- Linux-stable-mirror - lists.linaro.org

[merged mm-hotfixes-stable] crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: crash: use macro to add crashk_res into iomem early for specific arch has been removed from the -mm tree. Its filename was crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: crash: use macro to add crashk_res into iomem early for specific arch Date: Mon, 25 Mar 2024 09:50:50 +0800 There are regression reports[1][2] that crashkernel region on x86_64 can't be added into iomem tree sometime. This causes the later failure of kdump loading. This happened after commit 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") was merged. Even though, these reported issues are proved to be related to other component, they are just exposed after above commmit applied, I still would like to keep crashk_res and crashk_low_res being added into iomem early as before because the early adding has been always there on x86_64 and working very well. For safety of kdump, Let's change it back. Here, add a macro HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY to limit that only ARCH defining the macro can have the early adding crashk_res/_low_res into iomem. Then define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY on x86 to enable it. Note: In reserve_crashkernel_low(), there's a remnant of crashk_low_res handling which was mistakenly added back in commit 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c"). [1] [PATCH V2] x86/kexec: do not update E820 kexec table for setup_data https://lore.kernel.org/all/Zfv8iCL6CT2JqLIC@darkstar.users.ipa.redhat.com/… [2] Question about Address Range Validation in Crash Kernel Allocation https://lore.kernel.org/all/4eeac1f733584855965a2ea62fa4da58@huawei.com/T/#u Link: https://lkml.kernel.org/r/ZgDYemRQ2jxjLkq+@MiWiFi-R3L-srv Fixes: 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") Signed-off-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Huacai Chen <chenhuacai(a)loongson.cn> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Jiri Bohac <jbohac(a)suse.cz> Cc: Li Huafei <lihuafei1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/crash_reserve.h | 2 ++ kernel/crash_reserve.c | 7 +++++++ 2 files changed, 9 insertions(+) --- a/arch/x86/include/asm/crash_reserve.h~crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch +++ a/arch/x86/include/asm/crash_reserve.h @@ -39,4 +39,6 @@ static inline unsigned long crash_low_si #endif } +#define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + #endif /* _X86_CRASH_RESERVE_H */ --- a/kernel/crash_reserve.c~crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch +++ a/kernel/crash_reserve.c @@ -366,8 +366,10 @@ static int __init reserve_crashkernel_lo crashk_low_res.start = low_base; crashk_low_res.end = low_base + low_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY insert_resource(&iomem_resource, &crashk_low_res); #endif +#endif return 0; } @@ -448,8 +450,12 @@ retry: crashk_res.start = crash_base; crashk_res.end = crash_base + crash_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + insert_resource(&iomem_resource, &crashk_res); +#endif } +#ifndef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY static __init int insert_crashkernel_resources(void) { if (crashk_res.start < crashk_res.end) @@ -462,3 +468,4 @@ static __init int insert_crashkernel_res } early_initcall(insert_crashkernel_resources); #endif +#endif _ Patches currently in -mm which might be from bhe(a)redhat.com are mm-vmallocc-optimize-to-reduce-arguments-of-alloc_vmap_area.patch x86-remove-unneeded-memblock_find_dma_reserve.patch mm-mm_initc-remove-the-useless-dma_reserve.patch mm-mm_initc-add-new-function-calc_nr_all_pages.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core.patch mm-mm_initc-remove-unneeded-calc_memmap_size.patch mm-mm_initc-remove-arch_reserved_kernel_pages.patch

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices has been removed from the -mm tree. Its filename was mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices Date: Sun, 24 Mar 2024 17:04:47 -0400 Zhongkun He reports data corruption when combining zswap with zram. The issue is the exclusive loads we're doing in zswap. They assume that all reads are going into the swapcache, which can assume authoritative ownership of the data and so the zswap copy can go. However, zram files are marked SWP_SYNCHRONOUS_IO, and faults will try to bypass the swapcache. This results in an optimistic read of the swap data into a page that will be dismissed if the fault fails due to races. In this case, zswap mustn't drop its authoritative copy. Link: https://lore.kernel.org/all/CACSyD1N+dUvsu8=zV9P691B9bVq33erwOXNTmEaUbi9DrD… Fixes: b9c91c43412f ("mm: zswap: support exclusive loads") Link: https://lkml.kernel.org/r/20240324210447.956973-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Tested-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Chris Li <chrisl(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-data-loss-on-swp_synchronous_io-devices +++ a/mm/zswap.c @@ -1636,6 +1636,7 @@ bool zswap_load(struct folio *folio) swp_entry_t swp = folio->swap; pgoff_t offset = swp_offset(swp); struct page *page = &folio->page; + bool swapcache = folio_test_swapcache(folio); struct zswap_tree *tree = swap_zswap_tree(swp); struct zswap_entry *entry; u8 *dst; @@ -1648,7 +1649,20 @@ bool zswap_load(struct folio *folio) spin_unlock(&tree->lock); return false; } - zswap_rb_erase(&tree->rbroot, entry); + /* + * When reading into the swapcache, invalidate our entry. The + * swapcache can be the authoritative owner of the page and + * its mappings, and the pressure that results from having two + * in-memory copies outweighs any benefits of caching the + * compression work. + * + * (Most swapins go through the swapcache. The notable + * exception is the singleton fault on SWP_SYNCHRONOUS_IO + * files, which reads into a private page and may free it if + * the fault fails. We remain the primary owner of the entry.) + */ + if (swapcache) + zswap_rb_erase(&tree->rbroot, entry); spin_unlock(&tree->lock); if (entry->length) @@ -1663,9 +1677,10 @@ bool zswap_load(struct folio *folio) if (entry->objcg) count_objcg_event(entry->objcg, ZSWPIN); - zswap_entry_free(entry); - - folio_mark_dirty(folio); + if (swapcache) { + zswap_entry_free(entry); + folio_mark_dirty(folio); + } return true; } _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-zswap-optimize-zswap-pool-size-tracking.patch mm-zpool-return-pool-size-in-pages.patch mm-page_alloc-remove-pcppage-migratetype-caching.patch mm-page_alloc-optimize-free_unref_folios.patch mm-page_alloc-fix-up-block-types-when-merging-compatible-blocks.patch mm-page_alloc-move-free-pages-when-converting-block-during-isolation.patch mm-page_alloc-fix-move_freepages_block-range-error.patch mm-page_alloc-fix-freelist-movement-during-block-conversion.patch mm-page_alloc-close-migratetype-race-between-freeing-and-stealing.patch mm-page_isolation-prepare-for-hygienic-freelists.patch mm-page_isolation-prepare-for-hygienic-freelists-fix.patch mm-page_alloc-consolidate-free-page-accounting.patch

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix ARM related issue with fork after pthread_create has been removed from the -mm tree. Its filename was selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: fix ARM related issue with fork after pthread_create Date: Mon, 25 Mar 2024 19:40:52 +0000 Following issue was observed while running the uffd-unit-tests selftest on ARM devices. On x86_64 no issues were detected: pthread_create followed by fork caused deadlock in certain cases wherein fork required some work to be completed by the created thread. Used synchronization to ensure that created thread's start function has started before invoking fork. [edliaw(a)google.com: refactored to use atomic_bool] Link: https://lkml.kernel.org/r/20240325194100.775052-1-edliaw@google.com Fixes: 760aee0b71e3 ("selftests/mm: add tests for RO pinning vs fork()") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Signed-off-by: Edward Liaw <edliaw(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-common.c | 3 +++ tools/testing/selftests/mm/uffd-common.h | 2 ++ tools/testing/selftests/mm/uffd-unit-tests.c | 10 ++++++++++ 3 files changed, 15 insertions(+) --- a/tools/testing/selftests/mm/uffd-common.c~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-common.c @@ -18,6 +18,7 @@ bool test_uffdio_wp = true; unsigned long long *count_verify; uffd_test_ops_t *uffd_test_ops; uffd_test_case_ops_t *uffd_test_case_ops; +atomic_bool ready_for_fork; static int uffd_mem_fd_create(off_t mem_size, bool hugetlb) { @@ -518,6 +519,8 @@ void *uffd_poll_thread(void *arg) pollfd[1].fd = pipefd[cpu*2]; pollfd[1].events = POLLIN; + ready_for_fork = true; + for (;;) { ret = poll(pollfd, 2, -1); if (ret <= 0) { --- a/tools/testing/selftests/mm/uffd-common.h~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-common.h @@ -32,6 +32,7 @@ #include <inttypes.h> #include <stdint.h> #include <sys/random.h> +#include <stdatomic.h> #include "../kselftest.h" #include "vm_util.h" @@ -103,6 +104,7 @@ extern bool map_shared; extern bool test_uffdio_wp; extern unsigned long long *count_verify; extern volatile bool test_uffdio_copy_eexist; +extern atomic_bool ready_for_fork; extern uffd_test_ops_t anon_uffd_test_ops; extern uffd_test_ops_t shmem_uffd_test_ops; --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -775,6 +775,8 @@ static void uffd_sigbus_test_common(bool char c; struct uffd_args args = { 0 }; + ready_for_fork = false; + fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, @@ -790,6 +792,9 @@ static void uffd_sigbus_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); + while (!ready_for_fork) + ; /* Wait for the poll_thread to start executing before forking */ + pid = fork(); if (pid < 0) err("fork"); @@ -829,6 +834,8 @@ static void uffd_events_test_common(bool char c; struct uffd_args args = { 0 }; + ready_for_fork = false; + fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, true, wp, false)) @@ -838,6 +845,9 @@ static void uffd_events_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); + while (!ready_for_fork) + ; /* Wait for the poll_thread to start executing before forking */ + pid = fork(); if (pid < 0) err("fork"); _ Patches currently in -mm which might be from edliaw(a)google.com are

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] hexagon-vmlinuxldss-handle-attributes-section.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hexagon: vmlinux.lds.S: handle attributes section has been removed from the -mm tree. Its filename was hexagon-vmlinuxldss-handle-attributes-section.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Nathan Chancellor <nathan(a)kernel.org> Subject: hexagon: vmlinux.lds.S: handle attributes section Date: Tue, 19 Mar 2024 17:37:46 -0700 After the linked LLVM change, the build fails with CONFIG_LD_ORPHAN_WARN_LEVEL="error", which happens with allmodconfig: ld.lld: error: vmlinux.a(init/main.o):(.hexagon.attributes) is being placed in '.hexagon.attributes' Handle the attributes section in a similar manner as arm and riscv by adding it after the primary ELF_DETAILS grouping in vmlinux.lds.S, which fixes the error. Link: https://lkml.kernel.org/r/20240319-hexagon-handle-attributes-section-vmlinu… Fixes: 113616ec5b64 ("hexagon: select ARCH_WANT_LD_ORPHAN_WARN") Link: https://github.com/llvm/llvm-project/commit/31f4b329c8234fab9afa59494d7f8bd… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Brian Cain <bcain(a)quicinc.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/hexagon/kernel/vmlinux.lds.S | 1 + 1 file changed, 1 insertion(+) --- a/arch/hexagon/kernel/vmlinux.lds.S~hexagon-vmlinuxldss-handle-attributes-section +++ a/arch/hexagon/kernel/vmlinux.lds.S @@ -63,6 +63,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG ELF_DETAILS + .hexagon.attributes 0 : { *(.hexagon.attributes) } DISCARDS } _ Patches currently in -mm which might be from nathan(a)kernel.org are

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] tmpfs-fix-race-on-handling-dquot-rbtree.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: tmpfs: fix race on handling dquot rbtree has been removed from the -mm tree. Its filename was tmpfs-fix-race-on-handling-dquot-rbtree.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Carlos Maiolino <cem(a)kernel.org> Subject: tmpfs: fix race on handling dquot rbtree Date: Wed, 20 Mar 2024 13:39:59 +0100 A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree. Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts: Thread 1 Thread 2 - shmem_release_dquot() - shmem_{acquire,release}_dquot() - fetch ROOT - Fetch ROOT - acquire dqio_sem - wait dqio_sem - do something, triger a tree rebalance - release dqio_sem - acquire dqio_sem - start searching for the node, but from the wrong location, missing the node, and triggering a warning. Link: https://lkml.kernel.org/r/20240320124011.398847-1-cem@kernel.org Fixes: eafc474e2029 ("shmem: prepare shmem quota infrastructure") Signed-off-by: Carlos Maiolino <cmaiolino(a)redhat.com> Reported-by: Ubisectech Sirius <bugreport(a)ubisectech.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem_quota.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/shmem_quota.c~tmpfs-fix-race-on-handling-dquot-rbtree +++ a/mm/shmem_quota.c @@ -116,7 +116,7 @@ static int shmem_free_file_info(struct s static int shmem_get_next_id(struct super_block *sb, struct kqid *qid) { struct mem_dqinfo *info = sb_dqinfo(sb, qid->type); - struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node; + struct rb_node *node; qid_t id = from_kqid(&init_user_ns, *qid); struct quota_info *dqopt = sb_dqopt(sb); struct quota_id *entry = NULL; @@ -126,6 +126,7 @@ static int shmem_get_next_id(struct supe return -ESRCH; down_read(&dqopt->dqio_sem); + node = ((struct rb_root *)info->dqi_priv)->rb_node; while (node) { entry = rb_entry(node, struct quota_id, node); @@ -165,7 +166,7 @@ out_unlock: static int shmem_acquire_dquot(struct dquot *dquot) { struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type); - struct rb_node **n = &((struct rb_root *)info->dqi_priv)->rb_node; + struct rb_node **n; struct shmem_sb_info *sbinfo = dquot->dq_sb->s_fs_info; struct rb_node *parent = NULL, *new_node = NULL; struct quota_id *new_entry, *entry; @@ -176,6 +177,8 @@ static int shmem_acquire_dquot(struct dq mutex_lock(&dquot->dq_lock); down_write(&dqopt->dqio_sem); + n = &((struct rb_root *)info->dqi_priv)->rb_node; + while (*n) { parent = *n; entry = rb_entry(parent, struct quota_id, node); @@ -264,7 +267,7 @@ static bool shmem_is_empty_dquot(struct static int shmem_release_dquot(struct dquot *dquot) { struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type); - struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node; + struct rb_node *node; qid_t id = from_kqid(&init_user_ns, dquot->dq_id); struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); struct quota_id *entry = NULL; @@ -275,6 +278,7 @@ static int shmem_release_dquot(struct dq goto out_dqlock; down_write(&dqopt->dqio_sem); + node = ((struct rb_root *)info->dqi_priv)->rb_node; while (node) { entry = rb_entry(node, struct quota_id, node); _ Patches currently in -mm which might be from cem(a)kernel.org are

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM has been removed from the -mm tree. Its filename was selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Date: Thu, 21 Mar 2024 23:20:21 +0000 The sigbus-wp test requires the UFFD_FEATURE_WP_HUGETLBFS_SHMEM flag for shmem and hugetlb targets. Otherwise it is not backwards compatible with kernels <5.19 and fails with EINVAL. Link: https://lkml.kernel.org/r/20240321232023.2064975-1-edliaw@google.com Fixes: 73c1ea939b65 ("selftests/mm: move uffd sig/events tests into uffd unit tests") Signed-off-by: Edward Liaw <edliaw(a)google.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-unit-tests.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1427,7 +1427,8 @@ uffd_test_case_t uffd_tests[] = { .uffd_fn = uffd_sigbus_wp_test, .mem_targets = MEM_ALL, .uffd_feature_required = UFFD_FEATURE_SIGBUS | - UFFD_FEATURE_EVENT_FORK | UFFD_FEATURE_PAGEFAULT_FLAG_WP, + UFFD_FEATURE_EVENT_FORK | UFFD_FEATURE_PAGEFAULT_FLAG_WP | + UFFD_FEATURE_WP_HUGETLBFS_SHMEM, }, { .name = "events", _ Patches currently in -mm which might be from edliaw(a)google.com are

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] arm-prctl-reject-pr_set_mdwe-on-pre-armv6.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 has been removed from the -mm tree. Its filename was arm-prctl-reject-pr_set_mdwe-on-pre-armv6.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Zev Weiss <zev(a)bewilderbeest.net> Subject: ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Date: Mon, 26 Feb 2024 17:35:42 -0800 On v5 and lower CPUs we can't provide MDWE protection, so ensure we fail any attempt to enable it via prctl(PR_SET_MDWE). Previously such an attempt would misleadingly succeed, leading to any subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing unconditionally (the latter somewhat violently via force_fatal_sig(SIGSEGV) due to READ_IMPLIES_EXEC). Link: https://lkml.kernel.org/r/20240227013546.15769-6-zev@bewilderbeest.net Signed-off-by: Zev Weiss <zev(a)bewilderbeest.net> Cc: <stable(a)vger.kernel.org> [6.3+] Cc: Borislav Petkov <bp(a)alien8.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Florent Revest <revest(a)chromium.org> Cc: Helge Deller <deller(a)gmx.de> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Kees Cook <keescook(a)chromium.org> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Cc: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Cc: Russell King (Oracle) <linux(a)armlinux.org.uk> Cc: Sam James <sam(a)gentoo.org> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/include/asm/mman.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- /dev/null +++ a/arch/arm/include/asm/mman.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_MMAN_H__ +#define __ASM_MMAN_H__ + +#include <asm/system_info.h> +#include <uapi/asm/mman.h> + +static inline bool arch_memory_deny_write_exec_supported(void) +{ + return cpu_architecture() >= CPU_ARCH_ARMv6; +} +#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported + +#endif /* __ASM_MMAN_H__ */ _ Patches currently in -mm which might be from zev(a)bewilderbeest.net are

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: prctl: generalize PR_SET_MDWE support check to be per-arch has been removed from the -mm tree. Its filename was prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Zev Weiss <zev(a)bewilderbeest.net> Subject: prctl: generalize PR_SET_MDWE support check to be per-arch Date: Mon, 26 Feb 2024 17:35:41 -0800 Patch series "ARM: prctl: Reject PR_SET_MDWE where not supported". I noticed after a recent kernel update that my ARM926 system started segfaulting on any execve() after calling prctl(PR_SET_MDWE). After some investigation it appears that ARMv5 is incapable of providing the appropriate protections for MDWE, since any readable memory is also implicitly executable. The prctl_set_mdwe() function already had some special-case logic added disabling it on PARISC (commit 793838138c15, "prctl: Disable prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that check to use an arch_*() function, and (2) adds a corresponding override for ARM to disable MDWE on pre-ARMv6 CPUs. With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can succeed instead of unconditionally failing; on ARMv6 the prctl works as it did previously. [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ This patch (of 2): There exist systems other than PARISC where MDWE may not be feasible to support; rather than cluttering up the generic code with additional arch-specific logic let's add a generic function for checking MDWE support and allow each arch to override it as needed. Link: https://lkml.kernel.org/r/20240227013546.15769-4-zev@bewilderbeest.net Link: https://lkml.kernel.org/r/20240227013546.15769-5-zev@bewilderbeest.net Signed-off-by: Zev Weiss <zev(a)bewilderbeest.net> Acked-by: Helge Deller <deller(a)gmx.de> [parisc] Cc: Borislav Petkov <bp(a)alien8.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Florent Revest <revest(a)chromium.org> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Kees Cook <keescook(a)chromium.org> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Cc: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Cc: Russell King (Oracle) <linux(a)armlinux.org.uk> Cc: Sam James <sam(a)gentoo.org> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Cc: <stable(a)vger.kernel.org> [6.3+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/parisc/include/asm/mman.h | 14 ++++++++++++++ include/linux/mman.h | 8 ++++++++ kernel/sys.c | 7 +++++-- 3 files changed, 27 insertions(+), 2 deletions(-) --- /dev/null +++ a/arch/parisc/include/asm/mman.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_MMAN_H__ +#define __ASM_MMAN_H__ + +#include <uapi/asm/mman.h> + +/* PARISC cannot allow mdwe as it needs writable stacks */ +static inline bool arch_memory_deny_write_exec_supported(void) +{ + return false; +} +#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported + +#endif /* __ASM_MMAN_H__ */ --- a/include/linux/mman.h~prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch +++ a/include/linux/mman.h @@ -162,6 +162,14 @@ calc_vm_flag_bits(unsigned long flags) unsigned long vm_commit_limit(void); +#ifndef arch_memory_deny_write_exec_supported +static inline bool arch_memory_deny_write_exec_supported(void) +{ + return true; +} +#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported +#endif + /* * Denies creating a writable executable mapping or gaining executable permissions. * --- a/kernel/sys.c~prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch +++ a/kernel/sys.c @@ -2408,8 +2408,11 @@ static inline int prctl_set_mdwe(unsigne if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN)) return -EINVAL; - /* PARISC cannot allow mdwe as it needs writable stacks */ - if (IS_ENABLED(CONFIG_PARISC)) + /* + * EOPNOTSUPP might be more appropriate here in principle, but + * existing userspace depends on EINVAL specifically. + */ + if (!arch_memory_deny_write_exec_supported()) return -EINVAL; current_bits = get_current_mdwe(); _ Patches currently in -mm which might be from zev(a)bewilderbeest.net are

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] mm-cachestat-fix-two-shmem-bugs.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: cachestat: fix two shmem bugs has been removed from the -mm tree. Its filename was mm-cachestat-fix-two-shmem-bugs.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: cachestat: fix two shmem bugs Date: Fri, 15 Mar 2024 05:55:56 -0400 When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a poisoned swap entry in the shmem inode's xarray. Calling get_shadow_from_swap_cache() on it will result in an out-of-bounds access to swapper_spaces[]. Validate the entry with non_swap_entry() before going further. 2) When we find a valid swap entry in the shmem's inode, the shadow entry in the swapcache might not exist yet: swap IO is still in progress and we're before __remove_mapping; swapin, invalidation, or swapoff have removed the shadow from swapcache after we saw the shmem swap entry. This will send a NULL to workingset_test_recent(). The latter purely operates on pointer bits, so it won't crash - node 0, memcg ID 0, eviction timestamp 0, etc. are all valid inputs - but it's a bogus test. In theory that could result in a false "recently evicted" count. Such a false positive wouldn't be the end of the world. But for code clarity and (future) robustness, be explicit about this case. Bail on get_shadow_from_swap_cache() returning NULL. Link: https://lkml.kernel.org/r/20240315095556.GC581298@cmpxchg.org Fixes: cf264e1329fb ("cachestat: implement cachestat syscall") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Chengming Zhou <chengming.zhou(a)linux.dev> [Bug #1] Reported-by: Jann Horn <jannh(a)google.com> [Bug #2] Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) --- a/mm/filemap.c~mm-cachestat-fix-two-shmem-bugs +++ a/mm/filemap.c @@ -4197,7 +4197,23 @@ static void filemap_cachestat(struct add /* shmem file - in swap cache */ swp_entry_t swp = radix_to_swp_entry(folio); + /* swapin error results in poisoned entry */ + if (non_swap_entry(swp)) + goto resched; + + /* + * Getting a swap entry from the shmem + * inode means we beat + * shmem_unuse(). rcu_read_lock() + * ensures swapoff waits for us before + * freeing the swapper space. However, + * we can race with swapping and + * invalidation, so there might not be + * a shadow in the swapcache (yet). + */ shadow = get_shadow_from_swap_cache(swp); + if (!shadow) + goto resched; } #endif if (workingset_test_recent(shadow, true, &workingset)) _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-zswap-optimize-zswap-pool-size-tracking.patch mm-zpool-return-pool-size-in-pages.patch mm-page_alloc-remove-pcppage-migratetype-caching.patch mm-page_alloc-optimize-free_unref_folios.patch mm-page_alloc-fix-up-block-types-when-merging-compatible-blocks.patch mm-page_alloc-move-free-pages-when-converting-block-during-isolation.patch mm-page_alloc-fix-move_freepages_block-range-error.patch mm-page_alloc-fix-freelist-movement-during-block-conversion.patch mm-page_alloc-close-migratetype-race-between-freeing-and-stealing.patch mm-page_isolation-prepare-for-hygienic-freelists.patch mm-page_isolation-prepare-for-hygienic-freelists-fix.patch mm-page_alloc-consolidate-free-page-accounting.patch

1 year, 7 months

1
0
0 0

[merged mm-hotfixes-stable] init-open-initrdimage-with-o_largefile.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: init: open /initrd.image with O_LARGEFILE has been removed from the -mm tree. Its filename was init-open-initrdimage-with-o_largefile.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: John Sperbeck <jsperbeck(a)google.com> Subject: init: open /initrd.image with O_LARGEFILE Date: Sun, 17 Mar 2024 15:15:22 -0700 If initrd data is larger than 2Gb, we'll eventually fail to write to the /initrd.image file when we hit that limit, unless O_LARGEFILE is set. Link: https://lkml.kernel.org/r/20240317221522.896040-1-jsperbeck@google.com Signed-off-by: John Sperbeck <jsperbeck(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/initramfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/init/initramfs.c~init-open-initrdimage-with-o_largefile +++ a/init/initramfs.c @@ -682,7 +682,7 @@ static void __init populate_initrd_image printk(KERN_INFO "rootfs image is not initramfs (%s); looks like an initrd\n", err); - file = filp_open("/initrd.image", O_WRONLY | O_CREAT, 0700); + file = filp_open("/initrd.image", O_WRONLY|O_CREAT|O_LARGEFILE, 0700); if (IS_ERR(file)) return; _ Patches currently in -mm which might be from jsperbeck(a)google.com are

1 year, 7 months

1
0
0 0

[PATCH v2 2/4] ALSA: hda/tas2781: add locks to kcontrols

by Gergo Koteles

The rcabin.profile_cfg_id, cur_prog, cur_conf, force_fwload_status variables are acccessible from multiple threads and therefore require locking. Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver") CC: stable(a)vger.kernel.org Signed-off-by: Gergo Koteles <soyer(a)irl.hu> --- sound/pci/hda/tas2781_hda_i2c.c | 50 +++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c index 5acb475c10a7..9a43f563bb9e 100644 --- a/sound/pci/hda/tas2781_hda_i2c.c +++ b/sound/pci/hda/tas2781_hda_i2c.c @@ -185,8 +185,12 @@ static int tasdevice_get_profile_id(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = tas_priv->rcabin.profile_cfg_id; + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -200,11 +204,15 @@ static int tasdevice_set_profile_id(struct snd_kcontrol *kcontrol, val = clamp(nr_profile, 0, max); + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->rcabin.profile_cfg_id != val) { tas_priv->rcabin.profile_cfg_id = val; ret = 1; } + mutex_unlock(&tas_priv->codec_lock); + return ret; } @@ -241,8 +249,12 @@ static int tasdevice_program_get(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = tas_priv->cur_prog; + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -257,11 +269,15 @@ static int tasdevice_program_put(struct snd_kcontrol *kcontrol, val = clamp(nr_program, 0, max); + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->cur_prog != val) { tas_priv->cur_prog = val; ret = 1; } + mutex_unlock(&tas_priv->codec_lock); + return ret; } @@ -270,8 +286,12 @@ static int tasdevice_config_get(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = tas_priv->cur_conf; + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -286,11 +306,15 @@ static int tasdevice_config_put(struct snd_kcontrol *kcontrol, val = clamp(nr_config, 0, max); + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->cur_conf != val) { tas_priv->cur_conf = val; ret = 1; } + mutex_unlock(&tas_priv->codec_lock); + return ret; } @@ -300,8 +324,15 @@ static int tas2781_amp_getvol(struct snd_kcontrol *kcontrol, struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); struct soc_mixer_control *mc = (struct soc_mixer_control *)kcontrol->private_value; + int ret; + + mutex_lock(&tas_priv->codec_lock); + + ret = tasdevice_amp_getvol(tas_priv, ucontrol, mc); + + mutex_unlock(&tas_priv->codec_lock); - return tasdevice_amp_getvol(tas_priv, ucontrol, mc); + return ret; } static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol, @@ -310,9 +341,16 @@ static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol, struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); struct soc_mixer_control *mc = (struct soc_mixer_control *)kcontrol->private_value; + int ret; + + mutex_lock(&tas_priv->codec_lock); /* The check of the given value is in tasdevice_amp_putvol. */ - return tasdevice_amp_putvol(tas_priv, ucontrol, mc); + ret = tasdevice_amp_putvol(tas_priv, ucontrol, mc); + + mutex_unlock(&tas_priv->codec_lock); + + return ret; } static int tas2781_force_fwload_get(struct snd_kcontrol *kcontrol, @@ -320,10 +358,14 @@ static int tas2781_force_fwload_get(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = (int)tas_priv->force_fwload_status; dev_dbg(tas_priv->dev, "%s : Force FWload %s\n", __func__, tas_priv->force_fwload_status ? "ON" : "OFF"); + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -333,6 +375,8 @@ static int tas2781_force_fwload_put(struct snd_kcontrol *kcontrol, struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); bool change, val = (bool)ucontrol->value.integer.value[0]; + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->force_fwload_status == val) change = false; else { @@ -342,6 +386,8 @@ static int tas2781_force_fwload_put(struct snd_kcontrol *kcontrol, dev_dbg(tas_priv->dev, "%s : Force FWload %s\n", __func__, tas_priv->force_fwload_status ? "ON" : "OFF"); + mutex_unlock(&tas_priv->codec_lock); + return change; } -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH v2 1/4] ALSA: hda/tas2781: remove digital gain kcontrol

by Gergo Koteles

The "Speaker Digital Gain" kcontrol controls the TAS2781_DVC_LVL (0x1A) register. Unfortunately the tas2563 does not have DVC_LVL, but has INT_MASK0 in 0x1A, which has been misused so far. Since commit c1947ce61ff4 ("ALSA: hda/realtek: tas2781: enable subwoofer volume control") the volume of the tas2781 amplifiers can be controlled by the master volume, so this digital gain kcontrol is not needed. Remove it. Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver") CC: stable(a)vger.kernel.org Signed-off-by: Gergo Koteles <soyer(a)irl.hu> --- sound/pci/hda/tas2781_hda_i2c.c | 37 +-------------------------------- 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c index 4475cea8e9f7..5acb475c10a7 100644 --- a/sound/pci/hda/tas2781_hda_i2c.c +++ b/sound/pci/hda/tas2781_hda_i2c.c @@ -89,7 +89,7 @@ struct tas2781_hda { struct snd_kcontrol *dsp_prog_ctl; struct snd_kcontrol *dsp_conf_ctl; struct snd_kcontrol *prof_ctl; - struct snd_kcontrol *snd_ctls[3]; + struct snd_kcontrol *snd_ctls[2]; }; static int tas2781_get_i2c_res(struct acpi_resource *ares, void *data) @@ -294,27 +294,6 @@ static int tasdevice_config_put(struct snd_kcontrol *kcontrol, return ret; } -/* - * tas2781_digital_getvol - get the volum control - * @kcontrol: control pointer - * @ucontrol: User data - * Customer Kcontrol for tas2781 is primarily for regmap booking, paging - * depends on internal regmap mechanism. - * tas2781 contains book and page two-level register map, especially - * book switching will set the register BXXP00R7F, after switching to the - * correct book, then leverage the mechanism for paging to access the - * register. - */ -static int tas2781_digital_getvol(struct snd_kcontrol *kcontrol, - struct snd_ctl_elem_value *ucontrol) -{ - struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); - struct soc_mixer_control *mc = - (struct soc_mixer_control *)kcontrol->private_value; - - return tasdevice_digital_getvol(tas_priv, ucontrol, mc); -} - static int tas2781_amp_getvol(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { @@ -325,17 +304,6 @@ static int tas2781_amp_getvol(struct snd_kcontrol *kcontrol, return tasdevice_amp_getvol(tas_priv, ucontrol, mc); } -static int tas2781_digital_putvol(struct snd_kcontrol *kcontrol, - struct snd_ctl_elem_value *ucontrol) -{ - struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); - struct soc_mixer_control *mc = - (struct soc_mixer_control *)kcontrol->private_value; - - /* The check of the given value is in tasdevice_digital_putvol. */ - return tasdevice_digital_putvol(tas_priv, ucontrol, mc); -} - static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { @@ -381,9 +349,6 @@ static const struct snd_kcontrol_new tas2781_snd_controls[] = { ACARD_SINGLE_RANGE_EXT_TLV("Speaker Analog Gain", TAS2781_AMP_LEVEL, 1, 0, 20, 0, tas2781_amp_getvol, tas2781_amp_putvol, amp_vol_tlv), - ACARD_SINGLE_RANGE_EXT_TLV("Speaker Digital Gain", TAS2781_DVC_LVL, - 0, 0, 200, 1, tas2781_digital_getvol, - tas2781_digital_putvol, dvc_tlv), ACARD_SINGLE_BOOL_EXT("Speaker Force Firmware Load", 0, tas2781_force_fwload_get, tas2781_force_fwload_put), }; -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH v2 1/3] mm/secretmem: fix GUP-fast succeeding on secretmem folios

by David Hildenbrand

folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- include/linux/secretmem.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 35f3a4a8ceb1..acf7e1a3f3de 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(struct folio *folio) /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *) -- 2.43.2

1 year, 7 months

2
1
0 0

[PATCH v1] usb: typec: tcpm: Correct the PDO counting in pd_set

by Kyle Tso

The index in the loop has already been added one and is equal to the number of PDOs to be updated when leaving the loop. Fixes: cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 3d505614bff1..566dad0cb9d3 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6852,14 +6852,14 @@ static int tcpm_pd_set(struct typec_port *p, struct usb_power_delivery *pd) if (data->sink_desc.pdo[0]) { for (i = 0; i < PDO_MAX_OBJECTS && data->sink_desc.pdo[i]; i++) port->snk_pdo[i] = data->sink_desc.pdo[i]; - port->nr_snk_pdo = i + 1; + port->nr_snk_pdo = i; port->operating_snk_mw = data->operating_snk_mw; } if (data->source_desc.pdo[0]) { for (i = 0; i < PDO_MAX_OBJECTS && data->source_desc.pdo[i]; i++) port->snk_pdo[i] = data->source_desc.pdo[i]; - port->nr_src_pdo = i + 1; + port->nr_src_pdo = i; } switch (port->state) { -- 2.44.0.291.gc1ea87d7ee-goog

1 year, 7 months

2
2
0 0

[PATCH 00/17] ASoC: SOF: ipc4/Intel: Fix delay reporting (for 6.9 / 6.8)

by Peter Ujfalusi

Hi, The current version of delay reporting code can report incorrect values when paired with a firmware which enables this feature. Unfortunately there are several smaller issues that needed to be addressed to correct the behavior: Wrong information was used for the host side of counter For MTL/LNL used incorrect (in a sense that it was verified only on MTL) link side counter function. The link side counter needs compensation logic if pause/resume is used. The offset values were not refreshed from firmware. Finally, not strictly connected, but the ALSA buffer size needs to be constrained to avoid constant xrun from media players (like mpv) The series applies cleanly for 6.9 and 6.8.y stable, but older stable would need manual backport, but it is questionable if it is needed as MTL/LNL is missing features. Mark, can you pick these patches for the 6.9 cycle as fixes? Regards, Peter --- Peter Ujfalusi (17): ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback ASoC: SOF: Remove the get_stream_position callback ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops ASoC: SOF: ipc4-pcm: Correct the delay calculation ALSA: hda: Add pplcllpl/u members to hdac_ext_stream ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset include/sound/hdaudio_ext.h | 3 + sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 ++++ sound/soc/sof/intel/hda-stream.c | 70 ++++++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 -- sound/soc/sof/ipc4-pcm.c | 191 ++++++++++++++++++++++----- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 +++- sound/soc/sof/pcm.c | 8 ++ sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 +++- 16 files changed, 351 insertions(+), 89 deletions(-) -- 2.44.0

1 year, 7 months

2
18
0 0

[PATCH v1 1/3] mm/secretmem: fix GUP-fast succeeding on secretmem folios

by David Hildenbrand

folio_is_secretmem() states that secretmem folios cannot be LRU folios: so we may only exit early if we find an LRU folio. Yet, we exit early if we find a folio that is not a secretmem folio. Consequently, folio_is_secretmem() fails to detect secretmem folios and, therefore, we can succeed in grabbing a secretmem folio during GUP-fast, crashing the kernel when we later try reading/writing to the folio, because the folio has been unmapped from the directmap. Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- include/linux/secretmem.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 35f3a4a8ceb1..6996f1f53f14 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -16,7 +16,7 @@ static inline bool folio_is_secretmem(struct folio *folio) * We know that secretmem pages are not compound and LRU so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio) || folio_test_lru(folio)) return false; mapping = (struct address_space *) -- 2.43.2

1 year, 7 months

2
2
0 0

[PATCH] drm/i915: Pre-populate the cursor physical dma address

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Calling i915_gem_object_get_dma_address() from the vblank evade critical section triggers might_sleep(). While we know that we've already pinned the framebuffer and thus i915_gem_object_get_dma_address() will in fact not sleep in this case, it seems reasonable to keep the unconditional might_sleep() for maximum coverage. So let's instead pre-populate the dma address during fb pinning, which all happens before we enter the vblank evade critical section. We can use u32 for the dma address as this class of hardware doesn't support >32bit addresses. Cc: stable(a)vger.kernel.org Fixes: 0225a90981c8 ("drm/i915: Make cursor plane registers unlocked") Link: https://lore.kernel.org/intel-gfx/20240227100342.GAZd2zfmYcPS_SndtO@fat_cra… Reported-by: Borislav Petkov <bp(a)alien8.de> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_cursor.c | 4 +--- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 ++++++++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_cursor.c b/drivers/gpu/drm/i915/display/intel_cursor.c index f8b33999d43f..0d3da55e1c24 100644 --- a/drivers/gpu/drm/i915/display/intel_cursor.c +++ b/drivers/gpu/drm/i915/display/intel_cursor.c @@ -36,12 +36,10 @@ static u32 intel_cursor_base(const struct intel_plane_state *plane_state) { struct drm_i915_private *dev_priv = to_i915(plane_state->uapi.plane->dev); - const struct drm_framebuffer *fb = plane_state->hw.fb; - struct drm_i915_gem_object *obj = intel_fb_obj(fb); u32 base; if (DISPLAY_INFO(dev_priv)->cursor_needs_physical) - base = i915_gem_object_get_dma_address(obj, 0); + base = plane_state->phys_dma_addr; else base = intel_plane_ggtt_offset(plane_state); diff --git a/drivers/gpu/drm/i915/display/intel_display_types.h b/drivers/gpu/drm/i915/display/intel_display_types.h index 8a35fb6b2ade..68f26a33870b 100644 --- a/drivers/gpu/drm/i915/display/intel_display_types.h +++ b/drivers/gpu/drm/i915/display/intel_display_types.h @@ -728,6 +728,7 @@ struct intel_plane_state { #define PLANE_HAS_FENCE BIT(0) struct intel_fb_view view; + u32 phys_dma_addr; /* for cursor_needs_physical */ /* Plane pxp decryption state */ bool decrypt; diff --git a/drivers/gpu/drm/i915/display/intel_fb_pin.c b/drivers/gpu/drm/i915/display/intel_fb_pin.c index 7b42aef37d2f..b6df9baf481b 100644 --- a/drivers/gpu/drm/i915/display/intel_fb_pin.c +++ b/drivers/gpu/drm/i915/display/intel_fb_pin.c @@ -255,6 +255,16 @@ int intel_plane_pin_fb(struct intel_plane_state *plane_state) return PTR_ERR(vma); plane_state->ggtt_vma = vma; + + /* + * Pre-populate the dma address before we enter the vblank + * evade critical section as i915_gem_object_get_dma_address() + * will trigger might_sleep() even if it won't actually sleep, + * which is the case when the fb has already been pinned. + */ + if (phys_cursor) + plane_state->phys_dma_addr = + i915_gem_object_get_dma_address(intel_fb_obj(fb), 0); } else { struct intel_framebuffer *intel_fb = to_intel_framebuffer(fb); -- 2.43.2

1 year, 7 months

4
5
0 0

[PATCH 0/7] usb: typec: ucsi: fix several issues manifesting on Qualcomm platforms

by Dmitry Baryshkov

Fix several issues discovered while debugging UCSI implementation on Qualcomm platforms (ucsi_glink). With these patches I was able to get a working Type-C port managament implementation. Tested on SC8280XP (Lenovo X13s laptop) and SM8350-HDK. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Dmitry Baryshkov (7): usb: typec: ucsi: fix race condition in connection change ACK'ing usb: typec: ucsi: acknowledge the UCSI_CCI_NOT_SUPPORTED usb: typec: ucsi: make ACK_CC_CI rules more obvious usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further usb: typec: ucsi: properly register partner's PD device soc: qcom: pmic_glink: reenable UCSI on sc8280xp drivers/soc/qcom/pmic_glink.c | 1 - drivers/usb/typec/ucsi/ucsi.c | 51 +++++++++++++++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 13 deletions(-) --- base-commit: ea86f16f605361af3779af0e0b4be18614282091 change-id: 20240312-qcom-ucsi-fixes-6578d236b60b Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

1 year, 7 months

3
11
0 0

[PATCH v2] ASoC: tegra: Fix DSPK 16-bit playback

by Sameer Pujar

DSPK configuration is wrong for 16-bit playback and this happens because the client config is always fixed at 24-bit in hw_params(). Fix this by updating the client config to 16-bit for the respective playback. Fixes: 327ef6470266 ("ASoC: tegra: Add Tegra186 based DSPK driver") Cc: stable(a)vger.kernel.org Signed-off-by: Sameer Pujar <spujar(a)nvidia.com> --- changes in v2: * moved common setting to S32_LE switch case. sound/soc/tegra/tegra186_dspk.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sound/soc/tegra/tegra186_dspk.c b/sound/soc/tegra/tegra186_dspk.c index aa37c4ab0adb..21cd41fec7a9 100644 --- a/sound/soc/tegra/tegra186_dspk.c +++ b/sound/soc/tegra/tegra186_dspk.c @@ -1,8 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only +// SPDX-FileCopyrightText: Copyright (c) 2020-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. // // tegra186_dspk.c - Tegra186 DSPK driver -// -// Copyright (c) 2020 NVIDIA CORPORATION. All rights reserved. #include <linux/clk.h> #include <linux/device.h> @@ -241,14 +240,14 @@ static int tegra186_dspk_hw_params(struct snd_pcm_substream *substream, return -EINVAL; } - cif_conf.client_bits = TEGRA_ACIF_BITS_24; - switch (params_format(params)) { case SNDRV_PCM_FORMAT_S16_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_16; + cif_conf.client_bits = TEGRA_ACIF_BITS_16; break; case SNDRV_PCM_FORMAT_S32_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_32; + cif_conf.client_bits = TEGRA_ACIF_BITS_24; break; default: dev_err(dev, "unsupported format!\n"); -- 2.25.1

1 year, 7 months

1
0
0 0

[PATCH v6 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Tested-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Reviewed-by: Saravana Kannan <saravanak(a)google.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 7e3af0ad770a..f2242aadffb0 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -533,12 +534,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + flush_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4165,9 +4180,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.44.0

1 year, 7 months

4
6
0 0

[PATCH] ASoC: tegra: Fix DSPK 16-bit playback

by Sameer Pujar

DSPK configuration is wrong for 16-bit playback and this happens because the client config is always fixed at 24-bit in hw_params(). Fix this by updating the client config to 16-bit for the respective playback. Fixes: 327ef6470266 ("ASoC: tegra: Add Tegra186 based DSPK driver") Cc: stable(a)vger.kernel.org Signed-off-by: Sameer Pujar <spujar(a)nvidia.com> --- sound/soc/tegra/tegra186_dspk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/tegra/tegra186_dspk.c b/sound/soc/tegra/tegra186_dspk.c index aa37c4ab0adb..3a152e76122b 100644 --- a/sound/soc/tegra/tegra186_dspk.c +++ b/sound/soc/tegra/tegra186_dspk.c @@ -1,8 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only +// SPDX-FileCopyrightText: Copyright (c) 2020-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. // // tegra186_dspk.c - Tegra186 DSPK driver -// -// Copyright (c) 2020 NVIDIA CORPORATION. All rights reserved. #include <linux/clk.h> #include <linux/device.h> @@ -246,6 +245,7 @@ static int tegra186_dspk_hw_params(struct snd_pcm_substream *substream, switch (params_format(params)) { case SNDRV_PCM_FORMAT_S16_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_16; + cif_conf.client_bits = TEGRA_ACIF_BITS_16; break; case SNDRV_PCM_FORMAT_S32_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_32; -- 2.25.1

1 year, 7 months

2
2
0 0

[PATCH] scsi: core: Fix unremoved procfs host directory regression

by Guilherme G. Piccoli

Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potential duplicate call to the hostdir_rm() routine, since it's also called from scsi_host_dev_release(). That triggered a regression report, which was then fixed by commit be03df3d4bfe ("scsi: core: Fix a procfs host directory removal regression"). The fix just dropped the hostdir_rm() call from dev_release(). But happens that this proc directory is created on scsi_host_alloc(), and that function "pairs" with scsi_host_dev_release(), while scsi_remove_host() pairs with scsi_add_host(). In other words, it seems the reason for removing the proc directory on dev_release() was meant to cover cases in which a SCSI host structure was allocated, but the call to scsi_add_host() didn't happen. And that pattern happens to exist in some error paths, for example. Syzkaller causes that by using USB raw gadget device, error'ing on usb-storage driver, at usb_stor_probe2(). By checking that path, we can see that the BadDevice label leads to a scsi_host_put() after a SCSI host allocation, but there's no call to scsi_add_host() in such path. That leads to messages like this in dmesg (and a leak of the SCSI host proc structure): usb-storage 4-1:87.51: USB Mass Storage device detected proc_dir_entry 'scsi/usb-storage' already registered WARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376 The proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(), but guard that with the state check for SHOST_CREATED; there is even a comment in scsi_host_dev_release() detailing that: such conditional is meant for cases where the SCSI host was allocated but there was no calls to {add,remove}_host(), like the usb-storage case. This is what we propose here and with that, the error path of usb-storage does not trigger the warning anymore. Reported-by: syzbot+c645abf505ed21f931b5(a)syzkaller.appspotmail.com Fixes: be03df3d4bfe ("scsi: core: Fix a procfs host directory removal regression") Cc: stable(a)vger.kernel.org Cc: Bart Van Assche <bvanassche(a)acm.org> Cc: John Garry <john.g.garry(a)oracle.com> Cc: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> --- Hi folks, thanks in advance for reviews. The issue with usb-storage happens upstream but despite we have a repro in the aforementioned Syzkaller report, it's only easy to reproduce the proc_dir_entry warning in a timely manner on stable right now. The reason for that is commit 036abd614007 ("scsi: core: Introduce a new list for SCSI proc directory entries") not being present on stable. This commit (indirectly) bumps the ->present field from unsigned char to uint, and the bug reproducer shows the warning whenever such field overflows, hence it's way easier/faster to see this problem in stable, though it's present in latest v6.8.0 too. Cheers, Guilherme drivers/scsi/hosts.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c index d7f51b84f3c7..445f4a220df3 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -353,12 +353,13 @@ static void scsi_host_dev_release(struct device *dev) if (shost->shost_state == SHOST_CREATED) { /* - * Free the shost_dev device name here if scsi_host_alloc() - * and scsi_host_put() have been called but neither + * Free the shost_dev device name and remove the proc host dir + * here if scsi_host_{alloc,put}() have been called but neither * scsi_host_add() nor scsi_remove_host() has been called. * This avoids that the memory allocated for the shost_dev - * name is leaked. + * name as well as the proc dir structure are leaked. */ + scsi_proc_hostdir_rm(shost->hostt); kfree(dev_name(&shost->shost_dev)); } -- 2.43.0

1 year, 7 months

3
2
0 0

[PATCH] scsi: sg: Avoid sg device teardown race

by Alexander Wetzel

sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessling the device queue. Which will be set to NULL if scsi_device_put() removes the last reference to the sg device. Link: https://lore.kernel.org/r/20240305150509.23896-1-Alexander@wetzel-home.de Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> --- This is my best shot for a real fix of the issue. I confirmed with printk's that I get the NULL pointer freeze ony when scsi_device_put() is deleting the last reference to the device. In the cases where it's not crashing there is still a reference left after the call. I don't see any obvious down side of simply swapping the calls. The alternative would by my first patch, just without the WARN_ON. Alexander --- drivers/scsi/sg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 86210e4dd0d3..80e0d1981191 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -2232,8 +2232,8 @@ sg_remove_sfp_usercontext(struct work_struct *work) "sg_remove_sfp: sfp=0x%p\n", sfp)); kfree(sfp); - scsi_device_put(sdp->device); kref_put(&sdp->d_ref, sg_device_destroy); + scsi_device_put(sdp->device); module_put(THIS_MODULE); } -- 2.44.0

1 year, 7 months

5
10
0 0

DHL International Shipping Notification Arrival

by DHL International

1 year, 7 months

1
0
0 0

[tip: irq/urgent] genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd

by tip-bot2 for Rafael J. Wysocki

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: c2ddeb29612f7ca84ed10c6d4f3ac99705135447 Gitweb: https://git.kernel.org/tip/c2ddeb29612f7ca84ed10c6d4f3ac99705135447 Author: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> AuthorDate: Mon, 25 Mar 2024 13:58:08 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 25 Mar 2024 23:45:21 +01:00 genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd There is a problem when a driver requests a shared interrupt line to run a threaded handler on it without IRQF_ONESHOT set if that flag has been set already for the IRQ in question by somebody else. Namely, the request fails which usually leads to a probe failure even though the driver might have worked just fine with IRQF_ONESHOT, but it does not want to use it by default. Currently, the only way to handle this is to try to request the IRQ without IRQF_ONESHOT, but with IRQF_PROBE_SHARED set and if this fails, try again with IRQF_ONESHOT set. However, this is a bit cumbersome and not very clean. When commit 7a36b901a6eb ("ACPI: OSL: Use a threaded interrupt handler for SCI") switched the ACPI subsystem over to using a threaded interrupt handler for the SCI, it had to use IRQF_ONESHOT for it because that's required due to the way the SCI handler works (it needs to walk all of the enabled GPEs before the interrupt line can be unmasked). The SCI interrupt line is not shared with other users very often due to the SCI handling overhead, but on sone systems it is shared and when the other user of it attempts to install a threaded handler, a flags mismatch related to IRQF_ONESHOT may occur. As it turned out, that happened to the pinctrl-amd driver and so commit 4451e8e8415e ("pinctrl: amd: Add IRQF_ONESHOT to the interrupt request") attempted to address the issue by adding IRQF_ONESHOT to the interrupt flags in that driver, but this is now causing an IRQF_ONESHOT-related mismatch to occur on another system which cannot boot as a result of it. Clearly, pinctrl-amd can work with IRQF_ONESHOT if need be, but it should not set that flag by default, so it needs a way to indicate that to the interrupt subsystem. To that end, introdcuce a new interrupt flag, IRQF_COND_ONESHOT, which will only have effect when the IRQ line is shared and IRQF_ONESHOT has been set for it already, in which case it will be promoted to the latter. This is sufficient for drivers sharing the interrupt line with the SCI as it is requested by the ACPI subsystem before any drivers are probed, so they will always see IRQF_ONESHOT set for the interrupt in question. Fixes: 4451e8e8415e ("pinctrl: amd: Add IRQF_ONESHOT to the interrupt request") Reported-by: Francisco Ayala Le Brun <francisco(a)videowindow.eu> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Cc: 6.8+ <stable(a)vger.kernel.org> # 6.8+ Closes: https://lore.kernel.org/lkml/CAN-StX1HqWqi+YW=t+V52-38Mfp5fAz7YHx4aH-CQjgyN… Link: https://lore.kernel.org/r/12417336.O9o76ZdvQC@kreacher --- drivers/pinctrl/pinctrl-amd.c | 2 +- include/linux/interrupt.h | 3 +++ kernel/irq/manage.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c index 49f89b7..7f66ec7 100644 --- a/drivers/pinctrl/pinctrl-amd.c +++ b/drivers/pinctrl/pinctrl-amd.c @@ -1159,7 +1159,7 @@ static int amd_gpio_probe(struct platform_device *pdev) } ret = devm_request_irq(&pdev->dev, gpio_dev->irq, amd_gpio_irq_handler, - IRQF_SHARED | IRQF_ONESHOT, KBUILD_MODNAME, gpio_dev); + IRQF_SHARED | IRQF_COND_ONESHOT, KBUILD_MODNAME, gpio_dev); if (ret) goto out2; diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h index 76121c2..5c9bdd3 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h @@ -67,6 +67,8 @@ * later. * IRQF_NO_DEBUG - Exclude from runnaway detection for IPI and similar handlers, * depends on IRQF_PERCPU. + * IRQF_COND_ONESHOT - Agree to do IRQF_ONESHOT if already set for a shared + * interrupt. */ #define IRQF_SHARED 0x00000080 #define IRQF_PROBE_SHARED 0x00000100 @@ -82,6 +84,7 @@ #define IRQF_COND_SUSPEND 0x00040000 #define IRQF_NO_AUTOEN 0x00080000 #define IRQF_NO_DEBUG 0x00100000 +#define IRQF_COND_ONESHOT 0x00200000 #define IRQF_TIMER (__IRQF_TIMER | IRQF_NO_SUSPEND | IRQF_NO_THREAD) diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c index ad3eaf2..bf9ae8a 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1643,8 +1643,13 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new) } if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || - ((old->flags ^ new->flags) & IRQF_ONESHOT)) + (oldtype != (new->flags & IRQF_TRIGGER_MASK))) + goto mismatch; + + if ((old->flags & IRQF_ONESHOT) && + (new->flags & IRQF_COND_ONESHOT)) + new->flags |= IRQF_ONESHOT; + else if ((old->flags ^ new->flags) & IRQF_ONESHOT) goto mismatch; /* All handlers must agree on per-cpuness */

1 year, 7 months

1
0
0 0

[PATCH v3 RESEND] driver core: Keep the supplier fwnode consistent with the device

by Herve Codina

The commit 3a2dbc510c43 ("driver core: fw_devlink: Don't purge child fwnode's consumer links") introduces the possibility to use the supplier's parent device instead of the supplier itself. In that case the supplier fwnode used is not updated and is no more consistent with the supplier device used. Use the fwnode consistent with the supplier device when checking flags. Fixes: 3a2dbc510c43 ("driver core: fw_devlink: Don't purge child fwnode's consumer links") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- Changes v2 -> v3: Do not update the supplier handle in order to keep the original handle for debug traces. Changes v1 -> v2: Remove sup_handle check and related pr_debug() call as sup_handle cannot be invalid if sup_dev is valid. drivers/base/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index b93f3c5716ae..0d335b0dc396 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -2163,7 +2163,7 @@ static int fw_devlink_create_devlink(struct device *con, * supplier device indefinitely. */ if (sup_dev->links.status == DL_DEV_NO_DRIVER && - sup_handle->flags & FWNODE_FLAG_INITIALIZED) { + sup_dev->fwnode->flags & FWNODE_FLAG_INITIALIZED) { dev_dbg(con, "Not linking %pfwf - dev might never probe\n", sup_handle); -- 2.44.0

1 year, 7 months

2
1
0 0

[PATCH 2/3] ALSA: hda/tas2781: add locks to kcontrols

by Gergo Koteles

The rcabin.profile_cfg_id, cur_prog, cur_conf, force_fwload_status variables are acccessible from multiple threads and therefore require locking. Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver") CC: stable(a)vger.kernel.org Signed-off-by: Gergo Koteles <soyer(a)irl.hu> --- sound/pci/hda/tas2781_hda_i2c.c | 50 +++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c index 5acb475c10a7..9a43f563bb9e 100644 --- a/sound/pci/hda/tas2781_hda_i2c.c +++ b/sound/pci/hda/tas2781_hda_i2c.c @@ -185,8 +185,12 @@ static int tasdevice_get_profile_id(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = tas_priv->rcabin.profile_cfg_id; + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -200,11 +204,15 @@ static int tasdevice_set_profile_id(struct snd_kcontrol *kcontrol, val = clamp(nr_profile, 0, max); + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->rcabin.profile_cfg_id != val) { tas_priv->rcabin.profile_cfg_id = val; ret = 1; } + mutex_unlock(&tas_priv->codec_lock); + return ret; } @@ -241,8 +249,12 @@ static int tasdevice_program_get(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = tas_priv->cur_prog; + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -257,11 +269,15 @@ static int tasdevice_program_put(struct snd_kcontrol *kcontrol, val = clamp(nr_program, 0, max); + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->cur_prog != val) { tas_priv->cur_prog = val; ret = 1; } + mutex_unlock(&tas_priv->codec_lock); + return ret; } @@ -270,8 +286,12 @@ static int tasdevice_config_get(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = tas_priv->cur_conf; + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -286,11 +306,15 @@ static int tasdevice_config_put(struct snd_kcontrol *kcontrol, val = clamp(nr_config, 0, max); + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->cur_conf != val) { tas_priv->cur_conf = val; ret = 1; } + mutex_unlock(&tas_priv->codec_lock); + return ret; } @@ -300,8 +324,15 @@ static int tas2781_amp_getvol(struct snd_kcontrol *kcontrol, struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); struct soc_mixer_control *mc = (struct soc_mixer_control *)kcontrol->private_value; + int ret; + + mutex_lock(&tas_priv->codec_lock); + + ret = tasdevice_amp_getvol(tas_priv, ucontrol, mc); + + mutex_unlock(&tas_priv->codec_lock); - return tasdevice_amp_getvol(tas_priv, ucontrol, mc); + return ret; } static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol, @@ -310,9 +341,16 @@ static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol, struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); struct soc_mixer_control *mc = (struct soc_mixer_control *)kcontrol->private_value; + int ret; + + mutex_lock(&tas_priv->codec_lock); /* The check of the given value is in tasdevice_amp_putvol. */ - return tasdevice_amp_putvol(tas_priv, ucontrol, mc); + ret = tasdevice_amp_putvol(tas_priv, ucontrol, mc); + + mutex_unlock(&tas_priv->codec_lock); + + return ret; } static int tas2781_force_fwload_get(struct snd_kcontrol *kcontrol, @@ -320,10 +358,14 @@ static int tas2781_force_fwload_get(struct snd_kcontrol *kcontrol, { struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); + mutex_lock(&tas_priv->codec_lock); + ucontrol->value.integer.value[0] = (int)tas_priv->force_fwload_status; dev_dbg(tas_priv->dev, "%s : Force FWload %s\n", __func__, tas_priv->force_fwload_status ? "ON" : "OFF"); + mutex_unlock(&tas_priv->codec_lock); + return 0; } @@ -333,6 +375,8 @@ static int tas2781_force_fwload_put(struct snd_kcontrol *kcontrol, struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol); bool change, val = (bool)ucontrol->value.integer.value[0]; + mutex_lock(&tas_priv->codec_lock); + if (tas_priv->force_fwload_status == val) change = false; else { @@ -342,6 +386,8 @@ static int tas2781_force_fwload_put(struct snd_kcontrol *kcontrol, dev_dbg(tas_priv->dev, "%s : Force FWload %s\n", __func__, tas_priv->force_fwload_status ? "ON" : "OFF"); + mutex_unlock(&tas_priv->codec_lock); + return change; } -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH] fbdev: Select I/O-memory framebuffer ops for SBus

by Thomas Zimmermann

Framebuffer I/O on the Sparc Sbus requires read/write helpers for I/O memory. Select FB_IOMEM_FOPS accordingly. Reported-by: Nick Bowler <nbowler(a)draconx.ca> Closes: https://lore.kernel.org/lkml/5bc21364-41da-a339-676e-5bb0f4faebfb@draconx.c… Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 8813e86f6d82 ("fbdev: Remove default file-I/O implementations") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Helge Deller <deller(a)gmx.de> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: linux-fbdev(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/video/fbdev/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig index a61b8260b8f36..edced74f0eeaf 100644 --- a/drivers/video/fbdev/Kconfig +++ b/drivers/video/fbdev/Kconfig @@ -494,6 +494,7 @@ config FB_SBUS_HELPERS select FB_CFB_COPYAREA select FB_CFB_FILLRECT select FB_CFB_IMAGEBLIT + select FB_IOMEM_FOPS config FB_BW2 bool "BWtwo support" @@ -514,6 +515,7 @@ config FB_CG6 depends on (FB = y) && (SPARC && FB_SBUS) select FB_CFB_COPYAREA select FB_CFB_IMAGEBLIT + select FB_IOMEM_FOPS help This is the frame buffer device driver for the CGsix (GX, TurboGX) frame buffer. @@ -523,6 +525,7 @@ config FB_FFB depends on FB_SBUS && SPARC64 select FB_CFB_COPYAREA select FB_CFB_IMAGEBLIT + select FB_IOMEM_FOPS help This is the frame buffer device driver for the Creator, Creator3D, and Elite3D graphics boards. -- 2.44.0

1 year, 7 months

4
4
0 0

+ crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: crash: use macro to add crashk_res into iomem early for specific arch has been added to the -mm mm-hotfixes-unstable branch. Its filename is crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: crash: use macro to add crashk_res into iomem early for specific arch Date: Mon, 25 Mar 2024 09:50:50 +0800 There are regression reports[1][2] that crashkernel region on x86_64 can't be added into iomem tree sometime. This causes the later failure of kdump loading. This happened after commit 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") was merged. Even though, these reported issues are proved to be related to other component, they are just exposed after above commmit applied, I still would like to keep crashk_res and crashk_low_res being added into iomem early as before because the early adding has been always there on x86_64 and working very well. For safety of kdump, Let's change it back. Here, add a macro HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY to limit that only ARCH defining the macro can have the early adding crashk_res/_low_res into iomem. Then define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY on x86 to enable it. Note: In reserve_crashkernel_low(), there's a remnant of crashk_low_res handling which was mistakenly added back in commit 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c"). [1] [PATCH V2] x86/kexec: do not update E820 kexec table for setup_data https://lore.kernel.org/all/Zfv8iCL6CT2JqLIC@darkstar.users.ipa.redhat.com/… [2] Question about Address Range Validation in Crash Kernel Allocation https://lore.kernel.org/all/4eeac1f733584855965a2ea62fa4da58@huawei.com/T/#u Link: https://lkml.kernel.org/r/ZgDYemRQ2jxjLkq+@MiWiFi-R3L-srv Fixes: 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") Signed-off-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Huacai Chen <chenhuacai(a)loongson.cn> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Jiri Bohac <jbohac(a)suse.cz> Cc: Li Huafei <lihuafei1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/crash_reserve.h | 2 ++ kernel/crash_reserve.c | 7 +++++++ 2 files changed, 9 insertions(+) --- a/arch/x86/include/asm/crash_reserve.h~crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch +++ a/arch/x86/include/asm/crash_reserve.h @@ -39,4 +39,6 @@ static inline unsigned long crash_low_si #endif } +#define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + #endif /* _X86_CRASH_RESERVE_H */ --- a/kernel/crash_reserve.c~crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch +++ a/kernel/crash_reserve.c @@ -366,8 +366,10 @@ static int __init reserve_crashkernel_lo crashk_low_res.start = low_base; crashk_low_res.end = low_base + low_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY insert_resource(&iomem_resource, &crashk_low_res); #endif +#endif return 0; } @@ -448,8 +450,12 @@ retry: crashk_res.start = crash_base; crashk_res.end = crash_base + crash_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + insert_resource(&iomem_resource, &crashk_res); +#endif } +#ifndef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY static __init int insert_crashkernel_resources(void) { if (crashk_res.start < crashk_res.end) @@ -462,3 +468,4 @@ static __init int insert_crashkernel_res } early_initcall(insert_crashkernel_resources); #endif +#endif _ Patches currently in -mm which might be from bhe(a)redhat.com are crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch mm-vmallocc-optimize-to-reduce-arguments-of-alloc_vmap_area.patch x86-remove-unneeded-memblock_find_dma_reserve.patch mm-mm_initc-remove-the-useless-dma_reserve.patch mm-mm_initc-add-new-function-calc_nr_all_pages.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core.patch mm-mm_initc-remove-unneeded-calc_memmap_size.patch mm-mm_initc-remove-arch_reserved_kernel_pages.patch

1 year, 7 months

1
0
0 0

+ mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices Date: Sun, 24 Mar 2024 17:04:47 -0400 Zhongkun He reports data corruption when combining zswap with zram. The issue is the exclusive loads we're doing in zswap. They assume that all reads are going into the swapcache, which can assume authoritative ownership of the data and so the zswap copy can go. However, zram files are marked SWP_SYNCHRONOUS_IO, and faults will try to bypass the swapcache. This results in an optimistic read of the swap data into a page that will be dismissed if the fault fails due to races. In this case, zswap mustn't drop its authoritative copy. Link: https://lore.kernel.org/all/CACSyD1N+dUvsu8=zV9P691B9bVq33erwOXNTmEaUbi9DrD… Fixes: b9c91c43412f ("mm: zswap: support exclusive loads") Link: https://lkml.kernel.org/r/20240324210447.956973-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Tested-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-data-loss-on-swp_synchronous_io-devices +++ a/mm/zswap.c @@ -1636,6 +1636,7 @@ bool zswap_load(struct folio *folio) swp_entry_t swp = folio->swap; pgoff_t offset = swp_offset(swp); struct page *page = &folio->page; + bool swapcache = folio_test_swapcache(folio); struct zswap_tree *tree = swap_zswap_tree(swp); struct zswap_entry *entry; u8 *dst; @@ -1648,7 +1649,20 @@ bool zswap_load(struct folio *folio) spin_unlock(&tree->lock); return false; } - zswap_rb_erase(&tree->rbroot, entry); + /* + * When reading into the swapcache, invalidate our entry. The + * swapcache can be the authoritative owner of the page and + * its mappings, and the pressure that results from having two + * in-memory copies outweighs any benefits of caching the + * compression work. + * + * (Most swapins go through the swapcache. The notable + * exception is the singleton fault on SWP_SYNCHRONOUS_IO + * files, which reads into a private page and may free it if + * the fault fails. We remain the primary owner of the entry.) + */ + if (swapcache) + zswap_rb_erase(&tree->rbroot, entry); spin_unlock(&tree->lock); if (entry->length) @@ -1663,9 +1677,10 @@ bool zswap_load(struct folio *folio) if (entry->objcg) count_objcg_event(entry->objcg, ZSWPIN); - zswap_entry_free(entry); - - folio_mark_dirty(folio); + if (swapcache) { + zswap_entry_free(entry); + folio_mark_dirty(folio); + } return true; } _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-cachestat-fix-two-shmem-bugs.patch mm-zswap-fix-writeback-shinker-gfp_noio-gfp_nofs-recursion.patch mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch mm-zswap-optimize-zswap-pool-size-tracking.patch mm-zpool-return-pool-size-in-pages.patch mm-page_alloc-remove-pcppage-migratetype-caching.patch mm-page_alloc-optimize-free_unref_folios.patch mm-page_alloc-fix-up-block-types-when-merging-compatible-blocks.patch mm-page_alloc-move-free-pages-when-converting-block-during-isolation.patch mm-page_alloc-fix-move_freepages_block-range-error.patch mm-page_alloc-fix-freelist-movement-during-block-conversion.patch mm-page_alloc-close-migratetype-race-between-freeing-and-stealing.patch mm-page_isolation-prepare-for-hygienic-freelists.patch mm-page_isolation-prepare-for-hygienic-freelists-fix.patch mm-page_alloc-consolidate-free-page-accounting.patch

1 year, 7 months

1
0
0 0

+ selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix ARM related issue with fork after pthread_create has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: fix ARM related issue with fork after pthread_create Date: Mon, 25 Mar 2024 19:40:52 +0000 Following issue was observed while running the uffd-unit-tests selftest on ARM devices. On x86_64 no issues were detected: pthread_create followed by fork caused deadlock in certain cases wherein fork required some work to be completed by the created thread. Used synchronization to ensure that created thread's start function has started before invoking fork. [edliaw(a)google.com: refactored to use atomic_bool] Link: https://lkml.kernel.org/r/20240325194100.775052-1-edliaw@google.com Fixes: 760aee0b71e3 ("selftests/mm: add tests for RO pinning vs fork()") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Signed-off-by: Edward Liaw <edliaw(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-common.c | 3 +++ tools/testing/selftests/mm/uffd-common.h | 2 ++ tools/testing/selftests/mm/uffd-unit-tests.c | 10 ++++++++++ 3 files changed, 15 insertions(+) --- a/tools/testing/selftests/mm/uffd-common.c~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-common.c @@ -18,6 +18,7 @@ bool test_uffdio_wp = true; unsigned long long *count_verify; uffd_test_ops_t *uffd_test_ops; uffd_test_case_ops_t *uffd_test_case_ops; +atomic_bool ready_for_fork; static int uffd_mem_fd_create(off_t mem_size, bool hugetlb) { @@ -518,6 +519,8 @@ void *uffd_poll_thread(void *arg) pollfd[1].fd = pipefd[cpu*2]; pollfd[1].events = POLLIN; + ready_for_fork = true; + for (;;) { ret = poll(pollfd, 2, -1); if (ret <= 0) { --- a/tools/testing/selftests/mm/uffd-common.h~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-common.h @@ -32,6 +32,7 @@ #include <inttypes.h> #include <stdint.h> #include <sys/random.h> +#include <stdatomic.h> #include "../kselftest.h" #include "vm_util.h" @@ -103,6 +104,7 @@ extern bool map_shared; extern bool test_uffdio_wp; extern unsigned long long *count_verify; extern volatile bool test_uffdio_copy_eexist; +extern atomic_bool ready_for_fork; extern uffd_test_ops_t anon_uffd_test_ops; extern uffd_test_ops_t shmem_uffd_test_ops; --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -775,6 +775,8 @@ static void uffd_sigbus_test_common(bool char c; struct uffd_args args = { 0 }; + ready_for_fork = false; + fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, @@ -790,6 +792,9 @@ static void uffd_sigbus_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); + while (!ready_for_fork) + ; /* Wait for the poll_thread to start executing before forking */ + pid = fork(); if (pid < 0) err("fork"); @@ -829,6 +834,8 @@ static void uffd_events_test_common(bool char c; struct uffd_args args = { 0 }; + ready_for_fork = false; + fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, true, wp, false)) @@ -838,6 +845,9 @@ static void uffd_events_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); + while (!ready_for_fork) + ; /* Wait for the poll_thread to start executing before forking */ + pid = fork(); if (pid < 0) err("fork"); _ Patches currently in -mm which might be from edliaw(a)google.com are selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch

1 year, 7 months

1
0
0 0

[PATCH 5.10 000/237] 5.10.214-rc2 review

by Sasha Levin

This is the start of the stable review cycle for the 5.10.214 release. There are 237 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 27 11:59:18 AM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Ajay Singh (1): wifi: wilc1000: fix multi-vif management when deleting a vif Alban Boyé (1): ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet Alex Bee (1): drm/rockchip: inno_hdmi: Fix video timing Alexander Gordeev (1): net/iucv: fix the allocation size of iucv_path_table array Alexander Stein (1): media: tc358743: register v4l2 async device only after successful setup Alexei Starovoitov (1): bpf: Factor out bpf_spin_lock into helpers. Alexis Lothoré (3): wifi: wilc1000: fix declarations ordering wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces Anastasia Belova (1): cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value Andrew Ballance (1): gen_compile_commands: fix invalid escape sequence warning Andy Shevchenko (1): serial: 8250_exar: Don't remove GPIO device on suspend AngeloGioacchino Del Regno (1): drm/mediatek: dsi: Fix DSI RGB666 formats and definitions Armin Wolf (1): ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() Arnaud Pouliquen (2): remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef Arnd Bergmann (12): fs/select: rework stack allocation hack for clang wifi: brcmsmac: avoid function pointer casts media: pvrusb2: fix pvr2_stream_callback casts crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype media: dvb-frontends: avoid stack overflow warnings with clang media: mediatek: vcodec: avoid -Wcast-function-type-strict warning scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn remoteproc: stm32: use correct format strings on 64-bit soc: fsl: dpio: fix kcalloc() argument order remoteproc: stm32: fix phys_addr_t format string Arınç ÜNAL (1): net: dsa: mt7530: prevent possible incorrect XTAL frequency selection Athaariq Ardhiansyah (1): ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops Baokun Li (1): quota: simplify drop_dquot_ref() Baruch Siach (1): mtd: maps: physmap-core: fix flash size larger than 32-bit Ben Wolsieffer (1): watchdog: stm32_iwdg: initialize default timeout Bitterblue Smith (1): wifi: rtw88: 8821c: Fix false alarm count Borislav Petkov (AMD) (1): x86/paravirt: Fix build due to __text_gen_insn() backport Breno Leitao (1): net: blackhole_dev: fix build warning for ethh set but not used Bryan O'Donoghue (1): clk: Fix clk_core_get NULL dereference Cai Huoqing (1): drm/tegra: dsi: Make use of the helper function dev_err_probe() Chen Ni (2): sr9800: Add check for usbnet_get_endpoints drm/tegra: dsi: Add missing check for of_find_device_by_node Chen-Yu Tsai (1): pinctrl: mediatek: Drop bogus slew rate register range for MT8192 Christoph Hellwig (2): block: add a new set_read_only method md: implement ->set_read_only to hook into BLKROSET processing Christophe JAILLET (9): wireless: Remove redundant 'flush_workqueue()' calls mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() PCI: switchtec: Fix an error handling path in switchtec_pci_probe() clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Colin Ian King (1): usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin Dan Carpenter (1): staging: greybus: fix get_channel_from_mode() failure path Daniel Thompson (3): backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe Daniil Dulov (2): media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: remove redundant NULL check David Howells (1): afs: Revert "afs: Hide silly-rename files from userspace" Duoming Zhou (1): nfp: flower: handle acti_netdevs allocation failure Edward Adam Davis (1): media: pvrusb2: fix uaf in pvr2_context_set_notify Eric Dumazet (4): sock_diag: annotate data-races around sock_diag_handlers[family] inet_diag: annotate data-races around inet_diag_table[] net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() packet: annotate data-races around ignore_outgoing Ethan Zhao (2): PCI: Make pci_dev_is_disconnected() helper public for other drivers iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected Fedor Pchelkin (1): drm/tegra: put drm_gem_object ref on error in tegra_fb_create Fei Shao (1): spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Felix Maurer (1): hsr: Handle failures in module init Filipe Manana (1): btrfs: add and use helper to check if block group is used Gavrilov Ilia (6): tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function Geert Uytterhoeven (2): ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate ARM: dts: arm: realview: Fix development chip ROM compatible value George Stark (1): leds: aw2013: Unlock mutex before destroying it Greg Joyce (1): block: sed-opal: handle empty atoms when parsing response Gustavo A. R. Silva (3): net/ipv4: Replace one-element array with flexible-array member net/ipv4: Revert use of struct_size() helper net/ipv4/ipv6: Replace one-element arraya with flexible-array members Hans de Goede (1): ASoC: rt5645: Make LattePanda board DMI match more precise Harry Wentland (1): drm: Don't treat 0 as -1 in drm_fixp2int_ceil Hou Tao (3): bpf: Defer the free of inner map when necessary x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() Hsin-Yi Wang (1): drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip Hugo Villeneuve (1): serial: max310x: fix syntax error in IRQ error message Ian Rogers (1): perf stat: Avoid metric-only segv Ilpo Järvinen (1): PCI/DPC: Print all TLP Prefixes, not just the first Jakub Kicinski (1): selftests: tls: use exact comparison in recv_partial Jan Kara (1): quota: Fix rcu annotations of inode dquot pointers Jens Axboe (3): io_uring/unix: drop usage of io_uring socket io_uring: drop any code related to SCM_RIGHTS io_uring: don't save/restore iowait state Jernej Skrabec (3): media: sun8i-di: Fix coefficient writes media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix chroma difference threshold Jerome Brunet (4): ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs ASoC: meson: axg-tdm-interface: add frame rate constraint Jiaxun Yang (1): MIPS: Clear Cause.BD in instruction_pointer_set Jie Wang (1): net: hns3: fix port duplex configure error in IMP reset Jinjie Ruan (1): wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() Jiri Slaby (SUSE) (1): tty: vt: fix 20 vs 0x20 typo in EScsiignore Johan Carlsson (1): ALSA: usb-audio: Stop parsing channels bits when all channels are found. Johannes Berg (1): wifi: iwlwifi: dbg-tlv: ensure NUL termination Jonas Dreßler (1): Bluetooth: Remove superfluous call to hci_conn_check_pending() Jorge Mora (2): NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 NFSv4.2: fix listxattr maximum XDR buffer size Jörg Wedekind (1): PCI: Mark 3ware-9650SE Root Port Extended Tags as broken Kajol Jain (1): powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks Kamal Heib (1): net: ena: Remove ena_select_queue Kees Cook (1): x86, relocs: Ignore relocations in .notes section Konrad Dybcio (3): clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times Kuninori Morimoto (1): ASoC: meson: Use dev_err_probe() helper Kuniyuki Iwashima (1): af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). Kunwu Chan (1): x86/xen: Add some null pointer checking to smp.c Kévin L'hôpital (1): net: phy: fix phy_get_internal_delay accessing an empty array Leon Romanovsky (1): RDMA/mlx5: Fix fortify source warning while accessing Eth segment Li Nan (1): md: Don't clear MD_CLOSING when the raid is about to stop Linu Cherian (1): octeontx2-af: Use matching wake_up API variant in CGX command interface Luca Weiss (2): backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness Lucas Stach (1): media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix possible buffer overflow Manuel Fombuena (1): HID: multitouch: Add required quirk for Synaptics 0xcddc device Marek Vasut (1): regmap: Add missing map->bus check Mario Limonciello (1): iommu/amd: Mark interrupt as managed Martin KaFai Lau (1): bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument Martin Kaistra (1): wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work Masahiro Yamada (1): kconfig: fix infinite loop when expanding a macro at the end of file Mathieu Poirier (2): remoteproc: Add new get_loaded_rsc_table() to rproc_ops remoteproc: stm32: Move resource table setup to rproc_ops Max Kellermann (1): parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check Mete Durlu (1): s390/vtime: fix average steal time calculation Michael Ellerman (1): powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. Michael Klein (1): ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 Michal Vokáč (3): ARM: dts: imx6dl-yapp4: Move phy reset into switch node ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node Mikhail Khvainitski (1): HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Mikulas Patocka (2): dm-verity, dm-crypt: align "struct bvec_iter" correctly dm: call the resume method on internal suspend Ming Lei (1): dm raid: fix false positive for requeue needed during reshape Miri Korenblit (1): wifi: iwlwifi: fix EWRD table validity check Navid Emamdoost (1): nbd: null check for nla_nest_start Nikita Zhandarovich (4): do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak media: em28xx: annotate unchecked call to media_device_register() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() wireguard: receive: annotate data-race around receiving_counter.counter Ondrej Jirman (1): leds: sgm3140: Add missing timer cleanup and flash gpio control Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: release elements in clone only from destroy path netfilter: nf_tables: do not compare internal table flags on updates Paloma Arellano (1): drm/msm/dpu: add division of drm_display_mode's hskew parameter Paul E. McKenney (1): rcu-tasks: Provide rcu_trace_implies_rcu_gp() Peter Griffin (2): mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref Peter Hilber (3): timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 Peter Robinson (2): bus: tegra-aconnect: Update dependency to ARCH_TEGRA dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA Petr Mladek (1): printk: Disable passing console lock owner completely during panic() Quanyang Wang (1): crypto: xilinx - call finalize with bh disabled Quentin Schulz (2): drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer Rafael J. Wysocki (1): ACPI: scan: Fix device check notification handling Rafał Miłecki (2): arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes arm64: dts: marvell: reorder crypto interrupts on Armada SoCs Rahul Rameshbabu (4): wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 Randy Dunlap (1): rtc: mt6397: select IRQ_DOMAIN instead of depending on it Ranjan Kumar (1): scsi: mpt3sas: Prevent sending diag_reset when the controller is ready Rikard Falkeborn (1): remoteproc: stm32: Constify st_rproc_ops Roman Gushchin (1): bpf: Eliminate rlimit-based memory accounting for devmap maps Ruud Bos (1): igb: move PEROUT and EXTTS isr logic to separate functions Sam Ravnborg (1): sparc32: Fix section mismatch in leon_pci_grpci Sasha Levin (1): Linux 5.10.214-rc2 Sheng Yong (1): f2fs: compress: fix to check unreleased compressed cluster Shifeng Li (1): RDMA/device: Fix a race between mad_client and cm_client init Shigeru Yoshida (1): hsr: Fix uninit-value access in hsr_get_node() Shiming Cheng (1): ipv6: fib6_rules: flush route cache when rule is changed Shyam Sundar (1): scsi: fc: Update formal FPIN descriptor definitions Srinivasan Shanmugam (3): drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() Stephen Brennan (1): printk: Add panic_in_progress helper Stuart Henderson (3): ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll Subbaraya Sundeep (1): octeontx2-af: Use separate handlers for interrupts Takashi Iwai (1): ALSA: seq: fix function cast warnings Takashi Sakamoto (1): firewire: core: use long bus reset on gap count error Thinh Tran (1): net/bnx2x: Prevent access to a freed page in page_pool Tiezhu Yang (1): bpftool: Silence build warning about calloc() Tim Pambor (1): net: phy: dp83822: Fix RGMII TX delay configuration Toke Høiland-Jørgensen (4): wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches Tomi Valkeinen (1): drm/tidss: Fix initial plane zpos values Tommaso Merciai (1): net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii Tudor Ambarus (1): tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT Uwe Kleine-König (1): Input: gpio_keys_polled - suppress deferred probe error for gpio Vinicius Costa Gomes (1): igb: Fix missing time sync events Viresh Kumar (1): OPP: debugfs: Fix warning around icc_get_name() Wang Jianjian (1): quota: Fix potential NULL pointer dereference William Kucharski (1): RDMA/srpt: Do not register event handler until srpt device is fully setup Xingyuan Mo (1): wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Yan Zhai (2): rcu: add a helper to report consolidated flavor QS bpf: report RCU QS in cpumap kthread Yang Jihong (3): perf record: Fix possible incorrect free in record__switch_output() perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() Yewon Choi (1): rds: introduce acquire/release ordering in acquire/release_in_xmit() Yishai Hadas (1): RDMA/mlx5: Relax DEVX access upon modify commands Yonghong Song (1): bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly Yuxuan Hu (1): Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security Zhipeng Lu (8): wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() SUNRPC: fix some memleaks in gssx_dec_option_array drm/lima: fix a memleak in lima_heap_alloc media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: edia: dvbdev: fix a use-after-free media: go7007: fix a memleak in go7007_load_encoder media: ttpci: fix two memleaks in budget_av_attach Makefile | 4 +- arch/arm/boot/dts/arm-realview-pb1176.dts | 2 +- arch/arm/boot/dts/imx6dl-yapp4-common.dtsi | 28 ++- arch/arm/boot/dts/r8a73a4-ape6evm.dts | 12 + arch/arm/boot/dts/r8a73a4.dtsi | 9 +- .../dts/sun8i-h2-plus-bananapi-m2-zero.dts | 24 ++ arch/arm/crypto/sha256_glue.c | 13 +- arch/arm/crypto/sha512-glue.c | 12 +- arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 10 +- arch/arm64/boot/dts/marvell/armada-cp11x.dtsi | 10 +- .../dts/mediatek/mt7622-bananapi-bpi-r64.dts | 1 + arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 1 + arch/mips/include/asm/ptrace.h | 1 + arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/perf/hv-gpci.c | 29 ++- .../platforms/embedded6xx/linkstation.c | 3 - arch/powerpc/platforms/embedded6xx/mpc10x.h | 3 + arch/s390/kernel/vtime.c | 4 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/x86/include/asm/vsyscall.h | 10 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/fault.c | 9 - arch/x86/mm/maccess.c | 10 + arch/x86/tools/relocs.c | 8 + arch/x86/xen/smp.c | 12 + block/ioctl.c | 5 + block/opal_proto.h | 1 + block/sed-opal.c | 6 +- drivers/acpi/processor_idle.c | 2 + drivers/acpi/scan.c | 8 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/aoe/aoecmd.c | 12 +- drivers/block/aoe/aoenet.c | 1 + drivers/block/nbd.c | 6 + drivers/bus/Kconfig | 5 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/clk-hi3519.c | 2 +- drivers/clk/qcom/dispcc-sdm845.c | 2 + drivers/clk/qcom/reset.c | 27 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 + drivers/crypto/xilinx/zynqmp-aes-gcm.c | 3 + drivers/dma/Kconfig | 14 +- drivers/firewire/core-card.c | 14 +- drivers/gpu/drm/amd/amdgpu/atom.c | 2 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 7 +- drivers/gpu/drm/lima/lima_gem.c | 23 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 12 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 10 +- .../drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 6 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/rockchip/inno_hdmi.c | 4 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 3 +- drivers/gpu/drm/tegra/dsi.c | 47 ++-- drivers/gpu/drm/tegra/fb.c | 1 + drivers/gpu/drm/tegra/output.c | 16 +- drivers/gpu/drm/tidss/tidss_plane.c | 2 +- drivers/hid/hid-lenovo.c | 57 +++-- drivers/hid/hid-multitouch.c | 4 + drivers/infiniband/core/device.c | 37 +-- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/wr.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/keyboard/gpio_keys_polled.c | 10 +- drivers/iommu/amd/init.c | 3 + drivers/iommu/intel/pasid.c | 3 + drivers/leds/leds-aw2013.c | 1 + drivers/leds/leds-sgm3140.c | 3 + drivers/md/dm-crypt.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/dm-verity.h | 4 +- drivers/md/dm.c | 26 +- drivers/md/md.c | 76 +++--- drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 52 +++- drivers/media/dvb-core/dvbdev.c | 5 + drivers/media/dvb-frontends/stv0367.c | 34 +-- drivers/media/i2c/tc358743.c | 7 +- drivers/media/pci/ttpci/budget-av.c | 8 +- drivers/media/platform/mtk-mdp/mtk_mdp_vpu.c | 2 +- .../platform/mtk-vcodec/mtk_vcodec_fw_vpu.c | 10 +- drivers/media/platform/mtk-vpu/mtk_vpu.c | 2 +- drivers/media/platform/mtk-vpu/mtk_vpu.h | 2 +- .../media/platform/sunxi/sun8i-di/sun8i-di.c | 69 +++--- drivers/media/usb/em28xx/em28xx-cards.c | 4 + drivers/media/usb/go7007/go7007-driver.c | 8 +- drivers/media/usb/go7007/go7007-usb.c | 4 +- drivers/media/usb/pvrusb2/pvrusb2-context.c | 10 +- drivers/media/usb/pvrusb2/pvrusb2-dvb.c | 6 +- drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 11 +- drivers/media/v4l2-core/v4l2-mem2mem.c | 10 +- drivers/mfd/altera-sysmgr.c | 4 +- drivers/mfd/syscon.c | 4 +- drivers/mmc/host/wmt-sdmmc.c | 4 - drivers/mtd/maps/physmap-core.c | 2 +- drivers/mtd/nand/raw/lpc32xx_mlc.c | 5 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 -- .../net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 6 +- .../hisilicon/hns3/hns3pf/hclge_main.c | 5 +- drivers/net/ethernet/intel/igb/igb_main.c | 112 ++++----- .../net/ethernet/marvell/octeontx2/af/cgx.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu.c | 17 +- .../ethernet/netronome/nfp/flower/lag_conf.c | 5 + drivers/net/phy/dp83822.c | 38 +-- drivers/net/phy/phy_device.c | 2 +- drivers/net/usb/sr9800.c | 4 +- drivers/net/wireguard/receive.c | 6 +- drivers/net/wireless/ath/ath10k/core.c | 3 - drivers/net/wireless/ath/ath10k/sdio.c | 1 - drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 + drivers/net/wireless/ath/ath9k/htc.h | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 4 + drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 4 - drivers/net/wireless/ath/ath9k/wmi.c | 10 +- drivers/net/wireless/broadcom/b43/b43.h | 16 ++ drivers/net/wireless/broadcom/b43/dma.c | 4 +- drivers/net/wireless/broadcom/b43/main.c | 16 +- drivers/net/wireless/broadcom/b43/pio.c | 6 +- .../broadcom/brcm80211/brcmsmac/phy/phy_cmn.c | 3 +- .../broadcom/brcm80211/brcmsmac/phy_shim.c | 5 +- .../broadcom/brcm80211/brcmsmac/phy_shim.h | 2 +- .../net/wireless/intel/iwlegacy/3945-mac.c | 1 - .../net/wireless/intel/iwlegacy/4965-mac.c | 1 - drivers/net/wireless/intel/iwlwifi/dvm/main.c | 1 - drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 2 +- .../net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 + drivers/net/wireless/marvell/libertas/cmd.c | 13 +- .../net/wireless/marvell/mwifiex/cfg80211.c | 2 - .../net/wireless/marvell/mwifiex/debugfs.c | 3 - drivers/net/wireless/marvell/mwifiex/main.c | 2 - .../wireless/microchip/wilc1000/cfg80211.c | 1 - drivers/net/wireless/microchip/wilc1000/hif.c | 40 +-- .../net/wireless/microchip/wilc1000/netdev.c | 29 +-- drivers/net/wireless/quantenna/qtnfmac/core.c | 2 - .../wireless/quantenna/qtnfmac/pcie/pcie.c | 2 - .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 1 + drivers/net/wireless/realtek/rtlwifi/pci.c | 1 - drivers/net/wireless/realtek/rtw88/rtw8821c.c | 2 +- drivers/net/wireless/rndis_wlan.c | 2 - drivers/net/wireless/st/cw1200/bh.c | 2 - drivers/opp/debugfs.c | 6 +- drivers/pci/pci.h | 5 - drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 1 + drivers/pci/switch/switchtec.c | 4 +- drivers/pinctrl/mediatek/pinctrl-mt8192.c | 1 - drivers/remoteproc/Kconfig | 2 +- drivers/remoteproc/remoteproc_core.c | 32 +++ drivers/remoteproc/remoteproc_internal.h | 10 + drivers/remoteproc/stm32_rproc.c | 151 ++++++----- drivers/rtc/Kconfig | 3 +- drivers/scsi/bfa/bfa.h | 9 +- drivers/scsi/bfa/bfa_core.c | 4 +- drivers/scsi/bfa/bfa_ioc.h | 8 +- drivers/scsi/bfa/bfad_bsg.c | 11 +- drivers/scsi/csiostor/csio_defs.h | 18 +- drivers/scsi/csiostor/csio_lnode.c | 8 +- drivers/scsi/csiostor/csio_lnode.h | 13 - drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +- drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/spi/spi-mt65xx.c | 22 +- drivers/staging/greybus/light.c | 8 +- .../staging/media/imx/imx-media-csc-scaler.c | 1 + drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/max310x.c | 2 +- drivers/tty/serial/samsung_tty.c | 5 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/net2272.c | 2 +- drivers/video/backlight/da9052_bl.c | 1 + drivers/video/backlight/lm3630a_bl.c | 15 +- drivers/video/backlight/lm3639_bl.c | 1 + drivers/video/backlight/lp8788_bl.c | 1 + drivers/watchdog/stm32_iwdg.c | 3 + fs/afs/dir.c | 10 - fs/btrfs/block-group.c | 3 +- fs/btrfs/block-group.h | 7 + fs/f2fs/file.c | 13 +- fs/fhandle.c | 2 +- fs/nfs/nfs42.h | 7 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfsroot.c | 4 +- fs/quota/dquot.c | 226 ++++++++--------- fs/select.c | 2 +- include/drm/drm_fixed.h | 2 +- include/linux/blkdev.h | 1 + include/linux/bpf.h | 7 +- include/linux/filter.h | 21 +- include/linux/igmp.h | 4 +- include/linux/io_uring.h | 10 +- include/linux/mlx5/qp.h | 5 +- include/linux/mroute.h | 6 +- include/linux/pci.h | 5 + include/linux/poll.h | 4 - include/linux/rcupdate.h | 43 ++++ include/linux/remoteproc.h | 6 +- include/net/compat.h | 27 +- include/uapi/linux/in.h | 42 +++- include/uapi/scsi/fc/fc_els.h | 114 ++++++++- io_uring/io_uring.c | 234 +----------------- kernel/bpf/cpumap.c | 3 + kernel/bpf/devmap.c | 27 +- kernel/bpf/hashtab.c | 14 +- kernel/bpf/helpers.c | 18 +- kernel/bpf/map_in_map.c | 11 +- kernel/bpf/stackmap.c | 9 +- kernel/bpf/syscall.c | 26 +- kernel/printk/printk.c | 34 +++ kernel/rcu/tasks.h | 2 + kernel/time/timekeeping.c | 24 +- lib/test_blackhole_dev.c | 3 +- net/bluetooth/hci_core.c | 2 +- net/bluetooth/hci_event.c | 2 - net/bluetooth/rfcomm/core.c | 2 +- net/core/dev.c | 2 +- net/core/scm.c | 2 +- net/core/sock_diag.c | 10 +- net/hsr/hsr_framereg.c | 4 + net/hsr/hsr_main.c | 15 +- net/ipv4/igmp.c | 28 ++- net/ipv4/inet_diag.c | 6 +- net/ipv4/ip_sockglue.c | 100 ++++---- net/ipv4/ip_tunnel.c | 15 +- net/ipv4/ipmr.c | 13 +- net/ipv4/tcp.c | 4 +- net/ipv4/udp.c | 4 +- net/ipv6/fib6_rules.c | 6 + net/ipv6/ipv6_sockglue.c | 18 +- net/iucv/iucv.c | 4 +- net/kcm/kcmsock.c | 3 +- net/l2tp/l2tp_ppp.c | 4 +- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nft_set_pipapo.c | 5 +- net/packet/af_packet.c | 4 +- net/rds/send.c | 5 +- net/sunrpc/addr.c | 4 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +- net/unix/garbage.c | 2 +- net/unix/scm.c | 4 +- net/x25/af_x25.c | 4 +- scripts/clang-tools/gen_compile_commands.py | 2 +- scripts/kconfig/lexer.l | 7 +- sound/core/seq/seq_midi.c | 8 +- sound/core/seq/seq_virmidi.c | 9 +- sound/pci/hda/patch_realtek.c | 63 +++++ sound/soc/codecs/rt5645.c | 10 + sound/soc/codecs/wm8962.c | 29 ++- sound/soc/intel/boards/bytcr_rt5640.c | 12 + sound/soc/meson/aiu.c | 49 +--- sound/soc/meson/aiu.h | 1 - sound/soc/meson/axg-fifo.c | 16 +- sound/soc/meson/axg-pdm.c | 25 +- sound/soc/meson/axg-spdifin.c | 17 +- sound/soc/meson/axg-spdifout.c | 17 +- sound/soc/meson/axg-tdm-formatter.c | 50 +--- sound/soc/meson/axg-tdm-interface.c | 54 ++-- sound/soc/meson/meson-card-utils.c | 8 +- sound/soc/meson/t9015.c | 30 +-- sound/usb/stream.c | 5 +- tools/bpf/bpftool/prog.c | 2 +- tools/perf/builtin-record.c | 2 +- tools/perf/util/evsel.c | 1 - tools/perf/util/stat-display.c | 2 +- tools/perf/util/thread_map.c | 2 +- tools/testing/selftests/net/tls.c | 8 +- 265 files changed, 1957 insertions(+), 1518 deletions(-) -- 2.43.0

1 year, 7 months

4
3
0 0

+ mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios Date: Mon, 25 Mar 2024 14:41:12 +0100 folio_is_secretmem() states that secretmem folios cannot be LRU folios: so we may only exit early if we find an LRU folio. Yet, we exit early if we find a folio that is not a secretmem folio. Consequently, folio_is_secretmem() fails to detect secretmem folios and, therefore, we can succeed in grabbing a secretmem folio during GUP-fast, crashing the kernel when we later try reading/writing to the folio, because the folio has been unmapped from the directmap. Link: https://lkml.kernel.org/r/20240325134114.257544-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: "Mike Rapoport (IBM)" <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/secretmem.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/secretmem.h~mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios +++ a/include/linux/secretmem.h @@ -16,7 +16,7 @@ static inline bool folio_is_secretmem(st * We know that secretmem pages are not compound and LRU so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio) || folio_test_lru(folio)) return false; mapping = (struct address_space *) _ Patches currently in -mm which might be from david(a)redhat.com are mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-userfaultfd-dont-place-zeropages-when-zeropages-are-disallowed.patch s390-mm-re-enable-the-shared-zeropage-for-pv-and-skeys-kvm-guests.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch

1 year, 7 months

1
0
0 0

[PATCH v3 1/2] driver core: Introduce device_{add,remove}_of_node()

by Herve Codina

An of_node can be duplicated from an existing device using device_set_of_node_from_dev() or initialized using device_set_node() In both cases, these functions have to be called before the device_add() call in order to have the of_node link created in the device sysfs directory. Further more, these function cannot prevent any of_node and/or fwnode overwrites. When adding an of_node on an already present device, the following operations need to be done: - Attach the of_node if no of_node were already attached - Attach the of_node as a fwnode if no fwnode were already attached - Create the of_node sysfs link if needed This is the purpose of device_add_of_node(). device_remove_of_node() reverts the operations done by device_add_of_node(). Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 74 ++++++++++++++++++++++++++++++++++++++++++ include/linux/device.h | 2 ++ 2 files changed, 76 insertions(+) diff --git a/drivers/base/core.c b/drivers/base/core.c index 521757408fc0..7e3af0ad770a 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -5127,6 +5127,80 @@ void set_secondary_fwnode(struct device *dev, struct fwnode_handle *fwnode) } EXPORT_SYMBOL_GPL(set_secondary_fwnode); +/** + * device_remove_of_node - Remove an of_node from a device + * @dev: device whose device-tree node is being removed + */ +void device_remove_of_node(struct device *dev) +{ + dev = get_device(dev); + if (!dev) + return; + + if (!dev->of_node) + goto end; + + sysfs_remove_link(&dev->kobj, "of_node"); + + if (dev->fwnode == of_fwnode_handle(dev->of_node)) + dev->fwnode = NULL; + + of_node_put(dev->of_node); + dev->of_node = NULL; + +end: + put_device(dev); +} +EXPORT_SYMBOL_GPL(device_remove_of_node); + +/** + * device_add_of_node - Add an of_node to an existing device + * @dev: device whose device-tree node is being added + * @of_node: of_node to add + */ +void device_add_of_node(struct device *dev, struct device_node *of_node) +{ + int ret; + + if (!of_node) + return; + + dev = get_device(dev); + if (!dev) + return; + + if (dev->of_node) { + dev_warn(dev, "Replace node %pOF with %pOF\n", dev->of_node, of_node); + device_remove_of_node(dev); + } + + dev->of_node = of_node_get(of_node); + + if (!dev->fwnode) + dev->fwnode = of_fwnode_handle(of_node); + + if (!dev->p) { + /* + * device_add() was not previously called. + * The of_node link will be created when device_add() is called. + */ + goto end; + } + + /* + * device_add() was previously called and so the of_node link was not + * created by device_add_class_symlinks(). + * Create this link now. + */ + ret = sysfs_create_link(&dev->kobj, of_node_kobj(of_node), "of_node"); + if (ret) + dev_warn(dev, "Error %d creating of_node link\n", ret); + +end: + put_device(dev); +} +EXPORT_SYMBOL_GPL(device_add_of_node); + /** * device_set_of_node_from_dev - reuse device-tree node of another device * @dev: device whose device-tree node is being set diff --git a/include/linux/device.h b/include/linux/device.h index 97c4b046c09d..1795121dee9a 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1127,6 +1127,8 @@ int device_offline(struct device *dev); int device_online(struct device *dev); void set_primary_fwnode(struct device *dev, struct fwnode_handle *fwnode); void set_secondary_fwnode(struct device *dev, struct fwnode_handle *fwnode); +void device_add_of_node(struct device *dev, struct device_node *of_node); +void device_remove_of_node(struct device *dev); void device_set_of_node_from_dev(struct device *dev, const struct device *dev2); void device_set_node(struct device *dev, struct fwnode_handle *fwnode); -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH v6 2/2] of: dynamic: Synchronize of_changeset_destroy() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Saravana Kannan <saravanak(a)google.com> Tested-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> --- drivers/of/dynamic.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/of/dynamic.c b/drivers/of/dynamic.c index 3bf27052832f..4d57a4e34105 100644 --- a/drivers/of/dynamic.c +++ b/drivers/of/dynamic.c @@ -9,6 +9,7 @@ #define pr_fmt(fmt) "OF: " fmt +#include <linux/device.h> #include <linux/of.h> #include <linux/spinlock.h> #include <linux/slab.h> @@ -667,6 +668,17 @@ void of_changeset_destroy(struct of_changeset *ocs) { struct of_changeset_entry *ce, *cen; + /* + * When a device is deleted, the device links to/from it are also queued + * for deletion. Until these device links are freed, the devices + * themselves aren't freed. If the device being deleted is due to an + * overlay change, this device might be holding a reference to a device + * node that will be freed. So, wait until all already pending device + * links are deleted before freeing a device node. This ensures we don't + * free any device node that has a non-zero reference count. + */ + device_link_wait_removal(); + list_for_each_entry_safe_reverse(ce, cen, &ocs->entries, node) __of_changeset_entry_destroy(ce); } -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH 1/2] mmc core block.c: initialize mmc_blk_ioc_data

by mikko.rapeli＠linaro.org

From: Mikko Rapeli <mikko.rapeli(a)linaro.org> Commit "mmc: core: Use mrq.sbc in close-ended ffu" adds flags uint to struct mmc_blk_ioc_data but it does not get initialized for RPMB ioctls which now fail. Fix this by always initializing the struct and flags to zero. Fixes access to RPMB storage. Fixes: 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218587 Link: https://lore.kernel.org/all/20231129092535.3278-1-avri.altman@wdc.com/ Cc: Avri Altman <avri.altman(a)wdc.com> Cc: Ulf Hansson <ulf.hansson(a)linaro.org> Cc: Adrian Hunter <adrian.hunter(a)intel.com> Cc: linux-mmc(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> --- drivers/mmc/core/block.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 32d49100dff5..0df627de9cee 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -413,7 +413,7 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( struct mmc_blk_ioc_data *idata; int err; - idata = kmalloc(sizeof(*idata), GFP_KERNEL); + idata = kzalloc(sizeof(*idata), GFP_KERNEL); if (!idata) { err = -ENOMEM; goto out; -- 2.34.1

1 year, 7 months

6
12
0 0

[PATCH] virtio_net: Do not send RSS key if it is not supported

by Breno Leitao

There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending the key scatter-gatter key if it is not set. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Signed-off-by: Breno Leitao <leitao(a)debian.org> Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org --- drivers/net/virtio_net.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index d7ce4a1011ea..5a7700b103f8 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3041,11 +3041,16 @@ static int virtnet_set_ringparam(struct net_device *dev, static bool virtnet_commit_rss_command(struct virtnet_info *vi) { struct net_device *dev = vi->dev; + int has_key = vi->rss_key_size; struct scatterlist sgs[4]; unsigned int sg_buf_size; + int nents = 3; + + if (has_key) + nents += 1; /* prepare sgs */ - sg_init_table(sgs, 4); + sg_init_table(sgs, nents); sg_buf_size = offsetof(struct virtio_net_ctrl_rss, indirection_table); sg_set_buf(&sgs[0], &vi->ctrl->rss, sg_buf_size); @@ -3057,8 +3062,13 @@ static bool virtnet_commit_rss_command(struct virtnet_info *vi) - offsetof(struct virtio_net_ctrl_rss, max_tx_vq); sg_set_buf(&sgs[2], &vi->ctrl->rss.max_tx_vq, sg_buf_size); - sg_buf_size = vi->rss_key_size; - sg_set_buf(&sgs[3], vi->ctrl->rss.key, sg_buf_size); + if (has_key) { + /* Only populate if key is available, otherwise + * populating a buffer with zero size breaks virtio + */ + sg_buf_size = vi->rss_key_size; + sg_set_buf(&sgs[3], vi->ctrl->rss.key, sg_buf_size); + } if (!virtnet_send_command(vi, VIRTIO_NET_CTRL_MQ, vi->has_rss ? VIRTIO_NET_CTRL_MQ_RSS_CONFIG -- 2.43.0

1 year, 7 months

3
6
0 0

[tip: x86/urgent] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."

by tip-bot2 for Ingo Molnar

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: c567f2948f57bdc03ed03403ae0234085f376b7d Gitweb: https://git.kernel.org/tip/c567f2948f57bdc03ed03403ae0234085f376b7d Author: Ingo Molnar <mingo(a)kernel.org> AuthorDate: Mon, 25 Mar 2024 11:47:51 +01:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Mon, 25 Mar 2024 11:54:35 +01:00 Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") --- arch/x86/mm/ident_map.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a33..968d700 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 7 months

1
0
0 0

[PATCH 1/4] ARM: dts: samsung: smdkv310: fix keypad no-autorepeat

by Krzysztof Kozlowski

Although the Samsung SoC keypad binding defined linux,keypad-no-autorepeat property, Linux driver never implemented it and always used linux,input-no-autorepeat. Correct the DTS to use property actually implemented. This also fixes dtbs_check errors like: exynos4210-smdkv310.dtb: keypad@100a0000: 'linux,keypad-no-autorepeat' does not match any of the regexes: '^key-[0-9a-z]+$', 'pinctrl-[0-9]+' Cc: <stable(a)vger.kernel.org> Fixes: 0561ceabd0f1 ("ARM: dts: Add intial dts file for EXYNOS4210 SoC, SMDKV310 and ORIGEN") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts b/arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts index b566f878ed84..18f4f494093b 100644 --- a/arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts +++ b/arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts @@ -88,7 +88,7 @@ eeprom@52 { &keypad { samsung,keypad-num-rows = <2>; samsung,keypad-num-columns = <8>; - linux,keypad-no-autorepeat; + linux,input-no-autorepeat; wakeup-source; pinctrl-names = "default"; pinctrl-0 = <&keypad_rows &keypad_cols>; -- 2.34.1

1 year, 7 months

1
3
0 0

[PATCH 6.7 000/713] 6.7.11-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.7.11 release. There are 713 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Mar 26 10:47:13 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Aaron Conole (1): selftests: openvswitch: Add validation for the recursion test Abel Vesa (1): arm64: dts: qcom: sm8550: Fix SPMI channels size Abhinav Kumar (1): drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN Adam Butcher (1): spi: spi-imx: fix off-by-one in mx51 CPU mode burst length Adam Guerin (4): crypto: qat - remove unused macros in qat_comp_alg.c crypto: qat - removed unused macro in adf_cnv_dbgfs.c crypto: qat - avoid division by zero crypto: qat - remove double initialization of value Adam Skladowski (1): dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible Ajay Singh (2): wifi: wilc1000: do not realloc workqueue everytime an interface is added wifi: wilc1000: fix multi-vif management when deleting a vif Al Raj Hassain (1): ASoC: amd: yc: Add HP Pavilion Aero Laptop 13-be2xxx(8BD6) into DMI quirk table Al Viro (1): erofs: fix handling kern_mount() failure Alban Boyé (1): ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet Alex Bee (1): drm/rockchip: inno_hdmi: Fix video timing Alexander Gordeev (1): net/iucv: fix the allocation size of iucv_path_table array Alexander Stein (2): media: tc358743: register v4l2 async device only after successful setup media: i2c: imx290: Fix IMX920 typo Alexander Sverdlin (1): spi: lpspi: Avoid potential use-after-free in probe() Alexander Usyskin (1): mei: gsc_proxy: match component when GSC is on different bus Alexandre Ghiti (1): riscv: Fix compilation error with FAST_GUP and rv32 Alexey I. Froloff (1): ACPI: resource: Do IRQ override on Lunnen Ground laptops Alexey Kodanev (1): RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() Alexis Lothoré (4): wifi: wilc1000: fix declarations ordering wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wifi: wilc1000: revert reset line logic flip Alison Schofield (2): cxl/region: Handle endpoint decoders in cxl_region_find_decoder() cxl/region: Allow out of order assembly of autodiscovered regions Allen Ye (1): wifi: mt76: connac: add beacon protection support for mt7996 Anastasia Belova (1): cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value Andre Przywara (1): firmware: arm_scmi: Fix double free in SMC transport cleanup path Andre Werner (1): net: smsc95xx: add support for SYS TEC USB-SPEmodule1 Andrejs Cainikovs (1): arm64: dts: ti: k3-am62-main: disable usb lpm Andrew Ballance (1): gen_compile_commands: fix invalid escape sequence warning Andrew Davis (1): arm64: dts: ti: k3-am64: Enable SDHCI nodes at the board level Andrey Grafin (2): libbpf: Apply map_set_def_max_entries() for inner_maps on creation selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values Andrey Skvortsov (2): Bluetooth: hci_h5: Add ability to allocate memory for private data Bluetooth: btrtl: fix out of bounds memory access Andrii Nakryiko (3): libbpf: Fix faccessat() usage on Android libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API bpf: don't infer PTR_TO_CTX for programs with unnamed context type Andy Shevchenko (1): serial: 8250_exar: Don't remove GPIO device on suspend AngeloGioacchino Del Regno (1): drm/mediatek: dsi: Fix DSI RGB666 formats and definitions Ard Biesheuvel (3): x86/sme: Fix memory encryption setting if enabled by default and not overridden x86/efistub: Clear decompressor BSS in native EFI entrypoint x86/efistub: Don't clear BSS twice in mixed mode Armin Wolf (1): ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() Arnaldo Carvalho de Melo (1): perf bpf: Clean up the generated/copied vmlinux.h Arnaud Pouliquen (2): remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef Arnd Bergmann (11): fs/select: rework stack allocation hack for clang cpufreq: qcom-hw: add CONFIG_COMMON_CLK dependency wifi: brcmsmac: avoid function pointer casts media: pvrusb2: fix pvr2_stream_callback casts crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype media: dvb-frontends: avoid stack overflow warnings with clang media: mediatek: vcodec: avoid -Wcast-function-type-strict warning scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn soc: fsl: dpio: fix kcalloc() argument order Artem Savkov (1): selftests/bpf: Fix potential premature unload in bpf_testmod Arthur Grillo (1): drm: Fix drm_fixp2int_round() making it add 0.5 Arınç ÜNAL (3): net: dsa: mt7530: prevent possible incorrect XTAL frequency selection net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports net: dsa: mt7530: fix handling of all link-local frames Asad Kamal (1): drm/amd/pm: Fix esm reg mask use to get pcie speed Athaariq Ardhiansyah (1): ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops Attila Tőkés (1): ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU Audra Mitchell (1): workqueue.c: Increase workqueue name length Babu Moger (2): x86/resctrl: Remove hard-coded memory bandwidth limit x86/resctrl: Read supported bandwidth sources from CPUID Baochen Qiang (1): wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use Baokun Li (1): erofs: fix lockdep false positives on initializing erofs_pseudo_mnt Bart Van Assche (1): fs: Fix rw_hint validation Bartosz Golaszewski (1): Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() Baruch Siach (1): mtd: maps: physmap-core: fix flash size larger than 32-bit Basavaraj Natikar (2): HID: amd_sfh: Update HPD sensor structure elements HID: amd_sfh: Avoid disabling the interrupt Ben Wolsieffer (1): watchdog: stm32_iwdg: initialize default timeout Benjamin Berg (2): wifi: iwlwifi: mvm: ensure offloading TID queue exists wifi: mac80211: use deflink and fix typo in link ID check Benjamin Lin (2): wifi: mt76: mt7996: fix incorrect interpretation of EHT MCS caps wifi: mt76: mt7996: fix HIF_TXD_V2_1 value Bert Karwatzki (1): iommu: Fix compilation without CONFIG_IOMMU_INTEL Bhavya Kapoor (4): arm64: dts: ti: k3-j7200-common-proc-board: Modify Pinmux for wkup_uart0 and mcu_uart0 arm64: dts: ti: k3-j7200-common-proc-board: Remove clock-frequency from mcu_uart0 arm64: dts: ti: k3-j721s2-common-proc-board: Remove Pinmux for CTS and RTS in wkup_uart0 arm64: dts: ti: k3-j784s4-evm: Remove Pinmux for CTS and RTS in wkup_uart0 Bitterblue Smith (3): wifi: rtw88: 8821cu: Fix firmware upload fail wifi: rtw88: 8821c: Fix beacon loss and disconnect wifi: rtw88: 8821c: Fix false alarm count Bjorn Andersson (2): pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc Breno Leitao (1): net: blackhole_dev: fix build warning for ethh set but not used Bryan O'Donoghue (1): clk: Fix clk_core_get NULL dereference Changbin Du (1): modules: wait do_free_init correctly Chao Yu (19): f2fs: compress: fix to guarantee persisting compressed blocks by CP f2fs: compress: fix to cover normal cluster write with cp_rwsem f2fs: delete obsolete FI_FIRST_BLOCK_WRITTEN f2fs: delete obsolete FI_DROP_CACHE f2fs: introduce get_dnode_addr() to clean up codes f2fs: update blkaddr in __set_data_blkaddr() for cleanup f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic f2fs: zone: fix to wait completion of last bio in zone correctly f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem f2fs: fix to avoid potential panic during recovery f2fs: fix to create selinux label during whiteout initialization f2fs: compress: fix to check zstd compress level correctly in mount option f2fs: compress: fix to check compress flag w/ .i_sem lock f2fs: fix to use correct segment type in f2fs_allocate_data_block() f2fs: ro: compress: fix to avoid caching unaligned extent f2fs: introduce f2fs_invalidate_internal_cache() for cleanup f2fs: fix to truncate meta inode pages forcely f2fs: zone: fix to remove pow2 check condition for zoned block device Charles Keepax (1): ASoC: cs42l43: Handle error from devm_pm_runtime_enable Charlie Jenkins (1): riscv: Only check online cpus for emulated accesses Chen Ni (2): sr9800: Add check for usbnet_get_endpoints drm/tegra: dsi: Add missing check for of_find_device_by_node Chen-Yu Tsai (4): arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF pinctrl: mediatek: Drop bogus slew rate register range for MT8186 pinctrl: mediatek: Drop bogus slew rate register range for MT8192 clk: mediatek: mt8183: Correct parent of CLK_INFRA_SSPM_32K_SELF Christian König (1): drm/ttm/tests: depend on UML || COMPILE_TEST Christoph Hellwig (1): iomap: clear the per-folio dirty bits on all writeback failures Christophe JAILLET (17): mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() PCI/P2PDMA: Fix a sleeping issue in a RCU read section PCI: switchtec: Fix an error handling path in switchtec_pci_probe() clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() clk: mediatek: mt8135: Fix an error handling path in clk_mt8135_apmixed_probe() clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() perf pmu: Fix a potential memory leak in perf_pmu__lookup() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path Christophe Leroy (1): powerpc: Force inlining of arch_vmap_p{u/m}d_supported() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Chunguang Xu (1): nvme: fix reconnection fail due to reserved tag allocation Claudiu Beznea (1): clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Colin Ian King (1): usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin Conor Dooley (1): riscv: dts: sifive: add missing #interrupt-cells to pmic Craig Tatlor (1): ARM: dts: qcom: msm8974: correct qfprom node size Cristian Ciocaltea (2): ASoC: amd: acp: Add missing error handling in sof-mach ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Damian Muszynski (1): crypto: qat - fix ring to service map for dcc in 4xxx Dan Carpenter (5): io_uring/net: fix overflow check in io_recvmsg_mshot_prep() ASoC: SOF: Add some bounds checking to firmware data bus: mhi: ep: check the correct variable in mhi_ep_register_controller() staging: greybus: fix get_channel_from_mode() failure path char: xilinx_hwicap: Fix NULL vs IS_ERR() bug Daniel Gabay (1): wifi: iwlwifi: mvm: use correct address 3 in A-MSDU Daniel Golle (3): clk: mediatek: mt7981-topckgen: flag SGM_REG_SEL as critical net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up net: ethernet: mtk_eth_soc: fix PPE hanging issue Daniel Lezcano (1): powercap: dtpm_cpu: Fix error check against freq_qos_add_request() Daniel Thompson (3): backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe Daniil Dulov (2): media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: remove redundant NULL check Dave Airlie (2): nouveau: reset the bo resource bus info after an eviction nouveau/gsp: don't check devinit disable on GSP. Dave Wysochanski (1): NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt David Gow (6): kunit: test: Log the correct filter string in executor_test lib/cmdline: Fix an invalid format specifier in an assertion msg lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg time: test: Fix incorrect format specifier rtc: test: Fix invalid format specifier. net: test: Fix printf format specifier in skb_segment kunit test David Heidelberg (1): arm64: dts: qcom: sdm845-oneplus-common: improve DAI node naming David Howells (3): cifs: Don't use certain unnecessary folio_*() functions cifs: Fix writeback data corruption afs: Revert "afs: Hide silly-rename files from userspace" David McFarland (1): ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override Deren Wu (3): wifi: mt76: mt7925: update PCIe DMA settings wifi: mt76: mt7921e: fix use-after-free in free_irq() wifi: mt76: mt7925e: fix use-after-free in free_irq() Devarsh Thakkar (2): arm64: dts: ti: Add common1 register space for AM65x SoC arm64: dts: ti: Add common1 register space for AM62x SoC Dmitry Baryshkov (9): soc: qcom: socinfo: rename PM2250 to PM4125 arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings arm64: dts: qcom: msm8998: declare VLS CLAMP register for USB3 PHY arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY drm: ci: use clk_ignore_unused for apq8016 drm/msm/dpu: use devres-managed allocation for MDP TOP drm/msm/dpu: use devres-managed allocation for HW blocks drm/msm/dpu: finalise global state object Douglas Anderson (1): drm/panel: boe-tv101wum-nl6: make use of prepare_prev_first Duanqiang Wen (1): net: txgbe: fix clk_name exceed MAX_DEV_ID limits Duoming Zhou (3): wifi: brcm80211: handle pmk_op allocation failure nfp: flower: handle acti_netdevs allocation failure clk: zynq: Prevent null pointer dereference caused by kmalloc failure Dylan Hung (1): i3c: dw: Disable IBI IRQ depends on hot-join and SIR enabling Edward Adam Davis (1): media: pvrusb2: fix uaf in pvr2_context_set_notify Emmanuel Grumbach (3): wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices wifi: iwlwifi: mvm: fix the TLC command after ADD_STA wifi: iwlwifi: mvm: don't set the MFP flag for the GTK Eric Dumazet (7): sock_diag: annotate data-races around sock_diag_handlers[family] inet_diag: annotate data-races around inet_diag_table[] ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check packet: annotate data-races around ignore_outgoing Ethan Zhao (2): PCI: Make pci_dev_is_disconnected() helper public for other drivers iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected Eugen Hristev (2): arm64: dts: mediatek: mt8192: fix vencoder clock name arm64: dts: mediatek: mt8186: fix VENC power domain clocks Ezra Buehler (1): mtd: spinand: esmt: Extend IDs to 5 bytes Fedor Pchelkin (1): drm/tegra: put drm_gem_object ref on error in tegra_fb_create Fei Shao (1): spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Fei Wu (1): perf: RISCV: Fix panic on pmu overflow handler Felix Fietkau (1): wifi: mac80211: only call drv_sta_rc_update for uploaded stations Felix Maurer (1): hsr: Handle failures in module init Filipe Manana (2): btrfs: fix data races when accessing the reserved amount of block reserves btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve Frank Li (2): arm64: dts: imx8qm: Align edma3 power-domains resources indentation arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers Frederic Weisbecker (2): rcu/exp: Fix RCU expedited parallel grace period kworker allocation failure recovery rcu/exp: Handle RCU expedited grace period kworker allocation failure Frej Drejhammar (1): comedi: comedi_8255: Correct error in subdevice initialization Frieder Schrempf (7): arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL OSM-S board arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL OSM-S board arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board arm64: dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module Frédéric Danis (2): Bluetooth: mgmt: Fix limited discoverable off timeout Bluetooth: Fix eir name length Gabor Juhos (3): clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk' clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk' clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset Gabriel Krisman Bertazi (2): ovl: Always reject mounting over case-insensitive directories io_uring: Fix release of pinned pages when __io_uaddr_map fails Gavrilov Ilia (6): tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function Geert Uytterhoeven (12): soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt ARM: dts: renesas: rcar-gen2: Add missing #interrupt-cells to DA9063 nodes ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate arm64: dts: renesas: r8a779g0: Restore sort order arm64: dts: renesas: r8a779g0: Add missing SCIF_CLK2 ARM: dts: arm: realview: Fix development chip ROM compatible value arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes arm64: dts: renesas: r8a779g0: Correct avb[01] reg sizes pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function clk: renesas: r8a779g0: Correct PFC/GPIO parent clocks clk: renesas: r8a779f0: Correct PFC/GPIO parent clock pinctrl: renesas: Allow the compiler to optimize away sh_pfc_pm Gen Xu (1): wifi: mt76: mt792x: fix ethtool warning George Stark (1): leds: aw2013: Unlock mutex before destroying it Gergo Koteles (7): ALSA: hda/tas2781: use dev_dbg in system_resume ALSA: hda/tas2781: add lock to system_suspend ALSA: hda/tas2781: do not reset cur_* values in runtime_suspend ALSA: hda/tas2781: add ptrs to calibration functions ALSA: hda/tas2781: do not call pm_runtime_force_* in system_resume/suspend ALSA: hda/tas2781: configure the amp after firmware load ALSA: hda/tas2781: restore power state after system_resume Greg Joyce (1): block: sed-opal: handle empty atoms when parsing response Hans de Goede (3): platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR ASoC: rt5645: Make LattePanda board DMI match more precise platform/x86: x86-android-tablets: Fix acer_b1_750_goodix_gpios name Hao Zhang (1): wifi: mt76: mt7925: fix mcu query command fail Hari Bathini (1): bpf: Fix warning for bpf_cpumask in verifier Harry Wentland (2): drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/vkms: Avoid reading beyond LUT array Heiko Carstens (1): s390/cache: prevent rebuild of shared_cpu_list Heiko Stuebner (3): arm64: dts: rockchip: add missing interrupt-names for rk356x vdpu arm64: dts: rockchip: fix reset-names for rk356x i2s2 controller arm64: dts: rockchip: drop rockchip,trcm-sync-tx-only from rk3588 i2s Helge Deller (1): bcachefs: Fix build on parisc by avoiding __multi3() Hojin Nam (1): perf: CXL: fix CPMU filter value mask length Hongyu Jin (1): dm io: Support IO priority Hou Tao (2): x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() Howard Hsu (1): wifi: mt76: mt7996: fix HE beamformer phy cap for station vif Hsin-Te Yuan (1): arm64: dts: mt8195-cherry-tomato: change watchdog reset boot flow Hsin-Yi Wang (2): drm/panel-edp: use put_sync in unprepare drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip Hugo Villeneuve (1): serial: max310x: fix syntax error in IRQ error message Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ian Rogers (5): perf pmu: Treat the msr pmu as software perf srcline: Add missed addr2line closes perf expr: Fix "has_event" function for metric style events perf stat: Avoid metric-only segv perf metric: Don't remove scale from counts Ido Schimmel (6): selftests: forwarding: Add missing multicast routing config entries devlink: Move private netlink flags to C file devlink: Acquire device lock during netns dismantle devlink: Enable the use of private flags in post_doit operations devlink: Allow taking device lock in pre_doit operations selftests: forwarding: Fix ping failure due to short timeout Ignat Korchagin (1): net: veth: do not manipulate GRO when using XDP Igor Prusov (1): clk: meson: Add missing clocks to axg_clk_regmaps Ilan Peer (1): wifi: iwlwifi: mvm: Fix the listener MAC filter flags Ilkka Koskinen (1): perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child count) Ilpo Järvinen (1): PCI/DPC: Print all TLP Prefixes, not just the first Jaegeuk Kim (1): f2fs: check number of blocks in a current section Jai Luthra (1): arm64: dts: ti: k3-am62p: Fix memory ranges for DMSS Jakub Kicinski (1): selftests: tls: use exact comparison in recv_partial James Clark (1): coresight: Fix issue where a source device's helpers aren't disabled Jan Höppner (1): s390/dasd: Use dev_*() for device log messages Jan Kara (2): quota: Fix rcu annotations of inode dquot pointers quota: Properly annotate i_dquot arrays with __rcu Jason Gunthorpe (1): iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA Jayesh Choudhary (1): arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP Jean-Loïc Charroud (1): ALSA: hda/realtek: cs35l41: Add internal speaker support for ASUS UM3402 with missing DSD Jeff Johnson (1): wifi: ath12k: Update Qualcomm Innovation Center, Inc. copyrights Jeff LaBundy (1): Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 Jens Axboe (7): io_uring/unix: drop usage of io_uring socket io_uring: drop any code related to SCM_RIGHTS io_uring: remove looping around handling traditional task_work io_uring: remove unconditional looping in local task_work handling io_uring/net: unify how recvmsg and sendmsg copy in the msghdr io_uring/net: move receive multishot out of the generic msghdr path io_uring: don't save/restore iowait state Jeremy Kerr (1): net: mctp: copy skb ext data when fragmenting Jernej Skrabec (4): media: cedrus: h265: Fix configuring bitstream size media: sun8i-di: Fix coefficient writes media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix chroma difference threshold Jerome Brunet (4): ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs ASoC: meson: axg-tdm-interface: add frame rate constraint Ji Sheng Teoh (1): watchdog: starfive: Check pm_runtime_enabled() before decrementing usage counter Jianhua Lu (1): backlight: ktz8866: Correct the check for of_property_read_u32 Jiawei Wang (1): ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 Jiaxun Yang (1): MIPS: Clear Cause.BD in instruction_pointer_set Jie Wang (2): net: hns3: fix port duplex configure error in IMP reset crypto: qat - relocate and rename get_service_enabled() Jijie Shao (1): net: hns3: fix wrong judgment condition issue Jinjie Ruan (1): wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() Jiri Pirko (3): dpll: spec: use proper enum for pin capabilities attribute dpll: fix dpll_xa_ref_*_del() for multiple registrations devlink: fix port new reply cmd type Jiri Slaby (SUSE) (1): tty: vt: fix 20 vs 0x20 typo in EScsiignore Johan Carlsson (1): ALSA: usb-audio: Stop parsing channels bits when all channels are found. Johan Hovold (2): soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free PCI/AER: Fix rootport attribute paths in ABI docs Johannes Berg (8): wifi: iwlwifi: mvm: report beacon protection failures wifi: iwlwifi: dbg-tlv: ensure NUL termination wifi: iwlwifi: acpi: fix WPFC reading wifi: iwlwifi: mvm: initialize rates in FW earlier wifi: iwlwifi: mvm: d3: fix IPN byte order wifi: iwlwifi: always have 'uats_enabled' wifi: iwlwifi: mvm: fix erroneous queue index mask wifi: iwlwifi: mvm: don't set replay counters to 0xff Johannes Thumshirn (1): btrfs: zoned: don't skip block group profile checks on conventional zones John Keeping (1): regulator: userspace-consumer: add module device table John Ogness (6): printk: nbcon: Relocate 32bit seq macros printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() printk: Wait for all reserved records with pr_flush() printk: Add this_cpu_in_panic() printk: ringbuffer: Cleanup reader terminology printk: ringbuffer: Skip non-finalized records in panic Johnny Hsieh (1): ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table Jon Hunter (1): memory: tegra: Correct DLA client names Jonah Palmer (1): vdpa/mlx5: Allow CVQ size changes Jonas Dreßler (3): Bluetooth: Remove HCI_POWER_OFF_TIMEOUT Bluetooth: mgmt: Remove leftover queuing of power_off work Bluetooth: Remove superfluous call to hci_conn_check_pending() Jonathan Bell (1): PCI: brcmstb: Fix broken brcm_pcie_mdio_write() polling Jorge Mora (2): NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 NFSv4.2: fix listxattr maximum XDR buffer size Josef Bacik (1): nfs: fix panic when nfs4_ff_layout_prepare_ds() fails Josh Poimboeuf (1): objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks Judith Mendez (1): arm64: dts: ti: k3-am64-main: Fix ITAP/OTAP values for MMC Juergen Gross (2): xen/evtchn: avoid WARN() when unbinding an event channel xen/events: increment refcnt only if event channel is refcounted Julien Massot (2): media: cadence: csi2rx: use match fwnode for media link media: v4l2: cci: print leading 0 on error Jérôme Pouiller (1): wifi: wfx: fix memory leak when starting AP Jörg Wedekind (1): PCI: Mark 3ware-9650SE Root Port Extended Tags as broken Kailang Yang (1): ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port Kajol Jain (1): powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks Kamal Heib (1): net: ena: Remove ena_select_queue Kan Liang (1): perf top: Uniform the event name for the hybrid machine Kang Yang (1): wifi: ath12k: fix incorrect logic of calculating vdev_stats_id Kees Cook (3): pstore: inode: Convert mutex usage to guard(mutex) pstore: inode: Only d_invalidate() is needed x86, relocs: Ignore relocations in .notes section Keisuke Nishimura (2): sched/fair: Take the scheduling domain into account in select_idle_smt() sched/fair: Take the scheduling domain into account in select_idle_core() Kent Overstreet (3): bcachefs: check for failure to downgrade bcachefs: fix simulateously upgrading & downgrading bcachefs: Fix BTREE_ITER_FILTER_SNAPSHOTS on inodes btree Konrad Dybcio (12): arm64: dts: qcom: sc8180x: Hook up VDD_CX as GCC parent domain arm64: dts: qcom: sc8180x: Fix up big CPU idle state entry latency arm64: dts: qcom: sc8180x: Add missing CPU off state arm64: dts: qcom: sc8180x: Fix eDP PHY power-domains arm64: dts: qcom: sc8180x: Don't hold MDP core clock at FMAX arm64: dts: qcom: sc8180x: Require LOW_SVS vote for MMCX if DISPCC is on arm64: dts: qcom: sc8180x: Shrink aoss_qmp register space size arm64: dts: qcom: sm8450: Add missing interconnects to serial arm64: dts: qcom: sdm845: Use the Low Power Island CX/MX for SLPI clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times Konstantin Taranov (1): RDMA/mana_ib: Fix bug in creation of dma regions Krzysztof Kozlowski (3): arm64: dts: qcom: sdm845-db845c: correct PCIe wake-gpios arm64: dts: qcom: sm8150: use 'gpios' suffix for PCI GPIOs arm64: dts: qcom: sm8150: correct PCIe wake-gpios Kuniyuki Iwashima (3): af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). tcp: Fix refcnt handling in __inet_hash_connect(). Kunwu Chan (1): x86/xen: Add some null pointer checking to smp.c Kévin L'hôpital (1): net: phy: fix phy_get_internal_delay accessing an empty array Lad Prabhakar (2): arm64: dts: renesas: rzg2l: Add missing interrupts to IRQC nodes ASoC: sh: rz-ssi: Fix error message print Lang Yu (1): drm/amdgpu: fix mmhub client id out-of-bounds access Le Ma (1): drm/amdgpu: drop setting buffer funcs in sdma442 Leon Romanovsky (2): RDMA/mlx5: Fix fortify source warning while accessing Eth segment xfrm: Allow UDP encapsulation only in offload modes Li Nan (3): md: fix kmemleak of rdev->serial block: fix deadlock between bd_link_disk_holder and partition scan md: Don't clear MD_CLOSING when the raid is about to stop Linu Cherian (1): octeontx2-af: Use matching wake_up API variant in CGX command interface Liu Ying (1): arm64: dts: imx8mp-evk: Fix hdmi@3d node Luca Ceresoli (1): ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates Luca Weiss (2): backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness Lucas Stach (1): media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Luiz Augusto von Dentz (8): Bluetooth: Remove BT_HS Bluetooth: hci_event: Fix not indicating new connection for BIG Sync Bluetooth: hci_core: Cancel request on command timeout Bluetooth: hci_sync: Fix overwriting request callback Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: msft: Fix memory leak Bluetooth: btusb: Fix memory leak Bluetooth: af_bluetooth: Fix deadlock Luoyouming (1): RDMA/hns: Fix mis-modifying default congestion control algorithm Maciej Strozek (2): mfd: cs42l43: Fix wrong register defaults mfd: cs42l43: Fix wrong GPIO_FN_SEL and SPI_CLK_CONFIG1 defaults Mads Bligaard Nielsen (1): drm/bridge: adv7511: fix crash on irq during probe Manorit Chawdhry (2): arm64: dts: ti: k3-j721s2: Fix power domain for VTM node arm64: dts: ti: k3-j784s4: Fix power domain for VTM node Manu Bretelle (1): selftests/bpf: Disable IPv6 for lwt_redirect test Manuel Fombuena (1): HID: multitouch: Add required quirk for Synaptics 0xcddc device Mao Jinlong (1): coresight: etm4x: Set skip_power_up in etm4_init_arch_data function Marek Vasut (1): arm64: dts: imx8mp: Set SPI NOR to max 40 MHz on Data Modul i.MX8M Plus eDM SBC Marijn Suijten (1): drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled Mario Limonciello (2): iommu/amd: Mark interrupt as managed crypto: ccp - Avoid discarding errors in psp_send_platform_access_msg() Mark Brown (2): regmap: kunit: Ensure that changed bytes are actually different arm64/sve: Lower the maximum allocation for the SVE ptrace regset Mark Rutland (1): perf print-events: make is_event_supported() more robust Markus Schneider-Pargmann (1): can: m_can: Start/Cancel polling timer together with interrupts Martin KaFai Lau (2): selftests/bpf: Fix the flaky tc_redirect_dtime test selftests/bpf: Wait for the netstamp_needed_key static key to be turned on Martin Kaiser (1): gpio: vf610: allow disabling the vf610 driver Martin Kaistra (1): wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work Martin Krastev (1): drm/vmwgfx: Fix vmw_du_get_cursor_mob fencing of newly-created MOBs Masahiro Yamada (1): kconfig: fix infinite loop when expanding a macro at the end of file Mathias Krause (1): bcachefs: install fd later to avoid race with close Matthew Auld (1): drm/buddy: check range allocation matches alignment Matthew Wilcox (Oracle) (1): smb: do not test the return value of folio_start_writeback() Matti Vaittinen (1): iio: gts-helper: Fix division loop Max Kellermann (1): parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check Maxim Kudinov (1): ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override Maxime Ripard (1): drm/tests: helpers: Include missing drm_drv header Mete Durlu (1): s390/vtime: fix average steal time calculation Michael Ellerman (2): powerpc/32: fix ADB_CUDA kconfig warning powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. Michael Roth (1): x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type Michal Vokáč (2): ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node Mika Westerberg (1): spi: intel-pci: Add support for Lunar Lake-M SPI serial flash Mike Yu (2): xfrm: fix xfrm child route lookup for packet offload xfrm: set skb control buffer based on packet offload as well Mikhail Khvainitski (1): HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Mikulas Patocka (4): dm-verity, dm-crypt: align "struct bvec_iter" correctly dm: call the resume method on internal suspend dm-integrity: fix a memory leak when rechecking the data dm-integrity: align the outgoing bio in integrity_recheck Ming Lei (1): dm raid: fix false positive for requeue needed during reshape Ming Yen Hsieh (8): wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band wifi: mt76: mt7925: fix wmm queue mapping wifi: mt76: mt7925: fix WoW failed in encrypted mode wifi: mt76: mt7925: fix the wrong header translation config wifi: mt76: mt7925: add support to set ifs time by mcu command wifi: mt76: mt7921: fix incorrect type conversion for CLC command wifi: mt76: mt792x: fix a potential loading failure of the 6Ghz channel config from ACPI wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 Miri Korenblit (5): wifi: iwlwifi: change link id in time event to s8 wifi: iwlwifi: fix EWRD table validity check wifi: iwlwifi: read BIOS PNVM only for non-Intel SKU wifi: iwlwifi: support EHT for WH wifi: iwlwifi: properly check if link is active Miroslav Franc (1): s390/dasd: fix double module refcount decrement Muhammad Usama Anjum (1): io_uring/net: correct the type of variable Mustafa Ismail (1): RDMA/irdma: Remove duplicate assignment Naresh Solanki (1): regulator: max5970: Fix regulator child node name Nathan Chancellor (1): s390/vdso: drop '-fPIC' from LDFLAGS Navid Emamdoost (1): nbd: null check for nla_nest_start Nicholas Piggin (1): powerpc/ps3: Fix lv1 hcall assembly for ELFv2 calling convention Nikita Kiryushin (1): net: phy: fix phy_read_poll_timeout argument type in genphy_loopback Nikita Zhandarovich (5): do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak media: em28xx: annotate unchecked call to media_device_register() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() wireguard: receive: annotate data-race around receiving_counter.counter Nícolas F. R. A. Prado (6): cpufreq: mediatek-hw: Wait for CPU supplies before probing cpufreq: mediatek-hw: Don't error out if supply is not found arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs arm64: dts: mediatek: mt8192-asurada: Remove CrosEC base detection node arm64: dts: mediatek: mt8186: Add missing clocks to ssusb power domains arm64: dts: mediatek: mt8186: Add missing xhci clock to usb controllers Oleksandr Natalenko (1): HID: logitech-hidpp: Do not flood kernel log Oleksij Rempel (1): net: dsa: microchip: make sure drive strength configuration is not lost by soft reset Olga Kornievskaia (1): NFSv4.1/pnfs: fix NFS with TLS in pnfs Ondrej Jirman (1): leds: sgm3140: Add missing timer cleanup and flash gpio control Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: release elements in clone only from destroy path netfilter: nf_tables: do not compare internal table flags on updates Paloma Arellano (1): drm/msm/dpu: add division of drm_display_mode's hskew parameter Pauli Virtanen (1): Bluetooth: fix use-after-free in accessing skb after sending it Pavel Begunkov (1): io_uring: fix poll_remove stalled req completion Peng Fan (1): thermal/drivers/qoriq: Fix getting tmu range Perry Yuan (1): ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors Peter Chiu (2): wifi: mt76: mt7996: check txs format before getting skb by pid wifi: mt76: mt7996: fix TWT issues Peter Griffin (2): mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref Peter Hilber (3): timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 Peter Robinson (2): bus: tegra-aconnect: Update dependency to ARCH_TEGRA dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA Peter Ujfalusi (1): ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend Petr Machata (1): selftests: forwarding: Add missing config entries Petr Mladek (1): printk: Disable passing console lock owner completely during panic() Petre Rodan (1): iio: pressure: mprls0025pa fix off-by-one enum Prike Liang (1): drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series Przemek Kitszel (1): ice: fix stats being updated by way too large values Puranjay Mohan (1): bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() Qiheng Lin (1): powerpc/pseries: Fix potential memleak in papr_get_attr() Quan Tian (1): netfilter: nf_tables: Fix a memory leak in nf_tables_updchain Quan Zhou (1): wifi: mt76: mt7925: add flow to avoid chip bt function fail Quanyang Wang (1): crypto: xilinx - call finalize with bh disabled Quentin Schulz (2): drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer Rafael J. Wysocki (1): ACPI: scan: Fix device check notification handling Rafał Miłecki (9): arm64: dts: mediatek: mt7986: fix reference to PWM in fan node arm64: dts: mediatek: mt7986: drop crypto's unneeded/invalid clock name arm64: dts: mediatek: mt7986: fix SPI bus width properties arm64: dts: mediatek: mt7986: fix SPI nodename arm64: dts: mediatek: mt7986: drop "#clock-cells" from PWM arm64: dts: mediatek: mt7986: add "#reset-cells" to infracfg arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes arm64: dts: marvell: reorder crypto interrupts on Armada SoCs arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells Rahul Rameshbabu (4): wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 Raj Kumar Bhagat (1): wifi: ath12k: fix fetching MCBC flag for QCN9274 Randy Dunlap (3): drivers/ps3: select VIDEO to provide cmdline functions crypto: jitter - fix CRYPTO_JITTERENTROPY help text rtc: mt6397: select IRQ_DOMAIN instead of depending on it Ranjan Kumar (1): scsi: mpt3sas: Prevent sending diag_reset when the controller is ready Ravi Gunasekaran (1): arm64: dts: ti: k3-am62p5-sk: Enable CPSW MDIO node Rob Clark (1): drm/msm/a7xx: Fix LLC typo Rob Herring (4): arm: dts: Fix dtc interrupt_provider warnings arm64: dts: Fix dtc interrupt_provider warnings arm: dts: Fix dtc interrupt_map warnings arm64: dts: qcom: Fix interrupt-map cell sizes Roger Quadros (1): arm64: dts: ti: am65x: Fix dtbs_install for Rocktech OLDI overlay Sakari Ailus (1): media: ivsc: csi: Swap SINK and SOURCE pads Sam Protsenko (1): clk: samsung: exynos850: Propagate SPI IPCLK rate change Sam Ravnborg (1): sparc32: Fix section mismatch in leon_pci_grpci Sami Tolvanen (1): riscv: Fix syscall wrapper for >word-size arguments Sandipan Das (1): perf/x86/amd/core: Avoid register reset when CPU is dead Sasha Levin (1): Linux 6.7.11-rc1 Saurabh Sengar (2): x86/hyperv: Allow 15-bit APIC IDs for VTL platforms x86/hyperv: Use per cpu initial stack for vtl context Sean Anderson (1): usb: phy: generic: Get the vbus supply Sebastian Reichel (1): arm64: dts: rockchip: mark system power controller on rk3588-evb1 Shay Drory (1): devlink: Fix devlink parallel commands processing Sheng Yong (1): f2fs: compress: fix to check unreleased compressed cluster Shengjiu Wang (1): clk: imx: imx8mp: Fix SAI_MCLK_SEL definition Shifeng Li (1): RDMA/device: Fix a race between mad_client and cm_client init Shigeru Yoshida (1): hsr: Fix uninit-value access in hsr_get_node() Shiming Cheng (1): ipv6: fib6_rules: flush route cache when rule is changed Shung-Hsi Yu (1): selftests/bpf: trace_helpers.c: do not use poisoned type Sibi Sankar (1): cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() Srinivasan Shanmugam (5): drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() Sriram R (1): wifi: ath12k: Fix issues in channel list update StanleyYP Wang (1): wifi: mt76: mt7996: fix efuse reading issue Stefan Binding (3): ALSA: hda/realtek: Add quirks for Lenovo Thinkbook 16P laptops ALSA: hda: cs35l41: Overwrite CS35L41 configuration for ASUS UM5302LA ALSA: hda: cs35l41: Set Channel Index correctly when system is missing _DSD Stephen Boyd (2): gpiolib: Pass consumer device through to core in devm_fwnode_gpiod_get_index() arm64: ftrace: Don't forbid CALL_OPS+CC_OPTIMIZE_FOR_SIZE with Clang Steve Sistare (1): vdpa_sim: reset must not run Stuart Henderson (3): ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll Subbaraya Sundeep (5): octeontx2: Detect the mbox up or down message via register octeontx2-pf: Wait till detach_resources msg is complete octeontx2-pf: Use default max_active works instead of one octeontx2-pf: Send UP messages to VF only when VF is up. octeontx2-af: Use separate handlers for interrupts Swapnil Patel (1): drm/amd/display: fix input states translation error for dcn35 & dcn351 Takashi Iwai (1): ALSA: seq: fix function cast warnings Takashi Sakamoto (1): firewire: core: use long bus reset on gap count error Tejun Heo (9): workqueue: Move pwq->max_active to wq->max_active workqueue: Factor out pwq_is_empty() workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work() workqueue: Move nr_active handling into helpers workqueue: Make wq_adjust_max_active() round-robin pwqs while activating workqueue: RCU protect wq->dfl_pwq and implement accessors for it workqueue: Introduce struct wq_node_nr_active workqueue: Implement system-wide nr_active enforcement for unbound workqueues workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() Thierry Reding (1): arm64: tegra: Set the correct PHY mode for MGBE Thinh Tran (1): net/bnx2x: Prevent access to a freed page in page_pool Thomas Richter (1): s390/pai: fix attr_event_free upper limit for pai device drivers Thomas Weißschuh (1): power: supply: mm8013: fix "not charging" detection Thomas Zimmermann (1): arch/powerpc: Remove <linux/fb.h> from backlight code Théo Lebrun (3): spi: cadence-qspi: put runtime in runtime PM hooks names spi: cadence-qspi: add system-wide suspend and resume callbacks gpio: nomadik: fix offset bug in nmk_pmx_set() Tiezhu Yang (1): bpftool: Silence build warning about calloc() Tim Harvey (1): arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS Tim Pambor (1): net: phy: dp83822: Fix RGMII TX delay configuration Tobias Brunner (1): ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels Toke Høiland-Jørgensen (5): wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete libbpf: Use OPTS_SET() macro in bpf_xdp_query() bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches Tomi Valkeinen (3): media: rkisp1: Fix IRQ handling due to shared interrupts drm/tidss: Fix initial plane zpos values drm/tidss: Fix sync-lost issue with two displays Tony Luck (1): x86/resctrl: Implement new mba_MBps throttling heuristic Tudor Ambarus (1): tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT Unnathi Chalicheemala (1): soc: qcom: llcc: Check return value on Broadcast_OR reg read Uwe Kleine-König (5): ARM: dts: rockchip: Drop interrupts property from pwm-rockchip nodes Input: gpio_keys_polled - suppress deferred probe error for gpio pwm: atmel-hlcdc: Fix clock imbalance related to suspend support pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan ASoC: tlv320adc3xxx: Don't strip remove function when driver is builtin Vaishnav Achath (1): arm64: dts: ti: k3-am62p-mcu/wakeup: Disable MCU and wakeup R5FSS nodes Viktor Malik (2): tools/resolve_btfids: Refactor set sorting with types from btf_ids.h tools/resolve_btfids: Fix cross-compilation to non-host endianness Vinicius Costa Gomes (2): igc: Fix missing time sync events igb: Fix missing time sync events Viresh Kumar (1): OPP: debugfs: Fix warning around icc_get_name() Wang Jianjian (1): quota: Fix potential NULL pointer dereference Wen Gong (1): wifi: ath11k: change to move WMI_VDEV_PARAM_SET_HEMU_MODE before WMI_PEER_ASSOC_CMDID Wenjie Qi (1): f2fs: fix NULL pointer dereference in f2fs_submit_page_write() William Kucharski (1): RDMA/srpt: Do not register event handler until srpt device is fully setup William Tu (2): devlink: Fix length of eswitch inline-mode vmxnet3: Fix missing reserved tailroom Xingyuan Mo (1): wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Xiubo Li (3): ceph: always queue a writeback when revoking the Fb caps ceph: add ceph_cap_unlink_work to fire check_caps() immediately ceph: stop copying to iter at EOF on sync reads Xiuhong Wang (2): f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks f2fs: compress: fix reserve_cblocks counting error when out of space Xuan Zhuo (1): virtio: packed: fix unmap leak for indirect desc table Yan Zhai (3): rcu: add a helper to report consolidated flavor QS net: report RCU QS on threaded NAPI repolling bpf: report RCU QS in cpumap kthread Yang Jihong (5): perf record: Fix possible incorrect free in record__switch_output() perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() Yang Yingliang (1): NTB: fix possible name leak in ntb_register_device() Yewon Choi (1): rds: introduce acquire/release ordering in acquire/release_in_xmit() Yifan Zhang (1): drm/amdgpu: add MMHUB 3.3.1 support Yihang Li (1): scsi: hisi_sas: Fix a deadlock issue related to automatic dump Yishai Hadas (1): RDMA/mlx5: Relax DEVX access upon modify commands Yonghong Song (1): bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly Yonglong Liu (1): net: hns3: fix kernel crash when 1588 is received on HIP08 devices Yu Kuai (5): md: remove flag RemoveSynchronized md/raid1: remove rcu protection to access rdev from conf md/raid1: factor out helpers to add rdev to conf md/raid1: record nonrot rdevs while adding/removing rdevs to conf md/raid1: fix choose next idle in read_balance() Yuxuan Hu (1): Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security Zhang Shurong (1): drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe Zhipeng Lu (10): wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() SUNRPC: fix a memleak in gss_import_v2_context SUNRPC: fix some memleaks in gssx_dec_option_array drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node drm/lima: fix a memleak in lima_heap_alloc media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: edia: dvbdev: fix a use-after-free media: go7007: fix a memleak in go7007_load_encoder media: ttpci: fix two memleaks in budget_av_attach rong.yan (1): wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band .../testing/sysfs-bus-pci-devices-aer_stats | 6 +- .../bindings/display/msm/qcom,mdss.yaml | 1 + Documentation/netlink/specs/devlink.yaml | 2 +- Documentation/netlink/specs/dpll.yaml | 1 + Makefile | 4 +- arch/arm/boot/dts/amazon/alpine.dtsi | 1 - arch/arm/boot/dts/arm/arm-realview-pb1176.dts | 2 +- arch/arm/boot/dts/aspeed/aspeed-g4.dtsi | 14 - arch/arm/boot/dts/aspeed/aspeed-g5.dtsi | 15 +- arch/arm/boot/dts/aspeed/aspeed-g6.dtsi | 18 +- arch/arm/boot/dts/broadcom/bcm-cygnus.dtsi | 3 + arch/arm/boot/dts/broadcom/bcm-hr2.dtsi | 1 + arch/arm/boot/dts/broadcom/bcm-nsp.dtsi | 2 + .../intel/ixp/intel-ixp42x-gateway-7001.dts | 2 + .../ixp/intel-ixp42x-goramo-multilink.dts | 2 + arch/arm/boot/dts/marvell/kirkwood-l-50.dts | 2 + .../arm/boot/dts/nuvoton/nuvoton-wpcm450.dtsi | 2 + .../boot/dts/nvidia/tegra30-apalis-v1.1.dtsi | 1 - arch/arm/boot/dts/nvidia/tegra30-apalis.dtsi | 1 - arch/arm/boot/dts/nvidia/tegra30-colibri.dtsi | 1 - .../boot/dts/nxp/imx/imx6dl-yapp4-common.dtsi | 25 +- arch/arm/boot/dts/nxp/imx/imx6q-b850v3.dts | 3 - arch/arm/boot/dts/nxp/imx/imx6q-bx50v3.dtsi | 2 +- arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi | 1 - .../arm/boot/dts/nxp/imx/imx6qdl-colibri.dtsi | 1 - arch/arm/boot/dts/nxp/imx/imx6qdl-emcon.dtsi | 1 - .../dts/nxp/imx/imx6qdl-phytec-pfla02.dtsi | 1 + .../nxp/imx/imx6qdl-phytec-phycore-som.dtsi | 1 + .../arm/boot/dts/nxp/imx/imx7d-pico-dwarf.dts | 1 + .../boot/dts/nxp/vf/vf610-zii-dev-rev-b.dts | 1 + arch/arm/boot/dts/qcom/qcom-msm8974.dtsi | 2 +- arch/arm/boot/dts/qcom/qcom-sdx55.dtsi | 8 +- arch/arm/boot/dts/renesas/r8a73a4-ape6evm.dts | 12 + arch/arm/boot/dts/renesas/r8a73a4.dtsi | 9 +- arch/arm/boot/dts/renesas/r8a7790-lager.dts | 1 + arch/arm/boot/dts/renesas/r8a7790-stout.dts | 1 + arch/arm/boot/dts/renesas/r8a7791-koelsch.dts | 1 + arch/arm/boot/dts/renesas/r8a7791-porter.dts | 1 + arch/arm/boot/dts/renesas/r8a7792-blanche.dts | 1 + arch/arm/boot/dts/renesas/r8a7793-gose.dts | 1 + arch/arm/boot/dts/renesas/r8a7794-alt.dts | 1 + arch/arm/boot/dts/renesas/r8a7794-silk.dts | 1 + arch/arm/boot/dts/rockchip/rv1108.dtsi | 8 - arch/arm/boot/dts/st/stm32429i-eval.dts | 1 - arch/arm/boot/dts/st/stm32mp157c-dk2.dts | 1 - .../boot/dts/ti/omap/am5729-beagleboneai.dts | 1 - arch/arm/crypto/sha256_glue.c | 13 +- arch/arm/crypto/sha512-glue.c | 12 +- arch/arm64/Kconfig | 2 +- .../dts/allwinner/sun50i-h6-beelink-gs1.dts | 2 + .../boot/dts/allwinner/sun50i-h6-tanix.dtsi | 2 + arch/arm64/boot/dts/allwinner/sun50i-h6.dtsi | 7 +- arch/arm64/boot/dts/amazon/alpine-v2.dtsi | 1 - arch/arm64/boot/dts/amazon/alpine-v3.dtsi | 1 - .../boot/dts/broadcom/bcmbca/bcm4908.dtsi | 3 - .../boot/dts/broadcom/northstar2/ns2.dtsi | 1 + .../boot/dts/broadcom/stingray/stingray.dtsi | 1 + .../dts/freescale/imx8mm-kontron-bl-osm-s.dts | 38 +- .../boot/dts/freescale/imx8mm-kontron-bl.dts | 38 +- .../dts/freescale/imx8mm-kontron-osm-s.dtsi | 6 +- .../boot/dts/freescale/imx8mm-kontron-sl.dtsi | 4 +- .../dts/freescale/imx8mm-venice-gw71xx.dtsi | 29 +- .../freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- arch/arm64/boot/dts/freescale/imx8mp-evk.dts | 33 +- .../boot/dts/freescale/imx8qm-ss-dma.dtsi | 29 +- arch/arm64/boot/dts/lg/lg1312.dtsi | 1 - arch/arm64/boot/dts/lg/lg1313.dtsi | 1 - arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 10 +- arch/arm64/boot/dts/marvell/armada-ap80x.dtsi | 1 - arch/arm64/boot/dts/marvell/armada-cp11x.dtsi | 10 +- .../dts/mediatek/mt7622-bananapi-bpi-r64.dts | 1 + arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 1 + .../dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 2 +- arch/arm64/boot/dts/mediatek/mt7986a-rfb.dts | 7 +- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7986b-rfb.dts | 7 +- .../dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 + .../dts/mediatek/mt8183-kukui-kodama.dtsi | 4 + .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 + .../arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 - arch/arm64/boot/dts/mediatek/mt8186.dtsi | 18 +- .../boot/dts/mediatek/mt8192-asurada.dtsi | 4 - arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 +- .../dts/mediatek/mt8195-cherry-tomato-r1.dts | 4 + .../dts/mediatek/mt8195-cherry-tomato-r2.dts | 4 + .../dts/mediatek/mt8195-cherry-tomato-r3.dts | 4 + arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 1 + .../nvidia/tegra234-p3737-0000+p3701-0000.dts | 2 +- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 8 +- arch/arm64/boot/dts/qcom/ipq8074.dtsi | 16 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 42 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 7 + arch/arm64/boot/dts/qcom/sa8540p.dtsi | 3 + arch/arm64/boot/dts/qcom/sc8180x.dtsi | 26 +- arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 2 +- .../boot/dts/qcom/sdm845-oneplus-common.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 7 + arch/arm64/boot/dts/qcom/sm8150.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 12 + arch/arm64/boot/dts/qcom/sm8550.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 88 +- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 12 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 22 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 22 +- arch/arm64/boot/dts/renesas/ulcb-kf.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 3 +- .../boot/dts/rockchip/rk3588-evb1-v10.dts | 1 + arch/arm64/boot/dts/rockchip/rk3588s.dtsi | 2 - arch/arm64/boot/dts/ti/Makefile | 1 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 9 +- arch/arm64/boot/dts/ti/k3-am62p-mcu.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am62p-wakeup.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 4 + arch/arm64/boot/dts/ti/k3-am64-main.dtsi | 11 +- .../boot/dts/ti/k3-am64-phycore-som.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am642-evm.dts | 6 +- .../dts/ti/k3-am642-phyboard-electra-rdk.dts | 1 + arch/arm64/boot/dts/ti/k3-am642-sk.dts | 4 +- .../dts/ti/k3-am642-tqma64xxl-mbax4xxl.dts | 1 - .../arm64/boot/dts/ti/k3-am642-tqma64xxl.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am69-sk.dts | 8 +- .../dts/ti/k3-j7200-common-proc-board.dts | 18 +- .../dts/ti/k3-j721s2-common-proc-board.dts | 2 - .../boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-j784s4-evm.dts | 2 - .../boot/dts/ti/k3-j784s4-mcu-wakeup.dtsi | 2 +- arch/arm64/include/asm/fpsimd.h | 12 +- arch/arm64/kernel/ptrace.c | 3 +- arch/mips/include/asm/ptrace.h | 1 + arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/include/asm/backlight.h | 5 +- arch/powerpc/include/asm/ppc_asm.h | 6 +- arch/powerpc/include/asm/vmalloc.h | 4 +- arch/powerpc/perf/hv-gpci.c | 29 +- .../platforms/embedded6xx/linkstation.c | 3 - arch/powerpc/platforms/embedded6xx/mpc10x.h | 3 + arch/powerpc/platforms/powermac/Kconfig | 2 +- arch/powerpc/platforms/powermac/backlight.c | 26 - arch/powerpc/platforms/ps3/Kconfig | 1 + arch/powerpc/platforms/ps3/hvcall.S | 18 +- .../pseries/papr_platform_attributes.c | 8 +- .../boot/dts/sifive/hifive-unmatched-a00.dts | 1 + arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/include/asm/syscall_wrapper.h | 53 +- arch/riscv/kernel/traps_misaligned.c | 2 +- arch/s390/kernel/cache.c | 1 + arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/vdso32/Makefile | 2 +- arch/s390/kernel/vdso64/Makefile | 2 +- arch/s390/kernel/vtime.c | 4 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/x86/events/amd/core.c | 1 - arch/x86/hyperv/hv_vtl.c | 26 +- arch/x86/include/asm/page.h | 6 +- arch/x86/include/asm/vsyscall.h | 10 + arch/x86/kernel/acpi/cppc.c | 2 +- arch/x86/kernel/cpu/resctrl/core.c | 10 +- arch/x86/kernel/cpu/resctrl/internal.h | 8 +- arch/x86/kernel/cpu/resctrl/monitor.c | 48 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 14 +- arch/x86/mm/fault.c | 9 - arch/x86/mm/maccess.c | 10 + arch/x86/mm/mem_encrypt_identity.c | 10 +- arch/x86/tools/relocs.c | 8 + arch/x86/xen/smp.c | 12 + block/holder.c | 12 +- block/opal_proto.h | 1 + block/sed-opal.c | 6 +- crypto/Kconfig | 5 +- drivers/acpi/processor_idle.c | 2 + drivers/acpi/resource.c | 33 + drivers/acpi/scan.c | 8 +- drivers/base/regmap/regmap-kunit.c | 54 +- drivers/block/aoe/aoecmd.c | 12 +- drivers/block/aoe/aoenet.c | 1 + drivers/block/nbd.c | 6 + drivers/bluetooth/btmtk.c | 4 +- drivers/bluetooth/btusb.c | 10 +- drivers/bluetooth/hci_h5.c | 5 +- drivers/bluetooth/hci_qca.c | 6 +- drivers/bluetooth/hci_serdev.c | 9 +- drivers/bluetooth/hci_uart.h | 12 +- drivers/bus/Kconfig | 5 +- drivers/bus/mhi/ep/main.c | 2 +- drivers/char/xilinx_hwicap/xilinx_hwicap.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/clk-hi3519.c | 2 +- drivers/clk/hisilicon/clk-hi3559a.c | 1 - drivers/clk/imx/clk-imx8mp-audiomix.c | 11 +- drivers/clk/mediatek/clk-mt7622-apmixedsys.c | 1 - drivers/clk/mediatek/clk-mt7981-topckgen.c | 5 +- drivers/clk/mediatek/clk-mt8135-apmixedsys.c | 4 +- drivers/clk/mediatek/clk-mt8183.c | 2 +- drivers/clk/meson/axg.c | 2 + drivers/clk/qcom/dispcc-sdm845.c | 2 + drivers/clk/qcom/gcc-ipq5018.c | 6 +- drivers/clk/qcom/reset.c | 27 +- drivers/clk/renesas/r8a779f0-cpg-mssr.c | 2 +- drivers/clk/renesas/r8a779g0-cpg-mssr.c | 11 +- drivers/clk/renesas/r9a07g043-cpg.c | 2 +- drivers/clk/renesas/r9a07g044-cpg.c | 2 +- drivers/clk/samsung/clk-exynos850.c | 33 +- drivers/clk/zynq/clkc.c | 8 +- drivers/comedi/drivers/comedi_8255.c | 1 + drivers/comedi/drivers/comedi_test.c | 30 +- drivers/cpufreq/Kconfig.arm | 1 + drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 + drivers/cpufreq/cpufreq.c | 18 +- drivers/cpufreq/freq_table.c | 2 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 19 +- drivers/crypto/ccp/platform-access.c | 11 +- .../intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 37 +- .../intel/qat/qat_common/adf_cfg_services.c | 27 + .../intel/qat/qat_common/adf_cfg_services.h | 4 + .../crypto/intel/qat/qat_common/adf_clock.c | 3 + .../intel/qat/qat_common/adf_cnv_dbgfs.c | 1 - .../intel/qat/qat_common/adf_gen4_ras.c | 6 +- .../intel/qat/qat_common/qat_comp_algs.c | 9 - drivers/crypto/xilinx/zynqmp-aes-gcm.c | 3 + drivers/cxl/core/region.c | 62 +- drivers/dma/Kconfig | 14 +- drivers/dpll/dpll_core.c | 8 +- drivers/firewire/core-card.c | 14 +- drivers/firmware/arm_scmi/smc.c | 7 + drivers/firmware/efi/libstub/x86-stub.c | 7 +- drivers/gpio/Kconfig | 3 +- drivers/gpio/gpiolib-devres.c | 2 +- drivers/gpio/gpiolib.c | 14 +- drivers/gpio/gpiolib.h | 8 + drivers/gpu/drm/Kconfig | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 6 +- drivers/gpu/drm/amd/amdgpu/atom.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 1 + drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 23 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 45 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../display/dc/dml2/dml2_translation_helper.c | 9 +- .../amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 7 +- .../link/protocols/link_edp_panel_control.c | 3 +- .../gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/ci/test.yml | 5 +- drivers/gpu/drm/drm_buddy.c | 6 +- drivers/gpu/drm/lima/lima_gem.c | 23 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 12 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 10 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 11 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 7 + .../drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 7 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.c | 19 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 16 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 12 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.h | 10 +- .../gpu/drm/msm/disp/dpu1/dpu_hw_dsc_1_2.c | 7 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c | 16 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.h | 12 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 31 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.h | 12 +- .../gpu/drm/msm/disp/dpu1/dpu_hw_merge3d.c | 14 +- .../gpu/drm/msm/disp/dpu1/dpu_hw_merge3d.h | 13 +- .../gpu/drm/msm/disp/dpu1/dpu_hw_pingpong.c | 15 +- .../gpu/drm/msm/disp/dpu1/dpu_hw_pingpong.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c | 17 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.h | 16 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 17 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.h | 8 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_wb.c | 15 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_wb.h | 13 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 19 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 - drivers/gpu/drm/msm/disp/dpu1/dpu_rm.c | 90 +- drivers/gpu/drm/msm/disp/dpu1/dpu_rm.h | 11 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 + .../drm/nouveau/nvkm/subdev/devinit/r535.c | 1 - .../gpu/drm/panel/panel-boe-tv101wum-nl6.c | 2 + drivers/gpu/drm/panel/panel-edp.c | 3 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/rockchip/inno_hdmi.c | 4 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 3 +- drivers/gpu/drm/tegra/dpaux.c | 14 +- drivers/gpu/drm/tegra/dsi.c | 59 +- drivers/gpu/drm/tegra/fb.c | 1 + drivers/gpu/drm/tegra/hdmi.c | 20 +- drivers/gpu/drm/tegra/output.c | 16 +- drivers/gpu/drm/tegra/rgb.c | 18 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 + drivers/gpu/drm/tidss/tidss_plane.c | 2 +- drivers/gpu/drm/vkms/vkms_composer.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 5 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 30 +- drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 6 +- drivers/hid/hid-lenovo.c | 57 +- drivers/hid/hid-logitech-hidpp.c | 13 +- drivers/hid/hid-multitouch.c | 4 + drivers/hv/Kconfig | 1 + drivers/hwtracing/coresight/coresight-core.c | 30 +- .../hwtracing/coresight/coresight-etm-perf.c | 2 +- .../coresight/coresight-etm4x-core.c | 10 +- drivers/hwtracing/coresight/coresight-priv.h | 2 +- drivers/hwtracing/ptt/hisi_ptt.c | 6 +- drivers/i3c/master/dw-i3c-master.c | 4 +- drivers/iio/industrialio-gts-helper.c | 15 +- drivers/iio/pressure/mprls0025pa.c | 4 +- drivers/infiniband/core/device.c | 37 +- drivers/infiniband/hw/hns/hns_roce_device.h | 17 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 3 +- drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/wr.c | 2 +- drivers/infiniband/ulp/rtrs/rtrs-clt-sysfs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/keyboard/gpio_keys_polled.c | 10 +- drivers/input/misc/iqs7222.c | 112 ++ drivers/iommu/Kconfig | 2 +- drivers/iommu/amd/init.c | 3 + .../iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 8 +- drivers/iommu/intel/Makefile | 2 + drivers/iommu/intel/pasid.c | 3 + drivers/iommu/irq_remapping.c | 3 +- drivers/leds/flash/leds-sgm3140.c | 3 + drivers/leds/leds-aw2013.c | 1 + drivers/md/dm-bufio.c | 6 +- drivers/md/dm-crypt.c | 4 +- drivers/md/dm-integrity.c | 30 +- drivers/md/dm-io.c | 23 +- drivers/md/dm-kcopyd.c | 4 +- drivers/md/dm-log.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/dm-raid1.c | 6 +- drivers/md/dm-snap-persistent.c | 4 +- drivers/md/dm-verity-target.c | 2 +- drivers/md/dm-verity.h | 4 +- drivers/md/dm-writecache.c | 8 +- drivers/md/dm.c | 26 +- drivers/md/md-multipath.c | 9 - drivers/md/md.c | 52 +- drivers/md/md.h | 6 +- drivers/md/raid1.c | 199 +-- drivers/md/raid1.h | 1 + drivers/md/raid10.c | 9 - drivers/md/raid5.c | 9 - drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 52 +- drivers/media/dvb-core/dvbdev.c | 5 + drivers/media/dvb-frontends/stv0367.c | 34 +- drivers/media/i2c/imx290.c | 16 +- drivers/media/i2c/tc358743.c | 7 +- drivers/media/pci/intel/ivsc/mei_csi.c | 4 +- drivers/media/pci/ttpci/budget-av.c | 8 +- drivers/media/platform/cadence/cdns-csi2rx.c | 2 +- .../media/platform/mediatek/mdp/mtk_mdp_vpu.c | 2 +- .../vcodec/common/mtk_vcodec_fw_vpu.c | 10 +- drivers/media/platform/mediatek/vpu/mtk_vpu.c | 2 +- drivers/media/platform/mediatek/vpu/mtk_vpu.h | 2 +- .../platform/rockchip/rkisp1/rkisp1-capture.c | 3 + .../platform/rockchip/rkisp1/rkisp1-common.h | 2 + .../platform/rockchip/rkisp1/rkisp1-csi.c | 3 + .../platform/rockchip/rkisp1/rkisp1-dev.c | 22 + .../platform/rockchip/rkisp1/rkisp1-isp.c | 3 + .../media/platform/sunxi/sun8i-di/sun8i-di.c | 69 +- drivers/media/usb/em28xx/em28xx-cards.c | 4 + drivers/media/usb/go7007/go7007-driver.c | 8 +- drivers/media/usb/go7007/go7007-usb.c | 4 +- drivers/media/usb/pvrusb2/pvrusb2-context.c | 10 +- drivers/media/usb/pvrusb2/pvrusb2-dvb.c | 6 +- drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 11 +- drivers/media/v4l2-core/v4l2-cci.c | 4 +- drivers/media/v4l2-core/v4l2-mem2mem.c | 10 +- drivers/memory/tegra/tegra234.c | 16 +- drivers/mfd/altera-sysmgr.c | 4 +- drivers/mfd/cs42l43.c | 72 +- drivers/mfd/syscon.c | 4 +- drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c | 8 +- drivers/mmc/host/wmt-sdmmc.c | 4 - drivers/mtd/maps/physmap-core.c | 2 +- drivers/mtd/nand/raw/lpc32xx_mlc.c | 5 +- drivers/mtd/nand/spi/esmt.c | 9 +- drivers/net/can/m_can/m_can.c | 23 +- drivers/net/dsa/microchip/ksz_common.c | 10 +- drivers/net/dsa/mt7530.c | 60 +- drivers/net/dsa/mt7530.h | 22 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 - .../net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 6 +- .../net/ethernet/hisilicon/hns3/hns3_dcbnl.c | 2 +- .../hisilicon/hns3/hns3pf/hclge_main.c | 5 +- .../hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 24 +- drivers/net/ethernet/intel/igb/igb_main.c | 23 +- drivers/net/ethernet/intel/igc/igc_main.c | 12 +- .../net/ethernet/marvell/octeontx2/af/cgx.c | 2 +- .../net/ethernet/marvell/octeontx2/af/mbox.c | 43 +- .../net/ethernet/marvell/octeontx2/af/mbox.h | 6 + .../marvell/octeontx2/af/mcs_rvu_if.c | 17 +- .../net/ethernet/marvell/octeontx2/af/rvu.c | 31 +- .../net/ethernet/marvell/octeontx2/af/rvu.h | 2 + .../ethernet/marvell/octeontx2/af/rvu_cgx.c | 20 +- .../marvell/octeontx2/nic/otx2_common.c | 2 +- .../marvell/octeontx2/nic/otx2_common.h | 2 +- .../ethernet/marvell/octeontx2/nic/otx2_pf.c | 119 +- .../ethernet/marvell/octeontx2/nic/otx2_vf.c | 71 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 7 +- drivers/net/ethernet/mediatek/mtk_ppe.c | 18 +- .../ethernet/netronome/nfp/flower/lag_conf.c | 5 + .../net/ethernet/wangxun/txgbe/txgbe_phy.c | 2 +- drivers/net/phy/dp83822.c | 37 +- drivers/net/phy/phy_device.c | 6 +- drivers/net/usb/smsc95xx.c | 5 + drivers/net/usb/sr9800.c | 4 +- drivers/net/veth.c | 18 - drivers/net/vmxnet3/vmxnet3_xdp.c | 6 +- drivers/net/wireguard/receive.c | 6 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 + drivers/net/wireless/ath/ath11k/mac.c | 17 +- drivers/net/wireless/ath/ath12k/core.h | 2 +- drivers/net/wireless/ath/ath12k/dbring.c | 2 +- drivers/net/wireless/ath/ath12k/debug.c | 2 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 2 +- drivers/net/wireless/ath/ath12k/hal.c | 6 +- drivers/net/wireless/ath/ath12k/hal.h | 2 +- drivers/net/wireless/ath/ath12k/hal_rx.c | 2 +- drivers/net/wireless/ath/ath12k/hif.h | 2 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/hw.h | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 6 +- drivers/net/wireless/ath/ath12k/mac.h | 2 +- drivers/net/wireless/ath/ath12k/mhi.c | 2 +- drivers/net/wireless/ath/ath12k/pci.c | 2 +- drivers/net/wireless/ath/ath12k/pci.h | 2 +- drivers/net/wireless/ath/ath12k/peer.h | 2 +- drivers/net/wireless/ath/ath12k/qmi.c | 2 +- drivers/net/wireless/ath/ath12k/qmi.h | 2 +- drivers/net/wireless/ath/ath12k/reg.c | 6 +- drivers/net/wireless/ath/ath12k/reg.h | 2 +- drivers/net/wireless/ath/ath12k/rx_desc.h | 2 +- drivers/net/wireless/ath/ath12k/wmi.c | 2 +- drivers/net/wireless/ath/ath9k/htc.h | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 4 + drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 4 - drivers/net/wireless/ath/ath9k/wmi.c | 10 +- drivers/net/wireless/broadcom/b43/b43.h | 16 + drivers/net/wireless/broadcom/b43/dma.c | 4 +- drivers/net/wireless/broadcom/b43/main.c | 16 +- drivers/net/wireless/broadcom/b43/pio.c | 6 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 + .../broadcom/brcm80211/brcmsmac/phy/phy_cmn.c | 3 +- .../broadcom/brcm80211/brcmsmac/phy_shim.c | 5 +- .../broadcom/brcm80211/brcmsmac/phy_shim.h | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.h | 2 +- .../net/wireless/intel/iwlwifi/fw/api/txq.h | 12 +- drivers/net/wireless/intel/iwlwifi/fw/pnvm.c | 30 +- .../net/wireless/intel/iwlwifi/fw/runtime.h | 2 +- .../net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 + .../wireless/intel/iwlwifi/iwl-nvm-parse.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 21 +- .../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 11 + .../net/wireless/intel/iwlwifi/mvm/mac80211.c | 25 +- .../net/wireless/intel/iwlwifi/mvm/mld-key.c | 18 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 26 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 28 + drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 3 +- .../wireless/intel/iwlwifi/mvm/time-event.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 81 +- drivers/net/wireless/marvell/libertas/cmd.c | 13 +- .../net/wireless/marvell/mwifiex/debugfs.c | 3 - .../wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +- .../wireless/mediatek/mt76/mt76_connac_mcu.h | 28 + .../net/wireless/mediatek/mt76/mt7921/mcu.c | 4 +- .../net/wireless/mediatek/mt76/mt7921/pci.c | 1 + .../net/wireless/mediatek/mt76/mt7925/main.c | 26 +- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 176 +-- .../net/wireless/mediatek/mt76/mt7925/mcu.h | 92 +- .../net/wireless/mediatek/mt76/mt7925/pci.c | 3 + .../wireless/mediatek/mt76/mt792x_acpi_sar.c | 26 +- .../net/wireless/mediatek/mt76/mt792x_core.c | 1 + .../net/wireless/mediatek/mt76/mt792x_dma.c | 15 +- .../net/wireless/mediatek/mt76/mt792x_regs.h | 8 + .../net/wireless/mediatek/mt76/mt7996/init.c | 7 +- .../net/wireless/mediatek/mt76/mt7996/mac.c | 76 +- .../net/wireless/mediatek/mt76/mt7996/main.c | 12 +- .../net/wireless/mediatek/mt76/mt7996/mcu.c | 157 ++- .../net/wireless/mediatek/mt76/mt7996/mcu.h | 17 + .../wireless/mediatek/mt76/mt7996/mt7996.h | 6 +- .../wireless/microchip/wilc1000/cfg80211.c | 12 +- drivers/net/wireless/microchip/wilc1000/hif.c | 40 +- .../net/wireless/microchip/wilc1000/netdev.c | 38 +- drivers/net/wireless/microchip/wilc1000/spi.c | 6 +- .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 1 + drivers/net/wireless/realtek/rtw88/main.c | 2 - drivers/net/wireless/realtek/rtw88/phy.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8821c.c | 2 +- drivers/net/wireless/realtek/rtw88/usb.c | 40 + drivers/net/wireless/silabs/wfx/sta.c | 15 +- drivers/ntb/core.c | 8 +- drivers/nvme/host/core.c | 6 +- drivers/nvme/host/fabrics.h | 7 - drivers/opp/debugfs.c | 6 +- drivers/pci/controller/pcie-brcmstb.c | 2 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/pci.h | 5 - drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 1 + drivers/pci/switch/switchtec.c | 4 +- drivers/perf/arm-cmn.c | 11 + drivers/perf/cxl_pmu.c | 10 +- drivers/perf/riscv_pmu_sbi.c | 8 +- drivers/pinctrl/mediatek/pinctrl-mt8186.c | 1 - drivers/pinctrl/mediatek/pinctrl-mt8192.c | 1 - drivers/pinctrl/nomadik/pinctrl-nomadik.c | 6 +- drivers/pinctrl/renesas/core.c | 4 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 14 + drivers/platform/x86/p2sb.c | 25 +- .../platform/x86/x86-android-tablets/other.c | 4 +- drivers/pmdomain/qcom/rpmhpd.c | 1 - drivers/power/supply/mm8013.c | 13 +- drivers/powercap/dtpm_cpu.c | 2 +- drivers/pwm/pwm-atmel-hlcdc.c | 2 +- drivers/pwm/pwm-sti.c | 11 +- drivers/regulator/max5970-regulator.c | 8 +- drivers/regulator/userspace-consumer.c | 1 + drivers/remoteproc/stm32_rproc.c | 6 +- drivers/rtc/Kconfig | 3 +- drivers/rtc/lib_test.c | 2 +- drivers/s390/block/dasd.c | 55 +- drivers/scsi/bfa/bfa.h | 9 +- drivers/scsi/bfa/bfa_core.c | 4 +- drivers/scsi/bfa/bfa_ioc.h | 8 +- drivers/scsi/bfa/bfad_bsg.c | 11 +- drivers/scsi/csiostor/csio_defs.h | 18 +- drivers/scsi/csiostor/csio_lnode.c | 8 +- drivers/scsi/csiostor/csio_lnode.h | 13 - drivers/scsi/hisi_sas/hisi_sas_main.c | 12 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +- drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/soc/microchip/Kconfig | 2 +- drivers/soc/qcom/llcc-qcom.c | 2 + drivers/soc/qcom/pmic_glink_altmode.c | 16 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-cadence-quadspi.c | 24 +- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/spi/spi-imx.c | 4 +- drivers/spi/spi-intel-pci.c | 1 + drivers/spi/spi-mt65xx.c | 22 +- drivers/staging/greybus/light.c | 8 +- .../staging/media/imx/imx-media-csc-scaler.c | 1 + .../staging/media/sunxi/cedrus/cedrus_h265.c | 10 +- drivers/thermal/mediatek/lvts_thermal.c | 4 +- drivers/thermal/qoriq_thermal.c | 12 +- drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/max310x.c | 2 +- drivers/tty/serial/samsung_tty.c | 5 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/net2272.c | 2 +- drivers/usb/phy/phy-generic.c | 7 + drivers/vdpa/mlx5/net/mlx5_vnet.c | 13 +- drivers/vdpa/vdpa_sim/vdpa_sim.c | 3 +- drivers/video/backlight/da9052_bl.c | 1 + drivers/video/backlight/ktz8866.c | 6 +- drivers/video/backlight/lm3630a_bl.c | 15 +- drivers/video/backlight/lm3639_bl.c | 1 + drivers/video/backlight/lp8788_bl.c | 1 + drivers/virtio/virtio_ring.c | 6 +- drivers/watchdog/starfive-wdt.c | 9 +- drivers/watchdog/stm32_iwdg.c | 3 + drivers/xen/events/events_base.c | 22 +- drivers/xen/evtchn.c | 6 + fs/afs/dir.c | 10 - fs/bcachefs/btree_iter.c | 4 +- fs/bcachefs/chardev.c | 3 +- fs/bcachefs/errcode.h | 1 + fs/bcachefs/mean_and_variance.h | 2 +- fs/bcachefs/super-io.c | 27 +- fs/btrfs/block-rsv.c | 2 +- fs/btrfs/block-rsv.h | 32 + fs/btrfs/space-info.c | 26 +- fs/btrfs/zoned.c | 9 + fs/ceph/caps.c | 65 +- fs/ceph/file.c | 23 +- fs/ceph/mds_client.c | 48 + fs/ceph/mds_client.h | 5 + fs/erofs/fscache.c | 20 +- fs/erofs/internal.h | 1 - fs/erofs/super.c | 30 +- fs/ext2/ext2.h | 2 +- fs/ext2/super.c | 2 +- fs/ext4/ext4.h | 2 +- fs/ext4/super.c | 2 +- fs/f2fs/checkpoint.c | 5 +- fs/f2fs/compress.c | 43 +- fs/f2fs/data.c | 73 +- fs/f2fs/dir.c | 5 +- fs/f2fs/f2fs.h | 109 +- fs/f2fs/file.c | 94 +- fs/f2fs/gc.c | 7 +- fs/f2fs/inode.c | 57 +- fs/f2fs/namei.c | 25 +- fs/f2fs/node.c | 20 +- fs/f2fs/recovery.c | 33 +- fs/f2fs/segment.c | 25 +- fs/f2fs/segment.h | 17 +- fs/f2fs/super.c | 17 +- fs/fcntl.c | 12 +- fs/fhandle.c | 2 +- fs/iomap/buffered-io.c | 18 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/super.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 2 +- fs/nfs/fscache.c | 9 +- fs/nfs/nfs42.h | 7 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfsroot.c | 4 +- fs/nfs/pnfs_nfs.c | 44 +- fs/ocfs2/inode.h | 2 +- fs/ocfs2/super.c | 2 +- fs/overlayfs/params.c | 14 +- fs/pstore/inode.c | 76 +- fs/quota/dquot.c | 159 ++- fs/reiserfs/reiserfs.h | 2 +- fs/reiserfs/super.c | 2 +- fs/select.c | 2 +- fs/smb/client/file.c | 295 +++-- include/drm/drm_fixed.h | 5 +- include/drm/drm_kunit_helpers.h | 2 + include/dt-bindings/clock/r8a779g0-cpg-mssr.h | 1 + include/linux/dm-io.h | 3 +- include/linux/f2fs_fs.h | 1 + include/linux/filter.h | 21 +- include/linux/fs.h | 11 +- include/linux/io_uring.h | 9 +- include/linux/io_uring_types.h | 3 - include/linux/mlx5/qp.h | 5 +- include/linux/moduleloader.h | 8 + include/linux/pci.h | 5 + include/linux/poll.h | 4 - include/linux/rcupdate.h | 31 + include/linux/shmem_fs.h | 2 +- include/linux/workqueue.h | 35 +- include/net/bluetooth/hci.h | 2 - include/net/bluetooth/hci_core.h | 1 + include/net/bluetooth/hci_sync.h | 2 +- include/net/bluetooth/l2cap.h | 42 - include/soc/qcom/qcom-spmi-pmic.h | 2 +- include/sound/tas2781.h | 5 + init/main.c | 5 +- io_uring/filetable.c | 11 +- io_uring/io_uring.c | 161 +-- io_uring/io_uring.h | 1 - io_uring/net.c | 260 ++-- io_uring/poll.c | 4 +- io_uring/rsrc.c | 169 +-- io_uring/rsrc.h | 15 - kernel/bpf/btf.c | 3 + kernel/bpf/core.c | 7 +- kernel/bpf/cpumap.c | 3 + kernel/bpf/devmap.c | 11 +- kernel/bpf/hashtab.c | 14 +- kernel/bpf/helpers.c | 4 +- kernel/bpf/stackmap.c | 9 +- kernel/bpf/verifier.c | 2 + kernel/module/main.c | 9 +- kernel/printk/internal.h | 1 + kernel/printk/nbcon.c | 41 +- kernel/printk/printk.c | 74 +- kernel/printk/printk_ringbuffer.c | 313 ++++- kernel/printk/printk_ringbuffer.h | 38 +- kernel/rcu/tree.c | 3 + kernel/rcu/tree_exp.h | 25 +- kernel/sched/fair.c | 16 +- kernel/time/time_test.c | 2 +- kernel/time/timekeeping.c | 24 +- kernel/workqueue.c | 755 ++++++++++-- lib/cmdline_kunit.c | 2 +- lib/kunit/executor_test.c | 2 +- lib/memcpy_kunit.c | 4 +- lib/test_blackhole_dev.c | 3 +- mm/shmem.c | 2 +- net/bluetooth/Kconfig | 8 - net/bluetooth/Makefile | 1 - net/bluetooth/a2mp.c | 1054 ---------------- net/bluetooth/a2mp.h | 154 --- net/bluetooth/af_bluetooth.c | 10 +- net/bluetooth/amp.c | 590 --------- net/bluetooth/amp.h | 60 - net/bluetooth/eir.c | 29 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_core.c | 126 +- net/bluetooth/hci_event.c | 43 +- net/bluetooth/hci_request.c | 2 +- net/bluetooth/hci_sync.c | 41 +- net/bluetooth/l2cap_core.c | 1069 +---------------- net/bluetooth/l2cap_sock.c | 18 +- net/bluetooth/mgmt.c | 101 +- net/bluetooth/msft.c | 3 + net/bluetooth/rfcomm/core.c | 2 +- net/core/dev.c | 5 +- net/core/gso_test.c | 2 +- net/core/scm.c | 2 +- net/core/skbuff.c | 8 + net/core/sock_diag.c | 10 +- net/devlink/core.c | 4 +- net/devlink/devl_internal.h | 21 +- net/devlink/health.c | 3 +- net/devlink/netlink.c | 41 +- net/devlink/netlink_gen.c | 2 +- net/devlink/port.c | 2 +- net/devlink/region.c | 3 +- net/hsr/hsr_framereg.c | 4 + net/hsr/hsr_main.c | 15 +- net/ipv4/inet_diag.c | 6 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/inet_timewait_sock.c | 41 +- net/ipv4/ip_tunnel.c | 15 +- net/ipv4/ipmr.c | 4 +- net/ipv4/raw.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_minisocks.c | 4 - net/ipv4/udp.c | 4 +- net/ipv6/fib6_rules.c | 6 + net/ipv6/mcast.c | 1 - net/iucv/iucv.c | 4 +- net/kcm/kcmsock.c | 3 +- net/l2tp/l2tp_ppp.c | 4 +- net/mac80211/mlme.c | 4 +- net/mac80211/rate.c | 3 +- net/mctp/route.c | 3 + net/netfilter/nf_tables_api.c | 29 +- net/netfilter/nft_set_pipapo.c | 5 +- net/packet/af_packet.c | 4 +- net/rds/send.c | 5 +- net/sched/sch_taprio.c | 3 +- net/sunrpc/addr.c | 4 +- net/sunrpc/auth_gss/gss_krb5_mech.c | 11 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +- net/unix/garbage.c | 2 +- net/unix/scm.c | 4 +- net/x25/af_x25.c | 4 +- net/xfrm/xfrm_device.c | 3 +- net/xfrm/xfrm_output.c | 6 +- net/xfrm/xfrm_policy.c | 4 +- scripts/clang-tools/gen_compile_commands.py | 2 +- scripts/kconfig/lexer.l | 7 +- sound/core/seq/seq_midi.c | 8 +- sound/core/seq/seq_virmidi.c | 9 +- sound/pci/hda/cs35l41_hda_property.c | 20 +- sound/pci/hda/patch_realtek.c | 66 + sound/pci/hda/tas2781_hda_i2c.c | 62 +- sound/soc/amd/acp/acp-sof-mach.c | 14 +- sound/soc/amd/yc/acp6x-mach.c | 28 + sound/soc/codecs/cs42l43.c | 5 +- sound/soc/codecs/rt5645.c | 10 + sound/soc/codecs/tas2781-comlib.c | 15 + sound/soc/codecs/tlv320adc3xxx.c | 4 +- sound/soc/codecs/wm8962.c | 29 +- sound/soc/intel/boards/bytcr_rt5640.c | 12 + sound/soc/meson/aiu.c | 19 +- sound/soc/meson/aiu.h | 1 - sound/soc/meson/axg-tdm-interface.c | 29 +- sound/soc/meson/t9015.c | 20 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 352 +----- sound/soc/sh/rz-ssi.c | 2 +- sound/soc/sof/amd/acp.c | 28 +- sound/soc/sof/ipc3-loader.c | 2 + sound/soc/sof/ipc4-pcm.c | 13 +- sound/usb/stream.c | 5 +- tools/bpf/bpftool/prog.c | 2 +- tools/bpf/resolve_btfids/main.c | 70 +- tools/include/linux/btf_ids.h | 9 + tools/lib/bpf/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 4 + tools/lib/bpf/libbpf_internal.h | 14 + tools/lib/bpf/netlink.c | 4 +- tools/objtool/check.c | 12 + tools/perf/Makefile.perf | 2 +- tools/perf/builtin-record.c | 35 +- tools/perf/builtin-top.c | 1 + tools/perf/util/data.c | 2 - tools/perf/util/evlist.c | 25 + tools/perf/util/evlist.h | 1 + tools/perf/util/evsel.c | 1 - tools/perf/util/expr.c | 20 +- tools/perf/util/pmu.c | 19 +- tools/perf/util/print-events.c | 27 +- tools/perf/util/srcline.c | 2 + tools/perf/util/stat-display.c | 2 +- tools/perf/util/stat-shadow.c | 7 +- tools/perf/util/thread_map.c | 2 +- .../selftests/bpf/bpf_testmod/bpf_testmod.c | 9 + .../selftests/bpf/prog_tests/lwt_redirect.c | 1 + .../selftests/bpf/prog_tests/tc_redirect.c | 90 +- .../bpf/progs/test_global_func_ctx_args.c | 19 + .../selftests/bpf/progs/test_map_in_map.c | 26 + tools/testing/selftests/bpf/test_maps.c | 6 +- tools/testing/selftests/bpf/trace_helpers.c | 2 +- tools/testing/selftests/net/forwarding/config | 35 + .../net/forwarding/vxlan_bridge_1d_ipv6.sh | 4 +- .../net/forwarding/vxlan_bridge_1q_ipv6.sh | 4 +- .../selftests/net/openvswitch/openvswitch.sh | 13 + .../selftests/net/openvswitch/ovs-dpctl.py | 71 +- tools/testing/selftests/net/tls.c | 8 +- 816 files changed, 7409 insertions(+), 7736 deletions(-) delete mode 100644 net/bluetooth/a2mp.c delete mode 100644 net/bluetooth/a2mp.h delete mode 100644 net/bluetooth/amp.c delete mode 100644 net/bluetooth/amp.h -- 2.43.0

1 year, 7 months

3
715
0 0

[PATCH 1/2] drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. Cc: stable(a)vger.kernel.org Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10464 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_bios.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index c7841b3eede8..c13a98431a7b 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -3458,6 +3458,9 @@ bool intel_bios_encoder_supports_dp_dual_mode(const struct intel_bios_encoder_da { const struct child_device_config *child = &devdata->child; + if (!devdata) + return false; + if (!intel_bios_encoder_supports_dp(devdata) || !intel_bios_encoder_supports_hdmi(devdata)) return false; -- 2.43.2

1 year, 7 months

3
3
0 0

[PATCH v2] mtd: limit OTP NVMEM Cell parse to non Nand devices

by Christian Marangi

MTD OTP logic is very fragile and can be problematic with some specific kind of devices. NVMEM across the years had various iteration on how Cells could be declared in DT and MTD OTP probably was left behind and add_legacy_fixed_of_cells was enabled without thinking of the consequences. That option enables NVMEM to scan the provided of_node and treat each child as a NVMEM Cell, this was to support legacy NVMEM implementation and don't cause regression. This is problematic if we have devices like Nand where the OTP is triggered by setting a special mode in the flash. In this context real partitions declared in the Nand node are registered as OTP Cells and this cause probe fail with -EINVAL error. This was never notice due to the fact that till now, no Nand supported the OTP feature. With commit e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") this changed and coincidentally this Nand is used on an FritzBox 7530 supported on OpenWrt. Alternative and more robust way to declare OTP Cells are already prossible by using the fixed-layout node or by declaring a child node with the compatible set to "otp-user" or "otp-factory". To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we have a node called nand since it's the standard property name to identify Nand devices attached to a Nand Controller. With the following logic, the OTP NVMEM entry is correctly created with no Cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") Cc: <stable(a)vger.kernel.org> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 7 months

2
4
0 0

[PATCH] mtd: rawnand: qcom: Fix broken misc_cmd_type in exec_op

by Christian Marangi

misc_cmd_type in exec_op have multiple problems. With commit a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path") it was reworked and generalized but actually dropped the handling of the RESET_DEVICE command. The rework itself was correct with supporting case where a single misc command is handled, but became problematic by the addition of exiting early if we didn't had an ERASE or an OP_PROGRAM_PAGE operation. Also additional logic was added without clear explaination causing the erase command to be broken on testing it on a ipq806x nandc. Add some additional logic to restore RESET_DEVICE command handling and fix erase command. Fixes: a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/mtd/nand/raw/qcom_nandc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index b079605c84d3..b8cff9240b28 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -2815,7 +2815,7 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub host->cfg0_raw & ~(7 << CW_PER_PAGE)); nandc_set_reg(chip, NAND_DEV0_CFG1, host->cfg1_raw); instrs = 3; - } else { + } else if (q_op.cmd_reg != OP_RESET_DEVICE) { return 0; } @@ -2830,9 +2830,8 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub nandc_set_reg(chip, NAND_EXEC_CMD, 1); write_reg_dma(nandc, NAND_FLASH_CMD, instrs, NAND_BAM_NEXT_SGL); - (q_op.cmd_reg == OP_BLOCK_ERASE) ? write_reg_dma(nandc, NAND_DEV0_CFG0, - 2, NAND_BAM_NEXT_SGL) : read_reg_dma(nandc, - NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); + if (q_op.cmd_reg == OP_BLOCK_ERASE) + write_reg_dma(nandc, NAND_DEV0_CFG0, 2, NAND_BAM_NEXT_SGL); write_reg_dma(nandc, NAND_EXEC_CMD, 1, NAND_BAM_NEXT_SGL); read_reg_dma(nandc, NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); -- 2.43.0

1 year, 7 months

3
3
0 0

[git:media_stage/master] media: rc: bpf attach/detach requires write permission

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: rc: bpf attach/detach requires write permission Author: Sean Young <sean(a)mess.org> Date: Thu Apr 13 10:50:32 2023 +0200 Note that bpf attach/detach also requires CAP_NET_ADMIN. Cc: stable(a)vger.kernel.org Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/rc/bpf-lirc.c | 6 +++--- drivers/media/rc/lirc_dev.c | 5 ++++- drivers/media/rc/rc-core-priv.h | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c index fe17c7f98e81..52d82cbe7685 100644 --- a/drivers/media/rc/bpf-lirc.c +++ b/drivers/media/rc/bpf-lirc.c @@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog) if (attr->attach_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); @@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_attr *attr) if (IS_ERR(prog)) return PTR_ERR(prog); - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) { bpf_prog_put(prog); return PTR_ERR(rcdev); @@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr) if (attr->query.query_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->query.target_fd); + rcdev = rc_dev_get_from_fd(attr->query.target_fd, false); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index a537734832c5..caad59f76793 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void) unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX); } -struct rc_dev *rc_dev_get_from_fd(int fd) +struct rc_dev *rc_dev_get_from_fd(int fd, bool write) { struct fd f = fdget(fd); struct lirc_fh *fh; @@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd) return ERR_PTR(-EINVAL); } + if (write && !(f.file->f_mode & FMODE_WRITE)) + return ERR_PTR(-EPERM); + fh = f.file->private_data; dev = fh->rc; diff --git a/drivers/media/rc/rc-core-priv.h b/drivers/media/rc/rc-core-priv.h index ef1e95e1af7f..7df949fc65e2 100644 --- a/drivers/media/rc/rc-core-priv.h +++ b/drivers/media/rc/rc-core-priv.h @@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, struct ir_raw_event ev); void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc); int lirc_register(struct rc_dev *dev); void lirc_unregister(struct rc_dev *dev); -struct rc_dev *rc_dev_get_from_fd(int fd); +struct rc_dev *rc_dev_get_from_fd(int fd, bool write); #else static inline int lirc_dev_init(void) { return 0; } static inline void lirc_dev_exit(void) {}

1 year, 7 months

1
0
0 0

stable backport request

by Ard Biesheuvel

Please backport b3810c5a2cc4a6665f7a65bed5393c75ce3f3aa2 x86/efistub: Clear decompressor BSS in native EFI entrypoint to stable kernels v6.1 and newer. Thanks, Ard.

1 year, 7 months

2
1
0 0

backport 'regmap: Add missing map->bus check'

by Mahmoud Adam

Hi, This commit needs to be backported to 5.4, 5.10, 5.15, it fixes possible null deference from the following commit 'regmap: Add bulk read/write callbacks into regmap_config' which was backported to these kernels in the latest released versions (v5.15.152, v5.10.213, v5.4.272). Commit 5c422f0b970d287efa864b8390a02face404db5d upstream. Thanks, MNAdam

1 year, 7 months

2
1
0 0

[PATCH] qcom: clk: clk-alpha-pll: fix rate setting for Stromer PLLs

by Gabor Juhos

The clk_alpha_pll_stromer_set_rate() function writes inproper values into the ALPHA_VAL{,_U} registers which results in wrong clock rates when the alpha value is used. The broken behaviour can be seen on IPQ5018 for example, when dynamic scaling sets the CPU frequency to 800000 KHz. In this case the CPU cores are running only at 792031 KHz: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 792031 This happens because the function ignores the fact that the alpha value calculated by the alpha_pll_round_rate() function is only 32 bits wide which must be extended to 40 bits if it is used on a hardware which supports 40 bits wide values. Extend the clk_alpha_pll_stromer_set_rate() function to convert the alpha value to 40 bits before wrinting that into the registers in order to ensure that the hardware really uses the requested rate. After the change the CPU frequency is correct: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 800000 Cc: stable(a)vger.kernel.org Fixes: e47a4f55f240 ("clk: qcom: clk-alpha-pll: Add support for Stromer PLLs") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Based on v6.8. --- Based on v6.8. Depends on the following patch: https://lore.kernel.org/r/20240315-apss-ipq-pll-ipq5018-hang-v2-1-6fe30ada2… --- drivers/clk/qcom/clk-alpha-pll.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 05898d2a8b22c..4f5dba44411f6 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -2474,6 +2474,10 @@ static int clk_alpha_pll_stromer_set_rate(struct clk_hw *hw, unsigned long rate, rate = alpha_pll_round_rate(rate, prate, &l, &a, ALPHA_REG_BITWIDTH); regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + + if (ALPHA_REG_BITWIDTH > ALPHA_BITWIDTH) + a <<= ALPHA_REG_BITWIDTH - ALPHA_BITWIDTH; + regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL_U(pll), a >> ALPHA_BITWIDTH); --- base-commit: 97483adf4c6181df2f3d8fe7c2aa057443298080 change-id: 20240324-alpha-pll-fix-stromer-set-rate-472376e624f0 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 7 months

1
0
0 0

[PATCH AUTOSEL 4.19 1/2] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index e3d1673b8ec97..ef9bcfeec21ad 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
1
0 0

[PATCH AUTOSEL 5.4 1/3] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index e3d1673b8ec97..ef9bcfeec21ad 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
2
0 0

[PATCH AUTOSEL 5.10 1/2] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index e3d1673b8ec97..ef9bcfeec21ad 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index 1e9c520411f84..5800cb065ca58 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
1
0 0

[PATCH AUTOSEL 6.1 1/7] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index 9925cfe571595..17c7d76770a0a 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
6
0 0

[PATCH AUTOSEL 6.6 01/11] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index edb94e55de8e5..7b2a07a31e463 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
10
0 0

[PATCH AUTOSEL 6.7 01/11] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index 725981474e5f9..ff22f39710106 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
10
0 0

[PATCH AUTOSEL 6.8 01/11] sysv: don't call sb_bread() with pointers_lock held

by Sasha Levin

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> [ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ] syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f(a)syzkaller.appspotmail.com> Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKUR… Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/sysv/itree.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c index 410ab2a44d2f6..19bcb51a22036 100644 --- a/fs/sysv/itree.c +++ b/fs/sysv/itree.c @@ -83,9 +83,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh) return (sysv_zone_t*)((char*)bh->b_data + bh->b_size); } -/* - * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock) - */ static Indirect *get_branch(struct inode *inode, int depth, int offsets[], @@ -105,15 +102,18 @@ static Indirect *get_branch(struct inode *inode, bh = sb_bread(sb, block); if (!bh) goto failure; + read_lock(&pointers_lock); if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets); + read_unlock(&pointers_lock); if (!p->key) goto no_block; } return NULL; changed: + read_unlock(&pointers_lock); brelse(bh); *err = -EAGAIN; goto no_block; @@ -219,9 +219,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b goto out; reread: - read_lock(&pointers_lock); partial = get_branch(inode, depth, offsets, chain, &err); - read_unlock(&pointers_lock); /* Simplest case - block found, no allocation needed */ if (!partial) { @@ -291,9 +289,9 @@ static Indirect *find_shared(struct inode *inode, *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; + partial = get_branch(inode, k, offsets, chain, &err); write_lock(&pointers_lock); - partial = get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; /* -- 2.43.0

1 year, 7 months

1
10
0 0

Please apply these to 6.8, 6.7, 6.6, 6.1, and 5.15 stable

by arinc.unal＠arinc9.com

Hi. Please apply these patches in this order. They fully resolve the issues with link-local frames on the switches the MT7530 DSA subdriver controls. The commits apply to all stable trees as is. To 5.15: 8332cf6fd7c7 net: dsa: mt7530: fix handling of LLDP frames e94b590abfff net: dsa: mt7530: fix handling of 802.1X PAE frames e8bf353577f3 net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports 69ddba9d170b net: dsa: mt7530: fix handling of all link-local frames To 6.8, 6.7, 6.6, 6.1: e8bf353577f3 net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports 69ddba9d170b net: dsa: mt7530: fix handling of all link-local frames Arınç

1 year, 7 months

1
0
0 0

[PATCH] speakup: Avoid crash on very long word

by Samuel Thibault

In case a console is set up really large and contains a really long word (> 256 characters), we have to stop before the length of the word buffer. Signed-off-by: Samuel Thibault <samuel.thibault(a)ens-lyon.org> Fixes: c6e3fd22cd538 ("Staging: add speakup to the staging directory") Cc: stable(a)vger.kernel.org --- drivers/accessibility/speakup/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/accessibility/speakup/main.c b/drivers/accessibility/speakup/main.c index 1fbc9b921c4f..736c2eb8c0f3 100644 --- a/drivers/accessibility/speakup/main.c +++ b/drivers/accessibility/speakup/main.c @@ -574,7 +574,7 @@ static u_long get_word(struct vc_data *vc) } attr_ch = get_char(vc, (u_short *)tmp_pos, &spk_attr); buf[cnt++] = attr_ch; - while (tmpx < vc->vc_cols - 1) { + while (tmpx < vc->vc_cols - 1 && cnt < sizeof(buf) - 1) { tmp_pos += 2; tmpx++; ch = get_char(vc, (u_short *)tmp_pos, &temp); -- 2.43.0

1 year, 7 months

1
0
0 0

Re: Patch "wifi: wilc1000: revert reset line logic flip" has been added to the 6.1-stable tree

by Alexis Lothoré

Hello, On 3/22/24 19:17, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > wifi: wilc1000: revert reset line logic flip > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > wifi-wilc1000-revert-reset-line-logic-flip.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This patch is expected to introduce a breakage on platforms using a wrong device tree description. After discussing this consequence with wireless and DT people (see this patch RFC in [1]), it has been decided that this is tolerable. However, despite the Fixes tag I have put in the patch, I am not sure it is OK to also introduce this breakage for people just updating their stable kernels ? My opinion here is that they should get this break only when updating to a new kernel release, not stable, so I _would_ keep this patch out of stable trees (currently applied to 6.1, 6.6, 6.7 and 6.8, if I have followed correctly). Thanks, Alexis [1] https://lore.kernel.org/all/20240213-wilc_1000_reset_line-v1-1-e01da2b23fed… -- Alexis Lothoré, Bootlin Embedded Linux and Kernel engineering https://bootlin.com

1 year, 7 months

2
1
0 0

[PATCH v2] efi: fix panic in kdump kernel

by Oleksandr Tymoshenko

Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware. Fixes: bad267f9e18f ("efi: verify that variable services are supported") Cc: stable(a)vger.kernel.org Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- Changes in v2: - Style fix - Added Cc: stable - Added Fixes: trailer --- drivers/firmware/efi/efi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 8859fb0b006d..fdf07dd6f459 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -203,6 +203,8 @@ static bool generic_ops_supported(void) name_size = sizeof(name); + if (!efi.get_next_variable) + return false; status = efi.get_next_variable(&name_size, &name, &guid); if (status == EFI_UNSUPPORTED) return false; -- 2.44.0.396.g6e790dbe36-goog

1 year, 7 months

2
1
0 0

[PATCH v2 3/7] drm/xe: Make TLB invalidation fences unordered

by Thomas Hellström

They can actually complete out-of-order, so allocate a unique fence context for each fence. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 1 - drivers/gpu/drm/xe/xe_gt_types.h | 7 ------- drivers/gpu/drm/xe/xe_pt.c | 3 +-- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index 25b4111097bc..93df2d7969b3 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -63,7 +63,6 @@ int xe_gt_tlb_invalidation_init(struct xe_gt *gt) INIT_LIST_HEAD(&gt->tlb_invalidation.pending_fences); spin_lock_init(&gt->tlb_invalidation.pending_lock); spin_lock_init(&gt->tlb_invalidation.lock); - gt->tlb_invalidation.fence_context = dma_fence_context_alloc(1); INIT_DELAYED_WORK(&gt->tlb_invalidation.fence_tdr, xe_gt_tlb_fence_timeout); diff --git a/drivers/gpu/drm/xe/xe_gt_types.h b/drivers/gpu/drm/xe/xe_gt_types.h index f6da2ad9719f..2143dffcaf11 100644 --- a/drivers/gpu/drm/xe/xe_gt_types.h +++ b/drivers/gpu/drm/xe/xe_gt_types.h @@ -179,13 +179,6 @@ struct xe_gt { * xe_gt_tlb_fence_timeout after the timeut interval is over. */ struct delayed_work fence_tdr; - /** @tlb_invalidation.fence_context: context for TLB invalidation fences */ - u64 fence_context; - /** - * @tlb_invalidation.fence_seqno: seqno to TLB invalidation fences, protected by - * tlb_invalidation.lock - */ - u32 fence_seqno; /** @tlb_invalidation.lock: protects TLB invalidation fences */ spinlock_t lock; } tlb_invalidation; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 632c1919471d..d1b999dbc906 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1135,8 +1135,7 @@ static int invalidation_fence_init(struct xe_gt *gt, spin_lock_irq(&gt->tlb_invalidation.lock); dma_fence_init(&ifence->base.base, &invalidation_fence_ops, &gt->tlb_invalidation.lock, - gt->tlb_invalidation.fence_context, - ++gt->tlb_invalidation.fence_seqno); + dma_fence_context_alloc(1), 1); spin_unlock_irq(&gt->tlb_invalidation.lock); INIT_LIST_HEAD(&ifence->base.link); -- 2.44.0

1 year, 7 months

2
1
0 0

[PATCH 3/7] drm/xe: Make TLB invalidation fences unordered

by Thomas Hellström

They can actually complete out-of-order, so allocate a unique fence context for each fence. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 1 - drivers/gpu/drm/xe/xe_gt_types.h | 7 ------- drivers/gpu/drm/xe/xe_pt.c | 3 +-- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index a3c4ffba679d..787cba5e49a1 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -63,7 +63,6 @@ int xe_gt_tlb_invalidation_init(struct xe_gt *gt) INIT_LIST_HEAD(&gt->tlb_invalidation.pending_fences); spin_lock_init(&gt->tlb_invalidation.pending_lock); spin_lock_init(&gt->tlb_invalidation.lock); - gt->tlb_invalidation.fence_context = dma_fence_context_alloc(1); INIT_DELAYED_WORK(&gt->tlb_invalidation.fence_tdr, xe_gt_tlb_fence_timeout); diff --git a/drivers/gpu/drm/xe/xe_gt_types.h b/drivers/gpu/drm/xe/xe_gt_types.h index f6da2ad9719f..2143dffcaf11 100644 --- a/drivers/gpu/drm/xe/xe_gt_types.h +++ b/drivers/gpu/drm/xe/xe_gt_types.h @@ -179,13 +179,6 @@ struct xe_gt { * xe_gt_tlb_fence_timeout after the timeut interval is over. */ struct delayed_work fence_tdr; - /** @tlb_invalidation.fence_context: context for TLB invalidation fences */ - u64 fence_context; - /** - * @tlb_invalidation.fence_seqno: seqno to TLB invalidation fences, protected by - * tlb_invalidation.lock - */ - u32 fence_seqno; /** @tlb_invalidation.lock: protects TLB invalidation fences */ spinlock_t lock; } tlb_invalidation; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 0484ed5b495f..045a8c0845ba 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1135,8 +1135,7 @@ static int invalidation_fence_init(struct xe_gt *gt, spin_lock_irq(&gt->tlb_invalidation.lock); dma_fence_init(&ifence->base.base, &invalidation_fence_ops, &gt->tlb_invalidation.lock, - gt->tlb_invalidation.fence_context, - ++gt->tlb_invalidation.fence_seqno); + dma_fence_context_alloc(1), 1); spin_unlock_irq(&gt->tlb_invalidation.lock); INIT_LIST_HEAD(&ifence->base.link); -- 2.44.0

1 year, 7 months

2
1
0 0

[PATCH v2 1/7] drm/xe: Use ring ops TLB invalidation for rebinds

by Thomas Hellström

For each rebind we insert a GuC TLB invalidation and add a corresponding unordered TLB invalidation fence. This might add a huge number of TLB invalidation fences to wait for so rather than doing that, defer the TLB invalidation to the next ring ops for each affected exec queue. Since the TLB is invalidated on exec_queue switch, we need to invalidate once for each affected exec_queue. v2: - Simplify if-statements around the tlb_flush_seqno. (Matthew Brost) - Add some comments and asserts. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_exec_queue_types.h | 5 +++++ drivers/gpu/drm/xe/xe_pt.c | 6 ++++-- drivers/gpu/drm/xe/xe_ring_ops.c | 11 ++++------- drivers/gpu/drm/xe/xe_sched_job.c | 10 ++++++++++ drivers/gpu/drm/xe/xe_sched_job_types.h | 2 ++ drivers/gpu/drm/xe/xe_vm_types.h | 5 +++++ 6 files changed, 30 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec_queue_types.h b/drivers/gpu/drm/xe/xe_exec_queue_types.h index 62b3d9d1d7cd..462b33195032 100644 --- a/drivers/gpu/drm/xe/xe_exec_queue_types.h +++ b/drivers/gpu/drm/xe/xe_exec_queue_types.h @@ -148,6 +148,11 @@ struct xe_exec_queue { const struct xe_ring_ops *ring_ops; /** @entity: DRM sched entity for this exec queue (1 to 1 relationship) */ struct drm_sched_entity *entity; + /** + * @tlb_flush_seqno: The seqno of the last rebind tlb flush performed + * Protected by @vm's resv. Unused if @vm == NULL. + */ + u64 tlb_flush_seqno; /** @lrc: logical ring context for this exec queue */ struct xe_lrc lrc[]; }; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 8d3922d2206e..37117752cfc9 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1254,11 +1254,13 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue * non-faulting LR, in particular on user-space batch buffer chaining, * it needs to be done here. */ - if ((rebind && !xe_vm_in_lr_mode(vm) && !vm->batch_invalidate_tlb) || - (!rebind && xe_vm_has_scratch(vm) && xe_vm_in_preempt_fence_mode(vm))) { + if ((!rebind && xe_vm_has_scratch(vm) && xe_vm_in_preempt_fence_mode(vm))) { ifence = kzalloc(sizeof(*ifence), GFP_KERNEL); if (!ifence) return ERR_PTR(-ENOMEM); + } else if (rebind && !xe_vm_in_lr_mode(vm)) { + /* We bump also if batch_invalidate_tlb is true */ + vm->tlb_flush_seqno++; } rfence = kzalloc(sizeof(*rfence), GFP_KERNEL); diff --git a/drivers/gpu/drm/xe/xe_ring_ops.c b/drivers/gpu/drm/xe/xe_ring_ops.c index c4edffcd4a32..5b2b37b59813 100644 --- a/drivers/gpu/drm/xe/xe_ring_ops.c +++ b/drivers/gpu/drm/xe/xe_ring_ops.c @@ -219,10 +219,9 @@ static void __emit_job_gen12_simple(struct xe_sched_job *job, struct xe_lrc *lrc { u32 dw[MAX_JOB_SIZE_DW], i = 0; u32 ppgtt_flag = get_ppgtt_flag(job); - struct xe_vm *vm = job->q->vm; struct xe_gt *gt = job->q->gt; - if (vm && vm->batch_invalidate_tlb) { + if (job->ring_ops_flush_tlb) { dw[i++] = preparser_disable(true); i = emit_flush_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, true, dw, i); @@ -270,7 +269,6 @@ static void __emit_job_gen12_video(struct xe_sched_job *job, struct xe_lrc *lrc, struct xe_gt *gt = job->q->gt; struct xe_device *xe = gt_to_xe(gt); bool decode = job->q->class == XE_ENGINE_CLASS_VIDEO_DECODE; - struct xe_vm *vm = job->q->vm; dw[i++] = preparser_disable(true); @@ -282,13 +280,13 @@ static void __emit_job_gen12_video(struct xe_sched_job *job, struct xe_lrc *lrc, i = emit_aux_table_inv(gt, VE0_AUX_INV, dw, i); } - if (vm && vm->batch_invalidate_tlb) + if (job->ring_ops_flush_tlb) i = emit_flush_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, true, dw, i); dw[i++] = preparser_disable(false); - if (!vm || !vm->batch_invalidate_tlb) + if (!job->ring_ops_flush_tlb) i = emit_store_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, dw, i); @@ -317,7 +315,6 @@ static void __emit_job_gen12_render_compute(struct xe_sched_job *job, struct xe_gt *gt = job->q->gt; struct xe_device *xe = gt_to_xe(gt); bool lacks_render = !(gt->info.engine_mask & XE_HW_ENGINE_RCS_MASK); - struct xe_vm *vm = job->q->vm; u32 mask_flags = 0; dw[i++] = preparser_disable(true); @@ -327,7 +324,7 @@ static void __emit_job_gen12_render_compute(struct xe_sched_job *job, mask_flags = PIPE_CONTROL_3D_ENGINE_FLAGS; /* See __xe_pt_bind_vma() for a discussion on TLB invalidations. */ - i = emit_pipe_invalidate(mask_flags, vm && vm->batch_invalidate_tlb, dw, i); + i = emit_pipe_invalidate(mask_flags, job->ring_ops_flush_tlb, dw, i); /* hsdes: 1809175790 */ if (has_aux_ccs(xe)) diff --git a/drivers/gpu/drm/xe/xe_sched_job.c b/drivers/gpu/drm/xe/xe_sched_job.c index 8151ddafb940..b0c7fa4693cf 100644 --- a/drivers/gpu/drm/xe/xe_sched_job.c +++ b/drivers/gpu/drm/xe/xe_sched_job.c @@ -250,6 +250,16 @@ bool xe_sched_job_completed(struct xe_sched_job *job) void xe_sched_job_arm(struct xe_sched_job *job) { + struct xe_exec_queue *q = job->q; + struct xe_vm *vm = q->vm; + + if (vm && !xe_sched_job_is_migration(q) && !xe_vm_in_lr_mode(vm) && + (vm->batch_invalidate_tlb || vm->tlb_flush_seqno != q->tlb_flush_seqno)) { + xe_vm_assert_held(vm); + q->tlb_flush_seqno = vm->tlb_flush_seqno; + job->ring_ops_flush_tlb = true; + } + drm_sched_job_arm(&job->drm); } diff --git a/drivers/gpu/drm/xe/xe_sched_job_types.h b/drivers/gpu/drm/xe/xe_sched_job_types.h index b1d83da50a53..5e12724219fd 100644 --- a/drivers/gpu/drm/xe/xe_sched_job_types.h +++ b/drivers/gpu/drm/xe/xe_sched_job_types.h @@ -39,6 +39,8 @@ struct xe_sched_job { } user_fence; /** @migrate_flush_flags: Additional flush flags for migration jobs */ u32 migrate_flush_flags; + /** @ring_ops_flush_tlb: The ring ops need to flush TLB before payload. */ + bool ring_ops_flush_tlb; /** @batch_addr: batch buffer address of job */ u64 batch_addr[]; }; diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index ae5fb565f6bf..5747f136d24d 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -264,6 +264,11 @@ struct xe_vm { bool capture_once; } error_capture; + /** + * @tlb_flush_seqno: Required TLB flush seqno for the next exec. + * protected by the vm resv. + */ + u64 tlb_flush_seqno; /** @batch_invalidate_tlb: Always invalidate TLB before batch start */ bool batch_invalidate_tlb; /** @xef: XE file handle for tracking this VM's drm client */ -- 2.44.0

1 year, 7 months

2
1
0 0

[PATCH] mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion

by Johannes Weiner

Kent forwards this bug report of zswap re-entering the block layer from an IO request allocation and locking up: [10264.128242] sysrq: Show Blocked State [10264.128268] task:kworker/20:0H state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000 [10264.128271] Workqueue: bcachefs_io btree_write_submit [bcachefs] [10264.128295] Call Trace: [10264.128295] <TASK> [10264.128297] __schedule+0x3e6/0x1520 [10264.128303] schedule+0x32/0xd0 [10264.128304] schedule_timeout+0x98/0x160 [10264.128308] io_schedule_timeout+0x50/0x80 [10264.128309] wait_for_completion_io_timeout+0x7f/0x180 [10264.128310] submit_bio_wait+0x78/0xb0 [10264.128313] swap_writepage_bdev_sync+0xf6/0x150 [10264.128317] zswap_writeback_entry+0xf2/0x180 [10264.128319] shrink_memcg_cb+0xe7/0x2f0 [10264.128322] __list_lru_walk_one+0xb9/0x1d0 [10264.128325] list_lru_walk_one+0x5d/0x90 [10264.128326] zswap_shrinker_scan+0xc4/0x130 [10264.128327] do_shrink_slab+0x13f/0x360 [10264.128328] shrink_slab+0x28e/0x3c0 [10264.128329] shrink_one+0x123/0x1b0 [10264.128331] shrink_node+0x97e/0xbc0 [10264.128332] do_try_to_free_pages+0xe7/0x5b0 [10264.128333] try_to_free_pages+0xe1/0x200 [10264.128334] __alloc_pages_slowpath.constprop.0+0x343/0xde0 [10264.128337] __alloc_pages+0x32d/0x350 [10264.128338] allocate_slab+0x400/0x460 [10264.128339] ___slab_alloc+0x40d/0xa40 [10264.128345] kmem_cache_alloc+0x2e7/0x330 [10264.128348] mempool_alloc+0x86/0x1b0 [10264.128349] bio_alloc_bioset+0x200/0x4f0 [10264.128352] bio_alloc_clone+0x23/0x60 [10264.128354] alloc_io+0x26/0xf0 [dm_mod 7e9e6b44df4927f93fb3e4b5c782767396f58382] [10264.128361] dm_submit_bio+0xb8/0x580 [dm_mod 7e9e6b44df4927f93fb3e4b5c782767396f58382] [10264.128366] __submit_bio+0xb0/0x170 [10264.128367] submit_bio_noacct_nocheck+0x159/0x370 [10264.128368] bch2_submit_wbio_replicas+0x21c/0x3a0 [bcachefs 85f1b9a7a824f272eff794653a06dde1a94439f2] [10264.128391] btree_write_submit+0x1cf/0x220 [bcachefs 85f1b9a7a824f272eff794653a06dde1a94439f2] [10264.128406] process_one_work+0x178/0x350 [10264.128408] worker_thread+0x30f/0x450 [10264.128409] kthread+0xe5/0x120 The zswap shrinker resumes the swap_writepage()s that were intercepted by the zswap store. This will enter the block layer, and may even enter the filesystem depending on the swap backing file. Make it respect GFP_NOIO and GFP_NOFS. Link: https://lore.kernel.org/linux-mm/rc4pk2r42oyvjo4dc62z6sovquyllq56i5cdgcaqbd… Reported-by: Kent Overstreet <kent.overstreet(a)linux.dev> Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Cc: stable(a)vger.kernel.org [v6.8] Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> --- mm/zswap.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mm/zswap.c b/mm/zswap.c index b31c977f53e9..535c907345e0 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1303,6 +1303,14 @@ static unsigned long zswap_shrinker_count(struct shrinker *shrinker, if (!zswap_shrinker_enabled || !mem_cgroup_zswap_writeback_enabled(memcg)) return 0; + /* + * The shrinker resumes swap writeback, which will enter block + * and may enter fs. XXX: Harmonize with vmscan.c __GFP_FS + * rules (may_enter_fs()), which apply on a per-folio basis. + */ + if (!gfp_has_io_fs(sc->gfp_mask)) + return 0; + #ifdef CONFIG_MEMCG_KMEM mem_cgroup_flush_stats(memcg); nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; -- 2.44.0

1 year, 7 months

4
3
0 0

[PATCH] exec: fix linux_binprm::exec in transfer_args_to_stack()

by Max Filippov

In NUMMU kernel the value of linux_binprm::p is the offset inside the temporary program arguments array maintained in separate pages in the linux_binprm::page. linux_binprm::exec being a copy of linux_binprm::p thus must be adjusted when that array is copied to the user stack. Without that adjustment the value passed by the NOMMU kernel to the ELF program in the AT_EXECFN entry of the aux array doesn't make any sense and it may break programs that try to access memory pointed to by that entry. Adjust linux_binprm::exec before the successful return from the transfer_args_to_stack(). Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- fs/exec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/exec.c b/fs/exec.c index af4fbb61cd53..5ee2545c3e18 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -895,6 +895,7 @@ int transfer_args_to_stack(struct linux_binprm *bprm, goto out; } + bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE; *sp_location = sp; out: -- 2.39.2

1 year, 7 months

3
7
0 0

[PATCH] drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init

by Maarten Lankhorst

Add a reference to bo after all error paths, to prevent leaking a bo ref. Return 0 to clarify that this is the success path. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/intel_fb_bo.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/xe/display/intel_fb_bo.c b/drivers/gpu/drm/xe/display/intel_fb_bo.c index b21da7b745a5..7262bbca9baf 100644 --- a/drivers/gpu/drm/xe/display/intel_fb_bo.c +++ b/drivers/gpu/drm/xe/display/intel_fb_bo.c @@ -27,8 +27,6 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, struct drm_i915_private *i915 = to_i915(bo->ttm.base.dev); int ret; - xe_bo_get(bo); - ret = ttm_bo_reserve(&bo->ttm, true, false, NULL); if (ret) return ret; @@ -48,7 +46,8 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, } ttm_bo_unreserve(&bo->ttm); - return ret; + xe_bo_get(bo); + return 0; } struct xe_bo *intel_fb_bo_lookup_valid_bo(struct drm_i915_private *i915, -- 2.43.0

1 year, 7 months

3
2
0 0

[PATCH v4 2/4] arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken

by Johan Hovold

Several Qualcomm Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. The boot firmware in SC7180 Trogdor Chromebooks is known to be affected so mark the 'local-bd-address' property as broken to maintain backwards compatibility with older firmware when fixing the underlying driver bug. Note that ChromeOS always updates the kernel and devicetree in lockstep so that there is no need to handle backwards compatibility with older devicetrees. Fixes: 7ec3e67307f8 ("arm64: dts: qcom: sc7180-trogdor: add initial trogdor and lazor dt") Cc: stable(a)vger.kernel.org # 5.10 Cc: Rob Clark <robdclark(a)chromium.org> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi index 46aaeba28604..ebe37678102f 100644 --- a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi @@ -943,6 +943,8 @@ bluetooth: bluetooth { vddrf-supply = <&pp1300_l2c>; vddch0-supply = <&pp3300_l10c>; max-speed = <3200000>; + + qcom,local-bd-address-broken; }; }; -- 2.43.2

1 year, 7 months

2
1
0 0

[PATCH v4] media: ucvideo: Add quirk for Logitech Rally Bar

by Ricardo Ribalda

Logitech Rally Bar devices, despite behaving as UVC cameras, have a different power management system that the other cameras from Logitech. USB_QUIRK_RESET_RESUME is applied to all the UVC cameras from Logitech at the usb core. Unfortunately, USB_QUIRK_RESET_RESUME causes undesired USB disconnects, that make them completely unusable. Instead of creating a list for this family of devices in the core, let's create a quirk in the UVC driver. Fixes: e387ef5c47dd ("usb: Add USB_QUIRK_RESET_RESUME for all Logitech UVC webcams") Cc: stable(a)vger.kernel.org Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Alan Stern <stern(a)rowland.harvard.edu> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Tested with a Rallybar Mini with an Acer Chromebook Spin 513 --- Changes in v4: - Include Logi Rally Bar Huddle (Thanks Kyle!) - Link to v3: https://lore.kernel.org/r/20240102-rallybar-v3-1-0ab197ce4aa2@chromium.org Changes in v3: - Move quirk to uvc driver - Link to v2: https://lore.kernel.org/r/20231222-rallybar-v2-1-5849d62a9514@chromium.org Changes in v2: - Add Fixes tag - Add UVC maintainer as Cc - Link to v1: https://lore.kernel.org/r/20231222-rallybar-v1-1-82b2a4d3106f@chromium.org --- drivers/media/usb/uvc/uvc_driver.c | 30 ++++++++++++++++++++++++++++++ drivers/media/usb/uvc/uvcvideo.h | 1 + 2 files changed, 31 insertions(+) diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index 08fcd2ffa727..9663bcac6843 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -14,6 +14,7 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/usb.h> +#include <linux/usb/quirks.h> #include <linux/usb/uvc.h> #include <linux/videodev2.h> #include <linux/vmalloc.h> @@ -2233,6 +2234,8 @@ static int uvc_probe(struct usb_interface *intf, } uvc_dbg(dev, PROBE, "UVC device initialized\n"); + if (dev->quirks & UVC_QUIRK_FORCE_RESUME) + udev->quirks &= ~USB_QUIRK_RESET_RESUME; usb_enable_autosuspend(udev); return 0; @@ -2574,6 +2577,33 @@ static const struct usb_device_id uvc_ids[] = { .bInterfaceSubClass = 1, .bInterfaceProtocol = 0, .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_RESTORE_CTRLS_ON_INIT) }, + /* Logitech Rally Bar Huddle */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x087c, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, + /* Logitech Rally Bar */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x089b, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, + /* Logitech Rally Bar Mini */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x08d3, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, /* Chicony CNF7129 (Asus EEE 100HE) */ { .match_flags = USB_DEVICE_ID_MATCH_DEVICE | USB_DEVICE_ID_MATCH_INT_INFO, diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 6fb0a78b1b00..fa59a21d2a28 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -73,6 +73,7 @@ #define UVC_QUIRK_FORCE_Y8 0x00000800 #define UVC_QUIRK_FORCE_BPP 0x00001000 #define UVC_QUIRK_WAKE_AUTOSUSPEND 0x00002000 +#define UVC_QUIRK_FORCE_RESUME 0x00004000 /* Format flags */ #define UVC_FMT_FLAG_COMPRESSED 0x00000001 --- base-commit: c0f65a7c112b3cfa691cead54bcf24d6cc2182b5 change-id: 20231222-rallybar-19ce0c64d5e6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 7 months

6
10
0 0

[PATCH] gpio: cdev: sanitize the label before requesting the interrupt

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> When an interrupt is requested, a procfs directory is created under "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of the request_irq() variants. What follows is that the string must not contain the "/" character or the procfs mkdir operation will fail. We don't have such constraints for GPIO consumer labels which are used verbatim as interrupt labels for GPIO irqs. We must therefore sanitize the consumer string before requesting the interrupt. Let's replace all "/" with "-". Cc: stable(a)vger.kernel.org Reported-by: Stefan Wahren <wahrenst(a)gmx.net> Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- drivers/gpio/gpiolib-cdev.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f384fa278764..8b5e8e92cbb5 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1083,10 +1083,20 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', '-', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + static void edge_detector_stop(struct line *line) { if (line->irq) { - free_irq(line->irq, line); + free_irq_label(free_irq(line->irq, line)); line->irq = 0; } @@ -1110,6 +1120,7 @@ static int edge_detector_setup(struct line *line, unsigned long irqflags = 0; u64 eflags; int irq, ret; + char *label; eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; if (eflags && !kfifo_initialized(&line->req->events)) { @@ -1146,11 +1157,17 @@ static int edge_detector_setup(struct line *line, IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; irqflags |= IRQF_ONESHOT; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, - irqflags, line->req->label, line); - if (ret) + irqflags, label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; return 0; @@ -1973,7 +1990,7 @@ static void lineevent_free(struct lineevent_state *le) blocking_notifier_chain_unregister(&le->gdev->device_notifier, &le->device_unregistered_nb); if (le->irq) - free_irq(le->irq, le); + free_irq_label(free_irq(le->irq, le)); if (le->desc) gpiod_free(le->desc); kfree(le->label); @@ -2114,6 +2131,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) int fd; int ret; int irq, irqflags = 0; + char *label; if (copy_from_user(&eventreq, ip, sizeof(eventreq))) return -EFAULT; @@ -2198,12 +2216,16 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + label = make_irq_label(le->label); + if (!label) + goto out_free_le; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, - le->label, + label, le); if (ret) goto out_free_le; -- 2.40.1

1 year, 7 months

3
5
0 0

[PATCH v2] gpio: cdev: sanitize the label before requesting the interrupt

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> When an interrupt is requested, a procfs directory is created under "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of the request_irq() variants. What follows is that the string must not contain the "/" character or the procfs mkdir operation will fail. We don't have such constraints for GPIO consumer labels which are used verbatim as interrupt labels for GPIO irqs. We must therefore sanitize the consumer string before requesting the interrupt. Let's replace all "/" with ":". Cc: stable(a)vger.kernel.org Reported-by: Stefan Wahren <wahrenst(a)gmx.net> Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- v1 -> v2: - use ':' as the delimiter instead of '-' - return -ENOMEM if creating the label fails drivers/gpio/gpiolib-cdev.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f384fa278764..7a102ebac428 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1083,10 +1083,20 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + static void edge_detector_stop(struct line *line) { if (line->irq) { - free_irq(line->irq, line); + free_irq_label(free_irq(line->irq, line)); line->irq = 0; } @@ -1110,6 +1120,7 @@ static int edge_detector_setup(struct line *line, unsigned long irqflags = 0; u64 eflags; int irq, ret; + char *label; eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; if (eflags && !kfifo_initialized(&line->req->events)) { @@ -1146,11 +1157,17 @@ static int edge_detector_setup(struct line *line, IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; irqflags |= IRQF_ONESHOT; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, - irqflags, line->req->label, line); - if (ret) + irqflags, label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; return 0; @@ -1973,7 +1990,7 @@ static void lineevent_free(struct lineevent_state *le) blocking_notifier_chain_unregister(&le->gdev->device_notifier, &le->device_unregistered_nb); if (le->irq) - free_irq(le->irq, le); + free_irq_label(free_irq(le->irq, le)); if (le->desc) gpiod_free(le->desc); kfree(le->label); @@ -2114,6 +2131,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) int fd; int ret; int irq, irqflags = 0; + char *label; if (copy_from_user(&eventreq, ip, sizeof(eventreq))) return -EFAULT; @@ -2198,12 +2216,18 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + label = make_irq_label(le->label); + if (!label) { + ret = -ENOMEM; + goto out_free_le; + } + /* Request a thread to read the events */ ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, - le->label, + label, le); if (ret) goto out_free_le; -- 2.40.1

1 year, 7 months

2
3
0 0

[PATCH] x86/pm: Fix false positive kmemleak report in msr_build_context().

by Anton Altaparmakov

Since 7ee18d677989 ("x86/power: Make restore_processor_context() sane") kmemleak reports this issue: unreferenced object 0xf68241e0 (size 32): comm "swapper/0", pid 1, jiffies 4294668610 (age 68.432s) hex dump (first 32 bytes): 00 cc cc cc 29 10 01 c0 00 00 00 00 00 00 00 00 ....)........... 00 42 82 f6 cc cc cc cc cc cc cc cc cc cc cc cc .B.............. backtrace: [<461c1d50>] __kmem_cache_alloc_node+0x106/0x260 [<ea65e13b>] __kmalloc+0x54/0x160 [<c3858cd2>] msr_build_context.constprop.0+0x35/0x100 [<46635aff>] pm_check_save_msr+0x63/0x80 [<6b6bb938>] do_one_initcall+0x41/0x1f0 [<3f3add60>] kernel_init_freeable+0x199/0x1e8 [<3b538fde>] kernel_init+0x1a/0x110 [<938ae2b2>] ret_from_fork+0x1c/0x28 Reproducer: - Run rsync of whole kernel tree (multiple times if needed). - start a kmemleak scan - Note this is just an example: a lot of our internal tests hit these. The root cause is we expect the same as the equivalent fix in commit b0b592cf0836, i.e. the alignment within the packed struct saved_context which has everything unaligned as there is only "u16 gs;" at start of struct where in the past there were four u16 there thus aligning everything afterwards. The issue is with the fact that Kmemleak only searches for pointers that are aligned (see how pointers are scanned in kmemleak.c) so when the struct members are not aligned it doesn't see them. Note we have picked this up on 5.4, 6.1 and 6.6 kernels but we expect it is the same on all kernels >= 4.15 as the commit 7ee18d677989 which changed from having four u16 to a single u16 at the start of the struct was introduced in 4.15. Fixes: 7ee18d677989 ("x86/power: Make restore_processor_context() sane") Signed-off-by: Anton Altaparmakov <anton(a)tuxera.com> Cc: stable(a)vger.kernel.org --- arch/x86/include/asm/suspend_32.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/suspend_32.h b/arch/x86/include/asm/suspend_32.h index a800abb1a992..d8416b3bf832 100644 --- a/arch/x86/include/asm/suspend_32.h +++ b/arch/x86/include/asm/suspend_32.h @@ -12,11 +12,6 @@ /* image of the saved processor state */ struct saved_context { - /* - * On x86_32, all segment registers except gs are saved at kernel - * entry in pt_regs. - */ - u16 gs; unsigned long cr0, cr2, cr3, cr4; u64 misc_enable; struct saved_msrs saved_msrs; @@ -27,6 +22,11 @@ struct saved_context { unsigned long tr; unsigned long safety; unsigned long return_address; + /* + * On x86_32, all segment registers except gs are saved at kernel + * entry in pt_regs. + */ + u16 gs; bool misc_enable_saved; } __attribute__((packed)); -- 2.39.3 (Apple Git-146)

1 year, 7 months

5
7
0 0

[PATCH v1] usb: typec: Return size of buffer if pd_set operation succeeds

by Kyle Tso

The attribute writing should return the number of bytes used from the buffer on success. Fixes: a7cff92f0635 ("usb: typec: USB Power Delivery helpers for ports and partners") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/typec/class.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/class.c b/drivers/usb/typec/class.c index 389c7f0b8d93..9610e647a8d4 100644 --- a/drivers/usb/typec/class.c +++ b/drivers/usb/typec/class.c @@ -1310,6 +1310,7 @@ static ssize_t select_usb_power_delivery_store(struct device *dev, { struct typec_port *port = to_typec_port(dev); struct usb_power_delivery *pd; + int ret; if (!port->ops || !port->ops->pd_set) return -EOPNOTSUPP; @@ -1318,7 +1319,11 @@ static ssize_t select_usb_power_delivery_store(struct device *dev, if (!pd) return -EINVAL; - return port->ops->pd_set(port, pd); + ret = port->ops->pd_set(port, pd); + if (ret) + return ret; + + return size; } static ssize_t select_usb_power_delivery_show(struct device *dev, -- 2.44.0.291.gc1ea87d7ee-goog

1 year, 7 months

3
2
0 0

[PATCH v2 2/7] drm/xe: Rework rebinding

by Thomas Hellström

Instead of handling the vm's rebind fence separately, which is error prone if they are not strictly ordered, attach rebind fences as kernel fences to the vm's resv. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 31 +++---------------------------- drivers/gpu/drm/xe/xe_pt.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 27 +++++++++------------------ drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 3 --- 5 files changed, 14 insertions(+), 51 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 7692ebfe7d47..759497d4a102 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -152,7 +152,6 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) struct drm_exec *exec = &vm_exec.exec; u32 i, num_syncs = 0, num_ufence = 0; struct xe_sched_job *job; - struct dma_fence *rebind_fence; struct xe_vm *vm; bool write_locked, skip_retry = false; ktime_t end = 0; @@ -294,35 +293,11 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) * Rebind any invalidated userptr or evicted BOs in the VM, non-compute * VM mode only. */ - rebind_fence = xe_vm_rebind(vm, false); - if (IS_ERR(rebind_fence)) { - err = PTR_ERR(rebind_fence); + err = xe_vm_rebind(vm, false); + if (err) goto err_put_job; - } - - /* - * We store the rebind_fence in the VM so subsequent execs don't get - * scheduled before the rebinds of userptrs / evicted BOs is complete. - */ - if (rebind_fence) { - dma_fence_put(vm->rebind_fence); - vm->rebind_fence = rebind_fence; - } - if (vm->rebind_fence) { - if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, - &vm->rebind_fence->flags)) { - dma_fence_put(vm->rebind_fence); - vm->rebind_fence = NULL; - } else { - dma_fence_get(vm->rebind_fence); - err = drm_sched_job_add_dependency(&job->drm, - vm->rebind_fence); - if (err) - goto err_put_job; - } - } - /* Wait behind munmap style rebinds */ + /* Wait behind rebinds */ if (!xe_vm_in_lr_mode(vm)) { err = drm_sched_job_add_resv_dependencies(&job->drm, xe_vm_resv(vm), diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 37117752cfc9..632c1919471d 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1299,7 +1299,7 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue } /* add shared fence now for pagetable delayed destroy */ - dma_resv_add_fence(xe_vm_resv(vm), fence, !rebind && + dma_resv_add_fence(xe_vm_resv(vm), fence, rebind || last_munmap_rebind ? DMA_RESV_USAGE_KERNEL : DMA_RESV_USAGE_BOOKKEEP); diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index e3692b7e1711..4cf49437bcd8 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -522,7 +522,6 @@ static void preempt_rebind_work_func(struct work_struct *w) { struct xe_vm *vm = container_of(w, struct xe_vm, preempt.rebind_work); struct drm_exec exec; - struct dma_fence *rebind_fence; unsigned int fence_count = 0; LIST_HEAD(preempt_fences); ktime_t end = 0; @@ -568,18 +567,11 @@ static void preempt_rebind_work_func(struct work_struct *w) if (err) goto out_unlock; - rebind_fence = xe_vm_rebind(vm, true); - if (IS_ERR(rebind_fence)) { - err = PTR_ERR(rebind_fence); + err = xe_vm_rebind(vm, true); + if (err) goto out_unlock; - } - - if (rebind_fence) { - dma_fence_wait(rebind_fence, false); - dma_fence_put(rebind_fence); - } - /* Wait on munmap style VM unbinds */ + /* Wait on rebinds and munmap style VM unbinds */ wait = dma_resv_wait_timeout(xe_vm_resv(vm), DMA_RESV_USAGE_KERNEL, false, MAX_SCHEDULE_TIMEOUT); @@ -777,14 +769,14 @@ xe_vm_bind_vma(struct xe_vma *vma, struct xe_exec_queue *q, struct xe_sync_entry *syncs, u32 num_syncs, bool first_op, bool last_op); -struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) +int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) { - struct dma_fence *fence = NULL; + struct dma_fence *fence; struct xe_vma *vma, *next; lockdep_assert_held(&vm->lock); if (xe_vm_in_lr_mode(vm) && !rebind_worker) - return NULL; + return 0; xe_vm_assert_held(vm); list_for_each_entry_safe(vma, next, &vm->rebind_list, @@ -792,17 +784,17 @@ struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) xe_assert(vm->xe, vma->tile_present); list_del_init(&vma->combined_links.rebind); - dma_fence_put(fence); if (rebind_worker) trace_xe_vma_rebind_worker(vma); else trace_xe_vma_rebind_exec(vma); fence = xe_vm_bind_vma(vma, NULL, NULL, 0, false, false); if (IS_ERR(fence)) - return fence; + return PTR_ERR(fence); + dma_fence_put(fence); } - return fence; + return 0; } static void xe_vma_free(struct xe_vma *vma) @@ -1592,7 +1584,6 @@ static void vm_destroy_work_func(struct work_struct *w) XE_WARN_ON(vm->pt_root[id]); trace_xe_vm_free(vm); - dma_fence_put(vm->rebind_fence); kfree(vm); } diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index 6df1f1c7f85d..4853354336f2 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -207,7 +207,7 @@ int __xe_vm_userptr_needs_repin(struct xe_vm *vm); int xe_vm_userptr_check_repin(struct xe_vm *vm); -struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); +int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); int xe_vm_invalidate_vma(struct xe_vma *vma); diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index 5747f136d24d..badf3945083d 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -177,9 +177,6 @@ struct xe_vm { */ struct list_head rebind_list; - /** @rebind_fence: rebind fence from execbuf */ - struct dma_fence *rebind_fence; - /** * @destroy_work: worker to destroy VM, needed as a dma_fence signaling * from an irq context can be last put and the destroy needs to be able -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH v2] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util

by Ye Zhang

The issue occurs when the devfreq cooling device uses the EM power model and the get_real_power() callback is provided by the driver. The EM power table is sorted ascending，can't index the table by cooling device state，so convert cooling state to performance state by dfc->max_state - dfc->capped_state. Fixes: 615510fe13bd ("thermal: devfreq_cooling: remove old power model and use EM") Cc: 5.11+ <stable(a)vger.kernel.org> # 5.11+ Signed-off-by: Ye Zhang <ye.zhang(a)rock-chips.com> --- v1 -> v2: - Update the commit message. drivers/thermal/devfreq_cooling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/thermal/devfreq_cooling.c b/drivers/thermal/devfreq_cooling.c index 50dec24e967a..8fd7cf1932cd 100644 --- a/drivers/thermal/devfreq_cooling.c +++ b/drivers/thermal/devfreq_cooling.c @@ -214,7 +214,7 @@ static int devfreq_cooling_get_requested_power(struct thermal_cooling_device *cd res = dfc->power_ops->get_real_power(df, power, freq, voltage); if (!res) { - state = dfc->capped_state; + state = dfc->max_state - dfc->capped_state; /* Convert EM power into milli-Watts first */ rcu_read_lock(); -- 2.34.1

1 year, 7 months

3
2
0 0

[PATCH 1/7] drm/xe: Use ring ops TLB invalidation for rebinds

by Thomas Hellström

For each rebind we insert a GuC TLB invalidation and add a corresponding unordered TLB invalidation fence. This might add a huge number of TLB invalidation fences to wait for so rather than doing that, defer the TLB invalidation to the next ring ops for each affected exec queue. Since the TLB is invalidated on exec_queue switch, we need to invalidate once for each affected exec_queue. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_exec_queue_types.h | 2 ++ drivers/gpu/drm/xe/xe_pt.c | 5 +++-- drivers/gpu/drm/xe/xe_ring_ops.c | 11 ++++------- drivers/gpu/drm/xe/xe_sched_job.c | 11 +++++++++++ drivers/gpu/drm/xe/xe_sched_job_types.h | 2 ++ drivers/gpu/drm/xe/xe_vm_types.h | 5 +++++ 6 files changed, 27 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec_queue_types.h b/drivers/gpu/drm/xe/xe_exec_queue_types.h index 62b3d9d1d7cd..891ad30e906f 100644 --- a/drivers/gpu/drm/xe/xe_exec_queue_types.h +++ b/drivers/gpu/drm/xe/xe_exec_queue_types.h @@ -148,6 +148,8 @@ struct xe_exec_queue { const struct xe_ring_ops *ring_ops; /** @entity: DRM sched entity for this exec queue (1 to 1 relationship) */ struct drm_sched_entity *entity; + /** @tlb_flush_seqno: The seqno of the last rebind tlb flush performed */ + u64 tlb_flush_seqno; /** @lrc: logical ring context for this exec queue */ struct xe_lrc lrc[]; }; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 8d3922d2206e..21bc0d13fccf 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1254,11 +1254,12 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue * non-faulting LR, in particular on user-space batch buffer chaining, * it needs to be done here. */ - if ((rebind && !xe_vm_in_lr_mode(vm) && !vm->batch_invalidate_tlb) || - (!rebind && xe_vm_has_scratch(vm) && xe_vm_in_preempt_fence_mode(vm))) { + if ((!rebind && xe_vm_has_scratch(vm) && xe_vm_in_preempt_fence_mode(vm))) { ifence = kzalloc(sizeof(*ifence), GFP_KERNEL); if (!ifence) return ERR_PTR(-ENOMEM); + } else if (rebind && !xe_vm_in_lr_mode(vm) && !vm->batch_invalidate_tlb) { + vm->tlb_flush_seqno++; } rfence = kzalloc(sizeof(*rfence), GFP_KERNEL); diff --git a/drivers/gpu/drm/xe/xe_ring_ops.c b/drivers/gpu/drm/xe/xe_ring_ops.c index c4edffcd4a32..5b2b37b59813 100644 --- a/drivers/gpu/drm/xe/xe_ring_ops.c +++ b/drivers/gpu/drm/xe/xe_ring_ops.c @@ -219,10 +219,9 @@ static void __emit_job_gen12_simple(struct xe_sched_job *job, struct xe_lrc *lrc { u32 dw[MAX_JOB_SIZE_DW], i = 0; u32 ppgtt_flag = get_ppgtt_flag(job); - struct xe_vm *vm = job->q->vm; struct xe_gt *gt = job->q->gt; - if (vm && vm->batch_invalidate_tlb) { + if (job->ring_ops_flush_tlb) { dw[i++] = preparser_disable(true); i = emit_flush_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, true, dw, i); @@ -270,7 +269,6 @@ static void __emit_job_gen12_video(struct xe_sched_job *job, struct xe_lrc *lrc, struct xe_gt *gt = job->q->gt; struct xe_device *xe = gt_to_xe(gt); bool decode = job->q->class == XE_ENGINE_CLASS_VIDEO_DECODE; - struct xe_vm *vm = job->q->vm; dw[i++] = preparser_disable(true); @@ -282,13 +280,13 @@ static void __emit_job_gen12_video(struct xe_sched_job *job, struct xe_lrc *lrc, i = emit_aux_table_inv(gt, VE0_AUX_INV, dw, i); } - if (vm && vm->batch_invalidate_tlb) + if (job->ring_ops_flush_tlb) i = emit_flush_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, true, dw, i); dw[i++] = preparser_disable(false); - if (!vm || !vm->batch_invalidate_tlb) + if (!job->ring_ops_flush_tlb) i = emit_store_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, dw, i); @@ -317,7 +315,6 @@ static void __emit_job_gen12_render_compute(struct xe_sched_job *job, struct xe_gt *gt = job->q->gt; struct xe_device *xe = gt_to_xe(gt); bool lacks_render = !(gt->info.engine_mask & XE_HW_ENGINE_RCS_MASK); - struct xe_vm *vm = job->q->vm; u32 mask_flags = 0; dw[i++] = preparser_disable(true); @@ -327,7 +324,7 @@ static void __emit_job_gen12_render_compute(struct xe_sched_job *job, mask_flags = PIPE_CONTROL_3D_ENGINE_FLAGS; /* See __xe_pt_bind_vma() for a discussion on TLB invalidations. */ - i = emit_pipe_invalidate(mask_flags, vm && vm->batch_invalidate_tlb, dw, i); + i = emit_pipe_invalidate(mask_flags, job->ring_ops_flush_tlb, dw, i); /* hsdes: 1809175790 */ if (has_aux_ccs(xe)) diff --git a/drivers/gpu/drm/xe/xe_sched_job.c b/drivers/gpu/drm/xe/xe_sched_job.c index 8151ddafb940..d55458d915a9 100644 --- a/drivers/gpu/drm/xe/xe_sched_job.c +++ b/drivers/gpu/drm/xe/xe_sched_job.c @@ -250,6 +250,17 @@ bool xe_sched_job_completed(struct xe_sched_job *job) void xe_sched_job_arm(struct xe_sched_job *job) { + struct xe_exec_queue *q = job->q; + struct xe_vm *vm = q->vm; + + if (vm && !xe_sched_job_is_migration(q) && !xe_vm_in_lr_mode(vm) && + vm->tlb_flush_seqno != q->tlb_flush_seqno) { + q->tlb_flush_seqno = vm->tlb_flush_seqno; + job->ring_ops_flush_tlb = true; + } else if (vm && vm->batch_invalidate_tlb) { + job->ring_ops_flush_tlb = true; + } + drm_sched_job_arm(&job->drm); } diff --git a/drivers/gpu/drm/xe/xe_sched_job_types.h b/drivers/gpu/drm/xe/xe_sched_job_types.h index b1d83da50a53..5e12724219fd 100644 --- a/drivers/gpu/drm/xe/xe_sched_job_types.h +++ b/drivers/gpu/drm/xe/xe_sched_job_types.h @@ -39,6 +39,8 @@ struct xe_sched_job { } user_fence; /** @migrate_flush_flags: Additional flush flags for migration jobs */ u32 migrate_flush_flags; + /** @ring_ops_flush_tlb: The ring ops need to flush TLB before payload. */ + bool ring_ops_flush_tlb; /** @batch_addr: batch buffer address of job */ u64 batch_addr[]; }; diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index ae5fb565f6bf..5747f136d24d 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -264,6 +264,11 @@ struct xe_vm { bool capture_once; } error_capture; + /** + * @tlb_flush_seqno: Required TLB flush seqno for the next exec. + * protected by the vm resv. + */ + u64 tlb_flush_seqno; /** @batch_invalidate_tlb: Always invalidate TLB before batch start */ bool batch_invalidate_tlb; /** @xef: XE file handle for tracking this VM's drm client */ -- 2.44.0

1 year, 7 months

2
5
0 0

+ hexagon-vmlinuxldss-handle-attributes-section.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: hexagon: vmlinux.lds.S: handle attributes section has been added to the -mm mm-hotfixes-unstable branch. Its filename is hexagon-vmlinuxldss-handle-attributes-section.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Nathan Chancellor <nathan(a)kernel.org> Subject: hexagon: vmlinux.lds.S: handle attributes section Date: Tue, 19 Mar 2024 17:37:46 -0700 After the linked LLVM change, the build fails with CONFIG_LD_ORPHAN_WARN_LEVEL="error", which happens with allmodconfig: ld.lld: error: vmlinux.a(init/main.o):(.hexagon.attributes) is being placed in '.hexagon.attributes' Handle the attributes section in a similar manner as arm and riscv by adding it after the primary ELF_DETAILS grouping in vmlinux.lds.S, which fixes the error. Link: https://lkml.kernel.org/r/20240319-hexagon-handle-attributes-section-vmlinu… Fixes: 113616ec5b64 ("hexagon: select ARCH_WANT_LD_ORPHAN_WARN") Link: https://github.com/llvm/llvm-project/commit/31f4b329c8234fab9afa59494d7f8bd… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Cc: Bill Wendling <morbo(a)google.com> Cc: Brian Cain <bcain(a)quicinc.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/hexagon/kernel/vmlinux.lds.S | 1 + 1 file changed, 1 insertion(+) --- a/arch/hexagon/kernel/vmlinux.lds.S~hexagon-vmlinuxldss-handle-attributes-section +++ a/arch/hexagon/kernel/vmlinux.lds.S @@ -63,6 +63,7 @@ SECTIONS STABS_DEBUG DWARF_DEBUG ELF_DETAILS + .hexagon.attributes 0 : { *(.hexagon.attributes) } DISCARDS } _ Patches currently in -mm which might be from nathan(a)kernel.org are hexagon-vmlinuxldss-handle-attributes-section.patch

1 year, 7 months

1
0
0 0

+ tmpfs-fix-race-on-handling-dquot-rbtree.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: tmpfs: fix race on handling dquot rbtree has been added to the -mm mm-hotfixes-unstable branch. Its filename is tmpfs-fix-race-on-handling-dquot-rbtree.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Carlos Maiolino <cem(a)kernel.org> Subject: tmpfs: fix race on handling dquot rbtree Date: Wed, 20 Mar 2024 13:39:59 +0100 A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree. Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts: Thread 1 Thread 2 - shmem_release_dquot() - shmem_{acquire,release}_dquot() - fetch ROOT - Fetch ROOT - acquire dqio_sem - wait dqio_sem - do something, triger a tree rebalance - release dqio_sem - acquire dqio_sem - start searching for the node, but from the wrong location, missing the node, and triggering a warning. Link: https://lkml.kernel.org/r/20240320124011.398847-1-cem@kernel.org Fixes: eafc474e202978 ("shmem: prepare shmem quota infrastructure") Signed-off-by: Carlos Maiolino <cmaiolino(a)redhat.com> Reported-by: Ubisectech Sirius <bugreport(a)ubisectech.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem_quota.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/shmem_quota.c~tmpfs-fix-race-on-handling-dquot-rbtree +++ a/mm/shmem_quota.c @@ -116,7 +116,7 @@ static int shmem_free_file_info(struct s static int shmem_get_next_id(struct super_block *sb, struct kqid *qid) { struct mem_dqinfo *info = sb_dqinfo(sb, qid->type); - struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node; + struct rb_node *node; qid_t id = from_kqid(&init_user_ns, *qid); struct quota_info *dqopt = sb_dqopt(sb); struct quota_id *entry = NULL; @@ -126,6 +126,7 @@ static int shmem_get_next_id(struct supe return -ESRCH; down_read(&dqopt->dqio_sem); + node = ((struct rb_root *)info->dqi_priv)->rb_node; while (node) { entry = rb_entry(node, struct quota_id, node); @@ -165,7 +166,7 @@ out_unlock: static int shmem_acquire_dquot(struct dquot *dquot) { struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type); - struct rb_node **n = &((struct rb_root *)info->dqi_priv)->rb_node; + struct rb_node **n; struct shmem_sb_info *sbinfo = dquot->dq_sb->s_fs_info; struct rb_node *parent = NULL, *new_node = NULL; struct quota_id *new_entry, *entry; @@ -176,6 +177,8 @@ static int shmem_acquire_dquot(struct dq mutex_lock(&dquot->dq_lock); down_write(&dqopt->dqio_sem); + n = &((struct rb_root *)info->dqi_priv)->rb_node; + while (*n) { parent = *n; entry = rb_entry(parent, struct quota_id, node); @@ -264,7 +267,7 @@ static bool shmem_is_empty_dquot(struct static int shmem_release_dquot(struct dquot *dquot) { struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type); - struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node; + struct rb_node *node; qid_t id = from_kqid(&init_user_ns, dquot->dq_id); struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); struct quota_id *entry = NULL; @@ -275,6 +278,7 @@ static int shmem_release_dquot(struct dq goto out_dqlock; down_write(&dqopt->dqio_sem); + node = ((struct rb_root *)info->dqi_priv)->rb_node; while (node) { entry = rb_entry(node, struct quota_id, node); _ Patches currently in -mm which might be from cem(a)kernel.org are tmpfs-fix-race-on-handling-dquot-rbtree.patch

1 year, 7 months

1
0
0 0

+ selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Date: Thu, 21 Mar 2024 23:20:21 +0000 The sigbus-wp test requires the UFFD_FEATURE_WP_HUGETLBFS_SHMEM flag for shmem and hugetlb targets. Otherwise it is not backwards compatible with kernels <5.19 and fails with EINVAL. Link: https://lkml.kernel.org/r/20240321232023.2064975-1-edliaw@google.com Fixes: 73c1ea939b65 ("selftests/mm: move uffd sig/events tests into uffd unit tests") Signed-off-by: Edward Liaw <edliaw(a)google.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-unit-tests.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1427,7 +1427,8 @@ uffd_test_case_t uffd_tests[] = { .uffd_fn = uffd_sigbus_wp_test, .mem_targets = MEM_ALL, .uffd_feature_required = UFFD_FEATURE_SIGBUS | - UFFD_FEATURE_EVENT_FORK | UFFD_FEATURE_PAGEFAULT_FLAG_WP, + UFFD_FEATURE_EVENT_FORK | UFFD_FEATURE_PAGEFAULT_FLAG_WP | + UFFD_FEATURE_WP_HUGETLBFS_SHMEM, }, { .name = "events", _ Patches currently in -mm which might be from edliaw(a)google.com are selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch

1 year, 7 months

1
0
0 0

[PATCH v2] drm/i915/gt: Report full vm address range

by Andi Shyti

Commit 9bb66c179f50 ("drm/i915: Reserve some kernel space per vm") has reserved an object for kernel space usage. Userspace, though, needs to know the full address range. In the former patch the reserved space was substructed from the total amount of the VM space. Add it back when the user requests the GTT size through ioctl (I915_CONTEXT_PARAM_GTT_SIZE). Fixes: 9bb66c179f50 ("drm/i915: Reserve some kernel space per vm") Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Andrzej Hajda <andrzej.hajda(a)intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.2+ Acked-by: Michal Mrozek <michal.mrozek(a)intel.com> Acked-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> --- Hi, Just proposing a different implementation that doesn't affect i915 internally but provides the same result. Instead of not substracting the space during the reservation, I add it back during the ioctl call. All the "vm->rsvd.vma->node.size" looks a bit ugly, but that's how it is. Maybe a comment can help to understand better why there is this addition. I kept the Ack from Michal and Lionel, because the outcome from userspace perspactive doesn't really change. Andi drivers/gpu/drm/i915/gem/i915_gem_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_context.c b/drivers/gpu/drm/i915/gem/i915_gem_context.c index 81f65cab1330..60d9e7fe33b3 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_context.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_context.c @@ -2454,7 +2454,7 @@ int i915_gem_context_getparam_ioctl(struct drm_device *dev, void *data, case I915_CONTEXT_PARAM_GTT_SIZE: args->size = 0; vm = i915_gem_context_get_eb_vm(ctx); - args->value = vm->total; + args->value = vm->total + vm->rsvd.vma->node.size; i915_vm_put(vm); break; -- 2.43.0

1 year, 7 months

2
1
0 0

[PATCH 2/7] drm/xe: Rework rebinding

by Thomas Hellström

Instead of handling the vm's rebind fence separately, which is error prone if they are not strictly ordered, attach rebind fences as kernel fences to the vm's resv. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 31 +++---------------------------- drivers/gpu/drm/xe/xe_pt.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 27 +++++++++------------------ drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 3 --- 5 files changed, 14 insertions(+), 51 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 7692ebfe7d47..759497d4a102 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -152,7 +152,6 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) struct drm_exec *exec = &vm_exec.exec; u32 i, num_syncs = 0, num_ufence = 0; struct xe_sched_job *job; - struct dma_fence *rebind_fence; struct xe_vm *vm; bool write_locked, skip_retry = false; ktime_t end = 0; @@ -294,35 +293,11 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) * Rebind any invalidated userptr or evicted BOs in the VM, non-compute * VM mode only. */ - rebind_fence = xe_vm_rebind(vm, false); - if (IS_ERR(rebind_fence)) { - err = PTR_ERR(rebind_fence); + err = xe_vm_rebind(vm, false); + if (err) goto err_put_job; - } - - /* - * We store the rebind_fence in the VM so subsequent execs don't get - * scheduled before the rebinds of userptrs / evicted BOs is complete. - */ - if (rebind_fence) { - dma_fence_put(vm->rebind_fence); - vm->rebind_fence = rebind_fence; - } - if (vm->rebind_fence) { - if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, - &vm->rebind_fence->flags)) { - dma_fence_put(vm->rebind_fence); - vm->rebind_fence = NULL; - } else { - dma_fence_get(vm->rebind_fence); - err = drm_sched_job_add_dependency(&job->drm, - vm->rebind_fence); - if (err) - goto err_put_job; - } - } - /* Wait behind munmap style rebinds */ + /* Wait behind rebinds */ if (!xe_vm_in_lr_mode(vm)) { err = drm_sched_job_add_resv_dependencies(&job->drm, xe_vm_resv(vm), diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 21bc0d13fccf..0484ed5b495f 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1298,7 +1298,7 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue } /* add shared fence now for pagetable delayed destroy */ - dma_resv_add_fence(xe_vm_resv(vm), fence, !rebind && + dma_resv_add_fence(xe_vm_resv(vm), fence, rebind || last_munmap_rebind ? DMA_RESV_USAGE_KERNEL : DMA_RESV_USAGE_BOOKKEEP); diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 80d43d75b1da..35fba6e3f889 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -522,7 +522,6 @@ static void preempt_rebind_work_func(struct work_struct *w) { struct xe_vm *vm = container_of(w, struct xe_vm, preempt.rebind_work); struct drm_exec exec; - struct dma_fence *rebind_fence; unsigned int fence_count = 0; LIST_HEAD(preempt_fences); ktime_t end = 0; @@ -568,18 +567,11 @@ static void preempt_rebind_work_func(struct work_struct *w) if (err) goto out_unlock; - rebind_fence = xe_vm_rebind(vm, true); - if (IS_ERR(rebind_fence)) { - err = PTR_ERR(rebind_fence); + err = xe_vm_rebind(vm, true); + if (err) goto out_unlock; - } - - if (rebind_fence) { - dma_fence_wait(rebind_fence, false); - dma_fence_put(rebind_fence); - } - /* Wait on munmap style VM unbinds */ + /* Wait on rebinds and munmap style VM unbinds */ wait = dma_resv_wait_timeout(xe_vm_resv(vm), DMA_RESV_USAGE_KERNEL, false, MAX_SCHEDULE_TIMEOUT); @@ -773,14 +765,14 @@ xe_vm_bind_vma(struct xe_vma *vma, struct xe_exec_queue *q, struct xe_sync_entry *syncs, u32 num_syncs, bool first_op, bool last_op); -struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) +int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) { - struct dma_fence *fence = NULL; + struct dma_fence *fence; struct xe_vma *vma, *next; lockdep_assert_held(&vm->lock); if (xe_vm_in_lr_mode(vm) && !rebind_worker) - return NULL; + return 0; xe_vm_assert_held(vm); list_for_each_entry_safe(vma, next, &vm->rebind_list, @@ -788,17 +780,17 @@ struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) xe_assert(vm->xe, vma->tile_present); list_del_init(&vma->combined_links.rebind); - dma_fence_put(fence); if (rebind_worker) trace_xe_vma_rebind_worker(vma); else trace_xe_vma_rebind_exec(vma); fence = xe_vm_bind_vma(vma, NULL, NULL, 0, false, false); if (IS_ERR(fence)) - return fence; + return PTR_ERR(fence); + dma_fence_put(fence); } - return fence; + return 0; } static void xe_vma_free(struct xe_vma *vma) @@ -1588,7 +1580,6 @@ static void vm_destroy_work_func(struct work_struct *w) XE_WARN_ON(vm->pt_root[id]); trace_xe_vm_free(vm); - dma_fence_put(vm->rebind_fence); kfree(vm); } diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index 6df1f1c7f85d..4853354336f2 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -207,7 +207,7 @@ int __xe_vm_userptr_needs_repin(struct xe_vm *vm); int xe_vm_userptr_check_repin(struct xe_vm *vm); -struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); +int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); int xe_vm_invalidate_vma(struct xe_vma *vma); diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index 5747f136d24d..badf3945083d 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -177,9 +177,6 @@ struct xe_vm { */ struct list_head rebind_list; - /** @rebind_fence: rebind fence from execbuf */ - struct dma_fence *rebind_fence; - /** * @destroy_work: worker to destroy VM, needed as a dma_fence signaling * from an irq context can be last put and the destroy needs to be able -- 2.44.0

1 year, 7 months

2
2
0 0

cherry-pick request into stable for: HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd

by Mikhail Khvoinitsky

Hello, Please, add the following commit: 2814646f76f8518326964f12ff20aaee70ba154d HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Into stable versions: 5.10, 5.15, 6.1, 6.6, 6.7, 6.8 This versions received automatic backport of my previous attempts to detect properly-behaving patched firmware which suffer from false-positives causing regression for users of factory lenovo firmware. The commit adds an explicit sysfs control hence avoids any room for false positives and fixes the regression. Thanks.

1 year, 7 months

1
0
0 0

Re: efivarfs fixes without the commit being fixed in 6.1 and 6.6 (resending without html)

by Ted Brandston

Hi, this is my first time posting to a kernel list (third try, finally figured out the html-free -- sorry for the noise). I noticed that in the 6.6 kernel there's a fix commit from Ard [1] but not the commit it's fixing ("efivarfs: Add uid/gid mount options"). Same thing in 6.1 [2]. The commit being fixed doesn't appear until 6.7 [3]. I'm not familiar with this code so it's unclear to me if this might cause problems, but I figured I should point it out. [1]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/… [2]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/fs/efi… [3]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/fs/efi… Thanks!

1 year, 7 months

3
3
0 0

[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up

by Nam Cao

The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> --- drivers/hid/i2c-hid/i2c-hid-core.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED; -- 2.39.2

1 year, 7 months

2
1
0 0

[PATCH 4/7] drm/xe: Rework rebinding

by Thomas Hellström

Instead of handling the vm's rebind fence separately, which is error prone if they are not strictly ordered, attach rebind fences as kernel fences to the vm's resv. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 31 +++---------------------------- drivers/gpu/drm/xe/xe_pt.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 27 +++++++++------------------ drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 3 --- 5 files changed, 14 insertions(+), 51 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 511d23426a5e..397a49b731f1 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -127,7 +127,6 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) struct drm_exec *exec = &vm_exec.exec; u32 i, num_syncs = 0, num_ufence = 0; struct xe_sched_job *job; - struct dma_fence *rebind_fence; struct xe_vm *vm; bool write_locked, skip_retry = false; ktime_t end = 0; @@ -269,35 +268,11 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) * Rebind any invalidated userptr or evicted BOs in the VM, non-compute * VM mode only. */ - rebind_fence = xe_vm_rebind(vm, false); - if (IS_ERR(rebind_fence)) { - err = PTR_ERR(rebind_fence); + err = xe_vm_rebind(vm, false); + if (err) goto err_put_job; - } - - /* - * We store the rebind_fence in the VM so subsequent execs don't get - * scheduled before the rebinds of userptrs / evicted BOs is complete. - */ - if (rebind_fence) { - dma_fence_put(vm->rebind_fence); - vm->rebind_fence = rebind_fence; - } - if (vm->rebind_fence) { - if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, - &vm->rebind_fence->flags)) { - dma_fence_put(vm->rebind_fence); - vm->rebind_fence = NULL; - } else { - dma_fence_get(vm->rebind_fence); - err = drm_sched_job_add_dependency(&job->drm, - vm->rebind_fence); - if (err) - goto err_put_job; - } - } - /* Wait behind munmap style rebinds */ + /* Wait behind rebinds */ if (!xe_vm_in_lr_mode(vm)) { err = drm_sched_job_add_resv_dependencies(&job->drm, xe_vm_resv(vm), diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 7add08b2954e..92cd660fbcef 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1304,7 +1304,7 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue } /* add shared fence now for pagetable delayed destroy */ - dma_resv_add_fence(xe_vm_resv(vm), fence, !rebind && + dma_resv_add_fence(xe_vm_resv(vm), fence, rebind || last_munmap_rebind ? DMA_RESV_USAGE_KERNEL : DMA_RESV_USAGE_BOOKKEEP); diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index cff8db605743..33a85e702e2c 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -529,7 +529,6 @@ static void preempt_rebind_work_func(struct work_struct *w) { struct xe_vm *vm = container_of(w, struct xe_vm, preempt.rebind_work); struct drm_exec exec; - struct dma_fence *rebind_fence; unsigned int fence_count = 0; LIST_HEAD(preempt_fences); ktime_t end = 0; @@ -575,18 +574,11 @@ static void preempt_rebind_work_func(struct work_struct *w) if (err) goto out_unlock; - rebind_fence = xe_vm_rebind(vm, true); - if (IS_ERR(rebind_fence)) { - err = PTR_ERR(rebind_fence); + err = xe_vm_rebind(vm, true); + if (err) goto out_unlock; - } - - if (rebind_fence) { - dma_fence_wait(rebind_fence, false); - dma_fence_put(rebind_fence); - } - /* Wait on munmap style VM unbinds */ + /* Wait on rebinds and munmap style VM unbinds */ wait = dma_resv_wait_timeout(xe_vm_resv(vm), DMA_RESV_USAGE_KERNEL, false, MAX_SCHEDULE_TIMEOUT); @@ -780,14 +772,14 @@ xe_vm_bind_vma(struct xe_vma *vma, struct xe_exec_queue *q, struct xe_sync_entry *syncs, u32 num_syncs, bool first_op, bool last_op); -struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) +int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) { - struct dma_fence *fence = NULL; + struct dma_fence *fence; struct xe_vma *vma, *next; lockdep_assert_held(&vm->lock); if (xe_vm_in_lr_mode(vm) && !rebind_worker) - return NULL; + return 0; xe_vm_assert_held(vm); list_for_each_entry_safe(vma, next, &vm->rebind_list, @@ -795,17 +787,17 @@ struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker) xe_assert(vm->xe, vma->tile_present); list_del_init(&vma->combined_links.rebind); - dma_fence_put(fence); if (rebind_worker) trace_xe_vma_rebind_worker(vma); else trace_xe_vma_rebind_exec(vma); fence = xe_vm_bind_vma(vma, NULL, NULL, 0, false, false); if (IS_ERR(fence)) - return fence; + return PTR_ERR(fence); + dma_fence_put(fence); } - return fence; + return 0; } static void xe_vma_free(struct xe_vma *vma) @@ -1586,7 +1578,6 @@ static void vm_destroy_work_func(struct work_struct *w) XE_WARN_ON(vm->pt_root[id]); trace_xe_vm_free(vm); - dma_fence_put(vm->rebind_fence); kfree(vm); } diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index 47f3960120a0..20009d8b4702 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -207,7 +207,7 @@ int __xe_vm_userptr_needs_repin(struct xe_vm *vm); int xe_vm_userptr_check_repin(struct xe_vm *vm); -struct dma_fence *xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); +int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); int xe_vm_invalidate_vma(struct xe_vma *vma); diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index 5747f136d24d..badf3945083d 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -177,9 +177,6 @@ struct xe_vm { */ struct list_head rebind_list; - /** @rebind_fence: rebind fence from execbuf */ - struct dma_fence *rebind_fence; - /** * @destroy_work: worker to destroy VM, needed as a dma_fence signaling * from an irq context can be last put and the destroy needs to be able -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH 2/7] drm/xe: Use ring ops TLB invalidation for rebinds

by Thomas Hellström

For each rebind we insert a GuC TLB invalidation and add a corresponding unordered TLB invalidation fence. This might add a huge number of TLB invalidation fences to wait for so rather than doing that, defer the TLB invalidation to the next ring ops for each affected exec queue. Since the TLB is invalidated on exec_queue switch, we need to invalidate once for each affected exec_queue. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_exec_queue_types.h | 2 ++ drivers/gpu/drm/xe/xe_pt.c | 5 +++-- drivers/gpu/drm/xe/xe_ring_ops.c | 11 ++++------- drivers/gpu/drm/xe/xe_sched_job.c | 11 +++++++++++ drivers/gpu/drm/xe/xe_sched_job_types.h | 2 ++ drivers/gpu/drm/xe/xe_vm_types.h | 5 +++++ 6 files changed, 27 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec_queue_types.h b/drivers/gpu/drm/xe/xe_exec_queue_types.h index 62b3d9d1d7cd..891ad30e906f 100644 --- a/drivers/gpu/drm/xe/xe_exec_queue_types.h +++ b/drivers/gpu/drm/xe/xe_exec_queue_types.h @@ -148,6 +148,8 @@ struct xe_exec_queue { const struct xe_ring_ops *ring_ops; /** @entity: DRM sched entity for this exec queue (1 to 1 relationship) */ struct drm_sched_entity *entity; + /** @tlb_flush_seqno: The seqno of the last rebind tlb flush performed */ + u64 tlb_flush_seqno; /** @lrc: logical ring context for this exec queue */ struct xe_lrc lrc[]; }; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index a5bb8d20f815..109c26e5689e 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1253,11 +1253,12 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue * non-faulting LR, in particular on user-space batch buffer chaining, * it needs to be done here. */ - if ((rebind && !xe_vm_in_lr_mode(vm) && !vm->batch_invalidate_tlb) || - (!rebind && xe_vm_has_scratch(vm) && xe_vm_in_preempt_fence_mode(vm))) { + if ((!rebind && xe_vm_has_scratch(vm) && xe_vm_in_preempt_fence_mode(vm))) { ifence = kzalloc(sizeof(*ifence), GFP_KERNEL); if (!ifence) return ERR_PTR(-ENOMEM); + } else if (rebind && !xe_vm_in_lr_mode(vm) && !vm->batch_invalidate_tlb) { + vm->tlb_flush_seqno++; } rfence = kzalloc(sizeof(*rfence), GFP_KERNEL); diff --git a/drivers/gpu/drm/xe/xe_ring_ops.c b/drivers/gpu/drm/xe/xe_ring_ops.c index c4edffcd4a32..5b2b37b59813 100644 --- a/drivers/gpu/drm/xe/xe_ring_ops.c +++ b/drivers/gpu/drm/xe/xe_ring_ops.c @@ -219,10 +219,9 @@ static void __emit_job_gen12_simple(struct xe_sched_job *job, struct xe_lrc *lrc { u32 dw[MAX_JOB_SIZE_DW], i = 0; u32 ppgtt_flag = get_ppgtt_flag(job); - struct xe_vm *vm = job->q->vm; struct xe_gt *gt = job->q->gt; - if (vm && vm->batch_invalidate_tlb) { + if (job->ring_ops_flush_tlb) { dw[i++] = preparser_disable(true); i = emit_flush_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, true, dw, i); @@ -270,7 +269,6 @@ static void __emit_job_gen12_video(struct xe_sched_job *job, struct xe_lrc *lrc, struct xe_gt *gt = job->q->gt; struct xe_device *xe = gt_to_xe(gt); bool decode = job->q->class == XE_ENGINE_CLASS_VIDEO_DECODE; - struct xe_vm *vm = job->q->vm; dw[i++] = preparser_disable(true); @@ -282,13 +280,13 @@ static void __emit_job_gen12_video(struct xe_sched_job *job, struct xe_lrc *lrc, i = emit_aux_table_inv(gt, VE0_AUX_INV, dw, i); } - if (vm && vm->batch_invalidate_tlb) + if (job->ring_ops_flush_tlb) i = emit_flush_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, true, dw, i); dw[i++] = preparser_disable(false); - if (!vm || !vm->batch_invalidate_tlb) + if (!job->ring_ops_flush_tlb) i = emit_store_imm_ggtt(xe_lrc_start_seqno_ggtt_addr(lrc), seqno, dw, i); @@ -317,7 +315,6 @@ static void __emit_job_gen12_render_compute(struct xe_sched_job *job, struct xe_gt *gt = job->q->gt; struct xe_device *xe = gt_to_xe(gt); bool lacks_render = !(gt->info.engine_mask & XE_HW_ENGINE_RCS_MASK); - struct xe_vm *vm = job->q->vm; u32 mask_flags = 0; dw[i++] = preparser_disable(true); @@ -327,7 +324,7 @@ static void __emit_job_gen12_render_compute(struct xe_sched_job *job, mask_flags = PIPE_CONTROL_3D_ENGINE_FLAGS; /* See __xe_pt_bind_vma() for a discussion on TLB invalidations. */ - i = emit_pipe_invalidate(mask_flags, vm && vm->batch_invalidate_tlb, dw, i); + i = emit_pipe_invalidate(mask_flags, job->ring_ops_flush_tlb, dw, i); /* hsdes: 1809175790 */ if (has_aux_ccs(xe)) diff --git a/drivers/gpu/drm/xe/xe_sched_job.c b/drivers/gpu/drm/xe/xe_sched_job.c index 8151ddafb940..d55458d915a9 100644 --- a/drivers/gpu/drm/xe/xe_sched_job.c +++ b/drivers/gpu/drm/xe/xe_sched_job.c @@ -250,6 +250,17 @@ bool xe_sched_job_completed(struct xe_sched_job *job) void xe_sched_job_arm(struct xe_sched_job *job) { + struct xe_exec_queue *q = job->q; + struct xe_vm *vm = q->vm; + + if (vm && !xe_sched_job_is_migration(q) && !xe_vm_in_lr_mode(vm) && + vm->tlb_flush_seqno != q->tlb_flush_seqno) { + q->tlb_flush_seqno = vm->tlb_flush_seqno; + job->ring_ops_flush_tlb = true; + } else if (vm && vm->batch_invalidate_tlb) { + job->ring_ops_flush_tlb = true; + } + drm_sched_job_arm(&job->drm); } diff --git a/drivers/gpu/drm/xe/xe_sched_job_types.h b/drivers/gpu/drm/xe/xe_sched_job_types.h index b1d83da50a53..5e12724219fd 100644 --- a/drivers/gpu/drm/xe/xe_sched_job_types.h +++ b/drivers/gpu/drm/xe/xe_sched_job_types.h @@ -39,6 +39,8 @@ struct xe_sched_job { } user_fence; /** @migrate_flush_flags: Additional flush flags for migration jobs */ u32 migrate_flush_flags; + /** @ring_ops_flush_tlb: The ring ops need to flush TLB before payload. */ + bool ring_ops_flush_tlb; /** @batch_addr: batch buffer address of job */ u64 batch_addr[]; }; diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index ae5fb565f6bf..5747f136d24d 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -264,6 +264,11 @@ struct xe_vm { bool capture_once; } error_capture; + /** + * @tlb_flush_seqno: Required TLB flush seqno for the next exec. + * protected by the vm resv. + */ + u64 tlb_flush_seqno; /** @batch_invalidate_tlb: Always invalidate TLB before batch start */ bool batch_invalidate_tlb; /** @xef: XE file handle for tracking this VM's drm client */ -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH 1/7] drm/xe: Make TLB invalidation fences unordered

by Thomas Hellström

They can actually complete out-of-order, so allocate a unique fence context for each fence. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 1 - drivers/gpu/drm/xe/xe_gt_types.h | 7 ------- drivers/gpu/drm/xe/xe_pt.c | 3 +-- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index a3c4ffba679d..787cba5e49a1 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -63,7 +63,6 @@ int xe_gt_tlb_invalidation_init(struct xe_gt *gt) INIT_LIST_HEAD(&gt->tlb_invalidation.pending_fences); spin_lock_init(&gt->tlb_invalidation.pending_lock); spin_lock_init(&gt->tlb_invalidation.lock); - gt->tlb_invalidation.fence_context = dma_fence_context_alloc(1); INIT_DELAYED_WORK(&gt->tlb_invalidation.fence_tdr, xe_gt_tlb_fence_timeout); diff --git a/drivers/gpu/drm/xe/xe_gt_types.h b/drivers/gpu/drm/xe/xe_gt_types.h index f6da2ad9719f..2143dffcaf11 100644 --- a/drivers/gpu/drm/xe/xe_gt_types.h +++ b/drivers/gpu/drm/xe/xe_gt_types.h @@ -179,13 +179,6 @@ struct xe_gt { * xe_gt_tlb_fence_timeout after the timeut interval is over. */ struct delayed_work fence_tdr; - /** @tlb_invalidation.fence_context: context for TLB invalidation fences */ - u64 fence_context; - /** - * @tlb_invalidation.fence_seqno: seqno to TLB invalidation fences, protected by - * tlb_invalidation.lock - */ - u32 fence_seqno; /** @tlb_invalidation.lock: protects TLB invalidation fences */ spinlock_t lock; } tlb_invalidation; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 8d3922d2206e..a5bb8d20f815 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1135,8 +1135,7 @@ static int invalidation_fence_init(struct xe_gt *gt, spin_lock_irq(&gt->tlb_invalidation.lock); dma_fence_init(&ifence->base.base, &invalidation_fence_ops, &gt->tlb_invalidation.lock, - gt->tlb_invalidation.fence_context, - ++gt->tlb_invalidation.fence_seqno); + dma_fence_context_alloc(1), 1); spin_unlock_irq(&gt->tlb_invalidation.lock); INIT_LIST_HEAD(&ifence->base.link); -- 2.44.0

1 year, 7 months

1
0
0 0

[PATCH] drm/xe/query: fix gt_id bounds check

by Matthew Auld

The user provided gt_id should always be less than the XE_MAX_GT_PER_TILE. Fixes: 7793d00d1bf5 ("drm/xe: Correlate engine and cpu timestamps with better accuracy") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_query.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_query.c b/drivers/gpu/drm/xe/xe_query.c index fcd8680d2ccc..df407d73e5f5 100644 --- a/drivers/gpu/drm/xe/xe_query.c +++ b/drivers/gpu/drm/xe/xe_query.c @@ -133,7 +133,7 @@ query_engine_cycles(struct xe_device *xe, return -EINVAL; eci = &resp.eci; - if (eci->gt_id > XE_MAX_GT_PER_TILE) + if (eci->gt_id >= XE_MAX_GT_PER_TILE) return -EINVAL; gt = xe_device_get_gt(xe, eci->gt_id); -- 2.44.0

1 year, 7 months

2
1
0 0

[PATCH 5.15/5.10/5.4/4.19 0/1] pppoe: Fix memory leak in pppoe_sendmsg()

by Gavrilov Ilia

syzbot reports a memory leak in pppoe_sendmsg in 6.6 and 6.1 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 6.6 and 6.1 branches. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Gavrilov Ilia (1): pppoe: Fix memory leak in pppoe_sendmsg() drivers/net/ppp/pppoe.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) -- 2.39.2

1 year, 7 months

1
2
0 0

[PATCH 1/2] RISC-V: KVM: Fix APLIC setipnum_le/be write emulation

by Anup Patel

The writes to setipnum_le/be register for APLIC in MSI-mode have special consideration for level-triggered interrupts as-per the section "4.9.2 Special consideration for level-sensitive interrupt sources" of the RISC-V AIA specification. Particularly, the below text from the RISC-V AIA specification defines the behaviour of writes to setipnum_le/be register for level-triggered interrupts: "A second option is for the interrupt service routine to write the APLIC’s source identity number for the interrupt to the domain’s setipnum register just before exiting. This will cause the interrupt’s pending bit to be set to one again if the source is still asserting an interrupt, but not if the source is not asserting an interrupt." Fix setipnum_le/be write emulation for in-kernel APLIC by implementing the above behaviour in aplic_write_pending() function. Cc: stable(a)vger.kernel.org Fixes: 74967aa208e2 ("RISC-V: KVM: Add in-kernel emulation of AIA APLIC") Signed-off-by: Anup Patel <apatel(a)ventanamicro.com> --- arch/riscv/kvm/aia_aplic.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kvm/aia_aplic.c b/arch/riscv/kvm/aia_aplic.c index 39e72aa016a4..5e842b92dc46 100644 --- a/arch/riscv/kvm/aia_aplic.c +++ b/arch/riscv/kvm/aia_aplic.c @@ -137,11 +137,21 @@ static void aplic_write_pending(struct aplic *aplic, u32 irq, bool pending) raw_spin_lock_irqsave(&irqd->lock, flags); sm = irqd->sourcecfg & APLIC_SOURCECFG_SM_MASK; - if (!pending && - ((sm == APLIC_SOURCECFG_SM_LEVEL_HIGH) || - (sm == APLIC_SOURCECFG_SM_LEVEL_LOW))) + if (sm == APLIC_SOURCECFG_SM_INACTIVE) goto skip_write_pending; + if (sm == APLIC_SOURCECFG_SM_LEVEL_HIGH || + sm == APLIC_SOURCECFG_SM_LEVEL_LOW) { + if (!pending) + goto skip_write_pending; + if ((irqd->state & APLIC_IRQ_STATE_INPUT) && + sm == APLIC_SOURCECFG_SM_LEVEL_LOW) + goto skip_write_pending; + if (!(irqd->state & APLIC_IRQ_STATE_INPUT) && + sm == APLIC_SOURCECFG_SM_LEVEL_HIGH) + goto skip_write_pending; + } + if (pending) irqd->state |= APLIC_IRQ_STATE_PENDING; else -- 2.34.1

1 year, 7 months

1
0
0 0

[PATCH] mtd: limit OTP NVMEM Cell parse to non Nand devices

by Christian Marangi

MTD OTP logic is very fragile and can be problematic with some specific kind of devices. NVMEM across the years had various iteration on how Cells could be declared in DT and MTD OTP probably was left behind and add_legacy_fixed_of_cells was enabled without thinking of the consequences. That option enables NVMEM to scan the provided of_node and treat each child as a NVMEM Cell, this was to support legacy NVMEM implementation and don't cause regression. This is problematic if we have devices like Nand where the OTP is triggered by setting a special mode in the flash. In this context real partitions declared in the Nand node are registered as OTP Cells and this cause probe fail with -EINVAL error. This was never notice due to the fact that till now, no Nand supported the OTP feature. With commit e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") this changed and coincidentally this Nand is used on an FritzBox 7530 supported on OpenWrt. Alternative and more robust way to declare OTP Cells are already prossible by using the fixed-layout node or by declaring a child node with the compatible set to "otp-user" or "otp-factory". To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we have a node called nand since it's the standard property name to identify Nand devices attached to a Nand Controller. With the following logic, the OTP NVMEM entry is correctly created with no Cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") Cc: <stable(a)vger.kernel.org> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..6872477a5129 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !of_node_name_eq(mtd->dev.of_node, "nand"); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 7 months

2
1
0 0

[PATCH] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ null pointer access Using 4.19 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 142.135449] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 142.138713] [drm] Driver supports precise vblank timestamp query. [ 142.142390] [drm] Initialized vkms 1.0.0 20180514 for virtual device on minor 0 root:~ # rmmod vkms.ko [ 144.093710] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 [ 144.097491] PGD 800000023624e067 P4D 800000023624e067 PUD 22ab59067 PMD 0 [ 144.100802] Oops: 0000 [#1] SMP PTI [ 144.102502] CPU: 0 PID: 3615 Comm: rmmod Not tainted 4.19.310 #1 [ 144.104452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 144.107238] RIP: 0010:device_del+0x34/0x3a0 ... [ 144.131323] Call Trace: [ 144.131962] ? __die+0x7d/0xc0 [ 144.132711] ? no_context+0x152/0x3b0 [ 144.133605] ? wake_up_q+0x70/0x70 [ 144.134436] ? __do_page_fault+0x342/0x4b0 [ 144.135445] ? __switch_to_asm+0x41/0x70 [ 144.136416] ? __switch_to_asm+0x35/0x70 [ 144.137366] ? page_fault+0x1e/0x30 [ 144.138214] ? __drm_atomic_state_free+0x51/0x60 [ 144.139331] ? device_del+0x34/0x3a0 [ 144.140197] platform_device_del.part.14+0x19/0x70 [ 144.141348] platform_device_unregister+0xe/0x20 [ 144.142458] vkms_release+0x10/0x30 [vkms] [ 144.143449] __drm_atomic_helper_disable_all.constprop.31+0x13b/0x150 [ 144.144980] drm_atomic_helper_shutdown+0x4b/0x90 [ 144.146102] vkms_release+0x18/0x30 [vkms] [ 144.147107] vkms_exit+0x29/0x8ec [vkms] [ 144.148053] __x64_sys_delete_module+0x155/0x220 [ 144.149168] do_syscall_64+0x43/0x100 [ 144.150056] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Fixes: 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index b1201c18d3eb..d32e08f17427 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -39,7 +39,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); } @@ -137,6 +136,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 7 months

1
0
0 0

[PATCH] drm/i915/gt: Report full vm address range

by Andi Shyti

Commit 9bb66c179f50 ("drm/i915: Reserve some kernel space per vm") has reserved an object for kernel space usage. Userspace, though, needs to know the full address range. Fixes: 9bb66c179f50 ("drm/i915: Reserve some kernel space per vm") Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Andrzej Hajda <andrzej.hajda(a)intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.2+ --- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gt/gen8_ppgtt.c b/drivers/gpu/drm/i915/gt/gen8_ppgtt.c index fa46d2308b0e..d76831f50106 100644 --- a/drivers/gpu/drm/i915/gt/gen8_ppgtt.c +++ b/drivers/gpu/drm/i915/gt/gen8_ppgtt.c @@ -982,8 +982,9 @@ static int gen8_init_rsvd(struct i915_address_space *vm) vm->rsvd.vma = i915_vma_make_unshrinkable(vma); vm->rsvd.obj = obj; - vm->total -= vma->node.size; + return 0; + unref: i915_gem_object_put(obj); return ret; -- 2.43.0

1 year, 7 months

4
7
0 0

[PATCH 11/17] wifi: iwlwifi: mvm: handle debugfs names more carefully

by Miri Korenblit

From: Johannes Berg <johannes.berg(a)intel.com> With debugfs=off, we can get here with the dbgfs_dir being an ERR_PTR(). Instead of checking for all this, which is often flagged as a mistake, simply handle the names here more carefully by printing them, then we don't need extra checks. Also, while checking, I noticed theoretically 'buf' is too small, so fix that size as well. Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218422 Fixes: c36235acb34f ("wifi: iwlwifi: mvm: rework debugfs handling") Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c index 5485e8bf613e..af56a55063a7 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c @@ -806,7 +806,9 @@ void iwl_mvm_vif_dbgfs_add_link(struct iwl_mvm *mvm, struct ieee80211_vif *vif) { struct dentry *dbgfs_dir = vif->debugfs_dir; struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); - char buf[100]; + char buf[3 * 3 + 11 + (NL80211_WIPHY_NAME_MAXLEN + 1) + + (7 + IFNAMSIZ + 1) + 6 + 1]; + char name[7 + IFNAMSIZ + 1]; /* this will happen in monitor mode */ if (!dbgfs_dir) @@ -819,10 +821,11 @@ void iwl_mvm_vif_dbgfs_add_link(struct iwl_mvm *mvm, struct ieee80211_vif *vif) * find * netdev:wlan0 -> ../../../ieee80211/phy0/netdev:wlan0/iwlmvm/ */ - snprintf(buf, 100, "../../../%pd3/iwlmvm", dbgfs_dir); + snprintf(name, sizeof(name), "%pd", dbgfs_dir); + snprintf(buf, sizeof(buf), "../../../%pd3/iwlmvm", dbgfs_dir); - mvmvif->dbgfs_slink = debugfs_create_symlink(dbgfs_dir->d_name.name, - mvm->debugfs_dir, buf); + mvmvif->dbgfs_slink = + debugfs_create_symlink(name, mvm->debugfs_dir, buf); } void iwl_mvm_vif_dbgfs_rm_link(struct iwl_mvm *mvm, struct ieee80211_vif *vif) -- 2.34.1

1 year, 7 months

1
0
0 0

[PATCH] sched/core: fix affine_move_task failure case

by Daniel Vacek

Bill Peters reported CPU hangs while offlining/onlining CPUs on s390. Analyzing the vmcore data shows `stop_one_cpu_nowait()` in `affine_move_task()` can fail when racing with off-/on-lining resulting in a deadlock waiting for the pending migration stop work completion which is never done. Fix this by correctly handling such a condition. Fixes: 9e81889c7648 ("sched: Fix affine_move_task() self-concurrency") Cc: stable(a)vger.kernel.org Reported-by: Bill Peters <wpeters(a)atpco.net> Tested-by: Bill Peters <wpeters(a)atpco.net> Signed-off-by: Daniel Vacek <neelx(a)redhat.com> --- kernel/sched/core.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 9116bcc903467..d0ff5c611a1c8 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -3069,8 +3069,17 @@ static int affine_move_task(struct rq *rq, struct task_struct *p, struct rq_flag preempt_disable(); task_rq_unlock(rq, p, rf); if (!stop_pending) { - stop_one_cpu_nowait(cpu_of(rq), migration_cpu_stop, - &pending->arg, &pending->stop_work); + stop_pending = + stop_one_cpu_nowait(cpu_of(rq), migration_cpu_stop, + &pending->arg, &pending->stop_work); + + if (!stop_pending) { + rq = task_rq_lock(p, rf); + pending->stop_pending = false; + p->migration_pending = NULL; + task_rq_unlock(rq, p, rf); + complete_all(&pending->done); + } } preempt_enable(); -- 2.43.0

1 year, 7 months

2
5
0 0

[PATCH 5.15.y] ACPI: CPPC: Use access_width over bit_width for system memory accesses

by Easwar Hariharan

Hi Greg, Sasha, commit 2f4a4d63a193be6fd530d180bb13c3592052904c upstream is marked for 5.15+ with CC: stable(a)vger.kernel.org, but the application will fail with a merge conflict due to missing intermediate feature patches. When you apply the patch to 5.15, could you take the backport below instead? Thanks, Easwar PS: It will apply cleanly to the other stable branches. ----8x-------------------------- From ab7a492bcec34a3ad4ae4e2a6ad0e7e1c4fc783a Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Fri, 1 Mar 2024 11:25:59 -0800 Subject: [PATCH 1/1] ACPI: CPPC: Use access_width over bit_width for system memory accesses commit 2f4a4d63a193be6fd530d180bb13c3592052904c upstream To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ [ rjw: Subject and changelog edits, comment adjustments ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> [ eahariha: Backport to v5.15 by dropping SystemIO bits as commit a2c8f92bea5f is not present ] Signed-off-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> --- drivers/acpi/cppc_acpi.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 7cc9183c8dc8..408b1fda5702 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -161,6 +161,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -762,8 +769,10 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; - addr = ioremap(gas_t->address, gas_t->bit_width/8); + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -936,6 +945,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { int ret_val = 0; void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -955,7 +965,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -974,12 +986,16 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) ret_val = -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return ret_val; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1010,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break; -- 2.34.1 -----------------------------------x8-------

1 year, 7 months

2
2
0 0

[PATCH 5.10 000/122] 5.10.211-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.211 release. There are 122 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.211-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.211-rc1 Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Michael Schmitz <schmitzmic(a)gmail.com> block: ataflop: more blk-mq refactoring fixes Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Christian König <christian.koenig(a)amd.com> drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop pointless else after goto Jakub Kicinski <kuba(a)kernel.org> tls: rx: jump to a more appropriate label Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Kees Cook <keescook(a)chromium.org> net: dev: Convert sa_data to flexible array in struct sockaddr Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Peter Zijlstra <peterz(a)infradead.org> x86/alternative: Make custom return thunk unconditional Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/alternative: Make custom return thunk unconditional" Peter Zijlstra <peterz(a)infradead.org> x86/returnthunk: Allow different return thunks Peter Zijlstra <peterz(a)infradead.org> x86/ftrace: Use alternative RET encoding Peter Zijlstra <peterz(a)infradead.org> x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Peter Zijlstra <peterz(a)infradead.org> x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/ftrace: Use alternative RET encoding" Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix lz4 inplace decompression Jan Beulich <jbeulich(a)suse.com> x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Zhihao Cheng <chengzhihao1(a)huawei.com> jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint Zhang Yi <yi.zhang(a)huawei.com> jbd2: recheck chechpointing non-dirty buffer Zhang Yi <yi.zhang(a)huawei.com> jbd2: remove redundant buffer io error checks Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: write queue_sync_state only for sync Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: do more useful queue sync accounting Max Verevkin <me(a)maxverevkin.tk> platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC Sergej Bauer <sbauer(a)blackbox.su> lan743x: fix for potential NULL pointer dereference with bare card Filipe Manana <fdmanana(a)suse.com> btrfs: do not pin logs too early during renames Filipe Manana <fdmanana(a)suse.com> btrfs: unify lookup return value when dir entry is missing Marcos Paulo de Souza <mpdesouza(a)suse.com> btrfs: introduce btrfs_lookup_match_dir Josef Bacik <josef(a)toxicpanda.com> btrfs: tree-checker: check for overlapping extent items Borislav Petkov <bp(a)suse.de> task_stack, x86/cea: Force-inline stack helpers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: boards: get codec device with ACPI instead of bus search Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: boards: harden codec property handling YouChing Lin <ycllin(a)mxic.com.tw> mtd: spinand: macronix: Add support for MX35LFxGE4AD Shyam Prasad N <sprasad(a)microsoft.com> cifs: add a warning when the in-flight count goes negative Benjamin Gray <bgray(a)linux.ibm.com> powerpc/watchpoints: Annotate atomic context in more places Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions Michael Schmitz <schmitzmic(a)gmail.com> block: ataflop: fix breakage introduced at blk-mq refactoring Kees Cook <keescook(a)chromium.org> seccomp: Invalidate seccomp mode to catch death failures Peter Zijlstra <peterz(a)infradead.org> x86/uaccess: Implement macros for CMPXCHG on user addresses Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> hsr: Avoid double remove of a node. Roger Pau Monne <roger.pau(a)citrix.com> hvc/xen: prevent concurrent accesses to the shared ring Dan Carpenter <error27(a)gmail.com> media: av7110: prevent underflow in write_ts_to_decoder() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: register platform component before registering cpu dai Xiaolei Wang <xiaolei.wang(a)windriver.com> ARM: dts: imx: Set default tuning step for imx6sx usdhc Jiaxun Yang <jiaxun.yang(a)flygoat.com> irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in receive_encrypted_standard() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 - arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 - arch/arm/boot/dts/imx6sx.dtsi | 6 + arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/powerpc/kernel/hw_breakpoint.c | 76 +- arch/s390/pci/pci.c | 2 +- arch/x86/include/asm/cpu_entry_area.h | 2 +- arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/include/asm/text-patching.h | 46 +- arch/x86/include/asm/uaccess.h | 142 ++ arch/x86/kernel/alternative.c | 13 +- arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/paravirt.c | 22 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- drivers/ata/ahci.c | 34 +- drivers/ata/ahci.h | 1 + drivers/block/ataflop.c | 56 +- drivers/block/virtio_blk.c | 7 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + drivers/gpu/drm/drm_syncobj.c | 16 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/hwmon/coretemp.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/irqchip/irq-mips-gic.c | 2 + drivers/md/dm-crypt.c | 6 + drivers/media/pci/ttpci/av7110_av.c | 4 +- drivers/mtd/nand/spi/macronix.c | 20 + drivers/net/ethernet/microchip/lan743x_ethtool.c | 9 +- drivers/net/gtp.c | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 14 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 10 +- drivers/nvme/host/fc.c | 47 +- drivers/nvme/target/fc.c | 11 +- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/msi.c | 2 +- drivers/platform/x86/intel-vbtn.c | 6 + drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/tty/hvc/hvc_xen.c | 19 +- drivers/usb/cdns3/gadget.c | 8 +- drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 29 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/ctree.h | 2 +- fs/btrfs/dir-item.c | 122 +- fs/btrfs/inode.c | 48 +- fs/btrfs/tree-checker.c | 25 +- fs/btrfs/tree-log.c | 14 +- fs/cifs/smb2ops.c | 19 +- fs/cifs/smb2pdu.c | 95 +- fs/cifs/smb2proto.h | 12 +- fs/erofs/decompressor.c | 24 +- fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 33 +- fs/jbd2/checkpoint.c | 137 +- fs/zonefs/super.c | 68 +- include/linux/fs.h | 2 + include/linux/lockdep.h | 5 + include/linux/sched/task_stack.h | 2 +- include/linux/socket.h | 5 +- include/net/tcp.h | 2 +- kernel/sched/rt.c | 10 +- kernel/seccomp.c | 10 + kernel/sysctl.c | 4 + mm/userfaultfd.c | 14 +- net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/hsr/hsr_framereg.c | 16 +- net/hsr/hsr_framereg.h | 1 + net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv6/addrconf.c | 21 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mptcp/diag.c | 6 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_tables_api.c | 1 + net/packet/af_packet.c | 12 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 709 -------- net/sched/sch_cbq.c | 1816 --------------------- net/sched/sch_dsmark.c | 521 ------ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 1 + scripts/bpf_helpers_doc.py | 2 +- sound/soc/fsl/fsl_micfil.c | 15 +- sound/soc/intel/boards/bytcht_es8316.c | 14 +- sound/soc/intel/boards/bytcr_rt5640.c | 46 +- sound/soc/intel/boards/bytcr_rt5651.c | 41 +- sound/soc/sunxi/sun4i-spdif.c | 5 + 123 files changed, 1267 insertions(+), 3694 deletions(-)

1 year, 7 months

12
139
0 0

v4.19 backport request for crypto af_alg

by Ralph Siemsen

I have found a regression in userspace behaviour after commit 67b164a871a got backported into 4.19.306 as commit 19af0310c8767. The regression can be fixed by backporting two additional commits, detailed below. The regression can be reproduced with the following sequence: echo some text > plain.txt openssl enc -k mysecret -aes-256-cbc -in plain.txt -out cipher.txt -engine afalg It fails intermittently with the message "error writing to file", but this error is a bit misleading, the actual problem is that the kernel returns -16 (EBUSY) on the encoding operation. The EBUSY comes from the newly added in-flight check. This check is correct, however it fails on 4.19 kernel, because it is missing two earlier commits: f3c802a1f3001 crypto: algif_aead - Only wake up when ctx->more is zero 21dfbcd1f5cbf crypto: algif_aead - fix uninitialized ctx->init I was able to cherry-pick those into 4.19.y, with just a minor conflict in one case. With those applied, the openssl command no longer fails. Similar fixes are likely needed in 5.4.y, however I did not test this. No change is needed in 5.10 or newer, as the two commits are present. Please add the two commits to 4.19.y (and probably also 5.4.y). Thanks, -Ralph

1 year, 7 months

2
1
0 0

Re: [PATCH] crypto: af_alg - Disallow multiple in-flight AIO requests

by Linux regression tracking (Thorsten Leemhuis)

[CCing the stable team, as it looks like two prerequisite changes for a patch already applied are missing in at least 4.19.y] On 15.03.24 18:55, Ralph Siemsen wrote: > > I have found a regression in userspace behaviour after this patch was > merged into the 4.19.y kernel. The fix seems to involve backporting a > few more changes. Could you review details below and confirm if this is > the right approach? FWIW, developers are totally free to not care about stable and longterm kernels series. Not sure if Herbert is among those developers, but it might explain why there is no reply yet. That's why I CCed the stable maintainers, strictly speaking they are responsible. > On Tue, Nov 28, 2023 at 04:25:49PM +0800, Herbert Xu wrote: >> Having multiple in-flight AIO requests results in unpredictable >> output because they all share the same IV. Fix this by only allowing >> one request at a time. > [...] > This change got backported on the 4.19 kernel in January: > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > Since then, I am seeCiao, ing a regression in a simple openssl encoding test: > > openssl enc -k mysecret -aes-256-cbc -in plain.txt -out cipher.txt > -engine afalg > > It fails intermittently with the message "error writing to file", but > this error is a bit misleading, the actual problem is that the kernel > returns -16 (EBUSY) on the encoding operation. > > This happens only in 4.19, and not under 5.10. The patch seems correct, > however it seems we are missing a couple of other patches on 4.19: > > f3c802a1f3001 crypto: algif_aead - Only wake up when ctx->more is zero > 21dfbcd1f5cbf crypto: algif_aead - fix uninitialized ctx->init > > I was able to cherry-pick those into 4.19.y, with just a minor conflict > in one case. With those applied, the openssl command no longer fails. Some feedback here from Herbert would of course be splendid, but maybe your tests are all the stable team needs to pick those up for a future 4.19.y release. > I suspect similar changes would be needed also in 5.4 kernel, however I > neither checked that, nor have I run any tests on that version. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page.

1 year, 7 months

1
1
0 0

[PATCH v2] irqchip/sifive-plic: enable interrupt if needed before EOI

by Nam Cao

RISC-V PLIC cannot "end-of-interrupt" (EOI) disabled interrupts, as explained in the description of Interrupt Completion in the PLIC spec: "The PLIC signals it has completed executing an interrupt handler by writing the interrupt ID it received from the claim to the claim/complete register. The PLIC does not check whether the completion ID is the same as the last claim ID for that target. If the completion ID does not match an interrupt source that *is currently enabled* for the target, the completion is silently ignored." Commit 69ea463021be ("irqchip/sifive-plic: Fixup EOI failed when masked") ensured that EOI is successful by enabling interrupt first, before EOI. Commit a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations") removed the interrupt enabling code from the previous commit, because it assumes that interrupt should already be enabled at the point of EOI. However, this is incorrect: there is a window after a hart claiming an interrupt and before irq_desc->lock getting acquired, interrupt can be disabled during this window. Thus, EOI can be invoked while the interrupt is disabled, effectively nullify this EOI. This results in the interrupt never gets asserted again, and the device who uses this interrupt appears frozen. Make sure that interrupt is really enabled before EOI. Fixes: a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> --- v2: - add unlikely() for optimization - re-word commit message to make it clearer drivers/irqchip/irq-sifive-plic.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index e1484905b7bd..0a233e9d9607 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -148,7 +148,13 @@ static void plic_irq_eoi(struct irq_data *d) { struct plic_handler *handler = this_cpu_ptr(&plic_handlers); - writel(d->hwirq, handler->hart_base + CONTEXT_CLAIM); + if (unlikely(irqd_irq_disabled(d))) { + plic_toggle(handler, d->hwirq, 1); + writel(d->hwirq, handler->hart_base + CONTEXT_CLAIM); + plic_toggle(handler, d->hwirq, 0); + } else { + writel(d->hwirq, handler->hart_base + CONTEXT_CLAIM); + } } #ifdef CONFIG_SMP -- 2.39.2

1 year, 7 months

4
4
0 0

[PATCH 6.6/6.1 0/1] pppoe: Fix memory leak in pppoe_sendmsg()

by Gavrilov Ilia

syzbot reports a memory leak in pppoe_sendmsg in 6.6 and 6.1 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 6.6 and 6.1 branches. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Gavrilov Ilia (1): pppoe: Fix memory leak in pppoe_sendmsg() drivers/net/ppp/pppoe.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) -- 2.39.2

1 year, 7 months

1
1
0 0

[PATCH] LoongArch: Change __my_cpu_offset definition to avoid mis-optimization

by Huacai Chen

From GCC commit 3f13154553f8546a ("df-scan: remove ad-hoc handling of global regs in asms"), global registers will no longer be forced to add to the def-use chain. Then current_thread_info(), current_stack_pointer and __my_cpu_offset may be lifted out of the loop because they are no longer treated as "volatile variables". This optimization is still correct for the current_thread_info() and current_stack_pointer usages because they are associated to a thread. However it is wrong for __my_cpu_offset because it is associated to a CPU rather than a thread: if the thread migrates to a different CPU in the loop, __my_cpu_offset should be changed. Change __my_cpu_offset definition to treat it as a "volatile variable", in order to avoid such a mis-optimization. Cc: stable(a)vger.kernel.org Reported-by: Xiaotian Wu <wuxiaotian(a)loongson.cn> Reported-by: Miao Wang <shankerwangmiao(a)gmail.com> Signed-off-by: Xing Li <lixing(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> Signed-off-by: Rui Wang <wangrui(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/percpu.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/loongarch/include/asm/percpu.h b/arch/loongarch/include/asm/percpu.h index 9b36ac003f89..03b98491d301 100644 --- a/arch/loongarch/include/asm/percpu.h +++ b/arch/loongarch/include/asm/percpu.h @@ -29,7 +29,12 @@ static inline void set_my_cpu_offset(unsigned long off) __my_cpu_offset = off; csr_write64(off, PERCPU_BASE_KS); } -#define __my_cpu_offset __my_cpu_offset + +#define __my_cpu_offset \ +({ \ + __asm__ __volatile__("":"+r"(__my_cpu_offset)); \ + __my_cpu_offset; \ +}) #define PERCPU_OP(op, asm_op, c_op) \ static __always_inline unsigned long __percpu_##op(void *ptr, \ -- 2.43.0

1 year, 7 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror