- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.80 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 14 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/kernel/smp.c | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/s390/pci/pci.c | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/kernel/alternative.c | 13 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/static_call.c | 2 arch/x86/mm/numa.c | 21 arch/x86/net/bpf_jit_comp.c | 2 block/blk-map.c | 13 drivers/ata/ahci.c | 49 drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 drivers/ata/libata-core.c | 4 drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/core/pci.c | 6 drivers/dma/apple-admac.c | 5 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 6 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hwmon/coretemp.c | 2 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 drivers/md/dm-integrity.c | 91 drivers/md/dm-verity-target.c | 86 drivers/md/dm-verity.h | 6 drivers/md/md.c | 6 drivers/misc/open-dice.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/phy/realtek.c | 4 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 131 drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi/irqdomain.c | 2 drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/smartpqi/smartpqi_init.c | 5 drivers/soc/mediatek/mtk-pm-domains.c | 15 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 drivers/ufs/core/ufshcd.c | 1 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 29 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 drivers/vfio/iova_bitmap.c | 25 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/erofs/compress.h | 4 fs/erofs/decompressor.c | 60 fs/erofs/decompressor_lzma.c | 4 fs/erofs/internal.h | 28 fs/erofs/namei.c | 28 fs/erofs/super.c | 72 fs/erofs/zmap.c | 23 fs/ext4/extents.c | 111 fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 20 fs/ntfs3/attrlist.c | 8 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 2 fs/ntfs3/fslog.c | 14 fs/ntfs3/fsntfs.c | 24 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 14 fs/ntfs3/record.c | 25 fs/ntfs3/xattr.c | 3 fs/smb/client/cached_dir.c | 2 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 2 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/smb2pdu.c | 6 fs/smb/client/transport.c | 15 include/linux/fs.h | 2 include/linux/memblock.h | 2 include/linux/socket.h | 5 include/linux/swap.h | 5 include/net/netfilter/nf_flow_table.h | 4 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 4 kernel/bpf/helpers.c | 5 kernel/sched/rt.c | 12 mm/damon/lru_sort.c | 43 mm/damon/reclaim.c | 18 mm/memblock.c | 5 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 2 net/bridge/br_switchdev.c | 84 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/core/skmsg.c | 7 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 net/ipv6/addrconf.c | 21 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/mlme.c | 1 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 6 net/mptcp/pm_netlink.c | 24 net/mptcp/pm_userspace.c | 54 net/mptcp/protocol.h | 2 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 41 net/netfilter/nf_tables_api.c | 87 net/netfilter/nft_flow_offload.c | 12 net/packet/af_packet.c | 10 net/phonet/datagram.c | 4 net/phonet/pep.c | 41 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 706 ---- net/sched/sch_cbq.c | 1727 ---------- net/sched/sch_dsmark.c | 518 -- net/switchdev/switchdev.c | 73 net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 net/wireless/nl80211.c | 1 scripts/bpf_doc.py | 2 sound/soc/codecs/wm_adsp.c | 29 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/testing/selftests/tc-testing/tc-tests/qdiscs/atm.json | 94 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json | 184 - tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json | 140 201 files changed, 1952 insertions(+), 4290 deletions(-) Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Borislav Petkov (AMD) (1): Revert "x86/alternative: Make custom return thunk unconditional" Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (2): sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Damien Le Moal (1): ata: libata-core: Do not try to set sleeping devices to standby Dan Carpenter (1): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Edward Lo (1): fs/ntfs3: Enhance the attribute size check Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Eugen Hristev (1): pmdomain: mediatek: fix race conditions with genpd Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gao Xiang (2): erofs: simplify compression configuration parser erofs: fix inconsistent per-file compression format Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Geliang Tang (4): mptcp: make userspace_pm_append_new_local_addr static mptcp: add needs_id for userspace appending addr mptcp: userspace pm send RM_ADDR for ID 0 mptcp: add needs_id for netlink appending addr Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.1.80 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (3): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (1): LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jan Kiszka (1): riscv/efistub: Ensure GP-relative addressing is not used Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Joao Martins (3): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (2): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion net: dev: Convert sa_data to flexible array in struct sockaddr Konstantin Komarov (10): fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lino Sanfilippo (1): serial: amba-pl011: Fix DMA transmission in RS485 mode Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Mario Limonciello (1): platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (1): arm64/sme: Restore SME registers on exit from suspend Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Martin K. Petersen (1): scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Pablo Neira Ayuso (5): netfilter: flowtable: simplify route logic netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: rename function to destroy hook list netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Peter Zijlstra (2): x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup SeongJae Park (2): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (2): cifs: open_cached_dir should not rely on primary channel cifs: translate network errors on send to -ECONNABORTED Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (2): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Steve French (1): smb3: clarify mount warning Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Szuying Chen (1): ata: ahci: add identifiers for ASM2116 series adapters Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (1): md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 8 months

1
1
0 0

Linux 5.10.211

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.211 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 arch/arm/boot/dts/imx6sx.dtsi | 6 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/powerpc/kernel/hw_breakpoint.c | 76 arch/s390/pci/pci.c | 2 arch/x86/include/asm/cpu_entry_area.h | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/include/asm/text-patching.h | 30 arch/x86/include/asm/uaccess.h | 142 + arch/x86/kernel/alternative.c | 13 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/paravirt.c | 22 arch/x86/kernel/static_call.c | 2 arch/x86/net/bpf_jit_comp.c | 2 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 1 drivers/block/ataflop.c | 56 drivers/block/virtio_blk.c | 7 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 16 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/irqchip/irq-mips-gic.c | 2 drivers/md/dm-crypt.c | 6 drivers/media/pci/ttpci/av7110_av.c | 4 drivers/mtd/nand/spi/macronix.c | 20 drivers/net/ethernet/microchip/lan743x_ethtool.c | 9 drivers/net/gtp.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 14 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 10 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 11 drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/msi.c | 2 drivers/platform/x86/intel-vbtn.c | 6 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/tty/hvc/hvc_xen.c | 19 drivers/usb/cdns3/gadget.c | 8 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 29 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/ctree.h | 2 fs/btrfs/dir-item.c | 122 - fs/btrfs/inode.c | 48 fs/btrfs/tree-checker.c | 25 fs/btrfs/tree-log.c | 14 fs/cifs/smb2ops.c | 19 fs/cifs/smb2pdu.c | 93 - fs/cifs/smb2proto.h | 12 fs/erofs/decompressor.c | 24 fs/ext4/extents.c | 111 - fs/ext4/mballoc.c | 33 fs/jbd2/checkpoint.c | 137 - fs/zonefs/super.c | 68 include/linux/fs.h | 2 include/linux/lockdep.h | 5 include/linux/sched/task_stack.h | 2 include/linux/socket.h | 5 include/net/tcp.h | 2 kernel/sched/rt.c | 10 kernel/seccomp.c | 10 kernel/sysctl.c | 4 mm/userfaultfd.c | 14 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/hsr/hsr_framereg.c | 16 net/hsr/hsr_framereg.h | 1 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mptcp/diag.c | 6 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_tables_api.c | 1 net/packet/af_packet.c | 12 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 709 -------- net/sched/sch_cbq.c | 1816 ---------------------- net/sched/sch_dsmark.c | 521 ------ net/tls/tls_main.c | 2 net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 2 sound/soc/fsl/fsl_micfil.c | 15 sound/soc/intel/boards/bytcht_es8316.c | 14 sound/soc/intel/boards/bytcr_rt5640.c | 46 sound/soc/intel/boards/bytcr_rt5651.c | 41 sound/soc/sunxi/sun4i-spdif.c | 5 123 files changed, 1257 insertions(+), 3684 deletions(-) Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andy Shevchenko (1): ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (3): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: regenerate buddy after block freeing failed if under fc replay Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Benjamin Gray (1): powerpc/watchpoints: Annotate atomic context in more places Borislav Petkov (1): task_stack, x86/cea: Force-inline stack helpers Borislav Petkov (AMD) (2): Revert "x86/ftrace: Use alternative RET encoding" Revert "x86/alternative: Make custom return thunk unconditional" Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian König (1): drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): zonefs: Improve error handling Dan Carpenter (1): media: av7110: prevent underflow in write_ts_to_decoder() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (4): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: abort command when there is no binding Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Filipe Manana (2): btrfs: unify lookup return value when dir entry is missing btrfs: do not pin logs too early during renames Florian Westphal (1): netfilter: nf_tables: set dormant flag on hook register failure Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gao Xiang (1): erofs: fix lz4 inplace decompression Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.10.211 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jan Beulich (1): x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jiaxun Yang (1): irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable Johannes Berg (2): iwlwifi: mvm: do more useful queue sync accounting iwlwifi: mvm: write queue_sync_state only for sync Josef Bacik (1): btrfs: tree-checker: check for overlapping extent items Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): seccomp: Invalidate seccomp mode to catch death failures net: dev: Convert sa_data to flexible array in struct sockaddr Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (1): arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Marcos Paulo de Souza (1): btrfs: introduce btrfs_lookup_match_dir Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Max Verevkin (1): platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC Michael Schmitz (2): block: ataflop: fix breakage introduced at blk-mq refactoring block: ataflop: more blk-mq refactoring fixes Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paulo Alcantara (3): smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Peter Zijlstra (6): x86/uaccess: Implement macros for CMPXCHG on user addresses x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Pierre-Louis Bossart (2): ASoC: Intel: boards: harden codec property handling ASoC: Intel: boards: get codec device with ACPI instead of bus search Rafał Miłecki (1): ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Ravi Bangoria (1): powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions Roger Pau Monne (1): hvc/xen: prevent concurrent accesses to the shared ring Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sebastian Andrzej Siewior (1): hsr: Avoid double remove of a node. Sergej Bauer (1): lan743x: fix for potential NULL pointer dereference with bare card Shengjiu Wang (1): ASoC: fsl_micfil: register platform component before registering cpu dai Shyam Prasad N (1): cifs: add a warning when the in-flight count goes negative Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wolfram Sang (2): spi: sh-msiof: avoid integer overflow in constants packet: move from strlcpy with unused retval to strscpy Xiaolei Wang (1): ARM: dts: imx: Set default tuning step for imx6sx usdhc Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. YouChing Lin (1): mtd: spinand: macronix: Add support for MX35LFxGE4AD Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (3): ext4: correct the hole length returned by ext4_map_blocks() jbd2: remove redundant buffer io error checks jbd2: recheck chechpointing non-dirty buffer Zhihao Cheng (1): jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 8 months

1
1
0 0

Linux 5.4.270

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.270 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/s390/pci/pci.c | 2 arch/x86/kernel/alternative.c | 13 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 1 drivers/block/virtio_blk.c | 7 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/firewire/core-card.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 drivers/gpu/drm/drm_syncobj.c | 16 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 18 drivers/md/dm-crypt.c | 6 drivers/md/dm-integrity.c | 11 drivers/net/gtp.c | 10 drivers/nvme/target/fc.c | 8 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/pci-tegra.c | 17 drivers/pci/msi.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 23 drivers/regulator/pwm-regulator.c | 3 drivers/s390/net/qeth_l3_main.c | 9 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-mt7621.c | 8 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/usb/cdns3/gadget.c | 8 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 12 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/ext4/mballoc.c | 13 fs/iomap/buffered-io.c | 3 fs/nilfs2/dat.c | 27 include/linux/fs.h | 2 include/linux/lockdep.h | 5 include/net/tcp.h | 1 kernel/sched/rt.c | 10 kernel/sysctl.c | 4 mm/memcontrol.c | 6 mm/userfaultfd.c | 14 net/bridge/br_device.c | 2 net/ipv4/af_inet.c | 2 net/ipv4/devinet.c | 21 net/ipv4/tcp.c | 27 net/ipv4/tcp_input.c | 4 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_tables_api.c | 1 net/packet/af_packet.c | 4 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1818 ---------------------- net/sched/sch_dsmark.c | 523 ------ net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 157 + sound/pci/hda/patch_realtek.c | 6 sound/soc/sunxi/sun4i-spdif.c | 5 tools/testing/selftests/bpf/test_verifier.c | 13 virt/kvm/arm/vgic/vgic-its.c | 5 79 files changed, 562 insertions(+), 3254 deletions(-) Alexandra Winter (1): s390/qeth: Fix potential loss of L3-IP@ in case of network issues Andrii Nakryiko (2): scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions scripts/bpf: Fix xdp_md forward declaration typo Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (2): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Bart Van Assche (2): RDMA/srpt: Make debug output more detailed fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Björn Töpel (1): selftests/bpf: Avoid running unprivileged tests with alignment requirements Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian König (1): drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Christophe JAILLET (2): spi: mt7621: Fix an error message in mt7621_spi_probe() PCI: tegra: Fix OF node reference leak Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (1): nvmet-fc: abort command when there is no binding Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Eric Dumazet (3): tcp: add annotations around sk->sk_shutdown accesses ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (1): netfilter: nf_tables: set dormant flag on hook register failure Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero GONG, Ruiqi (1): memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.4.270 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Icenowy Zheng (1): Revert "drm/sun4i: dsi: Change the start delay calculation" Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Kai-Heng Feng (1): ALSA: hda/realtek - Enable micmute LED on and HP system Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kirill A. Shutemov (1): x86/alternatives: Disable KASAN in apply_alternatives() Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Lee Jones (1): pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Matthew Wilcox (Oracle) (1): iomap: Set all uptodate bits for an Uptodate page Miaoqian Lin (1): pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (2): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() dm-crypt: don't modify the data when using authenticated encryption Nathan Chancellor (1): drm/amdgpu: Fix type of second parameter in trans_msg() callback Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Nikolay Aleksandrov (1): net: bridge: clear bridge's private skb space on xmit Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Pali Rohár (1): PCI: tegra: Fix reporting GPIO error value Paolo Abeni (1): tcp: factor out __tcp_close() helper Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sireesh Kodali (1): arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node Soheil Hassas Yeganeh (1): tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Trek (1): drm/amdgpu: Check for valid number of registers to read Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wolfram Sang (1): packet: move from strlcpy with unused retval to strscpy Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (1): usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 8 months

1
1
0 0

Linux 4.19.308

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.308 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/s390/pci/pci.c | 2 drivers/ata/ahci.c | 5 drivers/block/virtio_blk.c | 7 drivers/dma/sh/shdma.h | 2 drivers/firewire/core-card.c | 18 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/ulp/ipoib/ipoib_verbs.c | 2 drivers/infiniband/ulp/iser/iser_verbs.c | 9 drivers/infiniband/ulp/isert/ib_isert.c | 2 drivers/infiniband/ulp/opa_vnic/opa_vnic_vema.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 10 drivers/infiniband/ulp/srpt/ib_srpt.c | 52 drivers/md/dm-crypt.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 65 drivers/net/gtp.c | 10 drivers/pci/msi.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/net/qeth_l3_main.c | 9 drivers/scsi/Kconfig | 2 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 12 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/aio.c | 9 fs/ext4/mballoc.c | 13 fs/nilfs2/dat.c | 27 include/linux/fs.h | 2 include/rdma/rdma_vt.h | 2 kernel/sched/rt.c | 10 kernel/sysctl.c | 5 mm/memcontrol.c | 23 mm/userfaultfd.c | 14 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/packet/af_packet.c | 4 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 708 -------- net/sched/sch_cbq.c | 1823 ---------------------- net/sched/sch_dsmark.c | 519 ------ net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 157 + virt/kvm/arm/vgic/vgic-its.c | 5 55 files changed, 411 insertions(+), 3258 deletions(-) Aaro Koskinen (1): net: stmmac: fix notifier registration Alexandra Winter (1): s390/qeth: Fix potential loss of L3-IP@ in case of network issues Andrii Nakryiko (2): scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions scripts/bpf: Fix xdp_md forward declaration typo Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (2): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Bart Van Assche (3): RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/srpt: Make debug output more detailed fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Disallow writing invalid values to sched_rt_period_us Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero GONG, Ruiqi (1): memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (2): stmmac: no need to check return value of debugfs_create functions Linux 4.19.308 Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (2): RDMA/ulp: Use dev_name instead of ibdev->name s390: use the correct count for __iowrite64_copy() Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Roman Gushchin (1): mm: memcontrol: switch to rcu protection in drain_all_stock() Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (1): dmaengine: shdma: increase size of 'dev_id' Wolfram Sang (1): packet: move from strlcpy with unused retval to strscpy Xu Yang (1): usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 8 months

1
1
0 0

RE: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

by Simon Kirby

Hi, I bisected a regression where reading from a Bluetooth device gets stuck in recvfrom() calls. The device here is a Wii Balance Board, using https://github.com/initialstate/beerfridge/blob/master/wiiboard_test.py; this worked fine in v6.6.1 and v6.6.8, but when I tried on a v6.6.14 build, the script no longer outputs any readings. 1d576c3a5af850bf11fbd103f9ba11aa6d6061fb is the first bad commit which maps to upstream commit 2e07e8348ea454615e268222ae3fc240421be768: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg With this commit in place, as also in v6.7 and v6.7.6, the script does not output anything _unless_ I strace the process, in which case a bunch of recvmsg() syscalls are shown, and then it hangs again. If I ^C the strace and run it a few times, eventually the script will get enough data and output a reading. If I don't strace the script, a hung task warning appears: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u9:1 state:D stack:0 pid:121 tgid:121 ppid:2 flags:0x00004000 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> On 6.8-rc6 with lockdep enabled, I get the following output: [ 22.122337] wlan0: associated [ 4547.622339] INFO: task kworker/u9:1:3528 blocked for more than 30 seconds. [ 4547.622530] ===================================================== [ 4547.622531] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 4547.622535] 6.8.0-rc6-lemon #190 Not tainted [ 4547.622538] ----------------------------------------------------- [ 4547.622540] khungtaskd/39 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 4547.622546] ffff888101554cf8 ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0}, at: __flush_work+0x4b/0x3f0 [ 4547.622569] and this task is already holding: [ 4547.622571] ffffffff8367e600 (console_owner){....}-{0:0}, at: console_flush_all+0x1c9/0x4e0 [ 4547.622586] which would create a new lock dependency: [ 4547.622587] (console_owner){....}-{0:0} -> ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} [ 4547.622596] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 4547.622598] (&trans_pcie->irq_lock){+.-.}-{3:3} [ 4547.622601] ... which became SOFTIRQ-irq-safe at: [ 4547.622603] lock_acquire+0xb0/0x280 [ 4547.622611] _raw_spin_lock+0x2b/0x40 [ 4547.622618] iwl_pcie_napi_poll+0x7a/0x130 [ 4547.622627] __napi_poll.constprop.0+0x23/0x1e0 [ 4547.622634] net_rx_action+0x137/0x2a0 [ 4547.622639] __do_softirq+0xc7/0x402 [ 4547.622645] do_softirq+0x42/0xa0 [ 4547.622651] __local_bh_enable_ip+0xb8/0xd0 [ 4547.622657] iwl_pcie_irq_handler+0x539/0xb70 [ 4547.622665] irq_thread_fn+0x1b/0x60 [ 4547.622670] irq_thread+0xe0/0x190 [ 4547.622675] kthread+0xe3/0x120 [ 4547.622679] ret_from_fork+0x2c/0x50 [ 4547.622684] ret_from_fork_asm+0x1b/0x30 [ 4547.622692] to a SOFTIRQ-irq-unsafe lock: [ 4547.622694] ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} [ 4547.622698] ... which became SOFTIRQ-irq-unsafe at: [ 4547.622699] ... [ 4547.622700] lock_acquire+0xb0/0x280 [ 4547.622706] process_one_work+0x199/0x480 [ 4547.622713] worker_thread+0x1be/0x3b0 [ 4547.622719] kthread+0xe3/0x120 [ 4547.622722] ret_from_fork+0x2c/0x50 [ 4547.622725] ret_from_fork_asm+0x1b/0x30 [ 4547.622731] other info that might help us debug this: [ 4547.622732] Chain exists of: &trans_pcie->irq_lock --> console_owner --> (work_completion)(&(&ops->cursor_work)->work) [ 4547.622739] Possible interrupt unsafe locking scenario: [ 4547.622741] CPU0 CPU1 [ 4547.622742] ---- ---- [ 4547.622742] lock((work_completion)(&(&ops->cursor_work)->work)); [ 4547.622745] local_irq_disable(); [ 4547.622746] lock(&trans_pcie->irq_lock); [ 4547.622749] lock(console_owner); [ 4547.622751] <Interrupt> [ 4547.622752] lock(&trans_pcie->irq_lock); [ 4547.622754] *** DEADLOCK *** [ 4547.622755] 5 locks held by khungtaskd/39: [ 4547.622759] #0: ffffffff836f14e0 (rcu_read_lock){....}-{1:3}, at: watchdog+0xd8/0x7b0 [ 4547.622778] #1: ffffffff836ee820 (console_lock){+.+.}-{0:0}, at: _printk+0x47/0x50 [ 4547.622789] #2: ffffffff836ee870 (console_srcu){....}-{0:0}, at: console_flush_all+0x74/0x4e0 [ 4547.622800] #3: ffffffff8367e600 (console_owner){....}-{0:0}, at: console_flush_all+0x1c9/0x4e0 [ 4547.622810] #4: ffffffff837d8758 (printing_lock){....}-{3:3}, at: vt_console_print+0x47/0x430 [ 4547.622822] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 4547.622824] -> (&trans_pcie->irq_lock){+.-.}-{3:3} { [ 4547.622830] HARDIRQ-ON-W at: [ 4547.622833] lock_acquire+0xb0/0x280 [ 4547.622839] _raw_spin_lock_bh+0x33/0x40 [ 4547.622845] iwl_trans_pcie_alloc+0x2fd/0x990 [ 4547.622853] iwl_pci_probe+0x28/0x810 [ 4547.622859] pci_device_probe+0x94/0x120 [ 4547.622865] really_probe+0x15e/0x2f0 [ 4547.622872] __driver_probe_device+0x6e/0x110 [ 4547.622878] driver_probe_device+0x1a/0xe0 [ 4547.622884] __driver_attach+0x87/0x190 [ 4547.622890] bus_for_each_dev+0x66/0xb0 [ 4547.622894] bus_add_driver+0xea/0x1f0 [ 4547.622898] driver_register+0x54/0x100 [ 4547.622905] iwl_pci_register_driver+0x1a/0x40 [ 4547.622911] do_one_initcall+0x50/0x250 [ 4547.622918] kernel_init_freeable+0x243/0x3e0 [ 4547.622927] kernel_init+0x15/0x1a0 [ 4547.622931] ret_from_fork+0x2c/0x50 [ 4547.622935] ret_from_fork_asm+0x1b/0x30 [ 4547.622941] IN-SOFTIRQ-W at: [ 4547.622943] lock_acquire+0xb0/0x280 [ 4547.622948] _raw_spin_lock+0x2b/0x40 [ 4547.622953] iwl_pcie_napi_poll+0x7a/0x130 [ 4547.622961] __napi_poll.constprop.0+0x23/0x1e0 [ 4547.622966] net_rx_action+0x137/0x2a0 [ 4547.622971] __do_softirq+0xc7/0x402 [ 4547.622978] do_softirq+0x42/0xa0 [ 4547.622983] __local_bh_enable_ip+0xb8/0xd0 [ 4547.622989] iwl_pcie_irq_handler+0x539/0xb70 [ 4547.622996] irq_thread_fn+0x1b/0x60 [ 4547.623002] irq_thread+0xe0/0x190 [ 4547.623006] kthread+0xe3/0x120 [ 4547.623011] ret_from_fork+0x2c/0x50 [ 4547.623014] ret_from_fork_asm+0x1b/0x30 [ 4547.623020] INITIAL USE at: [ 4547.623022] lock_acquire+0xb0/0x280 [ 4547.623027] _raw_spin_lock_bh+0x33/0x40 [ 4547.623032] iwl_trans_pcie_alloc+0x2fd/0x990 [ 4547.623038] iwl_pci_probe+0x28/0x810 [ 4547.623043] pci_device_probe+0x94/0x120 [ 4547.623047] really_probe+0x15e/0x2f0 [ 4547.623053] __driver_probe_device+0x6e/0x110 [ 4547.623059] driver_probe_device+0x1a/0xe0 [ 4547.623064] __driver_attach+0x87/0x190 [ 4547.623070] bus_for_each_dev+0x66/0xb0 [ 4547.623073] bus_add_driver+0xea/0x1f0 [ 4547.623077] driver_register+0x54/0x100 [ 4547.623084] iwl_pci_register_driver+0x1a/0x40 [ 4547.623090] do_one_initcall+0x50/0x250 [ 4547.623096] kernel_init_freeable+0x243/0x3e0 [ 4547.623103] kernel_init+0x15/0x1a0 [ 4547.623107] ret_from_fork+0x2c/0x50 [ 4547.623110] ret_from_fork_asm+0x1b/0x30 [ 4547.623116] } [ 4547.623118] ... key at: [<ffffffff8502fe90>] __key.20+0x0/0x10 [ 4547.623129] -> (&trans_pcie->reg_lock){+...}-{3:3} { [ 4547.623134] HARDIRQ-ON-W at: [ 4547.623137] lock_acquire+0xb0/0x280 [ 4547.623142] _raw_spin_lock_bh+0x33/0x40 [ 4547.623147] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623151] iwl_pcie_set_hw_ready+0x1e/0xa0 [ 4547.623160] iwl_pcie_prepare_card_hw+0x33/0x100 [ 4547.623165] iwl_pci_probe+0x42/0x810 [ 4547.623171] pci_device_probe+0x94/0x120 [ 4547.623175] really_probe+0x15e/0x2f0 [ 4547.623181] __driver_probe_device+0x6e/0x110 [ 4547.623186] driver_probe_device+0x1a/0xe0 [ 4547.623192] __driver_attach+0x87/0x190 [ 4547.623197] bus_for_each_dev+0x66/0xb0 [ 4547.623201] bus_add_driver+0xea/0x1f0 [ 4547.623205] driver_register+0x54/0x100 [ 4547.623211] iwl_pci_register_driver+0x1a/0x40 [ 4547.623217] do_one_initcall+0x50/0x250 [ 4547.623223] kernel_init_freeable+0x243/0x3e0 [ 4547.623229] kernel_init+0x15/0x1a0 [ 4547.623233] ret_from_fork+0x2c/0x50 [ 4547.623236] ret_from_fork_asm+0x1b/0x30 [ 4547.623242] INITIAL USE at: [ 4547.623244] lock_acquire+0xb0/0x280 [ 4547.623249] _raw_spin_lock_bh+0x33/0x40 [ 4547.623254] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623257] iwl_pcie_set_hw_ready+0x1e/0xa0 [ 4547.623266] iwl_pcie_prepare_card_hw+0x33/0x100 [ 4547.623271] iwl_pci_probe+0x42/0x810 [ 4547.623277] pci_device_probe+0x94/0x120 [ 4547.623281] really_probe+0x15e/0x2f0 [ 4547.623286] __driver_probe_device+0x6e/0x110 [ 4547.623292] driver_probe_device+0x1a/0xe0 [ 4547.623297] __driver_attach+0x87/0x190 [ 4547.623303] bus_for_each_dev+0x66/0xb0 [ 4547.623306] bus_add_driver+0xea/0x1f0 [ 4547.623310] driver_register+0x54/0x100 [ 4547.623316] iwl_pci_register_driver+0x1a/0x40 [ 4547.623323] do_one_initcall+0x50/0x250 [ 4547.623328] kernel_init_freeable+0x243/0x3e0 [ 4547.623334] kernel_init+0x15/0x1a0 [ 4547.623338] ret_from_fork+0x2c/0x50 [ 4547.623342] ret_from_fork_asm+0x1b/0x30 [ 4547.623347] } [ 4547.623348] ... key at: [<ffffffff8502fe80>] __key.19+0x0/0x10 [ 4547.623358] ... acquired at: [ 4547.623359] _raw_spin_lock_bh+0x33/0x40 [ 4547.623364] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623368] iwl_pcie_apm_init+0x6e/0x1c0 [ 4547.623372] iwl_trans_pcie_start_fw+0x224/0x670 [ 4547.623377] iwl_mvm_load_ucode_wait_alive+0xd3/0x5a0 [ 4547.623383] iwl_run_init_mvm_ucode+0x8c/0x3a0 [ 4547.623387] iwl_mvm_start_get_nvm+0x87/0x210 [ 4547.623393] iwl_op_mode_mvm_start+0x962/0xb30 [ 4547.623399] _iwl_op_mode_start.isra.0+0x72/0xb0 [ 4547.623403] iwl_opmode_register+0x6a/0xe0 [ 4547.623408] iwl_mvm_init+0x21/0x60 [ 4547.623413] do_one_initcall+0x50/0x250 [ 4547.623419] kernel_init_freeable+0x243/0x3e0 [ 4547.623425] kernel_init+0x15/0x1a0 [ 4547.623429] ret_from_fork+0x2c/0x50 [ 4547.623432] ret_from_fork_asm+0x1b/0x30 [ 4547.623441] -> (console_owner){....}-{0:0} { [ 4547.623446] INITIAL USE at: [ 4547.623452] lock_acquire+0xb0/0x280 [ 4547.623457] console_flush_all+0x1f2/0x4e0 [ 4547.623463] console_unlock+0x33/0x110 [ 4547.623469] vprintk_emit+0x9f/0x320 [ 4547.623475] _printk+0x47/0x50 [ 4547.623479] register_console+0x34b/0x4d0 [ 4547.623485] con_init+0x200/0x270 [ 4547.623494] console_init+0x4a/0x1e0 [ 4547.623504] start_kernel+0x2b9/0x660 [ 4547.623510] x86_64_start_reservations+0x18/0x30 [ 4547.623517] x86_64_start_kernel+0xad/0xc0 [ 4547.623522] secondary_startup_64_no_verify+0x170/0x17b [ 4547.623528] } [ 4547.623529] ... key at: [<ffffffff8367e600>] console_owner_dep_map+0x0/0x28 [ 4547.623538] ... acquired at: [ 4547.623540] console_flush_all+0x1f2/0x4e0 [ 4547.623545] console_unlock+0x33/0x110 [ 4547.623551] vprintk_emit+0x9f/0x320 [ 4547.623557] dev_vprintk_emit+0xce/0x160 [ 4547.623562] dev_printk_emit+0x3d/0x50 [ 4547.623566] _dev_info+0x5b/0x70 [ 4547.623572] __iwl_info+0x58/0x60 [ 4547.623576] iwl_pci_probe+0x11c/0x810 [ 4547.623582] pci_device_probe+0x94/0x120 [ 4547.623587] really_probe+0x15e/0x2f0 [ 4547.623592] __driver_probe_device+0x6e/0x110 [ 4547.623598] driver_probe_device+0x1a/0xe0 [ 4547.623603] __driver_attach+0x87/0x190 [ 4547.623609] bus_for_each_dev+0x66/0xb0 [ 4547.623612] bus_add_driver+0xea/0x1f0 [ 4547.623616] driver_register+0x54/0x100 [ 4547.623622] iwl_pci_register_driver+0x1a/0x40 [ 4547.623629] do_one_initcall+0x50/0x250 [ 4547.623634] kernel_init_freeable+0x243/0x3e0 [ 4547.623640] kernel_init+0x15/0x1a0 [ 4547.623644] ret_from_fork+0x2c/0x50 [ 4547.623648] ret_from_fork_asm+0x1b/0x30 [ 4547.623654] the dependencies between the lock to be acquired [ 4547.623655] and SOFTIRQ-irq-unsafe lock: [ 4547.623665] -> ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} { [ 4547.623670] HARDIRQ-ON-W at: [ 4547.623672] lock_acquire+0xb0/0x280 [ 4547.623677] process_one_work+0x199/0x480 [ 4547.623684] worker_thread+0x1be/0x3b0 [ 4547.623690] kthread+0xe3/0x120 [ 4547.623694] ret_from_fork+0x2c/0x50 [ 4547.623698] ret_from_fork_asm+0x1b/0x30 [ 4547.623704] SOFTIRQ-ON-W at: [ 4547.623705] lock_acquire+0xb0/0x280 [ 4547.623710] process_one_work+0x199/0x480 [ 4547.623716] worker_thread+0x1be/0x3b0 [ 4547.623722] kthread+0xe3/0x120 [ 4547.623725] ret_from_fork+0x2c/0x50 [ 4547.623729] ret_from_fork_asm+0x1b/0x30 [ 4547.623734] INITIAL USE at: [ 4547.623736] lock_acquire+0xb0/0x280 [ 4547.623741] process_one_work+0x199/0x480 [ 4547.623747] worker_thread+0x1be/0x3b0 [ 4547.623753] kthread+0xe3/0x120 [ 4547.623757] ret_from_fork+0x2c/0x50 [ 4547.623760] ret_from_fork_asm+0x1b/0x30 [ 4547.623766] } [ 4547.623767] ... key at: [<ffffffff850211b0>] __key.1+0x0/0x10 [ 4547.623775] ... acquired at: [ 4547.623777] lock_acquire+0xb0/0x280 [ 4547.623781] __flush_work+0x56/0x3f0 [ 4547.623789] __cancel_work_timer+0xd3/0x160 [ 4547.623796] fbcon_cursor+0x138/0x170 [ 4547.623802] hide_cursor+0x26/0xc0 [ 4547.623807] vt_console_print+0x41e/0x430 [ 4547.623814] console_flush_all+0x206/0x4e0 [ 4547.623820] console_unlock+0x33/0x110 [ 4547.623825] vprintk_emit+0x9f/0x320 [ 4547.623831] _printk+0x47/0x50 [ 4547.623834] watchdog+0x53a/0x7b0 [ 4547.623838] kthread+0xe3/0x120 [ 4547.623841] ret_from_fork+0x2c/0x50 [ 4547.623845] ret_from_fork_asm+0x1b/0x30 [ 4547.623851] stack backtrace: [ 4547.623854] CPU: 2 PID: 39 Comm: khungtaskd Not tainted 6.8.0-rc6-lemon #190 [ 4547.623860] Hardware name: LENOVO 80MK/VIUU4, BIOS C6CN29WW 09/02/2015 [ 4547.623862] Call Trace: [ 4547.623865] <TASK> [ 4547.623867] dump_stack_lvl+0x4a/0x80 [ 4547.623879] check_irq_usage+0x8aa/0xb10 [ 4547.623886] ? check_path.constprop.0+0x24/0x50 [ 4547.623896] ? check_noncircular+0x6d/0x120 [ 4547.623902] ? __lock_acquire+0x146a/0x25c0 [ 4547.623907] __lock_acquire+0x146a/0x25c0 [ 4547.623913] lock_acquire+0xb0/0x280 [ 4547.623918] ? __flush_work+0x4b/0x3f0 [ 4547.623925] ? __flush_work+0x4b/0x3f0 [ 4547.623932] __flush_work+0x56/0x3f0 [ 4547.623939] ? __flush_work+0x4b/0x3f0 [ 4547.623946] ? __lock_acquire+0x3ef/0x25c0 [ 4547.623952] __cancel_work_timer+0xd3/0x160 [ 4547.623960] fbcon_cursor+0x138/0x170 [ 4547.623965] hide_cursor+0x26/0xc0 [ 4547.623971] vt_console_print+0x41e/0x430 [ 4547.623977] ? lock_release+0xb5/0x230 [ 4547.623982] ? console_flush_all+0x1c9/0x4e0 [ 4547.623988] console_flush_all+0x206/0x4e0 [ 4547.623994] ? console_flush_all+0x1c9/0x4e0 [ 4547.624001] console_unlock+0x33/0x110 [ 4547.624007] vprintk_emit+0x9f/0x320 [ 4547.624013] _printk+0x47/0x50 [ 4547.624017] watchdog+0x53a/0x7b0 [ 4547.624021] ? __pfx_watchdog+0x10/0x10 [ 4547.624025] kthread+0xe3/0x120 [ 4547.624029] ? __pfx_kthread+0x10/0x10 [ 4547.624033] ret_from_fork+0x2c/0x50 [ 4547.624037] ? __pfx_kthread+0x10/0x10 [ 4547.624041] ret_from_fork_asm+0x1b/0x30 [ 4547.624049] </TASK> [ 4548.028173] Not tainted 6.8.0-rc6-lemon #190 [ 4548.029491] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4548.031047] task:kworker/u9:1 state:D stack:0 pid:3528 tgid:3528 ppid:2 flags:0x00004000 [ 4548.032620] Workqueue: hci0 hci_rx_work [ 4548.034099] Call Trace: [ 4548.035572] <TASK> [ 4548.036925] __schedule+0x427/0xd10 [ 4548.038382] ? schedule+0xf7/0x140 [ 4548.039822] schedule+0x45/0x140 [ 4548.041201] __lock_sock+0x86/0xf0 [ 4548.042601] ? __pfx_autoremove_wake_function+0x10/0x10 [ 4548.044030] lock_sock_nested+0x61/0x70 [ 4548.045390] l2cap_sock_recv_cb+0x21/0xa0 [ 4548.046842] l2cap_recv_frame+0x5be/0x2e70 [ 4548.048283] ? hci_rx_work+0x431/0x830 [ 4548.049701] ? lock_release+0xb5/0x230 [ 4548.051145] ? __mutex_unlock_slowpath+0x25/0x270 [ 4548.052524] hci_rx_work+0x457/0x830 [ 4548.053945] ? process_one_work+0x157/0x480 [ 4548.055460] process_one_work+0x1ca/0x480 [ 4548.056862] worker_thread+0x1be/0x3b0 [ 4548.058281] ? __pfx_worker_thread+0x10/0x10 [ 4548.059783] kthread+0xe3/0x120 [ 4548.061141] ? __pfx_kthread+0x10/0x10 [ 4548.062600] ret_from_fork+0x2c/0x50 [ 4548.064064] ? __pfx_kthread+0x10/0x10 [ 4548.065436] ret_from_fork_asm+0x1b/0x30 [ 4548.066867] </TASK> [ 4548.068313] INFO: lockdep is turned off. # cat /proc/3526/stack [<0>] __skb_wait_for_more_packets+0xfa/0x150 [<0>] __skb_recv_datagram+0x59/0xa0 [<0>] skb_recv_datagram+0x29/0x40 [<0>] bt_sock_recvmsg+0x42/0x1c0 [<0>] l2cap_sock_recvmsg+0x5d/0x170 [<0>] __sys_recvfrom+0x14e/0x160 [<0>] __x64_sys_recvfrom+0x1f/0x30 [<0>] do_syscall_64+0x75/0x150 [<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 This is on my laptop with iwlwifi, but at first I saw it on my desktop with Ethernet (and Intel 9260 Bluetooth). I can get another lockdep capture if that would be helpful. Simon-

1 year, 8 months

3
3
0 0

[PATCH v2] PM: suspend: Set mem_sleep_current during kernel command line setup

by Maulik Shah

psci_init_system_suspend() invokes suspend_set_ops() very early during bootup even before kernel command line for mem_sleep_default is setup. This leads to kernel command line mem_sleep_default=s2idle not working as mem_sleep_current gets changed to deep via suspend_set_ops() and never changes back to s2idle. Set mem_sleep_current along with mem_sleep_default during kernel command line setup as default suspend mode. Fixes: faf7ec4a92c0 ("drivers: firmware: psci: add system suspend support") CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Maulik Shah <quic_mkshah(a)quicinc.com> --- Changes in v2: - Set mem_sleep_current during mem_sleep_default kernel command line setup - Update commit message accordingly - Retain Fixes: tag - Link to v1: https://lore.kernel.org/r/20240219-suspend_ops_late_init-v1-1-6330ca9597fa@… --- kernel/power/suspend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/power/suspend.c b/kernel/power/suspend.c index 742eb26618cc..e3ae93bbcb9b 100644 --- a/kernel/power/suspend.c +++ b/kernel/power/suspend.c @@ -192,6 +192,7 @@ static int __init mem_sleep_default_setup(char *str) if (mem_sleep_labels[state] && !strcmp(str, mem_sleep_labels[state])) { mem_sleep_default = state; + mem_sleep_current = state; break; } --- base-commit: d37e1e4c52bc60578969f391fb81f947c3e83118 change-id: 20240219-suspend_ops_late_init-27fb0b15baee Best regards, -- Maulik Shah <quic_mkshah(a)quicinc.com>

1 year, 8 months

3
2
0 0

[PATCH] ubi: eba: properly rollback inside self_check_eba

by Fedor Pchelkin

In case of a memory allocation failure in the volumes loop we can only process the already allocated scan_eba and fm_eba array elements on the error path - others are still uninitialized. Found by Linux Verification Center (linuxtesting.org). Fixes: 00abf3041590 ("UBI: Add self_check_eba()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/mtd/ubi/eba.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 8d1f0e05892c..6f5eadb1598d 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -1557,6 +1557,7 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, GFP_KERNEL); if (!fm_eba[i]) { ret = -ENOMEM; + kfree(scan_eba[i]); goto out_free; } @@ -1592,7 +1593,7 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, } out_free: - for (i = 0; i < num_volumes; i++) { + while (--i >= 0) { if (!ubi->volumes[i]) continue; -- 2.43.2

1 year, 8 months

2
1
0 0

[PATCH 4.19.y 8/9] loop: Check for overflow while configuring loop

by Genjian

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit c490a0b5a4f36da3918181a8acdc6991d967c5f3 ] The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the offset. loop_device has lo_offset of type loff_t (see line 52 of loop.c), which is typdef-chained to long long, whereas loop_info64 has lo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h). The function directly copies offset from info to the device as follows (See line 980 of loop.c): lo->lo_offset = info->lo_offset; This results in an overflow, which triggers a warning in iomap_iter() due to a call to iomap_iter_done() which has: WARN_ON_ONCE(iter->iomap.offset > iter->pos); Thus, check for negative value during loop_set_status_from_info(). Bug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a2… Reported-and-tested-by: syzbot+a8e049cd3abd342936b6(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20220823160810.181275-1-code@siddh.me Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Genjian Zhang <zhanggenjian(a)kylinos.cn> --- drivers/block/loop.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 0fefd21f0c71..c1caa3e2355f 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1271,6 +1271,11 @@ loop_set_status_from_info(struct loop_device *lo, lo->lo_offset = info->lo_offset; lo->lo_sizelimit = info->lo_sizelimit; + + /* loff_t vars have been assigned __u64 */ + if (lo->lo_offset < 0 || lo->lo_sizelimit < 0) + return -EOVERFLOW; + memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE); memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE); lo->lo_file_name[LO_NAME_SIZE-1] = 0; -- 2.25.1

1 year, 8 months

1
0
0 0

GET BACK TO ME

by Hala Farooq Almoayyed

1 year, 8 months

1
0
0 0

[PATCH -fixes v4 2/3] riscv: Add a custom ISA extension for the [ms]envcfg CSR

by Samuel Holland

The [ms]envcfg CSR was added in version 1.12 of the RISC-V privileged ISA (aka S[ms]1p12). However, bits in this CSR are defined by several other extensions which may be implemented separately from any particular version of the privileged ISA (for example, some unrelated errata may prevent an implementation from claiming conformance with Ss1p12). As a result, Linux cannot simply use the privileged ISA version to determine if the CSR is present. It must also check if any of these other extensions are implemented. It also cannot probe the existence of the CSR at runtime, because Linux does not require Sstrict, so (in the absence of additional information) it cannot know if a CSR at that address is [ms]envcfg or part of some non-conforming vendor extension. Since there are several standard extensions that imply the existence of the [ms]envcfg CSR, it becomes unwieldy to check for all of them wherever the CSR is accessed. Instead, define a custom Xlinuxenvcfg ISA extension bit that is implied by the other extensions and denotes that the CSR exists as defined in the privileged ISA, containing at least one of the fields common between menvcfg and senvcfg. This extension does not need to be parsed from the devicetree or ISA string because it can only be implemented as a subset of some other standard extension. Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v4: - New patch for v4 arch/riscv/include/asm/hwcap.h | 2 ++ arch/riscv/kernel/cpufeature.c | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/riscv/include/asm/hwcap.h b/arch/riscv/include/asm/hwcap.h index 5340f818746b..1f2d2599c655 100644 --- a/arch/riscv/include/asm/hwcap.h +++ b/arch/riscv/include/asm/hwcap.h @@ -81,6 +81,8 @@ #define RISCV_ISA_EXT_ZTSO 72 #define RISCV_ISA_EXT_ZACAS 73 +#define RISCV_ISA_EXT_XLINUXENVCFG 127 + #define RISCV_ISA_EXT_MAX 128 #define RISCV_ISA_EXT_INVALID U32_MAX diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index c5b13f7dd482..dacffef68ce2 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -201,6 +201,16 @@ static const unsigned int riscv_zvbb_exts[] = { RISCV_ISA_EXT_ZVKB }; +/* + * While the [ms]envcfg CSRs were not defined until version 1.12 of the RISC-V + * privileged ISA, the existence of the CSRs is implied by any extension which + * specifies [ms]envcfg bit(s). Hence, we define a custom ISA extension for the + * existence of the CSR, and treat it as a subset of those other extensions. + */ +static const unsigned int riscv_xlinuxenvcfg_exts[] = { + RISCV_ISA_EXT_XLINUXENVCFG +}; + /* * The canonical order of ISA extension names in the ISA string is defined in * chapter 27 of the unprivileged specification. @@ -250,8 +260,8 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = { __RISCV_ISA_EXT_DATA(c, RISCV_ISA_EXT_c), __RISCV_ISA_EXT_DATA(v, RISCV_ISA_EXT_v), __RISCV_ISA_EXT_DATA(h, RISCV_ISA_EXT_h), - __RISCV_ISA_EXT_DATA(zicbom, RISCV_ISA_EXT_ZICBOM), - __RISCV_ISA_EXT_DATA(zicboz, RISCV_ISA_EXT_ZICBOZ), + __RISCV_ISA_EXT_SUPERSET(zicbom, RISCV_ISA_EXT_ZICBOM, riscv_xlinuxenvcfg_exts), + __RISCV_ISA_EXT_SUPERSET(zicboz, RISCV_ISA_EXT_ZICBOZ, riscv_xlinuxenvcfg_exts), __RISCV_ISA_EXT_DATA(zicntr, RISCV_ISA_EXT_ZICNTR), __RISCV_ISA_EXT_DATA(zicond, RISCV_ISA_EXT_ZICOND), __RISCV_ISA_EXT_DATA(zicsr, RISCV_ISA_EXT_ZICSR), -- 2.43.1

1 year, 8 months

4
5
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

1
0
0 0

Re: [REGRESSION] LVM-on-LVM: error while submitting device barriers

by Patrick Plenefisch

I'm unsure if this is just an LVM bug, or a BTRFS+LVM interaction bug, but LVM is definitely involved somehow. Upgrading from 5.10 to 6.1, I noticed one of my filesystems was read-only. In dmesg, I found: BTRFS error (device dm-75): bdev /dev/mapper/lvm-brokenDisk errs: wr 0, rd 0, flush 1, corrupt 0, gen 0 BTRFS warning (device dm-75): chunk 13631488 missing 1 devices, max tolerance is 0 for writable mount BTRFS: error (device dm-75) in write_all_supers:4379: errno=-5 IO failure (errors while submitting device barriers.) BTRFS info (device dm-75: state E): forced readonly BTRFS warning (device dm-75: state E): Skipping commit of aborted transaction. BTRFS: error (device dm-75: state EA) in cleanup_transaction:1992: errno=-5 IO failure At first I suspected a btrfs error, but a scrub found no errors, and it continued to be read-write on 5.10 kernels. Here is my setup: /dev/lvm/brokenDisk is a lvm-on-lvm volume. I have /dev/sd{a,b,c,d} (of varying sizes) in a lower VG, which has three LVs, all raid1 volumes. Two of the volumes are further used as PV's for an upper VGs. One of the upper VGs has no issues. The non-PV LV has no issue. The remaining one, /dev/lowerVG/lvmPool, hosting nested LVM, is used as a PV for VG "lvm", and has 3 volumes inside. Two of those volumes have no issues (and are btrfs), but the last one is /dev/lvm/brokenDisk. This volume is the only one that exhibits this behavior, so something is special. Or described as layers: /dev/sd{a,b,c,d} => PV => VG "lowerVG" /dev/lowerVG/single (RAID1 LV) => BTRFS, works fine /dev/lowerVG/works (RAID1 LV) => PV => VG "workingUpper" /dev/workingUpper/{a,b,c} => BTRFS, works fine /dev/lowerVG/lvmPool (RAID1 LV) => PV => VG "lvm" /dev/lvm/{a,b} => BTRFS, works fine /dev/lvm/brokenDisk => BTRFS, Exhibits errors After some investigation, here is what I've found: 1. This regression was introduced in 5.19. 5.18 and earlier kernels I can keep this filesystem rw and everything works as expected, while 5.19.0 and later the filesystem is immediately ro on any write attempt. I couldn't build rc1, but I did confirm rc2 already has this regression. 2. Passing /dev/lvm/brokenDisk to a KVM VM as /dev/vdb with an unaffected kernel inside the vm exhibits the ro barrier problem on unaffected kernels. 3. Passing /dev/lowerVG/lvmPool to a KVM VM as /dev/vdb with an affected kernel inside the VM and using LVM inside the VM exhibits correct behavior (I can keep the filesystem rw, no barrier errors on host or guest) 4. A discussion in IRC with BTRFS folks, and they think the BTRFS filesystem is fine (btrfs check and btrfs scrub also agree) 5. The dmesg error can be delayed indefinitely by not writing to the disk, or reading with noatime 6. This affects Debian, Ubuntu, NixOS, and Solus, so I'm fairly certain it's distro-agnostic, and purely a kernel issue. 7. I can't reproduce this with other LVM-on-LVM setups, so I think the asymmetric nature of the raid1 volume is potentially contributing 8. There are no new smart errors/failures on any of the disks, disks are healthy 9. I previously had raidintegrity=y and caching enabled. They didn't affect the issue #regzbot introduced v5.18..v5.19-rc2 Patrick

1 year, 8 months

3
5
0 0

[PATCH AUTOSEL 5.4 1/6] RDMA/mlx5: Relax DEVX access upon modify commands

by Sasha Levin

From: Yishai Hadas <yishaih(a)nvidia.com> [ Upstream commit be551ee1574280ef8afbf7c271212ac3e38933ef ] Relax DEVX access upon modify commands to be UVERBS_ACCESS_READ. The kernel doesn't need to protect what firmware protects, or what causes no damage to anyone but the user. As firmware needs to protect itself from parallel access to the same object, don't block parallel modify/query commands on the same object in the kernel side. This change will allow user space application to run parallel updates to different entries in the same bulk object. Tested-by: Tamar Mashiah <tmashiah(a)nvidia.com> Signed-off-by: Yishai Hadas <yishaih(a)nvidia.com> Reviewed-by: Michael Guralnik <michaelgur(a)nvidia.com> Link: https://lore.kernel.org/r/7407d5ed35dc427c1097699e12b49c01e1073406.17064339… Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/devx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/mlx5/devx.c b/drivers/infiniband/hw/mlx5/devx.c index 26cc7bbcdfe6a..7a3b56c150799 100644 --- a/drivers/infiniband/hw/mlx5/devx.c +++ b/drivers/infiniband/hw/mlx5/devx.c @@ -2811,7 +2811,7 @@ DECLARE_UVERBS_NAMED_METHOD( MLX5_IB_METHOD_DEVX_OBJ_MODIFY, UVERBS_ATTR_IDR(MLX5_IB_ATTR_DEVX_OBJ_MODIFY_HANDLE, UVERBS_IDR_ANY_OBJECT, - UVERBS_ACCESS_WRITE, + UVERBS_ACCESS_READ, UA_MANDATORY), UVERBS_ATTR_PTR_IN( MLX5_IB_ATTR_DEVX_OBJ_MODIFY_CMD_IN, -- 2.43.0

1 year, 8 months

1
5
0 0

[PATCH AUTOSEL 5.10 1/8] RDMA/mlx5: Fix fortify source warning while accessing Eth segment

by Sasha Levin

From: Leon Romanovsky <leonro(a)nvidia.com> [ Upstream commit 4d5e86a56615cc387d21c629f9af8fb0e958d350 ] ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy [last unloaded: mlx_compat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0x72/0x90 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? __warn+0x8d/0x160 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? report_bug+0x1bb/0x1d0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x19/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib] ipoib_send+0x2ec/0x770 [ib_ipoib] ipoib_start_xmit+0x5a0/0x770 [ib_ipoib] dev_hard_start_xmit+0x8e/0x1e0 ? validate_xmit_skb_list+0x4d/0x80 sch_direct_xmit+0x116/0x3a0 __dev_xmit_skb+0x1fd/0x580 __dev_queue_xmit+0x284/0x6b0 ? _raw_spin_unlock_irq+0xe/0x50 ? __flush_work.isra.0+0x20d/0x370 ? push_pseudo_header+0x17/0x40 [ib_ipoib] neigh_connected_output+0xcd/0x110 ip_finish_output2+0x179/0x480 ? __smp_call_single_queue+0x61/0xa0 __ip_finish_output+0xc3/0x190 ip_finish_output+0x2e/0xf0 ip_output+0x78/0x110 ? __pfx_ip_finish_output+0x10/0x10 ip_local_out+0x64/0x70 __ip_queue_xmit+0x18a/0x460 ip_queue_xmit+0x15/0x30 __tcp_transmit_skb+0x914/0x9c0 tcp_write_xmit+0x334/0x8d0 tcp_push_one+0x3c/0x60 tcp_sendmsg_locked+0x2e1/0xac0 tcp_sendmsg+0x2d/0x50 inet_sendmsg+0x43/0x90 sock_sendmsg+0x68/0x80 sock_write_iter+0x93/0x100 vfs_write+0x326/0x3c0 ksys_write+0xbd/0xf0 ? do_syscall_64+0x69/0x90 __x64_sys_write+0x19/0x30 do_syscall_64+0x59/0x90 ? do_user_addr_fault+0x1d0/0x640 ? exit_to_user_mode_prepare+0x3b/0xd0 ? irqentry_exit_to_user_mode+0x9/0x20 ? irqentry_exit+0x43/0x50 ? exc_page_fault+0x92/0x1b0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fc03ad14a37 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007ffdf8697fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000008024 RCX: 00007fc03ad14a37 RDX: 0000000000008024 RSI: 0000556f46bd8270 RDI: 0000000000000003 RBP: 0000556f46bb1800 R08: 0000000000007fe3 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 0000556f46bc66b0 R14: 000000000000000a R15: 0000556f46bb2f50 </TASK> ---[ end trace 0000000000000000 ]--- Link: https://lore.kernel.org/r/8228ad34bd1a25047586270f7b1fb4ddcd046282.17064339… Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/wr.c | 2 +- include/linux/mlx5/qp.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/wr.c b/drivers/infiniband/hw/mlx5/wr.c index d6038fb6c50c6..19fd440a6ce38 100644 --- a/drivers/infiniband/hw/mlx5/wr.c +++ b/drivers/infiniband/hw/mlx5/wr.c @@ -128,7 +128,7 @@ static void set_eth_seg(const struct ib_send_wr *wr, struct mlx5_ib_qp *qp, */ copysz = min_t(u64, *cur_edge - (void *)eseg->inline_hdr.start, left); - memcpy(eseg->inline_hdr.start, pdata, copysz); + memcpy(eseg->inline_hdr.data, pdata, copysz); stride = ALIGN(sizeof(struct mlx5_wqe_eth_seg) - sizeof(eseg->inline_hdr.start) + copysz, 16); *size += stride / 16; diff --git a/include/linux/mlx5/qp.h b/include/linux/mlx5/qp.h index d75ef8aa8fac0..28d44061d6700 100644 --- a/include/linux/mlx5/qp.h +++ b/include/linux/mlx5/qp.h @@ -261,7 +261,10 @@ struct mlx5_wqe_eth_seg { union { struct { __be16 sz; - u8 start[2]; + union { + u8 start[2]; + DECLARE_FLEX_ARRAY(u8, data); + }; } inline_hdr; struct { __be16 type; -- 2.43.0

1 year, 8 months

1
7
0 0

[PATCH AUTOSEL 6.6 01/22] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 8 months

1
21
0 0

[PATCH AUTOSEL 6.7 01/24] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 8 months

1
23
0 0

[PATCH 5.15 000/245] 5.15.150-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.150 release. There are 245 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.150-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.150-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: can't schedule in nft_chain_validate Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix scheduling-while-atomic splat Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Shyam Prasad N <nspmangalore(a)gmail.com> cifs: fix mid leak during reconnection after timeout threshold Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Corey Minyard <minyard(a)acm.org> i2c: imx: Add timer for handling the stop condition Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: simplify route logic Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop pointless else after goto Jakub Kicinski <kuba(a)kernel.org> tls: rx: jump to a more appropriate label Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Guo Zhengkui <guozhengkui(a)vivo.com> drm/nouveau/instmem: fix uninitialized_var.cocci warning Kees Cook <keescook(a)chromium.org> net: dev: Convert sa_data to flexible array in struct sockaddr Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Introduce reset assertion/deassertion methods Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Convert to using devm bulk clocks API Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Shyam Prasad N <sprasad(a)microsoft.com> cifs: add a warning when the in-flight count goes negative Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: track port suspend state correctly in unsuccessful resume cases Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: decouple usb2 port resume and get_port_status request handling Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: clear usb2 resume related variables in one place. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: rename resume_done to resume_timestamp Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: move port specific items such as state completions to port structure Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: cleanup xhci_hub_control port references Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA Kellen Renshaw <kellen.renshaw(a)canonical.com> ACPI: resource: Add ASUS model S5402ZA to quirks Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix regulator name on rk3399-rock-4 Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: support dynamic allocate bh for exfat_entry_set_cache Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: avoid baid size integer overflow Ying Hsu <yinghsu(a)chromium.org> igb: Fix igb_down hung on surprise removal Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Petr Oros <poros(a)redhat.com> devlink: report devlink_port_type_warn source device Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Address KCSAN report on bpf_lru_list Maxime Bizon <mbizon(a)freebox.fr> wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Yicong Yang <yangyicong(a)hisilicon.com> sched/fair: Don't balance task to its current running CPU Mark Rutland <mark.rutland(a)arm.com> arm64: mm: fix VA-range sanity check Youngmin Nam <youngmin.nam(a)samsung.com> arm64: set __exception_irq_entry with __irq_entry as a default Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 Hans de Goede <hdegoede(a)redhat.com> ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A David Sterba <dsterba(a)suse.com> btrfs: add xxhash to fast checksum implementations Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Ensure timer ID search-loop limit is valid Yu Kuai <yukuai3(a)huawei.com> md/raid10: prevent soft lockup while flush writes Yu Kuai <yukuai3(a)huawei.com> md: fix data corruption for raid456 when reshape restart while grow up Zhong Jinghua <zhongjinghua(a)huawei.com> nbd: Add the maximum limit of allocated index in nbd_dev_add Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> debugobjects: Recheck debug_objects_enabled before reporting Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: add rescheduling points during loop detection walks Peilin Ye <peilin.ye(a)bytedance.com> net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - do not poll during ATI Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - do not poll during suspend or resume Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() Paul Cercueil <paul(a)crapouillou.net> PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro Paul Cercueil <paul(a)crapouillou.net> mmc: mxc: Use the new PM macros Paul Cercueil <paul(a)crapouillou.net> mmc: jz4740: Use the new PM macros Paul Cercueil <paul(a)crapouillou.net> PM: core: Add new *_PM_OPS macros, deprecate old ones Paul Cercueil <paul(a)crapouillou.net> PM: core: Redefine pm_ptr() macro Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: Set channel state after notifying the drivers Daniel Axtens <dja(a)axtens.net> powerpc/eeh: Small refactor of eeh_handle_normal_event() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: ensure 4KB alignment for rtas_data_buf Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: make all exports GPL Wang Qing <wangqing(a)vivo.com> net: ethernet: ti: add missing of_node_put before return Li Jun <jun.li(a)nxp.com> dt-bindings: clocks: imx8mp: Add ID for usb suspend clock Lucas Stach <l.stach(a)pengutronix.de> clk: imx8mp: add clkout1/2 support Marek Vasut <marex(a)denx.de> clk: imx8mp: Add DISP2 pixel clock Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Remove serial_rs485 sanitization from em485 Enzo Matsumiya <ematsumiya(a)suse.de> cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() Hui Su <suhui_kernel(a)163.com> kernel/sched: Remove dl_boosted flag comment Chuansheng Liu <chuansheng.liu(a)intel.com> drm/i915/dg1: Update DMC_DEBUG3 register Byungki Lee <dominicus79(a)gmail.com> f2fs: write checkpoint during FG_GC Chao Yu <chao(a)kernel.org> f2fs: don't set GC_FAILURE_PIN for background GC Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: init iommu after amdkfd device init Stefano Garzarella <sgarzare(a)redhat.com> tools/virtio: fix build Arnaldo Carvalho de Melo <acme(a)redhat.com> perf beauty: Update copy of linux/socket.h with the kernel sources Arnaldo Carvalho de Melo <acme(a)redhat.com> tools headers UAPI: Sync linux/fscrypt.h with the kernel sources Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Sakari Ailus <sakari.ailus(a)linux.intel.com> acpi: property: Let args be NULL in __acpi_node_get_property_reference Luke D. Jones <luke(a)ljones.dev> platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute Randy Dunlap <rdunlap(a)infradead.org> clk: linux/clk-provider.h: fix kernel-doc warnings and typos Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Correct wrong debug message Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Balance the reference of cep->kref in the error path Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent #usb-cells Magali Lemes <magali.lemes(a)canonical.com> selftests: net: vrf-xfrm-tests: change authentication and encryption algos Eli Cohen <elic(a)nvidia.com> vdpa/mlx5: Don't clear mr struct on destroy MR Randy Dunlap <rdunlap(a)infradead.org> MIPS: vpe-mt: drop physical_memsize Randy Dunlap <rdunlap(a)infradead.org> MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lpar: add missing RTAS retry status handling Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/perf/hv-24x7: add missing RTAS retry status handling Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lparcfg: add missing RTAS retry status handling Chen-Yu Tsai <wenst(a)chromium.org> clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC Frederic Barrat <fbarrat(a)linux.ibm.com> powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't check penirq immediately for 7845 Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - always set last command to PWRDOWN Peng Fan <peng.fan(a)nxp.com> clk: imx: avoid memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Remove superfluous check in resume code Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't report pressure for ads7845 Alexey Khoroshilov <khoroshilov(a)ispras.ru> clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - increase interrupt handler return delay Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - configure device with a single block write Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - drop unused device node references Heiko Stuebner <heiko.stuebner(a)vrull.eu> RISC-V: fix funct4 definition for c.jalr in parse_asm.h Samuel Holland <samuel(a)sholland.org> mtd: rawnand: sunxi: Fix the size of the last OOB region Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents Li Jun <jun.li(a)nxp.com> clk: imx: imx8mp: add shared clk gate for usb suspend clk Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Peter Zijlstra <peterz(a)infradead.org> x86/alternative: Make custom return thunk unconditional Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/alternative: Make custom return thunk unconditional" Peter Zijlstra <peterz(a)infradead.org> x86/returnthunk: Allow different return thunks Peter Zijlstra <peterz(a)infradead.org> x86/ftrace: Use alternative RET encoding Peter Zijlstra <peterz(a)infradead.org> x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Peter Zijlstra <peterz(a)infradead.org> x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/ftrace: Use alternative RET encoding" Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix lz4 inplace decompression Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Jiri Olsa <jolsa(a)kernel.org> bpf: Remove trace_printk_lock Jiri Olsa <jolsa(a)kernel.org> bpf: Do cleanup in bpf_bprintf_cleanup only when needed Jiri Olsa <jolsa(a)kernel.org> bpf: Add struct for bin_args arg in bpf_bprintf_prepare Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Merge printk and seq_printf VARARG max macros Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in receive_encrypted_standard() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Documentation/ABI/testing/sysfs-platform-asus-wmi | 9 + Makefile | 4 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 - arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 - arch/arm/boot/dts/bcm53573.dtsi | 20 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 79 +- arch/arm64/include/asm/exception.h | 5 - arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/arm64/mm/mmu.c | 4 +- arch/mips/include/asm/vpe.h | 1 - arch/mips/kernel/smp-cps.c | 8 +- arch/mips/kernel/traps.c | 8 +- arch/mips/kernel/vpe-mt.c | 7 +- arch/mips/lantiq/prom.c | 6 - arch/powerpc/kernel/eeh_driver.c | 71 +- arch/powerpc/kernel/rtas.c | 24 +- arch/powerpc/perf/hv-24x7.c | 42 +- arch/powerpc/platforms/powernv/pci-ioda.c | 3 +- arch/powerpc/platforms/pseries/lpar.c | 20 +- arch/powerpc/platforms/pseries/lparcfg.c | 20 +- arch/riscv/include/asm/parse_asm.h | 2 +- arch/s390/pci/pci.c | 2 +- arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/include/asm/text-patching.h | 46 +- arch/x86/kernel/alternative.c | 13 +- arch/x86/kernel/fpu/signal.c | 12 +- arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/paravirt.c | 23 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- drivers/acpi/button.c | 9 + drivers/acpi/property.c | 4 + drivers/acpi/resource.c | 35 + drivers/acpi/video_detect.c | 34 + drivers/ata/ahci.c | 34 +- drivers/ata/ahci.h | 6 +- drivers/ata/ahci_ceva.c | 125 +- drivers/ata/ahci_da850.c | 45 +- drivers/ata/ahci_dm816.c | 4 +- drivers/ata/libahci_platform.c | 135 +- drivers/block/nbd.c | 3 +- drivers/block/virtio_blk.c | 7 +- drivers/clk/clk.c | 11 + drivers/clk/imx/clk-imx8mp.c | 23 +- drivers/clk/imx/clk.c | 3 +- drivers/clk/qcom/gcc-qcs404.c | 24 +- drivers/clk/qcom/gpucc-sc7180.c | 7 +- drivers/clk/qcom/gpucc-sdm845.c | 7 +- drivers/clk/renesas/renesas-cpg-mssr.c | 8 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + drivers/gpu/drm/drm_syncobj.c | 6 +- .../gpu/drm/i915/display/intel_display_debugfs.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 2 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hwmon/coretemp.c | 2 +- drivers/i2c/busses/i2c-imx.c | 97 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/sw/siw/siw_cm.c | 1 - drivers/infiniband/sw/siw/siw_verbs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs269a.c | 335 ++-- drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/ads7846.c | 23 +- drivers/md/dm-crypt.c | 6 + drivers/md/md.c | 14 +- drivers/md/raid10.c | 2 + drivers/mmc/host/jz4740_mmc.c | 10 +- drivers/mmc/host/mxcmmc.c | 6 +- drivers/mtd/nand/raw/sunxi_nand.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 29 +- drivers/net/gtp.c | 10 +- drivers/net/wireless/ath/ath11k/mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +- drivers/nvme/host/fc.c | 47 +- drivers/nvme/target/fc.c | 131 +- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi.c | 2 +- drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/pwm-regulator.c | 3 + drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/mediatek/mtk-pm-domains.c | 15 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/tty/serial/8250/8250_port.c | 18 +- drivers/tty/serial/amba-pl011.c | 60 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/host/xhci-hub.c | 228 +-- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 13 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/roles/class.c | 29 +- drivers/vdpa/mlx5/core/mr.c | 1 - drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/disk-io.c | 3 + fs/cifs/connect.c | 19 +- fs/cifs/smb2file.c | 1 - fs/cifs/smb2ops.c | 54 +- fs/cifs/smb2pdu.c | 115 +- fs/cifs/smb2proto.h | 16 +- fs/erofs/decompressor.c | 34 +- fs/exfat/dir.c | 15 + fs/exfat/exfat_fs.h | 5 +- fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 70 +- fs/f2fs/gc.c | 39 +- fs/ksmbd/smb2pdu.c | 8 +- fs/ntfs3/attrib.c | 20 +- fs/ntfs3/attrlist.c | 8 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 2 + fs/ntfs3/fslog.c | 14 +- fs/ntfs3/fsntfs.c | 24 + fs/ntfs3/inode.c | 2 +- fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 14 +- fs/ntfs3/record.c | 16 +- fs/ntfs3/xattr.c | 3 + fs/zonefs/super.c | 68 +- include/dt-bindings/clock/imx8mp-clock.h | 10 +- include/linux/ahci_platform.h | 5 +- include/linux/bpf.h | 14 +- include/linux/clk-provider.h | 15 +- include/linux/fs.h | 2 + include/linux/pm.h | 80 +- include/linux/sched.h | 4 - include/linux/sched/signal.h | 2 +- include/linux/socket.h | 5 +- include/net/netfilter/nf_flow_table.h | 4 +- include/net/tcp.h | 2 +- kernel/bpf/bpf_lru_list.c | 21 +- kernel/bpf/bpf_lru_list.h | 7 +- kernel/bpf/helpers.c | 76 +- kernel/bpf/verifier.c | 3 +- kernel/sched/fair.c | 2 +- kernel/sched/rt.c | 10 +- kernel/sysctl.c | 4 + kernel/time/posix-timers.c | 31 +- kernel/trace/bpf_trace.c | 39 +- lib/debugobjects.c | 9 + mm/userfaultfd.c | 14 +- net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/core/devlink.c | 5 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv6/addrconf.c | 21 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/mlme.c | 1 + net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mptcp/diag.c | 6 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 41 +- net/netfilter/nf_tables_api.c | 3 + net/netfilter/nft_flow_offload.c | 14 +- net/packet/af_packet.c | 12 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_api.c | 20 +- net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1817 -------------------- net/sched/sch_dsmark.c | 522 ------ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 1 + net/wireless/wext-core.c | 6 + scripts/bpf_doc.py | 2 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + tools/include/uapi/linux/fscrypt.h | 3 +- tools/perf/trace/beauty/include/linux/socket.h | 2 + tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +- tools/virtio/linux/kernel.h | 2 +- tools/virtio/linux/vringh.h | 1 + 218 files changed, 2296 insertions(+), 4619 deletions(-)

1 year, 8 months

12
261
0 0

[PATCH] block: Remove special-casing of compound pages

by Matthew Wilcox (Oracle)

The special casing was originally added in pre-git history; reproducing the commit log here: > commit a318a92567d77 > Author: Andrew Morton <akpm(a)osdl.org> > Date: Sun Sep 21 01:42:22 2003 -0700 > > [PATCH] Speed up direct-io hugetlbpage handling > > This patch short-circuits all the direct-io page dirtying logic for > higher-order pages. Without this, we pointlessly bounce BIOs up to > keventd all the time. In the last twenty years, compound pages have become used for more than just hugetlb. Rewrite these functions to operate on folios instead of pages and remove the special case for hugetlbfs; I don't think it's needed any more (and if it is, we can put it back in as a call to folio_test_hugetlb()). This was found by inspection; as far as I can tell, this bug can lead to pages used as the destination of a direct I/O read not being marked as dirty. If those pages are then reclaimed by the MM without being dirtied for some other reason, they won't be written out. Then when they're faulted back in, they will not contain the data they should. It'll take a pretty unusual setup to produce this problem with several races all going the wrong way. This problem predates the folio work; it could for example have been triggered by mmaping a THP in tmpfs and using that as the target of an O_DIRECT read. Fixes: 800d8c63b2e98 ("shmem: add huge pages support") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- block/bio.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/block/bio.c b/block/bio.c index 8672179213b9..f46d8ec71fbd 100644 --- a/block/bio.c +++ b/block/bio.c @@ -1171,13 +1171,22 @@ EXPORT_SYMBOL(bio_add_folio); void __bio_release_pages(struct bio *bio, bool mark_dirty) { - struct bvec_iter_all iter_all; - struct bio_vec *bvec; + struct folio_iter fi; + + bio_for_each_folio_all(fi, bio) { + struct page *page; + size_t done = 0; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (mark_dirty && !PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); - bio_release_page(bio, bvec->bv_page); + if (mark_dirty) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); + } + page = folio_page(fi.folio, fi.offset / PAGE_SIZE); + do { + bio_release_page(bio, page++); + done += PAGE_SIZE; + } while (done < fi.length); } } EXPORT_SYMBOL_GPL(__bio_release_pages); @@ -1455,18 +1464,12 @@ EXPORT_SYMBOL(bio_free_pages); * bio_set_pages_dirty() and bio_check_pages_dirty() are support functions * for performing direct-IO in BIOs. * - * The problem is that we cannot run set_page_dirty() from interrupt context + * The problem is that we cannot run folio_mark_dirty() from interrupt context * because the required locks are not interrupt-safe. So what we can do is to * mark the pages dirty _before_ performing IO. And in interrupt context, * check that the pages are still dirty. If so, fine. If not, redirty them * in process context. * - * We special-case compound pages here: normally this means reads into hugetlb - * pages. The logic in here doesn't really work right for compound pages - * because the VM does not uniformly chase down the head page in all cases. - * But dirtiness of compound pages is pretty meaningless anyway: the VM doesn't - * handle them at all. So we skip compound pages here at an early stage. - * * Note that this code is very hard to test under normal circumstances because * direct-io pins the pages with get_user_pages(). This makes * is_page_cache_freeable return false, and the VM will not clean the pages. @@ -1482,12 +1485,12 @@ EXPORT_SYMBOL(bio_free_pages); */ void bio_set_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; - struct bvec_iter_all iter_all; + struct folio_iter fi; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); + bio_for_each_folio_all(fi, bio) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); } } @@ -1530,12 +1533,11 @@ static void bio_dirty_fn(struct work_struct *work) void bio_check_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; + struct folio_iter fi; unsigned long flags; - struct bvec_iter_all iter_all; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageDirty(bvec->bv_page) && !PageCompound(bvec->bv_page)) + bio_for_each_folio_all(fi, bio) { + if (!folio_test_dirty(fi.folio)) goto defer; } -- 2.40.1

1 year, 8 months

7
10
0 0

[PATCH v2] cpufreq: Limit resolving a frequency to policy min/max

by Shivnandan Kumar

Resolving a frequency to an efficient one should not transgress policy->max (which can be set for thermal reason) and policy->min. Currently there is possibility where scaling_cur_freq can exceed scaling_max_freq when scaling_max_freq is inefficient frequency. Add additional check to ensure that resolving a frequency will respect policy->min/max. Cc: <stable(a)vger.kernel.org> Fixes: 1f39fa0dccff ("cpufreq: Introducing CPUFREQ_RELATION_E") Signed-off-by: Shivnandan Kumar <quic_kshivnan(a)quicinc.com> -- Changes in v2: -rename function name from cpufreq_table_index_is_in_limits to cpufreq_is_in_limits -remove redundant outer parenthesis in return statement -Make comment single line -- --- include/linux/cpufreq.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h index afda5f24d3dd..7741244dee6e 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h @@ -1021,6 +1021,19 @@ static inline int cpufreq_table_find_index_c(struct cpufreq_policy *policy, efficiencies); } +static inline bool cpufreq_is_in_limits(struct cpufreq_policy *policy, + int idx) +{ + unsigned int freq; + + if (idx < 0) + return false; + + freq = policy->freq_table[idx].frequency; + + return freq == clamp_val(freq, policy->min, policy->max); +} + static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy, unsigned int target_freq, unsigned int relation) @@ -1054,7 +1067,8 @@ static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy, return 0; } - if (idx < 0 && efficiencies) { + /* Limit frequency index to honor policy->min/max */ + if (!cpufreq_is_in_limits(policy, idx) && efficiencies) { efficiencies = false; goto retry; } -- 2.25.1

1 year, 8 months

2
1
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

2
2
0 0

[PATCH AUTOSEL 6.6 01/21] media: Revert "media: rkisp1: Drop IRQF_SHARED"

by Sasha Levin

From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> [ Upstream commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d ] This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index f96f821a7b50d..acc559652d6eb 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret); -- 2.43.0

1 year, 8 months

4
24
0 0

Re: [PATCH net] gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

by Pablo Neira Ayuso

On Thu, Feb 29, 2024 at 11:37:28AM +0300, Vasiliy Kovalev wrote: [...] > This patch fixes another problem, but a similar one, since the sequence is > incorrect when registering subsystems. > > Initially, the registration sequence in the gtp module was as follows: > > 1) rtnl_link_register(); > > 2) genl_register_family(); > > 3) register_pernet_subsys(); > > During debugging of the module, when starting the syzkaller reproducer, it > turned out that after genl_register_family() (2), > > without waiting for register_pernet_subsys()(3), the /.dumpit/ event is > triggered, in which the data of the unregistered pernet subsystem is > accessed. > > That is, the bug was fixed by the commit > > 136cfaca2256 ("gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()")[1] > > and the registration sequence became as follows: > > 1) rtnl_link_register(); > > 2) register_pernet_subsys(); > > 3) genl_register_family(); > > However, syzkaller has discovered another problem: > > after registering rtnl_link_register, the .newlink event is triggered, in > which the data of the unregistered pernet subsystem is accessed. > > This problem is reproducible on current stable kernels and the latest > upstream kernel 6.8-rc6, in which the patch 136cfaca2256 [1] is applied. > > Therefore, the correct sequence should be as follows: > > 1)register_pernet_subsys(); > > 2) rtnl_link_register(); > > 3) genl_register_family(); > > The proposed patch is developed on top of the commit changes [1], does not > conflict with it and fixes the described bug. > > [1] https://lore.kernel.org/lkml/20240220160434.29bcaf43@kernel.org/T/#mb1f72c2… Thanks for explaining, fix LGTM.

1 year, 8 months

1
0
0 0

[PATCH rc 0/3] iommufd: Fix three bugs found by Syzkaller

by Nicolin Chen

Jason has been running Syzkaller that found three bugs. Fix them properly. Nicolin Chen (3): iommufd: Fix iopt_access_list_id overwrite bug iommufd/selftest: Fix mock_dev_num bug iommufd: Fix protection fault in iommufd_test_syz_conv_iova drivers/iommu/iommufd/io_pagetable.c | 9 ++++--- drivers/iommu/iommufd/selftest.c | 40 +++++++++++++++++++++------- 2 files changed, 36 insertions(+), 13 deletions(-) -- 2.43.0

1 year, 8 months

3
6
0 0

[PATCH AUTOSEL 4.19 1/3] ASoC: rt5645: Make LattePanda board DMI match more precise

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit 551539a8606e28cb2a130f8ef3e9834235b456c4 ] The DMI strings used for the LattePanda board DMI quirks are very generic. Using the dmidecode database from https://linux-hardware.org/ shows that the chosen DMI strings also match the following 2 laptops which also have a rt5645 codec: Insignia NS-P11W7100 https://linux-hardware.org/?computer=E092FFF8BA04 Insignia NS-P10W8100 https://linux-hardware.org/?computer=AFB6C0BF7934 All 4 hw revisions of the LattePanda board have "S70CR" in their BIOS version DMI strings: DF-BI-7-S70CR100-* DF-BI-7-S70CR110-* DF-BI-7-S70CR200-* LP-BS-7-S70CR700-* See e.g. https://linux-hardware.org/?computer=D98250A817C0 Add a partial (non exact) DMI match on this string to make the LattePanda board DMI match more precise to avoid false-positive matches. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240211212736.179605-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index 37ad3bee66a47..352aefddc7d70 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -3796,6 +3796,16 @@ static const struct dmi_system_id dmi_platform_data[] = { DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"), DMI_EXACT_MATCH(DMI_BOARD_NAME, "Cherry Trail CR"), DMI_EXACT_MATCH(DMI_BOARD_VERSION, "Default string"), + /* + * Above strings are too generic, LattePanda BIOS versions for + * all 4 hw revisions are: + * DF-BI-7-S70CR100-* + * DF-BI-7-S70CR110-* + * DF-BI-7-S70CR200-* + * LP-BS-7-S70CR700-* + * Do a partial match for S70CR to avoid false positive matches. + */ + DMI_MATCH(DMI_BIOS_VERSION, "S70CR"), }, .driver_data = (void *)&lattepanda_board_platform_data, }, -- 2.43.0

1 year, 8 months

1
2
0 0

[PATCH AUTOSEL 5.4 1/5] selftests: tls: use exact comparison in recv_partial

by Sasha Levin

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 49d821064c44cb5ffdf272905236012ea9ce50e3 ] This exact case was fail for async crypto and we weren't catching it. Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 837206dbe5d6e..81bb3cc6704f8 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -580,12 +580,12 @@ TEST_F(tls, recv_partial) memset(recv_mem, 0, sizeof(recv_mem)); EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first), + MSG_WAITALL), strlen(test_str_first)); EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); memset(recv_mem, 0, sizeof(recv_mem)); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second), + MSG_WAITALL), strlen(test_str_second)); EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 0); } -- 2.43.0

1 year, 8 months

1
4
0 0

[PATCH AUTOSEL 5.15 1/7] btrfs: add and use helper to check if block group is used

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 1693d5442c458ae8d5b0d58463b873cd879569ed ] Add a helper function to determine if a block group is being used and make use of it at btrfs_delete_unused_bgs(). This helper will also be used in future code changes. Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/block-group.c | 3 +-- fs/btrfs/block-group.h | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 4ca6828586af5..a2bac7196d18b 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1330,8 +1330,7 @@ void btrfs_delete_unused_bgs(struct btrfs_fs_info *fs_info) } spin_lock(&block_group->lock); - if (block_group->reserved || block_group->pinned || - block_group->used || block_group->ro || + if (btrfs_is_block_group_used(block_group) || block_group->ro || list_is_singular(&block_group->list)) { /* * We want to bail if we made new allocations or have diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index a15868d607a92..f042c1c85a255 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -211,6 +211,13 @@ static inline u64 btrfs_block_group_end(struct btrfs_block_group *block_group) return (block_group->start + block_group->length); } +static inline bool btrfs_is_block_group_used(const struct btrfs_block_group *bg) +{ + lockdep_assert_held(&bg->lock); + + return (bg->used > 0 || bg->reserved > 0 || bg->pinned > 0); +} + static inline bool btrfs_is_block_group_data_only( struct btrfs_block_group *block_group) { -- 2.43.0

1 year, 8 months

1
6
0 0

[PATCH AUTOSEL 6.1 01/12] media: Revert "media: rkisp1: Drop IRQF_SHARED"

by Sasha Levin

From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> [ Upstream commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d ] This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index aeb6bb63667eb..41abb18b00acb 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret); -- 2.43.0

1 year, 8 months

1
11
0 0

[PATCH] debugfs: fix wait/cancellation handling during remove

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns out that despite all the review on the locking, we missed completely that the logic is wrong: if the refcount hits zero we can finish (and need not wait for the completion), but if it doesn't we have to trigger all the cancellations. As written, we can _never_ get into the loop triggering the cancellations. Fix this, and explain it better while at it. Cc: stable(a)vger.kernel.org Fixes: 8c88a474357e ("debugfs: add API to allow debugfs operations cancellation") Reported-by: Ben Greear <greearb(a)candelatech.com> Closes: https://lore.kernel.org/r/1c9fa9e5-09f1-0522-fdbc-dbcef4d255ca@candelatech.… Tested-by: Madhan Sai <madhan.singaraju(a)candelatech.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- fs/debugfs/inode.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 034a617cb1a5..a40da0065433 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -751,13 +751,28 @@ static void __debugfs_file_removed(struct dentry *dentry) if ((unsigned long)fsd & DEBUGFS_FSDATA_IS_REAL_FOPS_BIT) return; - /* if we hit zero, just wait for all to finish */ - if (!refcount_dec_and_test(&fsd->active_users)) { - wait_for_completion(&fsd->active_users_drained); + /* if this was the last reference, we're done */ + if (refcount_dec_and_test(&fsd->active_users)) return; - } - /* if we didn't hit zero, try to cancel any we can */ + /* + * If there's still a reference, the code that obtained it can + * be in different states: + * - The common case of not using cancellations, or already + * after debugfs_leave_cancellation(), where we just need + * to wait for debugfs_file_put() which signals the completion; + * - inside a cancellation section, i.e. between + * debugfs_enter_cancellation() and debugfs_leave_cancellation(), + * in which case we need to trigger the ->cancel() function, + * and then wait for debugfs_file_put() just like in the + * previous case; + * - before debugfs_enter_cancellation() (but obviously after + * debugfs_file_get()), in which case we may not see the + * cancellation in the list on the first round of the loop, + * but debugfs_enter_cancellation() signals the completion + * after adding it, so this code gets woken up to call the + * ->cancel() function. + */ while (refcount_read(&fsd->active_users)) { struct debugfs_cancellation *c; -- 2.43.2

1 year, 8 months

1
0
0 0

[v2] usb: xhci: Add error handling in xhci_map_urb_for_dma

by Prashanth K

Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer. Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate SG") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- v2: Updated -EAGAIN to -ENOMEM drivers/usb/host/xhci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index c057c42c36f4..35e9efdee3b2 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1217,6 +1217,8 @@ static int xhci_map_temp_buffer(struct usb_hcd *hcd, struct urb *urb) temp = kzalloc_node(buf_len, GFP_ATOMIC, dev_to_node(hcd->self.sysdev)); + if (!temp) + return -ENOMEM; if (usb_urb_dir_out(urb)) sg_pcopy_to_buffer(urb->sg, urb->num_sgs, -- 2.25.1

1 year, 8 months

2
1
0 0

[PATCH 9/9] usb: xhci: Add error handling in xhci_map_urb_for_dma

by Mathias Nyman

From: Prashanth K <quic_prashk(a)quicinc.com> Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer. Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate SG") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 5d70e0176527..8579603edaff 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1219,6 +1219,8 @@ static int xhci_map_temp_buffer(struct usb_hcd *hcd, struct urb *urb) temp = kzalloc_node(buf_len, GFP_ATOMIC, dev_to_node(hcd->self.sysdev)); + if (!temp) + return -ENOMEM; if (usb_urb_dir_out(urb)) sg_pcopy_to_buffer(urb->sg, urb->num_sgs, -- 2.25.1

1 year, 8 months

1
0
0 0

[PATCH v3 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index d5f4e4aac09b..80d9430856a8 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + drain_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4099,9 +4114,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.43.0

1 year, 8 months

3
6
0 0

[PATCH net] gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

by Alexander Ofitserov

The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 [ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 [ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 [ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000 [ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282 [ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 [ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 [ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400 [ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000 [ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 [ 1010.715968] PKRU: 55555554 [ 1010.715972] Call Trace: [ 1010.715985] ? __die_body.cold+0x1a/0x1f [ 1010.715995] ? die_addr+0x43/0x70 [ 1010.716002] ? exc_general_protection+0x199/0x2f0 [ 1010.716016] ? asm_exc_general_protection+0x1e/0x30 [ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp] [ 1010.716042] __rtnl_newlink+0x1063/0x1700 [ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0 [ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 [ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0 [ 1010.716076] ? __kernel_text_address+0x56/0xa0 [ 1010.716084] ? unwind_get_return_address+0x5a/0xa0 [ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 [ 1010.716098] ? arch_stack_walk+0x9e/0xf0 [ 1010.716106] ? stack_trace_save+0x91/0xd0 [ 1010.716113] ? stack_trace_consume_entry+0x170/0x170 [ 1010.716121] ? __lock_acquire+0x15c5/0x5380 [ 1010.716139] ? mark_held_locks+0x9e/0xe0 [ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 [ 1010.716155] ? __rtnl_newlink+0x1700/0x1700 [ 1010.716160] rtnl_newlink+0x69/0xa0 [ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50 [ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716179] ? lock_acquire+0x1fe/0x560 [ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 [ 1010.716196] netlink_rcv_skb+0x14d/0x440 [ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716208] ? netlink_ack+0xab0/0xab0 [ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 [ 1010.716220] ? netlink_deliver_tap+0x218/0xd50 [ 1010.716226] ? __virt_addr_valid+0x30b/0x590 [ 1010.716233] netlink_unicast+0x54b/0x800 [ 1010.716240] ? netlink_attachskb+0x870/0x870 [ 1010.716248] ? __check_object_size+0x2de/0x3b0 [ 1010.716254] netlink_sendmsg+0x938/0xe40 [ 1010.716261] ? netlink_unicast+0x800/0x800 [ 1010.716269] ? __import_iovec+0x292/0x510 [ 1010.716276] ? netlink_unicast+0x800/0x800 [ 1010.716284] __sock_sendmsg+0x159/0x190 [ 1010.716290] ____sys_sendmsg+0x712/0x880 [ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 [ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270 [ 1010.716309] ? lock_acquire+0x1fe/0x560 [ 1010.716315] ? drain_array_locked+0x90/0x90 [ 1010.716324] ___sys_sendmsg+0xf8/0x170 [ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170 [ 1010.716337] ? lockdep_init_map_type+0x2c7/0x860 [ 1010.716343] ? lockdep_hardirqs_on_prepare+0x430/0x430 [ 1010.716350] ? debug_mutex_init+0x33/0x70 [ 1010.716360] ? percpu_counter_add_batch+0x8b/0x140 [ 1010.716367] ? lock_acquire+0x1fe/0x560 [ 1010.716373] ? find_held_lock+0x2c/0x110 [ 1010.716384] ? __fd_install+0x1b6/0x6f0 [ 1010.716389] ? lock_downgrade+0x810/0x810 [ 1010.716396] ? __fget_light+0x222/0x290 [ 1010.716403] __sys_sendmsg+0xea/0x1b0 [ 1010.716409] ? __sys_sendmsg_sock+0x40/0x40 [ 1010.716419] ? lockdep_hardirqs_on_prepare+0x2b3/0x430 [ 1010.716425] ? syscall_enter_from_user_mode+0x1d/0x60 [ 1010.716432] do_syscall_64+0x30/0x40 [ 1010.716438] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 1010.716444] RIP: 0033:0x7fd1508cbd49 [ 1010.716452] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ef 70 0d 00 f7 d8 64 89 01 48 [ 1010.716456] RSP: 002b:00007fff18872348 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 1010.716463] RAX: ffffffffffffffda RBX: 000055f72bf0eac0 RCX: 00007fd1508cbd49 [ 1010.716468] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 1010.716473] RBP: 00007fff18872360 R08: 00007fff18872360 R09: 00007fff18872360 [ 1010.716478] R10: 00007fff18872360 R11: 0000000000000202 R12: 000055f72bf0e1b0 [ 1010.716482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1010.716491] Modules linked in: gtp(+) udp_tunnel ib_core uinput af_packet rfkill qrtr joydev hid_generic usbhid hid kvm_intel iTCO_wdt intel_pmc_bxt iTCO_vendor_support kvm snd_hda_codec_generic ledtrig_audio irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_intel nls_utf8 snd_intel_dspcfg nls_cp866 psmouse aesni_intel vfat crypto_simd fat cryptd glue_helper snd_hda_codec pcspkr snd_hda_core i2c_i801 snd_hwdep i2c_smbus xhci_pci snd_pcm lpc_ich xhci_pci_renesas xhci_hcd qemu_fw_cfg tiny_power_button button sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod ip_tables x_tables autofs4 virtio_gpu virtio_dma_buf drm_kms_helper cec rc_core drm virtio_rng virtio_scsi rng_core virtio_balloon virtio_blk virtio_net virtio_console net_failover failover ahci libahci libata evdev scsi_mod input_leds serio_raw virtio_pci intel_agp [ 1010.716674] virtio_ring intel_gtt virtio [last unloaded: gtp] [ 1010.716693] ---[ end trace 04990a4ce61e174b ]--- Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") --- drivers/net/gtp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index 2129ae42c7030..0ddec4cc84093 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -1903,26 +1903,26 @@ static int __init gtp_init(void) get_random_bytes(&gtp_h_initval, sizeof(gtp_h_initval)); - err = rtnl_link_register(&gtp_link_ops); + err = register_pernet_subsys(&gtp_net_ops); if (err < 0) goto error_out; - err = register_pernet_subsys(&gtp_net_ops); + err = rtnl_link_register(&gtp_link_ops); if (err < 0) - goto unreg_rtnl_link; + goto unreg_pernet_subsys; err = genl_register_family(&gtp_genl_family); if (err < 0) - goto unreg_pernet_subsys; + goto unreg_rtnl_link; pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", sizeof(struct pdp_ctx)); return 0; -unreg_pernet_subsys: - unregister_pernet_subsys(&gtp_net_ops); unreg_rtnl_link: rtnl_link_unregister(&gtp_link_ops); +unreg_pernet_subsys: + unregister_pernet_subsys(&gtp_net_ops); error_out: pr_err("error loading GTP module loaded\n"); return err; -- 2.42.1

1 year, 8 months

5
4
0 0

[PATCH 5.4 00/84] 5.4.270-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.270 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.270-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.270-rc1 Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: Fix xdp_md forward declaration typo Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Christian König <christian.koenig(a)amd.com> drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop pointless else after goto Jakub Kicinski <kuba(a)kernel.org> tls: rx: jump to a more appropriate label Jason Gunthorpe <jgg(a)nvidia.com> s390: use the correct count for __iowrite64_copy() Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Make debug output more detailed Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: tegra: Fix OF node reference leak Pali Rohár <pali(a)kernel.org> PCI: tegra: Fix reporting GPIO error value Sireesh Kodali <sireeshkodali1(a)gmail.com> arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node Nathan Chancellor <nathan(a)kernel.org> drm/amdgpu: Fix type of second parameter in trans_msg() callback Matthew Wilcox (Oracle) <willy(a)infradead.org> iomap: Set all uptodate bits for an Uptodate page Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/alternatives: Disable KASAN in apply_alternatives() Trek <trek00(a)inbox.ru> drm/amdgpu: Check for valid number of registers to read Icenowy Zheng <icenowy(a)aosc.io> Revert "drm/sun4i: dsi: Change the start delay calculation" Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Enable micmute LED on and HP system Björn Töpel <bjorn.topel(a)gmail.com> selftests/bpf: Avoid running unprivileged tests with alignment requirements Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: clear bridge's private skb space on xmit Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: mt7621: Fix an error message in mt7621_spi_probe() John Stultz <john.stultz(a)linaro.org> driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set Miaoqian Lin <linmq006(a)gmail.com> pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Lee Jones <lee.jones(a)linaro.org> pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Eric Dumazet <edumazet(a)google.com> tcp: add annotations around sk->sk_shutdown accesses Soheil Hassas Yeganeh <soheil(a)google.com> tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit Paolo Abeni <pabeni(a)redhat.com> tcp: factor out __tcp_close() helper Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests GONG, Ruiqi <gongruiqi1(a)huawei.com> memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() ------------- Diffstat: Makefile | 4 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/s390/pci/pci.c | 2 +- arch/x86/kernel/alternative.c | 13 + drivers/ata/ahci.c | 34 +- drivers/ata/ahci.h | 1 + drivers/base/dd.c | 9 + drivers/block/virtio_blk.c | 7 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/firewire/core-card.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 +- drivers/gpu/drm/drm_syncobj.c | 16 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 +- drivers/hwmon/coretemp.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 18 +- drivers/md/dm-crypt.c | 6 + drivers/md/dm-integrity.c | 11 +- drivers/net/gtp.c | 10 +- drivers/nvme/target/fc.c | 8 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/pci-tegra.c | 17 +- drivers/pci/msi.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 23 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-mt7621.c | 8 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/usb/cdns3/gadget.c | 8 +- drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 12 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/ext4/mballoc.c | 13 +- fs/iomap/buffered-io.c | 3 + fs/nilfs2/dat.c | 27 +- include/linux/fs.h | 2 + include/linux/lockdep.h | 5 + include/net/tcp.h | 1 + kernel/sched/rt.c | 10 +- kernel/sysctl.c | 4 + mm/memcontrol.c | 6 + mm/userfaultfd.c | 14 +- net/bridge/br_device.c | 2 + net/ipv4/af_inet.c | 2 +- net/ipv4/devinet.c | 21 +- net/ipv4/tcp.c | 27 +- net/ipv4/tcp_input.c | 4 +- net/ipv6/addrconf.c | 21 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_tables_api.c | 1 + net/packet/af_packet.c | 4 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1818 --------------------- net/sched/sch_dsmark.c | 523 ------ net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 1 + scripts/bpf_helpers_doc.py | 157 +- sound/pci/hda/patch_realtek.c | 6 +- sound/soc/sunxi/sun4i-spdif.c | 5 + tools/testing/selftests/bpf/test_verifier.c | 13 + virt/kvm/arm/vgic/vgic-its.c | 5 + 80 files changed, 572 insertions(+), 3255 deletions(-)

1 year, 8 months

8
92
0 0

[PATCH 6.6 000/299] 6.6.19-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.19 release. There are 299 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.19-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.19-rc1 Lennert Buytenhek <kernel(a)wantstofly.org> ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Szuying Chen <chensiying21(a)gmail.com> ata: ahci: add identifiers for ASM2116 series adapters Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Geliang Tang <geliang.tang(a)suse.com> mptcp: userspace pm send RM_ADDR for ID 0 Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_get_counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 2) Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: fix missing folio cleanup in writeback race path Chengming Zhou <zhouchengming(a)bytedance.com> mm/zswap: invalidate duplicate entry when !zswap_enabled Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 1) Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/iommu: fix the config fragment Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Siddharth Vadapalli <s-vadapalli(a)ti.com> net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Justin Iurman <justin.iurman(a)uliege.be> Fix write to cloned skb in ipv6_hop_ioam() Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Rémi Denis-Courmont <courmisch(a)gmail.com> phonet: take correct lock to peek at the RX queue Horatiu Vultur <horatiu.vultur(a)microchip.com> net: sparx5: Add spinlock for frame transmission from CPU Jianbo Liu <jianbol(a)nvidia.com> net/sched: flower: Add lock protection when remove filter handle Jiri Pirko <jiri(a)resnulli.us> devlink: fix port dump cmd type Jakub Kicinski <kuba(a)kernel.org> tools: ynl: don't leak mcast_groups on init error Jakub Kicinski <kuba(a)kernel.org> tools: ynl: make sure we always pass yarg to mnl_cb_run Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: put sock on tag allocation failure Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use kzalloc for hook allocation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: register hooks last when adding new chain/flowtable Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: don't skip over different type records from the rx_list Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Sabrina Dubroca <sd(a)queasysnail.net> tls: break out of main loop when PEEK gets a non-data record Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix access to temperature configuration registers Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Shigeru Yoshida <syoshida(a)redhat.com> bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Alex Elder <elder(a)linaro.org> net: ipa: don't overrun IPA suspend interrupt registers Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Maxime Ripard <mripard(a)kernel.org> drm/i915/tv: Fix TV mode Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SME registers on exit from suspend Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Vasiliy Kovalev <kovalev(a)altlinux.org> devlink: fix possible use-after-free and memory leaks in devlink_init() Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Guenter Roeck <linux(a)roeck-us.net> parisc: Fix stack unwinder Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: set active slave to primary eth1 specifically Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Sanity check is off by one Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmasp: Indicate MAC is in charge of PHY PM Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the sort compare func used in numa_fill_memblks() Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the address overlap check in numa_fill_memblks() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: use the backlog for mirred ingress Victor Nogueira <victor(a)mojatatu.com> net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: adi: requires PHYLIB support Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Ensure deferred event delivery on unoffload Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Skip MDB replays of deferred events on offload Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Fix disable_managed_interrupts Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xsk: Add truesize to skb_add_rx_frag(). Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Consider page offset for the pages to be pinned Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Bounds check mapped::pages access Lucas Stach <l.stach(a)pengutronix.de> bus: imx-weim: fix valid range check Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: tqma8mpql: fix audio codec iov-supply Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Marek Vasut <marex(a)denx.de> arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Dan Carpenter <dan.carpenter(a)linaro.org> xen/events: fix error code in xen_bind_pirq_msi_to_irq() Sohaib Nadeem <sohaib.nadeem(a)amd.com> Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Avoid enum conversion warning Steve French <stfrench(a)microsoft.com> smb3: add missing null server pointer check Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'cestab' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'in use' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: fix bash warnings on older kernels Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: diag: check CURRESTAB counters Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: avoid error msg on older kernels Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: also list skipped tests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: simult flows: fix some subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: userspace_pm: unique subtest names Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on remote_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for userspace appending addr Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Aaro Koskinen <aaro.koskinen(a)iki.fi> usb: gadget: omap_udc: fix USB gadget regression on Palm TE Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled Ondrej Jirman <megi(a)xff.cz> Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Sandeep Dhavale <dhavale(a)google.com> erofs: fix refcount on the metabuf used for inode lookup Arnd Bergmann <arnd(a)arndb.de> dm-integrity, dm-verity: reduce stack usage for recheck Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Enable interrupt if needed before EOI Oliver Upton <oliver.upton(a)linux.dev> irqchip/gic-v3-its: Do not assume vPE tables are preallocated Chen Jun <chenjun102(a)huawei.com> irqchip/mbigen: Don't use bus_get_dev_root() to find the parent zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Don't enable any tiles by default on VPU40xx Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Yu Kuai <yukuai3(a)huawei.com> md: Fix missing release of 'active_io' for flush Javier Martinez Canillas <javierm(a)redhat.com> sparc: Fix undefined reference to fb_is_primary_device Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler SeongJae Park <sj(a)kernel.org> mm/damon/reclaim: fix quota stauts loss due to online tunings Johannes Weiner <hannes(a)cmpxchg.org> mm: memcontrol: clarify swapaccount=0 deprecation warning SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: fix quota status loss due to online tunings Kairui Song <kasong(a)tencent.com> mm/swap: fix race when skipping swapcache Terry Tritton <terry.tritton(a)linaro.org> selftests/mm: uffd-unit-test check if huge page size is 0 Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Consult supported VPD page list prior to fetching page Naohiro Aota <naohiro.aota(a)wdc.com> scsi: target: pscsi: Fix bio_put() for error case Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Robert Richter <rrichter(a)amd.com> cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Fix load failures due to single window creation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: recheck the hash after a failure Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: recheck the integrity tag after a failure Helge Deller <deller(a)gmx.de> Revert "parisc: Only list existing CPUs in cpu_possible_mask" Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: recheck the integrity tag after a failure Guenter Roeck <linux(a)roeck-us.net> lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not try to set sleeping devices to standby Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: adjust few initialization order in dm Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: Don't remove bridges which are created by other drivers Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Qu Wenruo <wqu(a)suse.com> btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Call early_init_fdt_scan_reserved_mem() earlier Jonathan Corbet <corbet(a)lwn.net> docs: Instruct LaTeX to cope with deeper nesting Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Juergen Gross <jgross(a)suse.com> xen/events: modify internal [un]bind interfaces Juergen Gross <jgross(a)suse.com> xen/events: drop xen_allocate_irqs_dynamic() Juergen Gross <jgross(a)suse.com> xen/events: remove some simple helpers from events_base.c Juergen Gross <jgross(a)suse.com> xen/events: reduce externally visible helper functions Viresh Kumar <viresh.kumar(a)linaro.org> xen: evtchn: Allow shared registration of IRQ handers Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Peichen Huang <peichen.huang(a)amd.com> drm/amd/display: Request usb4 bw for mst streams Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Add dpia display mode validation logic Paolo Abeni <pabeni(a)redhat.com> mptcp: corner case locking for rx path fields initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: fix more tx path fields initialization Geliang Tang <geliang.tang(a)linux.dev> mptcp: use mptcp_set_state Geliang Tang <geliang.tang(a)linux.dev> mptcp: add CurrEstab MIB counter support Steve French <stfrench(a)microsoft.com> smb3: clarify mount warning Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle cases where multiple sessions share connection Shyam Prasad N <sprasad(a)microsoft.com> cifs: change tcon status when need_reconnect is set on it Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse points under DFS mounts Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix shared buff copy to user Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Xiubo Li <xiubli(a)redhat.com> libceph: fail sparse-read if the data length doesn't match Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Krystian Pradzynski <krystian.pradzynski(a)intel.com> accel/ivpu/40xx: Stop passing SKU boot parameters to FW Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Disable d3hot_delay on all NPU generations Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Force snooping for MMU writes Kees Cook <keescook(a)chromium.org> LoongArch: vDSO: Disable UBSAN instrumentation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it SEO HOYOUNG <hy50.seo(a)samsung.com> scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: do not announce EPCS support Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: set station RX-NSS on reconfig Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fixed overflow check in mi_enum_attr() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use i_size_read and i_size_write Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use kvfree to free memory allocated by kvmalloc Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: ntfs3_forced_shutdown use int instead of bool Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Implement super_operations::shutdown Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Drop suid and sgid bits as a part of fpunch Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add file_modified Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix multithreaded stress test Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Reduce stack usage Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve alternative boot processing Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Paulo Alcantara <pc(a)manguebit.com> smb: client: increase number of PDUs allowed in a compound request Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not search for channel if server is terminating Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Don't overwrite fwf_name with the default Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure that channel scaling is done only once Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Use correct drm device for cgroup permission check Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Will Deacon <will(a)kernel.org> misc: open-dice: Fix spurious lockdep warning Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Patrick Rudolph <patrick.rudolph(a)9elements.com> regulator (max5970): Fix IRQ handler Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Quirk to ack a connector change ack cmd Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Kunwu Chan <chentao(a)kylinos.cn> HID: nvidia-shield: Add missing null pointer checks to LED initialization Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Replace numeric device IDs with constant values Jiri Kosina <jkosina(a)suse.com> HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Add check for cpu dai link initialization Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Hans de Goede <hdegoede(a)redhat.com> Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lukas Wunner <lukas(a)wunner.de> ARM: dts: Fix TPM schema violations Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Charles Keepax <ckeepax(a)opensource.cirrus.com> spi: cs42l43: Handle error from devm_pm_runtime_enable Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Shyam Prasad N <sprasad(a)microsoft.com> cifs: helper function to check replayable error codes Shyam Prasad N <sprasad(a)microsoft.com> cifs: translate network errors on send to -ECONNABORTED Shyam Prasad N <sprasad(a)microsoft.com> cifs: cifs_pick_channel should try selecting active channels Kees Cook <keescook(a)chromium.org> smb: Work around Clang __bdos() type confusion Christian A. Ehrhardt <lk(a)c--e.de> block: Fix WARNING in _copy_from_iter Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: intel-pci: Add support for Arrow Lake SPI serial flash Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: dw-edma: increase size of 'name' in debugfs code Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Shyam Prasad N <sprasad(a)microsoft.com> cifs: open_cached_dir should not rely on primary channel Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in mm tests Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in vector tests Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: Fix logical volume rescan race condition David Strahan <david.strahan(a)microchip.com> scsi: smartpqi: Add new controller PCI IDs Hector Martin <marcan(a)marcan.st> dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us ------------- Diffstat: Documentation/conf.py | 6 + Makefile | 4 +- .../dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 +- .../dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 +- arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 +- .../dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 +- .../arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 +- .../boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 +- .../dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 +- arch/arm/mach-ep93xx/core.c | 1 + .../dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- .../dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 +- arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 +- arch/arm64/include/asm/fpsimd.h | 2 + arch/arm64/kernel/fpsimd.c | 16 + arch/arm64/kernel/suspend.c | 3 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/loongarch/Kconfig | 23 +- arch/loongarch/include/asm/acpi.h | 4 +- arch/loongarch/kernel/acpi.c | 4 +- arch/loongarch/kernel/setup.c | 4 +- arch/loongarch/kernel/smp.c | 122 +++--- arch/loongarch/vdso/Makefile | 1 + arch/mips/kernel/traps.c | 8 +- arch/parisc/kernel/processor.c | 8 - arch/parisc/kernel/unwind.c | 14 +- arch/powerpc/include/asm/ppc-pci.h | 10 + arch/powerpc/kernel/iommu.c | 23 +- arch/powerpc/platforms/pseries/pci_dlpar.c | 4 + arch/s390/pci/pci.c | 2 +- arch/sparc/Makefile | 2 +- arch/sparc/video/Makefile | 2 +- arch/x86/entry/entry.S | 23 ++ arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/nospec-branch.h | 13 + arch/x86/mm/numa.c | 21 +- block/blk-map.c | 13 +- drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 2 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 9 +- drivers/accel/ivpu/ivpu_mmu.c | 3 - drivers/ata/ahci.c | 49 ++- drivers/ata/ahci.h | 1 + drivers/ata/ahci_ceva.c | 125 +++--- drivers/ata/libata-core.c | 4 + drivers/block/aoe/aoeblk.c | 5 +- drivers/block/virtio_blk.c | 7 +- drivers/bus/imx-weim.c | 2 +- drivers/cache/ax45mp_cache.c | 4 + .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/cxl/acpi.c | 46 ++- drivers/cxl/core/pci.c | 6 +- drivers/dma/apple-admac.c | 5 +- drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 +- drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 ++ drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 38 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 +- drivers/gpu/drm/amd/display/dc/dc.h | 4 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 + drivers/gpu/drm/amd/display/dc/dc_types.h | 14 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 +- .../gpu/drm/amd/display/dc/link/link_validation.c | 60 ++- .../display/dc/link/protocols/link_dp_dpia_bw.c | 178 ++++++--- .../display/dc/link/protocols/link_dp_dpia_bw.h | 9 + drivers/gpu/drm/drm_syncobj.c | 19 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 10 +- drivers/gpu/drm/i915/display/intel_tv.c | 10 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-nvidia-shield.c | 4 + drivers/hwmon/coretemp.c | 2 +- drivers/hwmon/nct6775-core.c | 14 +- drivers/i2c/busses/i2c-imx.c | 5 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/mlx5/cong.c | 6 + drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/goodix.c | 3 +- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-mbigen.c | 8 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/md/dm-crypt.c | 95 ++++- drivers/md/dm-integrity.c | 91 ++++- drivers/md/dm-verity-target.c | 86 ++++- drivers/md/dm-verity.h | 6 + drivers/md/md.c | 6 +- drivers/misc/open-dice.c | 2 +- drivers/net/ethernet/adi/Kconfig | 1 + drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_main.h | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/gtp.c | 10 +- drivers/net/ipa/ipa_interrupt.c | 2 +- drivers/net/phy/realtek.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 +- drivers/nvme/host/fc.c | 47 +-- drivers/nvme/target/fc.c | 131 ++++--- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi/irqdomain.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 67 ++++ drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/thinkpad_acpi.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/max5970-regulator.c | 2 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/scsi/scsi.c | 22 +- drivers/scsi/sd.c | 26 +- drivers/scsi/smartpqi/smartpqi.h | 1 - drivers/scsi/smartpqi/smartpqi_init.c | 88 ++++- drivers/spi/spi-cs42l43.c | 5 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-intel-pci.c | 1 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_pscsi.c | 9 +- drivers/target/target_core_transport.c | 4 + drivers/tty/serial/amba-pl011.c | 60 +-- drivers/tty/serial/stm32-usart.c | 4 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/gadget/udc/omap_udc.c | 3 +- drivers/usb/roles/class.c | 29 +- drivers/usb/storage/scsiglue.c | 7 + drivers/usb/storage/uas.c | 7 + drivers/usb/typec/tcpm/tcpm.c | 3 - drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++- drivers/vfio/iova_bitmap.c | 25 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + drivers/xen/events/events_2l.c | 8 +- drivers/xen/events/events_base.c | 430 ++++++++++----------- drivers/xen/events/events_internal.h | 1 - drivers/xen/evtchn.c | 2 +- fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/defrag.c | 2 +- fs/cachefiles/cache.c | 2 + fs/cachefiles/daemon.c | 1 + fs/erofs/namei.c | 28 +- fs/ext4/extents.c | 111 ++++-- fs/ext4/mballoc.c | 15 +- fs/ntfs3/attrib.c | 45 ++- fs/ntfs3/attrlist.c | 12 +- fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 53 ++- fs/ntfs3/frecord.c | 17 +- fs/ntfs3/fslog.c | 228 +++++------ fs/ntfs3/fsntfs.c | 27 +- fs/ntfs3/index.c | 8 +- fs/ntfs3/inode.c | 25 +- fs/ntfs3/namei.c | 12 + fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 23 +- fs/ntfs3/record.c | 18 +- fs/ntfs3/super.c | 49 ++- fs/ntfs3/xattr.c | 6 + fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifsencrypt.c | 2 +- fs/smb/client/cifsglob.h | 12 +- fs/smb/client/connect.c | 11 + fs/smb/client/dfs.c | 7 +- fs/smb/client/file.c | 3 + fs/smb/client/fs_context.c | 2 +- fs/smb/client/readdir.c | 15 +- fs/smb/client/sess.c | 5 +- fs/smb/client/smb2pdu.c | 26 +- fs/smb/client/transport.c | 18 +- include/linux/ceph/osd_client.h | 3 +- include/linux/fs.h | 2 + include/linux/memblock.h | 2 + include/linux/mlx5/mlx5_ifc.h | 2 +- include/linux/swap.h | 5 + include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_flow_table.h | 2 +- include/net/switchdev.h | 3 + include/net/tcp.h | 2 +- include/scsi/scsi_device.h | 5 +- include/uapi/linux/bpf.h | 10 + include/xen/events.h | 4 +- kernel/bpf/helpers.c | 5 +- kernel/sched/rt.c | 9 +- lib/Kconfig.debug | 1 + mm/damon/lru_sort.c | 43 ++- mm/damon/reclaim.c | 18 +- mm/memblock.c | 5 +- mm/memcontrol.c | 10 +- mm/memory.c | 20 + mm/swap.h | 5 + mm/swapfile.c | 13 + mm/zswap.c | 7 +- net/bridge/br_switchdev.c | 86 +++-- net/ceph/osd_client.c | 18 +- net/core/filter.c | 18 +- net/core/skmsg.c | 7 +- net/devlink/core.c | 12 +- net/devlink/port.c | 2 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv4/inet_hashtables.c | 25 +- net/ipv6/addrconf.c | 21 +- net/ipv6/af_inet6.c | 1 + net/ipv6/exthdrs.c | 10 + net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/cfg.c | 2 + net/mac80211/mlme.c | 1 + net/mac80211/scan.c | 30 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mctp/route.c | 2 +- net/mptcp/diag.c | 8 +- net/mptcp/fastopen.c | 6 +- net/mptcp/mib.c | 1 + net/mptcp/mib.h | 8 + net/mptcp/options.c | 9 +- net/mptcp/pm_netlink.c | 74 ++-- net/mptcp/pm_userspace.c | 52 ++- net/mptcp/protocol.c | 69 ++-- net/mptcp/protocol.h | 25 +- net/mptcp/subflow.c | 86 +++-- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 17 +- net/netfilter/nf_tables_api.c | 81 ++-- net/phonet/datagram.c | 4 +- net/phonet/pep.c | 41 +- net/sched/act_mirred.c | 147 +++---- net/sched/cls_flower.c | 5 +- net/switchdev/switchdev.c | 73 ++++ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 24 +- net/wireless/nl80211.c | 1 + net/xdp/xsk.c | 3 +- scripts/bpf_doc.py | 2 +- sound/pci/hda/hda_intel.c | 6 +- sound/soc/amd/acp/acp-mach-common.c | 9 +- sound/soc/codecs/wm_adsp.c | 29 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + tools/include/uapi/linux/bpf.h | 10 + tools/net/ynl/lib/ynl.c | 19 +- .../selftests/drivers/net/bonding/bond_options.sh | 2 + tools/testing/selftests/iommu/config | 5 +- tools/testing/selftests/mm/uffd-unit-tests.c | 6 + .../testing/selftests/net/forwarding/tc_actions.sh | 3 - tools/testing/selftests/net/mptcp/diag.sh | 46 ++- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 +++--- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 +- tools/testing/selftests/net/mptcp/simult_flows.sh | 3 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 +- tools/testing/selftests/riscv/mm/mmap_test.h | 3 + .../selftests/riscv/vector/v_initval_nolibc.c | 2 +- .../testing/selftests/riscv/vector/vstate_prctl.c | 4 +- 300 files changed, 3611 insertions(+), 1715 deletions(-)

1 year, 8 months

14
312
0 0

[PATCH 6.7 000/334] 6.7.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.7 release. There are 334 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.7-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.7-rc1 Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_get_counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 2) Chengming Zhou <zhouchengming(a)bytedance.com> mm/zswap: invalidate duplicate entry when !zswap_enabled Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 1) Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: fix missing folio cleanup in writeback race path Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Melissa Wen <mwen(a)igalia.com> drm/amd/display: fix null-pointer dereference on edid reading Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/iommu: fix the config fragment Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Do not use GFP_KERNEL under as spinlock Tina Zhang <tina.zhang(a)intel.com> iommu: Add mm_get_enqcmd_pasid() helper function Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Siddharth Vadapalli <s-vadapalli(a)ti.com> net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Justin Iurman <justin.iurman(a)uliege.be> Fix write to cloned skb in ipv6_hop_ioam() Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Rémi Denis-Courmont <courmisch(a)gmail.com> phonet: take correct lock to peek at the RX queue Horatiu Vultur <horatiu.vultur(a)microchip.com> net: sparx5: Add spinlock for frame transmission from CPU Jianbo Liu <jianbol(a)nvidia.com> net/sched: flower: Add lock protection when remove filter handle Jiri Pirko <jiri(a)resnulli.us> devlink: fix port dump cmd type Jakub Kicinski <kuba(a)kernel.org> tools: ynl: don't leak mcast_groups on init error Jakub Kicinski <kuba(a)kernel.org> tools: ynl: make sure we always pass yarg to mnl_cb_run Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: put sock on tag allocation failure Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use kzalloc for hook allocation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: register hooks last when adding new chain/flowtable Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: don't skip over different type records from the rx_list Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Sabrina Dubroca <sd(a)queasysnail.net> tls: break out of main loop when PEEK gets a non-data record Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix access to temperature configuration registers Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Shigeru Yoshida <syoshida(a)redhat.com> bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Reject non-zero data_type if no data_len is provided Alex Elder <elder(a)linaro.org> net: ipa: don't overrun IPA suspend interrupt registers Eric Dumazet <edumazet(a)google.com> net: implement lockless setsockopt(SO_PEEK_OFF) Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Add missing dirty tracking set for parent domain Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Wrap the dirty tracking loop to be a helper Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Remove domain parameter for intel_pasid_setup_dirty_tracking() Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Track nested domains in parent Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Update iotlb in nested domain attach Maxime Ripard <mripard(a)kernel.org> drm/i915/tv: Fix TV mode Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SME registers on exit from suspend Emil Renner Berthing <emil.renner.berthing(a)canonical.com> gpiolib: Handle no pin_ranges in gpiochip_generic_config() Amit Machhiwal <amachhiw(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix L2 guest reboot failure due to empty 'arch_compat' Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Vasiliy Kovalev <kovalev(a)altlinux.org> devlink: fix possible use-after-free and memory leaks in devlink_init() Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Guenter Roeck <linux(a)roeck-us.net> parisc: Fix stack unwinder Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Fix password opcode ordering for workstations Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: set active slave to primary eth1 specifically Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Sanity check is off by one Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmasp: Indicate MAC is in charge of PHY PM Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the sort compare func used in numa_fill_memblks() Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the address overlap check in numa_fill_memblks() Dan Carpenter <dan.carpenter(a)linaro.org> drm/nouveau/mmu/r535: uninitialized variable in r535_bar_new_() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: use the backlog for mirred ingress Victor Nogueira <victor(a)mojatatu.com> net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: adi: requires PHYLIB support Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Ensure deferred event delivery on unoffload Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Skip MDB replays of deferred events on offload Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Fix disable_managed_interrupts Dan Carpenter <dan.carpenter(a)linaro.org> scsi: ufs: Uninitialized variable in ufshcd_devfreq_target() Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xsk: Add truesize to skb_add_rx_frag(). Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Consider page offset for the pages to be pinned Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Handle recording beyond the mapped pages Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Bounds check mapped::pages access Lucas Stach <l.stach(a)pengutronix.de> bus: imx-weim: fix valid range check Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: tqma8mpql: fix audio codec iov-supply Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Marek Vasut <marex(a)denx.de> arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Sohaib Nadeem <sohaib.nadeem(a)amd.com> Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Avoid enum conversion warning Steve French <stfrench(a)microsoft.com> smb3: add missing null server pointer check Lennert Buytenhek <kernel(a)wantstofly.org> ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'cestab' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'in use' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: fix bash warnings on older kernels Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: diag: check CURRESTAB counters Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: avoid error msg on older kernels Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: also list skipped tests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: simult flows: fix some subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: userspace_pm: unique subtest names Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on remote_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for userspace appending addr Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Aaro Koskinen <aaro.koskinen(a)iki.fi> usb: gadget: omap_udc: fix USB gadget regression on Palm TE Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled Ondrej Jirman <megi(a)xff.cz> Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Sandeep Dhavale <dhavale(a)google.com> erofs: fix refcount on the metabuf used for inode lookup Arnd Bergmann <arnd(a)arndb.de> dm-integrity, dm-verity: reduce stack usage for recheck Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Enable interrupt if needed before EOI Oliver Upton <oliver.upton(a)linux.dev> irqchip/gic-v3-its: Do not assume vPE tables are preallocated Chen Jun <chenjun102(a)huawei.com> irqchip/mbigen: Don't use bus_get_dev_root() to find the parent zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Don't enable any tiles by default on VPU40xx Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Yu Kuai <yukuai3(a)huawei.com> md: Fix missing release of 'active_io' for flush Yu Kuai <yukuai3(a)huawei.com> md: Don't suspend the array for interrupted reshape Yu Kuai <yukuai3(a)huawei.com> md: Don't register sync_thread for reshape directly Yu Kuai <yukuai3(a)huawei.com> md: Make sure md_do_sync() will set MD_RECOVERY_DONE Yu Kuai <yukuai3(a)huawei.com> md: Don't ignore read-only array in md_check_recovery() Yu Kuai <yukuai3(a)huawei.com> md: Don't ignore suspended array in md_check_recovery() Javier Martinez Canillas <javierm(a)redhat.com> sparc: Fix undefined reference to fb_is_primary_device Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Fix keyboard touchscreen on Lenovo Yogabook1 X90 Anshuman Khandual <anshuman.khandual(a)arm.com> mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array SeongJae Park <sj(a)kernel.org> mm/damon/reclaim: fix quota stauts loss due to online tunings SeongJae Park <sj(a)kernel.org> mm/damon/core: check apply interval in damon_do_apply_schemes() Johannes Weiner <hannes(a)cmpxchg.org> mm: memcontrol: clarify swapaccount=0 deprecation warning SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: fix quota status loss due to online tunings Kairui Song <kasong(a)tencent.com> mm/swap: fix race when skipping swapcache Terry Tritton <terry.tritton(a)linaro.org> selftests/mm: uffd-unit-test check if huge page size is 0 Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Consult supported VPD page list prior to fetching page Naohiro Aota <naohiro.aota(a)wdc.com> scsi: target: pscsi: Fix bio_put() for error case Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Robert Richter <rrichter(a)amd.com> cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Li Ming <ming4.li(a)intel.com> cxl/pci: Skip to handle RAS errors if CXL.mem device is detached Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Fix load failures due to single window creation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: recheck the hash after a failure Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: recheck the integrity tag after a failure Helge Deller <deller(a)gmx.de> Revert "parisc: Only list existing CPUs in cpu_possible_mask" Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: recheck the integrity tag after a failure Guenter Roeck <linux(a)roeck-us.net> lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not call ata_dev_power_set_standby() twice Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not try to set sleeping devices to standby Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the runtime resume failure issue Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: adjust few initialization order in dm Lewis Huang <lewis.huang(a)amd.com> drm/amd/display: Only allow dig mapping to pwrseq in new asic Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Modify duplicate list_splice_tail call Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: Don't remove bridges which are created by other drivers Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Qu Wenruo <wqu(a)suse.com> btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Call early_init_fdt_scan_reserved_mem() earlier Jonathan Corbet <corbet(a)lwn.net> docs: Instruct LaTeX to cope with deeper nesting Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW David Gow <davidgow(a)google.com> kunit: Add a macro to wrap a deferred action function Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Peichen Huang <peichen.huang(a)amd.com> drm/amd/display: Request usb4 bw for mst streams Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Add dpia display mode validation logic Paolo Abeni <pabeni(a)redhat.com> mptcp: corner case locking for rx path fields initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: fix more tx path fields initialization Geliang Tang <geliang.tang(a)linux.dev> mptcp: use mptcp_set_state Geliang Tang <geliang.tang(a)linux.dev> mptcp: add CurrEstab MIB counter support Steve French <stfrench(a)microsoft.com> smb3: clarify mount warning Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle cases where multiple sessions share connection Shyam Prasad N <sprasad(a)microsoft.com> cifs: change tcon status when need_reconnect is set on it Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse points under DFS mounts Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix shared buff copy to user Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Xiubo Li <xiubli(a)redhat.com> ceph: always check dir caps asynchronously Xiubo Li <xiubli(a)redhat.com> libceph: fail sparse-read if the data length doesn't match Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Krystian Pradzynski <krystian.pradzynski(a)intel.com> accel/ivpu/40xx: Stop passing SKU boot parameters to FW Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Disable d3hot_delay on all NPU generations Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Force snooping for MMU writes Kees Cook <keescook(a)chromium.org> LoongArch: vDSO: Disable UBSAN instrumentation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it SEO HOYOUNG <hy50.seo(a)samsung.com> scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: nvkm_gsp_radix3_sg() should use nvkm_gsp_mem_ctor() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: do not announce EPCS support Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: initialize SMPS mode correctly Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix driver debugfs for vif type change Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: set station RX-NSS on reconfig Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fixed overflow check in mi_enum_attr() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use i_size_read and i_size_write Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use kvfree to free memory allocated by kvmalloc Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix c/mtime typo Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add and fix comments Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: ntfs3_forced_shutdown use int instead of bool Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Implement super_operations::shutdown Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Drop suid and sgid bits as a part of fpunch Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add file_modified Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct use bh_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix multithreaded stress test Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Reduce stack usage Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve alternative boot processing Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Paulo Alcantara <pc(a)manguebit.com> smb: client: increase number of PDUs allowed in a compound request Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not search for channel if server is terminating Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: free queue and assoc directly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Don't overwrite fwf_name with the default Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure that channel scaling is done only once Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: fix USB-C flag update after enc10 feature init Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Use correct drm device for cgroup permission check Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Will Deacon <will(a)kernel.org> misc: open-dice: Fix spurious lockdep warning Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Patrick Rudolph <patrick.rudolph(a)9elements.com> regulator (max5970): Fix IRQ handler Chhayly Leang <clw.leang(a)gmail.com> ALSA: hda: cs35l41: Support ASUS Zenbook UM3402YAR Kenzo Gomez <kenzo.sgomez(a)gmail.com> ALSA: hda: cs35l41: Support additional ASUS Zenbook UX3402VA Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Quirk to ack a connector change ack cmd Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Kunwu Chan <chentao(a)kylinos.cn> HID: nvidia-shield: Add missing null pointer checks to LED initialization Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Replace numeric device IDs with constant values Jiri Kosina <jikos(a)kernel.org> HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Add check for cpu dai link initialization Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Hans de Goede <hdegoede(a)redhat.com> Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable ips before dc interrupt setting Lukas Wunner <lukas(a)wunner.de> ARM: dts: Fix TPM schema violations Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Charles Keepax <ckeepax(a)opensource.cirrus.com> spi: cs42l43: Handle error from devm_pm_runtime_enable Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Shyam Prasad N <sprasad(a)microsoft.com> cifs: helper function to check replayable error codes Shyam Prasad N <sprasad(a)microsoft.com> cifs: translate network errors on send to -ECONNABORTED Shyam Prasad N <sprasad(a)microsoft.com> cifs: cifs_pick_channel should try selecting active channels Kees Cook <keescook(a)chromium.org> smb: Work around Clang __bdos() type confusion Christian A. Ehrhardt <lk(a)c--e.de> block: Fix WARNING in _copy_from_iter Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: intel-pci: Add support for Arrow Lake SPI serial flash Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: dw-edma: increase size of 'name' in debugfs code Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Shyam Prasad N <sprasad(a)microsoft.com> cifs: open_cached_dir should not rely on primary channel Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in mm tests Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in vector tests Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in cbo Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in hwprobe Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: Fix logical volume rescan race condition David Strahan <david.strahan(a)microchip.com> scsi: smartpqi: Add new controller PCI IDs Hector Martin <marcan(a)marcan.st> dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Stop evicting resources on APUs in suspend ------------- Diffstat: Documentation/conf.py | 6 + Documentation/dev-tools/kunit/usage.rst | 10 +- Makefile | 4 +- .../dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 +- .../dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 +- arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 +- .../dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 +- .../arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 +- .../boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 +- .../dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 +- arch/arm/mach-ep93xx/core.c | 1 + .../dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- .../dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 +- arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 +- arch/arm64/include/asm/fpsimd.h | 2 + arch/arm64/kernel/fpsimd.c | 16 ++ arch/arm64/kernel/suspend.c | 3 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/loongarch/Kconfig | 23 +-- arch/loongarch/include/asm/acpi.h | 4 +- arch/loongarch/kernel/acpi.c | 4 +- arch/loongarch/kernel/setup.c | 4 +- arch/loongarch/kernel/smp.c | 122 ++++++----- arch/loongarch/vdso/Makefile | 1 + arch/mips/kernel/traps.c | 8 +- arch/parisc/kernel/processor.c | 8 - arch/parisc/kernel/unwind.c | 14 +- arch/powerpc/include/asm/ppc-pci.h | 10 + arch/powerpc/kernel/iommu.c | 23 ++- arch/powerpc/kvm/book3s_hv.c | 26 ++- arch/powerpc/kvm/book3s_hv_nestedv2.c | 20 +- arch/powerpc/platforms/pseries/pci_dlpar.c | 4 + arch/s390/pci/pci.c | 2 +- arch/sparc/Makefile | 2 +- arch/sparc/video/Makefile | 2 +- arch/x86/entry/entry.S | 23 +++ arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/nospec-branch.h | 13 ++ arch/x86/kernel/traps.c | 2 +- arch/x86/mm/numa.c | 21 +- block/blk-map.c | 13 +- drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 2 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 9 +- drivers/accel/ivpu/ivpu_mmu.c | 3 - drivers/ata/ahci.c | 44 +++- drivers/ata/ahci.h | 1 + drivers/ata/ahci_ceva.c | 125 ++++++----- drivers/ata/libata-core.c | 87 ++++---- drivers/block/aoe/aoeblk.c | 5 +- drivers/block/virtio_blk.c | 7 +- drivers/bus/imx-weim.c | 2 +- drivers/cache/ax45mp_cache.c | 4 + .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/cxl/acpi.c | 46 +++-- drivers/cxl/core/pci.c | 49 +++-- drivers/dma/apple-admac.c | 5 +- drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 +- drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpio/gpiolib.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 ++ drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 57 +++--- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 5 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 +- drivers/gpu/drm/amd/display/dc/dc.h | 4 +- drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 + drivers/gpu/drm/amd/display/dc/dc_types.h | 14 +- .../gpu/drm/amd/display/dc/dce/dce_panel_cntl.c | 1 + .../drm/amd/display/dc/dcn301/dcn301_panel_cntl.c | 1 + .../drm/amd/display/dc/dcn31/dcn31_panel_cntl.c | 18 +- .../amd/display/dc/dcn32/dcn32_dio_link_encoder.c | 4 +- .../amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 4 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h | 2 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 +++- drivers/gpu/drm/amd/display/dc/link/link_factory.c | 26 +-- .../gpu/drm/amd/display/dc/link/link_validation.c | 60 +++++- .../display/dc/link/protocols/link_dp_dpia_bw.c | 178 ++++++++++++---- .../display/dc/link/protocols/link_dp_dpia_bw.h | 9 + drivers/gpu/drm/drm_buddy.c | 4 +- drivers/gpu/drm/drm_syncobj.c | 19 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 10 +- drivers/gpu/drm/i915/display/intel_tv.c | 10 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 5 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 18 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-nvidia-shield.c | 4 + drivers/hwmon/coretemp.c | 2 +- drivers/hwmon/nct6775-core.c | 14 +- drivers/i2c/busses/i2c-imx.c | 5 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/mlx5/cong.c | 6 + drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/goodix.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 45 ++-- drivers/iommu/intel/iommu.c | 87 ++++++-- drivers/iommu/intel/iommu.h | 7 + drivers/iommu/intel/nested.c | 14 +- drivers/iommu/intel/pasid.c | 5 +- drivers/iommu/intel/pasid.h | 1 - drivers/iommu/iommu-sva.c | 2 +- drivers/iommu/iommufd/hw_pagetable.c | 3 +- drivers/iommu/iommufd/iova_bitmap.c | 68 +++++- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-mbigen.c | 8 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/md/dm-crypt.c | 95 +++++++-- drivers/md/dm-integrity.c | 91 +++++++- drivers/md/dm-verity-target.c | 86 +++++++- drivers/md/dm-verity.h | 6 + drivers/md/md.c | 70 ++++--- drivers/md/raid10.c | 16 +- drivers/md/raid5.c | 29 +-- drivers/misc/open-dice.c | 2 +- drivers/net/ethernet/adi/Kconfig | 1 + drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_main.h | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 -- drivers/net/gtp.c | 10 +- drivers/net/ipa/ipa_interrupt.c | 2 +- drivers/net/phy/realtek.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 +- drivers/nvme/host/fc.c | 47 +---- drivers/nvme/target/fc.c | 137 +++++++------ drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/msi/irqdomain.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 67 ++++++ drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/think-lmi.c | 20 +- drivers/platform/x86/thinkpad_acpi.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 39 +++- drivers/platform/x86/x86-android-tablets/core.c | 3 + drivers/platform/x86/x86-android-tablets/lenovo.c | 1 + .../x86/x86-android-tablets/x86-android-tablets.h | 1 + drivers/regulator/max5970-regulator.c | 2 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/scsi/scsi.c | 22 +- drivers/scsi/sd.c | 26 ++- drivers/scsi/smartpqi/smartpqi.h | 1 - drivers/scsi/smartpqi/smartpqi_init.c | 88 +++++++- drivers/spi/spi-cs42l43.c | 5 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-intel-pci.c | 1 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_pscsi.c | 9 +- drivers/target/target_core_transport.c | 4 + drivers/tty/serial/amba-pl011.c | 60 +++--- drivers/tty/serial/stm32-usart.c | 4 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/gadget/udc/omap_udc.c | 3 +- drivers/usb/roles/class.c | 29 ++- drivers/usb/storage/scsiglue.c | 7 + drivers/usb/storage/uas.c | 7 + drivers/usb/typec/tcpm/tcpm.c | 3 - drivers/usb/typec/ucsi/ucsi_acpi.c | 71 ++++++- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/defrag.c | 2 +- fs/cachefiles/cache.c | 2 + fs/cachefiles/daemon.c | 1 + fs/ceph/caps.c | 6 - fs/ceph/mds_client.c | 9 +- fs/ceph/mds_client.h | 2 +- fs/ceph/super.h | 2 - fs/erofs/namei.c | 28 +-- fs/ext4/extents.c | 111 ++++++---- fs/ext4/mballoc.c | 15 +- fs/ntfs3/attrib.c | 45 ++-- fs/ntfs3/attrlist.c | 12 +- fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/dir.c | 44 ++-- fs/ntfs3/file.c | 72 +++++-- fs/ntfs3/frecord.c | 19 +- fs/ntfs3/fslog.c | 228 ++++++++++----------- fs/ntfs3/fsntfs.c | 29 ++- fs/ntfs3/index.c | 8 +- fs/ntfs3/inode.c | 32 ++- fs/ntfs3/namei.c | 12 ++ fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 25 +-- fs/ntfs3/record.c | 18 +- fs/ntfs3/super.c | 49 +++-- fs/ntfs3/xattr.c | 6 + fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifsencrypt.c | 2 +- fs/smb/client/cifsglob.h | 12 +- fs/smb/client/connect.c | 11 + fs/smb/client/dfs.c | 7 +- fs/smb/client/file.c | 3 + fs/smb/client/fs_context.c | 2 +- fs/smb/client/readdir.c | 15 +- fs/smb/client/sess.c | 5 +- fs/smb/client/smb2pdu.c | 26 ++- fs/smb/client/transport.c | 18 +- include/kunit/resource.h | 21 ++ include/linux/ceph/osd_client.h | 3 +- include/linux/fs.h | 2 + include/linux/iommu.h | 12 ++ include/linux/memblock.h | 2 + include/linux/mlx5/mlx5_ifc.h | 2 +- include/linux/swap.h | 5 + include/net/netfilter/nf_flow_table.h | 2 +- include/net/switchdev.h | 3 + include/net/tcp.h | 2 +- include/scsi/scsi_device.h | 5 +- kernel/bpf/helpers.c | 5 +- lib/Kconfig.debug | 1 + lib/kunit/kunit-test.c | 5 +- lib/kunit/test.c | 6 +- mm/damon/core.c | 15 +- mm/damon/lru_sort.c | 43 +++- mm/damon/reclaim.c | 18 +- mm/memblock.c | 6 +- mm/memcontrol.c | 10 +- mm/memory.c | 20 ++ mm/swap.h | 5 + mm/swapfile.c | 13 ++ mm/zswap.c | 7 +- net/bridge/br_switchdev.c | 86 +++++--- net/ceph/osd_client.c | 18 +- net/core/skmsg.c | 7 +- net/core/sock.c | 23 +-- net/devlink/core.c | 12 +- net/devlink/port.c | 2 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv4/inet_hashtables.c | 25 ++- net/ipv4/udp.c | 7 +- net/ipv6/addrconf.c | 21 +- net/ipv6/exthdrs.c | 10 + net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/cfg.c | 2 + net/mac80211/debugfs_netdev.c | 4 +- net/mac80211/debugfs_netdev.h | 5 - net/mac80211/iface.c | 2 +- net/mac80211/mlme.c | 8 +- net/mac80211/scan.c | 30 +-- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mctp/route.c | 2 +- net/mptcp/diag.c | 8 +- net/mptcp/fastopen.c | 6 +- net/mptcp/mib.c | 1 + net/mptcp/mib.h | 8 + net/mptcp/options.c | 9 +- net/mptcp/pm_netlink.c | 74 ++++--- net/mptcp/pm_userspace.c | 15 +- net/mptcp/protocol.c | 69 ++++--- net/mptcp/protocol.h | 25 ++- net/mptcp/subflow.c | 86 +++++--- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 17 +- net/netfilter/nf_tables_api.c | 81 ++++---- net/phonet/datagram.c | 4 +- net/phonet/pep.c | 41 +++- net/sched/act_mirred.c | 147 ++++++------- net/sched/cls_flower.c | 5 +- net/switchdev/switchdev.c | 73 +++++++ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 24 ++- net/unix/af_unix.c | 19 +- net/wireless/nl80211.c | 1 + net/xdp/xsk.c | 3 +- scripts/bpf_doc.py | 2 +- sound/pci/hda/cs35l41_hda_property.c | 4 + sound/pci/hda/hda_intel.c | 6 +- sound/soc/amd/acp/acp-mach-common.c | 9 +- sound/soc/codecs/wm_adsp.c | 29 ++- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 ++ tools/net/ynl/lib/ynl.c | 19 +- .../selftests/drivers/net/bonding/bond_options.sh | 2 + tools/testing/selftests/iommu/config | 5 +- tools/testing/selftests/mm/uffd-unit-tests.c | 6 + .../testing/selftests/net/forwarding/tc_actions.sh | 3 - tools/testing/selftests/net/mptcp/diag.sh | 46 ++++- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 ++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 ++++------ tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 ++ tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 +- tools/testing/selftests/net/mptcp/simult_flows.sh | 3 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 +- tools/testing/selftests/riscv/hwprobe/cbo.c | 6 +- tools/testing/selftests/riscv/hwprobe/hwprobe.c | 4 +- tools/testing/selftests/riscv/mm/mmap_test.h | 3 + .../selftests/riscv/vector/v_initval_nolibc.c | 2 +- .../testing/selftests/riscv/vector/vstate_prctl.c | 4 +- 340 files changed, 3847 insertions(+), 1826 deletions(-)

1 year, 8 months

14
348
0 0

[PATCH 6.1 000/195] 6.1.80-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.80 release. There are 195 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.80-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.80-rc1 Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Enhance the attribute size check Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Lennert Buytenhek <kernel(a)wantstofly.org> ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Szuying Chen <chensiying21(a)gmail.com> ata: ahci: add identifiers for ASM2116 series adapters Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Geliang Tang <geliang.tang(a)suse.com> mptcp: userspace pm send RM_ADDR for ID 0 Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: fix missing folio cleanup in writeback race path Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio SeongJae Park <sj(a)kernel.org> mm/damon/reclaim: fix quota stauts loss due to online tunings Gao Xiang <xiang(a)kernel.org> erofs: fix inconsistent per-file compression format Gao Xiang <xiang(a)kernel.org> erofs: simplify compression configuration parser Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Siddharth Vadapalli <s-vadapalli(a)ti.com> net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Justin Iurman <justin.iurman(a)uliege.be> Fix write to cloned skb in ipv6_hop_ioam() Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Rémi Denis-Courmont <courmisch(a)gmail.com> phonet: take correct lock to peek at the RX queue Horatiu Vultur <horatiu.vultur(a)microchip.com> net: sparx5: Add spinlock for frame transmission from CPU Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: put sock on tag allocation failure Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use kzalloc for hook allocation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: register hooks last when adding new chain/flowtable Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rename function to destroy hook list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: simplify route logic Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: don't skip over different type records from the rx_list Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Sabrina Dubroca <sd(a)queasysnail.net> tls: break out of main loop when PEEK gets a non-data record Shigeru Yoshida <syoshida(a)redhat.com> bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SME registers on exit from suspend Kees Cook <keescook(a)chromium.org> net: dev: Convert sa_data to flexible array in struct sockaddr Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the sort compare func used in numa_fill_memblks() Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the address overlap check in numa_fill_memblks() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: adi: requires PHYLIB support Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Ensure deferred event delivery on unoffload Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Skip MDB replays of deferred events on offload Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Fix disable_managed_interrupts Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Consider page offset for the pages to be pinned Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Bounds check mapped::pages access Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Sohaib Nadeem <sohaib.nadeem(a)amd.com> Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for userspace appending addr Geliang Tang <geliang.tang(a)suse.com> mptcp: make userspace_pm_append_new_local_addr static Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Sandeep Dhavale <dhavale(a)google.com> erofs: fix refcount on the metabuf used for inode lookup Arnd Bergmann <arnd(a)arndb.de> dm-integrity, dm-verity: reduce stack usage for recheck Peter Zijlstra <peterz(a)infradead.org> x86/alternative: Make custom return thunk unconditional Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/alternative: Make custom return thunk unconditional" Peter Zijlstra <peterz(a)infradead.org> x86/returnthunk: Allow different return thunks Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Enable interrupt if needed before EOI Oliver Upton <oliver.upton(a)linux.dev> irqchip/gic-v3-its: Do not assume vPE tables are preallocated zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Yu Kuai <yukuai3(a)huawei.com> md: Fix missing release of 'active_io' for flush Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Johannes Weiner <hannes(a)cmpxchg.org> mm: memcontrol: clarify swapaccount=0 deprecation warning SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: fix quota status loss due to online tunings Kairui Song <kasong(a)tencent.com> mm/swap: fix race when skipping swapcache Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Consult supported VPD page list prior to fetching page Naohiro Aota <naohiro.aota(a)wdc.com> scsi: target: pscsi: Fix bio_put() for error case Robert Richter <rrichter(a)amd.com> cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: recheck the hash after a failure Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: recheck the integrity tag after a failure Helge Deller <deller(a)gmx.de> Revert "parisc: Only list existing CPUs in cpu_possible_mask" Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: recheck the integrity tag after a failure Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not try to set sleeping devices to standby Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Disable IRQ before init_fn() for nonboot CPUs Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Steve French <stfrench(a)microsoft.com> smb3: clarify mount warning Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse points under DFS mounts Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it SEO HOYOUNG <hy50.seo(a)samsung.com> scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: set station RX-NSS on reconfig Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Paulo Alcantara <pc(a)manguebit.com> smb: client: increase number of PDUs allowed in a compound request Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Don't overwrite fwf_name with the default Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Will Deacon <will(a)kernel.org> misc: open-dice: Fix spurious lockdep warning Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Quirk to ack a connector change ack cmd Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Hans de Goede <hdegoede(a)redhat.com> Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Shyam Prasad N <sprasad(a)microsoft.com> cifs: translate network errors on send to -ECONNABORTED Kees Cook <keescook(a)chromium.org> smb: Work around Clang __bdos() type confusion Christian A. Ehrhardt <lk(a)c--e.de> block: Fix WARNING in _copy_from_iter Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Shyam Prasad N <sprasad(a)microsoft.com> cifs: open_cached_dir should not rely on primary channel Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Hector Martin <marcan(a)marcan.st> dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Makefile | 4 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + arch/arm64/include/asm/fpsimd.h | 2 + arch/arm64/kernel/fpsimd.c | 14 + arch/arm64/kernel/suspend.c | 3 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/loongarch/Kconfig | 23 +- arch/loongarch/kernel/smp.c | 1 + arch/mips/kernel/traps.c | 8 +- arch/parisc/kernel/processor.c | 8 - arch/s390/pci/pci.c | 2 +- arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/kernel/alternative.c | 13 +- arch/x86/kernel/ftrace.c | 2 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/mm/numa.c | 21 +- arch/x86/net/bpf_jit_comp.c | 2 +- block/blk-map.c | 13 +- drivers/ata/ahci.c | 49 +- drivers/ata/ahci.h | 1 + drivers/ata/ahci_ceva.c | 125 +- drivers/ata/libata-core.c | 4 + drivers/block/aoe/aoeblk.c | 5 +- drivers/block/virtio_blk.c | 7 +- .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/cxl/core/pci.c | 6 +- drivers/dma/apple-admac.c | 5 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + drivers/gpu/drm/drm_syncobj.c | 6 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hwmon/coretemp.c | 2 +- drivers/i2c/busses/i2c-imx.c | 5 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/goodix.c | 3 +- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/md/dm-crypt.c | 95 +- drivers/md/dm-integrity.c | 91 +- drivers/md/dm-verity-target.c | 86 +- drivers/md/dm-verity.h | 6 + drivers/md/md.c | 6 +- drivers/misc/open-dice.c | 2 +- drivers/net/ethernet/adi/Kconfig | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_main.h | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/gtp.c | 10 +- drivers/net/phy/realtek.c | 4 +- drivers/nvme/host/fc.c | 47 +- drivers/nvme/target/fc.c | 131 +- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi/irqdomain.c | 2 +- drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/thinkpad_acpi.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/scsi/scsi.c | 22 +- drivers/scsi/smartpqi/smartpqi_init.c | 5 +- drivers/soc/mediatek/mtk-pm-domains.c | 15 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_pscsi.c | 9 +- drivers/target/target_core_transport.c | 4 + drivers/tty/serial/amba-pl011.c | 60 +- drivers/ufs/core/ufshcd.c | 1 - drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 29 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +- drivers/vfio/iova_bitmap.c | 25 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/cachefiles/cache.c | 2 + fs/cachefiles/daemon.c | 1 + fs/erofs/compress.h | 4 + fs/erofs/decompressor.c | 60 +- fs/erofs/decompressor_lzma.c | 4 +- fs/erofs/internal.h | 28 +- fs/erofs/namei.c | 28 +- fs/erofs/super.c | 72 +- fs/erofs/zmap.c | 23 +- fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 15 +- fs/ntfs3/attrib.c | 20 +- fs/ntfs3/attrlist.c | 8 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 2 + fs/ntfs3/fslog.c | 14 +- fs/ntfs3/fsntfs.c | 24 + fs/ntfs3/inode.c | 2 +- fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 14 +- fs/ntfs3/record.c | 25 +- fs/ntfs3/xattr.c | 3 + fs/smb/client/cached_dir.c | 2 +- fs/smb/client/cifsencrypt.c | 2 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/fs_context.c | 2 +- fs/smb/client/readdir.c | 15 +- fs/smb/client/smb2pdu.c | 6 + fs/smb/client/transport.c | 15 +- include/linux/fs.h | 2 + include/linux/memblock.h | 2 + include/linux/socket.h | 5 +- include/linux/swap.h | 5 + include/net/netfilter/nf_flow_table.h | 4 +- include/net/switchdev.h | 3 + include/net/tcp.h | 2 +- include/scsi/scsi_device.h | 4 - kernel/bpf/helpers.c | 5 +- kernel/sched/rt.c | 12 +- mm/damon/lru_sort.c | 43 +- mm/damon/reclaim.c | 18 +- mm/memblock.c | 5 +- mm/memcontrol.c | 10 +- mm/memory.c | 20 + mm/swap.h | 5 + mm/swapfile.c | 13 + mm/zswap.c | 2 + net/bridge/br_switchdev.c | 86 +- net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/core/skmsg.c | 7 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv4/inet_hashtables.c | 25 +- net/ipv6/addrconf.c | 21 +- net/ipv6/exthdrs.c | 10 + net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/cfg.c | 2 + net/mac80211/mlme.c | 1 + net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mctp/route.c | 2 +- net/mptcp/diag.c | 6 +- net/mptcp/pm_netlink.c | 24 +- net/mptcp/pm_userspace.c | 54 +- net/mptcp/protocol.h | 2 - net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 41 +- net/netfilter/nf_tables_api.c | 87 +- net/netfilter/nft_flow_offload.c | 14 +- net/packet/af_packet.c | 10 +- net/phonet/datagram.c | 4 +- net/phonet/pep.c | 41 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 706 -------- net/sched/sch_cbq.c | 1727 -------------------- net/sched/sch_dsmark.c | 518 ------ net/switchdev/switchdev.c | 73 + net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 24 +- net/wireless/nl80211.c | 1 + scripts/bpf_doc.py | 2 +- sound/soc/codecs/wm_adsp.c | 29 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + .../selftests/tc-testing/tc-tests/qdiscs/atm.json | 94 -- .../selftests/tc-testing/tc-tests/qdiscs/cbq.json | 184 --- .../tc-testing/tc-tests/qdiscs/dsmark.json | 140 -- 202 files changed, 1956 insertions(+), 4293 deletions(-)

1 year, 8 months

13
207
0 0

[PATCH v2] xhci: Allow RPM on the USB controller (1022:43f7) by default

by Basavaraj Natikar

The AMD USB host controller (1022:43f7) does not enter PCI D3 by default when nothing is connected. This is due to the policy introduced by 'commit a611bf473d1f ("xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices")', which only covers 1.2 or later devices. Therefore, by default, allow RPM on the AMD USB controller [1022:43f7]. Fixes: 4baf12181509 ("xhci: Loosen RPM as default policy to cover for AMD xHC 1.1") Link: https://lore.kernel.org/all/12335218.O9o76ZdvQC@natalenko.name/ Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: stable(a)vger.kernel.org Tested-by: Oleksandr Natalenko <oleksandr(a)natalenko.name> Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> --- Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b534ca9752be..1eb7a41a75d7 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -473,6 +473,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; + else if (pdev->vendor == PCI_VENDOR_ID_AMD && pdev->device == 0x43f7) + xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; if (xhci->quirks & XHCI_RESET_ON_RESUME) xhci_dbg_trace(xhci, trace_xhci_dbg_quirks, -- 2.25.1

1 year, 8 months

4
5
0 0

[PATCH v2 2/2] of: overlay: Synchronize of_overlay_remove() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_overlay_remove() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/overlay.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c index 2ae7e9d24a64..99659ae9fb28 100644 --- a/drivers/of/overlay.c +++ b/drivers/of/overlay.c @@ -853,6 +853,14 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) { int i; + /* + * Wait for any ongoing device link removals before removing some of + * nodes. Drop the global lock while waiting + */ + mutex_unlock(&of_mutex); + device_link_wait_removal(); + mutex_lock(&of_mutex); + if (ovcs->cset.entries.next) of_changeset_destroy(&ovcs->cset); @@ -862,7 +870,6 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) ovcs->id = 0; } - for (i = 0; i < ovcs->count; i++) { of_node_put(ovcs->fragments[i].target); of_node_put(ovcs->fragments[i].overlay); -- 2.43.0

1 year, 8 months

2
4
0 0

[PATCH v2] USB:UAS:return ENODEV when submit urbs fail with device not attached.

by Weitao Wang

In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs function to return a value -ENODEV when submit URB fail with device in NOTATTACHED state. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> --- v1->v2 - Modify the description of this patch. drivers/usb/storage/uas.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 9707f53cfda9..967f18db525a 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,16 +541,15 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, @@ -562,9 +561,9 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -582,7 +581,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -602,7 +601,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -621,7 +620,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +697,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; } -- 2.32.0

1 year, 8 months

3
7
0 0

[PATCH 6.1.y 0/6] Delay VERW - 6.1.y backport

by Pawan Gupta

This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 1/6 includes a minor fix that is queued for upstream: https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@… Patch 1,2,5 and 6 needed conflict resolution. I saw a few new warnings: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction I tried using REACHABLE, but that did not fix the warning. For the below warning: vmlinux.o: warning: objtool: .altinstr_replacement+0x17: unsupported relocation in alternatives section not sure if this is related to this series or a pre-existing warning, I will check later without this series. I am not too concerned because the alternative did substitute verw correctly: entry_SYSCALL_64: ... 0xffffffff8200013d <+253>: swapgs 0xffffffff82000140 <+256>: verw 0xffffffff82000000 0xffffffff82000148 <+264>: sysretq 0xffffffff8200014b <+267>: int3 --- Pawan Gupta (5): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry.S | 22 +++++++++++++++++++++ arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 25 ++++++++++++------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 12 ++++++++---- 13 files changed, 103 insertions(+), 46 deletions(-) --- base-commit: 81e1dc2f70014b9523dd02ca763788e4f81e5bac change-id: 20240226-delay-verw-backport-6-1-y-4b0cec84087c

1 year, 8 months

3
12
0 0

[PATCH v2 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index d5f4e4aac09b..80d9430856a8 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + drain_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4099,9 +4114,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.43.0

1 year, 8 months

2
1
0 0

[PATCH v2] spmi: hisi-spmi-controller: Fix kernel panic on rmmod

by Vamshi Gajjela

Ensure consistency in spmi_controller pointers between spmi_controller_remove/put and driver spmi_del_controller functions. The former requires a pointer to struct spmi_controller, while the latter passes a pointer of struct spmi_controller_dev, leading to a "Null pointer exception". Signed-off-by: Vamshi Gajjela <vamshigajjela(a)google.com> Fixes: 70f59c90c819 ("staging: spmi: add Hikey 970 SPMI controller driver") Cc: stable(a)vger.kernel.org --- v2: - Split into two separate patches - add Fixes and Cc stable drivers/spmi/hisi-spmi-controller.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c index 9cbd473487cb..4b6189d8cc4d 100644 --- a/drivers/spmi/hisi-spmi-controller.c +++ b/drivers/spmi/hisi-spmi-controller.c @@ -326,7 +326,8 @@ static int spmi_controller_probe(struct platform_device *pdev) static void spmi_del_controller(struct platform_device *pdev) { - struct spmi_controller *ctrl = platform_get_drvdata(pdev); + struct spmi_controller_dev *spmi_controller = platform_get_drvdata(pdev); + struct spmi_controller *ctrl = spmi_controller->controller; spmi_controller_remove(ctrl); spmi_controller_put(ctrl); -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

2
1
0 0

Re: [PATCH] of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing

by Saravana Kannan

On Fri, Feb 23, 2024 at 9:24 PM Saravana Kannan <saravanak(a)google.com> wrote: > > Introduced a stupid bug in commit 782bfd03c3ae ("of: property: Improve > finding the supplier of a remote-endpoint property") due to a last minute > incorrect edit of "index !=0" into "!index". This patch fixes it to be > "index > 0" to match the comment right next to it. Greg, this needs to land in the stable branches once Rob picks it up for the next 6.8-rc. -Saravana > > Reported-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> > Link: https://lore.kernel.org/lkml/20240223171849.10f9901d@booty/ > Fixes: 782bfd03c3ae ("of: property: Improve finding the supplier of a remote-endpoint property") > Signed-off-by: Saravana Kannan <saravanak(a)google.com> > --- > Using Link: instead of Closes: because Luca reported two separate issues. > > Sorry about introducing a stupid bug in an -rcX Rob. > > -Saravana > > drivers/of/property.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/of/property.c b/drivers/of/property.c > index b71267c6667c..fa8cd33be131 100644 > --- a/drivers/of/property.c > +++ b/drivers/of/property.c > @@ -1304,7 +1304,7 @@ static struct device_node *parse_remote_endpoint(struct device_node *np, > int index) > { > /* Return NULL for index > 0 to signify end of remote-endpoints. */ > - if (!index || strcmp(prop_name, "remote-endpoint")) > + if (index > 0 || strcmp(prop_name, "remote-endpoint")) > return NULL; > > return of_graph_get_remote_port_parent(np); > -- > 2.44.0.rc0.258.g7320e95886-goog >

1 year, 8 months

3
2
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

1
0
0 0

[PATCH v2 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

2
2
0 0

[PATCH v2] usb: typec: altmodes/displayport: create sysfs nodes after assigning driver data

by RD Babiera

The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Create sysfs nodes after typec_altmode_set_drvdata call. Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- Changes from v1: * Moved sysfs node creation instead of NULL checking dev_get_drvdata(). --- drivers/usb/typec/altmodes/displayport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c index 5a80776c7255..5bbdd2c04237 100644 --- a/drivers/usb/typec/altmodes/displayport.c +++ b/drivers/usb/typec/altmodes/displayport.c @@ -731,10 +731,6 @@ int dp_altmode_probe(struct typec_altmode *alt) DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo))) return -ENODEV; - ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group); - if (ret) - return ret; - dp = devm_kzalloc(&alt->dev, sizeof(*dp), GFP_KERNEL); if (!dp) return -ENOMEM; @@ -766,6 +762,10 @@ int dp_altmode_probe(struct typec_altmode *alt) if (plug) typec_altmode_set_drvdata(plug, dp); + ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group); + if (ret) + return ret; + dp->state = plug ? DP_STATE_ENTER_PRIME : DP_STATE_ENTER; schedule_work(&dp->work); base-commit: a560a5672826fc1e057068bda93b3d4c98d037a2 -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

2
2
0 0

[PATCH] docs: Restore "smart quotes" for quotes

by Akira Yokosawa

Commit eaae75754d81 ("docs: turn off "smart quotes" in the HTML build") disabled conversion of quote marks along with that of dashes. Despite the short summary, the change affects not only HTML build but also other build targets including PDF. However, as "smart quotes" had been enabled for more than half a decade already, quite a few readers of HTML pages are likely expecting conversions of "foo" -> “foo” and 'bar' -> ‘bar’. Furthermore, in LaTeX typesetting convention, it is common to use distinct marks for opening and closing quote marks. To satisfy such readers' expectation, restore conversion of quotes only by setting smartquotes_action [1]. Link: [1] https://www.sphinx-doc.org/en/master/usage/configuration.html#confval-smart… Cc: stable(a)vger.kernel.org # v6.4 Signed-off-by: Akira Yokosawa <akiyks(a)gmail.com> --- Documentation/conf.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/conf.py b/Documentation/conf.py index da64c9fb7e07..d148f3e8dd57 100644 --- a/Documentation/conf.py +++ b/Documentation/conf.py @@ -346,9 +346,9 @@ sys.stderr.write("Using %s theme\n" % html_theme) html_static_path = ['sphinx-static'] # If true, Docutils "smart quotes" will be used to convert quotes and dashes -# to typographically correct entities. This will convert "--" to "—", -# which is not always what we want, so disable it. -smartquotes = False +# to typographically correct entities. However, conversion of "--" to "—" +# is not always what we want, so enable only quotes. +smartquotes_action = 'q' # Custom sidebar templates, maps document names to template names. # Note that the RTD theme ignores this base-commit: 32ed7930304ca7600a54c2e702098bd2ce7086af -- 2.34.1

1 year, 8 months

2
1
0 0

[PATCH v2 04/12] PCI: qcom: Add support for disabling ASPM L0s in devicetree

by Johan Hovold

Commit 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") started enabling ASPM unconditionally when the hardware claims to support it. This triggers Correctable Errors for some PCIe devices on machines like the Lenovo ThinkPad X13s, which could indicate an incomplete driver ASPM implementation or that the hardware does in fact not support L0s. Add support for disabling ASPM L0s in the devicetree when it is not supported on a particular machine and controller. Note that only the 1.9.0 ops enable ASPM currently. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pci/controller/dwc/pcie-qcom.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 09d485df34b9..0fb5dc06d2ef 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -273,6 +273,25 @@ static int qcom_pcie_start_link(struct dw_pcie *pci) return 0; } +static void qcom_pcie_clear_aspm_l0s(struct dw_pcie *pci) +{ + u16 offset; + u32 val; + + if (!of_property_read_bool(pci->dev->of_node, "aspm-no-l0s")) + return; + + offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); + + dw_pcie_dbi_ro_wr_en(pci); + + val = readl(pci->dbi_base + offset + PCI_EXP_LNKCAP); + val &= ~PCI_EXP_LNKCAP_ASPM_L0S; + writel(val, pci->dbi_base + offset + PCI_EXP_LNKCAP); + + dw_pcie_dbi_ro_wr_dis(pci); +} + static void qcom_pcie_clear_hpc(struct dw_pcie *pci) { u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); @@ -962,6 +981,7 @@ static int qcom_pcie_init_2_7_0(struct qcom_pcie *pcie) static int qcom_pcie_post_init_2_7_0(struct qcom_pcie *pcie) { + qcom_pcie_clear_aspm_l0s(pcie->pci); qcom_pcie_clear_hpc(pcie->pci); return 0; -- 2.43.0

1 year, 8 months

3
3
0 0

[PATCH v1] ALSA: memalloc: Fix indefinite hang in non-iommu case

by Karthikeyan Ramasubramanian

Before 9d8e536 ("ALSA: memalloc: Try dma_alloc_noncontiguous() at first") the alsa non-contiguous allocator always called the alsa fallback allocator in the non-iommu case. This allocated non-contig memory consisting of progressively smaller contiguous chunks. Allocation was fast due to the OR-ing in of __GFP_NORETRY. After 9d8e536 ("ALSA: memalloc: Try dma_alloc_noncontiguous() at first") the code tries the dma non-contig allocator first, then falls back to the alsa fallback allocator. In the non-iommu case, the former supports only a single contiguous chunk. We have observed experimentally that under heavy memory fragmentation, allocating a large-ish contiguous chunk with __GFP_RETRY_MAYFAIL triggers an indefinite hang in the dma non-contig allocator. This has high-impact, as an occurrence will trigger a device reboot, resulting in loss of user state. Fix the non-iommu path by letting dma_alloc_noncontiguous() fail quickly so it does not get stuck looking for that elusive large contiguous chunk, in which case we will fall back to the alsa fallback allocator. Note that the iommu dma non-contiguous allocator is not affected. While assembling an array of pages, it tries consecutively smaller contiguous allocations, and lets higher-order chunk allocations fail quickly. Suggested-by: Sven van Ashbrook <svenva(a)chromium.org> Suggested-by: Brian Geffon <bgeffon(a)google.com> Fixes: 9d8e536d36e7 ("ALSA: memalloc: Try dma_alloc_noncontiguous() at first") Cc: stable(a)vger.kernel.org Cc: Sven van Ashbrook <svenva(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- sound/core/memalloc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c index f901504b5afc1..5f6526a0d731c 100644 --- a/sound/core/memalloc.c +++ b/sound/core/memalloc.c @@ -540,13 +540,18 @@ static void *snd_dma_noncontig_alloc(struct snd_dma_buffer *dmab, size_t size) { struct sg_table *sgt; void *p; + gfp_t gfp_flags = DEFAULT_GFP; #ifdef CONFIG_SND_DMA_SGBUF if (cpu_feature_enabled(X86_FEATURE_XENPV)) return snd_dma_sg_fallback_alloc(dmab, size); + + /* Non-IOMMU case: prevent allocator from searching forever */ + if (!get_dma_ops(dmab->dev.dev)) + gfp_flags |= __GFP_NORETRY; #endif sgt = dma_alloc_noncontiguous(dmab->dev.dev, size, dmab->dev.dir, - DEFAULT_GFP, 0); + gfp_flags, 0); #ifdef CONFIG_SND_DMA_SGBUF if (!sgt && !get_dma_ops(dmab->dev.dev)) return snd_dma_sg_fallback_alloc(dmab, size); -- 2.43.0.687.g38aa6559b0-goog

1 year, 8 months

4
13
0 0

[PATCH 1/4] fuse: replace remaining make_bad_inode() with fuse_make_bad()

by Miklos Szeredi

fuse_do_statx() was added with the wrong helper. Fixes: d3045530bdd2 ("fuse: implement statx") Cc: <stable(a)vger.kernel.org> # v6.6 Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> --- fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 25c7c97f774b..ce6a38c56d54 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1214,7 +1214,7 @@ static int fuse_do_statx(struct inode *inode, struct file *file, if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) || ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) || inode_wrong_type(inode, sx->mode)))) { - make_bad_inode(inode); + fuse_make_bad(inode); return -EIO; } -- 2.43.2

1 year, 8 months

3
4
0 0

[PATCH 1/2] drm/i915: Don't explode when the dig port we don't have an AUX CH

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> The icl+ power well code currently assumes that every AUX power well maps to an encoder which is using said power well. That is by no menas guaranteed as we: - only register encoders for ports declared in the VBT - combo PHY HDMI-only encoder no longer get an AUX CH since commit 9856308c94ca ("drm/i915: Only populate aux_ch if really needed") However we have places such as intel_power_domains_sanitize_state() that blindly traverse all the possible power wells. So these bits of code may very well encounbter an aux power well with no associated encoder. In this particular case the BIOS seems to have left one AUX power well enabled even though we're dealing with a HDMI only encoder on a combo PHY. We then proceed to turn off said power well and explode when we can't find a matching encoder. As a short term fix we should be able to just skip the PHY related parts of the power well programming since we know this situation can only happen with combo PHYs. Another option might be to go back to always picking an AUX CH for all encoders. However I'm a bit wary about that since we might in theory end up conflicting with the VBT AUX CH assignment. Also that wouldn't help with encoders not declared in the VBT, should we ever need to poke the corresponding power wells. Longer term we need to figure out what the actual relationship is between the PHY vs. AUX CH vs. AUX power well. Currently this is entirely unclear. Cc: stable(a)vger.kernel.org Fixes: 9856308c94ca ("drm/i915: Only populate aux_ch if really needed") Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10184 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- .../drm/i915/display/intel_display_power_well.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_power_well.c b/drivers/gpu/drm/i915/display/intel_display_power_well.c index 47cd6bb04366..06900ff307b2 100644 --- a/drivers/gpu/drm/i915/display/intel_display_power_well.c +++ b/drivers/gpu/drm/i915/display/intel_display_power_well.c @@ -246,7 +246,14 @@ static enum phy icl_aux_pw_to_phy(struct drm_i915_private *i915, enum aux_ch aux_ch = icl_aux_pw_to_ch(power_well); struct intel_digital_port *dig_port = aux_ch_to_digital_port(i915, aux_ch); - return intel_port_to_phy(i915, dig_port->base.port); + /* + * FIXME should we care about the (VBT defined) dig_port->aux_ch + * relationship or should this be purely defined by the hardware layout? + * Currently if the port doesn't appear in the VBT, or if it's declared + * as HDMI-only and routed to a combo PHY, the encoder either won't be + * present at all or it will not have an aux_ch assigned. + */ + return dig_port ? intel_port_to_phy(i915, dig_port->base.port) : PHY_NONE; } static void hsw_wait_for_power_well_enable(struct drm_i915_private *dev_priv, @@ -414,7 +421,8 @@ icl_combo_phy_aux_power_well_enable(struct drm_i915_private *dev_priv, intel_de_rmw(dev_priv, regs->driver, 0, HSW_PWR_WELL_CTL_REQ(pw_idx)); - if (DISPLAY_VER(dev_priv) < 12) + /* FIXME this is a mess */ + if (phy != PHY_NONE) intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), 0, ICL_LANE_ENABLE_AUX); @@ -437,7 +445,10 @@ icl_combo_phy_aux_power_well_disable(struct drm_i915_private *dev_priv, drm_WARN_ON(&dev_priv->drm, !IS_ICELAKE(dev_priv)); - intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), ICL_LANE_ENABLE_AUX, 0); + /* FIXME this is a mess */ + if (phy != PHY_NONE) + intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), + ICL_LANE_ENABLE_AUX, 0); intel_de_rmw(dev_priv, regs->driver, HSW_PWR_WELL_CTL_REQ(pw_idx), 0); -- 2.43.0

1 year, 8 months

2
1
0 0

[PATCH 32/34] drm/amd/display: Return the correct HDCP error code

by Alex Hung

From: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> [WHY & HOW] If the display is null when creating an HDCP session, return a proper error code. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c index 8c137d7c032e..7c9805705fd3 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c @@ -513,6 +513,9 @@ enum mod_hdcp_status mod_hdcp_hdcp2_create_session(struct mod_hdcp *hdcp) hdcp_cmd = (struct ta_hdcp_shared_memory *)psp->hdcp_context.context.mem_context.shared_buf; memset(hdcp_cmd, 0, sizeof(struct ta_hdcp_shared_memory)); + if (!display) + return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND; + hdcp_cmd->in_msg.hdcp2_create_session_v2.display_handle = display->index; if (hdcp->connection.link.adjust.hdcp2.force_type == MOD_HDCP_FORCE_TYPE_0) -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 29/34] drm/amd/display: Add a dc_state NULL check in dc_state_release

by Alex Hung

From: Allen Pan <allen.pan(a)amd.com> [How] Check wheather state is NULL before releasing it. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Allen Pan <allen.pan(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_state.c b/drivers/gpu/drm/amd/display/dc/core/dc_state.c index 180ac47868c2..5cc7f8da209c 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_state.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_state.c @@ -334,7 +334,8 @@ static void dc_state_free(struct kref *kref) void dc_state_release(struct dc_state *state) { - kref_put(&state->refcount, dc_state_free); + if (state != NULL) + kref_put(&state->refcount, dc_state_free); } /* * dc_state_add_stream() - Add a new dc_stream_state to a dc_state. -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 28/34] drm/amd/display: Implement wait_for_odm_update_pending_complete

by Alex Hung

From: Wenjing Liu <wenjing.liu(a)amd.com> [WHY] Odm update is doubled buffered. We need to wait for ODM update to be completed before optimizing bandwidth or programming new udpates. [HOW] implement wait_for_odm_update_pending_complete function to wait for: 1. odm configuration update is no longer pending in timing generator. 2. no pending dpg pattern update for each active OPP. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 56 ++++++++++++++++++- .../gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 +++++ .../gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 + .../drm/amd/display/dc/dcn201/dcn201_opp.c | 1 + .../amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 4 +- drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 + .../amd/display/dc/inc/hw/timing_generator.h | 1 + .../amd/display/dc/optc/dcn10/dcn10_optc.h | 3 +- .../amd/display/dc/optc/dcn32/dcn32_optc.c | 8 +++ .../amd/display/dc/optc/dcn32/dcn32_optc.h | 1 + 11 files changed, 90 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index e87aad983b40..d8967087335e 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -1335,6 +1335,54 @@ static void disable_vbios_mode_if_required( } } +/** + * wait_for_blank_complete - wait for all active OPPs to finish pending blank + * pattern updates + * + * @dc: [in] dc reference + * @context: [in] hardware context in use + */ +static void wait_for_blank_complete(struct dc *dc, + struct dc_state *context) +{ + struct pipe_ctx *opp_head; + struct dce_hwseq *hws = dc->hwseq; + int i; + + if (!hws->funcs.wait_for_blank_complete) + return; + + for (i = 0; i < MAX_PIPES; i++) { + opp_head = &context->res_ctx.pipe_ctx[i]; + + if (!resource_is_pipe_type(opp_head, OPP_HEAD) || + dc_state_get_pipe_subvp_type(context, opp_head) == SUBVP_PHANTOM) + continue; + + hws->funcs.wait_for_blank_complete(opp_head->stream_res.opp); + } +} + +static void wait_for_odm_update_pending_complete(struct dc *dc, struct dc_state *context) +{ + struct pipe_ctx *otg_master; + struct timing_generator *tg; + int i; + + for (i = 0; i < MAX_PIPES; i++) { + otg_master = &context->res_ctx.pipe_ctx[i]; + if (!resource_is_pipe_type(otg_master, OTG_MASTER) || + dc_state_get_pipe_subvp_type(context, otg_master) == SUBVP_PHANTOM) + continue; + tg = otg_master->stream_res.tg; + if (tg->funcs->wait_odm_doublebuffer_pending_clear) + tg->funcs->wait_odm_doublebuffer_pending_clear(tg); + } + + /* ODM update may require to reprogram blank pattern for each OPP */ + wait_for_blank_complete(dc, context); +} + static void wait_for_no_pipes_pending(struct dc *dc, struct dc_state *context) { int i; @@ -2026,6 +2074,11 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c context->stream_count == 0) { /* Must wait for no flips to be pending before doing optimize bw */ wait_for_no_pipes_pending(dc, context); + /* + * optimized dispclk depends on ODM setup. Need to wait for ODM + * update pending complete before optimizing bandwidth. + */ + wait_for_odm_update_pending_complete(dc, context); /* pplib is notified if disp_num changed */ dc->hwss.optimize_bandwidth(dc, context); /* Need to do otg sync again as otg could be out of sync due to otg @@ -3591,7 +3644,7 @@ static void commit_planes_for_stream_fast(struct dc *dc, top_pipe_to_program->stream->update_flags.raw = 0; } -static void wait_for_outstanding_hw_updates(struct dc *dc, const struct dc_state *dc_context) +static void wait_for_outstanding_hw_updates(struct dc *dc, struct dc_state *dc_context) { /* * This function calls HWSS to wait for any potentially double buffered @@ -3629,6 +3682,7 @@ static void wait_for_outstanding_hw_updates(struct dc *dc, const struct dc_state } } } + wait_for_odm_update_pending_complete(dc, dc_context); } static void commit_planes_for_stream(struct dc *dc, diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c index 48a40dcc7050..5838a11efd00 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c +++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c @@ -384,6 +384,7 @@ static const struct opp_funcs dcn10_opp_funcs = { .opp_set_disp_pattern_generator = NULL, .opp_program_dpg_dimensions = NULL, .dpg_is_blanked = NULL, + .dpg_is_pending = NULL, .opp_destroy = opp1_destroy }; diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c index 0784d0198661..fbf1b6370eb2 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c @@ -337,6 +337,19 @@ bool opp2_dpg_is_blanked(struct output_pixel_processor *opp) (double_buffer_pending == 0); } +bool opp2_dpg_is_pending(struct output_pixel_processor *opp) +{ + struct dcn20_opp *oppn20 = TO_DCN20_OPP(opp); + uint32_t double_buffer_pending; + uint32_t dpg_en; + + REG_GET(DPG_CONTROL, DPG_EN, &dpg_en); + + REG_GET(DPG_STATUS, DPG_DOUBLE_BUFFER_PENDING, &double_buffer_pending); + + return (dpg_en == 1 && double_buffer_pending == 1); +} + void opp2_program_left_edge_extra_pixel ( struct output_pixel_processor *opp, bool count) @@ -363,6 +376,7 @@ static struct opp_funcs dcn20_opp_funcs = { .opp_set_disp_pattern_generator = opp2_set_disp_pattern_generator, .opp_program_dpg_dimensions = opp2_program_dpg_dimensions, .dpg_is_blanked = opp2_dpg_is_blanked, + .dpg_is_pending = opp2_dpg_is_pending, .opp_dpg_set_blank_color = opp2_dpg_set_blank_color, .opp_destroy = opp1_destroy, .opp_program_left_edge_extra_pixel = opp2_program_left_edge_extra_pixel, diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h index 3ab221bdd27d..8f186abd558d 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h @@ -159,6 +159,8 @@ void opp2_program_dpg_dimensions( bool opp2_dpg_is_blanked(struct output_pixel_processor *opp); +bool opp2_dpg_is_pending(struct output_pixel_processor *opp); + void opp2_dpg_set_blank_color( struct output_pixel_processor *opp, const struct tg_color *color); diff --git a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c index 8e77db46a409..6a71ba3dfc63 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c +++ b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c @@ -50,6 +50,7 @@ static struct opp_funcs dcn201_opp_funcs = { .opp_set_disp_pattern_generator = opp2_set_disp_pattern_generator, .opp_program_dpg_dimensions = opp2_program_dpg_dimensions, .dpg_is_blanked = opp2_dpg_is_blanked, + .dpg_is_pending = opp2_dpg_is_pending, .opp_dpg_set_blank_color = opp2_dpg_set_blank_color, .opp_destroy = opp1_destroy, .opp_program_left_edge_extra_pixel = opp2_program_left_edge_extra_pixel, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index a698f026198c..4dfc2dff5e01 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -2462,7 +2462,7 @@ bool dcn20_wait_for_blank_complete( int counter; for (counter = 0; counter < 1000; counter++) { - if (opp->funcs->dpg_is_blanked(opp)) + if (!opp->funcs->dpg_is_pending(opp)) break; udelay(100); @@ -2473,7 +2473,7 @@ bool dcn20_wait_for_blank_complete( return false; } - return true; + return opp->funcs->dpg_is_blanked(opp); } bool dcn20_dmdata_status_done(struct pipe_ctx *pipe_ctx) diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h b/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h index aee5372e292c..d89c92370d5b 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h @@ -337,6 +337,9 @@ struct opp_funcs { bool (*dpg_is_blanked)( struct output_pixel_processor *opp); + bool (*dpg_is_pending)(struct output_pixel_processor *opp); + + void (*opp_dpg_set_blank_color)( struct output_pixel_processor *opp, const struct tg_color *color); diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h b/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h index c5527f68f076..cd68ecc242c1 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h @@ -338,6 +338,7 @@ struct timing_generator_funcs { void (*init_odm)(struct timing_generator *tg); void (*wait_drr_doublebuffer_pending_clear)(struct timing_generator *tg); void (*set_long_vtotal)(struct timing_generator *optc, const struct long_vtotal_params *params); + void (*wait_odm_doublebuffer_pending_clear)(struct timing_generator *tg); }; #endif diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h b/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h index 4cfd1ed06777..8a45d26b7531 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h @@ -559,7 +559,8 @@ struct dcn_optc_registers { type OTG_CRC_DATA_STREAM_SPLIT_MODE;\ type OTG_CRC_DATA_FORMAT;\ type OTG_V_TOTAL_LAST_USED_BY_DRR;\ - type OTG_DRR_TIMING_DBUF_UPDATE_PENDING; + type OTG_DRR_TIMING_DBUF_UPDATE_PENDING;\ + type OTG_H_TIMING_DIV_MODE_DB_UPDATE_PENDING; #define TG_REG_FIELD_LIST_DCN3_2(type) \ type OTG_H_TIMING_DIV_MODE_MANUAL; diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c index 823493543325..f07a4c7e48bc 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c @@ -122,6 +122,13 @@ void optc32_get_odm_combine_segments(struct timing_generator *tg, int *odm_combi } } +void optc32_wait_odm_doublebuffer_pending_clear(struct timing_generator *tg) +{ + struct optc *optc1 = DCN10TG_FROM_TG(tg); + + REG_WAIT(OTG_DOUBLE_BUFFER_CONTROL, OTG_H_TIMING_DIV_MODE_DB_UPDATE_PENDING, 0, 2, 50000); +} + void optc32_set_h_timing_div_manual_mode(struct timing_generator *optc, bool manual_mode) { struct optc *optc1 = DCN10TG_FROM_TG(optc); @@ -345,6 +352,7 @@ static struct timing_generator_funcs dcn32_tg_funcs = { .set_odm_bypass = optc32_set_odm_bypass, .set_odm_combine = optc32_set_odm_combine, .get_odm_combine_segments = optc32_get_odm_combine_segments, + .wait_odm_doublebuffer_pending_clear = optc32_wait_odm_doublebuffer_pending_clear, .set_h_timing_div_manual_mode = optc32_set_h_timing_div_manual_mode, .get_optc_source = optc2_get_optc_source, .set_out_mux = optc3_set_out_mux, diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h index 8ce3b178cab0..0c2c14695561 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h @@ -183,5 +183,6 @@ void optc32_set_h_timing_div_manual_mode(struct timing_generator *optc, bool man void optc32_get_odm_combine_segments(struct timing_generator *tg, int *odm_combine_segments); void optc32_set_odm_bypass(struct timing_generator *optc, const struct dc_crtc_timing *dc_crtc_timing); +void optc32_wait_odm_doublebuffer_pending_clear(struct timing_generator *tg); #endif /* __DC_OPTC_DCN32_H__ */ -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 27/34] drm/amd/display: Lock all enabled otg pipes even with no planes

by Alex Hung

From: Wenjing Liu <wenjing.liu(a)amd.com> [WHY] On DCN32 we support dynamic ODM even when OTG is blanked. When ODM configuration is dynamically changed and the OTG is on blank pattern, we will need to reprogram OPP's test pattern based on new ODM configuration. Therefore we need to lock the OTG pipe to avoid temporary corruption when we are reprogramming OPP blank patterns. [HOW] Add a new interdependent update lock implementation to lock all enabled OTG pipes even when there is no plane on the OTG for DCN32. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- .../amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 23 +++++++++++++++++++ .../amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 ++ .../amd/display/dc/hwss/dcn32/dcn32_init.c | 2 +- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index b890db0bfc46..c0b526cf1786 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1785,3 +1785,26 @@ void dcn32_prepare_bandwidth(struct dc *dc, context->bw_ctx.bw.dcn.clk.p_state_change_support = p_state_change_support; } } + +void dcn32_interdependent_update_lock(struct dc *dc, + struct dc_state *context, bool lock) +{ + unsigned int i; + struct pipe_ctx *pipe; + struct timing_generator *tg; + + for (i = 0; i < dc->res_pool->pipe_count; i++) { + pipe = &context->res_ctx.pipe_ctx[i]; + tg = pipe->stream_res.tg; + + if (!resource_is_pipe_type(pipe, OTG_MASTER) || + !tg->funcs->is_tg_enabled(tg) || + dc_state_get_pipe_subvp_type(context, pipe) == SUBVP_PHANTOM) + continue; + + if (lock) + dc->hwss.pipe_control_lock(dc, pipe, true); + else + dc->hwss.pipe_control_lock(dc, pipe, false); + } +} diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h index 069e20bc87c0..f55c11fc56ec 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h @@ -129,4 +129,6 @@ bool dcn32_is_pipe_topology_transition_seamless(struct dc *dc, void dcn32_prepare_bandwidth(struct dc *dc, struct dc_state *context); +void dcn32_interdependent_update_lock(struct dc *dc, + struct dc_state *context, bool lock); #endif /* __DC_HWSS_DCN32_H__ */ diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c index 2b073123d3ed..67d661dbd5b7 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c @@ -58,7 +58,7 @@ static const struct hw_sequencer_funcs dcn32_funcs = { .disable_plane = dcn20_disable_plane, .disable_pixel_data = dcn20_disable_pixel_data, .pipe_control_lock = dcn20_pipe_control_lock, - .interdependent_update_lock = dcn10_lock_all_pipes, + .interdependent_update_lock = dcn32_interdependent_update_lock, .cursor_lock = dcn10_cursor_lock, .prepare_bandwidth = dcn32_prepare_bandwidth, .optimize_bandwidth = dcn20_optimize_bandwidth, -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 23/34] drm/amd/display: Amend coasting vtotal for replay low hz

by Alex Hung

From: ChunTao Tso <chuntao.tso(a)amd.com> [WHY] The original coasting vtotal is 2 bytes, and it need to be amended to 4 bytes because low hz case. [HOW] Amend coasting vtotal from 2 bytes to 4 bytes. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: ChunTao Tso <chuntao.tso(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dc_types.h | 4 ++-- drivers/gpu/drm/amd/display/dc/inc/link.h | 4 ++-- .../display/dc/link/protocols/link_edp_panel_control.c | 4 ++-- .../display/dc/link/protocols/link_edp_panel_control.h | 4 ++-- drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 ++++++++ drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 +- drivers/gpu/drm/amd/display/modules/power/power_helpers.h | 2 +- 7 files changed, 18 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dc_types.h b/drivers/gpu/drm/amd/display/dc/dc_types.h index 9900dda2eef5..be2ac5c442a4 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_types.h +++ b/drivers/gpu/drm/amd/display/dc/dc_types.h @@ -1085,9 +1085,9 @@ struct replay_settings { /* SMU optimization is enabled */ bool replay_smu_opt_enable; /* Current Coasting vtotal */ - uint16_t coasting_vtotal; + uint32_t coasting_vtotal; /* Coasting vtotal table */ - uint16_t coasting_vtotal_table[PR_COASTING_TYPE_NUM]; + uint32_t coasting_vtotal_table[PR_COASTING_TYPE_NUM]; /* Maximum link off frame count */ enum replay_link_off_frame_count_level link_off_frame_count_level; /* Replay pseudo vtotal for abm + ips on full screen video which can improve ips residency */ diff --git a/drivers/gpu/drm/amd/display/dc/inc/link.h b/drivers/gpu/drm/amd/display/dc/inc/link.h index 26fe81f213da..bf29fc58ea6a 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/link.h +++ b/drivers/gpu/drm/amd/display/dc/inc/link.h @@ -285,12 +285,12 @@ struct link_service { enum replay_FW_Message_type msg, union dmub_replay_cmd_set *cmd_data); bool (*edp_set_coasting_vtotal)( - struct dc_link *link, uint16_t coasting_vtotal); + struct dc_link *link, uint32_t coasting_vtotal); bool (*edp_replay_residency)(const struct dc_link *link, unsigned int *residency, const bool is_start, const bool is_alpm); bool (*edp_set_replay_power_opt_and_coasting_vtotal)(struct dc_link *link, - const unsigned int *power_opts, uint16_t coasting_vtotal); + const unsigned int *power_opts, uint32_t coasting_vtotal); bool (*edp_wait_for_t12)(struct dc_link *link); bool (*edp_is_ilr_optimization_required)(struct dc_link *link, diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c index acfbbc638cc6..3baa2bdd6dd6 100644 --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c @@ -1034,7 +1034,7 @@ bool edp_send_replay_cmd(struct dc_link *link, return true; } -bool edp_set_coasting_vtotal(struct dc_link *link, uint16_t coasting_vtotal) +bool edp_set_coasting_vtotal(struct dc_link *link, uint32_t coasting_vtotal) { struct dc *dc = link->ctx->dc; struct dmub_replay *replay = dc->res_pool->replay; @@ -1073,7 +1073,7 @@ bool edp_replay_residency(const struct dc_link *link, } bool edp_set_replay_power_opt_and_coasting_vtotal(struct dc_link *link, - const unsigned int *power_opts, uint16_t coasting_vtotal) + const unsigned int *power_opts, uint32_t coasting_vtotal) { struct dc *dc = link->ctx->dc; struct dmub_replay *replay = dc->res_pool->replay; diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h index 34e521af7bb4..a158c6234d42 100644 --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h @@ -59,12 +59,12 @@ bool edp_setup_replay(struct dc_link *link, bool edp_send_replay_cmd(struct dc_link *link, enum replay_FW_Message_type msg, union dmub_replay_cmd_set *cmd_data); -bool edp_set_coasting_vtotal(struct dc_link *link, uint16_t coasting_vtotal); +bool edp_set_coasting_vtotal(struct dc_link *link, uint32_t coasting_vtotal); bool edp_replay_residency(const struct dc_link *link, unsigned int *residency, const bool is_start, const bool is_alpm); bool edp_get_replay_state(const struct dc_link *link, uint64_t *state); bool edp_set_replay_power_opt_and_coasting_vtotal(struct dc_link *link, - const unsigned int *power_opts, uint16_t coasting_vtotal); + const unsigned int *power_opts, uint32_t coasting_vtotal); bool edp_wait_for_t12(struct dc_link *link); bool edp_is_ilr_optimization_required(struct dc_link *link, struct dc_crtc_timing *crtc_timing); diff --git a/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h b/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h index 02ad641bd8df..4a650ac571d7 100644 --- a/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h +++ b/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h @@ -3244,6 +3244,14 @@ struct dmub_cmd_replay_set_coasting_vtotal_data { * Currently the support is only for 0 or 1 */ uint8_t panel_inst; + /** + * 16-bit value dicated by driver that indicates the coasting vtotal high byte part. + */ + uint16_t coasting_vtotal_high; + /** + * Explicit padding to 4 byte boundary. + */ + uint8_t pad[2]; }; /** diff --git a/drivers/gpu/drm/amd/display/modules/power/power_helpers.c b/drivers/gpu/drm/amd/display/modules/power/power_helpers.c index e304e8435fb8..2a3698fd2dc2 100644 --- a/drivers/gpu/drm/amd/display/modules/power/power_helpers.c +++ b/drivers/gpu/drm/amd/display/modules/power/power_helpers.c @@ -975,7 +975,7 @@ bool psr_su_set_dsc_slice_height(struct dc *dc, struct dc_link *link, void set_replay_coasting_vtotal(struct dc_link *link, enum replay_coasting_vtotal_type type, - uint16_t vtotal) + uint32_t vtotal) { link->replay_settings.coasting_vtotal_table[type] = vtotal; } diff --git a/drivers/gpu/drm/amd/display/modules/power/power_helpers.h b/drivers/gpu/drm/amd/display/modules/power/power_helpers.h index bef4815e1703..ff7e6f3cd6be 100644 --- a/drivers/gpu/drm/amd/display/modules/power/power_helpers.h +++ b/drivers/gpu/drm/amd/display/modules/power/power_helpers.h @@ -56,7 +56,7 @@ bool dmub_init_abm_config(struct resource_pool *res_pool, void init_replay_config(struct dc_link *link, struct replay_config *pr_config); void set_replay_coasting_vtotal(struct dc_link *link, enum replay_coasting_vtotal_type type, - uint16_t vtotal); + uint32_t vtotal); void set_replay_ips_full_screen_video_src_vtotal(struct dc_link *link, uint16_t vtotal); void calculate_replay_link_off_frame_count(struct dc_link *link, uint16_t vtotal, uint16_t htotal); -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 22/34] drm/amd/display: Add left edge pixel for YCbCr422/420 + ODM pipe split

by Alex Hung

From: George Shen <george.shen(a)amd.com> [WHY] Currently 3-tap chroma subsampling is used for YCbCr422/420. When ODM pipesplit is used, pixels on the left edge of ODM slices need one extra pixel from the right edge of the previous slice to calculate the correct chroma value. Without this change, the chroma value is slightly different than expected. This is usually imperceptible visually, but it impacts test pattern CRCs for compliance test automation. [HOW] Update logic to use the register for adding extra left edge pixel for YCbCr422/420 ODM cases. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 ++ .../gpu/drm/amd/display/dc/core/dc_resource.c | 37 +++++++++++++++++++ .../amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 10 +++++ .../gpu/drm/amd/display/dc/inc/core_types.h | 2 + drivers/gpu/drm/amd/display/dc/inc/resource.h | 4 ++ 5 files changed, 57 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index acd8f1257ade..ed6579633a58 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3147,6 +3147,10 @@ static bool update_planes_and_stream_state(struct dc *dc, if (otg_master && otg_master->stream->test_pattern.type != DP_TEST_PATTERN_VIDEO_MODE) resource_build_test_pattern_params(&context->res_ctx, otg_master); + + if (otg_master && (otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR422 || + otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420)) + resource_build_subsampling_params(&context->res_ctx, otg_master); } } diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 1b7765bc5e5e..96ea283bd169 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -822,6 +822,16 @@ static struct rect calculate_odm_slice_in_timing_active(struct pipe_ctx *pipe_ct stream->timing.v_border_bottom + stream->timing.v_border_top; + /* Recout for ODM slices after the first slice need one extra left edge pixel + * for 3-tap chroma subsampling. + */ + if (odm_slice_idx > 0 && + (pipe_ctx->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR422 || + pipe_ctx->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420)) { + odm_rec.x -= 1; + odm_rec.width += 1; + } + return odm_rec; } @@ -1438,6 +1448,7 @@ void resource_build_test_pattern_params(struct resource_context *res_ctx, enum controller_dp_test_pattern controller_test_pattern; enum controller_dp_color_space controller_color_space; enum dc_color_depth color_depth = otg_master->stream->timing.display_color_depth; + enum dc_pixel_encoding pixel_encoding = otg_master->stream->timing.pixel_encoding; int h_active = otg_master->stream->timing.h_addressable + otg_master->stream->timing.h_border_left + otg_master->stream->timing.h_border_right; @@ -1469,10 +1480,36 @@ void resource_build_test_pattern_params(struct resource_context *res_ctx, else params->width = last_odm_slice_width; + /* Extra left edge pixel is required for 3-tap chroma subsampling. */ + if (i != 0 && (pixel_encoding == PIXEL_ENCODING_YCBCR422 || + pixel_encoding == PIXEL_ENCODING_YCBCR420)) { + params->offset -= 1; + params->width += 1; + } + offset += odm_slice_width; } } +void resource_build_subsampling_params(struct resource_context *res_ctx, + struct pipe_ctx *otg_master) +{ + struct pipe_ctx *opp_heads[MAX_PIPES]; + int odm_cnt = 1; + int i; + + odm_cnt = resource_get_opp_heads_for_otg_master(otg_master, res_ctx, opp_heads); + + /* For ODM slices after the first slice, extra left edge pixel is required + * for 3-tap chroma subsampling. + */ + if (otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR422 || + otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420) { + for (i = 0; i < odm_cnt; i++) + opp_heads[i]->stream_res.left_edge_extra_pixel = (i == 0) ? false : true; + } +} + bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) { const struct dc_plane_state *plane_state = pipe_ctx->plane_state; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index 40098d9f70cb..a698f026198c 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -1579,6 +1579,11 @@ static void dcn20_detect_pipe_changes(struct dc_state *old_state, if (old_pipe->stream_res.tg != new_pipe->stream_res.tg) new_pipe->update_flags.bits.tg_changed = 1; + if (resource_is_pipe_type(new_pipe, OPP_HEAD)) { + if (old_pipe->stream_res.left_edge_extra_pixel != new_pipe->stream_res.left_edge_extra_pixel) + new_pipe->update_flags.bits.opp_changed = 1; + } + /* * Detect mpcc blending changes, only dpp inst and opp matter here, * mpccs getting removed/inserted update connected ones during their own @@ -1962,6 +1967,11 @@ static void dcn20_program_pipe( pipe_ctx->stream_res.opp, &pipe_ctx->stream->bit_depth_params, &pipe_ctx->stream->clamping); + + if (resource_is_pipe_type(pipe_ctx, OPP_HEAD)) + pipe_ctx->stream_res.opp->funcs->opp_program_left_edge_extra_pixel( + pipe_ctx->stream_res.opp, + pipe_ctx->stream_res.left_edge_extra_pixel); } /* Set ABM pipe after other pipe configurations done */ diff --git a/drivers/gpu/drm/amd/display/dc/inc/core_types.h b/drivers/gpu/drm/amd/display/dc/inc/core_types.h index b1b72e688f74..e034cbb40620 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/core_types.h +++ b/drivers/gpu/drm/amd/display/dc/inc/core_types.h @@ -333,6 +333,8 @@ struct stream_resource { uint8_t gsl_group; struct test_pattern_params test_pattern_params; + + bool left_edge_extra_pixel; }; struct plane_resource { diff --git a/drivers/gpu/drm/amd/display/dc/inc/resource.h b/drivers/gpu/drm/amd/display/dc/inc/resource.h index 77a60aa9f27b..b14d52e52fa2 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/resource.h +++ b/drivers/gpu/drm/amd/display/dc/inc/resource.h @@ -107,6 +107,10 @@ void resource_build_test_pattern_params( struct resource_context *res_ctx, struct pipe_ctx *pipe_ctx); +void resource_build_subsampling_params( + struct resource_context *res_ctx, + struct pipe_ctx *pipe_ctx); + bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx); enum dc_status resource_build_scaling_params_for_context( -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 18/34] drm/amd/display: Fix idle check for shared firmware state

by Alex Hung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [WHY] We still had an instance of get_idle_state checking the PMFW scratch register instead of the actual idle allow signal. [HOW] Replace it with the SW state check for whether we had allowed idle through notify_idle. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Duncan Ma <duncan.ma(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index daf6c7fe0906..acd8f1257ade 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -4884,22 +4884,16 @@ void dc_exit_ips_for_hw_access_internal(struct dc *dc, const char *caller_name) bool dc_dmub_is_ips_idle_state(struct dc *dc) { - uint32_t idle_state = 0; - if (dc->debug.disable_idle_power_optimizations) return false; if (!dc->caps.ips_support || (dc->config.disable_ips == DMUB_IPS_DISABLE_ALL)) return false; - if (dc->hwss.get_idle_state) - idle_state = dc->hwss.get_idle_state(dc); - - if (!(idle_state & DMUB_IPS1_ALLOW_MASK) || - !(idle_state & DMUB_IPS2_ALLOW_MASK)) - return true; + if (!dc->ctx->dmub_srv) + return false; - return false; + return dc->ctx->dmub_srv->idle_allowed; } /* set min and max memory clock to lowest and highest DPM level, respectively */ -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 17/34] drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane

by Alex Hung

From: Wenjing Liu <wenjing.liu(a)amd.com> [WHY] When committing an update with ODM combine change when the plane is removing or already removed, we fail to detect odm change in pipe update flags. This has caused mismatch between new dc state and the actual hardware state, because we missed odm programming. [HOW] - Detect odm change even for otg master pipe without a plane. - Update odm config before calling program pipes for pipe with planes. The commit also updates blank pattern programming when odm is changed without plane. This is because number of OPP is changed when ODM combine is changed. Blank pattern is per OPP so we will need to reprogram OPP based on the new pipe topology. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- .../amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 41 ++++++++++--------- .../amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 7 ++++ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index c55d5155ecb9..40098d9f70cb 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -1498,6 +1498,11 @@ static void dcn20_detect_pipe_changes(struct dc_state *old_state, return; } + if (resource_is_pipe_type(new_pipe, OTG_MASTER) && + resource_is_odm_topology_changed(new_pipe, old_pipe)) + /* Detect odm changes */ + new_pipe->update_flags.bits.odm = 1; + /* Exit on unchanged, unused pipe */ if (!old_pipe->plane_state && !new_pipe->plane_state) return; @@ -1551,10 +1556,6 @@ static void dcn20_detect_pipe_changes(struct dc_state *old_state, /* Detect top pipe only changes */ if (resource_is_pipe_type(new_pipe, OTG_MASTER)) { - /* Detect odm changes */ - if (resource_is_odm_topology_changed(new_pipe, old_pipe)) - new_pipe->update_flags.bits.odm = 1; - /* Detect global sync changes */ if (old_pipe->pipe_dlg_param.vready_offset != new_pipe->pipe_dlg_param.vready_offset || old_pipe->pipe_dlg_param.vstartup_start != new_pipe->pipe_dlg_param.vstartup_start @@ -1999,19 +2000,20 @@ void dcn20_program_front_end_for_ctx( DC_LOGGER_INIT(dc->ctx->logger); unsigned int prev_hubp_count = 0; unsigned int hubp_count = 0; + struct pipe_ctx *pipe; if (resource_is_pipe_topology_changed(dc->current_state, context)) resource_log_pipe_topology_update(dc, context); if (dc->hwss.program_triplebuffer != NULL && dc->debug.enable_tri_buf) { for (i = 0; i < dc->res_pool->pipe_count; i++) { - struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; + pipe = &context->res_ctx.pipe_ctx[i]; - if (!pipe_ctx->top_pipe && !pipe_ctx->prev_odm_pipe && pipe_ctx->plane_state) { - ASSERT(!pipe_ctx->plane_state->triplebuffer_flips); + if (!pipe->top_pipe && !pipe->prev_odm_pipe && pipe->plane_state) { + ASSERT(!pipe->plane_state->triplebuffer_flips); /*turn off triple buffer for full update*/ dc->hwss.program_triplebuffer( - dc, pipe_ctx, pipe_ctx->plane_state->triplebuffer_flips); + dc, pipe, pipe->plane_state->triplebuffer_flips); } } } @@ -2085,12 +2087,22 @@ void dcn20_program_front_end_for_ctx( DC_LOG_DC("Reset mpcc for pipe %d\n", dc->current_state->res_ctx.pipe_ctx[i].pipe_idx); } + /* update ODM for blanked OTG master pipes */ + for (i = 0; i < dc->res_pool->pipe_count; i++) { + pipe = &context->res_ctx.pipe_ctx[i]; + if (resource_is_pipe_type(pipe, OTG_MASTER) && + !resource_is_pipe_type(pipe, DPP_PIPE) && + pipe->update_flags.bits.odm && + hws->funcs.update_odm) + hws->funcs.update_odm(dc, context, pipe); + } + /* * Program all updated pipes, order matters for mpcc setup. Start with * top pipe and program all pipes that follow in order */ for (i = 0; i < dc->res_pool->pipe_count; i++) { - struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i]; + pipe = &context->res_ctx.pipe_ctx[i]; if (pipe->plane_state && !pipe->top_pipe) { while (pipe) { @@ -2129,17 +2141,6 @@ void dcn20_program_front_end_for_ctx( context->stream_status[0].plane_count > 1) { pipe->plane_res.hubp->funcs->hubp_wait_pipe_read_start(pipe->plane_res.hubp); } - - /* when dynamic ODM is active, pipes must be reconfigured when all planes are - * disabled, as some transitions will leave software and hardware state - * mismatched. - */ - if (dc->debug.enable_single_display_2to1_odm_policy && - pipe->stream && - pipe->update_flags.bits.disable && - !pipe->prev_odm_pipe && - hws->funcs.update_odm) - hws->funcs.update_odm(dc, context, pipe); } } diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index aa36d7a56ca8..b890db0bfc46 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1156,6 +1156,13 @@ void dcn32_update_odm(struct dc *dc, struct dc_state *context, struct pipe_ctx * dsc->funcs->dsc_disconnect(dsc); } } + + if (!resource_is_pipe_type(pipe_ctx, DPP_PIPE)) + /* + * blank pattern is generated by OPP, reprogram blank pattern + * due to OPP count change + */ + dc->hwseq->funcs.blank_pixel_data(dc, pipe_ctx, true); } unsigned int dcn32_calculate_dccg_k1_k2_values(struct pipe_ctx *pipe_ctx, unsigned int *k1_div, unsigned int *k2_div) -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 16/34] drm/amd/display: Init DPPCLK from SMU on dcn32

by Alex Hung

From: Dillon Varone <dillon.varone(a)amd.com> [WHY & HOW] DPPCLK ranges should be obtained from the SMU when available. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> --- .../display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++++++++++ .../drm/amd/display/dc/dml2/dml2_wrapper.c | 28 +++++++++++++------ .../drm/amd/display/dc/dml2/dml2_wrapper.h | 3 ++ .../dc/resource/dcn32/dcn32_resource.c | 2 ++ .../dc/resource/dcn321/dcn321_resource.c | 2 ++ 5 files changed, 41 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c index 668f05c8654e..bec252e1dd27 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c @@ -216,6 +216,16 @@ void dcn32_init_clocks(struct clk_mgr *clk_mgr_base) if (clk_mgr_base->bw_params->dc_mode_limit.dispclk_mhz > 1950) clk_mgr_base->bw_params->dc_mode_limit.dispclk_mhz = 1950; + /* DPPCLK */ + dcn32_init_single_clock(clk_mgr, PPCLK_DPPCLK, + &clk_mgr_base->bw_params->clk_table.entries[0].dppclk_mhz, + &num_entries_per_clk->num_dppclk_levels); + num_levels = num_entries_per_clk->num_dppclk_levels; + clk_mgr_base->bw_params->dc_mode_limit.dppclk_mhz = dcn30_smu_get_dc_mode_max_dpm_freq(clk_mgr, PPCLK_DPPCLK); + //HW recommends limit of 1950 MHz in display clock for all DCN3.2.x + if (clk_mgr_base->bw_params->dc_mode_limit.dppclk_mhz > 1950) + clk_mgr_base->bw_params->dc_mode_limit.dppclk_mhz = 1950; + if (num_entries_per_clk->num_dcfclk_levels && num_entries_per_clk->num_dtbclk_levels && num_entries_per_clk->num_dispclk_levels) @@ -240,6 +250,10 @@ void dcn32_init_clocks(struct clk_mgr *clk_mgr_base) = khz_to_mhz_ceil(clk_mgr_base->ctx->dc->debug.min_dpp_clk_khz); } + for (i = 0; i < num_levels; i++) + if (clk_mgr_base->bw_params->clk_table.entries[i].dppclk_mhz > 1950) + clk_mgr_base->bw_params->clk_table.entries[i].dppclk_mhz = 1950; + /* Get UCLK, update bounding box */ clk_mgr_base->funcs->get_memclk_states_from_smu(clk_mgr_base); diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c index 2a58a7687bdb..72cca367062e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c @@ -703,13 +703,8 @@ static inline struct dml2_context *dml2_allocate_memory(void) return (struct dml2_context *) kzalloc(sizeof(struct dml2_context), GFP_KERNEL); } -bool dml2_create(const struct dc *in_dc, const struct dml2_configuration_options *config, struct dml2_context **dml2) +static void dml2_init(const struct dc *in_dc, const struct dml2_configuration_options *config, struct dml2_context **dml2) { - // Allocate Mode Lib Ctx - *dml2 = dml2_allocate_memory(); - - if (!(*dml2)) - return false; // Store config options (*dml2)->config = *config; @@ -737,9 +732,18 @@ bool dml2_create(const struct dc *in_dc, const struct dml2_configuration_options initialize_dml2_soc_bbox(*dml2, in_dc, &(*dml2)->v20.dml_core_ctx.soc); initialize_dml2_soc_states(*dml2, in_dc, &(*dml2)->v20.dml_core_ctx.soc, &(*dml2)->v20.dml_core_ctx.states); +} + +bool dml2_create(const struct dc *in_dc, const struct dml2_configuration_options *config, struct dml2_context **dml2) +{ + // Allocate Mode Lib Ctx + *dml2 = dml2_allocate_memory(); + + if (!(*dml2)) + return false; + + dml2_init(in_dc, config, dml2); - /*Initialize DML20 instance which calls dml2_core_create, and core_dcn3_populate_informative*/ - //dml2_initialize_instance(&(*dml_ctx)->v20.dml_init); return true; } @@ -779,3 +783,11 @@ bool dml2_create_copy(struct dml2_context **dst_dml2, return true; } + +void dml2_reinit(const struct dc *in_dc, + const struct dml2_configuration_options *config, + struct dml2_context **dml2) +{ + + dml2_init(in_dc, config, dml2); +} diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h index ee0eb184eb6d..cc662d682fd4 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h @@ -214,6 +214,9 @@ void dml2_copy(struct dml2_context *dst_dml2, struct dml2_context *src_dml2); bool dml2_create_copy(struct dml2_context **dst_dml2, struct dml2_context *src_dml2); +void dml2_reinit(const struct dc *in_dc, + const struct dml2_configuration_options *config, + struct dml2_context **dml2); /* * dml2_validate - Determines if a display configuration is supported or not. diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index f844f57ecc49..ce1754cc1f46 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1931,6 +1931,8 @@ static void dcn32_update_bw_bounding_box(struct dc *dc, struct clk_bw_params *bw { DC_FP_START(); dcn32_update_bw_bounding_box_fpu(dc, bw_params); + if (dc->debug.using_dml2 && dc->current_state && dc->current_state->bw_ctx.dml2) + dml2_reinit(dc, &dc->dml2_options, &dc->current_state->bw_ctx.dml2); DC_FP_END(); } diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c index b356fed1726d..296a0a8e7145 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c @@ -1581,6 +1581,8 @@ static void dcn321_update_bw_bounding_box(struct dc *dc, struct clk_bw_params *b { DC_FP_START(); dcn321_update_bw_bounding_box_fpu(dc, bw_params); + if (dc->debug.using_dml2 && dc->current_state && dc->current_state->bw_ctx.dml2) + dml2_reinit(dc, &dc->dml2_options, &dc->current_state->bw_ctx.dml2); DC_FP_END(); } -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 15/34] drm/amd/display: Add monitor patch for specific eDP

by Alex Hung

From: Ryan Lin <tsung-hua.lin(a)amd.com> [WHY] Some eDP panels' ext caps don't write initial values. The value of dpcd_addr (0x317) can be random and the backlight control interface will be incorrect. [HOW] Add new panel patches to remove sink ext caps. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.5.x Cc: Tsung-hua Lin <tsung-hua.lin(a)amd.com> Cc: Chris Chi <moukong.chi(a)amd.com> Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ryan Lin <tsung-hua.lin(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index 85b7f58a7f35..c27063305a13 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -67,6 +67,8 @@ static void apply_edid_quirks(struct edid *edid, struct dc_edid_caps *edid_caps) /* Workaround for some monitors that do not clear DPCD 0x317 if FreeSync is unsupported */ case drm_edid_encode_panel_id('A', 'U', 'O', 0xA7AB): case drm_edid_encode_panel_id('A', 'U', 'O', 0xE69B): + case drm_edid_encode_panel_id('B', 'O', 'E', 0x092A): + case drm_edid_encode_panel_id('L', 'G', 'D', 0x06D1): DRM_DEBUG_DRIVER("Clearing DPCD 0x317 on monitor with panel id %X\n", panel_id); edid_caps->panel_patch.remove_sink_ext_caps = true; break; @@ -120,6 +122,8 @@ enum dc_edid_status dm_helpers_parse_edid_caps( edid_caps->edid_hdmi = connector->display_info.is_hdmi; + apply_edid_quirks(edid_buf, edid_caps); + sad_count = drm_edid_to_sad((struct edid *) edid->raw_edid, &sads); if (sad_count <= 0) return result; @@ -146,8 +150,6 @@ enum dc_edid_status dm_helpers_parse_edid_caps( else edid_caps->speaker_flags = DEFAULT_SPEAKER_LOCATION; - apply_edid_quirks(edid_buf, edid_caps); - kfree(sads); kfree(sadb); -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 11/34] drm/amd/display: Exit idle optimizations before HDCP execution

by Alex Hung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc..9a5a1726acaf 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index a4d344a4db9e..cdb17b093f2b 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -156,6 +156,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -272,6 +279,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 08/34] drm/amd/display: Allow dirty rects to be sent to dmub when abm is active

by Alex Hung

From: Josip Pavic <josip.pavic(a)amd.com> [WHY] It's beneficial for ABM to know when new frame data are available. [HOW] Add new condition to allow dirty rects to be sent to DMUB when ABM is active. ABM will use this as a signal that a new frame has arrived. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Anthony Koo <anthony.koo(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Josip Pavic <josip.pavic(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 5211c1c0f3c0..613d09c42f3b 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3270,6 +3270,9 @@ static bool dc_dmub_should_send_dirty_rect_cmd(struct dc *dc, struct dc_stream_s if (stream->link->replay_settings.config.replay_supported) return true; + if (stream->ctx->dce_version >= DCN_VERSION_3_5 && stream->abm_level) + return true; + return false; } -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 06/34] drm/amd/display: Override min required DCFCLK in dml1_validate

by Alex Hung

From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> [WHY]: Increasing min DCFCLK addresses underflow issues that occur when phantom pipe is turned on for some Sub-Viewport configs [HOW]: dcn32_override_min_req_dcfclk is added to override DCFCLK value in dml1_validate when subviewport is being used. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> --- .../gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 ++++++ .../gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 1 + .../gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h | 3 +++ 3 files changed, 10 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c index 87760600e154..f98def6c8c2d 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c +++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c @@ -782,3 +782,9 @@ void dcn32_update_dml_pipes_odm_policy_based_on_context(struct dc *dc, struct dc pipe_cnt++; } } + +void dcn32_override_min_req_dcfclk(struct dc *dc, struct dc_state *context) +{ + if (dcn32_subvp_in_use(dc, context) && context->bw_ctx.bw.dcn.clk.dcfclk_khz <= MIN_SUBVP_DCFCLK_KHZ) + context->bw_ctx.bw.dcn.clk.dcfclk_khz = MIN_SUBVP_DCFCLK_KHZ; +} diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index 3f3951f3ba98..f844f57ecc49 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1771,6 +1771,7 @@ static bool dml1_validate(struct dc *dc, struct dc_state *context, bool fast_val dc->res_pool->funcs->calculate_wm_and_dlg(dc, context, pipes, pipe_cnt, vlevel); dcn32_override_min_req_memclk(dc, context); + dcn32_override_min_req_dcfclk(dc, context); BW_VAL_TRACE_END_WATERMARKS(); diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h index 0c87b0fabba7..2258c5c7212d 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h @@ -42,6 +42,7 @@ #define SUBVP_ACTIVE_MARGIN_LIST_LEN 2 #define DCN3_2_MAX_SUBVP_PIXEL_RATE_MHZ 1800 #define DCN3_2_VMIN_DISPCLK_HZ 717000000 +#define MIN_SUBVP_DCFCLK_KHZ 400000 #define TO_DCN32_RES_POOL(pool)\ container_of(pool, struct dcn32_resource_pool, base) @@ -181,6 +182,8 @@ bool dcn32_subvp_vblank_admissable(struct dc *dc, struct dc_state *context, int void dcn32_update_dml_pipes_odm_policy_based_on_context(struct dc *dc, struct dc_state *context, display_e2e_pipe_params_st *pipes); +void dcn32_override_min_req_dcfclk(struct dc *dc, struct dc_state *context); + /* definitions for run time init of reg offsets */ /* CLK SRC */ -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 05/34] drm/amd/display: Set DCN351 BB and IP the same as DCN35

by Alex Hung

From: Xi Liu <xi.liu(a)amd.com> [WHY & HOW] DCN351 and DCN35 should use the same bounding box and IP settings. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Xi Liu <xi.liu(a)amd.com> --- .../gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c index 17a58f41fc6a..a20f28a5d2e7 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c @@ -228,17 +228,13 @@ void dml2_init_socbb_params(struct dml2_context *dml2, const struct dc *in_dc, s break; case dml_project_dcn35: + case dml_project_dcn351: out->num_chans = 4; out->round_trip_ping_latency_dcfclk_cycles = 106; out->smn_latency_us = 2; out->dispclk_dppclk_vco_speed_mhz = 3600; break; - case dml_project_dcn351: - out->num_chans = 16; - out->round_trip_ping_latency_dcfclk_cycles = 1100; - out->smn_latency_us = 2; - break; } /* ---Overrides if available--- */ if (dml2->config.bbox_overrides.dram_num_chan) -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 01/34] drm/amd/display: Change default size for dummy plane in DML2

by Alex Hung

From: Swapnil Patel <swapnil.patel(a)amd.com> [WHY & HOW] Currently, to map dc states into dml_display_cfg, We create a dummy plane if the stream doesn't have any planes attached to it. This dummy plane uses max addersable width height. This results in certain mode validations failing when they shouldn't. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Swapnil Patel <swapnil.patel(a)amd.com> --- .../display/dc/dml2/dml2_translation_helper.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c index 1ba6933d2b36..17a58f41fc6a 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c @@ -824,13 +824,25 @@ static struct scaler_data get_scaler_data_for_plane(const struct dc_plane_state static void populate_dummy_dml_plane_cfg(struct dml_plane_cfg_st *out, unsigned int location, const struct dc_stream_state *in) { + dml_uint_t width, height; + + if (in->timing.h_addressable > 3840) + width = 3840; + else + width = in->timing.h_addressable; // 4K max + + if (in->timing.v_addressable > 2160) + height = 2160; + else + height = in->timing.v_addressable; // 4K max + out->CursorBPP[location] = dml_cur_32bit; out->CursorWidth[location] = 256; out->GPUVMMinPageSizeKBytes[location] = 256; - out->ViewportWidth[location] = in->timing.h_addressable; - out->ViewportHeight[location] = in->timing.v_addressable; + out->ViewportWidth[location] = width; + out->ViewportHeight[location] = height; out->ViewportStationary[location] = false; out->ViewportWidthChroma[location] = 0; out->ViewportHeightChroma[location] = 0; @@ -849,7 +861,7 @@ static void populate_dummy_dml_plane_cfg(struct dml_plane_cfg_st *out, unsigned out->HTapsChroma[location] = 0; out->VTapsChroma[location] = 0; out->SourceScan[location] = dml_rotation_0; - out->ScalerRecoutWidth[location] = in->timing.h_addressable; + out->ScalerRecoutWidth[location] = width; out->LBBitPerPixel[location] = 57; -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 4.19 00/52] 4.19.308-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.308 release. There are 52 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.308-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.308-rc1 Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: Fix xdp_md forward declaration typo Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Jason Gunthorpe <jgg(a)nvidia.com> s390: use the correct count for __iowrite64_copy() Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Make debug output more detailed Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/ulp: Use dev_name instead of ibdev->name Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Roman Gushchin <guro(a)fb.com> mm: memcontrol: switch to rcu protection in drain_all_stock() Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests GONG, Ruiqi <gongruiqi1(a)huawei.com> memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Aaro Koskinen <aaro.koskinen(a)nokia.com> net: stmmac: fix notifier registration Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> stmmac: no need to check return value of debugfs_create functions Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Makefile | 4 +- arch/arm/mach-ep93xx/core.c | 1 + arch/s390/pci/pci.c | 2 +- drivers/ata/ahci.c | 5 + drivers/block/virtio_blk.c | 7 +- drivers/dma/sh/shdma.h | 2 +- drivers/firewire/core-card.c | 18 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/hwmon/coretemp.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_verbs.c | 2 +- drivers/infiniband/ulp/iser/iser_verbs.c | 9 +- drivers/infiniband/ulp/isert/ib_isert.c | 2 +- drivers/infiniband/ulp/opa_vnic/opa_vnic_vema.c | 3 +- drivers/infiniband/ulp/srp/ib_srp.c | 10 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 52 +- drivers/md/dm-crypt.c | 6 + drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 65 +- drivers/net/gtp.c | 10 +- drivers/pci/msi.c | 2 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/Kconfig | 2 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 12 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/aio.c | 9 +- fs/ext4/mballoc.c | 13 +- fs/nilfs2/dat.c | 27 +- include/linux/fs.h | 2 + include/rdma/rdma_vt.h | 2 +- kernel/sched/rt.c | 10 +- kernel/sysctl.c | 5 + mm/memcontrol.c | 23 +- mm/userfaultfd.c | 14 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/packet/af_packet.c | 4 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 708 -------- net/sched/sch_cbq.c | 1823 --------------------- net/sched/sch_dsmark.c | 519 ------ net/wireless/nl80211.c | 1 + scripts/bpf_helpers_doc.py | 157 +- virt/kvm/arm/vgic/vgic-its.c | 5 + 55 files changed, 412 insertions(+), 3259 deletions(-)

1 year, 8 months

6
57
0 0

FAILED: patch "[PATCH] mptcp: fix duplicate subflow creation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 045e9d812868a2d80b7a57b224ce8009444b7bbc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022602-extended-buffer-5cf7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 045e9d812868 ("mptcp: fix duplicate subflow creation") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") bedee0b56113 ("mptcp: address lookup improvements") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") aaa25a2fa796 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 045e9d812868a2d80b7a57b224ce8009444b7bbc Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:33 +0100 Subject: [PATCH] mptcp: fix duplicate subflow creation Fullmesh endpoints could end-up unexpectedly generating duplicate subflows - same local and remote addresses - when multiple incoming ADD_ADDR are processed before the PM creates the subflow for the local endpoints. Address the issue explicitly checking for duplicates at subflow creation time. To avoid a quadratic computational complexity, track the unavailable remote address ids in a temporary bitmap and initialize such bitmap with the remote ids of all the existing subflows matching the local address currently processed. The above allows additionally replacing the existing code checking for duplicate entry in the current set with a simple bit test operation. Fixes: 2843ff6f36db ("mptcp: remote addresses fullmesh") Cc: stable(a)vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/435 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ed6983af1ab2..58d17d9604e7 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -396,19 +396,6 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) } } -static bool lookup_address_in_vec(const struct mptcp_addr_info *addrs, unsigned int nr, - const struct mptcp_addr_info *addr) -{ - int i; - - for (i = 0; i < nr; i++) { - if (addrs[i].id == addr->id) - return true; - } - - return false; -} - /* Fill all the remote addresses into the array addrs[], * and return the array size. */ @@ -440,6 +427,16 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, msk->pm.subflows++; addrs[i++] = remote; } else { + DECLARE_BITMAP(unavail_id, MPTCP_PM_MAX_ADDR_ID + 1); + + /* Forbid creation of new subflows matching existing + * ones, possibly already created by incoming ADD_ADDR + */ + bitmap_zero(unavail_id, MPTCP_PM_MAX_ADDR_ID + 1); + mptcp_for_each_subflow(msk, subflow) + if (READ_ONCE(subflow->local_id) == local->id) + __set_bit(subflow->remote_id, unavail_id); + mptcp_for_each_subflow(msk, subflow) { ssk = mptcp_subflow_tcp_sock(subflow); remote_address((struct sock_common *)ssk, &addrs[i]); @@ -447,11 +444,17 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, if (deny_id0 && !addrs[i].id) continue; + if (test_bit(addrs[i].id, unavail_id)) + continue; + if (!mptcp_pm_addr_families_match(sk, local, &addrs[i])) continue; - if (!lookup_address_in_vec(addrs, i, &addrs[i]) && - msk->pm.subflows < subflows_max) { + if (msk->pm.subflows < subflows_max) { + /* forbid creating multiple address towards + * this id + */ + __set_bit(addrs[i].id, unavail_id); msk->pm.subflows++; i++; }

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: fix data races on local_id" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a7cfe776637004a4c938fde78be4bd608c32c3ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022610-approval-winking-e3d7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a7cfe776637004a4c938fde78be4bd608c32c3ef Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:31 +0100 Subject: [PATCH] mptcp: fix data races on local_id The local address id is accessed lockless by the NL PM, add all the required ONCE annotation. There is a caveat: the local id can be initialized late in the subflow life-cycle, and its validity is controlled by the local_id_valid flag. Remove such flag and encode the validity in the local_id field itself with negative value before initialization. That allows accessing the field consistently with a single read operation. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/diag.c b/net/mptcp/diag.c index e57c5f47f035..6ff6f14674aa 100644 --- a/net/mptcp/diag.c +++ b/net/mptcp/diag.c @@ -65,7 +65,7 @@ static int subflow_get_info(struct sock *sk, struct sk_buff *skb) sf->map_data_len) || nla_put_u32(skb, MPTCP_SUBFLOW_ATTR_FLAGS, flags) || nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_REM, sf->remote_id) || - nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_LOC, sf->local_id)) { + nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_LOC, subflow_get_local_id(sf))) { err = -EMSGSIZE; goto nla_failure; } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a24c9128dee9..912e25077437 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -800,7 +800,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, mptcp_for_each_subflow_safe(msk, subflow, tmp) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); int how = RCV_SHUTDOWN | SEND_SHUTDOWN; - u8 id = subflow->local_id; + u8 id = subflow_get_local_id(subflow); if (rm_type == MPTCP_MIB_RMADDR && subflow->remote_id != rm_id) continue; @@ -809,7 +809,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", - i, rm_id, subflow->local_id, subflow->remote_id, + i, rm_id, id, subflow->remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); mptcp_subflow_shutdown(sk, ssk, how); @@ -1994,7 +1994,7 @@ static int mptcp_event_add_subflow(struct sk_buff *skb, const struct sock *ssk) if (WARN_ON_ONCE(!sf)) return -EINVAL; - if (nla_put_u8(skb, MPTCP_ATTR_LOC_ID, sf->local_id)) + if (nla_put_u8(skb, MPTCP_ATTR_LOC_ID, subflow_get_local_id(sf))) return -EMSGSIZE; if (nla_put_u8(skb, MPTCP_ATTR_REM_ID, sf->remote_id)) diff --git a/net/mptcp/pm_userspace.c b/net/mptcp/pm_userspace.c index e582b3b2d174..d396a5973429 100644 --- a/net/mptcp/pm_userspace.c +++ b/net/mptcp/pm_userspace.c @@ -234,7 +234,7 @@ static int mptcp_userspace_pm_remove_id_zero_address(struct mptcp_sock *msk, lock_sock(sk); mptcp_for_each_subflow(msk, subflow) { - if (subflow->local_id == 0) { + if (READ_ONCE(subflow->local_id) == 0) { has_id_0 = true; break; } diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8ef2927ebca2..948606a537da 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -85,7 +85,7 @@ static int __mptcp_socket_create(struct mptcp_sock *msk) subflow->subflow_id = msk->subflow_id++; /* This is the first subflow, always with id 0 */ - subflow->local_id_valid = 1; + WRITE_ONCE(subflow->local_id, 0); mptcp_sock_graft(msk->first, sk->sk_socket); iput(SOCK_INODE(ssock)); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index ed50f2015dc3..631a7f445f34 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -491,10 +491,9 @@ struct mptcp_subflow_context { remote_key_valid : 1, /* received the peer key from */ disposable : 1, /* ctx can be free at ulp release time */ stale : 1, /* unable to snd/rcv data, do not use for xmit */ - local_id_valid : 1, /* local_id is correctly initialized */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 9; + __unused : 10; bool data_avail; bool scheduled; u32 remote_nonce; @@ -505,7 +504,7 @@ struct mptcp_subflow_context { u8 hmac[MPTCPOPT_HMAC_LEN]; /* MPJ subflow only */ u64 iasn; /* initial ack sequence number, MPC subflows only */ }; - u8 local_id; + s16 local_id; /* if negative not initialized yet */ u8 remote_id; u8 reset_seen:1; u8 reset_transient:1; @@ -556,6 +555,7 @@ mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow) { memset(&subflow->reset, 0, sizeof(subflow->reset)); subflow->request_mptcp = 1; + WRITE_ONCE(subflow->local_id, -1); } static inline u64 @@ -1022,6 +1022,15 @@ int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc); int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +static inline u8 subflow_get_local_id(const struct mptcp_subflow_context *subflow) +{ + int local_id = READ_ONCE(subflow->local_id); + + if (local_id < 0) + return 0; + return local_id; +} + void __init mptcp_pm_nl_init(void); void mptcp_pm_nl_work(struct mptcp_sock *msk); void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c34ecadee120..015184bbf06c 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -577,8 +577,8 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) static void subflow_set_local_id(struct mptcp_subflow_context *subflow, int local_id) { - subflow->local_id = local_id; - subflow->local_id_valid = 1; + WARN_ON_ONCE(local_id < 0 || local_id > 255); + WRITE_ONCE(subflow->local_id, local_id); } static int subflow_chk_local_id(struct sock *sk) @@ -587,7 +587,7 @@ static int subflow_chk_local_id(struct sock *sk) struct mptcp_sock *msk = mptcp_sk(subflow->conn); int err; - if (likely(subflow->local_id_valid)) + if (likely(subflow->local_id >= 0)) return 0; err = mptcp_pm_get_local_id(msk, (struct sock_common *)sk); @@ -1731,6 +1731,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, pr_debug("subflow=%p", ctx); ctx->tcp_sock = sk; + WRITE_ONCE(ctx->local_id, -1); return ctx; } @@ -1966,7 +1967,7 @@ static void subflow_ulp_clone(const struct request_sock *req, new_ctx->idsn = subflow_req->idsn; /* this is the first subflow, id is always 0 */ - new_ctx->local_id_valid = 1; + subflow_set_local_id(new_ctx, 0); } else if (subflow_req->mp_join) { new_ctx->ssn_offset = subflow_req->ssn_offset; new_ctx->mp_join = 1;

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: add needs_id for netlink appending addr" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 584f3894262634596532cf43a5e782e34a0ce374 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022732-wrought-cardiac-a27a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 584f38942626 ("mptcp: add needs_id for netlink appending addr") aab4d8564947 ("net: mptcp: use policy generated by YAML spec") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") 6ba7ce89905c ("mptcp: unify pm set_flags interfaces") a963853fd465 ("mptcp: use net instead of sock_net") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") d15697185404 ("mptcp: allow privileged operations from user namespaces") 9c5d03d36251 ("genetlink: start to validate reserved header bytes") 02739545951a ("net: Fix data-races around sysctl_[rw]mem(_offset)?.") 892f396c8e68 ("mptcp: netlink: issue MP_PRIO signals from userspace PMs") a657430260e5 ("mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags") c21b50d5912b ("mptcp: Avoid acquiring PM lock for subflow priority changes") 6f664045c868 ("Merge tag 'mm-nonmm-stable-2022-05-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 584f3894262634596532cf43a5e782e34a0ce374 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Thu, 15 Feb 2024 19:25:29 +0100 Subject: [PATCH] mptcp: add needs_id for netlink appending addr Just the same as userspace PM, a new parameter needs_id is added for in-kernel PM mptcp_pm_nl_append_new_local_addr() too. Add a new helper mptcp_pm_has_addr_attr_id() to check whether an address ID is set from PM or not. In mptcp_pm_nl_get_local_id(), needs_id is always true, but in mptcp_pm_nl_add_addr_doit(), pass mptcp_pm_has_addr_attr_id() to needs_it. Fixes: efd5a4c04e18 ("mptcp: add the address ID assignment bitmap") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 287a60381eae..a24c9128dee9 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -901,7 +901,8 @@ static void __mptcp_pm_release_addr_entry(struct mptcp_pm_addr_entry *entry) } static int mptcp_pm_nl_append_new_local_addr(struct pm_nl_pernet *pernet, - struct mptcp_pm_addr_entry *entry) + struct mptcp_pm_addr_entry *entry, + bool needs_id) { struct mptcp_pm_addr_entry *cur, *del_entry = NULL; unsigned int addr_max; @@ -949,7 +950,7 @@ static int mptcp_pm_nl_append_new_local_addr(struct pm_nl_pernet *pernet, } } - if (!entry->addr.id) { + if (!entry->addr.id && needs_id) { find_next: entry->addr.id = find_next_zero_bit(pernet->id_bitmap, MPTCP_PM_MAX_ADDR_ID + 1, @@ -960,7 +961,7 @@ static int mptcp_pm_nl_append_new_local_addr(struct pm_nl_pernet *pernet, } } - if (!entry->addr.id) + if (!entry->addr.id && needs_id) goto out; __set_bit(entry->addr.id, pernet->id_bitmap); @@ -1092,7 +1093,7 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc entry->ifindex = 0; entry->flags = MPTCP_PM_ADDR_FLAG_IMPLICIT; entry->lsk = NULL; - ret = mptcp_pm_nl_append_new_local_addr(pernet, entry); + ret = mptcp_pm_nl_append_new_local_addr(pernet, entry, true); if (ret < 0) kfree(entry); @@ -1285,6 +1286,18 @@ static int mptcp_nl_add_subflow_or_signal_addr(struct net *net) return 0; } +static bool mptcp_pm_has_addr_attr_id(const struct nlattr *attr, + struct genl_info *info) +{ + struct nlattr *tb[MPTCP_PM_ADDR_ATTR_MAX + 1]; + + if (!nla_parse_nested_deprecated(tb, MPTCP_PM_ADDR_ATTR_MAX, attr, + mptcp_pm_address_nl_policy, info->extack) && + tb[MPTCP_PM_ADDR_ATTR_ID]) + return true; + return false; +} + int mptcp_pm_nl_add_addr_doit(struct sk_buff *skb, struct genl_info *info) { struct nlattr *attr = info->attrs[MPTCP_PM_ENDPOINT_ADDR]; @@ -1326,7 +1339,8 @@ int mptcp_pm_nl_add_addr_doit(struct sk_buff *skb, struct genl_info *info) goto out_free; } } - ret = mptcp_pm_nl_append_new_local_addr(pernet, entry); + ret = mptcp_pm_nl_append_new_local_addr(pernet, entry, + !mptcp_pm_has_addr_attr_id(attr, info)); if (ret < 0) { GENL_SET_ERR_MSG_FMT(info, "too many addresses or duplicate one: %d", ret); goto out_free;

1 year, 8 months

2
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: add missing kconfig for NF Filter in v6" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021943-wriggle-repair-49dd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8c86fad2cecd ("selftests: mptcp: add missing kconfig for NF Filter in v6") b6e074e171bc ("selftests: mptcp: add infinite map testcase") 39aab88242a8 ("selftests: mptcp: join: list failure at the end") c7d49c033de0 ("selftests: mptcp: join: alt. to exec specific tests") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 26516e10c433 ("selftests: mptcp: add more arguments for chk_join_nr") 8117dac3e7c3 ("selftests: mptcp: add invert check in check_transfer") 01542c9bf9ab ("selftests: mptcp: add fastclose testcase") cbfafac4cf8f ("selftests: mptcp: add extra_args in do_transfer") 922fd2b39e5a ("selftests: mptcp: add the MP_RST mibs check") e8e947ef50f6 ("selftests: mptcp: add the MP_FASTCLOSE mibs check") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 31 Jan 2024 22:49:48 +0100 Subject: [PATCH] selftests: mptcp: add missing kconfig for NF Filter in v6 Since the commit mentioned below, 'mptcp_join' selftests is using IPTables to add rules to the Filter table for IPv6. It is then required to have IP6_NF_FILTER KConfig. This KConfig is usually enabled by default in many defconfig, but we recently noticed that some CI were running our selftests without them enabled. Fixes: 523514ed0a99 ("selftests: mptcp: add ADD_ADDR IPv6 test cases") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selftests/net/mptcp/config index 2a00bf4acdfa..26fe466f803d 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -25,6 +25,7 @@ CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IP6_NF_FILTER=m CONFIG_NET_ACT_CSUM=m CONFIG_NET_ACT_PEDIT=m CONFIG_NET_CLS_ACT=y

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: add missing kconfig for NF Filter" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3645c844902bd4e173d6704fc2a37e8746904d67 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021925-lyricism-unshackle-b3ca@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3645c844902b ("selftests: mptcp: add missing kconfig for NF Filter") 46e967d187ed ("selftests: mptcp: add tests for subflow creation failure") 5fb62e9cd3ad ("selftests: mptcp: add tproxy test case") b6ab64b074f2 ("selftests: mptcp: more stable simult_flows tests") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3645c844902bd4e173d6704fc2a37e8746904d67 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 31 Jan 2024 22:49:47 +0100 Subject: [PATCH] selftests: mptcp: add missing kconfig for NF Filter Since the commit mentioned below, 'mptcp_join' selftests is using IPTables to add rules to the Filter table. It is then required to have IP_NF_FILTER KConfig. This KConfig is usually enabled by default in many defconfig, but we recently noticed that some CI were running our selftests without them enabled. Fixes: 8d014eaa9254 ("selftests: mptcp: add ADD_ADDR timeout test case") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selftests/net/mptcp/config index e317c2e44dae..2a00bf4acdfa 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -22,6 +22,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_SOCKET=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_NET_ACT_CSUM=m

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: rename timer related helper to less confusing names" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f6909dc1c1f4452879278128012da6c76bc186a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023100402-launder-percent-3d59@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f6909dc1c1f4452879278128012da6c76bc186a5 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 16 Sep 2023 12:52:48 +0200 Subject: [PATCH] mptcp: rename timer related helper to less confusing names The msk socket uses to different timeout to track close related events and retransmissions. The existing helpers do not indicate clearly which timer they actually touch, making the related code quite confusing. Change the existing helpers name to avoid such confusion. No functional change intended. This patch is linked to the next one ("mptcp: fix dangling connection hang-up"). The two patches are supposed to be backported together. Cc: stable(a)vger.kernel.org # v5.11+ Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 1c96b8da71df..c8f38f303a90 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -405,7 +405,7 @@ static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk, return false; } -static void mptcp_stop_timer(struct sock *sk) +static void mptcp_stop_rtx_timer(struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); @@ -911,12 +911,12 @@ static void __mptcp_flush_join_list(struct sock *sk, struct list_head *join_list } } -static bool mptcp_timer_pending(struct sock *sk) +static bool mptcp_rtx_timer_pending(struct sock *sk) { return timer_pending(&inet_csk(sk)->icsk_retransmit_timer); } -static void mptcp_reset_timer(struct sock *sk) +static void mptcp_reset_rtx_timer(struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); unsigned long tout; @@ -1050,10 +1050,10 @@ static void __mptcp_clean_una(struct sock *sk) out: if (snd_una == READ_ONCE(msk->snd_nxt) && snd_una == READ_ONCE(msk->write_seq)) { - if (mptcp_timer_pending(sk) && !mptcp_data_fin_enabled(msk)) - mptcp_stop_timer(sk); + if (mptcp_rtx_timer_pending(sk) && !mptcp_data_fin_enabled(msk)) + mptcp_stop_rtx_timer(sk); } else { - mptcp_reset_timer(sk); + mptcp_reset_rtx_timer(sk); } } @@ -1626,8 +1626,8 @@ void __mptcp_push_pending(struct sock *sk, unsigned int flags) mptcp_push_release(ssk, &info); /* ensure the rtx timer is running */ - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); if (do_check_data_fin) mptcp_check_send_data_fin(sk); } @@ -1690,8 +1690,8 @@ static void __mptcp_subflow_push_pending(struct sock *sk, struct sock *ssk, bool if (copied) { tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle, info.size_goal); - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); if (msk->snd_data_fin_enable && msk->snd_nxt + 1 == msk->write_seq) @@ -2260,7 +2260,7 @@ static void mptcp_retransmit_timer(struct timer_list *t) sock_put(sk); } -static void mptcp_timeout_timer(struct timer_list *t) +static void mptcp_tout_timer(struct timer_list *t) { struct sock *sk = from_timer(sk, t, sk_timer); @@ -2629,14 +2629,14 @@ static void __mptcp_retrans(struct sock *sk) reset_timer: mptcp_check_and_set_pending(sk); - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); } /* schedule the timeout timer for the relevant event: either close timeout * or mp_fail timeout. The close timeout takes precedence on the mp_fail one */ -void mptcp_reset_timeout(struct mptcp_sock *msk, unsigned long fail_tout) +void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout) { struct sock *sk = (struct sock *)msk; unsigned long timeout, close_timeout; @@ -2669,7 +2669,7 @@ static void mptcp_mp_fail_no_response(struct mptcp_sock *msk) WRITE_ONCE(mptcp_subflow_ctx(ssk)->fail_tout, 0); unlock_sock_fast(ssk, slow); - mptcp_reset_timeout(msk, 0); + mptcp_reset_tout_timer(msk, 0); } static void mptcp_do_fastclose(struct sock *sk) @@ -2758,7 +2758,7 @@ static void __mptcp_init_sock(struct sock *sk) /* re-use the csk retrans timer for MPTCP-level retrans */ timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0); - timer_setup(&sk->sk_timer, mptcp_timeout_timer, 0); + timer_setup(&sk->sk_timer, mptcp_tout_timer, 0); } static void mptcp_ca_reset(struct sock *sk) @@ -2849,8 +2849,8 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) } else { pr_debug("Sending DATA_FIN on subflow %p", ssk); tcp_send_ack(ssk); - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); } break; } @@ -2933,7 +2933,7 @@ static void __mptcp_destroy_sock(struct sock *sk) might_sleep(); - mptcp_stop_timer(sk); + mptcp_stop_rtx_timer(sk); sk_stop_timer(sk, &sk->sk_timer); msk->pm.status = 0; mptcp_release_sched(msk); @@ -3053,7 +3053,7 @@ bool __mptcp_close(struct sock *sk, long timeout) __mptcp_destroy_sock(sk); do_cancel_work = true; } else { - mptcp_reset_timeout(msk, 0); + mptcp_reset_tout_timer(msk, 0); } return do_cancel_work; @@ -3116,7 +3116,7 @@ static int mptcp_disconnect(struct sock *sk, int flags) mptcp_check_listen_stop(sk); inet_sk_state_store(sk, TCP_CLOSE); - mptcp_stop_timer(sk); + mptcp_stop_rtx_timer(sk); sk_stop_timer(sk, &sk->sk_timer); if (msk->token) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 7254b3562575..5e2026815c8e 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -718,7 +718,7 @@ void mptcp_get_options(const struct sk_buff *skb, void mptcp_finish_connect(struct sock *sk); void __mptcp_set_connected(struct sock *sk); -void mptcp_reset_timeout(struct mptcp_sock *msk, unsigned long fail_tout); +void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout); static inline bool mptcp_is_fully_established(struct sock *sk) { return inet_sk_state_load(sk) == TCP_ESTABLISHED && diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 2f40c23fdb0d..433f290984c8 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1226,7 +1226,7 @@ static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk) WRITE_ONCE(subflow->fail_tout, fail_tout); tcp_send_ack(ssk); - mptcp_reset_timeout(msk, subflow->fail_tout); + mptcp_reset_tout_timer(msk, subflow->fail_tout); } static bool subflow_check_data_avail(struct sock *ssk)

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: process pending subflow error on close" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9f1a98813b4b686482e5ef3c9d998581cace0ba6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023100447-durable-snowiness-8b36@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f1a98813b4b686482e5ef3c9d998581cace0ba6 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 16 Sep 2023 12:52:47 +0200 Subject: [PATCH] mptcp: process pending subflow error on close On incoming TCP reset, subflow closing could happen before error propagation. That in turn could cause the socket error being ignored, and a missing socket state transition, as reported by Daire-Byrne. Address the issues explicitly checking for subflow socket error at close time. To avoid code duplication, factor-out of __mptcp_error_report() a new helper implementing the relevant bits. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/429 Fixes: 15cc10453398 ("mptcp: deliver ssk errors to msk") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 915860027b1a..1c96b8da71df 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -770,40 +770,44 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) return moved; } +static bool __mptcp_subflow_error_report(struct sock *sk, struct sock *ssk) +{ + int err = sock_error(ssk); + int ssk_state; + + if (!err) + return false; + + /* only propagate errors on fallen-back sockets or + * on MPC connect + */ + if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(mptcp_sk(sk))) + return false; + + /* We need to propagate only transition to CLOSE state. + * Orphaned socket will see such state change via + * subflow_sched_work_if_closed() and that path will properly + * destroy the msk as needed. + */ + ssk_state = inet_sk_state_load(ssk); + if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) + inet_sk_state_store(sk, ssk_state); + WRITE_ONCE(sk->sk_err, -err); + + /* This barrier is coupled with smp_rmb() in mptcp_poll() */ + smp_wmb(); + sk_error_report(sk); + return true; +} + void __mptcp_error_report(struct sock *sk) { struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); - mptcp_for_each_subflow(msk, subflow) { - struct sock *ssk = mptcp_subflow_tcp_sock(subflow); - int err = sock_error(ssk); - int ssk_state; - - if (!err) - continue; - - /* only propagate errors on fallen-back sockets or - * on MPC connect - */ - if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(msk)) - continue; - - /* We need to propagate only transition to CLOSE state. - * Orphaned socket will see such state change via - * subflow_sched_work_if_closed() and that path will properly - * destroy the msk as needed. - */ - ssk_state = inet_sk_state_load(ssk); - if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) - inet_sk_state_store(sk, ssk_state); - WRITE_ONCE(sk->sk_err, -err); - - /* This barrier is coupled with smp_rmb() in mptcp_poll() */ - smp_wmb(); - sk_error_report(sk); - break; - } + mptcp_for_each_subflow(msk, subflow) + if (__mptcp_subflow_error_report(sk, mptcp_subflow_tcp_sock(subflow))) + break; } /* In most cases we will be able to lock the mptcp socket. If its already @@ -2428,6 +2432,7 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, } out_release: + __mptcp_subflow_error_report(sk, ssk); release_sock(ssk); sock_put(ssk);

1 year, 8 months

2
1
0 0

[PATCH net-next v5 04/21] bitops: add missing prototype check

by Alexander Lobakin

Commit 8238b4579866 ("wait_on_bit: add an acquire memory barrier") added a new bitop, test_bit_acquire(), with proper wrapping in order to try to optimize it at compile-time, but missed the list of bitops used for checking their prototypes a bit below. The functions added have consistent prototypes, so that no more changes are required and no functional changes take place. Fixes: 8238b4579866 ("wait_on_bit: add an acquire memory barrier") Cc: stable(a)vger.kernel.org # 6.0+ Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> --- include/linux/bitops.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/bitops.h b/include/linux/bitops.h index 2ba557e067fe..f7f5a783da2a 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h @@ -80,6 +80,7 @@ __check_bitop_pr(__test_and_set_bit); __check_bitop_pr(__test_and_clear_bit); __check_bitop_pr(__test_and_change_bit); __check_bitop_pr(test_bit); +__check_bitop_pr(test_bit_acquire); #undef __check_bitop_pr -- 2.43.0

1 year, 8 months

2
1
0 0

[PATCH] drm/amd/display: Add monitor patch for specific eDP

by Rodrigo Siqueira

From: Ivan Lipski <ivlipski(a)amd.com> [WHY] Some eDP panels's ext caps don't write initial value cause the value of dpcd_addr(0x317) is random. It means that sometimes the eDP will clarify it is OLED, miniLED...etc cause the backlight control interface is incorrect. [HOW] Add a new panel patch to remove sink ext caps(HDR,OLED...etc) Cc: stable(a)vger.kernel.org # 6.5.x Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Cc: Tsung-hua Lin <tsung-hua.lin(a)amd.com> Cc: Chris Chi <moukong.chi(a)amd.com> Cc: Harry Wentland <Harry.Wentland(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Acked-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Ivan Lipski <ivlipski(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index d9a482908380..764dc3ffd91b 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -63,6 +63,12 @@ static void apply_edid_quirks(struct edid *edid, struct dc_edid_caps *edid_caps) DRM_DEBUG_DRIVER("Disabling FAMS on monitor with panel id %X\n", panel_id); edid_caps->panel_patch.disable_fams = true; break; + /* Workaround for some monitors that do not clear DPCD 0x317 if FreeSync is unsupported */ + case drm_edid_encode_panel_id('A', 'U', 'O', 0xA7AB): + case drm_edid_encode_panel_id('A', 'U', 'O', 0xE69B): + DRM_DEBUG_DRIVER("Clearing DPCD 0x317 on monitor with panel id %X\n", panel_id); + edid_caps->panel_patch.remove_sink_ext_caps = true; + break; default: return; } -- 2.43.0

1 year, 8 months

3
2
0 0

[PATCH] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation

by Bjorn Andersson via B4 Relay

From: Bjorn Andersson <quic_bjorande(a)quicinc.com> Commit 'e3e56c050ab6 ("soc: qcom: rpmhpd: Make power_on actually enable the domain")' aimed to make sure that a power-domain that is being enabled without any particular performance-state requested will at least turn the rail on, to avoid filling DeviceTree with otherwise unnecessary required-opps properties. But in the event that aggregation happens on a disabled power-domain, with an enabled peer without performance-state, both the local and peer corner are 0. The peer's enabled_corner is not considered, with the result that the underlying (shared) resource is disabled. One case where this can be observed is when the display stack keeps mmcx enabled (but without a particular performance-state vote) in order to access registers and sync_state happens in the rpmhpd driver. As mmcx_ao is flushed the state of the peer (mmcx) is not considered and mmcx_ao ends up turning off "mmcx.lvl" underneath mmcx. This has been observed several times, but has been painted over in DeviceTree by adding an explicit vote for the lowest non-disabled performance-state. Fixes: e3e56c050ab6 ("soc: qcom: rpmhpd: Make power_on actually enable the domain") Reported-by: Johan Hovold <johan(a)kernel.org> Closes: https://lore.kernel.org/linux-arm-msm/ZdMwZa98L23mu3u6@hovoldconsulting.com/ Cc: <stable(a)vger.kernel.org> Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- This issue is the root cause of a display regression on SC8280XP boards, resulting in the system often resetting during boot. It was exposed by the refactoring of the DisplayPort driver in v6.8-rc1. --- drivers/pmdomain/qcom/rpmhpd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/pmdomain/qcom/rpmhpd.c b/drivers/pmdomain/qcom/rpmhpd.c index 3078896b1300..47df910645f6 100644 --- a/drivers/pmdomain/qcom/rpmhpd.c +++ b/drivers/pmdomain/qcom/rpmhpd.c @@ -692,6 +692,7 @@ static int rpmhpd_aggregate_corner(struct rpmhpd *pd, unsigned int corner) unsigned int active_corner, sleep_corner; unsigned int this_active_corner = 0, this_sleep_corner = 0; unsigned int peer_active_corner = 0, peer_sleep_corner = 0; + unsigned int peer_enabled_corner; if (pd->state_synced) { to_active_sleep(pd, corner, &this_active_corner, &this_sleep_corner); @@ -701,9 +702,11 @@ static int rpmhpd_aggregate_corner(struct rpmhpd *pd, unsigned int corner) this_sleep_corner = pd->level_count - 1; } - if (peer && peer->enabled) - to_active_sleep(peer, peer->corner, &peer_active_corner, + if (peer && peer->enabled) { + peer_enabled_corner = max(peer->corner, peer->enable_corner); + to_active_sleep(peer, peer_enabled_corner, &peer_active_corner, &peer_sleep_corner); + } active_corner = max(this_active_corner, peer_active_corner); --- base-commit: b401b621758e46812da61fa58a67c3fd8d91de0d change-id: 20240226-rpmhpd-enable-corner-fix-c5e07fe7b986 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

1 year, 8 months

7
6
0 0

[PATCH -fixes v4 3/3] riscv: Save/restore envcfg CSR during CPU suspend

by Samuel Holland

The value of the [ms]envcfg CSR is lost when entering a nonretentive idle state, so the CSR must be rewritten when resuming the CPU. Cc: <stable(a)vger.kernel.org> # v6.7+ Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v4: - Check for Xlinuxenvcfg instead of Zicboz Changes in v3: - Check for Zicboz instead of the privileged ISA version Changes in v2: - Check for privileged ISA v1.12 instead of the specific CSR - Use riscv_has_extension_likely() instead of new ALTERNATIVE()s arch/riscv/include/asm/suspend.h | 1 + arch/riscv/kernel/suspend.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/arch/riscv/include/asm/suspend.h b/arch/riscv/include/asm/suspend.h index 02f87867389a..491296a335d0 100644 --- a/arch/riscv/include/asm/suspend.h +++ b/arch/riscv/include/asm/suspend.h @@ -14,6 +14,7 @@ struct suspend_context { struct pt_regs regs; /* Saved and restored by high-level functions */ unsigned long scratch; + unsigned long envcfg; unsigned long tvec; unsigned long ie; #ifdef CONFIG_MMU diff --git a/arch/riscv/kernel/suspend.c b/arch/riscv/kernel/suspend.c index 239509367e42..299795341e8a 100644 --- a/arch/riscv/kernel/suspend.c +++ b/arch/riscv/kernel/suspend.c @@ -15,6 +15,8 @@ void suspend_save_csrs(struct suspend_context *context) { context->scratch = csr_read(CSR_SCRATCH); + if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_XLINUXENVCFG)) + context->envcfg = csr_read(CSR_ENVCFG); context->tvec = csr_read(CSR_TVEC); context->ie = csr_read(CSR_IE); @@ -36,6 +38,8 @@ void suspend_save_csrs(struct suspend_context *context) void suspend_restore_csrs(struct suspend_context *context) { csr_write(CSR_SCRATCH, context->scratch); + if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_XLINUXENVCFG)) + csr_write(CSR_ENVCFG, context->envcfg); csr_write(CSR_TVEC, context->tvec); csr_write(CSR_IE, context->ie); -- 2.43.1

1 year, 8 months

3
2
0 0

[PATCH v3 0/5] scsi: ufs: qcom: fix UFSDHCD support on MSM8996 platform

by Dmitry Baryshkov

First several patches target fixing the UFS support on the Qualcomm MSM8996 / APQ8096 platforms, broken by the commit b4e13e1ae95e ("scsi: ufs: qcom: Add multiple frequency support for MAX_CORE_CLK_1US_CYCLES"). Last two patches clean up the UFS DT device on that platform to follow the bindings on other MSM8969 platforms. If such breaking change is unacceptable, they can be simply ignored, merging fixes only. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v3: - dropped the patch conflicting with Yassine's patch that got accepted - Cc stable on the UFS change (Manivannan) - Fixed typos in the commit message (Manivannan) - Link to v2: https://lore.kernel.org/r/20240213-msm8996-fix-ufs-v2-0-650758c26458@linaro… Changes in v2: - Dropped patches adding RX_SYMBOL_1_CLK, MSM8996 uses single lane (Krzysztof). - Link to v1: https://lore.kernel.org/r/20240209-msm8996-fix-ufs-v1-0-107b52e57420@linaro… --- Dmitry Baryshkov (5): scsi: ufs: qcom: provide default cycles_in_1us value arm64: dts: qcom: msm8996: specify UFS core_clk frequencies arm64: dts: qcom: msm8996: set GCC_UFS_ICE_CORE_CLK freq directly dt-bindings: ufs: qcom,ufs: drop source clock entries arm64: dts: qcom: msm8996: drop source clock entries from the UFS node Documentation/devicetree/bindings/ufs/qcom,ufs.yaml | 12 +++++------- arch/arm64/boot/dts/qcom/msm8996.dtsi | 8 +------- drivers/ufs/host/ufs-qcom.c | 6 ++++-- 3 files changed, 10 insertions(+), 16 deletions(-) --- base-commit: 0035c3918a74a83f94158fbbd667e163bfd4a0d0 change-id: 20240209-msm8996-fix-ufs-f80ae6d4d8cf Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

1 year, 8 months

2
3
0 0

[PATCH v2] usb: gadget: ncm: Fix handling of zero block length packets

by Krishna Kurapati

While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometimes and have block length zero but still contain 1-2 valid datagrams present. According to the NCM spec: "If wBlockLength = 0x0000, the block is terminated by a short packet. In this case, the USB transfer must still be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent, and the size is a multiple of wMaxPacketSize for the given pipe, then no ZLP shall be sent. wBlockLength= 0x0000 must be used with extreme care, because of the possibility that the host and device may get out of sync, and because of test issues. wBlockLength = 0x0000 allows the sender to reduce latency by starting to send a very large NTB, and then shortening it when the sender discovers that there’s not sufficient data to justify sending a large NTB" However, there is a potential issue with the current implementation, as it checks for the occurrence of multiple NTBs in a single giveback by verifying if the leftover bytes to be processed is zero or not. If the block length reads zero, we would process the same NTB infintely because the leftover bytes is never zero and it leads to a crash. Fix this by bailing out if block length reads zero. Cc: <stable(a)vger.kernel.org> Fixes: 427694cfaafa ("usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- Changes in v2: Removed goto label Link to v1: https://lore.kernel.org/all/20240226112815.2616719-1-quic_kriskura@quicinc.… drivers/usb/gadget/function/f_ncm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index e2a059cfda2c..28f4e6552e84 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -1346,7 +1346,7 @@ static int ncm_unwrap_ntb(struct gether *port, if (to_process == 1 && (*(unsigned char *)(ntb_ptr + block_len) == 0x00)) { to_process--; - } else if (to_process > 0) { + } else if ((to_process > 0) && (block_len != 0)) { ntb_ptr = (unsigned char *)(ntb_ptr + block_len); goto parse_ntb; } -- 2.34.1

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] memcg: fix use-after-free in uncharge_batch" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f1796544a0ca0f14386a679d3d05fbc69235015e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022759-crave-busily-bef7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f1796544a0ca ("memcg: fix use-after-free in uncharge_batch") 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") 8d22a9351035 ("mm/memcg: fix refcount error while moving and swapping") d9eb1ea2bf87 ("mm: memcontrol: delete unused lrucare handling") 4c6355b25e8b ("mm: memcontrol: charge swapin pages on instantiation") f0e45fb4da29 ("mm: memcontrol: drop unused try/commit/cancel charge API") 9d82c69438d0 ("mm: memcontrol: convert anon and file-thp to new mem_cgroup_charge() API") 468c398233da ("mm: memcontrol: switch to native NR_ANON_THPS counter") be5d0a74c62d ("mm: memcontrol: switch to native NR_ANON_MAPPED counter") 0d1c20722ab3 ("mm: memcontrol: switch to native NR_FILE_PAGES and NR_SHMEM counters") 49e50d277ba2 ("mm: memcontrol: prepare move_account for removal of private page type counters") 9f762dbe19b9 ("mm: memcontrol: prepare uncharging for removal of private page type counters") 3fea5a499d57 ("mm: memcontrol: convert page cache to a new mem_cgroup_charge() API") 6caa6a0703e0 ("mm: memcontrol: move out cgroup swaprate throttling") 14235ab36019 ("mm: shmem: remove rare optimization when swapin races with hole punching") 3fba69a56e16 ("mm: memcontrol: drop @compound parameter from memcg charging API") abb242f57196 ("mm: memcontrol: fix stat-corrupting race in charge moving") f4129ea3591a ("mm: fix NUMA node file count error in replace_page_cache()") ffe945e633b5 ("khugepaged: do not stop collapse if less than half PTEs are referenced") 396bcc5299c2 ("mm: remove CONFIG_TRANSPARENT_HUGE_PAGECACHE") 85b9f46e8ea4 ("mm, thp: track fallbacks due to failed memcg charges separately") dcdf11ee1441 ("mm, shmem: add vmstat for hugepage fallback") 9c315e4d7d8c ("mm: memcg/slab: cache page number in memcg_(un)charge_slab()") 92d0510c3585 ("mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg()") f4b00eab5004 ("mm: kmem: rename memcg_kmem_(un)charge() into memcg_kmem_(un)charge_page()") 50591183fa86 ("mm: kmem: cleanup memcg_kmem_uncharge_memcg() arguments") 10eaec2f63b6 ("mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments") 47e29d32afba ("mm/gup: page->hpage_pinned_refcount: exact pin counts for huge pages") 3faa52c03f44 ("mm/gup: track FOLL_PIN pages") 3b78d8347d31 ("mm/gup: pass gup flags to two more routines") c23a0c99793f ("mm/migrate: clean up some minor coding style") 92855270ff08 ("mm/memcontrol.c: cleanup some useless code") f1f6a7dd9b53 ("mm, tree-wide: rename put_user_page*() to unpin_user_page*()") aa4b87fe9ea3 ("powerpc: book3s64: convert to pin_user_pages() and put_user_page()") 19fed0dae94d ("vfio, mm: pin_user_pages (FOLL_PIN) and put_user_page() conversion") 1f815afcfca7 ("media/v4l2-core: pin_user_pages (FOLL_PIN) and put_user_page() conversion") 803e4572d7c5 ("mm/process_vm_access: set FOLL_PIN via pin_user_pages_remote()") 57459435cff5 ("goldish_pipe: convert to pin_user_pages() and put_user_page()") eddb1c228f79 ("mm/gup: introduce pin_user_pages*() and FOLL_PIN") 3c7470b6f684 ("media/v4l2-core: set pages dirty upon releasing DMA buffers") f4000fdf435b ("mm/gup: allow FOLL_FORCE for get_user_pages_fast()") 3567813eae5e ("vfio: fix FOLL_LONGTERM use, simplify get_user_pages_remote() call") c4237f8b1f4f ("mm: fix get_user_pages_remote()'s handling of FOLL_LONGTERM") a707cdd55f0f ("mm/gup: move try_get_compound_head() to top, fix minor issues") a43e982082c2 ("mm/gup: factor out duplicate code from four routines") fac0516b5534 ("mm: thp: don't need care deferred split queue in memcg charge move path") f1fe80d4ae33 ("mm, thp: do not queue fully unmapped pages for deferred split") acbfb087e3b1 ("mm/hugetlb: avoid looping to the same hugepage if !pages and !vmas") 867e5e1de14b ("mm: clean up and clarify lruvec lookup procedure") 242c37b459ce ("include/linux/memcontrol.h: fix comments based on per-node memcg") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f1796544a0ca0f14386a679d3d05fbc69235015e Mon Sep 17 00:00:00 2001 From: Michal Hocko <mhocko(a)suse.com> Date: Fri, 4 Sep 2020 16:35:24 -0700 Subject: [PATCH] memcg: fix use-after-free in uncharge_batch syzbot has reported an use-after-free in the uncharge_batch path BUG: KASAN: use-after-free in instrument_atomic_write include/linux/instrumented.h:71 [inline] BUG: KASAN: use-after-free in atomic64_sub_return include/asm-generic/atomic-instrumented.h:970 [inline] BUG: KASAN: use-after-free in atomic_long_sub_return include/asm-generic/atomic-long.h:113 [inline] BUG: KASAN: use-after-free in page_counter_cancel mm/page_counter.c:54 [inline] BUG: KASAN: use-after-free in page_counter_uncharge+0x3d/0xc0 mm/page_counter.c:155 Write of size 8 at addr ffff8880371c0148 by task syz-executor.0/9304 CPU: 0 PID: 9304 Comm: syz-executor.0 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1f0/0x31e lib/dump_stack.c:118 print_address_description+0x66/0x620 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report+0x132/0x1d0 mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:183 [inline] check_memory_region+0x2b5/0x2f0 mm/kasan/generic.c:192 instrument_atomic_write include/linux/instrumented.h:71 [inline] atomic64_sub_return include/asm-generic/atomic-instrumented.h:970 [inline] atomic_long_sub_return include/asm-generic/atomic-long.h:113 [inline] page_counter_cancel mm/page_counter.c:54 [inline] page_counter_uncharge+0x3d/0xc0 mm/page_counter.c:155 uncharge_batch+0x6c/0x350 mm/memcontrol.c:6764 uncharge_page+0x115/0x430 mm/memcontrol.c:6796 uncharge_list mm/memcontrol.c:6835 [inline] mem_cgroup_uncharge_list+0x70/0xe0 mm/memcontrol.c:6877 release_pages+0x13a2/0x1550 mm/swap.c:911 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:242 [inline] tlb_flush_mmu+0x780/0x910 mm/mmu_gather.c:249 tlb_finish_mmu+0xcb/0x200 mm/mmu_gather.c:328 exit_mmap+0x296/0x550 mm/mmap.c:3185 __mmput+0x113/0x370 kernel/fork.c:1076 exit_mm+0x4cd/0x550 kernel/exit.c:483 do_exit+0x576/0x1f20 kernel/exit.c:793 do_group_exit+0x161/0x2d0 kernel/exit.c:903 get_signal+0x139b/0x1d30 kernel/signal.c:2743 arch_do_signal+0x33/0x610 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:135 [inline] exit_to_user_mode_prepare+0x8d/0x1b0 kernel/entry/common.c:166 syscall_exit_to_user_mode+0x5e/0x1a0 kernel/entry/common.c:241 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Commit 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") reworked the memcg lifetime to be bound the the struct page rather than charges. It also removed the css_put_many from uncharge_batch and that is causing the above splat. uncharge_batch() is supposed to uncharge accumulated charges for all pages freed from the same memcg. The queuing is done by uncharge_page which however drops the memcg reference after it adds charges to the batch. If the current page happens to be the last one holding the reference for its memcg then the memcg is OK to go and the next page to be freed will trigger batched uncharge which needs to access the memcg which is gone already. Fix the issue by taking a reference for the memcg in the current batch. Fixes: 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") Reported-by: syzbot+b305848212deec86eabe(a)syzkaller.appspotmail.com Reported-by: syzbot+b5ea6fb6f139c8b9482b(a)syzkaller.appspotmail.com Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: Hugh Dickins <hughd(a)google.com> Link: https://lkml.kernel.org/r/20200820090341.GC5033@dhcp22.suse.cz Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/memcontrol.c b/mm/memcontrol.c index b807952b4d43..cfa6cbad21d5 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -6774,6 +6774,9 @@ static void uncharge_batch(const struct uncharge_gather *ug) __this_cpu_add(ug->memcg->vmstats_percpu->nr_page_events, ug->nr_pages); memcg_check_events(ug->memcg, ug->dummy_page); local_irq_restore(flags); + + /* drop reference from uncharge_page */ + css_put(&ug->memcg->css); } static void uncharge_page(struct page *page, struct uncharge_gather *ug) @@ -6797,6 +6800,9 @@ static void uncharge_page(struct page *page, struct uncharge_gather *ug) uncharge_gather_clear(ug); } ug->memcg = page->mem_cgroup; + + /* pairs with css_put in uncharge_batch */ + css_get(&ug->memcg->css); } nr_pages = compound_nr(page);

1 year, 8 months

3
4
0 0

[PATCH v1] net: sfp: add quirks for ODI DFP-34X-2C2

by Shengyu Qu

ODI DFP-34X-2C2 is capable of 2500base-X, but incorrectly report its capabilities in the EEPROM. So use sfp_quirk_2500basex for this module to allow 2500Base-X mode. Signed-off-by: Shengyu Qu <wiagn233(a)outlook.com> --- drivers/net/phy/sfp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c index f75c9eb3958e..2021cb4ff2f6 100644 --- a/drivers/net/phy/sfp.c +++ b/drivers/net/phy/sfp.c @@ -495,6 +495,13 @@ static const struct sfp_quirk sfp_quirks[] = { // 2500MBd NRZ in their EEPROM SFP_QUIRK_M("Lantech", "8330-262D-E", sfp_quirk_2500basex), + // ODI DFP-34X-2C2 can operate at 2500base-X, but incorrectly report 1300MBd + // NRZ in the EEPROM. + // Besides, In early batches, vendor id is set to OEM, but that is fixed in + // newer batches. + SFP_QUIRK_M("ODI", "DFP-34X-2C2", sfp_quirk_2500basex), + SFP_QUIRK_M("OEM", "DFP-34X-2C2", sfp_quirk_2500basex), + SFP_QUIRK_M("UBNT", "UF-INSTANT", sfp_quirk_ubnt_uf_instant), // Walsun HXSX-ATR[CI]-1 don't identify as copper, and use the -- 2.39.2

1 year, 8 months

4
14
0 0

[PATCH -fixes v4 1/3] riscv: Fix enabling cbo.zero when running in M-mode

by Samuel Holland

When the kernel is running in M-mode, the CBZE bit must be set in the menvcfg CSR, not in senvcfg. Cc: <stable(a)vger.kernel.org> Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Reviewed-by: Andrew Jones <ajones(a)ventanamicro.com> Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- (no changes since v1) arch/riscv/include/asm/csr.h | 2 ++ arch/riscv/kernel/cpufeature.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/asm/csr.h index 510014051f5d..2468c55933cd 100644 --- a/arch/riscv/include/asm/csr.h +++ b/arch/riscv/include/asm/csr.h @@ -424,6 +424,7 @@ # define CSR_STATUS CSR_MSTATUS # define CSR_IE CSR_MIE # define CSR_TVEC CSR_MTVEC +# define CSR_ENVCFG CSR_MENVCFG # define CSR_SCRATCH CSR_MSCRATCH # define CSR_EPC CSR_MEPC # define CSR_CAUSE CSR_MCAUSE @@ -448,6 +449,7 @@ # define CSR_STATUS CSR_SSTATUS # define CSR_IE CSR_SIE # define CSR_TVEC CSR_STVEC +# define CSR_ENVCFG CSR_SENVCFG # define CSR_SCRATCH CSR_SSCRATCH # define CSR_EPC CSR_SEPC # define CSR_CAUSE CSR_SCAUSE diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index 89920f84d0a3..c5b13f7dd482 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -950,7 +950,7 @@ arch_initcall(check_unaligned_access_all_cpus); void riscv_user_isa_enable(void) { if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_ZICBOZ)) - csr_set(CSR_SENVCFG, ENVCFG_CBZE); + csr_set(CSR_ENVCFG, ENVCFG_CBZE); } #ifdef CONFIG_RISCV_ALTERNATIVE -- 2.43.1

1 year, 8 months

2
1
0 0

[PATCH] Bluetooth: Add device 0bda:4853 to blacklist/quirk table

by WangYuli

This new device is part of a Realtek RTW8852BE chip. Without this change the device utilizes an obsolete version of the firmware that is encoded in it rather than the updated Realtek firmware and config files from the firmware directory. The latter files implement many new features. The device table is as follows: T: Bus=03 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4853 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Link: https://lore.kernel.org/all/20230810144507.9599-1-Larry.Finger@lwfinger.net/ Cc: stable(a)vger.kernel.org Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index edfb49bbaa28..5225a6075626 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = { /* Realtek 8852BE Bluetooth devices */ { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH] usb: xhci: Add error handling in xhci_map_urb_for_dma

by Prashanth K

Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -EAGAIN if kzalloc returns null pointer. Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate SG") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- drivers/usb/host/xhci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index c057c42c36f4..0597a60bec34 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1218,6 +1218,9 @@ static int xhci_map_temp_buffer(struct usb_hcd *hcd, struct urb *urb) temp = kzalloc_node(buf_len, GFP_ATOMIC, dev_to_node(hcd->self.sysdev)); + if (!temp) + return -EAGAIN; + if (usb_urb_dir_out(urb)) sg_pcopy_to_buffer(urb->sg, urb->num_sgs, temp, buf_len, 0); -- 2.25.1

1 year, 8 months

2
2
0 0

[PATCH] mk68k: Fix broken THREAD_SIZE_ORDER

by Dawei Li

Current THREAD_SIZE_ORDER implementation for m68k is incorrect, fix it by ilog2(). Fixes: cddafa3500fd ("m68k/m68knommu: merge MMU and non-MMU thread_info.h") Signed-off-by: Dawei Li <dawei.li(a)shingroup.cn> Cc: stable(a)vger.kernel.org --- arch/m68k/include/asm/thread_info.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/m68k/include/asm/thread_info.h b/arch/m68k/include/asm/thread_info.h index 31be2ad999ca..50faecd6fc5f 100644 --- a/arch/m68k/include/asm/thread_info.h +++ b/arch/m68k/include/asm/thread_info.h @@ -19,7 +19,8 @@ #else #define THREAD_SIZE PAGE_SIZE #endif -#define THREAD_SIZE_ORDER ((THREAD_SIZE / PAGE_SIZE) - 1) + +#define THREAD_SIZE_ORDER ilog2(THREAD_SIZE / PAGE_SIZE) #ifndef __ASSEMBLY__ -- 2.27.0

1 year, 8 months

3
3
0 0

[PATCH v2 vfio 1/2] vfio/pds: Always clear the save/restore FDs on reset

by Brett Creeley

After reset the VFIO device state will always be put in VFIO_DEVICE_STATE_RUNNING, but the save/restore files will only be cleared if the previous state was VFIO_DEVICE_STATE_ERROR. This can/will cause the restore/save files to be leaked if/when the migration state machine transitions through the states that re-allocates these files. Fix this by always clearing the restore/save files for resets. Fixes: 7dabb1bcd177 ("vfio/pds: Add support for firmware recovery") Cc: stable(a)vger.kernel.org Signed-off-by: Brett Creeley <brett.creeley(a)amd.com> Reviewed-by: Shannon Nelson <shannon.nelson(a)amd.com> --- drivers/vfio/pci/pds/vfio_dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/vfio/pci/pds/vfio_dev.c b/drivers/vfio/pci/pds/vfio_dev.c index 4c351c59d05a..a286ebcc7112 100644 --- a/drivers/vfio/pci/pds/vfio_dev.c +++ b/drivers/vfio/pci/pds/vfio_dev.c @@ -32,9 +32,9 @@ void pds_vfio_state_mutex_unlock(struct pds_vfio_pci_device *pds_vfio) mutex_lock(&pds_vfio->reset_mutex); if (pds_vfio->deferred_reset) { pds_vfio->deferred_reset = false; + pds_vfio_put_restore_file(pds_vfio); + pds_vfio_put_save_file(pds_vfio); if (pds_vfio->state == VFIO_DEVICE_STATE_ERROR) { - pds_vfio_put_restore_file(pds_vfio); - pds_vfio_put_save_file(pds_vfio); pds_vfio_dirty_disable(pds_vfio, false); } pds_vfio->state = pds_vfio->deferred_reset_state; -- 2.17.1

1 year, 8 months

2
1
0 0

[PATCH 0/3] Support intra-function call validation

by Rui Qi

Since kernel version 5.4.250 LTS, there has been an issue with the kernel live patching feature becoming unavailable. When compiling the sample code for kernel live patching, the following message is displayed when enabled: livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack After investigation, it was found that this is due to objtool not supporting intra-function calls, resulting in incorrect orc entry generation. This patchset adds support for intra-function calls, allowing the kernel live patching feature to work correctly. Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Rui Qi (1): x86/speculation: Support intra-function call validation arch/x86/include/asm/nospec-branch.h | 7 ++ include/linux/frame.h | 11 ++++ .../Documentation/stack-validation.txt | 8 +++ tools/objtool/arch/x86/decode.c | 6 ++ tools/objtool/check.c | 64 +++++++++++++++++-- 5 files changed, 91 insertions(+), 5 deletions(-) -- 2.39.2 (Apple Git-143)

1 year, 8 months

5
8
0 0

[PATCH v2 0/2] x86/cpu: fix invalid MTRR mask values for SEV or TME

by Paolo Bonzini

Supersedes: <20240130180400.1698136-1-pbonzini(a)redhat.com> MKTME repurposes the high bit of physical address to key id for encryption key and, even though MAXPHYADDR in CPUID[0x80000008] remains the same, the valid bits in the MTRR mask register are based on the reduced number of physical address bits. This breaks boot on machines that have TME enabled and do something to cleanup MTRRs, unless "disable_mtrr_cleanup" is passed on the command line. The fix is to move the check to early CPU initialization, which runs before Linux sets up MTRRs. However, as noticed by Kirill, the patch I sent as v1 actually works only until Linux 6.6. In Linux 6.7, commit fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") reorganized the initialization of c->x86_phys_bits in a way that broke the patch. But even in 6.7 AMD processors, which did try to reduce it in this_cpu->c_early_init(c), had their x86_phys_bits value overwritten by get_cpu_address_sizes(), so that early_identify_cpu() left the wrong value in x86_phys_bits. This probably went unnoticed because on AMD processors you need not apply the reduced MAXPHYADDR to MTRR masks. Therefore, this v2 prepends the fix for this issue in commit fbf6449f84bf. Apologies for the oversight. Tested on an AMD Epyc machine (where I resorted to dumping mtrr_state) and on the problematic Intel Emerald Rapids machine. Thanks, Paolo Paolo Bonzini (2): x86/cpu: allow reducing x86_phys_bits during early_identify_cpu() x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/intel.c | 178 ++++++++++++++++++----------------- 2 files changed, 93 insertions(+), 89 deletions(-) -- 2.43.0

1 year, 8 months

5
23
0 0

[PATCH v1] usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices

by Badhri Jagan Sridharan

While commit 69f89168b310 ("usb: typec: tpcm: Fix issues with power being removed during reset") fixes the boot issues for bus powered devices such as LibreTech Renegade Elite/Firefly, it trades off the CC pins NOT being Hi-Zed during errory recovery (i.e PORT_RESET) for devices which are NOT bus powered(a.k.a self powered). This change Hi-Zs the CC pins only for self powered devices, thus preventing brown out for bus powered devices Adhering to spec is gaining more importance due to the Common charger initiative enforced by the European Union. Quoting from the spec: 4.5.2.2.2.1 ErrorRecovery State Requirements The port shall not drive VBUS or VCONN, and shall present a high-impedance to ground (above zOPEN) on its CC1 and CC2 pins. Hi-Zing the CC pins is the inteded behavior for PORT_RESET. CC pins are set to default state after tErrorRecovery in PORT_RESET_WAIT_OFF. 4.5.2.2.2.2 Exiting From ErrorRecovery State A Sink shall transition to Unattached.SNK after tErrorRecovery. A Source shall transition to Unattached.SRC after tErrorRecovery. Fixes: 69f89168b310 ("usb: typec: tpcm: Fix issues with power being removed during reset") Cc: stable(a)kernel.org Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c9a78f55ca48..bbe1381232eb 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5593,8 +5593,11 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); - tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ? - TYPEC_CC_RD : tcpm_rp_cc(port)); + if (port->self_powered) + tcpm_set_cc(port, TYPEC_CC_OPEN); + else + tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ? + TYPEC_CC_RD : tcpm_rp_cc(port)); tcpm_set_state(port, PORT_RESET_WAIT_OFF, PD_T_ERROR_RECOVERY); break; base-commit: a560a5672826fc1e057068bda93b3d4c98d037a2 -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 8 months

2
2
0 0

Re: [PATCH v4] mm/swap: fix race when skipping swapcache

by Chris Li

On Tue, Feb 27, 2024 at 10:14 AM Kairui Song <ryncsn(a)gmail.com> wrote: > > On Wed, Feb 21, 2024 at 12:32 AM Chris Li <chrisl(a)kernel.org> wrote: > > > > On Mon, Feb 19, 2024 at 8:56 PM Kairui Song <ryncsn(a)gmail.com> wrote: > > > > > > > > Hi Barry, > > > > > > > it might not be a problem for throughput. but for real-time and tail latency, > > > > this hurts. For example, this might increase dropping frames of UI which > > > > is an important parameter to evaluate performance :-) > > > > > > > > > > That's a true issue, as Chris mentioned before I think we need to > > > think of some clever data struct to solve this more naturally in the > > > future, similar issue exists for cached swapin as well and it has been > > > there for a while. On the other hand I think maybe applications that > > > are extremely latency sensitive should try to avoid swap on fault? A > > > swapin could cause other issues like reclaim, throttled or contention > > > with many other things, these seem to have a higher chance than this > > > race. > > > > > > Yes, I do think the best long term solution is to have some clever > > data structure to solve the synchronization issue and allow racing > > threads to make forward progress at the same time. > > > > I have also explored some (failed) synchronization ideas, for example > > having the run time swap entry refcount separate from swap_map count. > > BTW, zswap entry->refcount behaves like that, it is separate from swap > > entry and manages the temporary run time usage count held by the > > function. However that idea has its own problem as well, it needs to > > have an xarray to track the swap entry run time refcount (only stored > > in the xarray when CPU fails to get SWAP_HAS_CACHE bit.) When we are > > done with page faults, we still need to look up the xarray to make > > sure there is no racing CPU and put the refcount into the xarray. That > > kind of defeats the purpose of avoiding the swap cache in the first > > place. We still need to do the xarray lookup in the normal path. > > > > I came to realize that, while this current fix is not perfect, (I > > still wish we had a better solution not pausing the racing CPU). This > > patch stands better than not fixing this data corruption issue and the > > patch remains relatively simple. Yes it has latency issues but still > > better than data corruption. It also doesn't stop us from coming up > > with better solutions later on. If we want to address the > > synchronization in a way not blocking other CPUs, it will likely > > require a much bigger change. > > > > Unless we have a better suggestion. It seems the better one among the > > alternatives so far. > > > > Hi, > > Thanks for the comments. I've been trying some ideas locally, I think a simple and straight solution exists: We just don't skip the swap cache xarray. Yes, I have been pondering about that as well. Notice in __read_swap_cache_async(), it has a similar "schedule_timeout_uninterruptible(1)" when swapcache_prepare(entry) fails to grab the SWAP_HAS_CACHE bit. So falling back to use the swap cache does not automatically solve the latency issue. Similar delay exists in the swap cache case as well. > The current reason we are skipping it is for performance, but with some optimization, the performance should be as good as skipping it (in current behavior). Notice even in the swap cache bypass path, we need to do one lookup, and one modify (delete the shadow). That can't be skipped. So the usage of swap cache can be better organized and optimized. > After all swapin makes use of swap cache, swapin can insert the folio in swap cache xarray first, then set swap map cache bit. I'm thinking about reusing the folio lock, or having an intermediate value in xarray, so raced swapins can wait properly. There are some tricky parts syncing with swap maps though. Inserting the swap cache xarray first and setting SWAP_HAS_CACHE bit later will need more audit on the race. I assume you take the swap device/cluster lock before folio insert into swap cache xarray? Chris > > Currently working on a series, will send in a few weeks if it works.

1 year, 8 months

1
0
0 0

[PATCH v4] md/raid5: fix atomicity violation in raid5_cache_count

by Gui-Dong Han

In raid5_cache_count(): if (conf->max_nr_stripes < conf->min_nr_stripes) return 0; return conf->max_nr_stripes - conf->min_nr_stripes; The current check is ineffective, as the values could change immediately after being checked. In raid5_set_cache_size(): ... conf->min_nr_stripes = size; ... while (size > conf->max_nr_stripes) conf->min_nr_stripes = conf->max_nr_stripes; ... Due to intermediate value updates in raid5_set_cache_size(), concurrent execution of raid5_cache_count() and raid5_set_cache_size() may lead to inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes. The current checks are ineffective as values could change immediately after being checked, raising the risk of conf->min_nr_stripes exceeding conf->max_nr_stripes and potentially causing an integer overflow. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 6.2. To resolve this issue, it is suggested to introduce local variables 'min_stripes' and 'max_stripes' in raid5_cache_count() to ensure the values remain stable throughout the check. Adding locks in raid5_cache_count() fails to resolve atomicity violations, as raid5_set_cache_size() may hold intermediate values of conf->min_nr_stripes while unlocked. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. Fixes: edbe83ab4c27 ("md/raid5: allow the stripe_cache to grow and shrink.") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * In this patch v2, we've updated to use READ_ONCE() instead of direct reads for accessing max_nr_stripes and min_nr_stripes, since read and write can concurrent. Thank Yu Kuai for helpful advice. --- v3: * In this patch v3, we've updated to use WRITE_ONCE() in raid5_set_cache_size(), grow_one_stripe() and drop_one_stripe(), in order to pair READ_ONCE() with WRITE_ONCE(). Thank Yu Kuai for helpful advice. --- v4: * In this patch v4, we've addressed several code style issues. Thank Yu Kuai for helpful advice. --- drivers/md/raid5.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index 8497880135ee..30e118d10c0b 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -2412,7 +2412,7 @@ static int grow_one_stripe(struct r5conf *conf, gfp_t gfp) atomic_inc(&conf->active_stripes); raid5_release_stripe(sh); - conf->max_nr_stripes++; + WRITE_ONCE(conf->max_nr_stripes, conf->max_nr_stripes + 1); return 1; } @@ -2707,7 +2707,7 @@ static int drop_one_stripe(struct r5conf *conf) shrink_buffers(sh); free_stripe(conf->slab_cache, sh); atomic_dec(&conf->active_stripes); - conf->max_nr_stripes--; + WRITE_ONCE(conf->max_nr_stripes, conf->max_nr_stripes - 1); return 1; } @@ -6820,7 +6820,7 @@ raid5_set_cache_size(struct mddev *mddev, int size) if (size <= 16 || size > 32768) return -EINVAL; - conf->min_nr_stripes = size; + WRITE_ONCE(conf->min_nr_stripes, size); mutex_lock(&conf->cache_size_mutex); while (size < conf->max_nr_stripes && drop_one_stripe(conf)) @@ -6832,7 +6832,7 @@ raid5_set_cache_size(struct mddev *mddev, int size) mutex_lock(&conf->cache_size_mutex); while (size > conf->max_nr_stripes) if (!grow_one_stripe(conf, GFP_KERNEL)) { - conf->min_nr_stripes = conf->max_nr_stripes; + WRITE_ONCE(conf->min_nr_stripes, conf->max_nr_stripes); result = -ENOMEM; break; } @@ -7390,11 +7390,13 @@ static unsigned long raid5_cache_count(struct shrinker *shrink, struct shrink_control *sc) { struct r5conf *conf = shrink->private_data; + int max_stripes = READ_ONCE(conf->max_nr_stripes); + int min_stripes = READ_ONCE(conf->min_nr_stripes); - if (conf->max_nr_stripes < conf->min_nr_stripes) + if (max_stripes < min_stripes) /* unlikely, but not impossible */ return 0; - return conf->max_nr_stripes - conf->min_nr_stripes; + return max_stripes - min_stripes; } static struct r5conf *setup_conf(struct mddev *mddev) -- 2.34.1

1 year, 8 months

3
4
0 0

[PATCH -fixes v3 1/2] riscv: Fix enabling cbo.zero when running in M-mode

by Samuel Holland

When the kernel is running in M-mode, the CBZE bit must be set in the menvcfg CSR, not in senvcfg. Cc: <stable(a)vger.kernel.org> Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Reviewed-by: Andrew Jones <ajones(a)ventanamicro.com> Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- (no changes since v1) arch/riscv/include/asm/csr.h | 2 ++ arch/riscv/kernel/cpufeature.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/asm/csr.h index 510014051f5d..2468c55933cd 100644 --- a/arch/riscv/include/asm/csr.h +++ b/arch/riscv/include/asm/csr.h @@ -424,6 +424,7 @@ # define CSR_STATUS CSR_MSTATUS # define CSR_IE CSR_MIE # define CSR_TVEC CSR_MTVEC +# define CSR_ENVCFG CSR_MENVCFG # define CSR_SCRATCH CSR_MSCRATCH # define CSR_EPC CSR_MEPC # define CSR_CAUSE CSR_MCAUSE @@ -448,6 +449,7 @@ # define CSR_STATUS CSR_SSTATUS # define CSR_IE CSR_SIE # define CSR_TVEC CSR_STVEC +# define CSR_ENVCFG CSR_SENVCFG # define CSR_SCRATCH CSR_SSCRATCH # define CSR_EPC CSR_SEPC # define CSR_CAUSE CSR_SCAUSE diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index 89920f84d0a3..c5b13f7dd482 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -950,7 +950,7 @@ arch_initcall(check_unaligned_access_all_cpus); void riscv_user_isa_enable(void) { if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_ZICBOZ)) - csr_set(CSR_SENVCFG, ENVCFG_CBZE); + csr_set(CSR_ENVCFG, ENVCFG_CBZE); } #ifdef CONFIG_RISCV_ALTERNATIVE -- 2.43.0

1 year, 8 months

3
3
0 0

Re: [PATCH 6.7 000/334] 6.7.7-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 8 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: fix duplicate subflow creation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 045e9d812868a2d80b7a57b224ce8009444b7bbc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022601-footwork-fastness-bcab@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 045e9d812868 ("mptcp: fix duplicate subflow creation") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 045e9d812868a2d80b7a57b224ce8009444b7bbc Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:33 +0100 Subject: [PATCH] mptcp: fix duplicate subflow creation Fullmesh endpoints could end-up unexpectedly generating duplicate subflows - same local and remote addresses - when multiple incoming ADD_ADDR are processed before the PM creates the subflow for the local endpoints. Address the issue explicitly checking for duplicates at subflow creation time. To avoid a quadratic computational complexity, track the unavailable remote address ids in a temporary bitmap and initialize such bitmap with the remote ids of all the existing subflows matching the local address currently processed. The above allows additionally replacing the existing code checking for duplicate entry in the current set with a simple bit test operation. Fixes: 2843ff6f36db ("mptcp: remote addresses fullmesh") Cc: stable(a)vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/435 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ed6983af1ab2..58d17d9604e7 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -396,19 +396,6 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) } } -static bool lookup_address_in_vec(const struct mptcp_addr_info *addrs, unsigned int nr, - const struct mptcp_addr_info *addr) -{ - int i; - - for (i = 0; i < nr; i++) { - if (addrs[i].id == addr->id) - return true; - } - - return false; -} - /* Fill all the remote addresses into the array addrs[], * and return the array size. */ @@ -440,6 +427,16 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, msk->pm.subflows++; addrs[i++] = remote; } else { + DECLARE_BITMAP(unavail_id, MPTCP_PM_MAX_ADDR_ID + 1); + + /* Forbid creation of new subflows matching existing + * ones, possibly already created by incoming ADD_ADDR + */ + bitmap_zero(unavail_id, MPTCP_PM_MAX_ADDR_ID + 1); + mptcp_for_each_subflow(msk, subflow) + if (READ_ONCE(subflow->local_id) == local->id) + __set_bit(subflow->remote_id, unavail_id); + mptcp_for_each_subflow(msk, subflow) { ssk = mptcp_subflow_tcp_sock(subflow); remote_address((struct sock_common *)ssk, &addrs[i]); @@ -447,11 +444,17 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, if (deny_id0 && !addrs[i].id) continue; + if (test_bit(addrs[i].id, unavail_id)) + continue; + if (!mptcp_pm_addr_families_match(sk, local, &addrs[i])) continue; - if (!lookup_address_in_vec(addrs, i, &addrs[i]) && - msk->pm.subflows < subflows_max) { + if (msk->pm.subflows < subflows_max) { + /* forbid creating multiple address towards + * this id + */ + __set_bit(addrs[i].id, unavail_id); msk->pm.subflows++; i++; }

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: fix data races on remote_id" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 967d3c27127e71a10ff5c083583a038606431b61 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022642-overjoyed-retying-c027@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 967d3c27127e ("mptcp: fix data races on remote_id") a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 967d3c27127e71a10ff5c083583a038606431b61 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:32 +0100 Subject: [PATCH] mptcp: fix data races on remote_id Similar to the previous patch, address the data race on remote_id, adding the suitable ONCE annotations. Fixes: bedee0b56113 ("mptcp: address lookup improvements") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 912e25077437..ed6983af1ab2 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -443,7 +443,7 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, mptcp_for_each_subflow(msk, subflow) { ssk = mptcp_subflow_tcp_sock(subflow); remote_address((struct sock_common *)ssk, &addrs[i]); - addrs[i].id = subflow->remote_id; + addrs[i].id = READ_ONCE(subflow->remote_id); if (deny_id0 && !addrs[i].id) continue; @@ -799,18 +799,18 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, mptcp_for_each_subflow_safe(msk, subflow, tmp) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); + u8 remote_id = READ_ONCE(subflow->remote_id); int how = RCV_SHUTDOWN | SEND_SHUTDOWN; u8 id = subflow_get_local_id(subflow); - if (rm_type == MPTCP_MIB_RMADDR && subflow->remote_id != rm_id) + if (rm_type == MPTCP_MIB_RMADDR && remote_id != rm_id) continue; if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) continue; pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", - i, rm_id, id, subflow->remote_id, - msk->mpc_endpoint_id); + i, rm_id, id, remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); mptcp_subflow_shutdown(sk, ssk, how); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 015184bbf06c..71ba86246ff8 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -535,7 +535,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->backup = mp_opt.backup; subflow->thmac = mp_opt.thmac; subflow->remote_nonce = mp_opt.nonce; - subflow->remote_id = mp_opt.join_id; + WRITE_ONCE(subflow->remote_id, mp_opt.join_id); pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d", subflow, subflow->thmac, subflow->remote_nonce, subflow->backup); @@ -1567,7 +1567,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d", msk, remote_token, local_id, remote_id); subflow->remote_token = remote_token; - subflow->remote_id = remote_id; + WRITE_ONCE(subflow->remote_id, remote_id); subflow->request_join = 1; subflow->request_bkup = !!(flags & MPTCP_PM_ADDR_FLAG_BACKUP); subflow->subflow_id = msk->subflow_id++; @@ -1974,7 +1974,7 @@ static void subflow_ulp_clone(const struct request_sock *req, new_ctx->fully_established = 1; new_ctx->remote_key_valid = 1; new_ctx->backup = subflow_req->backup; - new_ctx->remote_id = subflow_req->remote_id; + WRITE_ONCE(new_ctx->remote_id, subflow_req->remote_id); new_ctx->token = subflow_req->token; new_ctx->thmac = subflow_req->thmac;

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: fix data races on local_id" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a7cfe776637004a4c938fde78be4bd608c32c3ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022609-elongated-activity-64a1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a7cfe776637004a4c938fde78be4bd608c32c3ef Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:31 +0100 Subject: [PATCH] mptcp: fix data races on local_id The local address id is accessed lockless by the NL PM, add all the required ONCE annotation. There is a caveat: the local id can be initialized late in the subflow life-cycle, and its validity is controlled by the local_id_valid flag. Remove such flag and encode the validity in the local_id field itself with negative value before initialization. That allows accessing the field consistently with a single read operation. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/diag.c b/net/mptcp/diag.c index e57c5f47f035..6ff6f14674aa 100644 --- a/net/mptcp/diag.c +++ b/net/mptcp/diag.c @@ -65,7 +65,7 @@ static int subflow_get_info(struct sock *sk, struct sk_buff *skb) sf->map_data_len) || nla_put_u32(skb, MPTCP_SUBFLOW_ATTR_FLAGS, flags) || nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_REM, sf->remote_id) || - nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_LOC, sf->local_id)) { + nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_LOC, subflow_get_local_id(sf))) { err = -EMSGSIZE; goto nla_failure; } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a24c9128dee9..912e25077437 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -800,7 +800,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, mptcp_for_each_subflow_safe(msk, subflow, tmp) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); int how = RCV_SHUTDOWN | SEND_SHUTDOWN; - u8 id = subflow->local_id; + u8 id = subflow_get_local_id(subflow); if (rm_type == MPTCP_MIB_RMADDR && subflow->remote_id != rm_id) continue; @@ -809,7 +809,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", - i, rm_id, subflow->local_id, subflow->remote_id, + i, rm_id, id, subflow->remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); mptcp_subflow_shutdown(sk, ssk, how); @@ -1994,7 +1994,7 @@ static int mptcp_event_add_subflow(struct sk_buff *skb, const struct sock *ssk) if (WARN_ON_ONCE(!sf)) return -EINVAL; - if (nla_put_u8(skb, MPTCP_ATTR_LOC_ID, sf->local_id)) + if (nla_put_u8(skb, MPTCP_ATTR_LOC_ID, subflow_get_local_id(sf))) return -EMSGSIZE; if (nla_put_u8(skb, MPTCP_ATTR_REM_ID, sf->remote_id)) diff --git a/net/mptcp/pm_userspace.c b/net/mptcp/pm_userspace.c index e582b3b2d174..d396a5973429 100644 --- a/net/mptcp/pm_userspace.c +++ b/net/mptcp/pm_userspace.c @@ -234,7 +234,7 @@ static int mptcp_userspace_pm_remove_id_zero_address(struct mptcp_sock *msk, lock_sock(sk); mptcp_for_each_subflow(msk, subflow) { - if (subflow->local_id == 0) { + if (READ_ONCE(subflow->local_id) == 0) { has_id_0 = true; break; } diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8ef2927ebca2..948606a537da 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -85,7 +85,7 @@ static int __mptcp_socket_create(struct mptcp_sock *msk) subflow->subflow_id = msk->subflow_id++; /* This is the first subflow, always with id 0 */ - subflow->local_id_valid = 1; + WRITE_ONCE(subflow->local_id, 0); mptcp_sock_graft(msk->first, sk->sk_socket); iput(SOCK_INODE(ssock)); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index ed50f2015dc3..631a7f445f34 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -491,10 +491,9 @@ struct mptcp_subflow_context { remote_key_valid : 1, /* received the peer key from */ disposable : 1, /* ctx can be free at ulp release time */ stale : 1, /* unable to snd/rcv data, do not use for xmit */ - local_id_valid : 1, /* local_id is correctly initialized */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 9; + __unused : 10; bool data_avail; bool scheduled; u32 remote_nonce; @@ -505,7 +504,7 @@ struct mptcp_subflow_context { u8 hmac[MPTCPOPT_HMAC_LEN]; /* MPJ subflow only */ u64 iasn; /* initial ack sequence number, MPC subflows only */ }; - u8 local_id; + s16 local_id; /* if negative not initialized yet */ u8 remote_id; u8 reset_seen:1; u8 reset_transient:1; @@ -556,6 +555,7 @@ mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow) { memset(&subflow->reset, 0, sizeof(subflow->reset)); subflow->request_mptcp = 1; + WRITE_ONCE(subflow->local_id, -1); } static inline u64 @@ -1022,6 +1022,15 @@ int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc); int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +static inline u8 subflow_get_local_id(const struct mptcp_subflow_context *subflow) +{ + int local_id = READ_ONCE(subflow->local_id); + + if (local_id < 0) + return 0; + return local_id; +} + void __init mptcp_pm_nl_init(void); void mptcp_pm_nl_work(struct mptcp_sock *msk); void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c34ecadee120..015184bbf06c 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -577,8 +577,8 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) static void subflow_set_local_id(struct mptcp_subflow_context *subflow, int local_id) { - subflow->local_id = local_id; - subflow->local_id_valid = 1; + WARN_ON_ONCE(local_id < 0 || local_id > 255); + WRITE_ONCE(subflow->local_id, local_id); } static int subflow_chk_local_id(struct sock *sk) @@ -587,7 +587,7 @@ static int subflow_chk_local_id(struct sock *sk) struct mptcp_sock *msk = mptcp_sk(subflow->conn); int err; - if (likely(subflow->local_id_valid)) + if (likely(subflow->local_id >= 0)) return 0; err = mptcp_pm_get_local_id(msk, (struct sock_common *)sk); @@ -1731,6 +1731,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, pr_debug("subflow=%p", ctx); ctx->tcp_sock = sk; + WRITE_ONCE(ctx->local_id, -1); return ctx; } @@ -1966,7 +1967,7 @@ static void subflow_ulp_clone(const struct request_sock *req, new_ctx->idsn = subflow_req->idsn; /* this is the first subflow, id is always 0 */ - new_ctx->local_id_valid = 1; + subflow_set_local_id(new_ctx, 0); } else if (subflow_req->mp_join) { new_ctx->ssn_offset = subflow_req->ssn_offset; new_ctx->mp_join = 1;

1 year, 8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: fix more tx path fields initialization" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3f83d8a77eeeb47011b990fd766a421ee64f1d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021911-fragment-yearly-5b45@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") 9f1a98813b4b ("mptcp: process pending subflow error on close") d5fbeff1ab81 ("mptcp: move __mptcp_error_report in protocol.c") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 3f326a821b99 ("mptcp: change the mpc check helper to return a sk") 3aa362494170 ("mptcp: avoid ssock usage in mptcp_pm_nl_create_listen_socket()") f0bc514bd5c1 ("mptcp: avoid additional indirection in sockopt") 40f56d0c7043 ("mptcp: avoid additional indirection in mptcp_listen()") 8cf2ebdc0078 ("mptcp: mptcp: avoid additional indirection in mptcp_bind()") ccae357c1c6a ("mptcp: avoid additional __inet_stream_connect() call") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3f83d8a77eeeb47011b990fd766a421ee64f1d73 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:51 +0100 Subject: [PATCH] mptcp: fix more tx path fields initialization The 'msk->write_seq' and 'msk->snd_nxt' are always updated under the msk socket lock, except at MPC handshake completiont time. Builds-up on the previous commit to move such init under the relevant lock. There are no known problems caused by the potential race, the primary goal is consistency. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7632eafb683b..8cb6a873dae9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3478,10 +3478,8 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->write_seq, subflow->idsn + 1); - WRITE_ONCE(msk->snd_nxt, msk->write_seq); - WRITE_ONCE(msk->snd_una, msk->write_seq); - WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 56b2ac2f2f22..c2df34ebcf28 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -421,12 +421,21 @@ static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct soc void __mptcp_sync_state(struct sock *sk, int state) { + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); + struct sock *ssk = msk->first; - __mptcp_propagate_sndbuf(sk, msk->first); + subflow = mptcp_subflow_ctx(ssk); + __mptcp_propagate_sndbuf(sk, ssk); if (!msk->rcvspace_init) - mptcp_rcv_space_init(msk, msk->first); + mptcp_rcv_space_init(msk, ssk); + if (sk->sk_state == TCP_SYN_SENT) { + /* subflow->idsn is always available is TCP_SYN_SENT state, + * even for the FASTOPEN scenarios + */ + WRITE_ONCE(msk->write_seq, subflow->idsn + 1); + WRITE_ONCE(msk->snd_nxt, msk->write_seq); mptcp_set_state(sk, state); sk->sk_state_change(sk); }

1 year, 8 months

3
2
0 0

RE: [PATCHi V2] wifi: rtw88: Add missing VID/PIDs doe 8811CU and 8821CU

by Ping-Ke Shih

Hi Larry, > -----Original Message----- > From: Larry Finger <Larry.Finger(a)gmail.com> > Sent: Tuesday, February 27, 2024 10:35 AM > To: Kalle Valo <kvalo(a)kernel.org> > Cc: Johannes Berg <johannes(a)sipsolutions.net>; linux-wireless(a)vger.kernel.org; Nick Morrow > <morrownr(a)gmail.com>; Larry Finger <Larry.Finger(a)lwfinger.net>; Ping-Ke Shih <pkshih(a)realtek.com>; > stable(a)vger.kernel.org > Subject: [PATCHi V2] wifi: rtw88: Add missing VID/PIDs doe 8811CU and 8821CU Not sure if "doe" is typo? > > From: Nick Morrow <morrownr(a)gmail.com> > > Purpose: Add VID/PIDs that are known to be missing for this driver. > - removed /* 8811CU */ and /* 8821CU */ as they are redundant > since the file is specific to those chips. > - removed /* TOTOLINK A650UA v3 */ as the manufacturer. It has a REALTEK > VID so it may not be specific to this adapter. > > Source is > https://1EHFQ.trk.elasticemail.com/tracking/click?d=I82H0YR_W_h175Lb3Nkb0D8… > 0SPxd1Olp3PNJEJTqsu4kyqBXayE0BVd_k7uLFvlTe65Syx2uqLUB-UQSfsKKLkuyE-frMZXSCL7q824UG3Oer614GGEeEz-DNEWHh > 43p_e8oz7OouS6gRBEng0 > Verified and tested. > > Signed-off-by: Nick Morrow <morrownr(a)gmail.com> > Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > Acked-by: Ping-Ke Shih <pkshih(a)realtek.com> > Did you keep a blank line intentionally? > Cc: stable(a)vger.kernel.org

1 year, 8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: corner case locking for rx path fields initialization" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e4a0fa47e816e186f6b4c0055d07eeec42d11871 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021904-carol-mullets-5f01@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e4a0fa47e816 ("mptcp: corner case locking for rx path fields initialization") 3f83d8a77eee ("mptcp: fix more tx path fields initialization") 013e3179dbd2 ("mptcp: fix rcv space initialization") c693a8516429 ("mptcp: use mptcp_set_state") 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") d109a7767273 ("mptcp: fix possible NULL pointer dereference on close") 8005184fd1ca ("mptcp: refactor sndbuf auto-tuning") a5efdbcece83 ("mptcp: fix delegated action races") 27e5ccc2d5a5 ("mptcp: fix dangling connection hang-up") f6909dc1c1f4 ("mptcp: rename timer related helper to less confusing names") 9f1a98813b4b ("mptcp: process pending subflow error on close") d5fbeff1ab81 ("mptcp: move __mptcp_error_report in protocol.c") e3b2870b6d22 ("mptcp: add a new sysctl scheduler") ebc1e08f01eb ("mptcp: drop last_snd and MPTCP_RESET_SCHEDULER") e263691773cd ("mptcp: Remove unnecessary test for __mptcp_init_sock()") 39880bd808ad ("mptcp: get rid of msk->subflow") 3f326a821b99 ("mptcp: change the mpc check helper to return a sk") 3aa362494170 ("mptcp: avoid ssock usage in mptcp_pm_nl_create_listen_socket()") f0bc514bd5c1 ("mptcp: avoid additional indirection in sockopt") 40f56d0c7043 ("mptcp: avoid additional indirection in mptcp_listen()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4a0fa47e816e186f6b4c0055d07eeec42d11871 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 8 Feb 2024 19:03:52 +0100 Subject: [PATCH] mptcp: corner case locking for rx path fields initialization Most MPTCP-level related fields are under the mptcp data lock protection, but are written one-off without such lock at MPC complete time, both for the client and the server Leverage the mptcp_propagate_state() infrastructure to move such initialization under the proper lock client-wise. The server side critical init steps are done by mptcp_subflow_fully_established(): ensure the caller properly held the relevant lock, and avoid acquiring the same lock in the nested scopes. There are no real potential races, as write access to such fields is implicitly serialized by the MPTCP state machine; the primary goal is consistency. Fixes: d22f4988ffec ("mptcp: process MP_CAPABLE data option") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index 74698582a285..ad28da655f8b 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -59,13 +59,12 @@ void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subf mptcp_data_unlock(sk); } -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { struct sock *sk = (struct sock *)msk; struct sk_buff *skb; - mptcp_data_lock(sk); skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); @@ -77,5 +76,4 @@ void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_ } pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); - mptcp_data_unlock(sk); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index d2527d189a79..e3e96a49f922 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -962,9 +962,7 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, /* subflows are fully established as soon as we get any * additional ack, including ADD_ADDR. */ - subflow->fully_established = 1; - WRITE_ONCE(msk->fully_established, true); - goto check_notify; + goto set_fully_established; } /* If the first established packet does not contain MP_CAPABLE + data @@ -986,7 +984,10 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, set_fully_established: if (unlikely(!READ_ONCE(msk->pm.server_side))) pr_warn_once("bogus mpc option on established client sk"); - mptcp_subflow_fully_established(subflow, mp_opt); + + mptcp_data_lock((struct sock *)msk); + __mptcp_subflow_fully_established(msk, subflow, mp_opt); + mptcp_data_unlock((struct sock *)msk); check_notify: /* if the subflow is not already linked into the conn_list, we can't diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8cb6a873dae9..8ef2927ebca2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3186,6 +3186,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); + struct mptcp_subflow_context *subflow; struct mptcp_sock *msk; if (!nsk) @@ -3226,7 +3227,8 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, /* The msk maintain a ref to each subflow in the connections list */ WRITE_ONCE(msk->first, ssk); - list_add(&mptcp_subflow_ctx(ssk)->node, &msk->conn_list); + subflow = mptcp_subflow_ctx(ssk); + list_add(&subflow->node, &msk->conn_list); sock_hold(ssk); /* new mpc subflow takes ownership of the newly @@ -3241,6 +3243,9 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_propagate_sndbuf(nsk, ssk); mptcp_rcv_space_init(msk, ssk); + + if (mp_opt->suboptions & OPTION_MPTCP_MPC_ACK) + __mptcp_subflow_fully_established(msk, subflow, mp_opt); bh_unlock_sock(nsk); /* note: the newly allocated socket refcount is 2 now */ @@ -3478,8 +3483,6 @@ void mptcp_finish_connect(struct sock *ssk) * accessing the field below */ WRITE_ONCE(msk->local_key, subflow->local_key); - WRITE_ONCE(msk->snd_una, subflow->idsn + 1); - WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); mptcp_pm_new_connection(msk, ssk, 0); } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 9f5ee82e3473..fefcbf585411 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -622,8 +622,9 @@ unsigned int mptcp_stale_loss_cnt(const struct net *net); unsigned int mptcp_close_timeout(const struct sock *sk); int mptcp_get_pm_type(const struct net *net); const char *mptcp_get_scheduler(const struct net *net); -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); bool __mptcp_retransmit_pending_data(struct sock *sk); void mptcp_check_and_set_pending(struct sock *sk); void __mptcp_push_pending(struct sock *sk, unsigned int flags); @@ -952,8 +953,8 @@ void mptcp_event_pm_listener(const struct sock *ssk, enum mptcp_event_type event); bool mptcp_userspace_pm_active(const struct mptcp_sock *msk); -void mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt); +void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt); void mptcp_fastopen_subflow_synack_set_params(struct mptcp_subflow_context *subflow, struct request_sock *req); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c2df34ebcf28..c34ecadee120 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -441,20 +441,6 @@ void __mptcp_sync_state(struct sock *sk, int state) } } -static void mptcp_propagate_state(struct sock *sk, struct sock *ssk) -{ - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_data_lock(sk); - if (!sock_owned_by_user(sk)) { - __mptcp_sync_state(sk, ssk->sk_state); - } else { - msk->pending_state = ssk->sk_state; - __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); - } - mptcp_data_unlock(sk); -} - static void subflow_set_remote_key(struct mptcp_sock *msk, struct mptcp_subflow_context *subflow, const struct mptcp_options_received *mp_opt) @@ -476,6 +462,31 @@ static void subflow_set_remote_key(struct mptcp_sock *msk, atomic64_set(&msk->rcv_wnd_sent, subflow->iasn); } +static void mptcp_propagate_state(struct sock *sk, struct sock *ssk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) +{ + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_data_lock(sk); + if (mp_opt) { + /* Options are available only in the non fallback cases + * avoid updating rx path fields otherwise + */ + WRITE_ONCE(msk->snd_una, subflow->idsn + 1); + WRITE_ONCE(msk->wnd_end, subflow->idsn + 1 + tcp_sk(ssk)->snd_wnd); + subflow_set_remote_key(msk, subflow, mp_opt); + } + + if (!sock_owned_by_user(sk)) { + __mptcp_sync_state(sk, ssk->sk_state); + } else { + msk->pending_state = ssk->sk_state; + __set_bit(MPTCP_SYNC_STATE, &msk->cb_flags); + } + mptcp_data_unlock(sk); +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -510,10 +521,9 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.deny_join_id0) WRITE_ONCE(msk->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; - subflow_set_remote_key(msk, subflow, &mp_opt); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVEACK); mptcp_finish_connect(sk); - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, &mp_opt); } else if (subflow->request_join) { u8 hmac[SHA256_DIGEST_SIZE]; @@ -556,7 +566,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) } } else if (mptcp_check_fallback(sk)) { fallback: - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } return; @@ -741,17 +751,16 @@ void mptcp_subflow_drop_ctx(struct sock *ssk) kfree_rcu(ctx, rcu); } -void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, - const struct mptcp_options_received *mp_opt) +void __mptcp_subflow_fully_established(struct mptcp_sock *msk, + struct mptcp_subflow_context *subflow, + const struct mptcp_options_received *mp_opt) { - struct mptcp_sock *msk = mptcp_sk(subflow->conn); - subflow_set_remote_key(msk, subflow, mp_opt); subflow->fully_established = 1; WRITE_ONCE(msk->fully_established, true); if (subflow->is_mptfo) - mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); + __mptcp_fastopen_gen_msk_ackseq(msk, subflow, mp_opt); } static struct sock *subflow_syn_recv_sock(const struct sock *sk, @@ -844,7 +853,6 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, * mpc option */ if (mp_opt.suboptions & OPTION_MPTCP_MPC_ACK) { - mptcp_subflow_fully_established(ctx, &mp_opt); mptcp_pm_fully_established(owner, child); ctx->pm_notified = 1; } @@ -1756,7 +1764,7 @@ static void subflow_state_change(struct sock *sk) mptcp_do_fallback(sk); pr_fallback(msk); subflow->conn_finished = 1; - mptcp_propagate_state(parent, sk); + mptcp_propagate_state(parent, sk, subflow, NULL); } /* as recvmsg() does not acquire the subflow socket for ssk selection

1 year, 8 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror