- Linux-stable-mirror - lists.linaro.org

+ arm-prctl-reject-pr_set_mdwe-on-pre-armv6.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 has been added to the -mm mm-hotfixes-unstable branch. Its filename is arm-prctl-reject-pr_set_mdwe-on-pre-armv6.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zev Weiss <zev(a)bewilderbeest.net> Subject: ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Date: Mon, 26 Feb 2024 17:35:42 -0800 On v5 and lower CPUs we can't provide MDWE protection, so ensure we fail any attempt to enable it via prctl(PR_SET_MDWE). Previously such an attempt would misleadingly succeed, leading to any subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing unconditionally (the latter somewhat violently via force_fatal_sig(SIGSEGV) due to READ_IMPLIES_EXEC). Link: https://lkml.kernel.org/r/20240227013546.15769-6-zev@bewilderbeest.net Signed-off-by: Zev Weiss <zev(a)bewilderbeest.net> Cc: <stable(a)vger.kernel.org> [6.3+] Cc: Borislav Petkov <bp(a)alien8.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Florent Revest <revest(a)chromium.org> Cc: Helge Deller <deller(a)gmx.de> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Kees Cook <keescook(a)chromium.org> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Cc: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Cc: Russell King (Oracle) <linux(a)armlinux.org.uk> Cc: Sam James <sam(a)gentoo.org> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/include/asm/mman.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- /dev/null +++ a/arch/arm/include/asm/mman.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_MMAN_H__ +#define __ASM_MMAN_H__ + +#include <asm/system_info.h> +#include <uapi/asm/mman.h> + +static inline bool arch_memory_deny_write_exec_supported(void) +{ + return cpu_architecture() >= CPU_ARCH_ARMv6; +} +#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported + +#endif /* __ASM_MMAN_H__ */ _ Patches currently in -mm which might be from zev(a)bewilderbeest.net are prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch.patch arm-prctl-reject-pr_set_mdwe-on-pre-armv6.patch

1 year, 7 months

1
0
0 0

+ prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: prctl: generalize PR_SET_MDWE support check to be per-arch has been added to the -mm mm-hotfixes-unstable branch. Its filename is prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zev Weiss <zev(a)bewilderbeest.net> Subject: prctl: generalize PR_SET_MDWE support check to be per-arch Date: Mon, 26 Feb 2024 17:35:41 -0800 Patch series "ARM: prctl: Reject PR_SET_MDWE where not supported". I noticed after a recent kernel update that my ARM926 system started segfaulting on any execve() after calling prctl(PR_SET_MDWE). After some investigation it appears that ARMv5 is incapable of providing the appropriate protections for MDWE, since any readable memory is also implicitly executable. The prctl_set_mdwe() function already had some special-case logic added disabling it on PARISC (commit 793838138c15, "prctl: Disable prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that check to use an arch_*() function, and (2) adds a corresponding override for ARM to disable MDWE on pre-ARMv6 CPUs. With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can succeed instead of unconditionally failing; on ARMv6 the prctl works as it did previously. [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ This patch (of 2): There exist systems other than PARISC where MDWE may not be feasible to support; rather than cluttering up the generic code with additional arch-specific logic let's add a generic function for checking MDWE support and allow each arch to override it as needed. Link: https://lkml.kernel.org/r/20240227013546.15769-4-zev@bewilderbeest.net Link: https://lkml.kernel.org/r/20240227013546.15769-5-zev@bewilderbeest.net Signed-off-by: Zev Weiss <zev(a)bewilderbeest.net> Acked-by: Helge Deller <deller(a)gmx.de> [parisc] Cc: Borislav Petkov <bp(a)alien8.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Florent Revest <revest(a)chromium.org> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Kees Cook <keescook(a)chromium.org> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Cc: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Cc: Russell King (Oracle) <linux(a)armlinux.org.uk> Cc: Sam James <sam(a)gentoo.org> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Cc: <stable(a)vger.kernel.org> [6.3+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/parisc/include/asm/mman.h | 14 ++++++++++++++ include/linux/mman.h | 8 ++++++++ kernel/sys.c | 7 +++++-- 3 files changed, 27 insertions(+), 2 deletions(-) --- /dev/null +++ a/arch/parisc/include/asm/mman.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_MMAN_H__ +#define __ASM_MMAN_H__ + +#include <uapi/asm/mman.h> + +/* PARISC cannot allow mdwe as it needs writable stacks */ +static inline bool arch_memory_deny_write_exec_supported(void) +{ + return false; +} +#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported + +#endif /* __ASM_MMAN_H__ */ --- a/include/linux/mman.h~prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch +++ a/include/linux/mman.h @@ -162,6 +162,14 @@ calc_vm_flag_bits(unsigned long flags) unsigned long vm_commit_limit(void); +#ifndef arch_memory_deny_write_exec_supported +static inline bool arch_memory_deny_write_exec_supported(void) +{ + return true; +} +#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported +#endif + /* * Denies creating a writable executable mapping or gaining executable permissions. * --- a/kernel/sys.c~prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch +++ a/kernel/sys.c @@ -2408,8 +2408,11 @@ static inline int prctl_set_mdwe(unsigne if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN)) return -EINVAL; - /* PARISC cannot allow mdwe as it needs writable stacks */ - if (IS_ENABLED(CONFIG_PARISC)) + /* + * EOPNOTSUPP might be more appropriate here in principle, but + * existing userspace depends on EINVAL specifically. + */ + if (!arch_memory_deny_write_exec_supported()) return -EINVAL; current_bits = get_current_mdwe(); _ Patches currently in -mm which might be from zev(a)bewilderbeest.net are prctl-generalize-pr_set_mdwe-support-check-to-be-per-arch.patch arm-prctl-reject-pr_set_mdwe-on-pre-armv6.patch

1 year, 7 months

1
0
0 0

[PATCH v2] serial: mxs-auart: add spinlock around changing cts state

by Emil Kronborg

The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...) Cc: stable(a)vger.kernel.org # v6.1+ Fixes: 4d90bb147ef6 ("serial: core: Document and assert lock requirements for irq helpers") Signed-off-by: Emil Kronborg <emil.kronborg(a)protonmail.com> --- Changes in v2: - Add more of the stack trace to show why the lock is necessary. Note that i removed some unrelated noise for unwinding, showing and dumping the stack trace. - Add Fixes tag. Note that this commit do not fix 4d90bb147ef6 ("serial: core: Document and assert lock requirements for irq helpers") as such, but it was the closest commit I could find that makes sense. - Cc stable. Commit b0af4bcb4946 ("serial: core: Provide port lock wrappers") is a prerequisite. Therefore, v6.1+. drivers/tty/serial/mxs-auart.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c index 4749331fe618..1e8853eae504 100644 --- a/drivers/tty/serial/mxs-auart.c +++ b/drivers/tty/serial/mxs-auart.c @@ -1086,11 +1086,13 @@ static void mxs_auart_set_ldisc(struct uart_port *port, static irqreturn_t mxs_auart_irq_handle(int irq, void *context) { - u32 istat; + u32 istat, stat; struct mxs_auart_port *s = context; u32 mctrl_temp = s->mctrl_prev; - u32 stat = mxs_read(s, REG_STAT); + uart_port_lock(&s->port); + + stat = mxs_read(s, REG_STAT); istat = mxs_read(s, REG_INTR); /* ack irq */ @@ -1126,6 +1128,8 @@ static irqreturn_t mxs_auart_irq_handle(int irq, void *context) istat &= ~AUART_INTR_TXIS; } + uart_port_unlock(&s->port); + return IRQ_HANDLED; } -- 2.44.0

1 year, 7 months

2
1
0 0

[PATCH] keys: Fix overwrite of key expiration on instantiation

by Silvio Gissi

The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry. Fixes: 39299bdd2546 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry") Signed-off-by: Silvio Gissi <sifonsec(a)amazon.com> cc: David Howells <dhowells(a)redhat.com> cc: Hazem Mohamed Abuelfotoh <abuehaze(a)amazon.com> cc: linux-afs(a)lists.infradead.org cc: linux-cifs(a)vger.kernel.org cc: keyrings(a)vger.kernel.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- security/keys/key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/keys/key.c b/security/keys/key.c index 560790038329..0aa5f01d16ff 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -463,7 +463,8 @@ static int __key_instantiate_and_link(struct key *key, if (authkey) key_invalidate(authkey); - key_set_expiry(key, prep->expiry); + if (prep->expiry != TIME64_MAX) + key_set_expiry(key, prep->expiry); } } -- 2.34.1

1 year, 7 months

2
2
0 0

[PATCH v3 2/5] Bluetooth: add quirk for broken address properties

by Johan Hovold

Some Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth devicetree bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. Add a new quirk that can be set on platforms with broken firmware and use it to reverse the address when parsing the property so that the underlying driver bug can be fixed. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- include/net/bluetooth/hci.h | 9 +++++++++ net/bluetooth/hci_sync.c | 5 ++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index bdee5d649cc6..191077d8d578 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -176,6 +176,15 @@ enum { */ HCI_QUIRK_USE_BDADDR_PROPERTY, + /* When this quirk is set, the Bluetooth Device Address provided by + * the 'local-bd-address' fwnode property is incorrectly specified in + * big-endian order. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_BDADDR_PROPERTY_BROKEN, + /* When this quirk is set, the duplicate filtering during * scanning is based on Bluetooth devices addresses. To allow * RSSI based updates, restart scanning if needed. diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 5716345a26df..283ae8edc1e5 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -3215,7 +3215,10 @@ static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev) if (ret < 0 || !bacmp(&ba, BDADDR_ANY)) return; - bacpy(&hdev->public_addr, &ba); + if (test_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks)) + baswap(&hdev->public_addr, &ba); + else + bacpy(&hdev->public_addr, &ba); } struct hci_init_stage { -- 2.43.2

1 year, 7 months

6
7
0 0

[PATCH RESEND 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

by Zev Weiss

[Resending as per Russell's request...] Hello, I noticed after a recent kernel update that my ARM926 system started segfaulting on any execve() after calling prctl(PR_SET_MDWE). After some investigation it appears that ARMv5 is incapable of providing the appropriate protections for MDWE, since any readable memory is also implicitly executable. (Note that I'm not an expert in either ARM arch details or the mm subsystem, so please bear with me if I've botched something in the above analysis.) The prctl_set_mdwe() function already had some special-case logic added disabling it on PARISC (commit 793838138c15, "prctl: Disable prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that check to use an arch_*() function, and (2) adds a corresponding override for ARM to disable MDWE on pre-ARMv6 CPUs. With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can succeed instead of unconditionally failing; on ARMv6 the prctl works as it did previously. Thanks, Zev [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ Zev Weiss (2): prctl: Generalize PR_SET_MDWE support check to be per-arch ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 arch/arm/include/asm/mman.h | 14 ++++++++++++++ arch/parisc/include/asm/mman.h | 14 ++++++++++++++ include/linux/mman.h | 8 ++++++++ kernel/sys.c | 7 +++++-- 4 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 arch/arm/include/asm/mman.h create mode 100644 arch/parisc/include/asm/mman.h -- 2.43.2

1 year, 7 months

3
5
0 0

[PATCH v3 3/5] Bluetooth: qca: fix device-address endianness

by Johan Hovold

The WCN6855 firmware on the Lenovo ThinkPad X13s expects the Bluetooth device address in big-endian order when setting it using the EDL_WRITE_BD_ADDR_OPCODE command. Presumably, this is the case for all non-ROME devices which all use the EDL_WRITE_BD_ADDR_OPCODE command for this (unlike the ROME devices which use a different command and expect the address in little-endian order). Reverse the little-endian address before setting it to make sure that the address can be configured using tools like btmgmt or using the 'local-bd-address' devicetree property. Note that this can potentially break systems with boot firmware which has started relying on the broken behaviour and is incorrectly passing the address via devicetree in big-endian order. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Cc: Matthias Kaehlcke <mka(a)chromium.org> Tested-by: Nikita Travkin <nikita(a)trvn.ru> # sc7180 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index b40b32fa7f1c..19cfc342fc7b 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -826,11 +826,15 @@ EXPORT_SYMBOL_GPL(qca_uart_setup); int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) { + bdaddr_t bdaddr_swapped; struct sk_buff *skb; int err; - skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, - HCI_EV_VENDOR, HCI_INIT_TIMEOUT); + baswap(&bdaddr_swapped, bdaddr); + + skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, + &bdaddr_swapped, HCI_EV_VENDOR, + HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { err = PTR_ERR(skb); bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); -- 2.43.2

1 year, 7 months

3
5
0 0

[PATCH v3 5/5] arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken

by Johan Hovold

Several Qualcomm Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. The boot firmware in SC7180 Trogdor Chromebooks is known to be affected so mark the 'local-bd-address' property as broken to maintain backwards compatibility with older firmware when fixing the underlying driver bug. Note that ChromeOS always updates the kernel and devicetree in lockstep so that there is no need to handle backwards compatibility with older devicetrees. Fixes: 7ec3e67307f8 ("arm64: dts: qcom: sc7180-trogdor: add initial trogdor and lazor dt") Cc: stable(a)vger.kernel.org # 5.10 Cc: Rob Clark <robdclark(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi index 46aaeba28604..ebe37678102f 100644 --- a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi @@ -943,6 +943,8 @@ bluetooth: bluetooth { vddrf-supply = <&pp1300_l2c>; vddch0-supply = <&pp3300_l10c>; max-speed = <3200000>; + + qcom,local-bd-address-broken; }; }; -- 2.43.2

1 year, 7 months

2
1
0 0

[PATCH 2/2] Bluetooth: qca: fix NULL-deref on non-serdev setup

by Johan Hovold

Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller. Fixes: e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support") Cc: stable(a)vger.kernel.org # 6.2 Cc: Zhengping Jiang <jiangzp(a)google.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 84f728943962..6a69a7f9ef64 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1960,8 +1960,10 @@ static int qca_setup(struct hci_uart *hu) qca_debugfs_init(hdev); hu->hdev->hw_error = qca_hw_error; hu->hdev->cmd_timeout = qca_cmd_timeout; - if (device_can_wakeup(hu->serdev->ctrl->dev.parent)) - hu->hdev->wakeup = qca_wakeup; + if (hu->serdev) { + if (device_can_wakeup(hu->serdev->ctrl->dev.parent)) + hu->hdev->wakeup = qca_wakeup; + } } else if (ret == -ENOENT) { /* No patch/nvm-config found, run with original fw/config */ set_bit(QCA_ROM_FW, &qca->flags); -- 2.43.2

1 year, 7 months

1
0
0 0

[PATCH 1/2] Bluetooth: qca: fix NULL-deref on non-serdev suspend

by Johan Hovold

Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend. Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support") that causes the crash to happen already at setup() time. Fixes: c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") Cc: stable(a)vger.kernel.org # 5.13 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index c73481c57741..84f728943962 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1672,6 +1672,9 @@ static bool qca_wakeup(struct hci_dev *hdev) struct hci_uart *hu = hci_get_drvdata(hdev); bool wakeup; + if (!hu->serdev) + return true; + /* BT SoC attached through the serial bus is handled by the serdev driver. * So we need to use the device handle of the serdev driver to get the * status of device may wakeup. -- 2.43.2

1 year, 7 months

1
0
0 0

[PATCH v3 4/5] Bluetooth: qca: add workaround for broken address properties

by Johan Hovold

Due to a long-standing bug in the Qualcomm Bluetooth driver, the device address has so far been reversed when configuring non-ROME controllers. This, in turn, has led to one vendor reversing the address that the boot firmware provides using the 'local-bd-address' devicetree property. The only device affected by this should be the WCN3991 used in some Chromebooks. As ChromeOS updates the kernel and devicetree in lockstep, the new 'qcom,local-bd-address-broken' property can be used to determine if the firmware is buggy so that the underlying driver bug can be fixed without breaking backwards compatibility. Set the HCI_QUIRK_BDADDR_PROPERTY_BROKEN quirk for such platforms so that the address is reversed when parsing the address property. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index f989c05f8177..c73481c57741 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -225,6 +225,7 @@ struct qca_serdev { struct qca_power *bt_power; u32 init_speed; u32 oper_speed; + bool bdaddr_property_broken; const char *firmware_name; }; @@ -1842,6 +1843,7 @@ static int qca_setup(struct hci_uart *hu) const char *firmware_name = qca_get_firmware_name(hu); int ret; struct qca_btsoc_version ver; + struct qca_serdev *qcadev; const char *soc_name; ret = qca_check_speeds(hu); @@ -1904,6 +1906,11 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6855: case QCA_WCN7850: set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + qcadev = serdev_device_get_drvdata(hu->serdev); + if (qcadev->bdaddr_property_broken) + set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); + hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); @@ -2284,6 +2291,9 @@ static int qca_serdev_probe(struct serdev_device *serdev) if (!qcadev->oper_speed) BT_DBG("UART will pick default operating speed"); + qcadev->bdaddr_property_broken = device_property_read_bool(&serdev->dev, + "qcom,local-bd-address-broken"); + if (data) qcadev->btsoc_type = data->soc_type; else -- 2.43.2

1 year, 7 months

1
0
0 0

Re: Patch "selftests: mptcp: explicitly trigger the listener diag code-path" has been added to the 6.7-stable tree

by Matthieu Baerts

Hi Sasha, On 19/03/2024 00:00, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > selftests: mptcp: explicitly trigger the listener diag code-path > > to the 6.7-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > selftests-mptcp-explicitly-trigger-the-listener-diag.patch > and it can be found in the queue-6.7 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I do :) > commit 02dc7e7327bc1a3551665745a40029cf96d6a8e6 > Author: Paolo Abeni <pabeni(a)redhat.com> > Date: Fri Feb 23 17:14:20 2024 +0100 > > selftests: mptcp: explicitly trigger the listener diag code-path > > [ Upstream commit b4b51d36bbaa3ddb93b3e1ca3a1ef0aa629d6521 ] I think something went wrong: this patch was not supposed to be added to both 6.6 and 6.7 queues: https://lore.kernel.org/stable/Zfg36tcGXUsZnJCh@sashalap/ Do you mind dropping them from both queues, please? Cheers, Matt -- Sponsored by the NGI0 Core fund.

1 year, 7 months

2
1
0 0

[PATCH v3 1/1] driver core: Keep the supplier fwnode consistent with the device

by Herve Codina

The commit 3a2dbc510c43 ("driver core: fw_devlink: Don't purge child fwnode's consumer links") introduces the possibility to use the supplier's parent device instead of the supplier itself. In that case the supplier fwnode used is not updated and is no more consistent with the supplier device used. Use the fwnode consistent with the supplier device when checking flags. Fixes: 3a2dbc510c43 ("driver core: fw_devlink: Don't purge child fwnode's consumer links") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- Changes v2 -> v3: Do not update the supplier handle in order to keep the original handle for debug traces. Changes v1 -> v2: Remove sup_handle check and related pr_debug() call as sup_handle cannot be invalid if sup_dev is valid. drivers/base/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 4d8b315c48a1..440b52ec027f 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -2082,7 +2082,7 @@ static int fw_devlink_create_devlink(struct device *con, * supplier device indefinitely. */ if (sup_dev->links.status == DL_DEV_NO_DRIVER && - sup_handle->flags & FWNODE_FLAG_INITIALIZED) { + sup_dev->fwnode->flags & FWNODE_FLAG_INITIALIZED) { dev_dbg(con, "Not linking %pfwf - dev might never probe\n", sup_handle); -- 2.41.0

1 year, 7 months

2
3
0 0

[REGRESSION] 6.7.1: md: raid5 hang and unresponsive system; successfully bisected

by Dan Moulding

After upgrading from 6.7.0 to 6.7.1 a couple of my systems with md RAID-5 arrays started experiencing hangs. It starts with some processes which write to the array getting stuck. The whole system eventually becomes unresponsive and unclean shutdown must be performed (poweroff and reboot don't work). While trying to diagnose the issue, I noticed that the md0_raid5 kernel thread consumes 100% CPU after the issue occurs. No relevant warnings or errors were found in dmesg. On 6.7.1, I can reproduce the issue somewhat reliably by copying a large amount of data to the array. I am unable to reproduce the issue at all on 6.7.0. The bisection was a bit difficult since I don't have a 100% reliable method to reproduce the problem, but with some perseverence I eventually managed to whittle it down to commit 0de40f76d567 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"). After reverting that commit (i.e. reapplying the reverted commit) on top of 6.7.1 I can no longer reproduce the problem at all. Some details that might be relevant: - Both systems are running MD RAID-5 with a journal device. - mdadm in monitor mode is always running on both systems. - Both systems were previously running 6.7.0 and earlier just fine. - The older of the two systems has been running a raid5 array without incident for many years (kernel going back to at least 5.1) -- this is the first raid5 issue it has encountered. Please let me know if there is any other helpful information that I might be able to provide. -- Dan #regzbot introduced: 0de40f76d567133b871cd6ad46bb87afbce46983

1 year, 7 months

9
52
0 0

[PATCH] ahci: asm1064: asm1166: don't limit reported ports

by Conrad Kostecki

Previously, patches have been added to limit the reported count of SATA ports for asm1064 and asm1166 SATA controllers, as those controllers do report more ports than physical having. Unfortunately, this causes trouble for users, which are using SATA controllers, which provide more ports through SATA PMP (Port-MultiPlier) and are now not any more recognized. This happens, as asm1064 and 1166 are handling SATA PMP transparently, so all non-physical ports needs to be enabled to use that feature. This patch reverts both patches for asm1064 and asm1166, so old behavior is restored and SATA PMP will work again, so all physical and non-physical ports will work again. Fixes: 0077a504e1a4 ("ahci: asm1166: correct count of reported ports") Fixes: 9815e3961754 ("ahci: asm1064: correct count of reported ports") Cc: stable(a)vger.kernel.org Reported-by: Matt <cryptearth(a)googlemail.com> Signed-off-by: Conrad Kostecki <conikost(a)gentoo.org> --- drivers/ata/ahci.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 78570684ff68..562302e2e57c 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -669,19 +669,6 @@ MODULE_PARM_DESC(mobile_lpm_policy, "Default LPM policy for mobile chipsets"); static void ahci_pci_save_initial_config(struct pci_dev *pdev, struct ahci_host_priv *hpriv) { - if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA) { - switch (pdev->device) { - case 0x1166: - dev_info(&pdev->dev, "ASM1166 has only six ports\n"); - hpriv->saved_port_map = 0x3f; - break; - case 0x1064: - dev_info(&pdev->dev, "ASM1064 has only four ports\n"); - hpriv->saved_port_map = 0xf; - break; - } - } - if (pdev->vendor == PCI_VENDOR_ID_JMICRON && pdev->device == 0x2361) { dev_info(&pdev->dev, "JMB361 has only one port\n"); hpriv->saved_port_map = 1; -- 2.44.0

1 year, 7 months

3
2
0 0

[PATCH v4 4/9] ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()

by Baokun Li

We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] Read of size 8 at addr ffff888121b9d0f0 by task kworker/u2:0/11 CPU: 0 PID: 11 Comm: kworker/u2:0 Tainted: GL 6.7.0-next-20240118 #521 Call Trace: dump_stack_lvl+0x2c/0x50 kasan_report+0xb6/0xf0 ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] ext4_mb_regular_allocator+0x19e9/0x2370 [ext4] ext4_mb_new_blocks+0x88a/0x1370 [ext4] ext4_ext_map_blocks+0x14f7/0x2390 [ext4] ext4_map_blocks+0x569/0xea0 [ext4] ext4_do_writepages+0x10f6/0x1bc0 [ext4] [...] ================================================================== The flow of issue triggering is as follows: // Set s_mb_group_prealloc to 2147483647 via sysfs ext4_mb_new_blocks ext4_mb_normalize_request ext4_mb_normalize_group_request ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc ext4_mb_regular_allocator ext4_mb_choose_next_group ext4_mb_choose_next_group_best_avail mb_avg_fragment_size_order order = fls(len) - 2 = 29 ext4_mb_find_good_group_avg_frag_lists frag_list = &sbi->s_mb_avg_fragment_size[order] if (list_empty(frag_list)) // Trigger SOOB! At 4k block size, the length of the s_mb_avg_fragment_size list is 14, but an oversized s_mb_group_prealloc is set, causing slab-out-of-bounds to be triggered by an attempt to access an element at index 29. Add a new attr_id attr_clusters_in_group with values in the range [0, sbi->s_clusters_per_group] and declare mb_group_prealloc as that type to fix the issue. In addition avoid returning an order from mb_avg_fragment_size_order() greater than MB_NUM_ORDERS(sb) and reduce some useless loops. Fixes: 7e170922f06b ("ext4: Add allocation criteria 1.5 (CR1_5)") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Ojaswin Mujoo <ojaswin(a)linux.ibm.com> --- fs/ext4/mballoc.c | 4 ++++ fs/ext4/sysfs.c | 13 ++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 12b3f196010b..dbf04f91516c 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -831,6 +831,8 @@ static int mb_avg_fragment_size_order(struct super_block *sb, ext4_grpblk_t len) return 0; if (order == MB_NUM_ORDERS(sb)) order--; + if (WARN_ON_ONCE(order > MB_NUM_ORDERS(sb))) + order = MB_NUM_ORDERS(sb) - 1; return order; } @@ -1008,6 +1010,8 @@ static void ext4_mb_choose_next_group_best_avail(struct ext4_allocation_context * goal length. */ order = fls(ac->ac_g_ex.fe_len) - 1; + if (WARN_ON_ONCE(order - 1 > MB_NUM_ORDERS(ac->ac_sb))) + order = MB_NUM_ORDERS(ac->ac_sb); min_order = order - sbi->s_mb_best_avail_max_trim_order; if (min_order < 0) min_order = 0; diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 7f455b5f22c0..ddd71673176c 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -29,6 +29,7 @@ typedef enum { attr_trigger_test_error, attr_first_error_time, attr_last_error_time, + attr_clusters_in_group, attr_feature, attr_pointer_ui, attr_pointer_ul, @@ -207,13 +208,14 @@ EXT4_ATTR_FUNC(sra_exceeded_retry_limit, 0444); EXT4_ATTR_OFFSET(inode_readahead_blks, 0644, inode_readahead, ext4_sb_info, s_inode_readahead_blks); +EXT4_ATTR_OFFSET(mb_group_prealloc, 0644, clusters_in_group, + ext4_sb_info, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(inode_goal, s_inode_goal); EXT4_RW_ATTR_SBI_UI(mb_stats, s_mb_stats); EXT4_RW_ATTR_SBI_UI(mb_max_to_scan, s_mb_max_to_scan); EXT4_RW_ATTR_SBI_UI(mb_min_to_scan, s_mb_min_to_scan); EXT4_RW_ATTR_SBI_UI(mb_order2_req, s_mb_order2_reqs); EXT4_RW_ATTR_SBI_UI(mb_stream_req, s_mb_stream_request); -EXT4_RW_ATTR_SBI_UI(mb_group_prealloc, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(mb_max_linear_groups, s_mb_max_linear_groups); EXT4_RW_ATTR_SBI_UI(extent_max_zeroout_kb, s_extent_max_zeroout_kb); EXT4_ATTR(trigger_fs_error, 0200, trigger_test_error); @@ -376,6 +378,7 @@ static ssize_t ext4_generic_attr_show(struct ext4_attr *a, switch (a->attr_id) { case attr_inode_readahead: + case attr_clusters_in_group: case attr_pointer_ui: if (a->attr_ptr == ptr_ext4_super_block_offset) return sysfs_emit(buf, "%u\n", le32_to_cpup(ptr)); @@ -455,6 +458,14 @@ static ssize_t ext4_generic_attr_store(struct ext4_attr *a, else *((unsigned int *) ptr) = t; return len; + case attr_clusters_in_group: + ret = kstrtouint(skip_spaces(buf), 0, &t); + if (ret) + return ret; + if (t > sbi->s_clusters_per_group) + return -EINVAL; + *((unsigned int *) ptr) = t; + return len; case attr_pointer_ul: ret = kstrtoul(skip_spaces(buf), 0, &lt); if (ret) -- 2.31.1

1 year, 7 months

1
0
0 0

[PATCH net v3] net: esp: fix bad handling of pages from page_pool

by Dragos Tatulea

When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. But if the skb fragment pages are originating from a page_pool, calling put_page on them will trigger a page_pool leak which will eventually result in a crash. This leak can be easily observed when using CONFIG_DEBUG_VM and doing ipsec + gre (non offloaded) forwarding: BUG: Bad page state in process ksoftirqd/16 pfn:1451b6 page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6 flags: 0x200000000000000(node=0|zone=2) page_type: 0xffffffff() raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000 raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000 page dumped because: page_pool leak Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core] CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x36/0x50 bad_page+0x70/0xf0 free_unref_page_prepare+0x27a/0x460 free_unref_page+0x38/0x120 esp_ssg_unref.isra.0+0x15f/0x200 esp_output_tail+0x66d/0x780 esp_xmit+0x2c5/0x360 validate_xmit_xfrm+0x313/0x370 ? validate_xmit_skb+0x1d/0x330 validate_xmit_skb_list+0x4c/0x70 sch_direct_xmit+0x23e/0x350 __dev_queue_xmit+0x337/0xba0 ? nf_hook_slow+0x3f/0xd0 ip_finish_output2+0x25e/0x580 iptunnel_xmit+0x19b/0x240 ip_tunnel_xmit+0x5fb/0xb60 ipgre_xmit+0x14d/0x280 [ip_gre] dev_hard_start_xmit+0xc3/0x1c0 __dev_queue_xmit+0x208/0xba0 ? nf_hook_slow+0x3f/0xd0 ip_finish_output2+0x1ca/0x580 ip_sublist_rcv_finish+0x32/0x40 ip_sublist_rcv+0x1b2/0x1f0 ? ip_rcv_finish_core.constprop.0+0x460/0x460 ip_list_rcv+0x103/0x130 __netif_receive_skb_list_core+0x181/0x1e0 netif_receive_skb_list_internal+0x1b3/0x2c0 napi_gro_receive+0xc8/0x200 gro_cell_poll+0x52/0x90 __napi_poll+0x25/0x1a0 net_rx_action+0x28e/0x300 __do_softirq+0xc3/0x276 ? sort_range+0x20/0x20 run_ksoftirqd+0x1e/0x30 smpboot_thread_fn+0xa6/0x130 kthread+0xcd/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x31/0x50 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK> The suggested fix is to introduce a new wrapper (skb_page_unref) that covers page refcounting for page_pool pages as well. Cc: stable(a)vger.kernel.org Fixes: 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling") Reported-and-tested-by: Anatoli N.Chechelnickiy <Anatoli.Chechelnickiy(a)m.interpipe.biz> Reported-by: Ian Kumlien <ian.kumlien(a)gmail.com> Link: https://lore.kernel.org/netdev/CAA85sZvvHtrpTQRqdaOx6gd55zPAVsqMYk_Lwh4Md5k… Signed-off-by: Dragos Tatulea <dtatulea(a)nvidia.com> Reviewed-by: Mina Almasry <almasrymina(a)google.com> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> --- Changes in v2: - Fixes in tags. Changes in v3: - Rebased to ipsec tree. --- include/linux/skbuff.h | 10 ++++++++++ net/ipv4/esp4.c | 8 ++++---- net/ipv6/esp6.c | 8 ++++---- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 2dde34c29203..d9a1ccfb5708 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -3448,6 +3448,16 @@ static inline void skb_frag_ref(struct sk_buff *skb, int f) bool napi_pp_put_page(struct page *page, bool napi_safe); +static inline void +skb_page_unref(const struct sk_buff *skb, struct page *page, bool napi_safe) +{ +#ifdef CONFIG_PAGE_POOL + if (skb->pp_recycle && napi_pp_put_page(page, napi_safe)) + return; +#endif + put_page(page); +} + static inline void napi_frag_unref(skb_frag_t *frag, bool recycle, bool napi_safe) { diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 4dd9e5040672..d33d12421814 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -95,7 +95,7 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead, __alignof__(struct scatterlist)); } -static void esp_ssg_unref(struct xfrm_state *x, void *tmp) +static void esp_ssg_unref(struct xfrm_state *x, void *tmp, struct sk_buff *skb) { struct crypto_aead *aead = x->data; int extralen = 0; @@ -114,7 +114,7 @@ static void esp_ssg_unref(struct xfrm_state *x, void *tmp) */ if (req->src != req->dst) for (sg = sg_next(req->src); sg; sg = sg_next(sg)) - put_page(sg_page(sg)); + skb_page_unref(skb, sg_page(sg), false); } #ifdef CONFIG_INET_ESPINTCP @@ -260,7 +260,7 @@ static void esp_output_done(void *data, int err) } tmp = ESP_SKB_CB(skb)->tmp; - esp_ssg_unref(x, tmp); + esp_ssg_unref(x, tmp, skb); kfree(tmp); if (xo && (xo->flags & XFRM_DEV_RESUME)) { @@ -639,7 +639,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * } if (sg != dsg) - esp_ssg_unref(x, tmp); + esp_ssg_unref(x, tmp, skb); if (!err && x->encap && x->encap->encap_type == TCP_ENCAP_ESPINTCP) err = esp_output_tail_tcp(x, skb); diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 6e6efe026cdc..7371886d4f9f 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -112,7 +112,7 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead, __alignof__(struct scatterlist)); } -static void esp_ssg_unref(struct xfrm_state *x, void *tmp) +static void esp_ssg_unref(struct xfrm_state *x, void *tmp, struct sk_buff *skb) { struct crypto_aead *aead = x->data; int extralen = 0; @@ -131,7 +131,7 @@ static void esp_ssg_unref(struct xfrm_state *x, void *tmp) */ if (req->src != req->dst) for (sg = sg_next(req->src); sg; sg = sg_next(sg)) - put_page(sg_page(sg)); + skb_page_unref(skb, sg_page(sg), false); } #ifdef CONFIG_INET6_ESPINTCP @@ -294,7 +294,7 @@ static void esp_output_done(void *data, int err) } tmp = ESP_SKB_CB(skb)->tmp; - esp_ssg_unref(x, tmp); + esp_ssg_unref(x, tmp, skb); kfree(tmp); esp_output_encap_csum(skb); @@ -677,7 +677,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info } if (sg != dsg) - esp_ssg_unref(x, tmp); + esp_ssg_unref(x, tmp, skb); if (!err && x->encap && x->encap->encap_type == TCP_ENCAP_ESPINTCP) err = esp_output_tail_tcp(x, skb); -- 2.42.0

1 year, 7 months

3
4
0 0

[PATCH] net/mlx5: offset comp irq index in name by one

by Michael Liang

The mlx5 comp irq name scheme is changed a little bit between commit 3663ad34bc70 ("net/mlx5: Shift control IRQ to the last index") and commit 3354822cde5a ("net/mlx5: Use dynamic msix vectors allocation"). The index in the comp irq name used to start from 0 but now it starts from 1. There is nothing critical here, but it's harmless to change back to the old behavior, a.k.a starting from 0. Fixes: 3354822cde5a ("net/mlx5: Use dynamic msix vectors allocation") Reviewed-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Reviewed-by: Yuanyuan Zhong <yzhong(a)purestorage.com> Signed-off-by: Michael Liang <mliang(a)purestorage.com> --- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c b/drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c index 4dcf995cb1a2..6bac8ad70ba6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c @@ -19,6 +19,7 @@ #define MLX5_IRQ_CTRL_SF_MAX 8 /* min num of vectors for SFs to be enabled */ #define MLX5_IRQ_VEC_COMP_BASE_SF 2 +#define MLX5_IRQ_VEC_COMP_BASE 1 #define MLX5_EQ_SHARE_IRQ_MAX_COMP (8) #define MLX5_EQ_SHARE_IRQ_MAX_CTRL (UINT_MAX) @@ -246,6 +247,7 @@ static void irq_set_name(struct mlx5_irq_pool *pool, char *name, int vecidx) return; } + vecidx -= MLX5_IRQ_VEC_COMP_BASE; snprintf(name, MLX5_MAX_IRQ_NAME, "mlx5_comp%d", vecidx); } @@ -585,7 +587,7 @@ struct mlx5_irq *mlx5_irq_request_vector(struct mlx5_core_dev *dev, u16 cpu, struct mlx5_irq_table *table = mlx5_irq_table_get(dev); struct mlx5_irq_pool *pool = table->pcif_pool; struct irq_affinity_desc af_desc; - int offset = 1; + int offset = MLX5_IRQ_VEC_COMP_BASE; if (!pool->xa_num_irqs.max) offset = 0; -- 2.34.1

1 year, 7 months

3
2
0 0

[PATCH 01/43] drm/fbdev-generic: Do not set physical framebuffer address

by Thomas Zimmermann

Framebuffer memory is allocated via vmalloc() from non-contiguous physical pages. The physical framebuffer start address is therefore meaningless. Do not set it. The value is not used within the kernel and only exported to userspace on dedicated ARM configs. No functional change is expected. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: a5b44c4adb16 ("drm/fbdev-generic: Always use shadow buffering") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Zack Rusin <zackr(a)vmware.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.4+ --- drivers/gpu/drm/drm_fbdev_generic.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_fbdev_generic.c b/drivers/gpu/drm/drm_fbdev_generic.c index d647d89764cb9..b4659cd6285ab 100644 --- a/drivers/gpu/drm/drm_fbdev_generic.c +++ b/drivers/gpu/drm/drm_fbdev_generic.c @@ -113,7 +113,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper, /* screen */ info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST; info->screen_buffer = screen_buffer; - info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer)); info->fix.smem_len = screen_size; /* deferred I/O */ -- 2.44.0

1 year, 7 months

5
7
0 0

[PATCH 3/7] KVM: SVM: Add support for allowing zero SEV ASIDs

by Paolo Bonzini

From: Ashish Kalra <ashish.kalra(a)amd.com> Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Link: https://lore.kernel.org/r/20240131235609.4161407-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> --- arch/x86/kvm/svm/sev.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index eeef43c795d8..5f8312edee36 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n", -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH 2/7] btrfs: reduce the log level for btrfs_dev_stat_inc_and_print()

by Qu Wenruo

Currently when we increase the device statistics, it would always lead to an error message in the kernel log. I would argue this behavior is not ideal: - It would flood the dmesg and bury real important messages One common scenario is scrub. If scrub hit some errors, it would cause both scrub and btrfs_dev_stat_inc_and_print() to print error messages. And in that case, btrfs_dev_stat_inc_and_print() is completely useless. - The results of btrfs_dev_stat_inc_and_print() is mostly for history monitoring, doesn't has enough details If we trigger the errors during regular read, such messages from btrfs_dev_stat_inc_and_print() won't help us to locate the cause either. The real usage for the btrfs device statistics is for some user space daemon to check if there is any new errors, acting like some checks on SMART, thus we don't really need/want those messages in dmesg. This patch would reduce the log level to debug (disabled by default) for btrfs_dev_stat_inc_and_print(). For users really want to utilize btrfs devices statistics, they should go check "btrfs device stats" periodically, and we should focus the kernel error messages to more important things. CC: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/volumes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index e49935a54da0..126145950ed3 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -7828,7 +7828,7 @@ void btrfs_dev_stat_inc_and_print(struct btrfs_device *dev, int index) if (!dev->dev_stats_valid) return; - btrfs_err_rl_in_rcu(dev->fs_info, + btrfs_debug_rl_in_rcu(dev->fs_info, "bdev %s errs: wr %u, rd %u, flush %u, corrupt %u, gen %u", btrfs_dev_name(dev), btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_WRITE_ERRS), -- 2.44.0

1 year, 7 months

3
3
0 0

+ mm-cachestat-fix-two-shmem-bugs.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: cachestat: fix two shmem bugs has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-cachestat-fix-two-shmem-bugs.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: cachestat: fix two shmem bugs Date: Fri, 15 Mar 2024 05:55:56 -0400 When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a poisoned swap entry in the shmem inode's xarray. Calling get_shadow_from_swap_cache() on it will result in an out-of-bounds access to swapper_spaces[]. Validate the entry with non_swap_entry() before going further. 2) When we find a valid swap entry in the shmem's inode, the shadow entry in the swapcache might not exist yet: swap IO is still in progress and we're before __remove_mapping; swapin, invalidation, or swapoff have removed the shadow from swapcache after we saw the shmem swap entry. This will send a NULL to workingset_test_recent(). The latter purely operates on pointer bits, so it won't crash - node 0, memcg ID 0, eviction timestamp 0, etc. are all valid inputs - but it's a bogus test. In theory that could result in a false "recently evicted" count. Such a false positive wouldn't be the end of the world. But for code clarity and (future) robustness, be explicit about this case. Bail on get_shadow_from_swap_cache() returning NULL. Link: https://lkml.kernel.org/r/20240315095556.GC581298@cmpxchg.org Fixes: cf264e1329fb ("cachestat: implement cachestat syscall") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Chengming Zhou <chengming.zhou(a)linux.dev> [Bug #1] Reported-by: Jann Horn <jannh(a)google.com> [Bug #2] Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) --- a/mm/filemap.c~mm-cachestat-fix-two-shmem-bugs +++ a/mm/filemap.c @@ -4197,7 +4197,23 @@ static void filemap_cachestat(struct add /* shmem file - in swap cache */ swp_entry_t swp = radix_to_swp_entry(folio); + /* swapin error results in poisoned entry */ + if (non_swap_entry(swp)) + goto resched; + + /* + * Getting a swap entry from the shmem + * inode means we beat + * shmem_unuse(). rcu_read_lock() + * ensures swapoff waits for us before + * freeing the swapper space. However, + * we can race with swapping and + * invalidation, so there might not be + * a shadow in the swapcache (yet). + */ shadow = get_shadow_from_swap_cache(swp); + if (!shadow) + goto resched; } #endif if (workingset_test_recent(shadow, true, &workingset)) _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-cachestat-fix-two-shmem-bugs.patch

1 year, 7 months

1
0
0 0

+ init-open-initrdimage-with-o_largefile.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: init: open /initrd.image with O_LARGEFILE has been added to the -mm mm-hotfixes-unstable branch. Its filename is init-open-initrdimage-with-o_largefile.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: John Sperbeck <jsperbeck(a)google.com> Subject: init: open /initrd.image with O_LARGEFILE Date: Sun, 17 Mar 2024 15:15:22 -0700 If initrd data is larger than 2Gb, we'll eventually fail to write to the /initrd.image file when we hit that limit, unless O_LARGEFILE is set. Link: https://lkml.kernel.org/r/20240317221522.896040-1-jsperbeck@google.com Signed-off-by: John Sperbeck <jsperbeck(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/initramfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/init/initramfs.c~init-open-initrdimage-with-o_largefile +++ a/init/initramfs.c @@ -682,7 +682,7 @@ static void __init populate_initrd_image printk(KERN_INFO "rootfs image is not initramfs (%s); looks like an initrd\n", err); - file = filp_open("/initrd.image", O_WRONLY | O_CREAT, 0700); + file = filp_open("/initrd.image", O_WRONLY|O_CREAT|O_LARGEFILE, 0700); if (IS_ERR(file)) return; _ Patches currently in -mm which might be from jsperbeck(a)google.com are init-open-initrdimage-with-o_largefile.patch

1 year, 7 months

1
0
0 0

[PATCH v5] btrfs: do not skip re-registration for the mounted device

by Anand Jain

There are reports that since version 6.7 update-grub fails to find the device of the root on systems without initrd and on a single device. This looks like the device name changed in the output of /proc/self/mountinfo: 6.5-rc5 working 18 1 0:16 / / rw,noatime - btrfs /dev/sda8 ... 6.7 not working: 17 1 0:15 / / rw,noatime - btrfs /dev/root ... and "update-grub" shows this error: /usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?) This looks like it's related to the device name, but grub-probe recognizes the "/dev/root" path and tries to find the underlying device. However there's a special case for some filesystems, for btrfs in particular. The generic root device detection heuristic is not done and it all relies on reading the device infos by a btrfs specific ioctl. This ioctl returns the device name as it was saved at the time of device scan (in this case it's /dev/root). The change in 6.7 for temp_fsid to allow several single device filesystem to exist with the same fsid (and transparently generate a new UUID at mount time) was to skip caching/registering such devices. This also skipped mounted device. One step of scanning is to check if the device name hasn't changed, and if yes then update the cached value. This broke the grub-probe as it always read the device /dev/root and couldn't find it in the system. A temporary workaround is to create a symlink but this does not survive reboot. The right fix is to allow updating the device path of a mounted filesystem even if this is a single device one. In the fix, check if the device's major:minor number matches with the cached device. If they do, then we can allow the scan to happen so that device_list_add() can take care of updating the device path. The file descriptor remains unchanged. This does not affect the temp_fsid feature, the UUID of the mounted filesystem remains the same and the matching is based on device major:minor which is unique per mounted filesystem. This covers the path when the device (that exists for all mounted devices) name changes, updating /dev/root to /dev/sdx. Any other single device with filesystem and is not mounted is still skipped. Note that if a system is booted and initial mount is done on the /dev/root device, this will be the cached name of the device. Only after the command "btrfs device scan" it will change as it triggers the rename. The fix was verified by users whose systems were affected. CC: stable(a)vger.kernel.org # 6.7+ Fixes: bc27d6f0aa0e ("btrfs: scan but don't register device on single device filesystem") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=218353 Link: https://lore.kernel.org/lkml/CAKLYgeJ1tUuqLcsquwuFqjDXPSJpEiokrWK2gisPKDZLs… Tested-by: Alex Romosan <aromosan(a)gmail.com> Tested-by: CHECK_1234543212345(a)protonmail.com Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Anand Jain <anand.jain(a)oracle.com> --- v5: Fix the linux-next build failure reported here: https://lore.kernel.org/all/20240318091755.1d0f696f@canb.auug.org.au/ As the Linux-next branch no longer has the this commit, I've sent out the entire patch again. v4: (based on mainline master) I removed CC: stable(a)vger.kernel.org # 6.7+ as this is still in the RFC stage. I need this patch verified by the bug filer. Use devt from bdev->bd_dev Rebased on mainline kernel.org master branch v3: https://lore.kernel.org/linux-btrfs/e2add8d54fbbd813305ba014c11d21d297ad87d… fs/btrfs/volumes.c | 58 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index a2d07fa3cfdf..813c1c66b2db 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -1303,6 +1303,47 @@ int btrfs_forget_devices(dev_t devt) return ret; } +static bool btrfs_skip_registration(struct btrfs_super_block *disk_super, + const char *path, dev_t devt, + bool mount_arg_dev) +{ + struct btrfs_fs_devices *fs_devices; + + /* + * Do not skip device registration for mounted devices with matching + * maj:min but different paths. Booting without initrd relies on + * /dev/root initially, later replaced with the actual root device. + * A successful scan ensures update-grub selects the correct device. + */ + list_for_each_entry(fs_devices, &fs_uuids, fs_list) { + struct btrfs_device *device; + + mutex_lock(&fs_devices->device_list_mutex); + + if (!fs_devices->opened) { + mutex_unlock(&fs_devices->device_list_mutex); + continue; + } + + list_for_each_entry(device, &fs_devices->devices, dev_list) { + if ((device->devt == devt) && + strcmp(device->name->str, path)) { + mutex_unlock(&fs_devices->device_list_mutex); + + /* Do not skip registration */ + return false; + } + } + mutex_unlock(&fs_devices->device_list_mutex); + } + + if (!mount_arg_dev && btrfs_super_num_devices(disk_super) == 1 && + !(btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_SEEDING)) + return true; + + return false; +} + /* * Look for a btrfs signature on a device. This may be called out of the mount path * and we are not allowed to call set_blocksize during the scan. The superblock @@ -1320,6 +1361,7 @@ struct btrfs_device *btrfs_scan_one_device(const char *path, blk_mode_t flags, struct btrfs_device *device = NULL; struct file *bdev_file; u64 bytenr, bytenr_orig; + dev_t devt; int ret; lockdep_assert_held(&uuid_mutex); @@ -1359,19 +1401,13 @@ struct btrfs_device *btrfs_scan_one_device(const char *path, blk_mode_t flags, goto error_bdev_put; } - if (!mount_arg_dev && btrfs_super_num_devices(disk_super) == 1 && - !(btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_SEEDING)) { - dev_t devt; + devt = file_bdev(bdev_file)->bd_dev; + if (btrfs_skip_registration(disk_super, path, devt, mount_arg_dev)) { + pr_debug("BTRFS: skip registering single non-seed device %s (%d:%d)\n", + path, MAJOR(devt), MINOR(devt)); - ret = lookup_bdev(path, &devt); - if (ret) - btrfs_warn(NULL, "lookup bdev failed for path %s: %d", - path, ret); - else - btrfs_free_stale_devices(devt, NULL); + btrfs_free_stale_devices(devt, NULL); - pr_debug("BTRFS: skip registering single non-seed device %s (%d:%d)\n", - path, MAJOR(devt), MINOR(devt)); device = NULL; goto free_disk_super; } -- 2.38.1

1 year, 7 months

3
2
0 0

[PATCH] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The perf stat errors out with UNC_CHA_TOR_INSERTS.IA_HIT_CXL_ACC_LOCAL event. $perf stat -e uncore_cha_55/event=0x35,umask=0x10c0008101/ -a -- ls event syntax error: '..0x35,umask=0x10c0008101/' \___ Bad event or PMU The definition of the CHA umask is config:8-15,32-55, which is 32bit. However, the umask of the event is bigger than 32bit. This is an error in the original uncore spec. Add a new umask_ext5 for the new CHA umask range. Fixes: 949b11381f81 ("perf/x86/intel/uncore: Add Sapphire Rapids server CHA support") Closes: https://lore.kernel.org/linux-perf-users/alpine.LRH.2.20.2401300733310.1135… Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/uncore_snbep.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index a96496bef678..7924f315269a 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -461,6 +461,7 @@ #define SPR_UBOX_DID 0x3250 /* SPR CHA */ +#define SPR_CHA_EVENT_MASK_EXT 0xffffffff #define SPR_CHA_PMON_CTL_TID_EN (1 << 16) #define SPR_CHA_PMON_EVENT_MASK (SNBEP_PMON_RAW_EVENT_MASK | \ SPR_CHA_PMON_CTL_TID_EN) @@ -477,6 +478,7 @@ DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55"); +DEFINE_UNCORE_FORMAT_ATTR(umask_ext5, umask, "config:8-15,32-63"); DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16"); DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18"); DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19"); @@ -5957,7 +5959,7 @@ static struct intel_uncore_ops spr_uncore_chabox_ops = { static struct attribute *spr_uncore_cha_formats_attr[] = { &format_attr_event.attr, - &format_attr_umask_ext4.attr, + &format_attr_umask_ext5.attr, &format_attr_tid_en2.attr, &format_attr_edge.attr, &format_attr_inv.attr, @@ -5993,7 +5995,7 @@ ATTRIBUTE_GROUPS(uncore_alias); static struct intel_uncore_type spr_uncore_chabox = { .name = "cha", .event_mask = SPR_CHA_PMON_EVENT_MASK, - .event_mask_ext = SPR_RAW_EVENT_MASK_EXT, + .event_mask_ext = SPR_CHA_EVENT_MASK_EXT, .num_shared_regs = 1, .constraints = skx_uncore_chabox_constraints, .ops = &spr_uncore_chabox_ops, -- 2.35.1

1 year, 7 months

3
2
0 0

[PATCH AUTOSEL 5.10 1/7] btrfs: add and use helper to check if block group is used

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 1693d5442c458ae8d5b0d58463b873cd879569ed ] Add a helper function to determine if a block group is being used and make use of it at btrfs_delete_unused_bgs(). This helper will also be used in future code changes. Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/block-group.c | 3 +-- fs/btrfs/block-group.h | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index c4e3c1a5de059..9a7c7e0f7c233 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1393,8 +1393,7 @@ void btrfs_delete_unused_bgs(struct btrfs_fs_info *fs_info) } spin_lock(&block_group->lock); - if (block_group->reserved || block_group->pinned || - block_group->used || block_group->ro || + if (btrfs_is_block_group_used(block_group) || block_group->ro || list_is_singular(&block_group->list)) { /* * We want to bail if we made new allocations or have diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index 4c7614346f724..0d02b75f9e7e3 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -196,6 +196,13 @@ static inline u64 btrfs_block_group_end(struct btrfs_block_group *block_group) return (block_group->start + block_group->length); } +static inline bool btrfs_is_block_group_used(const struct btrfs_block_group *bg) +{ + lockdep_assert_held(&bg->lock); + + return (bg->used > 0 || bg->reserved > 0 || bg->pinned > 0); +} + static inline bool btrfs_is_block_group_data_only( struct btrfs_block_group *block_group) { -- 2.43.0

1 year, 7 months

3
9
0 0

[PATCH] net: dsa: mt7530: prevent possible incorrect XTAL frequency selection

by Arınç ÜNAL via B4 Relay

From: Arınç ÜNAL <arinc.unal(a)arinc9.com> commit f490c492e946d8ffbe65ad4efc66de3c5ede30a4 upstream. On MT7530, the HT_XTAL_FSEL field of the HWTRAP register stores a 2-bit value that represents the frequency of the crystal oscillator connected to the switch IC. The field is populated by the state of the ESW_P4_LED_0 and ESW_P4_LED_0 pins, which is done right after reset is deasserted. ESW_P4_LED_0 ESW_P3_LED_0 Frequency ----------------------------------------- 0 0 Reserved 0 1 20MHz 1 0 40MHz 1 1 25MHz On MT7531, the XTAL25 bit of the STRAP register stores this. The LAN0LED0 pin is used to populate the bit. 25MHz when the pin is high, 40MHz when it's low. These pins are also used with LEDs, therefore, their state can be set to something other than the bootstrapping configuration. For example, a link may be established on port 3 before the DSA subdriver takes control of the switch which would set ESW_P3_LED_0 to high. Currently on mt7530_setup() and mt7531_setup(), 1000 - 1100 usec delay is described between reset assertion and deassertion. Some switch ICs in real life conditions cannot always have these pins set back to the bootstrapping configuration before reset deassertion in this amount of delay. This causes wrong crystal frequency to be selected which puts the switch in a nonfunctional state after reset deassertion. The tests below are conducted on an MT7530 with a 40MHz crystal oscillator by Justin Swartz. With a cable from an active peer connected to port 3 before reset, an incorrect crystal frequency (0b11 = 25MHz) is selected: [1] [3] [5] : : : _____________________________ __________________ ESW_P4_LED_0 |_______| _____________________________ ESW_P3_LED_0 |__________________________ : : : : : : [4]...: : : [2]................: [1] Reset is asserted. [2] Period of 1000 - 1100 usec. [3] Reset is deasserted. [4] Period of 315 usec. HWTRAP register is populated with incorrect XTAL frequency. [5] Signals reflect the bootstrapped configuration. Increase the delay between reset_control_assert() and reset_control_deassert(), and gpiod_set_value_cansleep(priv->reset, 0) and gpiod_set_value_cansleep(priv->reset, 1) to 5000 - 5100 usec. This amount ensures a higher possibility that the switch IC will have these pins back to the bootstrapping configuration before reset deassertion. With a cable from an active peer connected to port 3 before reset, the correct crystal frequency (0b10 = 40MHz) is selected: [1] [2-1] [3] [5] : : : : _____________________________ __________________ ESW_P4_LED_0 |_______| ___________________ _______ ESW_P3_LED_0 |_________| |__________________ : : : : : : [2-2]...: [4]...: [2]................: [1] Reset is asserted. [2] Period of 5000 - 5100 usec. [2-1] ESW_P3_LED_0 goes low. [2-2] Remaining period of 5000 - 5100 usec. [3] Reset is deasserted. [4] Period of 310 usec. HWTRAP register is populated with bootstrapped XTAL frequency. [5] Signals reflect the bootstrapped configuration. ESW_P3_LED_0 low period before reset deassertion: 5000 usec - 5100 usec TEST RESET HOLD # (usec) --------------------- 1 5410 2 5440 3 4375 4 5490 5 5475 6 4335 7 4370 8 5435 9 4205 10 4335 11 3750 12 3170 13 4395 14 4375 15 3515 16 4335 17 4220 18 4175 19 4175 20 4350 Min 3170 Max 5490 Median 4342.500 Avg 4466.500 Fixes: b8f126a8d543 ("net-next: dsa: add dsa support for Mediatek MT7530 switch") Fixes: c288575f7810 ("net: dsa: mt7530: Add the support of MT7531 switch") Co-developed-by: Justin Swartz <justin.swartz(a)risingedge.co.za> Signed-off-by: Justin Swartz <justin.swartz(a)risingedge.co.za> Signed-off-by: Arınç ÜNAL <arinc.unal(a)arinc9.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- Hi. I've adjusted the patch to suit stable trees by removing the last paragraph on the patch log. This is an important patch that should be backported to stable releases. Please apply to 6.8, 6.7, 6.6, 6.1, and 5.15 stable trees. --- drivers/net/dsa/mt7530.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c index 3c1f657593a8..9c9a592c053e 100644 --- a/drivers/net/dsa/mt7530.c +++ b/drivers/net/dsa/mt7530.c @@ -2243,11 +2243,11 @@ mt7530_setup(struct dsa_switch *ds) */ if (priv->mcm) { reset_control_assert(priv->rstc); - usleep_range(1000, 1100); + usleep_range(5000, 5100); reset_control_deassert(priv->rstc); } else { gpiod_set_value_cansleep(priv->reset, 0); - usleep_range(1000, 1100); + usleep_range(5000, 5100); gpiod_set_value_cansleep(priv->reset, 1); } @@ -2449,11 +2449,11 @@ mt7531_setup(struct dsa_switch *ds) */ if (priv->mcm) { reset_control_assert(priv->rstc); - usleep_range(1000, 1100); + usleep_range(5000, 5100); reset_control_deassert(priv->rstc); } else { gpiod_set_value_cansleep(priv->reset, 0); - usleep_range(1000, 1100); + usleep_range(5000, 5100); gpiod_set_value_cansleep(priv->reset, 1); } --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240318-b4-for-stable-f486c9ff8d86 Best regards, -- Arınç ÜNAL <arinc.unal(a)arinc9.com>

1 year, 7 months

1
0
0 0

[PATCH AUTOSEL 6.7 01/26] media: Revert "media: rkisp1: Drop IRQF_SHARED"

by Sasha Levin

From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> [ Upstream commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d ] This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index f96f821a7b50d..acc559652d6eb 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret); -- 2.43.0

1 year, 7 months

3
28
0 0

[REGRESSION] linux 6.6.18 and later fails to boot with "initramfs unpacking failed: invalid magic at start of compressed archive"

by Radek Podgorny

hi, i seem to be the only one in the world to have this problem. :-( on one of my machines, updating to 6.6.18 and later (including mainline branch) leads to unbootable system. all other computers are unaffected. bisecting the history leads to: commit 8117961d98fb2d335ab6de2cad7afb8b6171f5fe Author: Ard Biesheuvel <ardb(a)kernel.org> Date: Tue Sep 12 09:00:53 2023 +0000 x86/efi: Disregard setup header of loaded image commit 7e50262229faad0c7b8c54477cd1c883f31cc4a7 upstream. The native EFI entrypoint does not take a struct boot_params from the loader, but instead, it constructs one from scratch, using the setup header data placed at the start of the image. This setup header is placed in a way that permits legacy loaders to manipulate the contents (i.e., to pass the kernel command line or the address and size of an initial ramdisk), but EFI boot does not use it in that way - it only copies the contents that were placed there at build time, but EFI loaders will not (and should not) manipulate the setup header to configure the boot. (Commit 63bf28ceb3ebbe76 "efi: x86: Wipe setup_data on pure EFI boot" deals with some of the fallout of using setup_data in a way that breaks EFI boot.) Given that none of the non-zero values that are copied from the setup header into the EFI stub's struct boot_params are relevant to the boot now that the EFI stub no longer enters via the legacy decompressor, the copy can be omitted altogether. Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20230912090051.4014114-19-ardb@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> this seems to be the commit to introduce the regression. i have no idea where to look and what information to provide to explain what the problem might be or why this single machine is different. :-( please don't hesitate to ask me further questions - i can do any debugging you may need on your behalf. sincerely, R. #regzbot introduced: 8117961d98fb2d335ab6de2cad7afb8b6171f5fe

1 year, 7 months

2
13
0 0

[PATCH AUTOSEL 6.1 01/12] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 7 months

4
18
0 0

[PATCH AUTOSEL 4.19 1/4] x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h

by Sasha Levin

From: Hou Tao <houtao1(a)huawei.com> [ Upstream commit ee0e39a63b78849f8abbef268b13e4838569f646 ] Move is_vsyscall_vaddr() into asm/vsyscall.h to make it available for copy_from_kernel_nofault_allowed() in arch/x86/mm/maccess.c. Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Signed-off-by: Hou Tao <houtao1(a)huawei.com> Link: https://lore.kernel.org/r/20240202103935.3154011-2-houtao@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/include/asm/vsyscall.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h index b986b2ca688a0..8154b25cb975a 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -4,6 +4,7 @@ #include <linux/seqlock.h> #include <uapi/asm/vsyscall.h> +#include <asm/page_types.h> #ifdef CONFIG_X86_VSYSCALL_EMULATION extern void map_vsyscall(void); @@ -22,4 +23,13 @@ static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) } #endif +/* + * The (legacy) vsyscall page is the long page in the kernel portion + * of the address space that has user-accessible permissions. + */ +static inline bool is_vsyscall_vaddr(unsigned long vaddr) +{ + return unlikely((vaddr & PAGE_MASK) == VSYSCALL_ADDR); +} + #endif /* _ASM_X86_VSYSCALL_H */ -- 2.43.0

1 year, 7 months

2
5
0 0

[PATCH AUTOSEL 6.7 01/23] regulator: max5970: Fix regulator child node name

by Sasha Levin

From: Naresh Solanki <naresh.solanki(a)9elements.com> [ Upstream commit e5d40e9afd84cec01cdbbbfe62d52f89959ab3ee ] Update regulator child node name to lower case i.e., sw0 & sw1 as descibed in max5970 dt binding. Signed-off-by: Naresh Solanki <naresh.solanki(a)9elements.com> Link: https://msgid.link/r/20240213145801.2564518-1-naresh.solanki@9elements.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/max5970-regulator.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/regulator/max5970-regulator.c b/drivers/regulator/max5970-regulator.c index 830a1c4cd7057..8bbcd983a74aa 100644 --- a/drivers/regulator/max5970-regulator.c +++ b/drivers/regulator/max5970-regulator.c @@ -29,8 +29,8 @@ struct max5970_regulator { }; enum max597x_regulator_id { - MAX597X_SW0, - MAX597X_SW1, + MAX597X_sw0, + MAX597X_sw1, }; static int max5970_read_adc(struct regmap *regmap, int reg, long *val) @@ -378,8 +378,8 @@ static int max597x_dt_parse(struct device_node *np, } static const struct regulator_desc regulators[] = { - MAX597X_SWITCH(SW0, MAX5970_REG_CHXEN, 0, "vss1"), - MAX597X_SWITCH(SW1, MAX5970_REG_CHXEN, 1, "vss2"), + MAX597X_SWITCH(sw0, MAX5970_REG_CHXEN, 0, "vss1"), + MAX597X_SWITCH(sw1, MAX5970_REG_CHXEN, 1, "vss2"), }; static int max597x_regmap_read_clear(struct regmap *map, unsigned int reg, -- 2.43.0

1 year, 7 months

4
27
0 0

[PATCH v2 4/4] Bluetooth: qca: fix wcn3991 'local-bd-address' endianness

by Johan Hovold

Due to a long-standing bug in the Qualcomm Bluetooth driver, the device address has so far been reversed when configuring the controller. This has led to one vendor reversing the address provided by the boot firmware using the 'local-bd-address' devicetree property. The only device affected by this should be the WCN3991 used in some Chromebooks. The corresponding compatible string has now been deprecated so that the underlying driver bug can be fixed without breaking backwards compatibility. Set the HCI_QUIRK_BDADDR_PROPERTY_BROKEN quirk for the deprecated compatible string and add the new 'qcom,wcn3991-bt-bdaddr-le' string to the match table for boot firmware that conforms with the binding. Fixes: 7d250a062f75 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC WCN3991") Cc: stable(a)vger.kernel.org # 5.10 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index f989c05f8177..346274fe66d8 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1904,6 +1904,16 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6855: case QCA_WCN7850: set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + if (soc_type == QCA_WCN3991) { + struct device *dev = GET_HCIDEV_DEV(hdev); + + if (device_is_compatible(dev, "qcom,wcn3991-bt")) { + set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, + &hdev->quirks); + } + } + hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); @@ -2597,6 +2607,7 @@ static const struct of_device_id qca_bluetooth_of_match[] = { { .compatible = "qcom,wcn3988-bt", .data = &qca_soc_data_wcn3988}, { .compatible = "qcom,wcn3990-bt", .data = &qca_soc_data_wcn3990}, { .compatible = "qcom,wcn3991-bt", .data = &qca_soc_data_wcn3991}, + { .compatible = "qcom,wcn3991-bt-bdaddr-le", .data = &qca_soc_data_wcn3991}, { .compatible = "qcom,wcn3998-bt", .data = &qca_soc_data_wcn3998}, { .compatible = "qcom,wcn6750-bt", .data = &qca_soc_data_wcn6750}, { .compatible = "qcom,wcn6855-bt", .data = &qca_soc_data_wcn6855}, -- 2.43.2

1 year, 7 months

1
0
0 0

[PATCH v2 3/4] Bluetooth: qca: fix device-address endianness

by Johan Hovold

The WCN6855 firmware on the Lenovo ThinkPad X13s expects the Bluetooth device address in big-endian order when setting it using the EDL_WRITE_BD_ADDR_OPCODE command. Presumably, this is the case for all non-ROME devices which all use the EDL_WRITE_BD_ADDR_OPCODE command for this (unlike the ROME devices which use a different command and expect the address in little-endian order). Reverse the little-endian address before setting it to make sure that the address can be configured using tools like btmgmt or using the 'local-bd-address' devicetree property. Note that this can potentially break systems with boot firmware which has started relying on the broken behaviour and is incorrectly passing the address via devicetree in big-endian order. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Cc: Matthias Kaehlcke <mka(a)chromium.org> Tested-by: Nikita Travkin <nikita(a)trvn.ru> # sc7180 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index b40b32fa7f1c..19cfc342fc7b 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -826,11 +826,15 @@ EXPORT_SYMBOL_GPL(qca_uart_setup); int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) { + bdaddr_t bdaddr_swapped; struct sk_buff *skb; int err; - skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, - HCI_EV_VENDOR, HCI_INIT_TIMEOUT); + baswap(&bdaddr_swapped, bdaddr); + + skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, + &bdaddr_swapped, HCI_EV_VENDOR, + HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { err = PTR_ERR(skb); bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); -- 2.43.2

1 year, 7 months

1
0
0 0

[PATCH v2 2/4] Bluetooth: add quirk for broken address properties

by Johan Hovold

Some Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth devicetree bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some bootloaders have been providing the address in big-endian order instead. Add a new quirk that can be used to mark deprecated compatible strings that expect such broken devicetree properties and use it to reverse the address when parsing the property so that the underlying driver bug can be fixed. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- include/net/bluetooth/hci.h | 10 ++++++++++ net/bluetooth/hci_sync.c | 5 ++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index bdee5d649cc6..556cffed5698 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -176,6 +176,16 @@ enum { */ HCI_QUIRK_USE_BDADDR_PROPERTY, + /* When this quirk is set, the Bluetooth Device Address provided by + * the 'local-bd-address' fwnode property is incorrectly specified in + * big-endian order. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback and must only be used for + * deprecated compatible strings. + */ + HCI_QUIRK_BDADDR_PROPERTY_BROKEN, + /* When this quirk is set, the duplicate filtering during * scanning is based on Bluetooth devices addresses. To allow * RSSI based updates, restart scanning if needed. diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 5716345a26df..283ae8edc1e5 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -3215,7 +3215,10 @@ static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev) if (ret < 0 || !bacmp(&ba, BDADDR_ANY)) return; - bacpy(&hdev->public_addr, &ba); + if (test_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks)) + baswap(&hdev->public_addr, &ba); + else + bacpy(&hdev->public_addr, &ba); } struct hci_init_stage { -- 2.43.2

1 year, 7 months

1
0
0 0

[PATCH] drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed()

by Jonathon Hall

Since commit 0c65dc062611 ("drm/i915/jsl: s/JSL/JASPERLAKE for platform/subplatform defines"), boot freezes on a Jasper Lake tablet (Librem 11), usually with graphical corruption on the eDP display, but sometimes just a black screen. This commit was included in 6.6 and later. That commit was intended to refactor EHL and JSL macros, but the change to ehl_combo_pll_div_frac_wa_needed() started matching JSL incorrectly when it was only intended to match EHL. It replaced: return ((IS_PLATFORM(i915, INTEL_ELKHARTLAKE) && IS_JSL_EHL_DISPLAY_STEP(i915, STEP_B0, STEP_FOREVER)) || with: return (((IS_ELKHARTLAKE(i915) || IS_JASPERLAKE(i915)) && IS_DISPLAY_STEP(i915, STEP_B0, STEP_FOREVER)) || Remove IS_JASPERLAKE() to fix the regression. Signed-off-by: Jonathon Hall <jonathon.hall(a)puri.sm> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c index ef57dad1a9cb..57a97880dcb3 100644 --- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c +++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c @@ -2509,7 +2509,7 @@ static void icl_wrpll_params_populate(struct skl_wrpll_params *params, static bool ehl_combo_pll_div_frac_wa_needed(struct drm_i915_private *i915) { - return (((IS_ELKHARTLAKE(i915) || IS_JASPERLAKE(i915)) && + return ((IS_ELKHARTLAKE(i915) && IS_DISPLAY_STEP(i915, STEP_B0, STEP_FOREVER)) || IS_TIGERLAKE(i915) || IS_ALDERLAKE_S(i915) || IS_ALDERLAKE_P(i915)) && i915->display.dpll.ref_clks.nssc == 38400; -- 2.39.2

1 year, 7 months

2
2
0 0

[PATCH v3] clocksource: timer-riscv: Clear timer interrupt on timer initialization

by Ley Foon Tan

In the RISC-V specification, the stimecmp register doesn't have a default value. To prevent the timer interrupt from being triggered during timer initialization, clear the timer interrupt by writing stimecmp with a maximum value. Fixes: 9f7a8ff6391f ("RISC-V: Prefer sstc extension if available") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ley Foon Tan <leyfoon.tan(a)starfivetech.com> --- v3: Resolved comment from Samuel Holland. - Function riscv_clock_event_stop() needs to be called before clockevents_config_and_register(), move riscv_clock_event_stop(). v2: Resolved comments from Anup. - Moved riscv_clock_event_stop() to riscv_timer_starting_cpu(). - Added Fixes tag --- drivers/clocksource/timer-riscv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/clocksource/timer-riscv.c b/drivers/clocksource/timer-riscv.c index e66dcbd66566..79bb9a98baa7 100644 --- a/drivers/clocksource/timer-riscv.c +++ b/drivers/clocksource/timer-riscv.c @@ -108,6 +108,9 @@ static int riscv_timer_starting_cpu(unsigned int cpu) { struct clock_event_device *ce = per_cpu_ptr(&riscv_clock_event, cpu); + /* Clear timer interrupt */ + riscv_clock_event_stop(); + ce->cpumask = cpumask_of(cpu); ce->irq = riscv_clock_event_irq; if (riscv_timer_cannot_wake_cpu) -- 2.43.0

1 year, 7 months

5
4
0 0

[PATCH] floppy: remove duplicated code, unlock_fdc() function has the same code "do_floppy = NULL" inside.

by Yufeng Wang

Cc: stable(a)vger.kernel.org Signed-off-by: Yufeng Wang <wangyufeng(a)kylinos.cn> --- drivers/block/floppy.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c index 1b399ec8c07d..25c9d85667f1 100644 --- a/drivers/block/floppy.c +++ b/drivers/block/floppy.c @@ -2787,7 +2787,6 @@ static void redo_fd_request(void) pending = set_next_request(); spin_unlock_irq(&floppy_lock); if (!pending) { - do_floppy = NULL; unlock_fdc(); return; } -- 2.34.1

1 year, 7 months

2
1
0 0

[PATCH] floppy: remove duplicated code, unlock_fdc() function has the same code "do_floppy = NULL" inside.

by Yufeng Wang

Cc: stable(a)vger.kernel.org Signed-off-by: Yufeng Wang <wangyufeng(a)kylinos.cn> --- drivers/block/floppy.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c index 1b399ec8c07d..25c9d85667f1 100644 --- a/drivers/block/floppy.c +++ b/drivers/block/floppy.c @@ -2787,7 +2787,6 @@ static void redo_fd_request(void) pending = set_next_request(); spin_unlock_irq(&floppy_lock); if (!pending) { - do_floppy = NULL; unlock_fdc(); return; } -- 2.34.1

1 year, 7 months

2
1
0 0

[PATCH 6.8 1/1] mei: vsc: Don't use sleeping condition in wait_event_timeout()

by Sakari Ailus

commit b8b19acfafdeacbedd4e2795cb18c81c4d8bb6cc upstream. vsc_tp_wakeup_request() called wait_event_timeout() with gpiod_get_value_cansleep() which may sleep, and does so as the implementation is that of gpio-ljca. Move the GPIO state check outside the call. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Tested-and-Reviewed-by: Wentong Wu <wentong.wu(a)intel.com> Link: https://lore.kernel.org/r/20240219195807.517742-3-sakari.ailus@linux.intel.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> --- drivers/misc/mei/vsc-tp.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/misc/mei/vsc-tp.c b/drivers/misc/mei/vsc-tp.c index 55f7db490d3b..03486bebae09 100644 --- a/drivers/misc/mei/vsc-tp.c +++ b/drivers/misc/mei/vsc-tp.c @@ -25,7 +25,8 @@ #define VSC_TP_ROM_BOOTUP_DELAY_MS 10 #define VSC_TP_ROM_XFER_POLL_TIMEOUT_US (500 * USEC_PER_MSEC) #define VSC_TP_ROM_XFER_POLL_DELAY_US (20 * USEC_PER_MSEC) -#define VSC_TP_WAIT_FW_ASSERTED_TIMEOUT (2 * HZ) +#define VSC_TP_WAIT_FW_POLL_TIMEOUT (2 * HZ) +#define VSC_TP_WAIT_FW_POLL_DELAY_US (20 * USEC_PER_MSEC) #define VSC_TP_MAX_XFER_COUNT 5 #define VSC_TP_PACKET_SYNC 0x31 @@ -101,13 +102,15 @@ static int vsc_tp_wakeup_request(struct vsc_tp *tp) gpiod_set_value_cansleep(tp->wakeupfw, 0); ret = wait_event_timeout(tp->xfer_wait, - atomic_read(&tp->assert_cnt) && - gpiod_get_value_cansleep(tp->wakeuphost), - VSC_TP_WAIT_FW_ASSERTED_TIMEOUT); + atomic_read(&tp->assert_cnt), + VSC_TP_WAIT_FW_POLL_TIMEOUT); if (!ret) return -ETIMEDOUT; - return 0; + return read_poll_timeout(gpiod_get_value_cansleep, ret, ret, + VSC_TP_WAIT_FW_POLL_DELAY_US, + VSC_TP_WAIT_FW_POLL_TIMEOUT, false, + tp->wakeuphost); } static void vsc_tp_wakeup_release(struct vsc_tp *tp) -- 2.39.2

1 year, 7 months

1
0
0 0

[PATCH AUTOSEL 6.6 01/17] regulator: max5970: Fix regulator child node name

by Sasha Levin

From: Naresh Solanki <naresh.solanki(a)9elements.com> [ Upstream commit e5d40e9afd84cec01cdbbbfe62d52f89959ab3ee ] Update regulator child node name to lower case i.e., sw0 & sw1 as descibed in max5970 dt binding. Signed-off-by: Naresh Solanki <naresh.solanki(a)9elements.com> Link: https://msgid.link/r/20240213145801.2564518-1-naresh.solanki@9elements.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/max5970-regulator.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/regulator/max5970-regulator.c b/drivers/regulator/max5970-regulator.c index 5c2d49ae332fb..4362f332f746b 100644 --- a/drivers/regulator/max5970-regulator.c +++ b/drivers/regulator/max5970-regulator.c @@ -28,8 +28,8 @@ struct max5970_regulator { }; enum max597x_regulator_id { - MAX597X_SW0, - MAX597X_SW1, + MAX597X_sw0, + MAX597X_sw1, }; static int max597x_uvp_ovp_check_mode(struct regulator_dev *rdev, int severity) @@ -251,8 +251,8 @@ static int max597x_dt_parse(struct device_node *np, } static const struct regulator_desc regulators[] = { - MAX597X_SWITCH(SW0, MAX5970_REG_CHXEN, 0, "vss1"), - MAX597X_SWITCH(SW1, MAX5970_REG_CHXEN, 1, "vss2"), + MAX597X_SWITCH(sw0, MAX5970_REG_CHXEN, 0, "vss1"), + MAX597X_SWITCH(sw1, MAX5970_REG_CHXEN, 1, "vss2"), }; static int max597x_regmap_read_clear(struct regmap *map, unsigned int reg, -- 2.43.0

1 year, 7 months

2
18
0 0

[PATCH AUTOSEL 6.7 01/14] arm64: tegra: Set the correct PHY mode for MGBE

by Sasha Levin

From: Thierry Reding <treding(a)nvidia.com> [ Upstream commit 4c892121d43bc2b45896ca207b54f39a8fa6b852 ] The PHY is configured in 10GBASE-R, so make sure to reflect that in DT. Reviewed-by: Jon Hunter <jonathanh(a)nvidia.com> Tested-by: Jon Hunter <jonathanh(a)nvidia.com> Signed-off-by: Thierry Reding <treding(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/arm64/boot/dts/nvidia/tegra234-p3737-0000+p3701-0000.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra234-p3737-0000+p3701-0000.dts b/arch/arm64/boot/dts/nvidia/tegra234-p3737-0000+p3701-0000.dts index ea13c4a7027c4..81a82933e3500 100644 --- a/arch/arm64/boot/dts/nvidia/tegra234-p3737-0000+p3701-0000.dts +++ b/arch/arm64/boot/dts/nvidia/tegra234-p3737-0000+p3701-0000.dts @@ -175,7 +175,7 @@ status = "okay"; phy-handle = <&mgbe0_phy>; - phy-mode = "usxgmii"; + phy-mode = "10gbase-r"; mdio { #address-cells = <1>; -- 2.43.0

1 year, 7 months

2
15
0 0

[PATCH v4 3/5] PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p

by Johan Hovold

Commit 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") started enabling ASPM unconditionally when the hardware claims to support it. This triggers Correctable Errors for some PCIe devices on machines like the Lenovo ThinkPad X13s when L0s is enabled, which could indicate an incomplete driver ASPM implementation or that the hardware does in fact not support L0s. This has now been confirmed by Qualcomm to be the case for sc8280xp and its derivate platforms (e.g. sa8540p and sa8295p). Specifically, the PHY configuration used on these platforms is not correctly tuned for L0s and there is currently no updated configuration available. Add a new flag to the driver configuration data and use it to disable ASPM L0s on sc8280xp, sa8540p and sa8295p for now. Note that only the 1.9.0 ops enable ASPM currently. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pci/controller/dwc/pcie-qcom.c | 31 ++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 2ce2a3bd932b..9f83a1611a20 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -229,6 +229,7 @@ struct qcom_pcie_ops { struct qcom_pcie_cfg { const struct qcom_pcie_ops *ops; + bool no_l0s; }; struct qcom_pcie { @@ -272,6 +273,26 @@ static int qcom_pcie_start_link(struct dw_pcie *pci) return 0; } +static void qcom_pcie_clear_aspm_l0s(struct dw_pcie *pci) +{ + struct qcom_pcie *pcie = to_qcom_pcie(pci); + u16 offset; + u32 val; + + if (!pcie->cfg->no_l0s) + return; + + offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); + + dw_pcie_dbi_ro_wr_en(pci); + + val = readl(pci->dbi_base + offset + PCI_EXP_LNKCAP); + val &= ~PCI_EXP_LNKCAP_ASPM_L0S; + writel(val, pci->dbi_base + offset + PCI_EXP_LNKCAP); + + dw_pcie_dbi_ro_wr_dis(pci); +} + static void qcom_pcie_clear_hpc(struct dw_pcie *pci) { u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); @@ -961,6 +982,7 @@ static int qcom_pcie_init_2_7_0(struct qcom_pcie *pcie) static int qcom_pcie_post_init_2_7_0(struct qcom_pcie *pcie) { + qcom_pcie_clear_aspm_l0s(pcie->pci); qcom_pcie_clear_hpc(pcie->pci); return 0; @@ -1358,6 +1380,11 @@ static const struct qcom_pcie_cfg cfg_2_9_0 = { .ops = &ops_2_9_0, }; +static const struct qcom_pcie_cfg cfg_sc8280xp = { + .ops = &ops_1_9_0, + .no_l0s = true, +}; + static const struct dw_pcie_ops dw_pcie_ops = { .link_up = qcom_pcie_link_up, .start_link = qcom_pcie_start_link, @@ -1629,11 +1656,11 @@ static const struct of_device_id qcom_pcie_match[] = { { .compatible = "qcom,pcie-ipq8074-gen3", .data = &cfg_2_9_0 }, { .compatible = "qcom,pcie-msm8996", .data = &cfg_2_3_2 }, { .compatible = "qcom,pcie-qcs404", .data = &cfg_2_4_0 }, - { .compatible = "qcom,pcie-sa8540p", .data = &cfg_1_9_0 }, + { .compatible = "qcom,pcie-sa8540p", .data = &cfg_sc8280xp }, { .compatible = "qcom,pcie-sa8775p", .data = &cfg_1_9_0}, { .compatible = "qcom,pcie-sc7280", .data = &cfg_1_9_0 }, { .compatible = "qcom,pcie-sc8180x", .data = &cfg_1_9_0 }, - { .compatible = "qcom,pcie-sc8280xp", .data = &cfg_1_9_0 }, + { .compatible = "qcom,pcie-sc8280xp", .data = &cfg_sc8280xp }, { .compatible = "qcom,pcie-sdm845", .data = &cfg_2_7_0 }, { .compatible = "qcom,pcie-sdx55", .data = &cfg_1_9_0 }, { .compatible = "qcom,pcie-sm8150", .data = &cfg_1_9_0 }, -- 2.43.0

1 year, 7 months

3
2
0 0

[PATCH v0 0/2] Fix LPSS clock divider for XPS 9530, 6.7.y backport

by Aleksandrs Vinarskis

This is a backport of recently upstreamed fix for XPS 9530 sound issue. Changes wouldn't apply cleanly, and were backported manually to 6.7.y. Ideally should be applied to all branches where upstream commit d110858a6925827609d11db8513d76750483ec06 exists (6.8.y) or was backported (6.7.y) as it adds initial yet incomplete support for this laptop. Signed-off-by: Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> Aleksandrs Vinarskis (2): mfd: intel-lpss: Switch to generalized quirk table mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 drivers/mfd/intel-lpss-pci.c | 28 ++++++++++++++++++++-------- drivers/mfd/intel-lpss.c | 9 ++++++++- drivers/mfd/intel-lpss.h | 14 +++++++++++++- 3 files changed, 41 insertions(+), 10 deletions(-) -- 2.40.1

1 year, 7 months

3
4
0 0

[PATCH 00/11] drm: Only try to set formats supported by the hardware

by Frej Drejhammar

When userland uses DRM_IOCTL_MODE_ADDFB to add a framebuffer, the DRM subsystem tries to find a pixel format from the supplied depth and bpp-values. It does this by calling drm_driver_legacy_fb_format(). Unfortunately drm_driver_legacy_fb_format() can return formats not supported by the underlying hardware. This series of patches remedies this problem in patch 1. In order to use the same logic for determining the pixel format, when a fbdev adds a framebuffer as userland does, patches 2 to 11 migrates fbdev users of drm_mode_legacy_fb_format() to drm_driver_legacy_fb_format(). This series has been tested with the nouveau and modesetting drivers on a NVIDIA NV96, the modesetting driver on Beagleboard Black, and with the Intel and modesetting drivers on an Intel HD Graphics 4000 chipset. This is an evolved version of the changes proposed in "drm: Don't return unsupported formats in drm_mode_legacy_fb_format" [1] following the suggestions of Thomas Zimmermann. Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Alim Akhtar <alim.akhtar(a)samsung.com> Cc: amd-gfx(a)lists.freedesktop.org Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: David Airlie <airlied(a)gmail.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Cc: dri-devel(a)lists.freedesktop.org Cc: freedreno(a)lists.freedesktop.org Cc: intel-gfx(a)lists.freedesktop.org Cc: intel-xe(a)lists.freedesktop.org Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-arm-msm(a)vger.kernel.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: linux-tegra(a)vger.kernel.org Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: "Maíra Canal" <mcanal(a)igalia.com> Cc: Marijn Suijten <marijn.suijten(a)somainline.org> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> Cc: Rob Clark <robdclark(a)gmail.com> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Sean Paul <sean(a)poorly.run> Cc: stable(a)vger.kernel.org Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Cc: "Ville Syrjälä" <ville.syrjala(a)linux.intel.com> [1] https://lore.kernel.org/all/20240310152803.3315-1-frej.drejhammar@gmail.com/ Frej Drejhammar (11): drm: Only return supported formats from drm_driver_legacy_fb_format drm/fbdev_generic: Use drm_driver_legacy_fb_format() for fbdev drm/armada: Use drm_driver_legacy_fb_format() for fbdev drm/exynos: Use drm_driver_legacy_fb_format() for fbdev drm/gma500: Use drm_driver_legacy_fb_format() for fbdev drm/i915: Use drm_driver_legacy_fb_format() for fbdev drm/msm: Use drm_driver_legacy_fb_format() for fbdev drm/omapdrm: Use drm_driver_legacy_fb_format() for fbdev drm/radeon: Use drm_driver_legacy_fb_format() for fbdev drm/tegra: Use drm_driver_legacy_fb_format() for fbdev drm/xe: Use drm_driver_legacy_fb_format() for fbdev drivers/gpu/drm/armada/armada_fbdev.c | 5 +- drivers/gpu/drm/drm_fb_helper.c | 2 +- drivers/gpu/drm/drm_fbdev_dma.c | 4 +- drivers/gpu/drm/drm_fbdev_generic.c | 4 +- drivers/gpu/drm/drm_fourcc.c | 83 +++++++++++++++++++ drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 6 +- drivers/gpu/drm/gma500/fbdev.c | 2 +- drivers/gpu/drm/i915/display/intel_fbdev_fb.c | 6 +- drivers/gpu/drm/msm/msm_fbdev.c | 4 +- drivers/gpu/drm/omapdrm/omap_fbdev.c | 6 +- drivers/gpu/drm/radeon/radeon_fbdev.c | 6 +- drivers/gpu/drm/tegra/fbdev.c | 5 +- drivers/gpu/drm/xe/display/intel_fbdev_fb.c | 5 +- 13 files changed, 119 insertions(+), 19 deletions(-) base-commit: 119b225f01e4d3ce974cd3b4d982c76a380c796d -- 2.44.0

1 year, 7 months

1
1
0 0

[PATCH] firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails

by Gabor Juhos

There are several functions which are calling qcom_scm_bw_enable() then returns immediately if the call fails and leaves the clocks enabled. Change the code of these functions to disable clocks when the qcom_scm_bw_enable() call fails. This also fixes a possible dma buffer leak in the qcom_scm_pas_init_image() function. Compile tested only due to lack of hardware with interconnect support. Cc: stable(a)vger.kernel.org Fixes: 65b7ebda5028 ("firmware: qcom_scm: Add bw voting support to the SCM interface") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Based on v6.8-rc7. Note: Removing the two empty lines from qcom_scm_pas_init_image() and fomr qcom_scm_pas_shutdown() functions is intentional to make those consistent with the other two functions. --- drivers/firmware/qcom/qcom_scm.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 520de9b5633ab..e8460626fb0c4 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -569,13 +569,14 @@ int qcom_scm_pas_init_image(u32 peripheral, const void *metadata, size_t size, ret = qcom_scm_bw_enable(); if (ret) - return ret; + goto disable_clk; desc.args[1] = mdata_phys; ret = qcom_scm_call(__scm->dev, &desc, &res); - qcom_scm_bw_disable(); + +disable_clk: qcom_scm_clk_disable(); out: @@ -637,10 +638,12 @@ int qcom_scm_pas_mem_setup(u32 peripheral, phys_addr_t addr, phys_addr_t size) ret = qcom_scm_bw_enable(); if (ret) - return ret; + goto disable_clk; ret = qcom_scm_call(__scm->dev, &desc, &res); qcom_scm_bw_disable(); + +disable_clk: qcom_scm_clk_disable(); return ret ? : res.result[0]; @@ -672,10 +675,12 @@ int qcom_scm_pas_auth_and_reset(u32 peripheral) ret = qcom_scm_bw_enable(); if (ret) - return ret; + goto disable_clk; ret = qcom_scm_call(__scm->dev, &desc, &res); qcom_scm_bw_disable(); + +disable_clk: qcom_scm_clk_disable(); return ret ? : res.result[0]; @@ -706,11 +711,12 @@ int qcom_scm_pas_shutdown(u32 peripheral) ret = qcom_scm_bw_enable(); if (ret) - return ret; + goto disable_clk; ret = qcom_scm_call(__scm->dev, &desc, &res); - qcom_scm_bw_disable(); + +disable_clk: qcom_scm_clk_disable(); return ret ? : res.result[0]; --- base-commit: 90d35da658da8cff0d4ecbb5113f5fac9d00eb72 change-id: 20240304-qcom-scm-disable-clk-08e7ad853fa1 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 7 months

5
8
0 0

[PATCH v4] soc: qcom: mdt_loader: Add Upperbounds check for program header access

by Auditya Bhattaram

hash_index is evaluated by looping phdrs till QCOM_MDT_TYPE_HASH is found. Add an upperbound check to phdrs to access within elf size. Fixes: 64fb5eb87d58 ("soc: qcom: mdt_loader: Allow hash to reside in any segment") Cc: <stable(a)vger.kernel.org> Signed-off-by: Auditya Bhattaram <quic_audityab(a)quicinc.com> Acked-by: Mukesh Ojha <quic_mojha(a)quicinc.com> --- Changes in v4: - Added additional prints incase of Invalid access. Link to v3 https://lore.kernel.org/stable/1c91c653-cebe-4407-bdd6-cfc73b64c0fb@quicinc… Link to v2 https://lore.kernel.org/linux-arm-msm/9773d189-c896-d5c5-804c-e086c24987b4@… Link to v1 https://lore.kernel.org/linux-arm-msm/5d7a3b97-d840-4863-91a0-32c1d8e7532f@… --- drivers/soc/qcom/mdt_loader.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index 6f177e46fa0f..1a79a7bba468 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -145,6 +143,13 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len, if (phdrs[0].p_type == PT_LOAD) return ERR_PTR(-EINVAL); + if (((size_t)(phdrs + ehdr->e_phnum)) > ((size_t)ehdr + fw->size)) { + dev_err(dev, + "Invalid phdrs access for fw: %s, e_phnum: %u, fw->size: %zu\n", + fw_name, ehdr->e_phnum, fw->size); + return ERR_PTR(-EINVAL); + } + for (i = 1; i < ehdr->e_phnum; i++) { if ((phdrs[i].p_flags & QCOM_MDT_TYPE_MASK) == QCOM_MDT_TYPE_HASH) { hash_segment = i; -- 2.17.1

1 year, 7 months

2
4
0 0

[PATCH 5.10/5.15] io_uring: fix registered files leak

by Fedor Pchelkin

No upstream commit exists for this patch. Backport of commit 705318a99a13 ("io_uring/af_unix: disable sending io_uring over sockets") introduced registered files leaks in 5.10/5.15 stable branches when CONFIG_UNIX is enabled. The 5.10/5.15 backports removed io_sqe_file_register() calls from io_install_fixed_file() and __io_sqe_files_update() so that newly added files aren't passed to UNIX-related skbs and thus can't be put during unregistering process. Skbs in the ring socket receive queue are released but there is no skb having reference to the newly updated file. In other words, when CONFIG_UNIX is enabled there would be no fput() when files are unregistered for the corresponding fget() from io_install_fixed_file() and __io_sqe_files_update(). Drop several code paths related to SCM_RIGHTS as a partial change from commit 6e5e6d274956 ("io_uring: drop any code related to SCM_RIGHTS"). This code is useless in stable branches now, too, but is causing leaks in 5.10/5.15. As stated above, the affected code was removed in upstream by commit 6e5e6d274956 ("io_uring: drop any code related to SCM_RIGHTS"). Fresher stables from 6.1 have io_file_need_scm() stub function which usage is effectively equivalent to dropping most of SCM-related code. 5.4 seems not to be affected with this problem since SCM-related functions have been dropped there by the backport-patch. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 705318a99a13 ("io_uring/af_unix: disable sending io_uring over sockets") Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- I feel io_uring-SCM related code should be dropped entirely from the stable branches as the backports already differ greatly between versions and some parts are still kept, some have been dropped in a non-consistent order. Though this might contradict with stable kernel rules or be inappropriate for some other reason. io_uring/io_uring.c | 177 -------------------------------------------- 1 file changed, 177 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 936abc6ee450..6ad078a3bf30 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -62,7 +62,6 @@ #include <linux/net.h> #include <net/sock.h> #include <net/af_unix.h> -#include <net/scm.h> #include <linux/anon_inodes.h> #include <linux/sched/mm.h> #include <linux/uaccess.h> @@ -7989,15 +7988,6 @@ static void io_free_file_tables(struct io_file_table *table) static void __io_sqe_files_unregister(struct io_ring_ctx *ctx) { -#if defined(CONFIG_UNIX) - if (ctx->ring_sock) { - struct sock *sock = ctx->ring_sock->sk; - struct sk_buff *skb; - - while ((skb = skb_dequeue(&sock->sk_receive_queue)) != NULL) - kfree_skb(skb); - } -#else int i; for (i = 0; i < ctx->nr_user_files; i++) { @@ -8007,7 +7997,6 @@ static void __io_sqe_files_unregister(struct io_ring_ctx *ctx) if (file) fput(file); } -#endif io_free_file_tables(&ctx->file_table); io_rsrc_data_free(ctx->file_data); ctx->file_data = NULL; @@ -8159,170 +8148,10 @@ static struct io_sq_data *io_get_sq_data(struct io_uring_params *p, return sqd; } -#if defined(CONFIG_UNIX) -/* - * Ensure the UNIX gc is aware of our file set, so we are certain that - * the io_uring can be safely unregistered on process exit, even if we have - * loops in the file referencing. - */ -static int __io_sqe_files_scm(struct io_ring_ctx *ctx, int nr, int offset) -{ - struct sock *sk = ctx->ring_sock->sk; - struct scm_fp_list *fpl; - struct sk_buff *skb; - int i, nr_files; - - fpl = kzalloc(sizeof(*fpl), GFP_KERNEL); - if (!fpl) - return -ENOMEM; - - skb = alloc_skb(0, GFP_KERNEL); - if (!skb) { - kfree(fpl); - return -ENOMEM; - } - - skb->sk = sk; - skb->scm_io_uring = 1; - - nr_files = 0; - fpl->user = get_uid(current_user()); - for (i = 0; i < nr; i++) { - struct file *file = io_file_from_index(ctx, i + offset); - - if (!file) - continue; - fpl->fp[nr_files] = get_file(file); - unix_inflight(fpl->user, fpl->fp[nr_files]); - nr_files++; - } - - if (nr_files) { - fpl->max = SCM_MAX_FD; - fpl->count = nr_files; - UNIXCB(skb).fp = fpl; - skb->destructor = unix_destruct_scm; - refcount_add(skb->truesize, &sk->sk_wmem_alloc); - skb_queue_head(&sk->sk_receive_queue, skb); - - for (i = 0; i < nr; i++) { - struct file *file = io_file_from_index(ctx, i + offset); - - if (file) - fput(file); - } - } else { - kfree_skb(skb); - free_uid(fpl->user); - kfree(fpl); - } - - return 0; -} - -/* - * If UNIX sockets are enabled, fd passing can cause a reference cycle which - * causes regular reference counting to break down. We rely on the UNIX - * garbage collection to take care of this problem for us. - */ -static int io_sqe_files_scm(struct io_ring_ctx *ctx) -{ - unsigned left, total; - int ret = 0; - - total = 0; - left = ctx->nr_user_files; - while (left) { - unsigned this_files = min_t(unsigned, left, SCM_MAX_FD); - - ret = __io_sqe_files_scm(ctx, this_files, total); - if (ret) - break; - left -= this_files; - total += this_files; - } - - if (!ret) - return 0; - - while (total < ctx->nr_user_files) { - struct file *file = io_file_from_index(ctx, total); - - if (file) - fput(file); - total++; - } - - return ret; -} -#else -static int io_sqe_files_scm(struct io_ring_ctx *ctx) -{ - return 0; -} -#endif - static void io_rsrc_file_put(struct io_ring_ctx *ctx, struct io_rsrc_put *prsrc) { struct file *file = prsrc->file; -#if defined(CONFIG_UNIX) - struct sock *sock = ctx->ring_sock->sk; - struct sk_buff_head list, *head = &sock->sk_receive_queue; - struct sk_buff *skb; - int i; - - __skb_queue_head_init(&list); - - /* - * Find the skb that holds this file in its SCM_RIGHTS. When found, - * remove this entry and rearrange the file array. - */ - skb = skb_dequeue(head); - while (skb) { - struct scm_fp_list *fp; - - fp = UNIXCB(skb).fp; - for (i = 0; i < fp->count; i++) { - int left; - - if (fp->fp[i] != file) - continue; - - unix_notinflight(fp->user, fp->fp[i]); - left = fp->count - 1 - i; - if (left) { - memmove(&fp->fp[i], &fp->fp[i + 1], - left * sizeof(struct file *)); - } - fp->count--; - if (!fp->count) { - kfree_skb(skb); - skb = NULL; - } else { - __skb_queue_tail(&list, skb); - } - fput(file); - file = NULL; - break; - } - - if (!file) - break; - - __skb_queue_tail(&list, skb); - - skb = skb_dequeue(head); - } - - if (skb_peek(&list)) { - spin_lock_irq(&head->lock); - while ((skb = __skb_dequeue(&list)) != NULL) - __skb_queue_tail(head, skb); - spin_unlock_irq(&head->lock); - } -#else fput(file); -#endif } static void __io_rsrc_put_work(struct io_rsrc_node *ref_node) @@ -8433,12 +8262,6 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg, io_fixed_file_set(io_fixed_file_slot(&ctx->file_table, i), file); } - ret = io_sqe_files_scm(ctx); - if (ret) { - __io_sqe_files_unregister(ctx); - return ret; - } - io_rsrc_node_switch(ctx, NULL); return ret; out_fput: -- 2.44.0

1 year, 7 months

3
11
0 0

[PATCH stable-6.7] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free

by Johan Hovold

commit b979f2d50a099f3402418d7ff5f26c3952fb08bb upstream. A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit'] Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: <stable(a)vger.kernel.org> # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240217150228.5788-4-johan+l… [ johan: backport to 6.7 which does not have DRM aux bridge ] Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/soc/qcom/pmic_glink_altmode.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index ad922f0dca6b..a890fafdafb8 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -469,12 +469,6 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->bridge.ops = DRM_BRIDGE_OP_HPD; alt_port->bridge.type = DRM_MODE_CONNECTOR_DisplayPort; - ret = devm_drm_bridge_add(dev, &alt_port->bridge); - if (ret) { - fwnode_handle_put(fwnode); - return ret; - } - alt_port->dp_alt.svid = USB_TYPEC_DP_SID; alt_port->dp_alt.mode = USB_TYPEC_DP_MODE; alt_port->dp_alt.active = 1; @@ -525,6 +519,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->altmode) + continue; + + ret = devm_drm_bridge_add(dev, &alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback, -- 2.43.0

1 year, 7 months

2
1
0 0

[PATCH v5.15 0/2] v5.15 backports for CVE-2023-52447

by Robert Kolchmeyer

Hi all, This patch series includes backports for the changes that fix CVE-2023-52447. Commit e6c86c513f44 ("rcu-tasks: Provide rcu_trace_implies_rcu_gp()") applied cleanly. Commit 876673364161 ("bpf: Defer the free of inner map when necessary") had one significant conflict, which was due to missing commit 8d5a8011b35d ("bpf: Batch call_rcu callbacks instead of SLAB_TYPESAFE_BY_RCU."). The conflict was because of the switch to queue_work() from schedule_work() in __bpf_map_put(). From what I can tell, the switch to queue_work() from schedule_work() isn't relevant in the context of this bug, so I resolved the conflict by keeping schedule_work() and not including 8d5a8011b35d ("bpf: Batch call_rcu callbacks instead of SLAB_TYPESAFE_BY_RCU."). I also noticed that commit a6fb03a9c9c8 ("bpf: add percpu stats for bpf_map elements insertions/deletions") is tagged as a stable dependency of commit 876673364161. However, I don't see the functions and fields added in that patch used at all in commit 876673364161. This patch was backported to linux-6.1.y, but a `git grep` seems to show that `bpf_map_init_elem_count` is never referenced in linux-6.1.y. It seems to me that this patch is not actually a dependency of commit 876673364161, so I didn't include it in this backport. I ran the selftests added in commit 1624918be84a ("selftests/bpf: Add test cases for inner map"), and they passed with no KASAN warnings. However, I did not manage to find a kernel on which these tests did generate a KASAN warning, so the test result may not be very meaningful. Apart from that, my typical build+boot test passed. Hou Tao (1): bpf: Defer the free of inner map when necessary Paul E. McKenney (1): rcu-tasks: Provide rcu_trace_implies_rcu_gp() include/linux/bpf.h | 7 ++++++- include/linux/rcupdate.h | 12 ++++++++++++ kernel/bpf/map_in_map.c | 11 ++++++++--- kernel/bpf/syscall.c | 26 ++++++++++++++++++++++++-- kernel/rcu/tasks.h | 2 ++ 5 files changed, 52 insertions(+), 6 deletions(-) -- 2.44.0.278.ge034bb2e1d-goog

1 year, 7 months

2
3
0 0

2 md/raid fixes

by Khazhy Kumykov

Please take the following 2 commits from 6.5 to 6.1-LTS. They're already present in 5.10, 5.15, but seemingly were missed from 6.1. They apply cleanly and compile for me. 873f50ece41a ("md: fix data corruption for raid456 when reshape restart while grow up") 010444623e7f ("md/raid10: prevent soft lockup while flush writes")

1 year, 7 months

2
1
0 0

[PATCH 2/2] Add additional HyperX IDs to xpad.c on LTS v6.6

by Max Nguyen

Add additional HyperX IDs to xpad_device and xpad_table Add to LTS version 6.6 Suggested-by: Chris Toledanes <chris.toledanes(a)hp.com> Reviewed-by: Carl Ng <carl.ng(a)hp.com> Signed-off-by: Max Nguyen <maxwell.nguyen(a)hp.com> --- drivers/input/joystick/xpad.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c index d0bb3edfd0a0..c11af4441cf2 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -130,7 +130,12 @@ static const struct xpad_device { { 0x0079, 0x18d4, "GPD Win 2 X-Box Controller", 0, XTYPE_XBOX360 }, { 0x03eb, 0xff01, "Wooting One (Legacy)", 0, XTYPE_XBOX360 }, { 0x03eb, 0xff02, "Wooting Two (Legacy)", 0, XTYPE_XBOX360 }, + { 0x03f0, 0x038D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wired */ + { 0x03f0, 0x048D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wireless */ { 0x03f0, 0x0495, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, + { 0x03f0, 0x07A0, "HyperX Clutch Gladiate RGB", 0, XTYPE_XBOXONE }, + { 0x03f0, 0x08B6, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, /* v2 */ + { 0x03f0, 0x09B4, "HyperX Clutch Tanto", 0, XTYPE_XBOXONE }, { 0x044f, 0x0f00, "Thrustmaster Wheel", 0, XTYPE_XBOX }, { 0x044f, 0x0f03, "Thrustmaster Wheel", 0, XTYPE_XBOX }, { 0x044f, 0x0f07, "Thrustmaster, Inc. Controller", 0, XTYPE_XBOX }, @@ -463,6 +468,7 @@ static const struct usb_device_id xpad_table[] = { { USB_INTERFACE_INFO('X', 'B', 0) }, /* Xbox USB-IF not-approved class */ XPAD_XBOX360_VENDOR(0x0079), /* GPD Win 2 controller */ XPAD_XBOX360_VENDOR(0x03eb), /* Wooting Keyboards (Legacy) */ + XPAD_XBOX360_VENDOR(0x03f0), /* HP HyperX Xbox 360 controllers */ XPAD_XBOXONE_VENDOR(0x03f0), /* HP HyperX Xbox One controllers */ XPAD_XBOX360_VENDOR(0x044f), /* Thrustmaster Xbox 360 controllers */ XPAD_XBOX360_VENDOR(0x045e), /* Microsoft Xbox 360 controllers */ -- 2.39.3

1 year, 7 months

2
1
0 0

dddd

by Helge Deller

Dear Greg & stable team, could you please queue up the patch below for the stable-6.7 kernel? This is upstream commit: eba38cc7578bef94865341c73608bdf49193a51d Thanks, Helge From eba38cc7578bef94865341c73608bdf49193a51d Mon Sep 17 00:00:00 2001 From: Helge Deller <deller(a)kernel.org> Subject: [PATCH] bcachefs: Fix build on parisc by avoiding __multi3() The gcc compiler on paric does support the __int128 type, although the architecture does not have native 128-bit support. The effect is, that the bcachefs u128_square() function will pull in the libgcc __multi3() helper, which breaks the kernel build when bcachefs is built as module since this function isn't currently exported in arch/parisc/kernel/parisc_ksyms.c. The build failure can be seen in the latest debian kernel build at: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=hppa&ver=6.7.1-1%… We prefer to not export that symbol, so fall back to the optional 64-bit implementation provided by bcachefs and thus avoid usage of __multi3(). Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Signed-off-by: Kent Overstreet <kent.overstreet(a)linux.dev> diff --git a/fs/bcachefs/mean_and_variance.h b/fs/bcachefs/mean_and_variance.h index b2be565bb8f2..64df11ab422b 100644 --- a/fs/bcachefs/mean_and_variance.h +++ b/fs/bcachefs/mean_and_variance.h @@ -17,7 +17,7 @@ * Rust and rustc has issues with u128. */ -#if defined(__SIZEOF_INT128__) && defined(__KERNEL__) +#if defined(__SIZEOF_INT128__) && defined(__KERNEL__) && !defined(CONFIG_PARISC) typedef struct { unsigned __int128 v;

1 year, 7 months

5
11
0 0

[PATCH 6.1 00/71] 6.1.82-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.1.82 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 04:39:56 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Breno Leitao (1): blk-iocost: Pass gendisk to ioc_refresh_params Christian Borntraeger (1): KVM: s390: vsie: fix race during shadow creation Christoph Hellwig (6): blk-wbt: pass a gendisk to wbt_{enable,disable}_default blk-wbt: pass a gendisk to wbt_init blk-rq-qos: move rq_qos_add and rq_qos_del out of line blk-rq-qos: make rq_qos_add and rq_qos_del more useful blk-rq-qos: constify rq_qos_ops blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Fangzhi Zuo (1): drm/amd/display: Fix MST Null Ptr for RV Florian Kauer (1): igc: avoid returning frame twice in XDP_REDIRECT Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Friedrich Vock (1): drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Gao Xiang (1): erofs: apply proper VMA alignment for memory mapped files on THP Horatiu Vultur (1): net: sparx5: Fix use after free inside sparx5_del_mact_entry Hui Zhou (1): nfp: flower: add hardware offload check for post ct entry Jacob Keller (1): ice: virtchnl: stop pretending to support RSS over AQ or registers Jan Kara (2): readahead: avoid multiple marked readahead pages blk-wbt: Fix detection of dirty-throttled tasks Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johan Hovold (1): ASoC: codecs: wcd938x: fix headphones volume controls Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Ma Hanghong (1): drm/amd/display: Wrong colorimetry workaround Maciej Fijalkowski (3): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool ice: reorder disabling IRQ and NAPI in ice_qp_dis Mathias Nyman (1): xhci: process isoc TD properly when there was a transaction error mid TD. Matthieu Baerts (NGI0) (1): selftests: mptcp: decrease BW in simult flows Michal Pecio (1): xhci: handle isoc Babble and Buffer Overrun events properly Muhammad Usama Anjum (1): selftests/mm: switch to bash from sh Nico Boehr (1): KVM: s390: add stat counter for shadow gmap events Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (7): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() fs/proc: do_task_stat: use __for_each_thread() fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Pawan Gupta (4): x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin (1): Linux 6.1.82-rc1 Srinivasan Shanmugam (1): drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions Steven Rostedt (Google) (1): tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Tobias Jakobi (Compleo) (1): net: dsa: microchip: fix register write order in ksz8_ind_write8() Toke Høiland-Jørgensen (1): cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Wentao Jia (1): nfp: flower: add goto_chain_index for ct entry Xiubo Li (1): ceph: switch to corrected encoding of max_xattr_size in mdsmap Yu Kuai (6): blk-iocost: disable writeback throttling elevator: remove redundant code in elv_unregister_queue() blk-wbt: remove unnecessary check in wbt_enable_default() elevator: add new field flags in struct elevator_queue blk-wbt: don't enable throttling if default elevator is bfq blk-wbt: fix that wbt can't be disabled by default .../ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 21 ++++ Makefile | 4 +- arch/s390/include/asm/kvm_host.h | 7 ++ arch/s390/kvm/gaccess.c | 7 ++ arch/s390/kvm/kvm-s390.c | 9 +- arch/s390/kvm/vsie.c | 6 +- arch/s390/mm/gmap.c | 1 + arch/x86/Kconfig | 11 ++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 8 ++ arch/x86/kernel/cpu/bugs.c | 92 +++++++++++++++- arch/x86/kernel/cpu/common.c | 38 ++++++- arch/x86/kvm/x86.c | 5 +- block/bfq-iosched.c | 6 +- block/blk-iocost.c | 51 +++++---- block/blk-iolatency.c | 30 ++--- block/blk-mq-debugfs.c | 10 +- block/blk-rq-qos.c | 67 +++++++++++ block/blk-rq-qos.h | 66 +---------- block/blk-sysfs.c | 4 +- block/blk-wbt.c | 50 +++++---- block/blk-wbt.h | 12 +- block/elevator.c | 8 +- block/elevator.h | 5 +- drivers/base/cpu.c | 8 ++ drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 6 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 17 ++- .../drm/amd/display/dc/core/dc_link_dpcd.c | 4 +- .../gpu/drm/amd/display/dc/core/dc_resource.c | 6 + .../amd/display/modules/inc/mod_info_packet.h | 3 +- .../display/modules/info_packet/info_packet.c | 6 +- drivers/net/dsa/microchip/ksz8795.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +- .../intel/ice/ice_virtchnl_allowlist.c | 2 - drivers/net/ethernet/intel/ice/ice_xsk.c | 9 +- drivers/net/ethernet/intel/igc/igc_main.c | 13 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 ++++++++-- .../microchip/sparx5/sparx5_mactable.c | 4 +- .../ethernet/netronome/nfp/flower/conntrack.c | 28 ++++- .../ethernet/netronome/nfp/flower/conntrack.h | 2 + drivers/net/geneve.c | 18 ++- drivers/net/usb/lan78xx.c | 3 +- drivers/usb/host/xhci-ring.c | 80 +++++++++++--- drivers/usb/host/xhci.h | 1 + fs/ceph/mdsmap.c | 7 +- fs/erofs/data.c | 1 + fs/proc/array.c | 57 +++++----- include/linux/backing-dev-defs.h | 7 +- include/linux/ceph/mdsmap.h | 6 +- include/linux/cpu.h | 2 + include/trace/events/qdisc.h | 20 ++-- kernel/bpf/cpumap.c | 2 +- kernel/exit.c | 10 +- kernel/sys.c | 91 ++++++++------- mm/backing-dev.c | 2 +- mm/page-writeback.c | 2 +- mm/readahead.c | 4 +- net/ipv6/route.c | 21 ++-- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +-- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- sound/soc/codecs/wcd938x.c | 2 +- .../selftests/net/mptcp/simult_flows.sh | 8 +- .../selftests/vm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/vm/map_hugetlb.c | 7 ++ .../selftests/vm/write_hugetlb_memory.sh | 2 +- 86 files changed, 903 insertions(+), 365 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst -- 2.43.0

1 year, 7 months

9
86
0 0

Linux 4.19.310

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 4.19.310 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ Makefile | 2 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/um/Kconfig | 13 + arch/um/Makefile | 3 +- arch/x86/Makefile.um | 2 +- drivers/input/serio/i8042-x86ia64io.h | 6 + drivers/net/geneve.c | 18 +- drivers/net/hyperv/netvsc_drv.c | 96 ++- drivers/net/loopback.c | 6 - drivers/net/nlmon.c | 6 - drivers/net/usb/lan78xx.c | 966 +++++++++++++++++++++++-------- drivers/net/vsockmon.c | 14 +- fs/btrfs/ref-verify.c | 6 +- include/linux/netdevice.h | 6 + include/uapi/linux/resource.h | 4 +- kernel/sys.c | 91 +-- net/ipv6/route.c | 21 +- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- tools/testing/selftests/vm/map_hugetlb.c | 50 +- 27 files changed, 989 insertions(+), 373 deletions(-) Arnd Bergmann (1): y2038: rusage: use __kernel_old_timeval Christophe Leroy (3): tools/selftest/vm: allow choosing mem size and page size in map_hugetlb selftests/vm: fix display of page size in map_hugetlb selftests/vm: fix map_hugetlb length used for testing read and write Dexuan Cui (1): hv_netvsc: Make netvsc/VF binding check both MAC and serial number Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Fedor Pchelkin (1): btrfs: ref-verify: free ref cache before clearing mount opt Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johannes Berg (1): um: allow not setting extra rpaths in the linux binary John Efstathiades (4): lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Lee Jones (1): net: usb: lan78xx: Remove lots of set but unused 'ret' variables Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Li RongQing (1): net: move definition of pcpu_lstats to header file Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (4): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Sasha Levin (1): Linux 4.19.310 Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0nTsACgkQ3qZv95d3 LNxqzQ//Zn+wIORW6+gZGsidAvNaWWvtGOJII2rW1ZJsCfduCvuFPNRrab9m6JrQ O+S7QgyLhLQpdqwbjA+MhGbai2KVPuv/MgsOT8ext5y9WpEDcy2uLSoabC9yOd0U VDq27hhE6F3TgZpJwuVzHByuMmWSd96bLNuqhUEL5+07AIsRO+xqOK9Otwt6iuLd uCMTtE0GlHIVAT73l8Pv7u1mOMXvEou/7xjDqQAB8Oo8pO+gHZfUqyExAjip4g9M Ve6Sj8//zZWZHodKs/xtSX94ljP1qS3b3PdkkHJB2gbgqeymWm4v2X6IQgZ2PTXd /Iy/4r9d9unBvEhfzXDcyHpvqZBOlR9nd6J0pjmERTpr6KWAwhRU/iaKDwt9lfij nZ31PWR+qS8i7VxQGi+IKJ9QDLAhvMuR6yIF74ITuYWc+y19qsDE+KL8775eAGzA /qOUqJsICtISSSsZ1jPJOJ4o469sxmAaT/xElFfVEbZLmtkx0FdI2mPeZ7WasHkN 421UnsoZnHr43Zc2uscquhmZuDEnoBkmGBhp2z6PTDe1SgMbR8c+qGJUNY31hKLv XvuVMgrkLfXRu1LuZAaaxhPdIbjX9dDca5/I75C8S6a5eCpVmjZv+GhwZMuajxFU qEUVkHQRch2RFyvV0Avl8IEIprRW46EuCx2eX2wXF/Fq4Mp20G4= =zydN -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 5.4.272

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 5.4.272 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ Makefile | 2 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 25 +- arch/um/Kconfig | 13 + arch/um/Makefile | 3 +- arch/x86/Makefile.um | 2 +- drivers/base/regmap/internal.h | 4 + drivers/base/regmap/regmap.c | 77 ++- drivers/input/serio/i8042-x86ia64io.h | 6 + drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 +- drivers/net/geneve.c | 18 +- drivers/net/hyperv/netvsc_drv.c | 96 ++- drivers/net/usb/lan78xx.c | 910 ++++++++++++++++++++------ drivers/tty/serial/Kconfig | 1 + drivers/tty/serial/max310x.c | 378 ++++++++--- include/linux/regmap.h | 19 + include/uapi/linux/resource.h | 4 +- kernel/sys.c | 91 +-- net/ipv6/route.c | 21 +- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- tools/testing/selftests/vm/map_hugetlb.c | 7 + 31 files changed, 1334 insertions(+), 464 deletions(-) Andy Shevchenko (4): serial: max310x: Use devm_clk_get_optional() to get the input clock serial: max310x: Try to get crystal clock rate from property serial: max310x: Make use of device properties serial: max310x: Unprepare and disable clock in error path Ansuel Smith (1): regmap: allow to define reg_update_bits for no bus configuration Arnd Bergmann (1): y2038: rusage: use __kernel_old_timeval Cosmin Tanislav (4): serial: max310x: use regmap methods for SPI batch operations serial: max310x: use a separate regmap for each port serial: max310x: make accessing revision id interface-agnostic serial: max310x: implement I2C support Dexuan Cui (1): hv_netvsc: Make netvsc/VF binding check both MAC and serial number Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Hugo Villeneuve (2): serial: max310x: fail probe if clock crystal is unstable serial: max310x: prevent infinite while() loop in port startup Jan Kundrát (1): serial: max310x: fix IO data corruption in batched operations Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johan Hovold (1): arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts Johannes Berg (1): um: allow not setting extra rpaths in the linux binary John Efstathiades (4): lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Lina Iyer (1): arm64: dts: qcom: add PDC interrupt controller for SDM845 Maciej Fijalkowski (1): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able Marek Vasut (1): regmap: Add bulk read/write callbacks into regmap_config Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (4): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin (1): Linux 5.4.272 Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0nLoACgkQ3qZv95d3 LNxrdw/+OcKPa2m7vFsJC7VGQgT9PtU14MOS3rrsVBotR76muYTk9xCXk2JX2fnK qaJKLv59rX0bkXTqzrHZbBlWSzslaM9Ka4gdB3hIyLglIAmjXNRb2PKPb0HVA9Dw a7vCLxGvv3wGPopTHd5/kED/XPh361VZP3OuNM9+qGsSPh/G4sgy031/6ABLx/i/ NyUKqY/+5CIx8uzMXKdytseNwBKh0oEaq6JbZ9o+9J6Uf5ZxonW5svSYhWPnr8ks WbkH1+Ykxdz77w84WGL1EHjeR5FmeXECUcDviQ9UqHVJabpJManmSV1t4O+8uoev x/1+/En9+1viEyUN4F+kbQFwb0a3icN+uF8LSz1GPOR4zJP/AKw7qec4vgcIXElm MDGSRNss41pNcCGXQzqQ40fXtdbP+ZOQS1l4GqrLzwt0YKEmF/rAgCxMCfPtiQRI BmUoTlTnpD/Yq7VudOXs8dNcH1Fmmfr1jGkEKTulcK8xyHbjxEMaJE19YSa7lnOy A1jdfwuNmlY+aM+keUqST5gJDM0qiLTMizxiZwSR9faMefh2teKekLEbCSenJXxw OEGlUBZ7EW1P6N6/IUO07Q5BJAcX+pgpj1u3lKYA/x+SxQscAh38F6k/Z44929UK F50bBtIsGliRxdktknGA7lYuUJTuVCYulLHYCqP7ovxsOu7D9z8= =116+ -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 5.10.213

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 5.10.213 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ Makefile | 2 +- arch/um/Kconfig | 13 + arch/um/Makefile | 3 +- arch/x86/Makefile.um | 2 +- drivers/base/regmap/internal.h | 4 + drivers/base/regmap/regmap.c | 77 +- drivers/hv/channel.c | 174 +++- drivers/hv/hyperv_vmbus.h | 3 +- drivers/hv/ring_buffer.c | 28 +- drivers/mmc/host/mmci_stm32_sdmmc.c | 112 ++- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 +- drivers/net/geneve.c | 18 +- drivers/net/hyperv/hyperv_net.h | 13 + drivers/net/hyperv/netvsc.c | 55 +- drivers/net/hyperv/netvsc_drv.c | 107 ++- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/usb/lan78xx.c | 910 ++++++++++++++++----- drivers/tty/serial/Kconfig | 1 + drivers/tty/serial/max310x.c | 378 ++++++--- drivers/usb/host/xhci-ring.c | 143 +++- drivers/usb/host/xhci.h | 3 + fs/ext4/extents.c | 5 +- fs/ext4/extents_status.c | 14 +- fs/ext4/extents_status.h | 6 +- fs/ext4/inode.c | 65 +- fs/hugetlbfs/inode.c | 17 +- include/linux/filter.h | 3 +- include/linux/hugetlb.h | 2 +- include/linux/hyperv.h | 23 + include/linux/lsm_hook_defs.h | 6 +- include/linux/lsm_hooks.h | 4 +- include/linux/regmap.h | 19 + include/linux/security.h | 11 +- include/linux/sockptr.h | 5 + include/trace/events/qdisc.h | 20 +- kernel/bpf/cpumap.c | 2 +- kernel/sys.c | 91 ++- mm/hugetlb.c | 37 +- net/core/filter.c | 5 +- net/core/sock.c | 52 +- net/ipv6/route.c | 21 +- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- security/apparmor/lsm.c | 29 +- security/security.c | 35 +- security/selinux/hooks.c | 13 +- security/smack/smack_lsm.c | 19 +- .../selftests/vm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/vm/map_hugetlb.c | 7 + tools/testing/selftests/vm/write_hugetlb_memory.sh | 2 +- 60 files changed, 1981 insertions(+), 702 deletions(-) Andrea Parri (Microsoft) (1): Drivers: hv: vmbus: Drop error message when 'No request id available' Andres Beltran (2): Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening Andy Shevchenko (4): serial: max310x: Use devm_clk_get_optional() to get the input clock serial: max310x: Try to get crystal clock rate from property serial: max310x: Make use of device properties serial: max310x: Unprepare and disable clock in error path Ansuel Smith (1): regmap: allow to define reg_update_bits for no bus configuration Baokun Li (1): ext4: make ext4_es_insert_extent() return void Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Cosmin Tanislav (4): serial: max310x: use regmap methods for SPI batch operations serial: max310x: use a separate regmap for each port serial: max310x: make accessing revision id interface-agnostic serial: max310x: implement I2C support Dexuan Cui (1): hv_netvsc: Make netvsc/VF binding check both MAC and serial number Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Hugo Villeneuve (2): serial: max310x: fail probe if clock crystal is unstable serial: max310x: prevent infinite while() loop in port startup Jan Kundrát (1): serial: max310x: fix IO data corruption in batched operations Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johannes Berg (1): um: allow not setting extra rpaths in the linux binary John Efstathiades (4): lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Long Li (2): hv_netvsc: Wait for completion on request SWITCH_DATA_PATH hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove Maciej Fijalkowski (2): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool Marek Vasut (1): regmap: Add bulk read/write callbacks into regmap_config Martin KaFai Lau (2): net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr bpf: net: Change sk_getsockopt() to take the sockptr_t argument Mathias Nyman (3): xhci: remove extra loop in interrupt context xhci: prevent double-fetch of transfer and transfer event TRBs xhci: process isoc TD properly when there was a transaction error mid TD. Michal Pecio (1): xhci: handle isoc Babble and Buffer Overrun events properly Mike Kravetz (1): mm/hugetlb: change hugetlb_reserve_pages() to type bool Muhammad Usama Anjum (1): selftests/mm: switch to bash from sh Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (4): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Ondrej Mosnacek (1): lsm: fix default return value of the socket_getpeersec_*() hooks Paul Moore (1): lsm: make security_socket_getpeersec_stream() sockptr_t safe Prakash Sangappa (1): mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin (1): Linux 5.10.213 Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Steven Rostedt (Google) (1): tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Toke Høiland-Jørgensen (1): cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Yann Gautier (1): mmc: mmci: stm32: use a buffer for unaligned DMA requests Zhang Yi (2): ext4: refactor ext4_da_map_blocks() ext4: convert to exclusive lock while inserting delalloc extents -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0m6kACgkQ3qZv95d3 LNwhoRAAvOhsQoD+aq3Z7sknD20UJ9JRkofM+91UJUfvWeWpOoZo/mqKYi487sTY gxOZk9hE5oMNvu4KHbRXWfA7PYLLXYeyI3QGbCnB1WaEVrfRHEQExeA1sWvMZzHB wuBY1a0j7ysk/unDGSoLPlSDJFj5iO39AoSoaorgGUZ9Z/k9K4CuLzSP5oBblsSl zPMvXUsn7nGAfyThbS89wJOEYMmDQe0vglAnkCAX+p6JABc5uUVyNDmQ12EPRD11 P2/uZ9YlKejPNuaJxyZqFxxFTlAXjGhJu/gA4G3mQxtk5YQuFxQPtapw0XV0yJwu Nz8OgSRFU24QBklsMTGXjXoi2fP2k6PpNYVdsC/wBSBGAnKYu0SmdeJfEY4GrxNZ foGIAjnnR49pYfVVl94S6OpYsfLNPyjTEdYm2fJht5WzYSXc2GFMLZ7YqoIiWJum CjtT0Yw/4C/OPcb2SE72XY932ieUnNhrTxUa9JejSCPa4nn8XRIo2oaUTPRcqR4T OescRIfAvlJe9/H4DpzVzZZB53yFGRmIa3kMKw4r6oVlPq5xvJZ9tXxloApqCkzL JZSxRoFLSwh3iRe8uUIP0YfhbOJxmaySr4/rlcnVdh+VW8dKRh1E+d+yDHTiFqz5 6waTahRk61y4oEAkI6kKOr4fM7lM6SHE69wnHMR5C79fbNhJowE= =FqJj -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 5.15.152

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 5.15.152 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ Makefile | 2 +- drivers/base/regmap/internal.h | 4 + drivers/base/regmap/regmap.c | 77 ++++----- drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + drivers/gpu/drm/amd/display/amdgpu_dm/dc_fpu.c | 2 +- drivers/gpu/drm/amd/display/dc/Makefile | 4 +- drivers/gpu/drm/amd/display/dc/calcs/Makefile | 68 -------- drivers/gpu/drm/amd/display/dc/core/dc_link_dpcd.c | 4 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 2 +- .../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 22 ++- .../drm/amd/display/dc/{ => dml}/calcs/bw_fixed.c | 0 .../amd/display/dc/{ => dml}/calcs/calcs_logger.h | 0 .../amd/display/dc/{ => dml}/calcs/custom_float.c | 0 .../drm/amd/display/dc/{ => dml}/calcs/dce_calcs.c | 0 .../amd/display/dc/{ => dml}/calcs/dcn_calc_auto.c | 0 .../amd/display/dc/{ => dml}/calcs/dcn_calc_auto.h | 0 .../amd/display/dc/{ => dml}/calcs/dcn_calc_math.c | 0 .../drm/amd/display/dc/{ => dml}/calcs/dcn_calcs.c | 0 .../dc/dml/{dcn2x/dcn2x.c => dcn20/dcn20_fpu.c} | 2 +- .../dc/dml/{dcn2x/dcn2x.h => dcn20/dcn20_fpu.h} | 6 +- drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 23 --- drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h | 2 - drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 25 ++- drivers/mmc/host/mmci_stm32_sdmmc.c | 112 +++++++++++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 ++++++- .../ethernet/microchip/sparx5/sparx5_mactable.c | 4 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 28 +++- .../net/ethernet/netronome/nfp/flower/conntrack.h | 2 + drivers/net/geneve.c | 18 ++- drivers/net/hyperv/netvsc_drv.c | 83 +++++++--- drivers/net/usb/lan78xx.c | 3 +- drivers/tty/serial/max310x.c | 151 +++++++++++------- drivers/usb/host/xhci-ring.c | 80 ++++++++-- drivers/usb/host/xhci.h | 1 + fs/erofs/data.c | 1 + fs/proc/array.c | 17 +- include/linux/regmap.h | 19 +++ include/trace/events/qdisc.h | 20 +-- kernel/bpf/cpumap.c | 2 +- kernel/sys.c | 91 ++++++----- net/ipv6/route.c | 21 +-- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- sound/usb/card.c | 1 + sound/usb/card.h | 7 +- sound/usb/endpoint.c | 177 +++++++++++++++++---- sound/usb/endpoint.h | 9 +- sound/usb/implicit.c | 9 +- sound/usb/implicit.h | 2 +- sound/usb/mixer.c | 7 + sound/usb/pcm.c | 89 +++++++---- sound/usb/pcm.h | 2 + sound/usb/quirks.c | 30 ++-- sound/usb/usbaudio.h | 9 ++ tools/testing/selftests/net/mptcp/simult_flows.sh | 8 +- .../selftests/vm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/vm/map_hugetlb.c | 7 + tools/testing/selftests/vm/write_hugetlb_memory.sh | 2 +- 76 files changed, 957 insertions(+), 469 deletions(-) Ansuel Smith (1): regmap: allow to define reg_update_bits for no bus configuration Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Christos Skevis (1): ALSA: usb-audio: Fix microphone sound on Nexigo webcam. Cosmin Tanislav (3): serial: max310x: use regmap methods for SPI batch operations serial: max310x: use a separate regmap for each port serial: max310x: make accessing revision id interface-agnostic Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Evan Quan (1): drm/amd/pm: do not expose the API used internally only in kv_dpm.c Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Friedrich Vock (1): drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Gao Xiang (1): erofs: apply proper VMA alignment for memory mapped files on THP Horatiu Vultur (1): net: sparx5: Fix use after free inside sparx5_del_mact_entry Hugo Villeneuve (1): serial: max310x: prevent infinite while() loop in port startup Hui Zhou (1): nfp: flower: add hardware offload check for post ct entry Isabella Basso (1): drm/amd/display: move calcs folder into DML Jan Kundrát (1): serial: max310x: fix IO data corruption in batched operations Jaroslav Kysela (2): ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read John Keeping (1): ALSA: usb-audio: Add quirk for Tascam Model 12 Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Kees Cook (1): proc: Use task_is_running() for wchan in /proc/$pid/stat Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Maciej Fijalkowski (2): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool Magali Lemes (1): drm/amd/display: remove DML Makefile duplicate lines Marek Vasut (1): regmap: Add bulk read/write callbacks into regmap_config Mathias Nyman (1): xhci: process isoc TD properly when there was a transaction error mid TD. Matthieu Baerts (NGI0) (1): selftests: mptcp: decrease BW in simult flows Michal Pecio (1): xhci: handle isoc Babble and Buffer Overrun events properly Muhammad Usama Anjum (1): selftests/mm: switch to bash from sh Nathan Chancellor (1): drm/amd/display: Increase frame-larger-than for all display_mode_vba files Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (5): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Qingqing Zhuo (1): drm/amd/display: Re-arrange FPU code structure for dcn2x Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin (1): Linux 5.15.152 Sean Young (1): ALSA: usb-audio: add quirk for RODE NT-USB+ Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Srinivasan Shanmugam (1): drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions Steven Rostedt (Google) (1): tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Takashi Iwai (9): ALSA: usb-audio: Refcount multiple accesses on the single clock ALSA: usb-audio: Clear fixed clock rate at closing EP ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) ALSA: usb-audio: Properly refcounting clock rate ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() ALSA: usb-audio: Avoid superfluous endpoint setup ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless ALSA: usb-audio: Sort quirk table entries Toke Høiland-Jørgensen (1): cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Wan Jiabing (1): ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all Wentao Jia (1): nfp: flower: add goto_chain_index for ct entry Yann Gautier (1): mmc: mmci: stm32: use a buffer for unaligned DMA requests -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0mxsACgkQ3qZv95d3 LNzoVhAAlP71z8qQfPrzdvj6wtyZiiaZmO58KBpLwjXiEWoxtR8zOeBY+92ijK+m bVy1RThpYVMXwxQypHE60T2k3wQUSZgTWJglarFlw4vg99pK2iacVaJmW9Y9OGRv MTxRuB6l33O905xddEDbrbgY+kk3ev4UmcC7o18my91ETlWOQTY6WA8G3U9lIaxA 2xl90eUOvGgfuSS6Zm0X1P82DzBrXK2Z6xx5OTt2tzf5eslcxpaUkew3YmffMO2/ 3NW+p3mDVqyBIfVyvUULGLWVGjPS6wVfJsHWNHE6MA7EDI/nIEmOsAteZFSgxkDb 8iLPHZEfUzu0z9VN0J4OWHr/mQU7EoJKH5hq+86oZA2cGf7X5saug0uVWkYfq1Et J8lwZsN7j6XxpuE+FTz+/HuAe2NvCNuxusxrRxEX1lwob9VV6h/lC8Z0fy8LSUNj o9ac0lYrbr7Pq+dYSh/naYBrRsERZOZm3NM0t8gxoIRor+ezlHeUDEYn/bJ5TVso Na9PSIe/I3xotu8lb9CZ88BLQj/WgaoMS4WwiYuGb/R9Jt837eu7pr3zhnW7hWMk pmJ+dGk7EhrH9FElqbMCG0Q4+UmJ/hvmOqAzlHO2qllb2vkR8Jos8XcC72vfHsrS 3iIYYiIvvDt1RZTDgR1c0c3byROWqE01MBRUiKre3y3FrtIHnWY= =aSc5 -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 6.1.82

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 6.1.82 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0mg8ACgkQ3qZv95d3 LNzr0xAAsq7KbI+iOpJ1QUuNbFVKuk5d4BrzhtVTe0GwwriKWPO1Hz8/7OuKyORr OmiWYs3rT6daI0n2lAhlF9o4u8A30n8Vu6EVcUklNOjZULH1kzLjwHFg48moKc9c Dieio0QAkkjkF3SfSghUI3/CjhLhmQqAcvXawkYEEG+SUIpXLWnJ5iSf4Gf88SvK GV9Kr4Y0fdZZ+5hCxo8BurIsnDCjewu6PLaMSfUbkMEsH8YQkjjo4Owvidx2UwJZ AohRB3/xjpZd3kzEeWo/l+GkQyxBSV0BpDvyTHl/vEepm1G1469Fw+movBFFGOgX lo6Mac387PpJAsTZfuG8w/HUBd/Qsqr3Ypr3K6bEvD7I0zJXwRZLfpedaoKz43yQ nAGDJ/RXJdqhW+N95sEtvJm5HSCErZqup6qHUx7pht1Z+QQrgSt7GjPFGSV6w90v ZAW77AZND3xlt746hbz2sXBxlMB7N9yy6rMN0ON6QDzj9RZhQUCBePqdOPXgZkU4 ics5pqXbFtK6mAXgHWK97IXaFEcxjgjJiaKiNNcPrUq0wveANzfYB/5oaXhNph+c cmcL+/OpekamoA4MB90BQ3l/PfzaBofuYBLMjhGBBi/da18H0KdRbR7pWqDwI2iY tF0FuT9EsirSITxXu5LCcQJYPY8FmQXeVs1CjlrRd7m7Ev0nRSo= =0dE0 -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 6.6.22

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 6.6.22 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0maQACgkQ3qZv95d3 LNzbJxAAnP99q7lPOB0g0UMoAGOBqKYWI81DtW2Xey8i/Bf0yerJiIYIBqRRRHKU I4Sqq8C8iR7yrTkYcD7993J2Zey8rjMBIBws78vDeEKWdVxtGLuE1DivT2sBTk6N y6uQ7Nar7mDmQ0U2IB5KlA1MCy8/tFb2J2Ocvep0GfUMbxiloOcnRoa9SqZlUOzN BNeZoAqlAWIjgJ4rVo7En9cWdYjMtk4fPFDb53vfmSR2xu1Rak73w4LHA8MdtNzr AnKqQOqXLEutjb8tGnJ4mWe7ep/OMsrDGNXSkz04Sg/V7kSbjYzyTGiLeCxYmxip lavPNqBdgdiukexVkgWON8OA2AkvFBgKGHFrEaG4k+NAfLHzKAIC1AR8MQXjCbi8 5vinLTp+u8qmoAZNMsbTYgA347fgMexM3/rk65Z33w/GWP2hOWX7fJ9TRHycbomt tiveGtaSMgMAdhN+RKlDTtsxF4JVRDVADe5w6LBzaWgv1drdcJzwNn2fTItWZm9p Vq9gjzWdPChNqS9QXK58C14GUmnzgVEbZz3my0BU7ROroEKONje/jfwdHb9fj61V 8w/CYhAU9I/hlK/1ETxQkR3GdURZ/bzHNzmLsDXx2JBgxaelAXivQDuW2iR1PqtV YH4NtC6VlUN4tDPNrLse+wCUb5QUuSX4jb6qXDxUneaRegXfa9Q= =uPB5 -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 6.7.10

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 6.7.10 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0mQoACgkQ3qZv95d3 LNzimw/8CNyHdoZLtpqSUecdo2L57pR6Fd3oHmP87dqOnRylZpQpSujVqn/euZ3e XCEfwhyA52LaQDAcEqrgsoYa9aQQUBFHBY/P3QhPvvzud+wFkwyz73+UTYSH0ag7 GPpNwjdM6d/KdKZyNmv5FIX1zbaBx0ETYPVUBhL/UiCMwFTq4U/1ic4tiBueUSQa o87IlfZQKB9Gz6k7Dsi4bW0tZbeVCcg7rmVlL69b0xATuftOJe7P76OmjSJ6GO8c e2hTCTuc/RvuyAvfWjUSxmq38IMGb2yLsJP9/DWCjinlIna9mLKCsmQZ0oxg9q/T NHwur3VWuFoxX86/0CGFQ9XqNuZlvH0aqPpdUn4BvLOhFBBn1TM9KbVx3fLTjOfo BaF0tl8ZFsH5rZasUpoimrsmHoGSIVs7Vv/XY8hLZVq7BaWogwlz1yYN6tcDUcRn bp+RuC6FrPO8/G6QMX2TwmSmEM15L/RvWKEjAigqEeqOrAW1EurKMLa9oim4gJtH g3IRXdjzR6iYGW56XZ66MKmfXt3D2hPVOHYR2OvlMZMecSnuN0ncEAPzXa5hPNKN Ff2seiKL7DWKnUhDsqLQfJIXEtAqxavNK9SbCB54g7Vq6THPfcN49+dXxkqHUxpH IzGfYbfURrUEQw5KMsE1X7RueiX9eYTIWbthPw3A/OvWYC4HJ34= =HltL -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

Linux 6.8.1

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 6.8.1 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary Thanks, Sasha - ------------ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmX0mB0ACgkQ3qZv95d3 LNw+tBAAraZu6ZEFSO9/acuTsFQNQqPCVT6KPRWiX3FNWKnROFW10ExxgmjVTRUc xpZ8KFSuxXb9ipPEHI5r1Apqp+iu6LE8NmbMRPLVyWEWonnxdKKWztturhebOYZs Kj8HAwIyf0H3ubrIXT/pxtOzodiA3nsyc49+NNAK6fciEHe/g0KuSsC1a6nBAndG 8zqNTQg1jI02ymoiOPSf5z1MuIYmSA5Ae2+4pHthWcDPiaGw2MWqc632x2W+Yh1a gZIXYar6VLA2Bk2hcSL5tOVIDTXHEZV5iRndJ5wbxbg+LbE0z1tTvuZPLEPefRnk lMP+rObTHZLf9yTNMRbWJ0HwhrdFuVxLYUMeZfDyI5I5XF2pYv9qTQmjc+tYJICI qbDiO5u1j7Ffsxfl0HIWNLlSUMt3MBt1cn8riMxb9YSFWVFiflw66Axi4Rybhp7E Brrp/SNl1fHRoSgTxJC1RRz+/uIuwaQGOARKfcakXPLfQ54zUdNwSzEBdpXuLV3j 6QIS7d6hiw0IvtU5BF2JUMVt2hWW9SEAnhPRKrh+AJRX3aBjYmhe8UMo4OWfNINQ Hzl4b/AZwQ22r3z20yIlbwLSmd/P27H+HbWnSOiPdpMDttes+jcN/nso0coHHX5i chCuy4eGCj9K0WOSYSTn6XyobMMuQbyHVjXMM0wyXGLQbhqHycw= =Aljr -----END PGP SIGNATURE-----

1 year, 7 months

1
1
0 0

[PATCH 5.15 00/76] 5.15.152-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 5.15.152 release. There are 76 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 04:42:22 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Ansuel Smith (1): regmap: allow to define reg_update_bits for no bus configuration Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Christos Skevis (1): ALSA: usb-audio: Fix microphone sound on Nexigo webcam. Cosmin Tanislav (3): serial: max310x: use regmap methods for SPI batch operations serial: max310x: use a separate regmap for each port serial: max310x: make accessing revision id interface-agnostic Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Evan Quan (1): drm/amd/pm: do not expose the API used internally only in kv_dpm.c Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Friedrich Vock (1): drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Gao Xiang (1): erofs: apply proper VMA alignment for memory mapped files on THP Horatiu Vultur (1): net: sparx5: Fix use after free inside sparx5_del_mact_entry Hugo Villeneuve (1): serial: max310x: prevent infinite while() loop in port startup Hui Zhou (1): nfp: flower: add hardware offload check for post ct entry Ingo Molnar (1): exit: Fix typo in comment: s/sub-theads/sub-threads Isabella Basso (1): drm/amd/display: move calcs folder into DML Jan Kundrát (1): serial: max310x: fix IO data corruption in batched operations Jaroslav Kysela (2): ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read John Keeping (1): ALSA: usb-audio: Add quirk for Tascam Model 12 Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Kees Cook (1): proc: Use task_is_running() for wchan in /proc/$pid/stat Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Maciej Fijalkowski (2): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool Magali Lemes (1): drm/amd/display: remove DML Makefile duplicate lines Marek Vasut (1): regmap: Add bulk read/write callbacks into regmap_config Mathias Nyman (1): xhci: process isoc TD properly when there was a transaction error mid TD. Matthieu Baerts (NGI0) (1): selftests: mptcp: decrease BW in simult flows Michal Pecio (1): xhci: handle isoc Babble and Buffer Overrun events properly Muhammad Usama Anjum (1): selftests/mm: switch to bash from sh Nathan Chancellor (3): modpost: Include '.text.*' in TEXT_SECTIONS modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS drm/amd/display: Increase frame-larger-than for all display_mode_vba files Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (6): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Qingqing Zhuo (1): drm/amd/display: Re-arrange FPU code structure for dcn2x Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin (1): Linux 5.15.152-rc1 Sean Young (1): ALSA: usb-audio: add quirk for RODE NT-USB+ Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Srinivasan Shanmugam (1): drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions Steven Rostedt (Google) (1): tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Takashi Iwai (9): ALSA: usb-audio: Refcount multiple accesses on the single clock ALSA: usb-audio: Clear fixed clock rate at closing EP ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) ALSA: usb-audio: Properly refcounting clock rate ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() ALSA: usb-audio: Avoid superfluous endpoint setup ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless ALSA: usb-audio: Sort quirk table entries Toke Høiland-Jørgensen (1): cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Wan Jiabing (1): ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all Wentao Jia (1): nfp: flower: add goto_chain_index for ct entry Yann Gautier (1): mmc: mmci: stm32: use a buffer for unaligned DMA requests Makefile | 4 +- drivers/base/regmap/internal.h | 4 + drivers/base/regmap/regmap.c | 77 ++++---- drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + .../gpu/drm/amd/display/amdgpu_dm/dc_fpu.c | 2 +- drivers/gpu/drm/amd/display/dc/Makefile | 4 +- drivers/gpu/drm/amd/display/dc/calcs/Makefile | 68 ------- .../drm/amd/display/dc/core/dc_link_dpcd.c | 4 +- .../drm/amd/display/dc/dcn20/dcn20_resource.c | 2 +- .../drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 22 ++- .../amd/display/dc/{ => dml}/calcs/bw_fixed.c | 0 .../display/dc/{ => dml}/calcs/calcs_logger.h | 0 .../display/dc/{ => dml}/calcs/custom_float.c | 0 .../display/dc/{ => dml}/calcs/dce_calcs.c | 0 .../dc/{ => dml}/calcs/dcn_calc_auto.c | 0 .../dc/{ => dml}/calcs/dcn_calc_auto.h | 0 .../dc/{ => dml}/calcs/dcn_calc_math.c | 0 .../display/dc/{ => dml}/calcs/dcn_calcs.c | 0 .../dml/{dcn2x/dcn2x.c => dcn20/dcn20_fpu.c} | 2 +- .../dml/{dcn2x/dcn2x.h => dcn20/dcn20_fpu.h} | 6 +- drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 23 --- drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h | 2 - drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 25 ++- drivers/mmc/host/mmci_stm32_sdmmc.c | 112 +++++++++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 +++++- .../microchip/sparx5/sparx5_mactable.c | 4 +- .../ethernet/netronome/nfp/flower/conntrack.c | 28 ++- .../ethernet/netronome/nfp/flower/conntrack.h | 2 + drivers/net/geneve.c | 18 +- drivers/net/hyperv/netvsc_drv.c | 83 +++++--- drivers/net/usb/lan78xx.c | 3 +- drivers/tty/serial/max310x.c | 151 +++++++++------ drivers/usb/host/xhci-ring.c | 80 ++++++-- drivers/usb/host/xhci.h | 1 + fs/erofs/data.c | 1 + fs/proc/array.c | 17 +- include/linux/regmap.h | 19 ++ include/trace/events/qdisc.h | 20 +- kernel/bpf/cpumap.c | 2 +- kernel/exit.c | 12 +- kernel/sys.c | 91 +++++---- net/ipv6/route.c | 21 +-- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- scripts/mod/modpost.c | 7 +- sound/usb/card.c | 1 + sound/usb/card.h | 7 +- sound/usb/endpoint.c | 177 +++++++++++++++--- sound/usb/endpoint.h | 9 +- sound/usb/implicit.c | 9 +- sound/usb/implicit.h | 2 +- sound/usb/mixer.c | 7 + sound/usb/pcm.c | 89 +++++---- sound/usb/pcm.h | 2 + sound/usb/quirks.c | 30 ++- sound/usb/usbaudio.h | 9 + .../selftests/net/mptcp/simult_flows.sh | 8 +- .../selftests/vm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/vm/map_hugetlb.c | 7 + .../selftests/vm/write_hugetlb_memory.sh | 2 +- 78 files changed, 966 insertions(+), 481 deletions(-) delete mode 100644 drivers/gpu/drm/amd/display/dc/calcs/Makefile rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/bw_fixed.c (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/calcs_logger.h (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/custom_float.c (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/dce_calcs.c (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/dcn_calc_auto.c (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/dcn_calc_auto.h (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/dcn_calc_math.c (100%) rename drivers/gpu/drm/amd/display/dc/{ => dml}/calcs/dcn_calcs.c (100%) rename drivers/gpu/drm/amd/display/dc/dml/{dcn2x/dcn2x.c => dcn20/dcn20_fpu.c} (99%) rename drivers/gpu/drm/amd/display/dc/dml/{dcn2x/dcn2x.h => dcn20/dcn20_fpu.h} (94%) -- 2.43.0

1 year, 7 months

9
90
0 0

[PATCH 6.8 0/5] 6.8.1-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.8.1 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 04:28:11 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Pawan Gupta (4): x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Sasha Levin (1): Linux 6.8.1-rc1 .../ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 21 ++++ Makefile | 4 +- arch/x86/Kconfig | 11 ++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 8 ++ arch/x86/kernel/cpu/bugs.c | 92 +++++++++++++++- arch/x86/kernel/cpu/common.c | 38 ++++++- arch/x86/kvm/x86.c | 5 +- drivers/base/cpu.c | 3 + include/linux/cpu.h | 2 + 13 files changed, 280 insertions(+), 11 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst -- 2.43.0

1 year, 7 months

7
14
0 0

[PATCH 6.6 00/60] 6.6.22-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.6.22 release. There are 60 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 04:36:58 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Byungchul Park (1): mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Christian Borntraeger (1): KVM: s390: vsie: fix race during shadow creation Daniel Borkmann (2): xdp, bonding: Fix feature flags when there are no slave devs anymore selftests/bpf: Fix up xdp bonding test wrt feature flags Eduard Zingerman (1): bpf: check bpf_func_state->callback_depth when pruning states Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Emeel Hakim (1): net/mlx5e: Fix MACsec state loss upon state update in offload path Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Florian Kauer (1): igc: avoid returning frame twice in XDP_REDIRECT Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Frank Li (3): dt-bindings: dma: fsl-edma: Add fsl-edma.h to prevent hardcoding in dts dmaengine: fsl-edma: utilize common dt-binding header file dmaengine: fsl-edma: correct max_segment_size setting Gao Xiang (1): erofs: apply proper VMA alignment for memory mapped files on THP Gavin Li (1): Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" Horatiu Vultur (1): net: sparx5: Fix use after free inside sparx5_del_mact_entry Jacob Keller (1): ice: virtchnl: stop pretending to support RSS over AQ or registers Jan Kara (1): readahead: avoid multiple marked readahead pages Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Jianbo Liu (2): net/mlx5: E-switch, Change flow rule destination checking net/mlx5e: Change the warning when ignore_flow_level is not supported Kefeng Wang (3): mm: migrate: remove PageTransHuge check in numamigrate_isolate_page() mm: migrate: remove THP mapcount check in numamigrate_isolate_page() mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio() Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Leon Romanovsky (1): xfrm: Pass UDP encapsulation in TX packet offload Maciej Fijalkowski (3): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool ice: reorder disabling IRQ and NAPI in ice_qp_dis Matthieu Baerts (NGI0) (1): selftests: mptcp: decrease BW in simult flows Moshe Shemesh (1): net/mlx5: Check capability for fw_reset Nico Boehr (1): KVM: s390: add stat counter for shadow gmap events Oleg Nesterov (1): exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Pawan Gupta (4): x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Rahul Rameshbabu (2): net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Saeed Mahameed (1): Revert "net/mlx5e: Check the number of elements before walk TC rhashtable" Sasha Levin (1): Linux 6.6.22-rc1 Steven Rostedt (Google) (1): tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Tobias Jakobi (Compleo) (1): net: dsa: microchip: fix register write order in ksz8_ind_write8() Toke Høiland-Jørgensen (1): cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Xiubo Li (1): ceph: switch to corrected encoding of max_xattr_size in mdsmap Yongzhi Liu (1): net: pds_core: Fix possible double free in error handling path .../ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 21 ++++ Makefile | 4 +- arch/s390/include/asm/kvm_host.h | 7 ++ arch/s390/kvm/gaccess.c | 7 ++ arch/s390/kvm/kvm-s390.c | 9 +- arch/s390/kvm/vsie.c | 6 +- arch/s390/mm/gmap.c | 1 + arch/x86/Kconfig | 11 ++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 8 ++ arch/x86/kernel/cpu/bugs.c | 92 +++++++++++++++- arch/x86/kernel/cpu/common.c | 38 ++++++- arch/x86/kvm/x86.c | 5 +- drivers/base/cpu.c | 3 + drivers/dma/fsl-edma-common.h | 5 +- drivers/dma/fsl-edma-main.c | 21 ++-- drivers/net/bonding/bond_main.c | 2 +- drivers/net/dsa/microchip/ksz8795.c | 4 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +- .../intel/ice/ice_virtchnl_allowlist.c | 2 - drivers/net/ethernet/intel/ice/ice_xsk.c | 9 +- drivers/net/ethernet/intel/igc/igc_main.c | 13 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 ++++++++-- .../net/ethernet/mellanox/mlx5/core/devlink.c | 6 + .../net/ethernet/mellanox/mlx5/core/en/ptp.c | 12 +- .../mellanox/mlx5/core/en/tc/post_act.c | 2 +- .../mellanox/mlx5/core/en_accel/macsec.c | 82 ++++++++------ .../net/ethernet/mellanox/mlx5/core/en_tx.c | 2 + .../mellanox/mlx5/core/esw/ipsec_fs.c | 2 +- .../mellanox/mlx5/core/eswitch_offloads.c | 46 +++----- .../ethernet/mellanox/mlx5/core/fw_reset.c | 22 +++- .../microchip/sparx5/sparx5_mactable.c | 4 +- drivers/net/geneve.c | 18 ++- drivers/net/usb/lan78xx.c | 3 +- fs/ceph/mdsmap.c | 7 +- fs/erofs/data.c | 1 + include/dt-bindings/dma/fsl-edma.h | 21 ++++ include/linux/ceph/mdsmap.h | 6 +- include/linux/cpu.h | 2 + include/linux/mlx5/mlx5_ifc.h | 4 +- include/trace/events/qdisc.h | 20 ++-- kernel/bpf/cpumap.c | 2 +- kernel/bpf/verifier.c | 3 + kernel/exit.c | 10 +- mm/migrate.c | 34 +++--- mm/readahead.c | 4 +- net/ipv6/route.c | 21 ++-- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +-- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- net/xfrm/xfrm_device.c | 2 +- .../selftests/bpf/prog_tests/xdp_bonding.c | 4 +- .../selftests/net/mptcp/simult_flows.sh | 8 +- 66 files changed, 628 insertions(+), 237 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst create mode 100644 include/dt-bindings/dma/fsl-edma.h -- 2.43.0

1 year, 7 months

9
71
0 0

[PATCH] bcache: fix variable length array abuse in btree_iter

by Matthew Mirvish

btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array. Cc: stable(a)vger.kernel.org Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039368 Signed-off-by: Matthew Mirvish <matthew(a)mm12.xyz> --- drivers/md/bcache/bset.c | 44 +++++++++++++++++------------------ drivers/md/bcache/bset.h | 28 ++++++++++++++-------- drivers/md/bcache/btree.c | 40 ++++++++++++++++--------------- drivers/md/bcache/super.c | 5 ++-- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 ++++---- 6 files changed, 70 insertions(+), 59 deletions(-) diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index 2bba4d6aaaa2..463eb13bd0b2 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -54,7 +54,7 @@ void bch_dump_bucket(struct btree_keys *b) int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; if (b->ops->is_extents) @@ -67,7 +67,7 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; for_each_key(b, k, &iter) { @@ -879,7 +879,7 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; @@ -895,9 +895,9 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1100,33 +1100,33 @@ void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->size = ARRAY_SIZE(iter->data); - iter->used = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, @@ -1293,10 +1293,10 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1307,7 +1307,7 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1323,11 +1323,11 @@ void bch_btree_sort_into(struct btree_keys *b, struct btree_keys *new, struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h index d795c84246b0..011f6062c4c0 100644 --- a/drivers/md/bcache/bset.h +++ b/drivers/md/bcache/bset.h @@ -321,7 +321,14 @@ struct btree_iter { #endif struct btree_iter_set { struct bkey *k, *end; - } data[MAX_BSETS]; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -333,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter(struct btree_iter *iter, void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -350,13 +357,14 @@ static inline struct bkey *bch_bset_search(struct btree_keys *b, return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index 196cdacce38f..d011a7154d33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -1309,7 +1309,7 @@ static bool btree_gc_mark_node(struct btree *b, struct gc_stat *gc) uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; gc->nodes++; @@ -1570,7 +1570,7 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op, static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) @@ -1611,17 +1611,18 @@ static int btree_gc_recurse(struct btree *b, struct btree_op *op, int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1911,7 +1912,7 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1919,10 +1920,10 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1950,7 +1951,7 @@ static int bch_btree_check_thread(void *arg) struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1959,8 +1960,8 @@ static int bch_btree_check_thread(void *arg) ret = 0; /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1978,7 +1979,7 @@ static int bch_btree_check_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2051,7 +2052,7 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; /* check and mark root node keys */ @@ -2547,11 +2548,11 @@ static int bch_btree_map_nodes_recurse(struct btree *b, struct btree_op *op, if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2580,11 +2581,12 @@ int bch_btree_map_keys_recurse(struct btree *b, struct btree_op *op, { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index dc3f50f69714..0676f863355a 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1913,8 +1913,9 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size + 1) * - sizeof(struct btree_iter_set); + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); if (!c->devices) diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index a438efb66069..c4633425acc4 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -660,7 +660,7 @@ static unsigned int bch_root_usage(struct cache_set *c) unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; + struct btree_iter_stack iter; goto lock_root; diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 8827a6f130ad..792e070ccf38 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -908,15 +908,15 @@ static int bch_dirty_init_thread(void *arg) struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -930,7 +930,7 @@ static int bch_dirty_init_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -979,7 +979,7 @@ void bch_sectors_dirty_init(struct bcache_device *d) int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; -- 2.40.1

1 year, 7 months

2
1
0 0

[PATCH v2 6/7] vfio/platform: Create persistent IRQ handlers

by Alex Williamson

The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer dereference. Rather than register the IRQ relative to a valid trigger, register all IRQs in a disabled state in the device open path. This allows mask operations on the IRQ to nest within the overall enable state governed by a valid eventfd signal. This decouples @masked, protected by the @locked spinlock from @trigger, protected via the @igate mutex. In doing so, it's guaranteed that changes to @trigger cannot race the IRQ handlers because the IRQ handler is synchronously disabled before modifying the trigger, and loopback triggering of the IRQ via ioctl is safe due to serialization with trigger changes via igate. For compatibility, request_irq() failures are maintained to be local to the SET_IRQS ioctl rather than a fatal error in the open device path. This allows, for example, a userspace driver with polling mode support to continue to work regardless of moving the request_irq() call site. This necessarily blocks all SET_IRQS access to the failed index. Cc: Eric Auger <eric.auger(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: 57f972e2b341 ("vfio/platform: trigger an interrupt via eventfd") Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> --- drivers/vfio/platform/vfio_platform_irq.c | 100 +++++++++++++++------- 1 file changed, 68 insertions(+), 32 deletions(-) diff --git a/drivers/vfio/platform/vfio_platform_irq.c b/drivers/vfio/platform/vfio_platform_irq.c index e5dcada9e86c..ef41ecef83af 100644 --- a/drivers/vfio/platform/vfio_platform_irq.c +++ b/drivers/vfio/platform/vfio_platform_irq.c @@ -136,6 +136,16 @@ static int vfio_platform_set_irq_unmask(struct vfio_platform_device *vdev, return 0; } +/* + * The trigger eventfd is guaranteed valid in the interrupt path + * and protected by the igate mutex when triggered via ioctl. + */ +static void vfio_send_eventfd(struct vfio_platform_irq *irq_ctx) +{ + if (likely(irq_ctx->trigger)) + eventfd_signal(irq_ctx->trigger); +} + static irqreturn_t vfio_automasked_irq_handler(int irq, void *dev_id) { struct vfio_platform_irq *irq_ctx = dev_id; @@ -155,7 +165,7 @@ static irqreturn_t vfio_automasked_irq_handler(int irq, void *dev_id) spin_unlock_irqrestore(&irq_ctx->lock, flags); if (ret == IRQ_HANDLED) - eventfd_signal(irq_ctx->trigger); + vfio_send_eventfd(irq_ctx); return ret; } @@ -164,52 +174,40 @@ static irqreturn_t vfio_irq_handler(int irq, void *dev_id) { struct vfio_platform_irq *irq_ctx = dev_id; - eventfd_signal(irq_ctx->trigger); + vfio_send_eventfd(irq_ctx); return IRQ_HANDLED; } static int vfio_set_trigger(struct vfio_platform_device *vdev, int index, - int fd, irq_handler_t handler) + int fd) { struct vfio_platform_irq *irq = &vdev->irqs[index]; struct eventfd_ctx *trigger; - int ret; if (irq->trigger) { - irq_clear_status_flags(irq->hwirq, IRQ_NOAUTOEN); - free_irq(irq->hwirq, irq); - kfree(irq->name); + disable_irq(irq->hwirq); eventfd_ctx_put(irq->trigger); irq->trigger = NULL; } if (fd < 0) /* Disable only */ return 0; - irq->name = kasprintf(GFP_KERNEL_ACCOUNT, "vfio-irq[%d](%s)", - irq->hwirq, vdev->name); - if (!irq->name) - return -ENOMEM; trigger = eventfd_ctx_fdget(fd); - if (IS_ERR(trigger)) { - kfree(irq->name); + if (IS_ERR(trigger)) return PTR_ERR(trigger); - } irq->trigger = trigger; - irq_set_status_flags(irq->hwirq, IRQ_NOAUTOEN); - ret = request_irq(irq->hwirq, handler, 0, irq->name, irq); - if (ret) { - kfree(irq->name); - eventfd_ctx_put(trigger); - irq->trigger = NULL; - return ret; - } - - if (!irq->masked) - enable_irq(irq->hwirq); + /* + * irq->masked effectively provides nested disables within the overall + * enable relative to trigger. Specifically request_irq() is called + * with NO_AUTOEN, therefore the IRQ is initially disabled. The user + * may only further disable the IRQ with a MASK operations because + * irq->masked is initially false. + */ + enable_irq(irq->hwirq); return 0; } @@ -228,7 +226,7 @@ static int vfio_platform_set_irq_trigger(struct vfio_platform_device *vdev, handler = vfio_irq_handler; if (!count && (flags & VFIO_IRQ_SET_DATA_NONE)) - return vfio_set_trigger(vdev, index, -1, handler); + return vfio_set_trigger(vdev, index, -1); if (start != 0 || count != 1) return -EINVAL; @@ -236,7 +234,7 @@ static int vfio_platform_set_irq_trigger(struct vfio_platform_device *vdev, if (flags & VFIO_IRQ_SET_DATA_EVENTFD) { int32_t fd = *(int32_t *)data; - return vfio_set_trigger(vdev, index, fd, handler); + return vfio_set_trigger(vdev, index, fd); } if (flags & VFIO_IRQ_SET_DATA_NONE) { @@ -260,6 +258,14 @@ int vfio_platform_set_irqs_ioctl(struct vfio_platform_device *vdev, unsigned start, unsigned count, uint32_t flags, void *data) = NULL; + /* + * For compatibility, errors from request_irq() are local to the + * SET_IRQS path and reflected in the name pointer. This allows, + * for example, polling mode fallback for an exclusive IRQ failure. + */ + if (IS_ERR(vdev->irqs[index].name)) + return PTR_ERR(vdev->irqs[index].name); + switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) { case VFIO_IRQ_SET_ACTION_MASK: func = vfio_platform_set_irq_mask; @@ -280,7 +286,7 @@ int vfio_platform_set_irqs_ioctl(struct vfio_platform_device *vdev, int vfio_platform_irq_init(struct vfio_platform_device *vdev) { - int cnt = 0, i; + int cnt = 0, i, ret = 0; while (vdev->get_irq(vdev, cnt) >= 0) cnt++; @@ -292,29 +298,54 @@ int vfio_platform_irq_init(struct vfio_platform_device *vdev) for (i = 0; i < cnt; i++) { int hwirq = vdev->get_irq(vdev, i); + irq_handler_t handler = vfio_irq_handler; - if (hwirq < 0) + if (hwirq < 0) { + ret = -EINVAL; goto err; + } spin_lock_init(&vdev->irqs[i].lock); vdev->irqs[i].flags = VFIO_IRQ_INFO_EVENTFD; - if (irq_get_trigger_type(hwirq) & IRQ_TYPE_LEVEL_MASK) + if (irq_get_trigger_type(hwirq) & IRQ_TYPE_LEVEL_MASK) { vdev->irqs[i].flags |= VFIO_IRQ_INFO_MASKABLE | VFIO_IRQ_INFO_AUTOMASKED; + handler = vfio_automasked_irq_handler; + } vdev->irqs[i].count = 1; vdev->irqs[i].hwirq = hwirq; vdev->irqs[i].masked = false; + vdev->irqs[i].name = kasprintf(GFP_KERNEL_ACCOUNT, + "vfio-irq[%d](%s)", hwirq, + vdev->name); + if (!vdev->irqs[i].name) { + ret = -ENOMEM; + goto err; + } + + ret = request_irq(hwirq, handler, IRQF_NO_AUTOEN, + vdev->irqs[i].name, &vdev->irqs[i]); + if (ret) { + kfree(vdev->irqs[i].name); + vdev->irqs[i].name = ERR_PTR(ret); + } } vdev->num_irqs = cnt; return 0; err: + for (--i; i >= 0; i--) { + if (!IS_ERR(vdev->irqs[i].name)) { + free_irq(vdev->irqs[i].hwirq, &vdev->irqs[i]); + kfree(vdev->irqs[i].name); + } + } kfree(vdev->irqs); - return -EINVAL; + return ret; } void vfio_platform_irq_cleanup(struct vfio_platform_device *vdev) @@ -324,7 +355,12 @@ void vfio_platform_irq_cleanup(struct vfio_platform_device *vdev) for (i = 0; i < vdev->num_irqs; i++) { vfio_virqfd_disable(&vdev->irqs[i].mask); vfio_virqfd_disable(&vdev->irqs[i].unmask); - vfio_set_trigger(vdev, i, -1, NULL); + if (!IS_ERR(vdev->irqs[i].name)) { + free_irq(vdev->irqs[i].hwirq, &vdev->irqs[i]); + if (vdev->irqs[i].trigger) + eventfd_ctx_put(vdev->irqs[i].trigger); + kfree(vdev->irqs[i].name); + } } vdev->num_irqs = 0; -- 2.44.0

1 year, 7 months

3
3
0 0

[PATCH 6.7 00/61] 6.7.10-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.7.10 release. There are 61 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 04:32:27 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Aya Levin (1): net/mlx5: Fix fw reporter diagnose output Daniel Borkmann (2): xdp, bonding: Fix feature flags when there are no slave devs anymore selftests/bpf: Fix up xdp bonding test wrt feature flags Eduard Zingerman (1): bpf: check bpf_func_state->callback_depth when pruning states Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Emeel Hakim (1): net/mlx5e: Fix MACsec state loss upon state update in offload path Emil Tantilov (1): idpf: disable local BH when scheduling napi for marker packets Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Florian Kauer (1): igc: avoid returning frame twice in XDP_REDIRECT Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Frank Li (3): dt-bindings: dma: fsl-edma: Add fsl-edma.h to prevent hardcoding in dts dmaengine: fsl-edma: utilize common dt-binding header file dmaengine: fsl-edma: correct max_segment_size setting Gao Xiang (1): erofs: apply proper VMA alignment for memory mapped files on THP Gavin Li (1): Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" Guillaume Nault (1): xfrm: Clear low order bits of ->flowi4_tos in decode_session4(). Horatiu Vultur (1): net: sparx5: Fix use after free inside sparx5_del_mact_entry Jacob Keller (2): ice: replace ice_vf_recreate_vsi() with ice_vf_reconfig_vsi() ice: virtchnl: stop pretending to support RSS over AQ or registers Jan Kara (1): readahead: avoid multiple marked readahead pages Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Jianbo Liu (2): net/mlx5: E-switch, Change flow rule destination checking net/mlx5e: Change the warning when ignore_flow_level is not supported Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Leon Romanovsky (1): xfrm: Pass UDP encapsulation in TX packet offload Maciej Fijalkowski (3): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able i40e: disable NAPI right after disabling irqs when handling xsk_pool ice: reorder disabling IRQ and NAPI in ice_qp_dis Matthieu Baerts (NGI0) (1): selftests: mptcp: decrease BW in simult flows Michal Schmidt (1): ice: fix uninitialized dplls mutex usage Michal Swiatkowski (1): ice: reconfig host after changing MSI-X on VF Moshe Shemesh (1): net/mlx5: Check capability for fw_reset Oleg Nesterov (1): exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Pawan Gupta (4): x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Rahul Rameshbabu (2): net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Saeed Mahameed (1): Revert "net/mlx5e: Check the number of elements before walk TC rhashtable" Sasha Levin (1): Linux 6.7.10-rc1 Steven Rostedt (Google) (1): tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Suren Baghdasaryan (1): arch/arm/mm: fix major fault accounting when retrying under per-VMA lock Tobias Jakobi (Compleo) (1): net: dsa: microchip: fix register write order in ksz8_ind_write8() Toke Høiland-Jørgensen (1): cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Wang Kefeng (1): ARM: 9328/1: mm: try VMA lock-based page fault handling first Yongzhi Liu (1): net: pds_core: Fix possible double free in error handling path .../ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 21 ++++ Makefile | 4 +- arch/arm/Kconfig | 1 + arch/arm/mm/fault.c | 32 ++++++ arch/x86/Kconfig | 11 ++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 8 ++ arch/x86/kernel/cpu/bugs.c | 92 +++++++++++++++- arch/x86/kernel/cpu/common.c | 38 ++++++- arch/x86/kvm/x86.c | 5 +- drivers/base/cpu.c | 3 + drivers/dma/fsl-edma-common.h | 5 +- drivers/dma/fsl-edma-main.c | 21 ++-- drivers/net/bonding/bond_main.c | 2 +- drivers/net/dsa/microchip/ksz8795.c | 4 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ice/ice_sriov.c | 33 ++---- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 35 ++++-- drivers/net/ethernet/intel/ice/ice_vf_lib.h | 1 - .../ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +- .../intel/ice/ice_virtchnl_allowlist.c | 2 - drivers/net/ethernet/intel/ice/ice_xsk.c | 9 +- .../net/ethernet/intel/idpf/idpf_virtchnl.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 13 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 ++++++++-- .../net/ethernet/mellanox/mlx5/core/devlink.c | 6 + .../net/ethernet/mellanox/mlx5/core/en/ptp.c | 12 +- .../mellanox/mlx5/core/en/tc/post_act.c | 2 +- .../mellanox/mlx5/core/en_accel/macsec.c | 82 ++++++++------ .../net/ethernet/mellanox/mlx5/core/en_tx.c | 2 + .../mellanox/mlx5/core/esw/ipsec_fs.c | 2 +- .../mellanox/mlx5/core/eswitch_offloads.c | 46 +++----- .../ethernet/mellanox/mlx5/core/fw_reset.c | 22 +++- .../net/ethernet/mellanox/mlx5/core/health.c | 2 +- .../microchip/sparx5/sparx5_mactable.c | 4 +- drivers/net/geneve.c | 18 ++- drivers/net/usb/lan78xx.c | 3 +- fs/erofs/data.c | 1 + include/dt-bindings/dma/fsl-edma.h | 21 ++++ include/linux/cpu.h | 2 + include/linux/mlx5/mlx5_ifc.h | 4 +- include/trace/events/qdisc.h | 20 ++-- kernel/bpf/cpumap.c | 2 +- kernel/bpf/verifier.c | 3 + kernel/exit.c | 10 +- mm/readahead.c | 4 +- net/ipv6/route.c | 21 ++-- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +-- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_policy.c | 2 +- .../selftests/bpf/prog_tests/xdp_bonding.c | 4 +- .../selftests/net/mptcp/simult_flows.sh | 8 +- 68 files changed, 648 insertions(+), 251 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst create mode 100644 include/dt-bindings/dma/fsl-edma.h -- 2.43.0

1 year, 7 months

7
68
0 0

[PATCH v4] usb: udc: remove warning when queue disabled ep

by yuan linyu

It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As there is no function failure in the driver, in order to avoid effort to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug(). Suggested-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan linyu <yuanlinyu(a)hihonor.com> --- v4: add version info in subject v3: add more debug info, remove two line commit description https://lore.kernel.org/linux-usb/20240315015854.2715357-1-yuanlinyu@hihono… v2: change WARN_ON_ONCE() in usb_ep_queue() to pr_debug() https://lore.kernel.org/linux-usb/20240315013019.2711135-1-yuanlinyu@hihono… v1: https://lore.kernel.org/linux-usb/20240314065949.2627778-1-yuanlinyu@hihono… drivers/usb/gadget/udc/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 9d4150124fdb..b3a9d18a8dcd 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -292,7 +292,9 @@ int usb_ep_queue(struct usb_ep *ep, { int ret = 0; - if (WARN_ON_ONCE(!ep->enabled && ep->address)) { + if (!ep->enabled && ep->address) { + pr_debug("USB gadget: queue request to disabled ep 0x%x (%s)\n", + ep->address, ep->name); ret = -ESHUTDOWN; goto out; } -- 2.25.1

1 year, 7 months

2
1
0 0

I/O errors while writing to external Transcend XS-2000 4TB SSD

by Martin Steigerwald

Hi! This is not exactly a regression, as I am not aware of a prior working state, but kernel documentation advises me to CC regressions list anyway¹. I am trying to put data on an external Kingston XS-2000 4 TB SSD using self-compiled Linux 6.7.4 kernel and encrypted BCacheFS. I do not think BCacheFS has any part in the errors I see, but if you disagree feel free to CC the BCacheFS mailing list as you reply. I am using a ThinkPad T14 AMD Gen 1 with AMD Ryzen 7 PRO 4750U and 32 GiB of RAM. I connected the SSD onto USB-C port directly with the ThinkPad. lsusb lists it as: Bus 007 Device 004: ID 0951:176b Kingston Technology XS2000 The SSD is detected as follows: [20303.913644] usb 7-1: new SuperSpeed Plus Gen 2x1 USB device number 9 using xhci_hcd [20303.926616] usb 7-1: New USB device found, idVendor=0951, idProduct=176b, bcdDevice= 1.00 [20303.926633] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [20303.926641] usb 7-1: Product: XS2000 [20303.926647] usb 7-1: Manufacturer: Kingston [20303.926652] usb 7-1: SerialNumber: […] [20303.929078] scsi host0: uas [20303.983859] scsi 0:0:0:0: Direct-Access Kingston XS2000 1000 PQ: 0 ANSI: 6 [20303.984426] sd 0:0:0:0: Attached scsi generic sg0 type 0 [20303.985197] sd 0:0:0:0: [sda] 8001573552 512-byte logical blocks: (4.10 TB/3.73 TiB) [20303.985331] sd 0:0:0:0: [sda] Write Protect is off [20303.985341] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00 [20303.985579] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA [20303.989516] sda: sda1 [20303.989611] sd 0:0:0:0: [sda] Attached SCSI disk BCacheFS is mounted as follows – but I suspect BCacheFS is not involved in those errors anyway: [20310.437864] bcachefs (sda1): mounting version 1.3: rebalance_work opts=metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4 [20310.437895] bcachefs (sda1): recovering from clean shutdown, journal seq 5094 [20310.450813] bcachefs (sda1): alloc_read... done [20310.450851] bcachefs (sda1): stripes_read... done [20310.450855] bcachefs (sda1): snapshots_read... done [20310.470815] bcachefs (sda1): journal_replay... done [20310.470824] bcachefs (sda1): resume_logged_ops... done [20310.470835] bcachefs (sda1): going read-write During rsync'ing about 1,4 TB of data after eventually a hour I got things like this: [33963.462694] sd 0:0:0:0: [sda] tag#10 uas_zap_pending 0 uas-tag 1 inflight: CMD [33963.462708] sd 0:0:0:0: [sda] tag#10 CDB: Write(16) 8a 00 00 00 00 00 82 c1 bc 00 00 00 04 00 00 00 [33963.462718] sd 0:0:0:0: [sda] tag#11 uas_zap_pending 0 uas-tag 2 inflight: CMD [33963.462725] sd 0:0:0:0: [sda] tag#11 CDB: Write(16) 8a 00 00 00 00 00 82 c1 c8 00 00 00 04 00 00 00 [33963.462733] sd 0:0:0:0: [sda] tag#15 uas_zap_pending 0 uas-tag 3 inflight: CMD [33963.462740] sd 0:0:0:0: [sda] tag#15 CDB: Write(16) 8a 00 00 00 00 00 82 c1 d2 4c 00 00 01 2f 00 00 [33963.462748] sd 0:0:0:0: [sda] tag#12 uas_zap_pending 0 uas-tag 4 inflight: CMD [33963.462754] sd 0:0:0:0: [sda] tag#12 CDB: Write(16) 8a 00 00 00 00 00 82 c1 d0 00 00 00 02 4c 00 00 [33963.462762] sd 0:0:0:0: [sda] tag#13 uas_zap_pending 0 uas-tag 5 inflight: CMD [33963.462769] sd 0:0:0:0: [sda] tag#13 CDB: Write(16) 8a 00 00 00 00 00 82 c1 d4 00 00 00 00 ff 00 00 [33963.462777] sd 0:0:0:0: [sda] tag#14 uas_zap_pending 0 uas-tag 6 inflight: CMD [33963.462783] sd 0:0:0:0: [sda] tag#14 CDB: Write(16) 8a 00 00 00 00 00 82 c1 ce 00 00 00 00 cc 00 00 [33963.576991] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 9 using xhci_hcd [33963.590793] scsi host0: uas_eh_device_reset_handler success [33963.592857] sd 0:0:0:0: [sda] tag#10 timing out command, waited 180s [33963.592872] sd 0:0:0:0: [sda] tag#10 FAILED Result: hostbyte=DID_RESET driverbyte=DRIVER_OK cmd_age=182s [33963.592881] sd 0:0:0:0: [sda] tag#10 CDB: Write(16) 8a 00 00 00 00 00 82 c1 bc 00 00 00 04 00 00 00 [33963.592886] I/O error, dev sda, sector 2193734656 op 0x1:(WRITE) flags 0x104000 phys_seg 773 prio class 2 [33963.592898] bcachefs (sda1 inum 1073761281 offset 265216): data write error: I/O [33963.592925] bcachefs (sda1 inum 1073761281 offset 467456): data write error: I/O [33963.592933] bcachefs (sda1 inum 1073761281 offset 470016): data write error: I/O [33963.592939] bcachefs (sda1 inum 1073761281 offset 471552): data write error: I/O [33963.592949] bcachefs (sda1 inum 1073761281 offset 514560): data write error: I/O [33963.592956] bcachefs (sda1 inum 1073761281 offset 517120): data write error: I/O [33963.592963] bcachefs (sda1 inum 1073761281 offset 519168): data write error: I/O [33963.592969] bcachefs (sda1 inum 1073761281 offset 521728): data write error: I/O [33963.592976] bcachefs (sda1 inum 1073761281 offset 523776): data write error: I/O [33963.592983] bcachefs (sda1 inum 1073761281 offset 526336): data write error: I/O The rsync completed but I did not trust the result, even tough "bcachefs fsck" told me the filesystem structure is okay. Thus I reran rsync with option "-c" for checksumming. After a long time with data that did match, it started to transfer a file again which should not happen if data would have been identical. As it ran into I/O errors again, I stopped the rsync process. I looked for that UAS error message and according to the article² I found I disabled UAS as follows: % cat /etc/modprobe.d/disable-uas.conf # Does not work with external SSD Transcend XS2000 4TB options usb-storage quirks=0951:176b:u The quirk was applied as I reconnected the devices after unloading both usb-storage and uas modules: [ 55.871301] usb 7-1: UAS is ignored for this device, using usb-storage instead [ 55.871310] usb-storage 7-1:1.0: USB Mass Storage device detected [ 55.871559] usb-storage 7-1:1.0: Quirks match for vid 0951 pid 176b: 800000 I recreated the BCacheFS filesystem and tried again. This time it did not take more than 10 minutes for the first I/O error to appear. Unless with UAS it made rsync stop with an I/O error immediately. Before that there were several USB resets. Here is the excerpt from dmesg: [ 795.768306] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 932.976677] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 963.189438] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 1000.057333] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 1036.917137] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 1073.782876] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 1110.647786] usb 7-1: reset SuperSpeed Plus Gen 2x1 USB device number 4 using xhci_hcd [ 1117.163693] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=214s [ 1117.163718] sd 0:0:0:0: [sda] tag#0 CDB: Write(16) 8a 00 00 00 00 00 02 72 20 00 00 00 08 00 00 00 [ 1117.163725] I/O error, dev sda, sector 41033728 op 0x1:(WRITE) flags 0x104000 phys_seg 1551 prio class 2 [ 1117.163739] bcachefs (sda1 inum 1879048481 offset 2572800): data write error: I/O [ 1117.163763] bcachefs (sda1 inum 1879048481 offset 2576384): data write error: I/O [ 1117.163771] bcachefs (sda1 inum 1879048481 offset 2578432): data write error: I/O [ 1117.163779] bcachefs (sda1 inum 1879048481 offset 2580480): data write error: I/O [ 1117.163786] bcachefs (sda1 inum 1879048481 offset 2582528): data write error: I/O [ 1117.163794] bcachefs (sda1 inum 1879048481 offset 2584576): data write error: I/O [ 1117.163803] bcachefs (sda1 inum 1879048481 offset 2586624): data write error: I/O [ 1117.163811] bcachefs (sda1 inum 1879048481 offset 2588672): data write error: I/O [ 1117.163818] bcachefs (sda1 inum 1879048481 offset 2590720): data write error: I/O [ 1117.163824] bcachefs (sda1 inum 1879048481 offset 2592768): data write error: I/O So even without UAS the device does not seem to like to write data on Linux. Next steps may involve looking for a firmware update for the external SSD as well as trying to obtain its SMART status. So far I did not succeed in finding the right options for smartctl. In case there is enough evidence that the device is defective I'd try to RMA it. I will keep a copy of kernel log and I could do some further tests as time permits. So let me know whether you need anything else, but for now the mail is long enough as it is. [1] https://www.kernel.org/doc/html/latest/admin-guide/reporting-issues.html [2] How to disable USB Attached Storage (UAS) Last edited on 4 December 2022, at 14:00 https://leo.leung.xyz/wiki/How_to_disable_USB_Attached_Storage_(UAS) Ciao, -- Martin

1 year, 7 months

4
9
0 0

[PATCH] memtest: use {READ,WRITE}_ONCE in memory scanning

by Qiang Zhang

memtest failed to find bad memory when compiled with clang. So use {WRITE,READ}_ONCE to access memory to avoid compiler over optimization. Cc: <Stable(a)vger.kernel.org> Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- mm/memtest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/memtest.c b/mm/memtest.c index 32f3e9dda837..c2c609c39119 100644 --- a/mm/memtest.c +++ b/mm/memtest.c @@ -51,10 +51,10 @@ static void __init memtest(u64 pattern, phys_addr_t start_phys, phys_addr_t size last_bad = 0; for (p = start; p < end; p++) - *p = pattern; + WRITE_ONCE(*p, pattern); for (p = start; p < end; p++, start_phys_aligned += incr) { - if (*p == pattern) + if (READ_ONCE(*p) == pattern) continue; if (start_phys_aligned == last_bad + incr) { last_bad += incr; -- 2.39.2

1 year, 7 months

3
2
0 0

[PATCH] cpufreq: dt: always allocate zeroed cpumask

by Marek Szyprowski

Commit 0499a78369ad ("ARM64: Dynamically allocate cpumasks and increase supported CPUs to 512") changed the handling of cpumasks on ARM 64bit, what resulted in the strange issues and warnings during cpufreq-dt initialization on some big.LITTLE platforms. This was caused by mixing OPPs between big and LITTLE cores, because OPP-sharing information between big and LITTLE cores is computed on cpumask, which in turn was not zeroed on allocation. Fix this by switching to zalloc_cpumask_var() call. Fixes: dc279ac6e5b4 ("cpufreq: dt: Refactor initialization to handle probe deferral properly") CC: stable(a)vger.kernel.org # v5.10+ Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/cpufreq/cpufreq-dt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c index 8bd6e5e8f121..2d83bbc65dd0 100644 --- a/drivers/cpufreq/cpufreq-dt.c +++ b/drivers/cpufreq/cpufreq-dt.c @@ -208,7 +208,7 @@ static int dt_cpufreq_early_init(struct device *dev, int cpu) if (!priv) return -ENOMEM; - if (!alloc_cpumask_var(&priv->cpus, GFP_KERNEL)) + if (!zalloc_cpumask_var(&priv->cpus, GFP_KERNEL)) return -ENOMEM; cpumask_set_cpu(cpu, priv->cpus); -- 2.34.1

1 year, 7 months

4
3
0 0

[PATCH] usb: udc: remove warning when queue disabled ep

by yuan linyu

It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As there is no function failure in the driver, in order to avoid effort to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug(). Suggested-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan linyu <yuanlinyu(a)hihonor.com> --- v3: add more debug info, remove two line commit description v2: change WARN_ON_ONCE() in usb_ep_queue() to pr_debug() https://lore.kernel.org/linux-usb/20240315013019.2711135-1-yuanlinyu@hihono… v1: https://lore.kernel.org/linux-usb/20240314065949.2627778-1-yuanlinyu@hihono… drivers/usb/gadget/udc/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 9d4150124fdb..b3a9d18a8dcd 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -292,7 +292,9 @@ int usb_ep_queue(struct usb_ep *ep, { int ret = 0; - if (WARN_ON_ONCE(!ep->enabled && ep->address)) { + if (!ep->enabled && ep->address) { + pr_debug("USB gadget: queue request to disabled ep 0x%x (%s)\n", + ep->address, ep->name); ret = -ESHUTDOWN; goto out; } -- 2.25.1

1 year, 7 months

1
0
0 0

[PATCH v2] usb: udc: remove warning when queue disabled ep

by yuan linyu

It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 CPU: 6 PID: 3839 Comm: file-storage Tainted: G S WC O 6.1.25-android14-11-g354e2a7e7cd9 #1 pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As there is no function failure in the driver, in order to avoid effort to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug(). Suggested-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan linyu <yuanlinyu(a)hihonor.com> --- v2: change WARN_ON_ONCE() in usb_ep_queue() to pr_debug() v1: https://lore.kernel.org/linux-usb/20240314065949.2627778-1-yuanlinyu@hihono… drivers/usb/gadget/udc/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 9d4150124fdb..2fbe5977c11d 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -292,7 +292,8 @@ int usb_ep_queue(struct usb_ep *ep, { int ret = 0; - if (WARN_ON_ONCE(!ep->enabled && ep->address)) { + if (!ep->enabled && ep->address) { + pr_debug("queue disabled ep %x\n", ep->address); ret = -ESHUTDOWN; goto out; } -- 2.25.1

1 year, 7 months

2
1
0 0

[PATCH] usb: dwc3: Properly set system wakeup

by Thinh Nguyen

If the device is configured for system wakeup, then make sure that the xHCI driver knows about it and make sure to permit wakeup only at the appropriate time. For host mode, if the controller goes through the dwc3 code path, then a child xHCI platform device is created. Make sure the platform device also inherits the wakeup setting for xHCI to enable remote wakeup. For device mode, make sure to disable system wakeup if no gadget driver is bound. We may experience unwanted system wakeup due to the wakeup signal from the controller PMU detecting connection/disconnection when in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents the system staying in suspend. Cc: stable(a)vger.kernel.org Reported-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igal… Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- drivers/usb/dwc3/core.c | 2 ++ drivers/usb/dwc3/core.h | 2 ++ drivers/usb/dwc3/gadget.c | 10 ++++++++++ drivers/usb/dwc3/host.c | 11 +++++++++++ 4 files changed, 25 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3e55838c0001..31684cdaaae3 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1519,6 +1519,8 @@ static void dwc3_get_properties(struct dwc3 *dwc) else dwc->sysdev = dwc->dev; + dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); + ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); if (ret >= 0) { dwc->usb_psy = power_supply_get_by_name(usb_psy_name); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index e120611a5174..893b1e694efe 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1132,6 +1132,7 @@ struct dwc3_scratchpad_array { * 3 - Reserved * @dis_metastability_quirk: set to disable metastability quirk. * @dis_split_quirk: set to disable split boundary. + * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. * @imod_interval: set the interrupt moderation interval in 250ns @@ -1355,6 +1356,7 @@ struct dwc3 { unsigned dis_split_quirk:1; unsigned async_callbacks:1; + unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 28f49400f3e8..07820b1a88a2 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2968,6 +2968,9 @@ static int dwc3_gadget_start(struct usb_gadget *g, dwc->gadget_driver = driver; spin_unlock_irqrestore(&dwc->lock, flags); + if (dwc->sys_wakeup) + device_wakeup_enable(dwc->sysdev); + return 0; } @@ -2983,6 +2986,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g) struct dwc3 *dwc = gadget_to_dwc(g); unsigned long flags; + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + spin_lock_irqsave(&dwc->lock, flags); dwc->gadget_driver = NULL; dwc->max_cfg_eps = 0; @@ -4664,6 +4670,10 @@ int dwc3_gadget_init(struct dwc3 *dwc) else dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed); + /* No system wakeup if no gadget driver bound */ + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + return 0; err5: diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 43230915323c..f6a020d77fa1 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -123,6 +123,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + if (dwc->sys_wakeup) { + /* Restore wakeup setting if switched from device */ + device_wakeup_enable(dwc->sysdev); + + /* Pass on wakeup setting to the new xhci platform device */ + device_init_wakeup(&xhci->dev, true); + } + return 0; err: platform_device_put(xhci); @@ -131,6 +139,9 @@ int dwc3_host_init(struct dwc3 *dwc) void dwc3_host_exit(struct dwc3 *dwc) { + if (dwc->sys_wakeup) + device_init_wakeup(&dwc->xhci->dev, false); + platform_device_unregister(dwc->xhci); dwc->xhci = NULL; } base-commit: b234c70fefa7532d34ebee104de64cc16f1b21e4 -- 2.28.0

1 year, 7 months

3
3
0 0

[PATCH 5.4 000/267] 5.4.269-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.269 release. There are 267 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.269-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.269-rc1 Frank Rowand <frank.rowand(a)sony.com> of: gpio unittest kfree() wrong object Frank Rowand <frank.rowand(a)sony.com> of: unittest: fix EXPECT text for gpio hog errors Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Fix EEE implementation Max Krummenacher <max.krummenacher(a)toradex.com> Revert "Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"" Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Enable runtime PM Douglas Anderson <dianders(a)chromium.org> PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> PM: runtime: add devm_pm_runtime_enable helper Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache Serge Semin <fancer.lancer(a)gmail.com> mips: Fix max_mapnr being uninitialized on early stages Mike Rapoport <rppt(a)linux.ibm.com> arch, mm: remove stale mentions of DISCONIGMEM Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table Junxiao Bi <junxiao.bi(a)oracle.com> Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Remove i801_set_block_buffer_mode yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Frank Rowand <frank.rowand(a)sony.com> of: unittest: add overlay gpio test to catch gpio hog problem David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_rbtree: skip end interval element from gc Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Julian Wiedmann <jwi(a)linux.ibm.com> net/af_iucv: clean up a try_then_request_module() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Benjamin Berg <bberg(a)redhat.com> HID: apple: Add 2021 magic keyboard FN key mapping free5lot <mail(a)free5lot.com> HID: apple: Swap the Fn and Left Control keys on Apple keyboards Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: Add support for the 2021 Magic Keyboard Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Piotr Skajewski <piotrx.skajewski(a)intel.com> ixgbe: Remove non-inclusive language Tom Rix <trix(a)redhat.com> net: remove unneeded break Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Peter Zijlstra <peterz(a)infradead.org> perf: Fix the nr_addr_filters fix Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Bjorn Helgaas <bhelgaas(a)google.com> PCI/AER: Decode Requester ID when no error info found Max Kellermann <max.kellermann(a)ionos.com> fs/kernfs/dir: obey S_ISGID Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro Daniel Stodden <dns(a)arista.com> PCI: switchtec: Fix stdev_release() crash after surprise hot remove Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Harshit Shah <harshitshah.opendev(a)gmail.com> i3c: master: cdns: Update maximum prescaler value for i2c clock Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Christoph Hellwig <hch(a)lst.de> block: prevent an integer overflow in bvec_try_merge_hw_page Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27: Pass timing0 Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7d: Fix coresight funnel ports Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix pyperf180 compilation failure with clang18 Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: satisfy compiler by having explicit return in btf test Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: restart beacon queue when hardware reset Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Gabriel Krisman Bertazi <krisman(a)suse.de> ecryptfs: Reject casefold directory inodes Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Rui Zhang <zr.zhang(a)vivo.com> regulator: core: Only increment use_count when enable_count changes Greg KH <gregkh(a)linuxfoundation.org> perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Zhiquan Li <zhiquan1.li(a)intel.com> x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Stephen Rothwell <sfr(a)canb.auug.org.au> powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Kamal Dasu <kamal.dasu(a)broadcom.com> spi: bcm-qspi: fix SFDP BFPT read by usig mspi read Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Arnd Bergmann <arnd(a)arndb.de> drm/exynos: fix accidental on-stack copy of exynos_drm_plane Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Ilya Dryomov <idryomov(a)gmail.com> rbd: don't move requests to the running list on errors Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Chung-Chiang Cheng <cccheng(a)synology.com> btrfs: tree-checker: fix inline ref size in error messages Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: ref-verify: free ref cache before clearing mount opt Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate NFPROTO_* family Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Denis Efremov <efremov(a)linux.com> net/mlx5: Use kfree(ft->g) in arfs_create_groups() Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Use the right GVMI number for drop action Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() David Howells <dhowells(a)redhat.com> afs: Hide silly-rename files from userspace Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum Nathan Chancellor <nathan(a)kernel.org> powerpc: Use always instead of always-y in for crtsavres.o Yang Xu <xuyang2018.jy(a)fujitsu.com> fs: move S_ISGID stripping into the vfs_*() helpers Yang Xu <xuyang2018.jy(a)fujitsu.com> fs: add mode_strip_sgid() helper JaimeLiao <jaimeliao(a)mxic.com.tw> mtd: spinand: macronix: Fix MX35LFxGE4AD page size Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Remove special-casing of compound pages Al Viro <viro(a)zeniv.linux.org.uk> rename(): fix the locking of subdirectories Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Avri Altman <avri.altman(a)wdc.com> mmc: core: Use mrq.sbc in close-ended ffu Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB wakeup interrupt types Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: add check for unsupported SPI modes during probe Oleksij Rempel <linux(a)rempel-privat.de> spi: introduce SPI_MODE_X_MASK macro Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: set safe default SPI clock frequency Daniel Lezcano <daniel.lezcano(a)linaro.org> units: add the HZ macros Daniel Lezcano <daniel.lezcano(a)linaro.org> units: change from 'L' to 'UL' Daniel Lezcano <daniel.lezcano(a)linaro.org> units: Add Watt units Akinobu Mita <akinobu.mita(a)gmail.com> include/linux/units.h: add helpers for kelvin to/from Celsius conversion qizhong cheng <qizhong.cheng(a)mediatek.com> PCI: mediatek: Clear interrupt status before dispatching handler ------------- Diffstat: Documentation/ABI/testing/sysfs-class-net-queues | 22 +- Documentation/filesystems/directory-locking.rst | 25 +- Documentation/filesystems/locking.rst | 5 +- Documentation/filesystems/porting.rst | 18 ++ Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 +- arch/arm/boot/dts/imx25-pdk.dts | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 4 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- .../boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7d.dtsi | 3 - arch/arm/boot/dts/imx7s.dtsi | 10 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 ++ arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 ++- arch/arm64/boot/dts/qcom/sdm845.dtsi | 8 +- arch/ia64/kernel/topology.c | 5 +- arch/ia64/mm/numa.c | 5 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/mmzone.h | 6 - arch/mips/kernel/elf.c | 6 + arch/mips/mm/init.c | 15 +- arch/nds32/include/asm/memory.h | 6 - arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 3 - arch/powerpc/kernel/traps.c | 2 + arch/powerpc/lib/Makefile | 4 +- arch/powerpc/lib/sstep.c | 10 + arch/powerpc/mm/book3s64/pgtable.c | 2 + arch/powerpc/mm/init-common.c | 5 +- arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/syscall_wrapper.h | 25 +- arch/x86/kernel/cpu/amd.c | 20 +- arch/x86/kernel/cpu/mce/core.c | 16 ++ arch/x86/mm/ident_map.c | 23 +- arch/xtensa/include/asm/page.h | 4 - block/bio.c | 9 +- block/blk-mq.c | 16 ++ crypto/algapi.c | 1 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 + drivers/android/binder.c | 10 + drivers/atm/idt77252.c | 2 + drivers/base/power/domain.c | 2 +- drivers/base/power/runtime.c | 22 ++ drivers/block/rbd.c | 22 +- drivers/bus/moxtet.c | 7 + drivers/char/hw_random/core.c | 36 +-- drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/crypto/stm32/stm32-crc32.c | 2 +- drivers/dma/fsl-qdma.c | 27 +-- drivers/firewire/core-device.c | 7 +- drivers/gpio/gpio-eic-sprd.c | 32 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/drm_plane.c | 1 + drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 + drivers/gpu/drm/exynos/exynos_drm_fimd.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 + drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/hid/hid-apple.c | 63 ++++- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-quirks.c | 1 + drivers/hid/wacom_sys.c | 63 +++-- drivers/hid/wacom_wac.c | 9 +- drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 ++-- drivers/i2c/busses/i2c-i801.c | 19 +- drivers/i3c/master/i3c-master-cdns.c | 7 +- drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/input/keyboard/atkbd.c | 13 +- drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/md/md.c | 54 ++++- drivers/md/raid5.c | 12 - drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/rockchip/rga/rga.c | 15 +- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/fastrpc.c | 2 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/mmc/core/block.c | 46 +++- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 2 +- drivers/mtd/nand/spi/macronix.c | 2 +- drivers/net/bonding/bond_alb.c | 3 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 1 - drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 + drivers/net/ethernet/cisco/enic/enic_ethtool.c | 1 - drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +++-- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 177 +++++++------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 44 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 ++++---- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 51 +--- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 45 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 ++++++------ drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 +- .../mellanox/mlx5/core/steering/dr_action.c | 1 + .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 ++++- drivers/net/fjes/fjes_hw.c | 37 ++- drivers/net/ppp/ppp_async.c | 4 + drivers/net/virtio_net.c | 9 +- drivers/net/wan/lmc/lmc_proto.c | 4 - drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 + drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 + .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/xen-netback/netback.c | 100 ++++---- drivers/of/unittest-data/Makefile | 8 +- drivers/of/unittest-data/overlay_gpio_01.dts | 23 ++ drivers/of/unittest-data/overlay_gpio_02a.dts | 16 ++ drivers/of/unittest-data/overlay_gpio_02b.dts | 16 ++ drivers/of/unittest-data/overlay_gpio_03.dts | 23 ++ drivers/of/unittest-data/overlay_gpio_04a.dts | 16 ++ drivers/of/unittest-data/overlay_gpio_04b.dts | 16 ++ drivers/of/unittest.c | 265 ++++++++++++++++++++- drivers/pci/controller/pcie-mediatek.c | 10 +- drivers/pci/pcie/aer.c | 9 +- drivers/pci/quirks.c | 24 +- drivers/pci/switch/switchtec.c | 25 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/regulator/core.c | 52 ++-- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 +- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/max310x.c | 21 +- drivers/tty/serial/sc16is7xx.c | 8 +- drivers/usb/core/hub.c | 34 ++- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/vhost/vhost.c | 5 +- fs/afs/dir.c | 8 + fs/afs/server.c | 7 +- fs/btrfs/extent-tree.c | 3 +- fs/btrfs/ioctl.c | 9 + fs/btrfs/qgroup.c | 14 ++ fs/btrfs/ref-verify.c | 6 +- fs/btrfs/send.c | 2 +- fs/btrfs/tree-checker.c | 2 +- fs/ceph/caps.c | 9 +- fs/compat_ioctl.c | 3 +- fs/dcache.c | 7 +- fs/ecryptfs/inode.c | 8 + fs/ext4/mballoc.c | 26 +- fs/ext4/move_extent.c | 6 +- fs/ext4/resize.c | 37 +-- fs/f2fs/recovery.c | 23 +- fs/inode.c | 32 ++- fs/jfs/jfs_dmap.c | 57 +++-- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/kernfs/dir.c | 12 + fs/namei.c | 144 ++++++++--- fs/nfsd/nfs4state.c | 61 ++--- fs/nilfs2/dat.c | 27 ++- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/ocfs2/namei.c | 1 + fs/pstore/ram.c | 1 + fs/ubifs/dir.c | 2 + include/drm/drm_mipi_dsi.h | 2 + include/linux/bpf.h | 6 +- include/linux/dmaengine.h | 3 +- include/linux/fs.h | 1 + include/linux/gfp.h | 4 +- include/linux/hrtimer.h | 4 +- include/linux/lsm_hooks.h | 9 + include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/pci_ids.h | 1 + include/linux/pm_runtime.h | 9 + include/linux/security.h | 9 + include/linux/spi/spi.h | 1 + include/linux/syscalls.h | 1 + include/linux/units.h | 92 +++++++ include/net/af_unix.h | 20 +- include/net/llc_pdu.h | 6 +- include/net/netfilter/nf_tables.h | 4 +- include/uapi/linux/btrfs.h | 3 + include/uapi/linux/netfilter/nf_tables.h | 2 + kernel/audit.c | 31 ++- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/map_in_map.c | 2 +- kernel/bpf/map_in_map.h | 2 +- kernel/events/core.c | 38 ++- kernel/power/swap.c | 38 +-- kernel/sched/membarrier.c | 9 + kernel/time/hrtimer.c | 3 + kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +++--- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 7 +- mm/page-writeback.c | 2 +- net/8021q/vlan_netlink.c | 4 + net/can/j1939/j1939-priv.h | 1 + net/can/j1939/socket.c | 22 +- net/core/skbuff.c | 3 +- net/ipv4/af_inet.c | 6 +- net/ipv4/ip_output.c | 12 +- net/ipv4/tcp.c | 1 + net/ipv6/addrconf_core.c | 21 +- net/iucv/af_iucv.c | 14 +- net/llc/af_llc.c | 26 +- net/llc/llc_core.c | 7 - net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 ++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 20 +- net/netfilter/nft_byteorder.c | 5 +- net/netfilter/nft_compat.c | 23 +- net/netfilter/nft_ct.c | 27 +++ net/netfilter/nft_flow_offload.c | 5 + net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_nat.c | 5 + net/netfilter/nft_rt.c | 5 + net/netfilter/nft_set_rbtree.c | 7 +- net/netfilter/nft_socket.c | 5 + net/netfilter/nft_synproxy.c | 7 +- net/netfilter/nft_tproxy.c | 5 + net/netfilter/nft_xfrm.c | 5 + net/netlink/af_netlink.c | 2 +- net/nfc/nci/core.c | 4 + net/rds/af_rds.c | 2 +- net/rxrpc/conn_event.c | 8 + net/rxrpc/conn_service.c | 3 +- net/smc/smc_diag.c | 2 +- net/sunrpc/xprtmultipath.c | 17 +- net/tipc/bearer.c | 6 + net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/wireless/scan.c | 4 + scripts/link-vmlinux.sh | 9 +- security/security.c | 17 ++ security/selinux/hooks.c | 28 +++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 18 ++ sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/rt5645.c | 1 + tools/lib/subcmd/help.c | 18 +- tools/testing/selftests/bpf/progs/pyperf180.c | 22 ++ tools/testing/selftests/bpf/test_btf.c | 1 + tools/testing/selftests/net/pmtu.sh | 18 +- virt/kvm/arm/vgic/vgic-its.c | 5 + 311 files changed, 3010 insertions(+), 1335 deletions(-)

1 year, 7 months

13
286
0 0

[PATCH 5.4 00/51] 5.4.272-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 5.4.272 release. There are 51 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 05:02:10 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Andy Shevchenko (4): serial: max310x: Use devm_clk_get_optional() to get the input clock serial: max310x: Try to get crystal clock rate from property serial: max310x: Make use of device properties serial: max310x: Unprepare and disable clock in error path Ansuel Smith (1): regmap: allow to define reg_update_bits for no bus configuration Arnd Bergmann (1): y2038: rusage: use __kernel_old_timeval Cosmin Tanislav (4): serial: max310x: use regmap methods for SPI batch operations serial: max310x: use a separate regmap for each port serial: max310x: make accessing revision id interface-agnostic serial: max310x: implement I2C support Dexuan Cui (1): hv_netvsc: Make netvsc/VF binding check both MAC and serial number Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Florian Westphal (1): netfilter: nft_ct: fix l3num expectations with inet pseudo family Hugo Villeneuve (2): serial: max310x: fail probe if clock crystal is unstable serial: max310x: prevent infinite while() loop in port startup Ingo Molnar (1): exit: Fix typo in comment: s/sub-theads/sub-threads Jan Kundrát (1): serial: max310x: fix IO data corruption in batched operations Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johannes Berg (1): um: allow not setting extra rpaths in the linux binary John Efstathiades (4): lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Maciej Fijalkowski (1): ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able Marek Vasut (1): regmap: Add bulk read/write callbacks into regmap_config Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (5): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Rand Deeb (1): net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin (1): Linux 5.4.272-rc1 Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Makefile | 4 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/um/Kconfig | 13 + arch/um/Makefile | 3 +- arch/x86/Makefile.um | 2 +- drivers/base/regmap/internal.h | 4 + drivers/base/regmap/regmap.c | 77 +- drivers/input/serio/i8042-x86ia64io.h | 6 + drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 +- drivers/net/geneve.c | 18 +- drivers/net/hyperv/netvsc_drv.c | 96 +- drivers/net/usb/lan78xx.c | 910 ++++++++++++++---- drivers/tty/serial/Kconfig | 1 + drivers/tty/serial/max310x.c | 378 ++++++-- include/linux/regmap.h | 19 + include/uapi/linux/resource.h | 4 +- kernel/exit.c | 12 +- kernel/sys.c | 91 +- net/ipv6/route.c | 21 +- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netfilter/nft_ct.c | 11 +- net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- tools/testing/selftests/vm/map_hugetlb.c | 7 + 31 files changed, 1322 insertions(+), 465 deletions(-) -- 2.43.0

1 year, 7 months

5
56
0 0

[PATCH] Revert "block/mq-deadline: use correct way to throttling write requests"

by Bart Van Assche

The code "max(1U, 3 * (1U << shift) / 4)" comes from the Kyber I/O scheduler. The Kyber I/O scheduler maintains one internal queue per hwq and hence derives its async_depth from the number of hwq tags. Using this approach for the mq-deadline scheduler is wrong since the mq-deadline scheduler maintains one internal queue for all hwqs combined. Hence this revert. Cc: stable(a)vger.kernel.org Cc: Damien Le Moal <dlemoal(a)kernel.org> Cc: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Cc: Zhiguo Niu <Zhiguo.Niu(a)unisoc.com> Fixes: d47f9717e5cf ("block/mq-deadline: use correct way to throttling write requests") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- block/mq-deadline.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/block/mq-deadline.c b/block/mq-deadline.c index f958e79277b8..02a916ba62ee 100644 --- a/block/mq-deadline.c +++ b/block/mq-deadline.c @@ -646,9 +646,8 @@ static void dd_depth_updated(struct blk_mq_hw_ctx *hctx) struct request_queue *q = hctx->queue; struct deadline_data *dd = q->elevator->elevator_data; struct blk_mq_tags *tags = hctx->sched_tags; - unsigned int shift = tags->bitmap_tags.sb.shift; - dd->async_depth = max(1U, 3 * (1U << shift) / 4); + dd->async_depth = max(1UL, 3 * q->nr_requests / 4); sbitmap_queue_min_shallow_depth(&tags->bitmap_tags, dd->async_depth); }

1 year, 7 months

4
5
0 0

[PATCH] clk: qcom: apss-ipq-pll: use stromer ops for IPQ5018 to fix boot failure

by Gabor Juhos

Booting v6.8 results in a hang on various IPQ5018 based boards. Investigating the problem showed that the hang happens when the clk_alpha_pll_stromer_plus_set_rate() function tries to write into the PLL_MODE register of the APSS PLL. Checking the downstream code revealed that it uses [1] stromer specific operations for IPQ5018, whereas in the current code the stromer plus specific operations are used. The ops in the 'ipq_pll_stromer_plus' clock definition can't be changed since that is needed for IPQ5332, so add a new alpha pll clock declaration which uses the correct stromer ops and use this new clock for IPQ5018 to avoid the boot failure. 1. https://git.codelinaro.org/clo/qsdk/oss/kernel/linux-ipq-5.4/-/blob/NHSS.QS… Cc: stable(a)vger.kernel.org Fixes: 50492f929486 ("clk: qcom: apss-ipq-pll: add support for IPQ5018") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Based on v6.8. --- drivers/clk/qcom/apss-ipq-pll.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/clk/qcom/apss-ipq-pll.c b/drivers/clk/qcom/apss-ipq-pll.c index 678b805f13d45..11f1ae59438f7 100644 --- a/drivers/clk/qcom/apss-ipq-pll.c +++ b/drivers/clk/qcom/apss-ipq-pll.c @@ -55,6 +55,24 @@ static struct clk_alpha_pll ipq_pll_huayra = { }, }; +static struct clk_alpha_pll ipq_pll_stromer = { + .offset = 0x0, + .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], + .flags = SUPPORTS_DYNAMIC_UPDATE, + .clkr = { + .enable_reg = 0x0, + .enable_mask = BIT(0), + .hw.init = &(struct clk_init_data){ + .name = "a53pll", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "xo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_stromer_ops, + }, + }, +}; + static struct clk_alpha_pll ipq_pll_stromer_plus = { .offset = 0x0, .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], @@ -145,7 +163,7 @@ struct apss_pll_data { static const struct apss_pll_data ipq5018_pll_data = { .pll_type = CLK_ALPHA_PLL_TYPE_STROMER_PLUS, - .pll = &ipq_pll_stromer_plus, + .pll = &ipq_pll_stromer, .pll_config = &ipq5018_pll_config, }; --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240311-apss-ipq-pll-ipq5018-hang-74d9a8f47136 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 7 months

4
7
0 0

[PATCH 1/2] cifs: reduce warning log level for server not advertising interfaces

by nspmangalore＠gmail.com

From: Shyam Prasad N <sprasad(a)microsoft.com> Several users have reported this log getting dumped too regularly to kernel log. The likely root cause has been identified, and it suggests that this situation is expected for some configurations (for example SMB2.1). Since the function returns appropriately even for such cases, it is fairly harmless to make this a debug log. When needed, the verbosity can be increased to capture this log. Cc: Stable <stable(a)vger.kernel.org> Reported-by: Jan Čermák <sairon(a)sairon.cz> Signed-off-by: Shyam Prasad N <sprasad(a)microsoft.com> --- fs/smb/client/sess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c index 8f37373fd333..37cdf5b55108 100644 --- a/fs/smb/client/sess.c +++ b/fs/smb/client/sess.c @@ -230,7 +230,7 @@ int cifs_try_adding_channels(struct cifs_ses *ses) spin_lock(&ses->iface_lock); if (!ses->iface_count) { spin_unlock(&ses->iface_lock); - cifs_dbg(VFS, "server %s does not advertise interfaces\n", + cifs_dbg(FYI, "server %s does not advertise interfaces\n", ses->server->hostname); break; } @@ -396,7 +396,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server) spin_lock(&ses->iface_lock); if (!ses->iface_count) { spin_unlock(&ses->iface_lock); - cifs_dbg(VFS, "server %s does not advertise interfaces\n", ses->server->hostname); + cifs_dbg(FYI, "server %s does not advertise interfaces\n", ses->server->hostname); return; } -- 2.34.1

1 year, 7 months

2
4
0 0

[PATCH] usb: storage: isd200: fix error checks in isd200_{read,write}_config()

by Roman Smirnov

The expression result >= 0 will be true even if usb_stor_ctrl_transfer() returns an error code. It is necessary to compare result with USB_STOR_XFER_GOOD. Found by Linux Verification Center (linuxtesting.org) with Svace. Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> Cc: stable(a)vger.kernel.org Reviewed-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> --- drivers/usb/storage/isd200.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/storage/isd200.c b/drivers/usb/storage/isd200.c index 300aeef160e7..2a1531793820 100644 --- a/drivers/usb/storage/isd200.c +++ b/drivers/usb/storage/isd200.c @@ -774,7 +774,7 @@ static int isd200_write_config( struct us_data *us ) (void *) &info->ConfigData, sizeof(info->ConfigData)); - if (result >= 0) { + if (result == USB_STOR_XFER_GOOD) { usb_stor_dbg(us, " ISD200 Config Data was written successfully\n"); } else { usb_stor_dbg(us, " Request to write ISD200 Config Data failed!\n"); @@ -816,7 +816,7 @@ static int isd200_read_config( struct us_data *us ) sizeof(info->ConfigData)); - if (result >= 0) { + if (result == USB_STOR_XFER_GOOD) { usb_stor_dbg(us, " Retrieved the following ISD200 Config Data:\n"); #ifdef CONFIG_USB_STORAGE_DEBUG isd200_log_config(us, info); -- 2.34.1

1 year, 7 months

2
1
0 0

[PATCH 1/2] f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag

by Sunmin Jeong

In f2fs_update_inode, i_size of the atomic file isn't updated until FI_ATOMIC_COMMITTED flag is set. When committing atomic write right after the writeback of the inode, i_size of the raw inode will not be updated. It can cause the atomicity corruption due to a mismatch between old file size and new data. To prevent the problem, let's mark inode dirty for FI_ATOMIC_COMMITTED Atomic write thread Writeback thread __writeback_single_inode write_inode f2fs_update_inode - skip i_size update f2fs_ioc_commit_atomic_write f2fs_commit_atomic_write set_inode_flag(inode, FI_ATOMIC_COMMITTED) f2fs_do_sync_file f2fs_fsync_node_pages - skip f2fs_update_inode since the inode is clean Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- fs/f2fs/f2fs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 543898482f8b..a000cb024dbe 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -3039,6 +3039,7 @@ static inline void __mark_inode_dirty_flag(struct inode *inode, case FI_INLINE_DOTS: case FI_PIN_FILE: case FI_COMPRESS_RELEASED: + case FI_ATOMIC_COMMITTED: f2fs_mark_inode_dirty_sync(inode, true); } } -- 2.25.1

1 year, 7 months

4
6
0 0

[merged mm-nonmm-stable] nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: prevent kernel bug at submit_bh_wbc() has been removed from the -mm tree. Its filename was nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: prevent kernel bug at submit_bh_wbc() Date: Wed, 13 Mar 2024 19:58:27 +0900 Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent behavior is not due to a previously fixed bug, then an unexpected race is occurring, so return a temporary error -EAGAIN instead. This prevents callers such as __block_write_begin_int() from requesting a read into a buffer that is not mapped, which would cause the BUG_ON check for the BH_Mapped flag in submit_bh_wbc() to fail. Link: https://lkml.kernel.org/r/20240313105827.5296-3-konishi.ryusuke@gmail.com Fixes: 1f5abe7e7dbc ("nilfs2: replace BUG_ON and BUG calls triggerable from ioctl") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/inode.c~nilfs2-prevent-kernel-bug-at-submit_bh_wbc +++ a/fs/nilfs2/inode.c @@ -112,7 +112,7 @@ int nilfs_get_block(struct inode *inode, "%s (ino=%lu): a race condition while inserting a data block at offset=%llu", __func__, inode->i_ino, (unsigned long long)blkoff); - err = 0; + err = -EAGAIN; } nilfs_transaction_abort(inode->i_sb); goto out; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

1 year, 7 months

1
0
0 0

[merged mm-nonmm-stable] nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix failure to detect DAT corruption in btree and direct mappings has been removed from the -mm tree. Its filename was nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Date: Wed, 13 Mar 2024 19:58:26 +0900 Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one a separate patch. The first patch alone resolves the syzbot-reported bug, but I think both fixes should be sent to stable, so I've tagged them as such. This patch (of 2): Syzbot has reported a kernel bug in submit_bh_wbc() when writing file data to a nilfs2 file system whose metadata is corrupted. There are two flaws involved in this issue. The first flaw is that when nilfs_get_block() locates a data block using btree or direct mapping, if the disk address translation routine nilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata corruption, it can be passed back to nilfs_get_block(). This causes nilfs_get_block() to misidentify an existing block as non-existent, causing both data block lookup and insertion to fail inconsistently. The second flaw is that nilfs_get_block() returns a successful status in this inconsistent state. This causes the caller __block_write_begin_int() or others to request a read even though the buffer is not mapped, resulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc() failing. This fixes the first issue by changing the return value to code -EINVAL when a conversion using DAT fails with code -ENOENT, avoiding the conflicting condition that leads to the kernel bug described above. Here, code -EINVAL indicates that metadata corruption was detected during the block lookup, which will be properly handled as a file system error and converted to -EIO when passing through the nilfs2 bmap layer. Link: https://lkml.kernel.org/r/20240313105827.5296-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240313105827.5296-2-konishi.ryusuke@gmail.com Fixes: c3a7abf06ce7 ("nilfs2: support contiguous lookup of blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+cfed5b56649bddf80d6e(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=cfed5b56649bddf80d6e Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/btree.c | 9 +++++++-- fs/nilfs2/direct.c | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) --- a/fs/nilfs2/btree.c~nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings +++ a/fs/nilfs2/btree.c @@ -724,7 +724,7 @@ static int nilfs_btree_lookup_contig(con dat = nilfs_bmap_get_dat(btree); ret = nilfs_dat_translate(dat, ptr, &blocknr); if (ret < 0) - goto out; + goto dat_error; ptr = blocknr; } cnt = 1; @@ -743,7 +743,7 @@ static int nilfs_btree_lookup_contig(con if (dat) { ret = nilfs_dat_translate(dat, ptr2, &blocknr); if (ret < 0) - goto out; + goto dat_error; ptr2 = blocknr; } if (ptr2 != ptr + cnt || ++cnt == maxblocks) @@ -781,6 +781,11 @@ static int nilfs_btree_lookup_contig(con out: nilfs_btree_free_path(path); return ret; + + dat_error: + if (ret == -ENOENT) + ret = -EINVAL; /* Notify bmap layer of metadata corruption */ + goto out; } static void nilfs_btree_promote_key(struct nilfs_bmap *btree, --- a/fs/nilfs2/direct.c~nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings +++ a/fs/nilfs2/direct.c @@ -66,7 +66,7 @@ static int nilfs_direct_lookup_contig(co dat = nilfs_bmap_get_dat(direct); ret = nilfs_dat_translate(dat, ptr, &blocknr); if (ret < 0) - return ret; + goto dat_error; ptr = blocknr; } @@ -79,7 +79,7 @@ static int nilfs_direct_lookup_contig(co if (dat) { ret = nilfs_dat_translate(dat, ptr2, &blocknr); if (ret < 0) - return ret; + goto dat_error; ptr2 = blocknr; } if (ptr2 != ptr + cnt) @@ -87,6 +87,11 @@ static int nilfs_direct_lookup_contig(co } *ptrp = ptr; return cnt; + + dat_error: + if (ret == -ENOENT) + ret = -EINVAL; /* Notify bmap layer of metadata corruption */ + return ret; } static __u64 _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

1 year, 7 months

1
0
0 0

[PATCH v1] usb: f_mass_storage: reduce chance to queue disable ep

by yuan linyu

It is possible trigger below warning message from mass storage function, ------------[ cut here ]------------ WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 CPU: 6 PID: 3839 Comm: file-storage Tainted: G S WC O 6.1.25-android14-11-g354e2a7e7cd9 #1 pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As mass storage function have record of ep enable/disable state, let's add the state check before queue request to UDC, it maybe avoid warning. Also use common lock to protect ep state which avoid race between main thread and function disable. Cc: <stable(a)vger.kernel.org> # 6.1 Signed-off-by: yuan linyu <yuanlinyu(a)hihonor.com> --- drivers/usb/gadget/function/f_mass_storage.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/f_mass_storage.c b/drivers/usb/gadget/function/f_mass_storage.c index c265a1f62fc1..056083cb68cb 100644 --- a/drivers/usb/gadget/function/f_mass_storage.c +++ b/drivers/usb/gadget/function/f_mass_storage.c @@ -520,12 +520,25 @@ static int fsg_setup(struct usb_function *f, static int start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, struct usb_request *req) { + unsigned long flags; int rc; - if (ep == fsg->bulk_in) + spin_lock_irqsave(&fsg->common->lock, flags); + if (ep == fsg->bulk_in) { + if (!fsg->bulk_in_enabled) { + spin_unlock_irqrestore(&fsg->common->lock, flags); + return -ESHUTDOWN; + } dump_msg(fsg, "bulk-in", req->buf, req->length); + } else { + if (!fsg->bulk_out_enabled) { + spin_unlock_irqrestore(&fsg->common->lock, flags); + return -ESHUTDOWN; + } + } rc = usb_ep_queue(ep, req, GFP_KERNEL); + spin_unlock_irqrestore(&fsg->common->lock, flags); if (rc) { /* We can't do much more than wait for a reset */ @@ -2406,8 +2419,10 @@ static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) static void fsg_disable(struct usb_function *f) { struct fsg_dev *fsg = fsg_from_func(f); + unsigned long flags; /* Disable the endpoints */ + spin_lock_irqsave(&fsg->common->lock, flags); if (fsg->bulk_in_enabled) { usb_ep_disable(fsg->bulk_in); fsg->bulk_in_enabled = 0; @@ -2416,6 +2431,7 @@ static void fsg_disable(struct usb_function *f) usb_ep_disable(fsg->bulk_out); fsg->bulk_out_enabled = 0; } + spin_unlock_irqrestore(&fsg->common->lock, flags); __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); } -- 2.25.1

1 year, 7 months

4
4
0 0

[PATCH v2 4/9] ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()

by Baokun Li

We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] Read of size 8 at addr ffff888121b9d0f0 by task kworker/u2:0/11 CPU: 0 PID: 11 Comm: kworker/u2:0 Tainted: GL 6.7.0-next-20240118 #521 Call Trace: dump_stack_lvl+0x2c/0x50 kasan_report+0xb6/0xf0 ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] ext4_mb_regular_allocator+0x19e9/0x2370 [ext4] ext4_mb_new_blocks+0x88a/0x1370 [ext4] ext4_ext_map_blocks+0x14f7/0x2390 [ext4] ext4_map_blocks+0x569/0xea0 [ext4] ext4_do_writepages+0x10f6/0x1bc0 [ext4] [...] ================================================================== The flow of issue triggering is as follows: // Set s_mb_group_prealloc to 2147483647 via sysfs ext4_mb_new_blocks ext4_mb_normalize_request ext4_mb_normalize_group_request ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc ext4_mb_regular_allocator ext4_mb_choose_next_group ext4_mb_choose_next_group_best_avail mb_avg_fragment_size_order order = fls(len) - 2 = 29 ext4_mb_find_good_group_avg_frag_lists frag_list = &sbi->s_mb_avg_fragment_size[order] if (list_empty(frag_list)) // Trigger SOOB! At 4k block size, the length of the s_mb_avg_fragment_size list is 14, but an oversized s_mb_group_prealloc is set, causing slab-out-of-bounds to be triggered by an attempt to access an element at index 29. Add a new attr_id attr_clusters_in_group with values in the range [0, sbi->s_clusters_per_group] and declare mb_group_prealloc as that type to fix the issue. In addition avoid returning an order from mb_avg_fragment_size_order() greater than MB_NUM_ORDERS(sb) and reduce some useless loops. Fixes: 7e170922f06b ("ext4: Add allocation criteria 1.5 (CR1_5)") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/mballoc.c | 6 ++++++ fs/ext4/sysfs.c | 13 ++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 85a91a61b761..7ad089df2408 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -831,6 +831,8 @@ static int mb_avg_fragment_size_order(struct super_block *sb, ext4_grpblk_t len) return 0; if (order == MB_NUM_ORDERS(sb)) order--; + if (WARN_ON_ONCE(order > MB_NUM_ORDERS(sb))) + order = MB_NUM_ORDERS(sb) - 1; return order; } @@ -1057,6 +1059,10 @@ static void ext4_mb_choose_next_group_best_avail(struct ext4_allocation_context ac->ac_flags |= EXT4_MB_CR_BEST_AVAIL_LEN_OPTIMIZED; return; } + + /* Skip some unnecessary loops. */ + if (unlikely(i > MB_NUM_ORDERS(ac->ac_sb))) + i = MB_NUM_ORDERS(ac->ac_sb); } /* Reset goal length to original goal length before falling into CR_GOAL_LEN_SLOW */ diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 7f455b5f22c0..ddd71673176c 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -29,6 +29,7 @@ typedef enum { attr_trigger_test_error, attr_first_error_time, attr_last_error_time, + attr_clusters_in_group, attr_feature, attr_pointer_ui, attr_pointer_ul, @@ -207,13 +208,14 @@ EXT4_ATTR_FUNC(sra_exceeded_retry_limit, 0444); EXT4_ATTR_OFFSET(inode_readahead_blks, 0644, inode_readahead, ext4_sb_info, s_inode_readahead_blks); +EXT4_ATTR_OFFSET(mb_group_prealloc, 0644, clusters_in_group, + ext4_sb_info, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(inode_goal, s_inode_goal); EXT4_RW_ATTR_SBI_UI(mb_stats, s_mb_stats); EXT4_RW_ATTR_SBI_UI(mb_max_to_scan, s_mb_max_to_scan); EXT4_RW_ATTR_SBI_UI(mb_min_to_scan, s_mb_min_to_scan); EXT4_RW_ATTR_SBI_UI(mb_order2_req, s_mb_order2_reqs); EXT4_RW_ATTR_SBI_UI(mb_stream_req, s_mb_stream_request); -EXT4_RW_ATTR_SBI_UI(mb_group_prealloc, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(mb_max_linear_groups, s_mb_max_linear_groups); EXT4_RW_ATTR_SBI_UI(extent_max_zeroout_kb, s_extent_max_zeroout_kb); EXT4_ATTR(trigger_fs_error, 0200, trigger_test_error); @@ -376,6 +378,7 @@ static ssize_t ext4_generic_attr_show(struct ext4_attr *a, switch (a->attr_id) { case attr_inode_readahead: + case attr_clusters_in_group: case attr_pointer_ui: if (a->attr_ptr == ptr_ext4_super_block_offset) return sysfs_emit(buf, "%u\n", le32_to_cpup(ptr)); @@ -455,6 +458,14 @@ static ssize_t ext4_generic_attr_store(struct ext4_attr *a, else *((unsigned int *) ptr) = t; return len; + case attr_clusters_in_group: + ret = kstrtouint(skip_spaces(buf), 0, &t); + if (ret) + return ret; + if (t > sbi->s_clusters_per_group) + return -EINVAL; + *((unsigned int *) ptr) = t; + return len; case attr_pointer_ul: ret = kstrtoul(skip_spaces(buf), 0, &lt); if (ret) -- 2.31.1

1 year, 7 months

2
6
0 0

[PATCH 6.1.y, 6.6.y, 6.7.y] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR

by Nobuhiro Iwamatsu

From: Hans de Goede <hdegoede(a)redhat.com> commit aec7d25b497ce4a8d044e9496de0aa433f7f8f06 upstream. On Goldmont p2sb_bar() only ever gets called for 2 devices, the actual P2SB devfn 13,0 and the SPI controller which is part of the P2SB, devfn 13,2. But the current p2sb code tries to cache BAR0 info for all of devfn 13,0 to 13,7 . This involves calling pci_scan_single_device() for device 13 functions 0-7 and the hw does not seem to like pci_scan_single_device() getting called for some of the other hidden devices. E.g. on an ASUS VivoBook D540NV-GQ065T this leads to continuous ACPI errors leading to high CPU usage. Fix this by only caching BAR0 info and thus only calling pci_scan_single_device() for the P2SB and the SPI controller. Fixes: 5913320eb0b3 ("platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe") Reported-by: Danil Rybakov <danilrybakov249(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218531 Tested-by: Danil Rybakov <danilrybakov249(a)gmail.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240304134356.305375-2-hdegoede@redhat.com Signed-off-by: Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu(a)toshiba.co.jp> --- drivers/platform/x86/p2sb.c | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/drivers/platform/x86/p2sb.c b/drivers/platform/x86/p2sb.c index 17cc4b45e023..a64f56ddd4a4 100644 --- a/drivers/platform/x86/p2sb.c +++ b/drivers/platform/x86/p2sb.c @@ -20,9 +20,11 @@ #define P2SBC_HIDE BIT(8) #define P2SB_DEVFN_DEFAULT PCI_DEVFN(31, 1) +#define P2SB_DEVFN_GOLDMONT PCI_DEVFN(13, 0) +#define SPI_DEVFN_GOLDMONT PCI_DEVFN(13, 2) static const struct x86_cpu_id p2sb_cpu_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ATOM_GOLDMONT, PCI_DEVFN(13, 0)), + X86_MATCH_INTEL_FAM6_MODEL(ATOM_GOLDMONT, P2SB_DEVFN_GOLDMONT), {} }; @@ -98,21 +100,12 @@ static void p2sb_scan_and_cache_devfn(struct pci_bus *bus, unsigned int devfn) static int p2sb_scan_and_cache(struct pci_bus *bus, unsigned int devfn) { - unsigned int slot, fn; - - if (PCI_FUNC(devfn) == 0) { - /* - * When function number of the P2SB device is zero, scan it and - * other function numbers, and if devices are available, cache - * their BAR0s. - */ - slot = PCI_SLOT(devfn); - for (fn = 0; fn < NR_P2SB_RES_CACHE; fn++) - p2sb_scan_and_cache_devfn(bus, PCI_DEVFN(slot, fn)); - } else { - /* Scan the P2SB device and cache its BAR0 */ - p2sb_scan_and_cache_devfn(bus, devfn); - } + /* Scan the P2SB device and cache its BAR0 */ + p2sb_scan_and_cache_devfn(bus, devfn); + + /* On Goldmont p2sb_bar() also gets called for the SPI controller */ + if (devfn == P2SB_DEVFN_GOLDMONT) + p2sb_scan_and_cache_devfn(bus, SPI_DEVFN_GOLDMONT); if (!p2sb_valid_resource(&p2sb_resources[PCI_FUNC(devfn)].res)) return -ENOENT; -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH v3 2/4] scsi: scsi_debug: Do not sleep in atomic sections

by Bart Van Assche

stop_qc_helper() is called while a spinlock is held. cancel_work_sync() may sleep. Sleeping in atomic sections is not allowed. Hence change the cancel_work_sync() call into a cancel_work() call. Cc: Douglas Gilbert <dgilbert(a)interlog.com> Cc: John Garry <john.g.garry(a)oracle.com> Fixes: 1107c7b24ee3 ("scsi: scsi_debug: Dynamically allocate sdebug_queued_cmd") Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_debug.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c index 36368c71221b..7a0b7402b715 100644 --- a/drivers/scsi/scsi_debug.c +++ b/drivers/scsi/scsi_debug.c @@ -5648,7 +5648,7 @@ static void scsi_debug_slave_destroy(struct scsi_device *sdp) sdp->hostdata = NULL; } -/* Returns true if we require the queued memory to be freed by the caller. */ +/* Returns true if the queued command memory should be freed by the caller. */ static bool stop_qc_helper(struct sdebug_defer *sd_dp, enum sdeb_defer_type defer_t) { @@ -5664,11 +5664,8 @@ static bool stop_qc_helper(struct sdebug_defer *sd_dp, return true; } } else if (defer_t == SDEB_DEFER_WQ) { - /* Cancel if pending */ - if (cancel_work_sync(&sd_dp->ew.work)) - return true; - /* Was not pending, so it must have run */ - return false; + /* The caller must free qcmd if cancellation succeeds. */ + return cancel_work(&sd_dp->ew.work); } else if (defer_t == SDEB_DEFER_POLL) { return true; }

1 year, 7 months

2
1
0 0

[PATCH 1/2] wifi: cfg80211: add a flag to disable wireless extensions

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> Wireless extensions are already disabled if MLO is enabled, given that we cannot support MLO there with all the hard- coded assumptions about BSSID etc. However, the WiFi7 ecosystem is still stabilizing, and some devices may need MLO disabled while that happens. In that case, we might end up with a device that supports wext (but not MLO) in one kernel, and then breaks wext in the future (by enabling MLO), which is not desirable. Add a flag to let such drivers/devices disable wext even if MLO isn't yet enabled. Cc: stable(a)vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- include/net/cfg80211.h | 2 ++ net/wireless/wext-core.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 2e2be4fd2bb6..1e09329acc42 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -4991,6 +4991,7 @@ struct cfg80211_ops { * set this flag to update channels on beacon hints. * @WIPHY_FLAG_SUPPORTS_NSTR_NONPRIMARY: support connection to non-primary link * of an NSTR mobile AP MLD. + * @WIPHY_FLAG_DISABLE_WEXT: disable wireless extensions for this device */ enum wiphy_flags { WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK = BIT(0), @@ -5002,6 +5003,7 @@ enum wiphy_flags { WIPHY_FLAG_4ADDR_STATION = BIT(6), WIPHY_FLAG_CONTROL_PORT_PROTOCOL = BIT(7), WIPHY_FLAG_IBSS_RSN = BIT(8), + WIPHY_FLAG_DISABLE_WEXT = BIT(9), WIPHY_FLAG_MESH_AUTH = BIT(10), WIPHY_FLAG_SUPPORTS_EXT_KCK_32 = BIT(11), WIPHY_FLAG_SUPPORTS_NSTR_NONPRIMARY = BIT(12), diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c index a161c64d1765..838ad6541a17 100644 --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c @@ -4,6 +4,7 @@ * Authors : Jean Tourrilhes - HPL - <jt(a)hpl.hp.com> * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved. * Copyright 2009 Johannes Berg <johannes(a)sipsolutions.net> + * Copyright (C) 2024 Intel Corporation * * (As all part of the Linux kernel, this file is GPL) */ @@ -662,7 +663,8 @@ struct iw_statistics *get_wireless_stats(struct net_device *dev) dev->ieee80211_ptr->wiphy->wext && dev->ieee80211_ptr->wiphy->wext->get_wireless_stats) { wireless_warn_cfg80211_wext(); - if (dev->ieee80211_ptr->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) + if (dev->ieee80211_ptr->wiphy->flags & (WIPHY_FLAG_SUPPORTS_MLO | + WIPHY_FLAG_DISABLE_WEXT)) return NULL; return dev->ieee80211_ptr->wiphy->wext->get_wireless_stats(dev); } @@ -704,7 +706,8 @@ static iw_handler get_handler(struct net_device *dev, unsigned int cmd) #ifdef CONFIG_CFG80211_WEXT if (dev->ieee80211_ptr && dev->ieee80211_ptr->wiphy) { wireless_warn_cfg80211_wext(); - if (dev->ieee80211_ptr->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) + if (dev->ieee80211_ptr->wiphy->flags & (WIPHY_FLAG_SUPPORTS_MLO | + WIPHY_FLAG_DISABLE_WEXT)) return NULL; handlers = dev->ieee80211_ptr->wiphy->wext; } -- 2.44.0

1 year, 7 months

1
1
0 0

[PATCH AUTOSEL 5.15 1/5] scsi: mpt3sas: Prevent sending diag_reset when the controller is ready

by Sasha Levin

From: Ranjan Kumar <ranjan.kumar(a)broadcom.com> [ Upstream commit ee0017c3ed8a8abfa4d40e42f908fb38c31e7515 ] If the driver detects that the controller is not ready before sending the first IOC facts command, it will wait for a maximum of 10 seconds for it to become ready. However, even if the controller becomes ready within 10 seconds, the driver will still issue a diagnostic reset. Modify the driver to avoid sending a diag reset if the controller becomes ready within the 10-second wait time. Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> Link: https://lore.kernel.org/r/20240221071724.14986-1-ranjan.kumar@broadcom.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index e524e1fc53fa3..8325875bfc4ed 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -7238,7 +7238,9 @@ _base_wait_for_iocstate(struct MPT3SAS_ADAPTER *ioc, int timeout) return -EFAULT; } - issue_diag_reset: + return 0; + +issue_diag_reset: rc = _base_diag_reset(ioc); return rc; } -- 2.43.0

1 year, 7 months

4
7
0 0

re: [PATCH 5.15 00/76] 5.15.152-rc1 review

by Richard Narron

This patch file link does not work for me: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… When using Mozilla Firefox 115.8.0esr it gives me an error message: Bad object id: v5.15.151 And it gives me no download patch file... Richard Narron

1 year, 7 months

2
3
0 0

[PATCH 1/2] drm/msm/dp: fix runtime PM leak on disconnect

by Johan Hovold

Make sure to put the runtime PM usage count (and suspend) also when receiving a disconnect event while in the ST_MAINLINK_READY state. This specifically avoids leaking a runtime PM usage count on every disconnect with display servers that do not automatically enable external displays when receiving a hotplug notification. Fixes: 5814b8bf086a ("drm/msm/dp: incorporate pm_runtime framework into DP driver") Cc: stable(a)vger.kernel.org # 6.8 Cc: Kuogee Hsieh <quic_khsieh(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/gpu/drm/msm/dp/dp_display.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c index 4c72124ffb5d..8e8cf531da45 100644 --- a/drivers/gpu/drm/msm/dp/dp_display.c +++ b/drivers/gpu/drm/msm/dp/dp_display.c @@ -655,6 +655,7 @@ static int dp_hpd_unplug_handle(struct dp_display_private *dp, u32 data) dp_display_host_phy_exit(dp); dp->hpd_state = ST_DISCONNECTED; dp_display_notify_disconnect(&dp->dp_display.pdev->dev); + pm_runtime_put_sync(&pdev->dev); mutex_unlock(&dp->event_mutex); return 0; } -- 2.43.2

1 year, 7 months

2
1
0 0

[merged mm-stable] memtest-use-readwrite_once-in-memory-scanning.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: memtest: use {READ,WRITE}_ONCE in memory scanning has been removed from the -mm tree. Its filename was memtest-use-readwrite_once-in-memory-scanning.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: memtest: use {READ,WRITE}_ONCE in memory scanning Date: Tue, 12 Mar 2024 16:04:23 +0800 memtest failed to find bad memory when compiled with clang. So use {WRITE,READ}_ONCE to access memory to avoid compiler over optimization. Link: https://lkml.kernel.org/r/20240312080422.691222-1-qiang4.zhang@intel.com Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memtest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/memtest.c~memtest-use-readwrite_once-in-memory-scanning +++ a/mm/memtest.c @@ -51,10 +51,10 @@ static void __init memtest(u64 pattern, last_bad = 0; for (p = start; p < end; p++) - *p = pattern; + WRITE_ONCE(*p, pattern); for (p = start; p < end; p++, start_phys_aligned += incr) { - if (*p == pattern) + if (READ_ONCE(*p) == pattern) continue; if (start_phys_aligned == last_bad + incr) { last_bad += incr; _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are

1 year, 7 months

1
0
0 0

+ nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: prevent kernel bug at submit_bh_wbc() has been added to the -mm mm-nonmm-unstable branch. Its filename is nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: prevent kernel bug at submit_bh_wbc() Date: Wed, 13 Mar 2024 19:58:27 +0900 Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent behavior is not due to a previously fixed bug, then an unexpected race is occurring, so return a temporary error -EAGAIN instead. This prevents callers such as __block_write_begin_int() from requesting a read into a buffer that is not mapped, which would cause the BUG_ON check for the BH_Mapped flag in submit_bh_wbc() to fail. Link: https://lkml.kernel.org/r/20240313105827.5296-3-konishi.ryusuke@gmail.com Fixes: 1f5abe7e7dbc ("nilfs2: replace BUG_ON and BUG calls triggerable from ioctl") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/inode.c~nilfs2-prevent-kernel-bug-at-submit_bh_wbc +++ a/fs/nilfs2/inode.c @@ -112,7 +112,7 @@ int nilfs_get_block(struct inode *inode, "%s (ino=%lu): a race condition while inserting a data block at offset=%llu", __func__, inode->i_ino, (unsigned long long)blkoff); - err = 0; + err = -EAGAIN; } nilfs_transaction_abort(inode->i_sb); goto out; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings.patch nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch

1 year, 7 months

1
0
0 0

+ nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix failure to detect DAT corruption in btree and direct mappings has been added to the -mm mm-nonmm-unstable branch. Its filename is nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Date: Wed, 13 Mar 2024 19:58:26 +0900 Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one a separate patch. The first patch alone resolves the syzbot-reported bug, but I think both fixes should be sent to stable, so I've tagged them as such. This patch (of 2): Syzbot has reported a kernel bug in submit_bh_wbc() when writing file data to a nilfs2 file system whose metadata is corrupted. There are two flaws involved in this issue. The first flaw is that when nilfs_get_block() locates a data block using btree or direct mapping, if the disk address translation routine nilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata corruption, it can be passed back to nilfs_get_block(). This causes nilfs_get_block() to misidentify an existing block as non-existent, causing both data block lookup and insertion to fail inconsistently. The second flaw is that nilfs_get_block() returns a successful status in this inconsistent state. This causes the caller __block_write_begin_int() or others to request a read even though the buffer is not mapped, resulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc() failing. This fixes the first issue by changing the return value to code -EINVAL when a conversion using DAT fails with code -ENOENT, avoiding the conflicting condition that leads to the kernel bug described above. Here, code -EINVAL indicates that metadata corruption was detected during the block lookup, which will be properly handled as a file system error and converted to -EIO when passing through the nilfs2 bmap layer. Link: https://lkml.kernel.org/r/20240313105827.5296-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240313105827.5296-2-konishi.ryusuke@gmail.com Fixes: c3a7abf06ce7 ("nilfs2: support contiguous lookup of blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+cfed5b56649bddf80d6e(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=cfed5b56649bddf80d6e Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/btree.c | 9 +++++++-- fs/nilfs2/direct.c | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) --- a/fs/nilfs2/btree.c~nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings +++ a/fs/nilfs2/btree.c @@ -724,7 +724,7 @@ static int nilfs_btree_lookup_contig(con dat = nilfs_bmap_get_dat(btree); ret = nilfs_dat_translate(dat, ptr, &blocknr); if (ret < 0) - goto out; + goto dat_error; ptr = blocknr; } cnt = 1; @@ -743,7 +743,7 @@ static int nilfs_btree_lookup_contig(con if (dat) { ret = nilfs_dat_translate(dat, ptr2, &blocknr); if (ret < 0) - goto out; + goto dat_error; ptr2 = blocknr; } if (ptr2 != ptr + cnt || ++cnt == maxblocks) @@ -781,6 +781,11 @@ static int nilfs_btree_lookup_contig(con out: nilfs_btree_free_path(path); return ret; + + dat_error: + if (ret == -ENOENT) + ret = -EINVAL; /* Notify bmap layer of metadata corruption */ + goto out; } static void nilfs_btree_promote_key(struct nilfs_bmap *btree, --- a/fs/nilfs2/direct.c~nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings +++ a/fs/nilfs2/direct.c @@ -66,7 +66,7 @@ static int nilfs_direct_lookup_contig(co dat = nilfs_bmap_get_dat(direct); ret = nilfs_dat_translate(dat, ptr, &blocknr); if (ret < 0) - return ret; + goto dat_error; ptr = blocknr; } @@ -79,7 +79,7 @@ static int nilfs_direct_lookup_contig(co if (dat) { ret = nilfs_dat_translate(dat, ptr2, &blocknr); if (ret < 0) - return ret; + goto dat_error; ptr2 = blocknr; } if (ptr2 != ptr + cnt) @@ -87,6 +87,11 @@ static int nilfs_direct_lookup_contig(co } *ptrp = ptr; return cnt; + + dat_error: + if (ret == -ENOENT) + ret = -EINVAL; /* Notify bmap layer of metadata corruption */ + return ret; } static __u64 _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-failure-to-detect-dat-corruption-in-btree-and-direct-mappings.patch nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch

1 year, 7 months

1
0
0 0

[PATCH 2/2] drm/msm/dp: fix runtime PM leak on connect failure

by Johan Hovold

Make sure to balance the runtime PM usage counter (and suspend) before returning on connect failures (e.g. DPCD read failures after a spurious connect event or if link training fails). Fixes: 5814b8bf086a ("drm/msm/dp: incorporate pm_runtime framework into DP driver") Cc: stable(a)vger.kernel.org # 6.8 Cc: Kuogee Hsieh <quic_khsieh(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/gpu/drm/msm/dp/dp_display.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c index 8e8cf531da45..78464c395c3d 100644 --- a/drivers/gpu/drm/msm/dp/dp_display.c +++ b/drivers/gpu/drm/msm/dp/dp_display.c @@ -598,6 +598,7 @@ static int dp_hpd_plug_handle(struct dp_display_private *dp, u32 data) ret = dp_display_usbpd_configure_cb(&pdev->dev); if (ret) { /* link train failed */ dp->hpd_state = ST_DISCONNECTED; + pm_runtime_put_sync(&pdev->dev); } else { dp->hpd_state = ST_MAINLINK_READY; } -- 2.43.2

1 year, 7 months

2
1
0 0

[PATCH v2] btrfs: validate device maj:min during open

by Anand Jain

Boris managed to create a device capable of changing its maj:min without altering its device path. Only multi-devices can be scanned. A device that gets scanned and remains in the Btrfs kernel cache might end up with an incorrect maj:min. Despite the tempfsid feature patch did not introduce this bug, it could lead to issues if the above multi-device is converted to a single device with a stale maj:min. Subsequently, attempting to mount the same device with the correct maj:min might mistake it for another device with the same fsid, potentially resulting in wrongly auto-enabling the tempfsid feature. To address this, this patch validates the device's maj:min at the time of device open and updates it if it has changed since the last scan. CC: stable(a)vger.kernel.org # 6.7+ Fixes: a5b8a5f9f835 ("btrfs: support cloned-device mount capability") Reported-by: Boris Burkov <boris(a)bur.io> Co-developed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Anand Jain <anand.jain(a)oracle.com> --- v2: Drop using lookup_bdev() instead, get it from device->bdev->bd_dev. v1: https://lore.kernel.org/linux-btrfs/752b8526be21d984e0ee58c7f66d312664ff5ac… fs/btrfs/volumes.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index e49935a54da0..c318640b4472 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -692,6 +692,16 @@ static int btrfs_open_one_device(struct btrfs_fs_devices *fs_devices, device->bdev = bdev_handle->bdev; clear_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state); + if (device->devt != device->bdev->bd_dev) { + btrfs_warn(NULL, + "device %s maj:min changed from %d:%d to %d:%d", + device->name->str, MAJOR(device->devt), + MINOR(device->devt), MAJOR(device->bdev->bd_dev), + MINOR(device->bdev->bd_dev)); + + device->devt = device->bdev->bd_dev; + } + fs_devices->open_devices++; if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state) && device->devid != BTRFS_DEV_REPLACE_DEVID) { -- 2.38.1

1 year, 7 months

3
12
0 0

[PATCH] PCI: fix link retrain status in pcie_wait_for_link_delay()

by Simon Guinot

The current code in pcie_wait_for_link_delay() handles the value returned by pcie_failed_link_retrain() as an integer, expecting 0 when the link has been successfully retrained. The issue is that pcie_failed_link_retrain() returns a boolean: "true" if the link has been successfully retrained and "false" otherwise. This leads pcie_wait_for_link_delay() to return an incorrect "active link" status when pcie_failed_link_retrain() is called. This patch fixes the check of the value returned by pcie_failed_link_retrain() in pcie_wait_for_link_delay(). Note that this bug induces abnormal timeout delays when a PCI device is unplugged (around 60 seconds per bridge / secondary bus removed). Cc: stable(a)vger.kernel.org Fixes: 1abb47390350 ("Merge branch 'pci/enumeration'") Signed-off-by: Simon Guinot <simon.guinot(a)seagate.com> --- drivers/pci/pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index ccee56615f78..7ec91b4c5d03 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5101,9 +5101,7 @@ static bool pcie_wait_for_link_delay(struct pci_dev *pdev, bool active, msleep(20); rc = pcie_wait_for_link_status(pdev, false, active); if (active) { - if (rc) - rc = pcie_failed_link_retrain(pdev); - if (rc) + if (rc && !pcie_failed_link_retrain(pdev)) return false; msleep(delay); -- 2.43.0

1 year, 7 months

3
2
0 0

[PATCH 6.7 000/162] 6.7.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.9 release. There are 162 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.9-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.9-rc1 Danilo Krummrich <dakr(a)redhat.com> drm/nouveau: don't fini scheduler before entity flush Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: rm subflow with v4/v4mapped addr Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_is_v6 Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: update userspace pm test helpers Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add chk_subflows_total helper Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add evts_get_info helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: use correct function name for resetting TCE tables Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Ensure safe user copy of completion record Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Remove shadow Event Log head stored in idxd Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: qcom-qmp-usb: fix v3 offsets data Yang Yingliang <yangyingliang(a)huawei.com> phy: qcom: phy-qcom-m31: fix wrong pointer pass to PTR_ERR() Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Add HDMA remote interrupt configuration Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix the ch_count hdma callback Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Peter Ujfalusi <peter.ujfalusi(a)gmail.com> mfd: twl6030-irq: Revert to use of_match_device() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix potential wake-up event loss Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid printing warning once on client side Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Byungchul Park <byungchul(a)sk.com> mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Fix to allocate entry_data_size buffer with rethook instances Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Cristian Marussi <cristian.marussi(a)arm.com> pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix protection fault in iommufd_test_syz_conv_iova Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix iopt_access_list_id overwrite bug Nathan Chancellor <nathan(a)kernel.org> kbuild: Add -Wa,--fatal-warnings to as-instr invocation Thomas Weißschuh <linux(a)weissschuh.net> power: supply: mm8013: select REGMAP_I2C Samuel Holland <samuel.holland(a)sifive.com> riscv: Save/restore envcfg CSR during CPU suspend Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix enabling cbo.zero when running in M-mode Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Nathan Chancellor <nathan(a)kernel.org> RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH Xiubo Li <xiubli(a)redhat.com> ceph: switch to corrected encoding of max_xattr_size in mdsmap Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Rob Clark <robdclark(a)chromium.org> soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin <tsung-hua.lin(a)amd.com> drm/amd/display: Add monitor patch for specific eDP Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the power1_min_cap value Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Elad Nachman <enachman(a)marvell.com> mtd: rawnand: marvell: fix layouts Nhat Pham <nphamcs(a)gmail.com> mm: cachestat: fix folio read-after-free in cache walk Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Willian Wang <git(a)willian.wang> ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Gergo Koteles <soyer(a)irl.hu> ALSA: hda/realtek: tas2781: enable subwoofer volume control Jay Ajit Mate <jay.mate15(a)gmail.com> ALSA: hda/realtek: Fix top speaker connection on Dell Inspiron 16 Plus 7630 Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Sid Pranjale <sidpranjale127(a)protonmail.com> drm/nouveau: keep DMA buffers required for suspend/resume Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between ordered extent completion and fiemap Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix pte_leaf_size() for NAPOT Alexandre Ghiti <alexghiti(a)rivosinc.com> Revert "riscv: mm: support Svnapot in huge vmap" Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: ctr_get_width function for legacy is not defined Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: added capabilities for legacy PMU Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Prevent potential buffer overflow in map_hw_resources David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Conor Dooley <conor(a)kernel.org> RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix for initializing ASP1 mixer registers Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Don't add the same register patch multiple times Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Yangyu Chen <cyy(a)cyyself.name> riscv: mm: fix NOCACHE_THEAD does not set bit[61] correctly Mikko Perttunen <mperttunen(a)nvidia.com> gpu: host1x: Skip reset assert on Tegra186 Colin Ian King <colin.i.king(a)gmail.com> ASoC: qcom: Fix uninitialized pointer dmactl Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Jisheng Zhang <jszhang(a)kernel.org> riscv: tlb: fix __p*d_free_tlb() Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: separate no-async decryption request handling from async Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <o.rempel(a)pengutronix.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix handling of multiple mcast groups Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix triggering coredump implementation Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <o.rempel(a)pengutronix.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <o.rempel(a)pengutronix.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix pin phase adjust updates on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll periodic work data updates on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll and dpll_pin data access on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll input pin phase_adjust value updates Yochai Hagvi <yochai.hagvi(a)intel.com> ice: fix connection state of DPLL and out pin Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking ------------- Diffstat: Documentation/arch/x86/mds.rst | 34 +++- Makefile | 4 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 ++ arch/powerpc/include/asm/rtas.h | 4 +- arch/powerpc/kernel/rtas.c | 9 +- arch/powerpc/platforms/pseries/iommu.c | 156 +++++++++++------ arch/riscv/Kconfig | 1 - arch/riscv/include/asm/csr.h | 2 + arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/hugetlb.h | 2 + arch/riscv/include/asm/pgalloc.h | 20 ++- arch/riscv/include/asm/pgtable-64.h | 2 +- arch/riscv/include/asm/pgtable.h | 6 +- arch/riscv/include/asm/suspend.h | 1 + arch/riscv/include/asm/vmalloc.h | 61 +------ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cpufeature.c | 17 +- arch/riscv/kernel/return_address.c | 48 +++++ arch/riscv/kernel/suspend.c | 4 + arch/riscv/mm/hugetlbpage.c | 2 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 ++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 -- arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/intel.c | 178 ++++++++++--------- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 20 ++- drivers/bluetooth/btqca.c | 2 +- drivers/bluetooth/hci_bcm4377.c | 3 +- drivers/bluetooth/hci_qca.c | 22 ++- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/dw-edma/dw-edma-v0-core.c | 17 ++ drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +++-- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 +- drivers/dma/fsl-edma-common.c | 2 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/dma/idxd/cdev.c | 2 +- drivers/dma/idxd/debugfs.c | 2 +- drivers/dma/idxd/idxd.h | 1 - drivers/dma/idxd/init.c | 15 +- drivers/dma/idxd/irq.c | 3 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 +++ drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 9 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 9 +- drivers/gpu/drm/drm_buddy.c | 10 ++ drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 4 +- drivers/gpu/drm/tegra/drm.c | 23 ++- drivers/gpu/host1x/dev.c | 15 +- drivers/gpu/host1x/dev.h | 6 + drivers/iommu/iommufd/io_pagetable.c | 9 +- drivers/iommu/iommufd/selftest.c | 27 ++- drivers/mfd/twl6030-irq.c | 10 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 +++ drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 18 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 91 ++++++++-- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 ++--- drivers/of/property.c | 2 +- drivers/perf/riscv_pmu.c | 18 +- drivers/perf/riscv_pmu_legacy.c | 10 +- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 10 +- drivers/pmdomain/arm/scmi_perf_domain.c | 3 + drivers/pmdomain/qcom/rpmhpd.c | 7 +- drivers/power/supply/Kconfig | 1 + drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/pmic_glink.c | 21 +-- drivers/spi/spi-cadence-quadspi.c | 11 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/btrfs/disk-io.c | 22 +-- fs/btrfs/disk-io.h | 2 +- fs/btrfs/extent_io.c | 165 ++++++++++++++--- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/ceph/mdsmap.c | 7 +- fs/ceph/mdsmap.h | 6 +- fs/efivarfs/vars.c | 17 +- fs/nfs/write.c | 4 +- include/linux/bvec.h | 2 +- include/linux/netfilter.h | 1 + include/net/mctp.h | 1 + include/sound/soc-card.h | 2 + include/uapi/linux/in6.h | 2 +- kernel/trace/fprobe.c | 14 +- lib/nlattr.c | 4 + mm/debug_vm_pgtable.c | 8 + mm/filemap.c | 51 +++--- mm/migrate.c | 8 + net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 ++++++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++++ net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 +- net/mctp/route.c | 10 +- net/mptcp/diag.c | 3 + net/mptcp/options.c | 2 +- net/mptcp/pm_userspace.c | 10 ++ net/mptcp/protocol.c | 52 +++++- net/mptcp/protocol.h | 21 +-- net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 40 +++-- net/unix/garbage.c | 21 +-- net/wireless/nl80211.c | 2 + scripts/Kconfig.include | 2 +- scripts/Makefile.compiler | 2 +- security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/core/ump.c | 4 +- sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 33 +++- sound/soc/codecs/cs35l45.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 8 +- sound/soc/codecs/cs35l56.c | 195 ++++++++++++++++++--- sound/soc/codecs/cs35l56.h | 1 + sound/soc/fsl/fsl_xcvr.c | 12 +- sound/soc/qcom/lpass-cdc-dma.c | 2 +- sound/soc/soc-card.c | 24 ++- tools/net/ynl/lib/ynl.c | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 192 ++++++++++++-------- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 ++ tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 +++++---- 160 files changed, 1927 insertions(+), 829 deletions(-)

1 year, 7 months

10
181
0 0

[PATCH] powerpc: xor_vmx: Add '-mhard-float' to CFLAGS

by Nathan Chancellor

arch/powerpc/lib/xor_vmx.o is built with '-msoft-float' (from the main powerpc Makefile) and '-maltivec' (from its CFLAGS), which causes an error when building with clang after a recent change in main: error: option '-msoft-float' cannot be specified with '-maltivec' make[6]: *** [scripts/Makefile.build:243: arch/powerpc/lib/xor_vmx.o] Error 1 Explicitly add '-mhard-float' before '-maltivec' in xor_vmx.o's CFLAGS to override the previous inclusion of '-msoft-float' (as the last option wins), which matches how other areas of the kernel use '-maltivec', such as AMDGPU. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/1986 Link: https://github.com/llvm/llvm-project/commit/4792f912b232141ecba4cbae538873b… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- arch/powerpc/lib/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile index 6eac63e79a89..0ab65eeb93ee 100644 --- a/arch/powerpc/lib/Makefile +++ b/arch/powerpc/lib/Makefile @@ -76,7 +76,7 @@ obj-$(CONFIG_PPC_LIB_RHEAP) += rheap.o obj-$(CONFIG_FTR_FIXUP_SELFTEST) += feature-fixups-test.o obj-$(CONFIG_ALTIVEC) += xor_vmx.o xor_vmx_glue.o -CFLAGS_xor_vmx.o += -maltivec $(call cc-option,-mabi=altivec) +CFLAGS_xor_vmx.o += -mhard-float -maltivec $(call cc-option,-mabi=altivec) # Enable <altivec.h> CFLAGS_xor_vmx.o += -isystem $(shell $(CC) -print-file-name=include) --- base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d change-id: 20240127-ppc-xor_vmx-drop-msoft-float-ad68b437f86c Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 7 months

3
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror