). > Since we are CS PhD students and Linux hobbyists, we do not have a full understanding of what could lead to this. We would really appreciate if you guys can share some insights into this matter : ) > > > > We attached the syzkaller’s bug report below. > > > > ================================================================== > > BUG: KASAN: slab-out-of-bounds in net_assign_generic > > usr/src/kernel/net/core/net_namespace.c:90 [inline] > > BUG: KASAN: slab-out-of-bounds in ops_init+0x44b/0x4d0 > > usr/src/kernel/net/core/net_namespace.c:129 > > Write of size 8 at addr ffff888043c62ae8 by task (coredump)/5424 > > CPU: 1 PID: 5424 Comm: (coredump) Not tainted 5.15.124-yocto-standard #1 > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 > > Call Trace: > > <TASK> > > __dump_stack usr/src/kernel/lib/dump_stack.c:88 [inline] > > dump_stack_lvl+0x51/0x70 usr/src/kernel/lib/dump_stack.c:106 > > print_address_description.constprop.0+0x24/0x140 usr/src/kernel/mm/kasan/report.c:248 > > __kasan_report usr/src/kernel/mm/kasan/report.c:434 [inline] > > kasan_report.cold+0x7d/0x117 usr/src/kernel/mm/kasan/report.c:451 > > __asan_report_store8_noabort+0x17/0x20 usr/src/kernel/mm/kasan/report_generic.c:314 > > net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] > > ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 > > setup_net+0x40a/0x970 usr/src/kernel/net/core/net_namespace.c:329 > > copy_net_ns+0x2ac/0x680 usr/src/kernel/net/core/net_namespace.c:473 > > create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 > > unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 > > ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 > > __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] > > __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] > > __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 > > do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x61/0xcb > > RIP: 0033:0x7fbafce1b39b > > Code: 73 01 c3 48 8b 0d 85 2a 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 > > 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 2a 0e 00 f7 > > d8 64 89 01 48 > > RSP: 002b:00007ffddc8dfda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 > > RAX: ffffffffffffffda RBX: 0000557e645dd018 RCX: 00007fbafce1b39b > > RDX: 0000000000000000 RSI: 00007ffddc8dfd10 RDI: 0000000040000000 > > RBP: 00007ffddc8dfde0 R08: 0000000000000000 R09: 00007ffd00000067 > > R10: 0000000000000000 R11: 0000000000000246 R12: 00000000fffffff5 > > R13: 00007fbafd26ba60 R14: 0000000040000000 R15: 0000000000000000 > > </TASK> > > Allocated by task 5424: > > kasan_save_stack+0x26/0x60 usr/src/kernel/mm/kasan/common.c:38 > > kasan_set_track usr/src/kernel/mm/kasan/common.c:46 [inline] > > set_alloc_info usr/src/kernel/mm/kasan/common.c:434 [inline] > > ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:513 [inline] > > ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:472 [inline] > > __kasan_kmalloc+0xae/0xe0 usr/src/kernel/mm/kasan/common.c:522 > > kasan_kmalloc usr/src/kernel/include/linux/kasan.h:264 [inline] > > __kmalloc+0x308/0x560 usr/src/kernel/mm/slub.c:4407 > > kmalloc usr/src/kernel/include/linux/slab.h:596 [inline] > > kzalloc usr/src/kernel/include/linux/slab.h:721 [inline] > > net_alloc_generic+0x28/0x80 usr/src/kernel/net/core/net_namespace.c:74 > > net_alloc usr/src/kernel/net/core/net_namespace.c:401 [inline] > > copy_net_ns+0xc3/0x680 usr/src/kernel/net/core/net_namespace.c:460 > > create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 > > unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 > > ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 > > __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] > > __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] > > __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 > > do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x61/0xcb > > The buggy address belongs to the object at ffff888043c62a00 > > which belongs to the cache kmalloc-256 of size 256 > > The buggy address is located 232 bytes inside of > > 256-byte region [ffff888043c62a00, ffff888043c62b00) > > The buggy address belongs to the page: > > page:000000008dd0a6b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43c62 > > head:000000008dd0a6b6 order:1 compound_mapcount:0 > > flags: 0x4000000000010200(slab|head|zone=1) > > raw: 4000000000010200 ffffea0001108f00 0000000700000007 ffff888001041b40 > > raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 > > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > > ffff888043c62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ffff888043c62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > >ffff888043c62a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc > > ^ > > ffff888043c62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ffff888043c62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ================================================================== > > kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) > > > > Best > >

1 year, 7 months

1
0
0 0

KASAN: slab-out-of-bounds Write in ops_init

by Cem Topcuoglu

Hi, We encountered a bug labelled “KASAN: slab-out-of-bounds Write in ops_init” while fuzzing kernel version 5.15.124 with Syzkaller (lines exist in 5.15.154 as well). In the net_namespace.c file, we have an if condition at line 89. Subsequently, Syzkaller encounters the bug at line 90. 89 if (old_ng->s.len > id) { 90 old_ng->ptr[id] = data; 91 return 0; 92 } Upon inspecting the net_generic struct, we noticed that this struct uses union which puts the array and the header (including the array length information) together. We suspect that with this union, modifying the ng->ptr[0] is essentially modifying ng->s.len, which might fail the check in 89. This might be the cause for Syzkaller detecting this slab-out-of-bound. Since we are CS PhD students and Linux hobbyists, we do not have a full understanding of what could lead to this. We would really appreciate if you guys can share some insights into this matter : ) We attached the syzkaller’s bug report below. ================================================================== BUG: KASAN: slab-out-of-bounds in net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] BUG: KASAN: slab-out-of-bounds in ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 Write of size 8 at addr ffff888043c62ae8 by task (coredump)/5424 CPU: 1 PID: 5424 Comm: (coredump) Not tainted 5.15.124-yocto-standard #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: <TASK> __dump_stack usr/src/kernel/lib/dump_stack.c:88 [inline] dump_stack_lvl+0x51/0x70 usr/src/kernel/lib/dump_stack.c:106 print_address_description.constprop.0+0x24/0x140 usr/src/kernel/mm/kasan/report.c:248 __kasan_report usr/src/kernel/mm/kasan/report.c:434 [inline] kasan_report.cold+0x7d/0x117 usr/src/kernel/mm/kasan/report.c:451 __asan_report_store8_noabort+0x17/0x20 usr/src/kernel/mm/kasan/report_generic.c:314 net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 setup_net+0x40a/0x970 usr/src/kernel/net/core/net_namespace.c:329 copy_net_ns+0x2ac/0x680 usr/src/kernel/net/core/net_namespace.c:473 create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7fbafce1b39b Code: 73 01 c3 48 8b 0d 85 2a 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 2a 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007ffddc8dfda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000557e645dd018 RCX: 00007fbafce1b39b RDX: 0000000000000000 RSI: 00007ffddc8dfd10 RDI: 0000000040000000 RBP: 00007ffddc8dfde0 R08: 0000000000000000 R09: 00007ffd00000067 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000fffffff5 R13: 00007fbafd26ba60 R14: 0000000040000000 R15: 0000000000000000 </TASK> Allocated by task 5424: kasan_save_stack+0x26/0x60 usr/src/kernel/mm/kasan/common.c:38 kasan_set_track usr/src/kernel/mm/kasan/common.c:46 [inline] set_alloc_info usr/src/kernel/mm/kasan/common.c:434 [inline] ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:513 [inline] ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:472 [inline] __kasan_kmalloc+0xae/0xe0 usr/src/kernel/mm/kasan/common.c:522 kasan_kmalloc usr/src/kernel/include/linux/kasan.h:264 [inline] __kmalloc+0x308/0x560 usr/src/kernel/mm/slub.c:4407 kmalloc usr/src/kernel/include/linux/slab.h:596 [inline] kzalloc usr/src/kernel/include/linux/slab.h:721 [inline] net_alloc_generic+0x28/0x80 usr/src/kernel/net/core/net_namespace.c:74 net_alloc usr/src/kernel/net/core/net_namespace.c:401 [inline] copy_net_ns+0xc3/0x680 usr/src/kernel/net/core/net_namespace.c:460 create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb The buggy address belongs to the object at ffff888043c62a00 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 232 bytes inside of 256-byte region [ffff888043c62a00, ffff888043c62b00) The buggy address belongs to the page: page:000000008dd0a6b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43c62 head:000000008dd0a6b6 order:1 compound_mapcount:0 flags: 0x4000000000010200(slab|head|zone=1) raw: 4000000000010200 ffffea0001108f00 0000000700000007 ffff888001041b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888043c62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888043c62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888043c62a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc ^ ffff888043c62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888043c62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) Best

1 year, 7 months

1
0
0 0

+ fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fork: defer linking file vma until vma is fully initialized has been added to the -mm mm-hotfixes-unstable branch. Its filename is fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: fork: defer linking file vma until vma is fully initialized Date: Wed, 10 Apr 2024 17:14:41 +0800 Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) --- a/kernel/fork.c~fork-defer-linking-file-vma-until-vma-is-fully-initialized +++ a/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(str } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(str i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out; _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 7 months

1
0
0 0

[PATCH 6.1 000/138] 6.1.85-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/x86/Kconfig | 25 ++++ arch/x86/coco/core.c | 41 +++++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 +++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 15 ++- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 37 +++++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 +++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 167 files changed, 1799 insertions(+), 555 deletions(-)

1 year, 7 months

7
6
0 0

Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y)

by Salvatore Bonaccorso

Hi Greg, Sasha, Thadeu, Today there was mentioning of https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html a LPE from the n_gsm module. I do realize, Thadeu mentioned the possible attack surface already back in https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@quatroqueijos.cascardo.eti.br/… Published exploits are referenced as well through the potential initial finder in https://github.com/YuriiCrimson/ExploitGSM . While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") is not the fix itself, it helps mitigating against this issue. Thus can you consider applying this still to the stable series as needed? I think it should go at least back to 5.15.y but if Iunderstood Thadeu correctly then even further back to the still supported stable branches. What do you think? Regards, Salvatore

1 year, 7 months

2
1
0 0

[PATCH 6.8 000/280] 6.8.5-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 280 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc3.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 +++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++ arch/x86/entry/entry_64_compat.S | 16 ++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 ++ arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/bugs.c | 121 ++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 342 files changed, 3587 insertions(+), 1739 deletions(-)

1 year, 7 months

8
7
0 0

RE: [EXTERNAL] Patch "smb: client: reuse file lease key in compound operations" has been added to the 6.8-stable tree

by Meetakshi Setiya

Hi This patch is a part of a patch series and I do not think it should be applied without the other patches since this patch when applied individually introduces some regressions. It would be good if we could hold off adding it for a few days as there is one more fix for this series that needs to go to mainline. Thanks Meetakshi -----Original Message----- From: Sasha Levin <sashal(a)kernel.org> Sent: Wednesday, April 10, 2024 9:31 PM To: stable-commits(a)vger.kernel.org; Meetakshi Setiya <msetiya(a)microsoft.com> Cc: Steve French <sfrench(a)samba.org>; Paulo Alcantara (SUSE) <pc(a)manguebit.com>; Ronnie Sahlberg <ronniesahlberg(a)gmail.com>; Shyam Prasad <Shyam.Prasad(a)microsoft.com>; tom <tom(a)talpey.com>; Bharath S M <bharathsm(a)microsoft.com> Subject: [EXTERNAL] Patch "smb: client: reuse file lease key in compound operations" has been added to the 6.8-stable tree This is a note to let you know that I've just added the patch titled smb: client: reuse file lease key in compound operations to the 6.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: smb-client-reuse-file-lease-key-in-compound-operatio.patch and it can be found in the queue-6.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. commit 023302dc27b26e743a30097b0bbbe7b139ac1b50 Author: Meetakshi Setiya <msetiya(a)microsoft.com> Date: Tue Mar 5 22:43:51 2024 -0500 smb: client: reuse file lease key in compound operations [ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ] Currently, when a rename, unlink or set path size compound operation is requested on a file that has a lot of dirty pages to be written to the server, we do not send the lease key for these requests. As a result, the server can assume that this request is from a new client, and send a lease break notification to the same client, on the same connection. As a response to the lease break, the client can consume several credits to write the dirty pages to the server. Depending on the server's credit grant implementation, the server can stop granting more credits to this connection, and this can cause a deadlock (which can only be resolved when the lease timer on the server expires). One of the problems here is that the client is sending no lease key, even if it has a lease for the file. This patch fixes the problem by reusing the existing lease key on the file for rename, unlink and set path size compound operations so that the client does not break its own lease. A very trivial example could be a set of commands by a client that maintains open handle (for write) to a file and then tries to copy the contents of that file to another one, eg., tail -f /dev/null > myfile & mv myfile myfile2 Presently, the network capture on the client shows that the move (or rename) would trigger a lease break on the same client, for the same file. With the lease key reused, the lease break request-response overhead is eliminated, thereby reducing the roundtrips performed for this set of operations. The patch fixes the bug described above and also provides perf benefit. Signed-off-by: Meetakshi Setiya <msetiya(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 844afda090d05..0870a74a53bf1 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -374,7 +374,8 @@ struct smb_version_operations { struct cifs_open_info_data *data); /* set size by path */ int (*set_path_size)(const unsigned int, struct cifs_tcon *, - const char *, __u64, struct cifs_sb_info *, bool); + const char *, __u64, struct cifs_sb_info *, bool, + struct dentry *); /* set size by file handle */ int (*set_file_size)(const unsigned int, struct cifs_tcon *, struct cifsFileInfo *, __u64, bool); @@ -404,7 +405,7 @@ struct smb_version_operations { struct cifs_sb_info *); /* unlink file */ int (*unlink)(const unsigned int, struct cifs_tcon *, const char *, - struct cifs_sb_info *); + struct cifs_sb_info *, struct dentry *); /* open, rename and delete file */ int (*rename_pending_delete)(const char *, struct dentry *, const unsigned int); diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 996ca413dd8bd..e9b38b279a6c5 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -404,7 +404,8 @@ extern int CIFSSMBSetFileDisposition(const unsigned int xid, __u32 pid_of_opener); extern int CIFSSMBSetEOF(const unsigned int xid, struct cifs_tcon *tcon, const char *file_name, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_allocation); + struct cifs_sb_info *cifs_sb, bool set_allocation, + struct dentry *dentry); extern int CIFSSMBSetFileSize(const unsigned int xid, struct cifs_tcon *tcon, struct cifsFileInfo *cfile, __u64 size, bool set_allocation); @@ -440,7 +441,8 @@ extern int CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nls_codepage, int remap_special_chars); extern int CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, - const char *name, struct cifs_sb_info *cifs_sb); + const char *name, struct cifs_sb_info *cifs_sb, + struct dentry *dentry); int CIFSSMBRename(const unsigned int xid, struct cifs_tcon *tcon, struct dentry *source_dentry, const char *from_name, const char *to_name, diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index 01e89070df5ab..301189ee1335b 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -738,7 +738,7 @@ CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon, int CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, const char *name, - struct cifs_sb_info *cifs_sb) + struct cifs_sb_info *cifs_sb, struct dentry *dentry) { DELETE_FILE_REQ *pSMB = NULL; DELETE_FILE_RSP *pSMBr = NULL; @@ -4993,7 +4993,7 @@ CIFSSMBQFSPosixInfo(const unsigned int xid, struct cifs_tcon *tcon, int CIFSSMBSetEOF(const unsigned int xid, struct cifs_tcon *tcon, const char *file_name, __u64 size, struct cifs_sb_info *cifs_sb, - bool set_allocation) + bool set_allocation, struct dentry *dentry) { struct smb_com_transaction2_spi_req *pSMB = NULL; struct smb_com_transaction2_spi_rsp *pSMBr = NULL; diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c index 4c3dec384f922..0aba29d2c5a2e 100644 --- a/fs/smb/client/inode.c +++ b/fs/smb/client/inode.c @@ -1849,7 +1849,7 @@ int cifs_unlink(struct inode *dir, struct dentry *dentry) goto psx_del_no_retry; } - rc = server->ops->unlink(xid, tcon, full_path, cifs_sb); + rc = server->ops->unlink(xid, tcon, full_path, cifs_sb, dentry); psx_del_no_retry: if (!rc) { @@ -2800,7 +2800,7 @@ void cifs_setsize(struct inode *inode, loff_t offset) static int cifs_set_file_size(struct inode *inode, struct iattr *attrs, - unsigned int xid, const char *full_path) + unsigned int xid, const char *full_path, struct dentry *dentry) { int rc; struct cifsFileInfo *open_file; @@ -2851,7 +2851,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs, */ if (server->ops->set_path_size) rc = server->ops->set_path_size(xid, tcon, full_path, - attrs->ia_size, cifs_sb, false); + attrs->ia_size, cifs_sb, false, dentry); else rc = -ENOSYS; cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc); @@ -2941,7 +2941,7 @@ cifs_setattr_unix(struct dentry *direntry, struct iattr *attrs) rc = 0; if (attrs->ia_valid & ATTR_SIZE) { - rc = cifs_set_file_size(inode, attrs, xid, full_path); + rc = cifs_set_file_size(inode, attrs, xid, full_path, direntry); if (rc != 0) goto out; } @@ -3108,7 +3108,7 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs) } if (attrs->ia_valid & ATTR_SIZE) { - rc = cifs_set_file_size(inode, attrs, xid, full_path); + rc = cifs_set_file_size(inode, attrs, xid, full_path, direntry); if (rc != 0) goto cifs_setattr_exit; } diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c index 05818cd6d932e..69f3442c5b963 100644 --- a/fs/smb/client/smb2inode.c +++ b/fs/smb/client/smb2inode.c @@ -98,7 +98,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, __u32 desired_access, __u32 create_disposition, __u32 create_options, umode_t mode, struct kvec *in_iov, int *cmds, int num_cmds, struct cifsFileInfo *cfile, - struct kvec *out_iov, int *out_buftype) + struct kvec *out_iov, int *out_buftype, struct dentry *dentry) { struct reparse_data_buffer *rbuf; @@ -115,6 +115,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, int resp_buftype[MAX_COMPOUND]; struct smb2_query_info_rsp *qi_rsp = NULL; struct cifs_open_info_data *idata; + struct inode *inode = NULL; int flags = 0; __u8 delete_pending[8] = {1, 0, 0, 0, 0, 0, 0, 0}; unsigned int size[2]; @@ -152,6 +153,15 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, goto finished; } + /* if there is an existing lease, reuse it */ + if (dentry) { + inode = d_inode(dentry); + if (CIFS_I(inode)->lease_granted && server->ops->get_lease_key) { + oplock = SMB2_OPLOCK_LEVEL_LEASE; + server->ops->get_lease_key(inode, &fid); + } + } + vars->oparms = (struct cifs_open_parms) { .tcon = tcon, .path = full_path, @@ -747,7 +757,7 @@ int smb2_query_path_info(const unsigned int xid, rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, FILE_READ_ATTRIBUTES, FILE_OPEN, create_options, ACL_NO_MODE, in_iov, - cmds, 1, cfile, out_iov, out_buftype); + cmds, 1, cfile, out_iov, out_buftype, NULL); hdr = out_iov[0].iov_base; /* * If first iov is unset, then SMB session was dropped or we've got a @@ -779,7 +789,7 @@ int smb2_query_path_info(const unsigned int xid, rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, FILE_READ_ATTRIBUTES, FILE_OPEN, create_options, ACL_NO_MODE, in_iov, - cmds, num_cmds, cfile, NULL, NULL); + cmds, num_cmds, cfile, NULL, NULL, NULL); break; case -EREMOTE: break; @@ -811,7 +821,7 @@ smb2_mkdir(const unsigned int xid, struct inode *parent_inode, umode_t mode, FILE_WRITE_ATTRIBUTES, FILE_CREATE, CREATE_NOT_FILE, mode, NULL, &(int){SMB2_OP_MKDIR}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, NULL); } void @@ -836,7 +846,7 @@ smb2_mkdir_setinfo(struct inode *inode, const char *name, FILE_WRITE_ATTRIBUTES, FILE_CREATE, CREATE_NOT_FILE, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_INFO}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); if (tmprc == 0) cifs_i->cifsAttrs = dosattrs; } @@ -850,25 +860,26 @@ smb2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, const char *name, DELETE, FILE_OPEN, CREATE_NOT_FILE, ACL_NO_MODE, NULL, &(int){SMB2_OP_RMDIR}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, NULL); } int smb2_unlink(const unsigned int xid, struct cifs_tcon *tcon, const char *name, - struct cifs_sb_info *cifs_sb) + struct cifs_sb_info *cifs_sb, struct dentry *dentry) { return smb2_compound_op(xid, tcon, cifs_sb, name, DELETE, FILE_OPEN, CREATE_DELETE_ON_CLOSE | OPEN_REPARSE_POINT, ACL_NO_MODE, NULL, &(int){SMB2_OP_DELETE}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, dentry); } static int smb2_set_path_attr(const unsigned int xid, struct cifs_tcon *tcon, const char *from_name, const char *to_name, struct cifs_sb_info *cifs_sb, __u32 create_options, __u32 access, - int command, struct cifsFileInfo *cfile) + int command, struct cifsFileInfo *cfile, + struct dentry *dentry) { struct kvec in_iov; __le16 *smb2_to_name = NULL; @@ -883,7 +894,7 @@ static int smb2_set_path_attr(const unsigned int xid, struct cifs_tcon *tcon, in_iov.iov_len = 2 * UniStrnlen((wchar_t *)smb2_to_name, PATH_MAX); rc = smb2_compound_op(xid, tcon, cifs_sb, from_name, access, FILE_OPEN, create_options, ACL_NO_MODE, - &in_iov, &command, 1, cfile, NULL, NULL); + &in_iov, &command, 1, cfile, NULL, NULL, dentry); smb2_rename_path: kfree(smb2_to_name); return rc; @@ -902,7 +913,7 @@ int smb2_rename_path(const unsigned int xid, cifs_get_writable_path(tcon, from_name, FIND_WR_WITH_DELETE, &cfile); return smb2_set_path_attr(xid, tcon, from_name, to_name, cifs_sb, - co, DELETE, SMB2_OP_RENAME, cfile); + co, DELETE, SMB2_OP_RENAME, cfile, source_dentry); } int smb2_create_hardlink(const unsigned int xid, @@ -915,13 +926,14 @@ int smb2_create_hardlink(const unsigned int xid, return smb2_set_path_attr(xid, tcon, from_name, to_name, cifs_sb, co, FILE_READ_ATTRIBUTES, - SMB2_OP_HARDLINK, NULL); + SMB2_OP_HARDLINK, NULL, NULL); } int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, const char *full_path, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_alloc) + struct cifs_sb_info *cifs_sb, bool set_alloc, + struct dentry *dentry) { struct cifsFileInfo *cfile; struct kvec in_iov; @@ -934,7 +946,7 @@ smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, FILE_WRITE_DATA, FILE_OPEN, 0, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_EOF}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, dentry); } int @@ -963,7 +975,7 @@ smb2_set_file_info(struct inode *inode, const char *full_path, FILE_WRITE_ATTRIBUTES, FILE_OPEN, 0, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_INFO}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); cifs_put_tlink(tlink); return rc; } @@ -998,7 +1010,7 @@ struct inode *smb2_get_reparse_inode(struct cifs_open_info_data *data, cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, da, cd, co, ACL_NO_MODE, in_iov, - cmds, 2, cfile, NULL, NULL); + cmds, 2, cfile, NULL, NULL, NULL); if (!rc) { rc = smb311_posix_get_inode_info(&new, full_path, data, sb, xid); @@ -1008,7 +1020,7 @@ struct inode *smb2_get_reparse_inode(struct cifs_open_info_data *data, cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, da, cd, co, ACL_NO_MODE, in_iov, - cmds, 2, cfile, NULL, NULL); + cmds, 2, cfile, NULL, NULL, NULL); if (!rc) { rc = cifs_get_inode_info(&new, full_path, data, sb, xid, NULL); @@ -1036,7 +1048,7 @@ int smb2_query_reparse_point(const unsigned int xid, FILE_READ_ATTRIBUTES, FILE_OPEN, OPEN_REPARSE_POINT, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_GET_REPARSE}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); if (rc) goto out; diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h index b3069911e9dd8..221143788a1c0 100644 --- a/fs/smb/client/smb2proto.h +++ b/fs/smb/client/smb2proto.h @@ -75,7 +75,8 @@ int smb2_query_path_info(const unsigned int xid, struct cifs_open_info_data *data); extern int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, const char *full_path, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_alloc); + struct cifs_sb_info *cifs_sb, bool set_alloc, + struct dentry *dentry); extern int smb2_set_file_info(struct inode *inode, const char *full_path, FILE_BASIC_INFO *buf, const unsigned int xid); extern int smb311_posix_mkdir(const unsigned int xid, struct inode *inode, @@ -91,7 +92,8 @@ extern void smb2_mkdir_setinfo(struct inode *inode, const char *full_path, extern int smb2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, const char *name, struct cifs_sb_info *cifs_sb); extern int smb2_unlink(const unsigned int xid, struct cifs_tcon *tcon, - const char *name, struct cifs_sb_info *cifs_sb); + const char *name, struct cifs_sb_info *cifs_sb, + struct dentry *dentry); int smb2_rename_path(const unsigned int xid, struct cifs_tcon *tcon, struct dentry *source_dentry,

1 year, 7 months

1
0
0 0

[PATCH 6.6 000/255] 6.6.26-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 255 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++- Documentation/admin-guide/kernel-parameters.txt | 12 + Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 ++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 21 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 88 +++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 126 +++++- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 - arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +--- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 355 files changed, 4162 insertions(+), 2344 deletions(-)

1 year, 7 months

6
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror