- Linux-stable-mirror - lists.linaro.org

[tip: x86/platform] x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the x86/platform branch of tip: Commit-ID: 2a565258b3f4bbdc7a3c09cd02082cb286a7bffc Gitweb: https://git.kernel.org/tip/2a565258b3f4bbdc7a3c09cd02082cb286a7bffc Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Thu, 03 Aug 2023 10:04:30 -05:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Tue, 03 Oct 2023 11:25:01 +02:00 x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs Three PCI IDs for DF Function 4 were defined but not used. Add them to the "link" list. Fixes: f8faf3496633 ("x86/amd_nb: Add AMD PCI IDs for SMN communication") Fixes: 23a5b8bb022c ("x86/amd_nb: Add PCI ID for family 19h model 78h") Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20230803150430.3542854-1-yazen.ghannam@amd.com --- arch/x86/kernel/amd_nb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c index 10c2a3c..43238ac 100644 --- a/arch/x86/kernel/amd_nb.c +++ b/arch/x86/kernel/amd_nb.c @@ -116,6 +116,9 @@ static const struct pci_device_id amd_nb_link_ids[] = { { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_M10H_DF_F4) }, { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_M40H_DF_F4) }, { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_M50H_DF_F4) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_M60H_DF_F4) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_M70H_DF_F4) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_M78H_DF_F4) }, { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F4) }, { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_1AH_M00H_DF_F4) }, { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_MI200_DF_F4) },

2 years

1
0
0 0

[PATCH v2 2/2] arm64: dts: mt7986: fix emmc hs400 mode without uboot initialization

by Frank Wunderlich

From: Eric Woudstra <ericwouds(a)gmail.com> Eric reports errors on emmc with hs400 mode when booting linux on bpi-r3 without uboot [1]. Booting with uboot does not show this because clocks seem to be initialized by uboot. Fix this by adding assigned-clocks and assigned-clock-parents like it's done in uboot [2]. [1] https://forum.banana-pi.org/t/bpi-r3-kernel-fails-setting-emmc-clock-to-416… [2] https://github.com/u-boot/u-boot/blob/master/arch/arm/dts/mt7986.dtsi#L287 Cc: stable(a)vger.kernel.org Fixes: 513b49d19b34 ("arm64: dts: mt7986: add mmc related device nodes") Signed-off-by: Eric Woudstra <ericwouds(a)gmail.com> Signed-off-by: Frank Wunderlich <frank-w(a)public-files.de> --- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/boot/dts/mediatek/mt7986a.dtsi b/arch/arm64/boot/dts/mediatek/mt7986a.dtsi index 68539ea788df..207510abda89 100644 --- a/arch/arm64/boot/dts/mediatek/mt7986a.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt7986a.dtsi @@ -374,6 +374,10 @@ mmc0: mmc@11230000 { reg = <0 0x11230000 0 0x1000>, <0 0x11c20000 0 0x1000>; interrupts = <GIC_SPI 143 IRQ_TYPE_LEVEL_HIGH>; + assigned-clocks = <&topckgen CLK_TOP_EMMC_416M_SEL>, + <&topckgen CLK_TOP_EMMC_250M_SEL>; + assigned-clock-parents = <&apmixedsys CLK_APMIXED_MPLL>, + <&topckgen CLK_TOP_NET1PLL_D5_D2>; clocks = <&topckgen CLK_TOP_EMMC_416M_SEL>, <&infracfg CLK_INFRA_MSDC_HCK_CK>, <&infracfg CLK_INFRA_MSDC_CK>, -- 2.34.1

2 years

3
2
0 0

[PULL 01/24] optionrom: Remove build-id section

by Paolo Bonzini

From: Fabiano Rosas <farosas(a)suse.de> Our linker script for optionroms specifies only the placement of the .text section, leaving the linker free to place the remaining sections at arbitrary places in the file. Since at least binutils 2.39, the .note.gnu.build-id section is now being placed at the start of the file, which causes label addresses to be shifted. For linuxboot_dma.bin that means that the PnP header (among others) will not be found when determining the type of ROM at optionrom_setup(): (0x1c is the label _pnph, where the magic "PnP" is) $ xxd /usr/share/qemu/linuxboot_dma.bin | grep "PnP" 00000010: 0000 0000 0000 0000 0000 1c00 2450 6e50 ............$PnP $ xxd pc-bios/optionrom/linuxboot_dma.bin | grep "PnP" 00000010: 0000 0000 0000 0000 0000 4c00 2450 6e50 ............$PnP ^bad Using a freshly built linuxboot_dma.bin ROM results in a broken boot: SeaBIOS (version rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org) Booting from Hard Disk... Boot failed: could not read the boot disk Booting from Floppy... Boot failed: could not read the boot disk No bootable device. We're not using the build-id section, so pass the --build-id=none option to the linker to remove it entirely. Note: In theory, this same issue could happen with any other section. The ideal solution would be to have all unused sections discarded in the linker script. However that would be a larger change, specially for the pvh rom which uses the .bss and COMMON sections so I'm addressing only the immediate issue here. Reported-by: Vasiliy Ulyanov <vulyanov(a)suse.de> Signed-off-by: Fabiano Rosas <farosas(a)suse.de> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Message-ID: <20230926192502.15986-1-farosas(a)suse.de> Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- pc-bios/optionrom/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile index b1fff0ba6c8..30d07026c79 100644 --- a/pc-bios/optionrom/Makefile +++ b/pc-bios/optionrom/Makefile @@ -36,7 +36,7 @@ config-cc.mak: Makefile $(call cc-option,-Wno-array-bounds)) 3> config-cc.mak -include config-cc.mak -override LDFLAGS = -nostdlib -Wl,-T,$(SRC_DIR)/flat.lds +override LDFLAGS = -nostdlib -Wl,--build-id=none,-T,$(SRC_DIR)/flat.lds pvh.img: pvh.o pvh_main.o -- 2.41.0

2 years

1
0
0 0

Letter of Intent (LOI) (03-10-2023)

by Ahmad R Deeb

Attn: stable(a)vger.kernel.org Date: 03-10-2023 Subject: Letter of Intent (LOI) (03-10-2023) This is a Letter of Intent concerning my Board of investors intent to fund some of your available investment projects. If this is of any interest to you then kindly advise. Yours Faithfully, Ahmad R. Deeb Head of Investment Team

2 years

1
0
0 0

[PATCH v2 1/4] x86: KVM: SVM: always update the x2avic msr interception

by Maxim Levitsky

The following problem exists since x2avic was enabled in the KVM: svm_set_x2apic_msr_interception is called to enable the interception of the x2apic msrs. In particular it is called at the moment the guest resets its apic. Assuming that the guest's apic was in x2apic mode, the reset will bring it back to the xapic mode. The svm_set_x2apic_msr_interception however has an erroneous check for '!apic_x2apic_mode()' which prevents it from doing anything in this case. As a result of this, all x2apic msrs are left unintercepted, and that exposes the bare metal x2apic (if enabled) to the guest. Oops. Remove the erroneous '!apic_x2apic_mode()' check to fix that. This fixes CVE-2023-5090 Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode") Cc: stable(a)vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/kvm/svm/svm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9507df93f410a63..acdd0b89e4715a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -913,8 +913,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) if (intercept == svm->x2avic_msrs_intercepted) return; - if (!x2avic_enabled || - !apic_x2apic_mode(svm->vcpu.arch.apic)) + if (!x2avic_enabled) return; for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) { -- 2.26.3

2 years

3
2
0 0

[PATCH] rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects

by Joel Fernandes (Google)

From: Catalin Marinas <catalin.marinas(a)arm.com> Since the actual slab freeing is deferred when calling kvfree_rcu(), so is the kmemleak_free() callback informing kmemleak of the object deletion. From the perspective of the kvfree_rcu() caller, the object is freed and it may remove any references to it. Since kmemleak does not scan RCU internal data storing the pointer, it will report such objects as leaks during the grace period. Tell kmemleak to ignore such objects on the kvfree_call_rcu() path. Note that the tiny RCU implementation does not have such issue since the objects can be tracked from the rcu_ctrlblk structure. Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://lore.kernel.org/all/F903A825-F05F-4B77-A2B5-7356282FBA2C@apple.com/ Cc: <stable(a)vger.kernel.org> Tested-by: Christoph Paasch <cpaasch(a)apple.com> Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- kernel/rcu/tree.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index cb1caefa8bd0..24423877962c 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -31,6 +31,7 @@ #include <linux/bitops.h> #include <linux/export.h> #include <linux/completion.h> +#include <linux/kmemleak.h> #include <linux/moduleparam.h> #include <linux/panic.h> #include <linux/panic_notifier.h> @@ -3388,6 +3389,14 @@ void kvfree_call_rcu(struct rcu_head *head, void *ptr) success = true; } + /* + * The kvfree_rcu() caller considers the pointer freed at this point + * and likely removes any references to it. Since the actual slab + * freeing (and kmemleak_free()) is deferred, tell kmemleak to ignore + * this object (no scanning or false positives reporting). + */ + kmemleak_ignore(ptr); + // Set timer to drain after KFREE_DRAIN_JIFFIES. if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING) schedule_delayed_monitor_work(krcp); -- 2.42.0.582.g8ccd20d70d-goog

2 years

2
1
0 0

Re: [PATCH] usb: dwc3: Soft reset phy on probe for host

by Da Xue

Hi Thinh, I can confirm your patch fixed the issue on RK3399 when I was running on Linux 6.1.54. I'm not on the ML for this so I'm sorry if this email causes any issue as I'm not sure how to reply to a thread from a ML I am not on. Best, Da

2 years

2
1
0 0

[PATCH v4] ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM

by Sven Frotscher

Like the Lenovo 82TL, 82V2, 82QF and 82UG, the 82YM (Yoga 7 14ARP8) requires an entry in the quirk list to enable the internal microphone. The latter two received similar fixes in commit 1263cc0f414d ("ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG"). Fixes: c008323fe361 ("ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ") Cc: stable(a)vger.kernel.org Signed-off-by: Sven Frotscher <sven.frotscher(a)gmail.com> --- v3->v4 changes: * re-add blank line between commit message title and body --- v2->v3 changes: * add message title of referenced commit to commit message * make whitespace consistent with surrounding code * use a patch-friendly e-mail client --- v1->v2 changes: * add Fixes and Cc tags to commit message * remove redundant LKML link from commit message * fix mangled diff --- sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index 94e9eb8e73f2..15a864dcd7bd 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -241,6 +241,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "82V2"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "82YM"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.42.0

2 years

4
14
0 0

[merged] i915-limit-the-length-of-an-sg-list-to-the-requested-length.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: i915: limit the length of an sg list to the requested length has been removed from the -mm tree. Its filename was i915-limit-the-length-of-an-sg-list-to-the-requested-length.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: i915: limit the length of an sg list to the requested length Date: Tue, 19 Sep 2023 20:48:55 +0100 The folio conversion changed the behaviour of shmem_sg_alloc_table() to put the entire length of the last folio into the sg list, even if the sg list should have been shorter. gen8_ggtt_insert_entries() relied on the list being the right length and would overrun the end of the page tables. Other functions may also have been affected. Clamp the length of the last entry in the sg list to be the expected length. Link: https://lkml.kernel.org/r/20230919194855.347582-1-willy@infradead.org Link: https://gitlab.freedesktop.org/drm/intel/-/issues/9256 Fixes: 0b62af28f249 ("i915: convert shmem_sg_free_table() to use a folio_batch") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: Oleksandr Natalenko <oleksandr(a)natalenko.name> Closes: https://lore.kernel.org/lkml/6287208.lOV4Wx5bFT@natalenko.name/ Tested-by: Oleksandr Natalenko <oleksandr(a)natalenko.name> Reviewed-by: Andrzej Hajda <andrzej.hajda(a)intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> [6.5.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c~i915-limit-the-length-of-an-sg-list-to-the-requested-length +++ a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c @@ -100,6 +100,7 @@ int shmem_sg_alloc_table(struct drm_i915 st->nents = 0; for (i = 0; i < page_count; i++) { struct folio *folio; + unsigned long nr_pages; const unsigned int shrink[] = { I915_SHRINK_BOUND | I915_SHRINK_UNBOUND, 0, @@ -150,6 +151,8 @@ int shmem_sg_alloc_table(struct drm_i915 } } while (1); + nr_pages = min_t(unsigned long, + folio_nr_pages(folio), page_count - i); if (!i || sg->length >= max_segment || folio_pfn(folio) != next_pfn) { @@ -157,13 +160,13 @@ int shmem_sg_alloc_table(struct drm_i915 sg = sg_next(sg); st->nents++; - sg_set_folio(sg, folio, folio_size(folio), 0); + sg_set_folio(sg, folio, nr_pages * PAGE_SIZE, 0); } else { /* XXX: could overflow? */ - sg->length += folio_size(folio); + sg->length += nr_pages * PAGE_SIZE; } - next_pfn = folio_pfn(folio) + folio_nr_pages(folio); - i += folio_nr_pages(folio) - 1; + next_pfn = folio_pfn(folio) + nr_pages; + i += nr_pages - 1; /* Check that the i965g/gm workaround works. */ GEM_BUG_ON(gfp & __GFP_DMA32 && next_pfn >= 0x00100000UL); _ Patches currently in -mm which might be from willy(a)infradead.org are mm-convert-dax-lock-unlock-page-to-lock-unlock-folio.patch buffer-pass-gfp-flags-to-folio_alloc_buffers.patch buffer-hoist-gfp-flags-from-grow_dev_page-to-__getblk_gfp.patch buffer-hoist-gfp-flags-from-grow_dev_page-to-__getblk_gfp-fix.patch ext4-use-bdev_getblk-to-avoid-memory-reclaim-in-readahead-path.patch buffer-use-bdev_getblk-to-avoid-memory-reclaim-in-readahead-path.patch buffer-convert-getblk_unmovable-and-__getblk-to-use-bdev_getblk.patch buffer-convert-sb_getblk-to-call-__getblk.patch ext4-call-bdev_getblk-from-sb_getblk_gfp.patch buffer-remove-__getblk_gfp.patch hugetlb-use-a-folio-in-free_hpage_workfn.patch hugetlb-remove-a-few-calls-to-page_folio.patch hugetlb-convert-remove_pool_huge_page-to-remove_pool_hugetlb_folio.patch mm-make-lock_folio_maybe_drop_mmap-vma-lock-aware.patch mm-call-wp_page_copy-under-the-vma-lock.patch mm-handle-shared-faults-under-the-vma-lock.patch mm-handle-cow-faults-under-the-vma-lock.patch mm-handle-read-faults-under-the-vma-lock.patch mm-handle-write-faults-to-ro-pages-under-the-vma-lock.patch

2 years

1
0
0 0

[PATCH v2] can: sja1000: Always restart the Tx queue after an overrun

by Miquel Raynal

Upstream commit 717c6ec241b5 ("can: sja1000: Prevent overrun stalls with a soft reset on Renesas SoCs") fixes an issue with Renesas own SJA1000 CAN controller reception: the Rx buffer is only 5 messages long, so when the bus loaded (eg. a message every 50us), overrun may easily happen. Upon an overrun situation, due to a possible internal crosstalk situation, the controller enters a frozen state which only can be unlocked with a soft reset (experimentally). The solution was to offload a call to sja1000_start() in a threaded handler. This needs to happen in process context as this operation requires to sleep. sja1000_start() basically enters "reset mode", performs a proper software reset and returns back into "normal mode". Since this fix was introduced, we no longer observe any stalls in reception. However it was sporadically observed that the transmit path would now freeze. Further investigation blamed the fix mentioned above, and especially the reset operation. Reproducing the reset in a loop helped identifying what could possibly go wrong. The sja1000 is a single Tx queue device, which leverages the netdev helpers to process one Tx message at a time. The logic is: the queue is stopped, the message sent to the transceiver, once properly transmitted the controller sets a status bit which triggers an interrupt, in the interrupt handler the transmission status is checked and the queue woken up. Unfortunately, if an overrun happens, we might perform the soft reset precisely between the transmission of the buffer to the transceiver and the advent of the transmission status bit. We would then stop the transmission operation without re-enabling the queue, leading to all further transmissions to be ignored. The reset interrupt can only happen while the device is "open", and after a reset we anyway want to resume normal operations, no matter if a packet to transmit got dropped in the process, so we shall wake up the queue. Restarting the device and waking-up the queue is exactly what sja1000_set_mode(CAN_MODE_START) does. In order to be consistent about the queue state, we must acquire a lock both in the reset handler and in the transmit path to ensure serialization of both operations. As the reset handler might still be called after the transmission of a frame to the transceiver but before it actually gets transmitted, we must ensure we don't leak the skb, so we free it (the behavior is consistent, no matter if there was an skb on the stack or not). Fixes: 717c6ec241b5 ("can: sja1000: Prevent overrun stalls with a soft reset on Renesas SoCs") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Changes in v2: * As Marc sugested, use netif_tx_{,un}lock() instead of our own spin_lock. drivers/net/can/sja1000/sja1000.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c index ae47fc72aa96..91e3fb3eed20 100644 --- a/drivers/net/can/sja1000/sja1000.c +++ b/drivers/net/can/sja1000/sja1000.c @@ -297,6 +297,7 @@ static netdev_tx_t sja1000_start_xmit(struct sk_buff *skb, if (can_dropped_invalid_skb(dev, skb)) return NETDEV_TX_OK; + netif_tx_lock(dev); netif_stop_queue(dev); fi = dlc = cf->can_dlc; @@ -335,6 +336,8 @@ static netdev_tx_t sja1000_start_xmit(struct sk_buff *skb, sja1000_write_cmdreg(priv, cmd_reg_val); + netif_tx_unlock(dev); + return NETDEV_TX_OK; } @@ -396,7 +399,13 @@ static irqreturn_t sja1000_reset_interrupt(int irq, void *dev_id) struct net_device *dev = (struct net_device *)dev_id; netdev_dbg(dev, "performing a soft reset upon overrun\n"); - sja1000_start(dev); + + netif_tx_lock(dev); + + can_free_echo_skb(dev, 0); + sja1000_set_mode(dev, CAN_MODE_START); + + netif_tx_unlock(dev); return IRQ_HANDLED; } -- 2.34.1

2 years

2
2
0 0

patch "usb: hub: Guard against accesses to uninitialized BOS descriptors" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: hub: Guard against accesses to uninitialized BOS descriptors to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From f74a7afc224acd5e922c7a2e52244d891bbe44ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Ca=C3=B1uelo?= <ricardo.canuelo(a)collabora.com> Date: Wed, 30 Aug 2023 12:04:18 +0200 Subject: usb: hub: Guard against accesses to uninitialized BOS descriptors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If usb_get_bos_descriptor() fails for whatever reason, udev->bos will be NULL and those accesses will result in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000018 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1> Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021 Workqueue: usb_hub_wq hub_event RIP: 0010:hub_port_reset+0x193/0x788 Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9 RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310 RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840 RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0 Call Trace: hub_event+0x73f/0x156e ? hub_activate+0x5b7/0x68f process_one_work+0x1a2/0x487 worker_thread+0x11a/0x288 kthread+0x13a/0x152 ? process_one_work+0x487/0x487 ? kthread_associate_blkcg+0x70/0x70 ret_from_fork+0x1f/0x30 Fall back to a default behavior if the BOS descriptor isn't accessible and skip all the functionalities that depend on it: LPM support checks, Super Speed capabilitiy checks, U1/U2 states setup. Signed-off-by: Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20230830100418.1952143-1-ricardo.canuelo@collabor… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hub.c | 25 ++++++++++++++++++++++--- drivers/usb/core/hub.h | 2 +- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 3c54b218301c..0ff47eeffb49 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -151,6 +151,10 @@ int usb_device_supports_lpm(struct usb_device *udev) if (udev->quirks & USB_QUIRK_NO_LPM) return 0; + /* Skip if the device BOS descriptor couldn't be read */ + if (!udev->bos) + return 0; + /* USB 2.1 (and greater) devices indicate LPM support through * their USB 2.0 Extended Capabilities BOS descriptor. */ @@ -327,6 +331,10 @@ static void usb_set_lpm_parameters(struct usb_device *udev) if (!udev->lpm_capable || udev->speed < USB_SPEED_SUPER) return; + /* Skip if the device BOS descriptor couldn't be read */ + if (!udev->bos) + return; + hub = usb_hub_to_struct_hub(udev->parent); /* It doesn't take time to transition the roothub into U0, since it * doesn't have an upstream link. @@ -2704,13 +2712,17 @@ int usb_authorize_device(struct usb_device *usb_dev) static enum usb_ssp_rate get_port_ssp_rate(struct usb_device *hdev, u32 ext_portstatus) { - struct usb_ssp_cap_descriptor *ssp_cap = hdev->bos->ssp_cap; + struct usb_ssp_cap_descriptor *ssp_cap; u32 attr; u8 speed_id; u8 ssac; u8 lanes; int i; + if (!hdev->bos) + goto out; + + ssp_cap = hdev->bos->ssp_cap; if (!ssp_cap) goto out; @@ -4215,8 +4227,15 @@ static void usb_enable_link_state(struct usb_hcd *hcd, struct usb_device *udev, enum usb3_link_state state) { int timeout; - __u8 u1_mel = udev->bos->ss_cap->bU1devExitLat; - __le16 u2_mel = udev->bos->ss_cap->bU2DevExitLat; + __u8 u1_mel; + __le16 u2_mel; + + /* Skip if the device BOS descriptor couldn't be read */ + if (!udev->bos) + return; + + u1_mel = udev->bos->ss_cap->bU1devExitLat; + u2_mel = udev->bos->ss_cap->bU2DevExitLat; /* If the device says it doesn't have *any* exit latency to come out of * U1 or U2, it's probably lying. Assume it doesn't implement that link diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h index 37897afd1b64..d44dd7f6623e 100644 --- a/drivers/usb/core/hub.h +++ b/drivers/usb/core/hub.h @@ -153,7 +153,7 @@ static inline int hub_is_superspeedplus(struct usb_device *hdev) { return (hdev->descriptor.bDeviceProtocol == USB_HUB_PR_SS && le16_to_cpu(hdev->descriptor.bcdUSB) >= 0x0310 && - hdev->bos->ssp_cap); + hdev->bos && hdev->bos->ssp_cap); } static inline unsigned hub_power_on_good_delay(struct usb_hub *hub) -- 2.42.0

2 years

1
0
0 0

[PATCH v3 0/7] selftests/resctrl: Fixes to failing tests

by Ilpo Järvinen

Fix four issues with resctrl selftests. The signal handling fix became necessary after the mount/umount fixes and the uninitialized member bug was discovered during the review. The other two came up when I ran resctrl selftests across the server fleet in our lab to validate the upcoming CAT test rewrite (the rewrite is not part of this series). These are developed and should apply cleanly at least on top the benchmark cleanup series (might apply cleanly also w/o the benchmark series, I didn't test). v3: - Add fix to uninitialized sa_flags - Handle ksft_exit_fail_msg() in per test functions - Make signal handler register fails to also exit - Improve changelogs v2: - Include patch to move _GNU_SOURCE to Makefile to allow normal #include placement - Rework the signal register/unregister into patch to use helpers - Fixed incorrect function parameter description - Use return !!res to avoid confusing implicit boolean conversion - Improve MBA/MBM success bound patch's changelog - Tweak Cc: stable dependencies (make it a chain). Ilpo Järvinen (7): selftests/resctrl: Fix uninitialized .sa_flags selftests/resctrl: Extend signal handler coverage to unmount on receiving signal selftests/resctrl: Remove duplicate feature check from CMT test selftests/resctrl: Move _GNU_SOURCE define into Makefile selftests/resctrl: Refactor feature check to use resource and feature name selftests/resctrl: Fix feature checks selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests tools/testing/selftests/resctrl/Makefile | 2 +- tools/testing/selftests/resctrl/cat_test.c | 8 -- tools/testing/selftests/resctrl/cmt_test.c | 3 - tools/testing/selftests/resctrl/mba_test.c | 2 +- tools/testing/selftests/resctrl/mbm_test.c | 2 +- tools/testing/selftests/resctrl/resctrl.h | 7 +- .../testing/selftests/resctrl/resctrl_tests.c | 82 ++++++++++++------- tools/testing/selftests/resctrl/resctrl_val.c | 24 +++--- tools/testing/selftests/resctrl/resctrlfs.c | 69 ++++++---------- 9 files changed, 96 insertions(+), 103 deletions(-) -- 2.30.2

2 years

2
10
0 0

[PATCH v3 1/3] mmap: Fix vma_iterator in error path of vma_merge()

by Liam R. Howlett

During the error path, the vma iterator may not be correctly positioned or set to the correct range. Undo the vma_prev() call by resetting to the passed in address. Re-walking to the same range will fix the range to the area previously passed in. Users would notice increased cycles as vma_merge() would be called an extra time with vma == prev, and thus would fail to merge and return. Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.") Cc: stable(a)vger.kernel.org Cc: Jann Horn <jannh(a)google.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> --- mm/mmap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index b56a7f0c9f85..acb7dea49e23 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -975,7 +975,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, /* Error in anon_vma clone. */ if (err) - return NULL; + goto anon_vma_fail; if (vma_start < vma->vm_start || vma_end > vma->vm_end) vma_expanded = true; @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, } if (vma_iter_prealloc(vmi, vma)) - return NULL; + goto prealloc_fail; init_multi_vma_prep(&vp, vma, adjust, remove, remove2); VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, vma_complete(&vp, vmi, mm); khugepaged_enter_vma(res, vm_flags); return res; + +prealloc_fail: +anon_vma_fail: + vma_iter_set(vmi, addr); + vma_iter_load(vmi); + return NULL; } /* -- 2.40.1

2 years

3
2
0 0

[PATCH 0/2] [4.19, 4.14] watchdog: iTCO: Backport of handle_boot_enabled=0 fix

by Jan Kiszka

This suggests a commit (and a follow-up fix for it) from 5.16+ for stable because it fixes the usage of watchdog.handle_boot_enabled=0 for iTCO, closing a monitoring gap in OTA update scenarios. These patches are applicable to and have been tested with 4.19, 4.14 stable heads. The second patch required rebasing, the first one applied as-is from upstream. Jan Cc: Malin Jonsson <malin.jonsson(a)ericsson.com> Mika Westerberg (2): watchdog: iTCO_wdt: No need to stop the timer in probe watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running drivers/watchdog/iTCO_wdt.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) -- 2.35.3

2 years

1
2
0 0

[PATCH net v5 1/3] net: replace calls to sock->ops->connect() with kernel_connect()

by Jordan Rife

commit 0bdf399342c5 ("net: Avoid address overwrite in kernel_connect") ensured that kernel_connect() will not overwrite the address parameter in cases where BPF connect hooks perform an address rewrite. This change replaces direct calls to sock->ops->connect() in net with kernel_connect() to make these call safe. Link: https://lore.kernel.org/netdev/20230912013332.2048422-1-jrife@google.com/ Fixes: d74bad4e74ee ("bpf: Hooks for sys_connect") Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: Jordan Rife <jrife(a)google.com> --- v4->v5: Remove non-net changes. v3->v4: Remove precondition check for addrlen. v2->v3: Add "Fixes" tag. Check for positivity in addrlen sanity check. v1->v2: Split up original patch into patch series. Insulate calls with kernel_connect() instead of pushing address copy deeper into sock->ops->connect(). net/netfilter/ipvs/ip_vs_sync.c | 4 ++-- net/rds/tcp_connect.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index da5af28ff57b5..6e4ed1e11a3b7 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -1505,8 +1505,8 @@ static int make_send_sock(struct netns_ipvs *ipvs, int id, } get_mcast_sockaddr(&mcast_addr, &salen, &ipvs->mcfg, id); - result = sock->ops->connect(sock, (struct sockaddr *) &mcast_addr, - salen, 0); + result = kernel_connect(sock, (struct sockaddr *)&mcast_addr, + salen, 0); if (result < 0) { pr_err("Error connecting to the multicast addr\n"); goto error; diff --git a/net/rds/tcp_connect.c b/net/rds/tcp_connect.c index f0c477c5d1db4..d788c6d28986f 100644 --- a/net/rds/tcp_connect.c +++ b/net/rds/tcp_connect.c @@ -173,7 +173,7 @@ int rds_tcp_conn_path_connect(struct rds_conn_path *cp) * own the socket */ rds_tcp_set_callbacks(sock, cp); - ret = sock->ops->connect(sock, addr, addrlen, O_NONBLOCK); + ret = kernel_connect(sock, addr, addrlen, O_NONBLOCK); rdsdebug("connect to address %pI6c returned %d\n", &conn->c_faddr, ret); if (ret == -EINPROGRESS) -- 2.42.0.515.g380fc7ccd1-goog

2 years

3
6
0 0

[Kernel 6.5] Important read()/write() performance regression

by Florent DELAHAYE

Hello guys, During the last few months, I felt a performance regression when using read() and write() on my high-speed Nvme SSD (about 7GB/s). To get more precise information about it I quickly developed benchmark tool basically running read() or write() in a loop to simulate a sequential file read or write. The tool also measures the real time consumed by the loop. Finally, the tool can call open() with or without O_DIRECT. I ran the tests on EXT4 and Exfat with following settings (buffer values have been set for best result): - Write settings: buffer 400mb * 100 - Read settings: buffer 200mb - Drop caches before non-direct read/write test With this hardware: - CPU AMD Ryzen 7600X - RAM DDR5 5200 32GB - SSD Kingston Fury Renegade 4TB with 4K LBA Here are some results I got with last upstream kernels (default config): +------------------+----------+------------------+------------------+-- ----------------+------------------+------------------+ | ~42GB | O_DIRECT | Linux 6.2.0 | Linux 6.3.0 | Linux 6.4.0 | Linux 6.5.0 | Linux 6.5.5 | +------------------+----------+------------------+------------------+-- ----------------+------------------+------------------+ | Ext4 (sector 4k) | | | | | | | | Read | no | 7.2s (5800MB/s) | 7.1s (5890MB/s) | 8.3s (5050MB/s) | 13.2s (3180MB/s) | 13.2s (3180MB/s) | | Write | no | 12.0s (3500MB/s) | 12.6s (3340MB/s) | 12.2s (3440MB/s) | 28.9s (1450MB/s) | 28.9s (1450MB/s) | | Read | yes | 6.0s (7000MB/s) | 6.0s (7020MB/s) | 5.9s (7170MB/s) | 5.9s (7100MB/s) | 5.9s (7100MB/s) | | Write | yes | 6.7s (6220MB/s) | 6.7s (6290MB/s) | 6.9s (6080MB/s) | 6.9s (6080MB/s) | 6.9s (6970MB/s) | | Exfat (sector ?) | | | | | | | | Read | no | 7.3s (5770MB/s) | 7.2s (5830MB/s) | 9s (4620MB/s) | 13.3s (3150MB/s) | 13.2s (3180MB/s) | | Write | no | 8.3s (5040MB/s) | 8.9s (4750MB/s) | 8.3s (5040MB/s) | 18.3s (2290MB/s) | 18.5s (2260MB/s) | | Read | yes | 6.2s (6760MB/s) | 6.1s (6870MB/s) | 6.0s (6980MB/s) | 6.5s (6440MB/s) | 6.6s (6320MB/s) | | Write | yes | 16.1s (2610MB/s) | 16.0s (2620MB/s) | 18.7s (2240MB/s) | 34.1s (1230MB/s) | 34.5s (1220MB/s) | +------------------+----------+------------------+------------------+-- ----------------+------------------+------------------+ Please note that I rounded some values to clarify readiness. Small variations can be considered as margin error. Ext4 results: cached reads/writes time have increased of almost 100% from 6.2.0 to 6.5.0 with a first increase with 6.4.0. Direct access times have stayed similar though. Exfat results: performance decrease too with and without direct access this time. I realize there are thousands of commits between, plus the issue can come from multiple kernel parts such as the page cache, the file system implementation (especially for Exfat), the IO engine, a driver, etc. The results also showed that there is not only a specific version impacted. Anyway, at the end the performance have highly decreased. If you want to verify my benchmark tool source code, please ask. PS: sending again as only text body is accepted Regards Florent DELAHAYE

2 years

2
2
0 0

I NEEDS YOUR URGENT RESPONSE

by Dr. Thomsom Jack.

Hi, I have a good news for you.Please contact me for more details. Sorry if you received this letter in your spam, Due to recent connection error here in my country.a Looking forward for your immediate response to me through my private e-mail id: (jackthomsom7(a)gmail.com) Best Regards, Regards, Dr. Thomsom Jack. My Telephone number +226-67 -44 - 42- 36

2 years

1
0
0 0

Re: [for-linus][PATCH 3/4] tracing/user_events: Align set_bit() address for all archs

by Steven Rostedt

[ Replying to show this patch that got dropped from the mailing list ] On Sat, 30 Sep 2023 16:32:16 -0400 Steven Rostedt <rostedt(a)goodmis.org> wrote: > From: Beau Belgrave <beaub(a)linux.microsoft.com> > > All architectures should use a long aligned address passed to set_bit(). > User processes can pass either a 32-bit or 64-bit sized value to be > updated when tracing is enabled when on a 64-bit kernel. Both cases are > ensured to be naturally aligned, however, that is not enough. The > address must be long aligned without affecting checks on the value > within the user process which require different adjustments for the bit > for little and big endian CPUs. > > Add a compat flag to user_event_enabler that indicates when a 32-bit > value is being used on a 64-bit kernel. Long align addresses and correct > the bit to be used by set_bit() to account for this alignment. Ensure > compat flags are copied during forks and used during deletion clears. > > Link: https://lore.kernel.org/linux-trace-kernel/20230925230829.341-2-beaub@linux… > Link: https://lore.kernel.org/linux-trace-kernel/20230914131102.179100-1-cleger@r… > > Cc: stable(a)vger.kernel.org > Fixes: 7235759084a4 ("tracing/user_events: Use remote writes for event enablement") > Reported-by: Clément Léger <cleger(a)rivosinc.com> > Suggested-by: Clément Léger <cleger(a)rivosinc.com> > Signed-off-by: Beau Belgrave <beaub(a)linux.microsoft.com> > Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> > --- > kernel/trace/trace_events_user.c | 58 ++++++++++++++++++++++++++++---- > 1 file changed, 51 insertions(+), 7 deletions(-) > > diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c > index 6f046650e527..b87f41187c6a 100644 > --- a/kernel/trace/trace_events_user.c > +++ b/kernel/trace/trace_events_user.c > @@ -127,8 +127,13 @@ struct user_event_enabler { > /* Bit 7 is for freeing status of enablement */ > #define ENABLE_VAL_FREEING_BIT 7 > > -/* Only duplicate the bit value */ > -#define ENABLE_VAL_DUP_MASK ENABLE_VAL_BIT_MASK > +/* Bit 8 is for marking 32-bit on 64-bit */ > +#define ENABLE_VAL_32_ON_64_BIT 8 > + > +#define ENABLE_VAL_COMPAT_MASK (1 << ENABLE_VAL_32_ON_64_BIT) > + > +/* Only duplicate the bit and compat values */ > +#define ENABLE_VAL_DUP_MASK (ENABLE_VAL_BIT_MASK | ENABLE_VAL_COMPAT_MASK) > > #define ENABLE_BITOPS(e) (&(e)->values) > > @@ -174,6 +179,30 @@ struct user_event_validator { > int flags; > }; > > +static inline void align_addr_bit(unsigned long *addr, int *bit, > + unsigned long *flags) > +{ > + if (IS_ALIGNED(*addr, sizeof(long))) { > +#ifdef __BIG_ENDIAN > + /* 32 bit on BE 64 bit requires a 32 bit offset when aligned. */ > + if (test_bit(ENABLE_VAL_32_ON_64_BIT, flags)) > + *bit += 32; > +#endif > + return; > + } > + > + *addr = ALIGN_DOWN(*addr, sizeof(long)); > + > + /* > + * We only support 32 and 64 bit values. The only time we need > + * to align is a 32 bit value on a 64 bit kernel, which on LE > + * is always 32 bits, and on BE requires no change when unaligned. > + */ > +#ifdef __LITTLE_ENDIAN > + *bit += 32; > +#endif > +} > + > typedef void (*user_event_func_t) (struct user_event *user, struct iov_iter *i, > void *tpdata, bool *faulted); > > @@ -482,6 +511,7 @@ static int user_event_enabler_write(struct user_event_mm *mm, > unsigned long *ptr; > struct page *page; > void *kaddr; > + int bit = ENABLE_BIT(enabler); > int ret; > > lockdep_assert_held(&event_mutex); > @@ -497,6 +527,8 @@ static int user_event_enabler_write(struct user_event_mm *mm, > test_bit(ENABLE_VAL_FREEING_BIT, ENABLE_BITOPS(enabler)))) > return -EBUSY; > > + align_addr_bit(&uaddr, &bit, ENABLE_BITOPS(enabler)); > + > ret = pin_user_pages_remote(mm->mm, uaddr, 1, FOLL_WRITE | FOLL_NOFAULT, > &page, NULL); > > @@ -515,9 +547,9 @@ static int user_event_enabler_write(struct user_event_mm *mm, > > /* Update bit atomically, user tracers must be atomic as well */ > if (enabler->event && enabler->event->status) > - set_bit(ENABLE_BIT(enabler), ptr); > + set_bit(bit, ptr); > else > - clear_bit(ENABLE_BIT(enabler), ptr); > + clear_bit(bit, ptr); > > kunmap_local(kaddr); > unpin_user_pages_dirty_lock(&page, 1, true); > @@ -849,6 +881,12 @@ static struct user_event_enabler > enabler->event = user; > enabler->addr = uaddr; > enabler->values = reg->enable_bit; > + > +#if BITS_PER_LONG >= 64 > + if (reg->enable_size == 4) > + set_bit(ENABLE_VAL_32_ON_64_BIT, ENABLE_BITOPS(enabler)); > +#endif > + > retry: > /* Prevents state changes from racing with new enablers */ > mutex_lock(&event_mutex); > @@ -2377,7 +2415,8 @@ static long user_unreg_get(struct user_unreg __user *ureg, > } > > static int user_event_mm_clear_bit(struct user_event_mm *user_mm, > - unsigned long uaddr, unsigned char bit) > + unsigned long uaddr, unsigned char bit, > + unsigned long flags) > { > struct user_event_enabler enabler; > int result; > @@ -2385,7 +2424,7 @@ static int user_event_mm_clear_bit(struct user_event_mm *user_mm, > > memset(&enabler, 0, sizeof(enabler)); > enabler.addr = uaddr; > - enabler.values = bit; > + enabler.values = bit | flags; > retry: > /* Prevents state changes from racing with new enablers */ > mutex_lock(&event_mutex); > @@ -2415,6 +2454,7 @@ static long user_events_ioctl_unreg(unsigned long uarg) > struct user_event_mm *mm = current->user_event_mm; > struct user_event_enabler *enabler, *next; > struct user_unreg reg; > + unsigned long flags; > long ret; > > ret = user_unreg_get(ureg, &reg); > @@ -2425,6 +2465,7 @@ static long user_events_ioctl_unreg(unsigned long uarg) > if (!mm) > return -ENOENT; > > + flags = 0; > ret = -ENOENT; > > /* > @@ -2441,6 +2482,9 @@ static long user_events_ioctl_unreg(unsigned long uarg) > ENABLE_BIT(enabler) == reg.disable_bit) { > set_bit(ENABLE_VAL_FREEING_BIT, ENABLE_BITOPS(enabler)); > > + /* We must keep compat flags for the clear */ > + flags |= enabler->values & ENABLE_VAL_COMPAT_MASK; > + > if (!test_bit(ENABLE_VAL_FAULTING_BIT, ENABLE_BITOPS(enabler))) > user_event_enabler_destroy(enabler, true); > > @@ -2454,7 +2498,7 @@ static long user_events_ioctl_unreg(unsigned long uarg) > /* Ensure bit is now cleared for user, regardless of event status */ > if (!ret) > ret = user_event_mm_clear_bit(mm, reg.disable_addr, > - reg.disable_bit); > + reg.disable_bit, flags); > > return ret; > }

2 years, 1 month

1
0
0 0

[for-linus][PATCH 1/4] ring-buffer: Update "shortest_full" in polling

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> It was discovered that the ring buffer polling was incorrectly stating that read would not block, but that's because polling did not take into account that reads will block if the "buffer-percent" was set. Instead, the ring buffer polling would say reads would not block if there was any data in the ring buffer. This was incorrect behavior from a user space point of view. This was fixed by commit 42fb0a1e84ff by having the polling code check if the ring buffer had more data than what the user specified "buffer percent" had. The problem now is that the polling code did not register itself to the writer that it wanted to wait for a specific "full" value of the ring buffer. The result was that the writer would wake the polling waiter whenever there was a new event. The polling waiter would then wake up, see that there's not enough data in the ring buffer to notify user space and then go back to sleep. The next event would wake it up again. Before the polling fix was added, the code would wake up around 100 times for a hackbench 30 benchmark. After the "fix", due to the constant waking of the writer, it would wake up over 11,0000 times! It would never leave the kernel, so the user space behavior was still "correct", but this definitely is not the desired effect. To fix this, have the polling code add what it's waiting for to the "shortest_full" variable, to tell the writer not to wake it up if the buffer is not as full as it expects to be. Note, after this fix, it appears that the waiter is now woken up around 2x the times it was before (~200). This is a tremendous improvement from the 11,000 times, but I will need to spend some time to see why polling is more aggressive in its wakeups than the read blocking code. Link: https://lore.kernel.org/linux-trace-kernel/20230929180113.01c2cae3@rorschac… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Fixes: 42fb0a1e84ff ("tracing/ring-buffer: Have polling block on watermark") Reported-by: Julia Lawall <julia.lawall(a)inria.fr> Tested-by: Julia Lawall <julia.lawall(a)inria.fr> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 28daf0ce95c5..515cafdb18d9 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1137,6 +1137,9 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu, if (full) { poll_wait(filp, &work->full_waiters, poll_table); work->full_waiters_pending = true; + if (!cpu_buffer->shortest_full || + cpu_buffer->shortest_full > full) + cpu_buffer->shortest_full = full; } else { poll_wait(filp, &work->waiters, poll_table); work->waiters_pending = true; -- 2.40.1

2 years, 1 month

1
0
0 0

[PATCH] power: supply: qcom_battmgr: fix enable request endianness

by Johan Hovold

Add the missing endianness conversion when sending the enable request so that the driver will work also on a hypothetical big-endian machine. This issue was reported by sparse. Fixes: 29e8142b5623 ("power: supply: Introduce Qualcomm PMIC GLINK power supply") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/power/supply/qcom_battmgr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/power/supply/qcom_battmgr.c b/drivers/power/supply/qcom_battmgr.c index de77df97b3a4..6ec71276bb70 100644 --- a/drivers/power/supply/qcom_battmgr.c +++ b/drivers/power/supply/qcom_battmgr.c @@ -1282,9 +1282,9 @@ static void qcom_battmgr_enable_worker(struct work_struct *work) { struct qcom_battmgr *battmgr = container_of(work, struct qcom_battmgr, enable_work); struct qcom_battmgr_enable_request req = { - .hdr.owner = PMIC_GLINK_OWNER_BATTMGR, - .hdr.type = PMIC_GLINK_NOTIFY, - .hdr.opcode = BATTMGR_REQUEST_NOTIFICATION, + .hdr.owner = cpu_to_le32(PMIC_GLINK_OWNER_BATTMGR), + .hdr.type = cpu_to_le32(PMIC_GLINK_NOTIFY), + .hdr.opcode = cpu_to_le32(BATTMGR_REQUEST_NOTIFICATION), }; int ret; -- 2.41.0

2 years, 1 month

3
2
0 0

[PATCH net, 1/3] net: mana: Fix TX CQE error handling

by Haiyang Zhang

For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by injecting corrupted packets, so replace the WARN_ONCE to ratelimited error logging, because we don't need stack trace here. Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/mana_en.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 4a16ebff3d1d..5cdcf7561b38 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1317,19 +1317,23 @@ static void mana_poll_tx_cq(struct mana_cq *cq) case CQE_TX_VPORT_IDX_OUT_OF_RANGE: case CQE_TX_VPORT_DISABLED: case CQE_TX_VLAN_TAGGING_VIOLATION: - WARN_ONCE(1, "TX: CQE error %d: ignored.\n", - cqe_oob->cqe_hdr.cqe_type); + if (net_ratelimit()) + netdev_err(ndev, "TX: CQE error %d\n", + cqe_oob->cqe_hdr.cqe_type); + apc->eth_stats.tx_cqe_err++; break; default: - /* If the CQE type is unexpected, log an error, assert, - * and go through the error path. + /* If the CQE type is unknown, log an error, + * and still free the SKB, update tail, etc. */ - WARN_ONCE(1, "TX: Unexpected CQE type %d: HW BUG?\n", - cqe_oob->cqe_hdr.cqe_type); + if (net_ratelimit()) + netdev_err(ndev, "TX: unknown CQE type %d\n", + cqe_oob->cqe_hdr.cqe_type); + apc->eth_stats.tx_cqe_unknown_type++; - return; + break; } if (WARN_ON_ONCE(txq->gdma_txq_id != completions[i].wq_num)) -- 2.25.1

2 years, 1 month

2
4
0 0

[PATCH] KVM: arm64: Always invalidate TLB for stage-2 permission faults

by Oliver Upton

It is possible for multiple vCPUs to fault on the same IPA and attempt to resolve the fault. One of the page table walks will actually update the PTE and the rest will return -EAGAIN per our race detection scheme. KVM elides the TLB invalidation on the racing threads as the return value is nonzero. Before commit a12ab1378a88 ("KVM: arm64: Use local TLBI on permission relaxation") KVM always used broadcast TLB invalidations when handling permission faults, which had the convenient property of making the stage-2 updates visible to all CPUs in the system. However now we do a local invalidation, and TLBI elision leads to vCPUs getting stuck in a permission fault loop. Remember that the architecture permits the TLB to cache translations that precipitate a permission fault. Invalidate the TLB entry responsible for the permission fault if the stage-2 descriptor has been relaxed, regardless of which thread actually did the job. Cc: stable(a)vger.kernel.org Fixes: a12ab1378a88 ("KVM: arm64: Use local TLBI on permission relaxation") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/hyp/pgtable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c index f155b8c9e98c..286888751793 100644 --- a/arch/arm64/kvm/hyp/pgtable.c +++ b/arch/arm64/kvm/hyp/pgtable.c @@ -1314,7 +1314,7 @@ int kvm_pgtable_stage2_relax_perms(struct kvm_pgtable *pgt, u64 addr, ret = stage2_update_leaf_attrs(pgt, addr, 1, set, clr, NULL, &level, KVM_PGTABLE_WALK_HANDLE_FAULT | KVM_PGTABLE_WALK_SHARED); - if (!ret) + if (!ret || ret == -EAGAIN) kvm_call_hyp(__kvm_tlb_flush_vmid_ipa_nsh, pgt->mmu, addr, level); return ret; } base-commit: ce9ecca0238b140b88f43859b211c9fdfd8e5b70 -- 2.42.0.515.g380fc7ccd1-goog

2 years, 1 month

2
5
0 0

[merged mm-hotfixes-stable] crash-add-lock-to-serialize-crash-hotplug-handling.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Crash: add lock to serialize crash hotplug handling has been removed from the -mm tree. Its filename was crash-add-lock-to-serialize-crash-hotplug-handling.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: Crash: add lock to serialize crash hotplug handling Date: Tue, 26 Sep 2023 20:09:05 +0800 Eric reported that handling corresponding crash hotplug event can be failed easily when many memory hotplug event are notified in a short period. They failed because failing to take __kexec_lock. ======= [ 78.714569] Fallback order for Node 0: 0 [ 78.714575] Built 1 zonelists, mobility grouping on. Total pages: 1817886 [ 78.717133] Policy zone: Normal [ 78.724423] crash hp: kexec_trylock() failed, elfcorehdr may be inaccurate [ 78.727207] crash hp: kexec_trylock() failed, elfcorehdr may be inaccurate [ 80.056643] PEFILE: Unsigned PE binary ======= The memory hotplug events are notified very quickly and very many, while the handling of crash hotplug is much slower relatively. So the atomic variable __kexec_lock and kexec_trylock() can't guarantee the serialization of crash hotplug handling. Here, add a new mutex lock __crash_hotplug_lock to serialize crash hotplug handling specifically. This doesn't impact the usage of __kexec_lock. Link: https://lkml.kernel.org/r/20230926120905.392903-1-bhe@redhat.com Fixes: 247262756121 ("crash: add generic infrastructure for crash hotplug support") Signed-off-by: Baoquan He <bhe(a)redhat.com> Tested-by: Eric DeVolder <eric.devolder(a)oracle.com> Reviewed-by: Eric DeVolder <eric.devolder(a)oracle.com> Reviewed-by: Valentin Schneider <vschneid(a)redhat.com> Cc: Sourabh Jain <sourabhjain(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_core.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) --- a/kernel/crash_core.c~crash-add-lock-to-serialize-crash-hotplug-handling +++ a/kernel/crash_core.c @@ -740,6 +740,17 @@ subsys_initcall(crash_notes_memory_init) #define pr_fmt(fmt) "crash hp: " fmt /* + * Different than kexec/kdump loading/unloading/jumping/shrinking which + * usually rarely happen, there will be many crash hotplug events notified + * during one short period, e.g one memory board is hot added and memory + * regions are online. So mutex lock __crash_hotplug_lock is used to + * serialize the crash hotplug handling specifically. + */ +DEFINE_MUTEX(__crash_hotplug_lock); +#define crash_hotplug_lock() mutex_lock(&__crash_hotplug_lock) +#define crash_hotplug_unlock() mutex_unlock(&__crash_hotplug_lock) + +/* * This routine utilized when the crash_hotplug sysfs node is read. * It reflects the kernel's ability/permission to update the crash * elfcorehdr directly. @@ -748,9 +759,11 @@ int crash_check_update_elfcorehdr(void) { int rc = 0; + crash_hotplug_lock(); /* Obtain lock while reading crash information */ if (!kexec_trylock()) { pr_info("kexec_trylock() failed, elfcorehdr may be inaccurate\n"); + crash_hotplug_unlock(); return 0; } if (kexec_crash_image) { @@ -761,6 +774,7 @@ int crash_check_update_elfcorehdr(void) } /* Release lock now that update complete */ kexec_unlock(); + crash_hotplug_unlock(); return rc; } @@ -783,9 +797,11 @@ static void crash_handle_hotplug_event(u { struct kimage *image; + crash_hotplug_lock(); /* Obtain lock while changing crash information */ if (!kexec_trylock()) { pr_info("kexec_trylock() failed, elfcorehdr may be inaccurate\n"); + crash_hotplug_unlock(); return; } @@ -852,6 +868,7 @@ static void crash_handle_hotplug_event(u out: /* Release lock now that update complete */ kexec_unlock(); + crash_hotplug_unlock(); } static int crash_memhp_notifier(struct notifier_block *nb, unsigned long val, void *v) _ Patches currently in -mm which might be from bhe(a)redhat.com are crash_corec-remove-unnecessary-parameter-of-function.patch crash_core-change-the-prototype-of-function-parse_crashkernel.patch crash_core-change-parse_crashkernel-to-support-crashkernel=highlow-parsing.patch crash_core-add-generic-function-to-do-reservation.patch crash_core-move-crashk_res-definition-into-crash_corec.patch x86-kdump-use-generic-interface-to-simplify-crashkernel-reservation-code.patch x86-kdump-use-generic-interface-to-simplify-crashkernel-reservation-code-fix.patch arm64-kdump-use-generic-interface-to-simplify-crashkernel-reservation.patch riscv-kdump-use-generic-interface-to-simplify-crashkernel-reservation.patch crash_corec-remove-unneeded-functions.patch

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error has been removed from the -mm tree. Its filename was selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Juntong Deng <juntong.deng(a)outlook.com> Subject: selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error Date: Wed, 27 Sep 2023 02:19:44 +0800 According to the awk manual, the -e option does not need to be specified in front of 'program' (unless you need to mix program-file). The redundant -e option can cause error when users use awk tools other than gawk (for example, mawk does not support the -e option). Error Example: awk: not an option: -e Link: https://lkml.kernel.org/r/VI1P193MB075228810591AF2FDD7D42C599C3A@VI1P193MB0… Signed-off-by: Juntong Deng <juntong.deng(a)outlook.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 ++-- tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) --- a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh~selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error +++ a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh @@ -25,7 +25,7 @@ if [[ "$1" == "-cgroup-v2" ]]; then fi if [[ $cgroup2 ]]; then - cgroup_path=$(mount -t cgroup2 | head -1 | awk -e '{print $3}') + cgroup_path=$(mount -t cgroup2 | head -1 | awk '{print $3}') if [[ -z "$cgroup_path" ]]; then cgroup_path=/dev/cgroup/memory mount -t cgroup2 none $cgroup_path @@ -33,7 +33,7 @@ if [[ $cgroup2 ]]; then fi echo "+hugetlb" >$cgroup_path/cgroup.subtree_control else - cgroup_path=$(mount -t cgroup | grep ",hugetlb" | awk -e '{print $3}') + cgroup_path=$(mount -t cgroup | grep ",hugetlb" | awk '{print $3}') if [[ -z "$cgroup_path" ]]; then cgroup_path=/dev/cgroup/memory mount -t cgroup memory,hugetlb $cgroup_path --- a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh~selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error +++ a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh @@ -20,7 +20,7 @@ fi if [[ $cgroup2 ]]; then - CGROUP_ROOT=$(mount -t cgroup2 | head -1 | awk -e '{print $3}') + CGROUP_ROOT=$(mount -t cgroup2 | head -1 | awk '{print $3}') if [[ -z "$CGROUP_ROOT" ]]; then CGROUP_ROOT=/dev/cgroup/memory mount -t cgroup2 none $CGROUP_ROOT @@ -28,7 +28,7 @@ if [[ $cgroup2 ]]; then fi echo "+hugetlb +memory" >$CGROUP_ROOT/cgroup.subtree_control else - CGROUP_ROOT=$(mount -t cgroup | grep ",hugetlb" | awk -e '{print $3}') + CGROUP_ROOT=$(mount -t cgroup | grep ",hugetlb" | awk '{print $3}') if [[ -z "$CGROUP_ROOT" ]]; then CGROUP_ROOT=/dev/cgroup/memory mount -t cgroup memory,hugetlb $CGROUP_ROOT _ Patches currently in -mm which might be from juntong.deng(a)outlook.com are

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] mm-mempolicy-keep-vma-walk-if-both-mpol_mf_strict-and-mpol_mf_move-are-specified.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified has been removed from the -mm tree. Its filename was mm-mempolicy-keep-vma-walk-if-both-mpol_mf_strict-and-mpol_mf_move-are-specified.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yang Shi <yang(a)os.amperecomputing.com> Subject: mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified Date: Wed, 20 Sep 2023 15:32:42 -0700 When calling mbind() with MPOL_MF_{MOVE|MOVEALL} | MPOL_MF_STRICT, kernel should attempt to migrate all existing pages, and return -EIO if there is misplaced or unmovable page. Then commit 6f4576e3687b ("mempolicy: apply page table walker on queue_pages_range()") messed up the return value and didn't break VMA scan early ianymore when MPOL_MF_STRICT alone. The return value problem was fixed by commit a7f40cfe3b7a ("mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified"), but it broke the VMA walk early if unmovable page is met, it may cause some pages are not migrated as expected. The code should conceptually do: if (MPOL_MF_MOVE|MOVEALL) scan all vmas try to migrate the existing pages return success else if (MPOL_MF_MOVE* | MPOL_MF_STRICT) scan all vmas try to migrate the existing pages return -EIO if unmovable or migration failed else /* MPOL_MF_STRICT alone */ break early if meets unmovable and don't call mbind_range() at all else /* none of those flags */ check the ranges in test_walk, EFAULT without mbind_range() if discontig. Fixed the behavior. Link: https://lkml.kernel.org/r/20230920223242.3425775-1-yang@os.amperecomputing.… Fixes: a7f40cfe3b7a ("mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Rafael Aquini <aquini(a)redhat.com> Cc: Kirill A. Shutemov <kirill(a)shutemov.name> Cc: David Rientjes <rientjes(a)google.com> Cc: <stable(a)vger.kernel.org> [4.9+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) --- a/mm/mempolicy.c~mm-mempolicy-keep-vma-walk-if-both-mpol_mf_strict-and-mpol_mf_move-are-specified +++ a/mm/mempolicy.c @@ -426,6 +426,7 @@ struct queue_pages { unsigned long start; unsigned long end; struct vm_area_struct *first; + bool has_unmovable; }; /* @@ -446,9 +447,8 @@ static inline bool queue_folio_required( /* * queue_folios_pmd() has three possible return values: * 0 - folios are placed on the right node or queued successfully, or - * special page is met, i.e. huge zero page. - * 1 - there is unmovable folio, and MPOL_MF_MOVE* & MPOL_MF_STRICT were - * specified. + * special page is met, i.e. zero page, or unmovable page is found + * but continue walking (indicated by queue_pages.has_unmovable). * -EIO - is migration entry or only MPOL_MF_STRICT was specified and an * existing folio was already on a node that does not follow the * policy. @@ -479,7 +479,7 @@ static int queue_folios_pmd(pmd_t *pmd, if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) { if (!vma_migratable(walk->vma) || migrate_folio_add(folio, qp->pagelist, flags)) { - ret = 1; + qp->has_unmovable = true; goto unlock; } } else @@ -495,9 +495,8 @@ unlock: * * queue_folios_pte_range() has three possible return values: * 0 - folios are placed on the right node or queued successfully, or - * special page is met, i.e. zero page. - * 1 - there is unmovable folio, and MPOL_MF_MOVE* & MPOL_MF_STRICT were - * specified. + * special page is met, i.e. zero page, or unmovable page is found + * but continue walking (indicated by queue_pages.has_unmovable). * -EIO - only MPOL_MF_STRICT was specified and an existing folio was already * on a node that does not follow the policy. */ @@ -508,7 +507,6 @@ static int queue_folios_pte_range(pmd_t struct folio *folio; struct queue_pages *qp = walk->private; unsigned long flags = qp->flags; - bool has_unmovable = false; pte_t *pte, *mapped_pte; pte_t ptent; spinlock_t *ptl; @@ -538,11 +536,12 @@ static int queue_folios_pte_range(pmd_t if (!queue_folio_required(folio, qp)) continue; if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) { - /* MPOL_MF_STRICT must be specified if we get here */ - if (!vma_migratable(vma)) { - has_unmovable = true; - break; - } + /* + * MPOL_MF_STRICT must be specified if we get here. + * Continue walking vmas due to MPOL_MF_MOVE* flags. + */ + if (!vma_migratable(vma)) + qp->has_unmovable = true; /* * Do not abort immediately since there may be @@ -550,16 +549,13 @@ static int queue_folios_pte_range(pmd_t * need migrate other LRU pages. */ if (migrate_folio_add(folio, qp->pagelist, flags)) - has_unmovable = true; + qp->has_unmovable = true; } else break; } pte_unmap_unlock(mapped_pte, ptl); cond_resched(); - if (has_unmovable) - return 1; - return addr != end ? -EIO : 0; } @@ -599,7 +595,7 @@ static int queue_folios_hugetlb(pte_t *p * Detecting misplaced folio but allow migrating folios which * have been queued. */ - ret = 1; + qp->has_unmovable = true; goto unlock; } @@ -620,7 +616,7 @@ static int queue_folios_hugetlb(pte_t *p * Failed to isolate folio but allow migrating pages * which have been queued. */ - ret = 1; + qp->has_unmovable = true; } unlock: spin_unlock(ptl); @@ -756,12 +752,15 @@ queue_pages_range(struct mm_struct *mm, .start = start, .end = end, .first = NULL, + .has_unmovable = false, }; const struct mm_walk_ops *ops = lock_vma ? &queue_pages_lock_vma_walk_ops : &queue_pages_walk_ops; err = walk_page_range(mm, start, end, ops, &qp); + if (qp.has_unmovable) + err = 1; if (!qp.first) /* whole range in hole */ err = -EFAULT; @@ -1358,7 +1357,7 @@ static long do_mbind(unsigned long start putback_movable_pages(&pagelist); } - if ((ret > 0) || (nr_failed && (flags & MPOL_MF_STRICT))) + if (((ret > 0) || nr_failed) && (flags & MPOL_MF_STRICT)) err = -EIO; } else { up_out: _ Patches currently in -mm which might be from yang(a)os.amperecomputing.com are

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-vaddr-test-fix-memory-leak-in-damon_do_test_apply_three_regions.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() has been removed from the -mm tree. Its filename was mm-damon-vaddr-test-fix-memory-leak-in-damon_do_test_apply_three_regions.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() Date: Mon, 25 Sep 2023 15:20:59 +0800 When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_cache_alloc() in damon_new_region() and the damon_target which is allocated by kmalloc in damon_new_target() are not freed. And the damon_region which is allocated in damon_new_region() in damon_set_regions() is also not freed. So use damon_destroy_target to free all the damon_regions and damon_target. unreferenced object 0xffff888107c9a940 (size 64): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `............... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079cc740 (size 56): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888107c9ac40 (size 64): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079ccc80 (size 56): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888107c9af40 (size 64): comm "kunit_try_catch", pid 1073, jiffies 4294670597 (age 733.011s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 20 a2 76 07 81 88 ff ff b8 a6 76 07 81 88 ff ff .v.......v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c877e>] damon_test_apply_three_regions3+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff88810776a200 (size 56): comm "kunit_try_catch", pid 1073, jiffies 4294670597 (age 733.011s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c877e>] damon_test_apply_three_regions3+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff88810776a740 (size 56): comm "kunit_try_catch", pid 1073, jiffies 4294670597 (age 733.025s) hex dump (first 32 bytes): 3d 00 00 00 00 00 00 00 3f 00 00 00 00 00 00 00 =.......?....... 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819bfcc2>] damon_set_regions+0x4c2/0x8e0 [<ffffffff819c7dbb>] damon_do_test_apply_three_regions.constprop.0+0xfb/0x3e0 [<ffffffff819c877e>] damon_test_apply_three_regions3+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888108038240 (size 64): comm "kunit_try_catch", pid 1075, jiffies 4294670600 (age 733.022s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 03 00 00 00 6b 6b 6b 6b ............kkkk 48 ad 76 07 81 88 ff ff 98 ae 76 07 81 88 ff ff H.v.......v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c898d>] damon_test_apply_three_regions4+0x1cd/0x210 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff88810776ad28 (size 56): comm "kunit_try_catch", pid 1075, jiffies 4294670600 (age 733.022s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819bfcc2>] damon_set_regions+0x4c2/0x8e0 [<ffffffff819c7dbb>] damon_do_test_apply_three_regions.constprop.0+0xfb/0x3e0 [<ffffffff819c898d>] damon_test_apply_three_regions4+0x1cd/0x210 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 Link: https://lkml.kernel.org/r/20230925072100.3725620-1-ruanjinjie@huawei.com Fixes: 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/vaddr-test.h | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/damon/vaddr-test.h~mm-damon-vaddr-test-fix-memory-leak-in-damon_do_test_apply_three_regions +++ a/mm/damon/vaddr-test.h @@ -148,6 +148,8 @@ static void damon_do_test_apply_three_re KUNIT_EXPECT_EQ(test, r->ar.start, expected[i * 2]); KUNIT_EXPECT_EQ(test, r->ar.end, expected[i * 2 + 1]); } + + damon_destroy_target(t); } /* _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are mm-damon-core-test-fix-memory-leak-in-damon_new_region.patch mm-damon-core-test-fix-memory-leak-in-damon_new_ctx.patch

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] mm-memcg-reconsider-kmemlimit_in_bytes-deprecation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm, memcg: reconsider kmem.limit_in_bytes deprecation has been removed from the -mm tree. Its filename was mm-memcg-reconsider-kmemlimit_in_bytes-deprecation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: mm, memcg: reconsider kmem.limit_in_bytes deprecation Date: Thu, 21 Sep 2023 09:38:29 +0200 This reverts commits 86327e8eb94c ("memcg: drop kmem.limit_in_bytes") and partially reverts 58056f77502f ("memcg, kmem: further deprecate kmem.limit_in_bytes") which have incrementally removed support for the kernel memory accounting hard limit. Unfortunately it has turned out that there is still userspace depending on the existence of memory.kmem.limit_in_bytes [1]. The underlying functionality is not really required but the non-existent file just confuses the userspace which fails in the result. The patch to fix this on the userspace side has been submitted but it is hard to predict how it will propagate through the maze of 3rd party consumers of the software. Now, reverting alone 86327e8eb94c is not an option because there is another set of userspace which cannot cope with ENOTSUPP returned when writing to the file. Therefore we have to go and revisit 58056f77502f as well. There are two ways to go ahead. Either we give up on the deprecation and fully revert 58056f77502f as well or we can keep kmem.limit_in_bytes but make the write a noop and warn about the fact. This should work for both known breaking workloads which depend on the existence but do not depend on the hard limit enforcement. Note to backporters to stable trees. a8c49af3be5f ("memcg: add per-memcg total kernel memory stat") introduced in 4.18 has added memcg_account_kmem so the accounting is not done by obj_cgroup_charge_pages directly for v1 anymore. Prior kernels need to add it explicitly (thanks to Johannes for pointing this out). [akpm(a)linux-foundation.org: fix build - remove unused local] Link: http://lkml.kernel.org/r/20230920081101.GA12096@linuxonhyperv3.guj3yctzbm1e… [1] Link: https://lkml.kernel.org/r/ZRE5VJozPZt9bRPy@dhcp22.suse.cz Fixes: 86327e8eb94c ("memcg: drop kmem.limit_in_bytes") Fixes: 58056f77502f ("memcg, kmem: further deprecate kmem.limit_in_bytes") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Tejun heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/cgroup-v1/memory.rst | 7 +++++++ mm/memcontrol.c | 13 +++++++++++++ 2 files changed, 20 insertions(+) --- a/Documentation/admin-guide/cgroup-v1/memory.rst~mm-memcg-reconsider-kmemlimit_in_bytes-deprecation +++ a/Documentation/admin-guide/cgroup-v1/memory.rst @@ -92,6 +92,13 @@ Brief summary of control files. memory.oom_control set/show oom controls. memory.numa_stat show the number of memory usage per numa node + memory.kmem.limit_in_bytes Deprecated knob to set and read the kernel + memory hard limit. Kernel hard limit is not + supported since 5.16. Writing any value to + do file will not have any effect same as if + nokmem kernel parameter was specified. + Kernel memory is still charged and reported + by memory.kmem.usage_in_bytes. memory.kmem.usage_in_bytes show current kernel memory allocation memory.kmem.failcnt show the number of kernel memory usage hits limits --- a/mm/memcontrol.c~mm-memcg-reconsider-kmemlimit_in_bytes-deprecation +++ a/mm/memcontrol.c @@ -3867,6 +3867,13 @@ static ssize_t mem_cgroup_write(struct k case _MEMSWAP: ret = mem_cgroup_resize_max(memcg, nr_pages, true); break; + case _KMEM: + pr_warn_once("kmem.limit_in_bytes is deprecated and will be removed. " + "Writing any value to this file has no effect. " + "Please report your usecase to linux-mm(a)kvack.org if you " + "depend on this functionality.\n"); + ret = 0; + break; case _TCP: ret = memcg_update_tcp_max(memcg, nr_pages); break; @@ -5078,6 +5085,12 @@ static struct cftype mem_cgroup_legacy_f }, #endif { + .name = "kmem.limit_in_bytes", + .private = MEMFILE_PRIVATE(_KMEM, RES_LIMIT), + .write = mem_cgroup_write, + .read_u64 = mem_cgroup_read_u64, + }, + { .name = "kmem.usage_in_bytes", .private = MEMFILE_PRIVATE(_KMEM, RES_USAGE), .read_u64 = mem_cgroup_read_u64, _ Patches currently in -mm which might be from mhocko(a)suse.com are

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] arm64-hugetlb-fix-set_huge_pte_at-to-work-with-all-swap-entries.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: arm64: hugetlb: fix set_huge_pte_at() to work with all swap entries has been removed from the -mm tree. Its filename was arm64-hugetlb-fix-set_huge_pte_at-to-work-with-all-swap-entries.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: arm64: hugetlb: fix set_huge_pte_at() to work with all swap entries Date: Fri, 22 Sep 2023 12:58:04 +0100 When called with a swap entry that does not embed a PFN (e.g. PTE_MARKER_POISONED or PTE_MARKER_UFFD_WP), the previous implementation of set_huge_pte_at() would either cause a BUG() to fire (if CONFIG_DEBUG_VM is enabled) or cause a dereference of an invalid address and subsequent panic. arm64's huge pte implementation supports multiple huge page sizes, some of which are implemented in the page table with multiple contiguous entries. So set_huge_pte_at() needs to work out how big the logical pte is, so that it can also work out how many physical ptes (or pmds) need to be written. It previously did this by grabbing the folio out of the pte and querying its size. However, there are cases when the pte being set is actually a swap entry. But this also used to work fine, because for huge ptes, we only ever saw migration entries and hwpoison entries. And both of these types of swap entries have a PFN embedded, so the code would grab that and everything still worked out. But over time, more calls to set_huge_pte_at() have been added that set swap entry types that do not embed a PFN. And this causes the code to go bang. The triggering case is for the uffd poison test, commit 99aa77215ad0 ("selftests/mm: add uffd unit test for UFFDIO_POISON"), which causes a PTE_MARKER_POISONED swap entry to be set, coutesey of commit 8a13897fb0da ("mm: userfaultfd: support UFFDIO_POISON for hugetlbfs") - added in v6.5-rc7. Although review shows that there are other call sites that set PTE_MARKER_UFFD_WP (which also has no PFN), these don't trigger on arm64 because arm64 doesn't support UFFD WP. Arguably, the root cause is really due to commit 18f3962953e4 ("mm: hugetlb: kill set_huge_swap_pte_at()"), which aimed to simplify the interface to the core code by removing set_huge_swap_pte_at() (which took a page size parameter) and replacing it with calls to set_huge_pte_at() where the size was inferred from the folio, as descibed above. While that commit didn't break anything at the time, it did break the interface because it couldn't handle swap entries without PFNs. And since then new callers have come along which rely on this working. But given the brokeness is only observable after commit 8a13897fb0da ("mm: userfaultfd: support UFFDIO_POISON for hugetlbfs"), that one gets the Fixes tag. Now that we have modified the set_huge_pte_at() interface to pass the huge page size in the previous patch, we can trivially fix this issue. Link: https://lkml.kernel.org/r/20230922115804.2043771-3-ryan.roberts@arm.com Fixes: 8a13897fb0da ("mm: userfaultfd: support UFFDIO_POISON for hugetlbfs") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David S. Miller <davem(a)davemloft.net> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Helge Deller <deller(a)gmx.de> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/mm/hugetlbpage.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) --- a/arch/arm64/mm/hugetlbpage.c~arm64-hugetlb-fix-set_huge_pte_at-to-work-with-all-swap-entries +++ a/arch/arm64/mm/hugetlbpage.c @@ -241,13 +241,6 @@ static void clear_flush(struct mm_struct flush_tlb_range(&vma, saddr, addr); } -static inline struct folio *hugetlb_swap_entry_to_folio(swp_entry_t entry) -{ - VM_BUG_ON(!is_migration_entry(entry) && !is_hwpoison_entry(entry)); - - return page_folio(pfn_to_page(swp_offset_pfn(entry))); -} - void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte, unsigned long sz) { @@ -257,13 +250,10 @@ void set_huge_pte_at(struct mm_struct *m unsigned long pfn, dpfn; pgprot_t hugeprot; - if (!pte_present(pte)) { - struct folio *folio; - - folio = hugetlb_swap_entry_to_folio(pte_to_swp_entry(pte)); - ncontig = num_contig_ptes(folio_size(folio), &pgsize); + ncontig = num_contig_ptes(sz, &pgsize); - for (i = 0; i < ncontig; i++, ptep++) + if (!pte_present(pte)) { + for (i = 0; i < ncontig; i++, ptep++, addr += pgsize) set_pte_at(mm, addr, ptep, pte); return; } @@ -273,7 +263,6 @@ void set_huge_pte_at(struct mm_struct *m return; } - ncontig = find_num_contig(mm, addr, ptep, &pgsize); pfn = pte_pfn(pte); dpfn = pgsize >> PAGE_SHIFT; hugeprot = pte_pgprot(pte); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-allow-deferred-splitting-of-arbitrary-anon-large-folios.patch mm-non-pmd-mappable-large-folios-for-folio_add_new_anon_rmap.patch mm-thp-account-pte-mapped-anonymous-thp-usage.patch mm-thp-introduce-anon_orders-and-anon_always_mask-sysfs-files.patch mm-thp-extend-thp-to-allocate-anonymous-large-folios.patch mm-thp-add-recommend-option-for-anon_orders.patch arm64-mm-override-arch_wants_pte_order.patch selftests-mm-cow-generalize-do_run_with_thp-helper.patch selftests-mm-cow-add-tests-for-small-order-anon-thp.patch

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: hugetlb: add huge page size param to set_huge_pte_at() has been removed from the -mm tree. Its filename was mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: hugetlb: add huge page size param to set_huge_pte_at() Date: Fri, 22 Sep 2023 12:58:03 +0100 Patch series "Fix set_huge_pte_at() panic on arm64", v2. This series fixes a bug in arm64's implementation of set_huge_pte_at(), which can result in an unprivileged user causing a kernel panic. The problem was triggered when running the new uffd poison mm selftest for HUGETLB memory. This test (and the uffd poison feature) was merged for v6.5-rc7. Ideally, I'd like to get this fix in for v6.6 and I've cc'ed stable (correctly this time) to get it backported to v6.5, where the issue first showed up. Description of Bug ================== arm64's huge pte implementation supports multiple huge page sizes, some of which are implemented in the page table with multiple contiguous entries. So set_huge_pte_at() needs to work out how big the logical pte is, so that it can also work out how many physical ptes (or pmds) need to be written. It previously did this by grabbing the folio out of the pte and querying its size. However, there are cases when the pte being set is actually a swap entry. But this also used to work fine, because for huge ptes, we only ever saw migration entries and hwpoison entries. And both of these types of swap entries have a PFN embedded, so the code would grab that and everything still worked out. But over time, more calls to set_huge_pte_at() have been added that set swap entry types that do not embed a PFN. And this causes the code to go bang. The triggering case is for the uffd poison test, commit 99aa77215ad0 ("selftests/mm: add uffd unit test for UFFDIO_POISON"), which causes a PTE_MARKER_POISONED swap entry to be set, coutesey of commit 8a13897fb0da ("mm: userfaultfd: support UFFDIO_POISON for hugetlbfs") - added in v6.5-rc7. Although review shows that there are other call sites that set PTE_MARKER_UFFD_WP (which also has no PFN), these don't trigger on arm64 because arm64 doesn't support UFFD WP. If CONFIG_DEBUG_VM is enabled, we do at least get a BUG(), but otherwise, it will dereference a bad pointer in page_folio(): static inline struct folio *hugetlb_swap_entry_to_folio(swp_entry_t entry) { VM_BUG_ON(!is_migration_entry(entry) && !is_hwpoison_entry(entry)); return page_folio(pfn_to_page(swp_offset_pfn(entry))); } Fix === The simplest fix would have been to revert the dodgy cleanup commit 18f3962953e4 ("mm: hugetlb: kill set_huge_swap_pte_at()"), but since things have moved on, this would have required an audit of all the new set_huge_pte_at() call sites to see if they should be converted to set_huge_swap_pte_at(). As per the original intent of the change, it would also leave us open to future bugs when people invariably get it wrong and call the wrong helper. So instead, I've added a huge page size parameter to set_huge_pte_at(). This means that the arm64 code has the size in all cases. It's a bigger change, due to needing to touch the arches that implement the function, but it is entirely mechanical, so in my view, low risk. I've compile-tested all touched arches; arm64, parisc, powerpc, riscv, s390, sparc (and additionally x86_64). I've additionally booted and run mm selftests against arm64, where I observe the uffd poison test is fixed, and there are no other regressions. This patch (of 2): In order to fix a bug, arm64 needs to be told the size of the huge page for which the pte is being set in set_huge_pte_at(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. No behavioral changes intended. Link: https://lkml.kernel.org/r/20230922115804.2043771-1-ryan.roberts@arm.com Link: https://lkml.kernel.org/r/20230922115804.2043771-2-ryan.roberts@arm.com Fixes: 8a13897fb0da ("mm: userfaultfd: support UFFDIO_POISON for hugetlbfs") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> [powerpc 8xx] Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> [vmalloc change] Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David S. Miller <davem(a)davemloft.net> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Helge Deller <deller(a)gmx.de> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/include/asm/hugetlb.h | 2 arch/arm64/mm/hugetlbpage.c | 6 + arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/nohash/32/hugetlb-8xx.h | 3 arch/powerpc/mm/book3s64/hugetlbpage.c | 5 + arch/powerpc/mm/book3s64/radix_hugetlbpage.c | 3 arch/powerpc/mm/nohash/8xx.c | 3 arch/powerpc/mm/pgtable.c | 3 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/mm/hugetlbpage.c | 3 arch/s390/include/asm/hugetlb.h | 6 + arch/s390/mm/hugetlbpage.c | 8 ++ arch/sparc/include/asm/hugetlb.h | 6 + arch/sparc/mm/hugetlbpage.c | 8 ++ include/asm-generic/hugetlb.h | 2 include/linux/hugetlb.h | 6 + mm/damon/vaddr.c | 3 mm/hugetlb.c | 43 +++++++------ mm/migrate.c | 7 +- mm/rmap.c | 23 +++++- mm/vmalloc.c | 2 22 files changed, 100 insertions(+), 49 deletions(-) --- a/arch/arm64/include/asm/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/arm64/include/asm/hugetlb.h @@ -28,7 +28,7 @@ pte_t arch_make_huge_pte(pte_t entry, un #define arch_make_huge_pte arch_make_huge_pte #define __HAVE_ARCH_HUGE_SET_HUGE_PTE_AT extern void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t pte); + pte_t *ptep, pte_t pte, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, --- a/arch/arm64/mm/hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/arm64/mm/hugetlbpage.c @@ -249,7 +249,7 @@ static inline struct folio *hugetlb_swap } void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t pte) + pte_t *ptep, pte_t pte, unsigned long sz) { size_t pgsize; int i; @@ -571,5 +571,7 @@ pte_t huge_ptep_modify_prot_start(struct void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t old_pte, pte_t pte) { - set_huge_pte_at(vma->vm_mm, addr, ptep, pte); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + set_huge_pte_at(vma->vm_mm, addr, ptep, pte, psize); } --- a/arch/parisc/include/asm/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/parisc/include/asm/hugetlb.h @@ -6,7 +6,7 @@ #define __HAVE_ARCH_HUGE_SET_HUGE_PTE_AT void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t pte); + pte_t *ptep, pte_t pte, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, --- a/arch/parisc/mm/hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/parisc/mm/hugetlbpage.c @@ -140,7 +140,7 @@ static void __set_huge_pte_at(struct mm_ } void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t entry) + pte_t *ptep, pte_t entry, unsigned long sz) { __set_huge_pte_at(mm, addr, ptep, entry); } --- a/arch/powerpc/include/asm/nohash/32/hugetlb-8xx.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/powerpc/include/asm/nohash/32/hugetlb-8xx.h @@ -46,7 +46,8 @@ static inline int check_and_get_huge_psi } #define __HAVE_ARCH_HUGE_SET_HUGE_PTE_AT -void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte); +void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, + pte_t pte, unsigned long sz); #define __HAVE_ARCH_HUGE_PTE_CLEAR static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, --- a/arch/powerpc/mm/book3s64/hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/powerpc/mm/book3s64/hugetlbpage.c @@ -143,11 +143,14 @@ pte_t huge_ptep_modify_prot_start(struct void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t old_pte, pte_t pte) { + unsigned long psize; if (radix_enabled()) return radix__huge_ptep_modify_prot_commit(vma, addr, ptep, old_pte, pte); - set_huge_pte_at(vma->vm_mm, addr, ptep, pte); + + psize = huge_page_size(hstate_vma(vma)); + set_huge_pte_at(vma->vm_mm, addr, ptep, pte, psize); } void __init hugetlbpage_init_defaultsize(void) --- a/arch/powerpc/mm/book3s64/radix_hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/powerpc/mm/book3s64/radix_hugetlbpage.c @@ -47,6 +47,7 @@ void radix__huge_ptep_modify_prot_commit pte_t old_pte, pte_t pte) { struct mm_struct *mm = vma->vm_mm; + unsigned long psize = huge_page_size(hstate_vma(vma)); /* * POWER9 NMMU must flush the TLB after clearing the PTE before @@ -58,5 +59,5 @@ void radix__huge_ptep_modify_prot_commit atomic_read(&mm->context.copros) > 0) radix__flush_hugetlb_page(vma, addr); - set_huge_pte_at(vma->vm_mm, addr, ptep, pte); + set_huge_pte_at(vma->vm_mm, addr, ptep, pte, psize); } --- a/arch/powerpc/mm/nohash/8xx.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/powerpc/mm/nohash/8xx.c @@ -91,7 +91,8 @@ static int __ref __early_map_kernel_huge if (new && WARN_ON(pte_present(*ptep) && pgprot_val(prot))) return -EINVAL; - set_huge_pte_at(&init_mm, va, ptep, pte_mkhuge(pfn_pte(pa >> PAGE_SHIFT, prot))); + set_huge_pte_at(&init_mm, va, ptep, + pte_mkhuge(pfn_pte(pa >> PAGE_SHIFT, prot)), psize); return 0; } --- a/arch/powerpc/mm/pgtable.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/powerpc/mm/pgtable.c @@ -288,7 +288,8 @@ int huge_ptep_set_access_flags(struct vm } #if defined(CONFIG_PPC_8xx) -void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte) +void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, + pte_t pte, unsigned long sz) { pmd_t *pmd = pmd_off(mm, addr); pte_basic_t val; --- a/arch/riscv/include/asm/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/riscv/include/asm/hugetlb.h @@ -18,7 +18,8 @@ void huge_pte_clear(struct mm_struct *mm #define __HAVE_ARCH_HUGE_SET_HUGE_PTE_AT void set_huge_pte_at(struct mm_struct *mm, - unsigned long addr, pte_t *ptep, pte_t pte); + unsigned long addr, pte_t *ptep, pte_t pte, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, --- a/arch/riscv/mm/hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/riscv/mm/hugetlbpage.c @@ -180,7 +180,8 @@ pte_t arch_make_huge_pte(pte_t entry, un void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, - pte_t pte) + pte_t pte, + unsigned long sz) { int i, pte_num; --- a/arch/s390/include/asm/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/s390/include/asm/hugetlb.h @@ -16,6 +16,8 @@ #define hugepages_supported() (MACHINE_HAS_EDAT1) void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, pte_t pte, unsigned long sz); +void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte); pte_t huge_ptep_get(pte_t *ptep); pte_t huge_ptep_get_and_clear(struct mm_struct *mm, @@ -65,7 +67,7 @@ static inline int huge_ptep_set_access_f int changed = !pte_same(huge_ptep_get(ptep), pte); if (changed) { huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); - set_huge_pte_at(vma->vm_mm, addr, ptep, pte); + __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; } @@ -74,7 +76,7 @@ static inline void huge_ptep_set_wrprote unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); - set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); + __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } static inline pte_t mk_huge_pte(struct page *page, pgprot_t pgprot) --- a/arch/s390/mm/hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/s390/mm/hugetlbpage.c @@ -142,7 +142,7 @@ static void clear_huge_pte_skeys(struct __storage_key_init_range(paddr, paddr + size - 1); } -void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, +void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte) { unsigned long rste; @@ -163,6 +163,12 @@ void set_huge_pte_at(struct mm_struct *m set_pte(ptep, __pte(rste)); } +void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, pte_t pte, unsigned long sz) +{ + __set_huge_pte_at(mm, addr, ptep, pte); +} + pte_t huge_ptep_get(pte_t *ptep) { return __rste_to_pte(pte_val(*ptep)); --- a/arch/sparc/include/asm/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/sparc/include/asm/hugetlb.h @@ -14,6 +14,8 @@ extern struct pud_huge_patch_entry __pud #define __HAVE_ARCH_HUGE_SET_HUGE_PTE_AT void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, pte_t pte, unsigned long sz); +void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR @@ -32,7 +34,7 @@ static inline void huge_ptep_set_wrprote unsigned long addr, pte_t *ptep) { pte_t old_pte = *ptep; - set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); + __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -42,7 +44,7 @@ static inline int huge_ptep_set_access_f { int changed = !pte_same(*ptep, pte); if (changed) { - set_huge_pte_at(vma->vm_mm, addr, ptep, pte); + __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); flush_tlb_page(vma, addr); } return changed; --- a/arch/sparc/mm/hugetlbpage.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/arch/sparc/mm/hugetlbpage.c @@ -328,7 +328,7 @@ pte_t *huge_pte_offset(struct mm_struct return pte_offset_huge(pmd, addr); } -void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, +void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t entry) { unsigned int nptes, orig_shift, shift; @@ -364,6 +364,12 @@ void set_huge_pte_at(struct mm_struct *m orig_shift); } +void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, pte_t entry, unsigned long sz) +{ + __set_huge_pte_at(mm, addr, ptep, entry); +} + pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { --- a/include/asm-generic/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/include/asm-generic/hugetlb.h @@ -76,7 +76,7 @@ static inline void hugetlb_free_pgd_rang #ifndef __HAVE_ARCH_HUGE_SET_HUGE_PTE_AT static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t pte) + pte_t *ptep, pte_t pte, unsigned long sz) { set_pte_at(mm, addr, ptep, pte); } --- a/include/linux/hugetlb.h~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/include/linux/hugetlb.h @@ -984,7 +984,9 @@ static inline void huge_ptep_modify_prot unsigned long addr, pte_t *ptep, pte_t old_pte, pte_t pte) { - set_huge_pte_at(vma->vm_mm, addr, ptep, pte); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + set_huge_pte_at(vma->vm_mm, addr, ptep, pte, psize); } #endif @@ -1173,7 +1175,7 @@ static inline pte_t huge_ptep_clear_flus } static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t pte) + pte_t *ptep, pte_t pte, unsigned long sz) { } --- a/mm/damon/vaddr.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/mm/damon/vaddr.c @@ -341,13 +341,14 @@ static void damon_hugetlb_mkold(pte_t *p bool referenced = false; pte_t entry = huge_ptep_get(pte); struct folio *folio = pfn_folio(pte_pfn(entry)); + unsigned long psize = huge_page_size(hstate_vma(vma)); folio_get(folio); if (pte_young(entry)) { referenced = true; entry = pte_mkold(entry); - set_huge_pte_at(mm, addr, pte, entry); + set_huge_pte_at(mm, addr, pte, entry, psize); } #ifdef CONFIG_MMU_NOTIFIER --- a/mm/hugetlb.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/mm/hugetlb.c @@ -4980,7 +4980,7 @@ static bool is_hugetlb_entry_hwpoisoned( static void hugetlb_install_folio(struct vm_area_struct *vma, pte_t *ptep, unsigned long addr, - struct folio *new_folio, pte_t old) + struct folio *new_folio, pte_t old, unsigned long sz) { pte_t newpte = make_huge_pte(vma, &new_folio->page, 1); @@ -4988,7 +4988,7 @@ hugetlb_install_folio(struct vm_area_str hugepage_add_new_anon_rmap(new_folio, vma, addr); if (userfaultfd_wp(vma) && huge_pte_uffd_wp(old)) newpte = huge_pte_mkuffd_wp(newpte); - set_huge_pte_at(vma->vm_mm, addr, ptep, newpte); + set_huge_pte_at(vma->vm_mm, addr, ptep, newpte, sz); hugetlb_count_add(pages_per_huge_page(hstate_vma(vma)), vma->vm_mm); folio_set_hugetlb_migratable(new_folio); } @@ -5065,7 +5065,7 @@ again: } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry))) { if (!userfaultfd_wp(dst_vma)) entry = huge_pte_clear_uffd_wp(entry); - set_huge_pte_at(dst, addr, dst_pte, entry); + set_huge_pte_at(dst, addr, dst_pte, entry, sz); } else if (unlikely(is_hugetlb_entry_migration(entry))) { swp_entry_t swp_entry = pte_to_swp_entry(entry); bool uffd_wp = pte_swp_uffd_wp(entry); @@ -5080,18 +5080,18 @@ again: entry = swp_entry_to_pte(swp_entry); if (userfaultfd_wp(src_vma) && uffd_wp) entry = pte_swp_mkuffd_wp(entry); - set_huge_pte_at(src, addr, src_pte, entry); + set_huge_pte_at(src, addr, src_pte, entry, sz); } if (!userfaultfd_wp(dst_vma)) entry = huge_pte_clear_uffd_wp(entry); - set_huge_pte_at(dst, addr, dst_pte, entry); + set_huge_pte_at(dst, addr, dst_pte, entry, sz); } else if (unlikely(is_pte_marker(entry))) { pte_marker marker = copy_pte_marker( pte_to_swp_entry(entry), dst_vma); if (marker) set_huge_pte_at(dst, addr, dst_pte, - make_pte_marker(marker)); + make_pte_marker(marker), sz); } else { entry = huge_ptep_get(src_pte); pte_folio = page_folio(pte_page(entry)); @@ -5145,7 +5145,7 @@ again: goto again; } hugetlb_install_folio(dst_vma, dst_pte, addr, - new_folio, src_pte_old); + new_folio, src_pte_old, sz); spin_unlock(src_ptl); spin_unlock(dst_ptl); continue; @@ -5166,7 +5166,7 @@ again: if (!userfaultfd_wp(dst_vma)) entry = huge_pte_clear_uffd_wp(entry); - set_huge_pte_at(dst, addr, dst_pte, entry); + set_huge_pte_at(dst, addr, dst_pte, entry, sz); hugetlb_count_add(npages, dst); } spin_unlock(src_ptl); @@ -5184,7 +5184,8 @@ again: } static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, - unsigned long new_addr, pte_t *src_pte, pte_t *dst_pte) + unsigned long new_addr, pte_t *src_pte, pte_t *dst_pte, + unsigned long sz) { struct hstate *h = hstate_vma(vma); struct mm_struct *mm = vma->vm_mm; @@ -5202,7 +5203,7 @@ static void move_huge_pte(struct vm_area spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); - set_huge_pte_at(mm, new_addr, dst_pte, pte); + set_huge_pte_at(mm, new_addr, dst_pte, pte, sz); if (src_ptl != dst_ptl) spin_unlock(src_ptl); @@ -5259,7 +5260,7 @@ int move_hugetlb_page_tables(struct vm_a if (!dst_pte) break; - move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte); + move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz); } if (shared_pmd) @@ -5337,7 +5338,8 @@ static void __unmap_hugepage_range(struc if (pte_swp_uffd_wp_any(pte) && !(zap_flags & ZAP_FLAG_DROP_MARKER)) set_huge_pte_at(mm, address, ptep, - make_pte_marker(PTE_MARKER_UFFD_WP)); + make_pte_marker(PTE_MARKER_UFFD_WP), + sz); else huge_pte_clear(mm, address, ptep, sz); spin_unlock(ptl); @@ -5371,7 +5373,8 @@ static void __unmap_hugepage_range(struc if (huge_pte_uffd_wp(pte) && !(zap_flags & ZAP_FLAG_DROP_MARKER)) set_huge_pte_at(mm, address, ptep, - make_pte_marker(PTE_MARKER_UFFD_WP)); + make_pte_marker(PTE_MARKER_UFFD_WP), + sz); hugetlb_count_sub(pages_per_huge_page(h), mm); page_remove_rmap(page, vma, true); @@ -5676,7 +5679,7 @@ retry_avoidcopy: hugepage_add_new_anon_rmap(new_folio, vma, haddr); if (huge_pte_uffd_wp(pte)) newpte = huge_pte_mkuffd_wp(newpte); - set_huge_pte_at(mm, haddr, ptep, newpte); + set_huge_pte_at(mm, haddr, ptep, newpte, huge_page_size(h)); folio_set_hugetlb_migratable(new_folio); /* Make the old page be freed below */ new_folio = old_folio; @@ -5972,7 +5975,7 @@ static vm_fault_t hugetlb_no_page(struct */ if (unlikely(pte_marker_uffd_wp(old_pte))) new_pte = huge_pte_mkuffd_wp(new_pte); - set_huge_pte_at(mm, haddr, ptep, new_pte); + set_huge_pte_at(mm, haddr, ptep, new_pte, huge_page_size(h)); hugetlb_count_add(pages_per_huge_page(h), mm); if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { @@ -6261,7 +6264,8 @@ int hugetlb_mfill_atomic_pte(pte_t *dst_ } _dst_pte = make_pte_marker(PTE_MARKER_POISONED); - set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); + set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte, + huge_page_size(h)); /* No need to invalidate - it was non-present before */ update_mmu_cache(dst_vma, dst_addr, dst_pte); @@ -6412,7 +6416,7 @@ int hugetlb_mfill_atomic_pte(pte_t *dst_ if (wp_enabled) _dst_pte = huge_pte_mkuffd_wp(_dst_pte); - set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); + set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte, huge_page_size(h)); hugetlb_count_add(pages_per_huge_page(h), dst_mm); @@ -6598,7 +6602,7 @@ long hugetlb_change_protection(struct vm else if (uffd_wp_resolve) newpte = pte_swp_clear_uffd_wp(newpte); if (!pte_same(pte, newpte)) - set_huge_pte_at(mm, address, ptep, newpte); + set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { /* No other markers apply for now. */ WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); @@ -6623,7 +6627,8 @@ long hugetlb_change_protection(struct vm if (unlikely(uffd_wp)) /* Safe to modify directly (none->non-present). */ set_huge_pte_at(mm, address, ptep, - make_pte_marker(PTE_MARKER_UFFD_WP)); + make_pte_marker(PTE_MARKER_UFFD_WP), + psize); } spin_unlock(ptl); } --- a/mm/migrate.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/mm/migrate.c @@ -243,7 +243,9 @@ static bool remove_migration_pte(struct #ifdef CONFIG_HUGETLB_PAGE if (folio_test_hugetlb(folio)) { - unsigned int shift = huge_page_shift(hstate_vma(vma)); + struct hstate *h = hstate_vma(vma); + unsigned int shift = huge_page_shift(h); + unsigned long psize = huge_page_size(h); pte = arch_make_huge_pte(pte, shift, vma->vm_flags); if (folio_test_anon(folio)) @@ -251,7 +253,8 @@ static bool remove_migration_pte(struct rmap_flags); else page_dup_file_rmap(new, true); - set_huge_pte_at(vma->vm_mm, pvmw.address, pvmw.pte, pte); + set_huge_pte_at(vma->vm_mm, pvmw.address, pvmw.pte, pte, + psize); } else #endif { --- a/mm/rmap.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/mm/rmap.c @@ -1480,6 +1480,7 @@ static bool try_to_unmap_one(struct foli struct mmu_notifier_range range; enum ttu_flags flags = (enum ttu_flags)(long)arg; unsigned long pfn; + unsigned long hsz = 0; /* * When racing against e.g. zap_pte_range() on another cpu, @@ -1511,6 +1512,9 @@ static bool try_to_unmap_one(struct foli */ adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); + + /* We need the huge page size for set_huge_pte_at() */ + hsz = huge_page_size(hstate_vma(vma)); } mmu_notifier_invalidate_range_start(&range); @@ -1628,7 +1632,8 @@ static bool try_to_unmap_one(struct foli pteval = swp_entry_to_pte(make_hwpoison_entry(subpage)); if (folio_test_hugetlb(folio)) { hugetlb_count_sub(folio_nr_pages(folio), mm); - set_huge_pte_at(mm, address, pvmw.pte, pteval); + set_huge_pte_at(mm, address, pvmw.pte, pteval, + hsz); } else { dec_mm_counter(mm, mm_counter(&folio->page)); set_pte_at(mm, address, pvmw.pte, pteval); @@ -1820,6 +1825,7 @@ static bool try_to_migrate_one(struct fo struct mmu_notifier_range range; enum ttu_flags flags = (enum ttu_flags)(long)arg; unsigned long pfn; + unsigned long hsz = 0; /* * When racing against e.g. zap_pte_range() on another cpu, @@ -1855,6 +1861,9 @@ static bool try_to_migrate_one(struct fo */ adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); + + /* We need the huge page size for set_huge_pte_at() */ + hsz = huge_page_size(hstate_vma(vma)); } mmu_notifier_invalidate_range_start(&range); @@ -2020,7 +2029,8 @@ static bool try_to_migrate_one(struct fo pteval = swp_entry_to_pte(make_hwpoison_entry(subpage)); if (folio_test_hugetlb(folio)) { hugetlb_count_sub(folio_nr_pages(folio), mm); - set_huge_pte_at(mm, address, pvmw.pte, pteval); + set_huge_pte_at(mm, address, pvmw.pte, pteval, + hsz); } else { dec_mm_counter(mm, mm_counter(&folio->page)); set_pte_at(mm, address, pvmw.pte, pteval); @@ -2044,7 +2054,8 @@ static bool try_to_migrate_one(struct fo if (arch_unmap_one(mm, vma, address, pteval) < 0) { if (folio_test_hugetlb(folio)) - set_huge_pte_at(mm, address, pvmw.pte, pteval); + set_huge_pte_at(mm, address, pvmw.pte, + pteval, hsz); else set_pte_at(mm, address, pvmw.pte, pteval); ret = false; @@ -2058,7 +2069,8 @@ static bool try_to_migrate_one(struct fo if (anon_exclusive && page_try_share_anon_rmap(subpage)) { if (folio_test_hugetlb(folio)) - set_huge_pte_at(mm, address, pvmw.pte, pteval); + set_huge_pte_at(mm, address, pvmw.pte, + pteval, hsz); else set_pte_at(mm, address, pvmw.pte, pteval); ret = false; @@ -2090,7 +2102,8 @@ static bool try_to_migrate_one(struct fo if (pte_uffd_wp(pteval)) swp_pte = pte_swp_mkuffd_wp(swp_pte); if (folio_test_hugetlb(folio)) - set_huge_pte_at(mm, address, pvmw.pte, swp_pte); + set_huge_pte_at(mm, address, pvmw.pte, swp_pte, + hsz); else set_pte_at(mm, address, pvmw.pte, swp_pte); trace_set_migration_pte(address, pte_val(swp_pte), --- a/mm/vmalloc.c~mm-hugetlb-add-huge-page-size-param-to-set_huge_pte_at +++ a/mm/vmalloc.c @@ -111,7 +111,7 @@ static int vmap_pte_range(pmd_t *pmd, un pte_t entry = pfn_pte(pfn, prot); entry = arch_make_huge_pte(entry, ilog2(size), 0); - set_huge_pte_at(&init_mm, addr, pte, entry); + set_huge_pte_at(&init_mm, addr, pte, entry, size); pfn += PFN_DOWN(size); continue; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are arm64-hugetlb-fix-set_huge_pte_at-to-work-with-all-swap-entries.patch mm-allow-deferred-splitting-of-arbitrary-anon-large-folios.patch mm-non-pmd-mappable-large-folios-for-folio_add_new_anon_rmap.patch mm-thp-account-pte-mapped-anonymous-thp-usage.patch mm-thp-introduce-anon_orders-and-anon_always_mask-sysfs-files.patch mm-thp-extend-thp-to-allocate-anonymous-large-folios.patch mm-thp-add-recommend-option-for-anon_orders.patch arm64-mm-override-arch_wants_pte_order.patch selftests-mm-cow-generalize-do_run_with_thp-helper.patch selftests-mm-cow-add-tests-for-small-order-anon-thp.patch

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-add-mas_underflow-and-mas_overflow-states.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states has been removed from the -mm tree. Its filename was maple_tree-add-mas_underflow-and-mas_overflow-states.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states Date: Thu, 21 Sep 2023 14:12:36 -0400 When updating the maple tree iterator to avoid rewalks, an issue was introduced when shifting beyond the limits. This can be seen by trying to go to the previous address of 0, which would set the maple node to MAS_NONE and keep the range as the last entry. Subsequent calls to mas_find() would then search upwards from mas->last and skip the value at mas->index/mas->last. This showed up as a bug in mprotect which skips the actual VMA at the current range after attempting to go to the previous VMA from 0. Since MAS_NONE may already be set when searching for a value that isn't contained within a node, changing the handling of MAS_NONE in mas_find() would make the code more complicated and error prone. Furthermore, there was no way to tell which limit was hit, and thus which action to take (next or the entry at the current range). This solution is to add two states to track what happened with the previous iterator action. This allows for the expected behaviour of the next command to return the correct item (either the item at the range requested, or the next/previous). Tests are also added and updated accordingly. Link: https://lkml.kernel.org/r/20230921181236.509072-3-Liam.Howlett@oracle.com Link: https://gist.github.com/heatd/85d2971fae1501b55b6ea401fbbe485b Link: https://lore.kernel.org/linux-mm/20230921181236.509072-1-Liam.Howlett@oracl… Fixes: 39193685d585 ("maple_tree: try harder to keep active node with mas_prev()") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Pedro Falcato <pedro.falcato(a)gmail.com> Closes: https://gist.github.com/heatd/85d2971fae1501b55b6ea401fbbe485b Closes: https://bugs.archlinux.org/task/79656 Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/maple_tree.h | 2 lib/maple_tree.c | 221 +++++++++++++++++++++++++---------- lib/test_maple_tree.c | 87 +++++++++++-- 3 files changed, 237 insertions(+), 73 deletions(-) --- a/include/linux/maple_tree.h~maple_tree-add-mas_underflow-and-mas_overflow-states +++ a/include/linux/maple_tree.h @@ -428,6 +428,8 @@ struct ma_wr_state { #define MAS_ROOT ((struct maple_enode *)5UL) #define MAS_NONE ((struct maple_enode *)9UL) #define MAS_PAUSE ((struct maple_enode *)17UL) +#define MAS_OVERFLOW ((struct maple_enode *)33UL) +#define MAS_UNDERFLOW ((struct maple_enode *)65UL) #define MA_ERROR(err) \ ((struct maple_enode *)(((unsigned long)err << 2) | 2UL)) --- a/lib/maple_tree.c~maple_tree-add-mas_underflow-and-mas_overflow-states +++ a/lib/maple_tree.c @@ -256,6 +256,22 @@ bool mas_is_err(struct ma_state *mas) return xa_is_err(mas->node); } +static __always_inline bool mas_is_overflow(struct ma_state *mas) +{ + if (unlikely(mas->node == MAS_OVERFLOW)) + return true; + + return false; +} + +static __always_inline bool mas_is_underflow(struct ma_state *mas) +{ + if (unlikely(mas->node == MAS_UNDERFLOW)) + return true; + + return false; +} + static inline bool mas_searchable(struct ma_state *mas) { if (mas_is_none(mas)) @@ -4415,10 +4431,13 @@ no_entry: * * @mas: The maple state * @max: The minimum starting range + * @empty: Can be empty + * @set_underflow: Set the @mas->node to underflow state on limit. * * Return: The entry in the previous slot which is possibly NULL */ -static void *mas_prev_slot(struct ma_state *mas, unsigned long min, bool empty) +static void *mas_prev_slot(struct ma_state *mas, unsigned long min, bool empty, + bool set_underflow) { void *entry; void __rcu **slots; @@ -4435,7 +4454,6 @@ retry: if (unlikely(mas_rewalk_if_dead(mas, node, save_point))) goto retry; -again: if (mas->min <= min) { pivot = mas_safe_min(mas, pivots, mas->offset); @@ -4443,9 +4461,10 @@ again: goto retry; if (pivot <= min) - return NULL; + goto underflow; } +again: if (likely(mas->offset)) { mas->offset--; mas->last = mas->index - 1; @@ -4457,7 +4476,7 @@ again: } if (mas_is_none(mas)) - return NULL; + goto underflow; mas->last = mas->max; node = mas_mn(mas); @@ -4474,10 +4493,19 @@ again: if (likely(entry)) return entry; - if (!empty) + if (!empty) { + if (mas->index <= min) + goto underflow; + goto again; + } return entry; + +underflow: + if (set_underflow) + mas->node = MAS_UNDERFLOW; + return NULL; } /* @@ -4567,10 +4595,13 @@ no_entry: * @mas: The maple state * @max: The maximum starting range * @empty: Can be empty + * @set_overflow: Should @mas->node be set to overflow when the limit is + * reached. * * Return: The entry in the next slot which is possibly NULL */ -static void *mas_next_slot(struct ma_state *mas, unsigned long max, bool empty) +static void *mas_next_slot(struct ma_state *mas, unsigned long max, bool empty, + bool set_overflow) { void __rcu **slots; unsigned long *pivots; @@ -4589,22 +4620,22 @@ retry: if (unlikely(mas_rewalk_if_dead(mas, node, save_point))) goto retry; -again: if (mas->max >= max) { if (likely(mas->offset < data_end)) pivot = pivots[mas->offset]; else - return NULL; /* must be mas->max */ + goto overflow; if (unlikely(mas_rewalk_if_dead(mas, node, save_point))) goto retry; if (pivot >= max) - return NULL; + goto overflow; } if (likely(mas->offset < data_end)) { mas->index = pivots[mas->offset] + 1; +again: mas->offset++; if (likely(mas->offset < data_end)) mas->last = pivots[mas->offset]; @@ -4616,8 +4647,11 @@ again: goto retry; } - if (mas_is_none(mas)) + if (WARN_ON_ONCE(mas_is_none(mas))) { + mas->node = MAS_OVERFLOW; return NULL; + goto overflow; + } mas->offset = 0; mas->index = mas->min; @@ -4636,12 +4670,20 @@ again: return entry; if (!empty) { - if (!mas->offset) - data_end = 2; + if (mas->last >= max) + goto overflow; + + mas->index = mas->last + 1; + /* Node cannot end on NULL, so it's safe to short-cut here */ goto again; } return entry; + +overflow: + if (set_overflow) + mas->node = MAS_OVERFLOW; + return NULL; } /* @@ -4651,17 +4693,20 @@ again: * * Set the @mas->node to the next entry and the range_start to * the beginning value for the entry. Does not check beyond @limit. - * Sets @mas->index and @mas->last to the limit if it is hit. + * Sets @mas->index and @mas->last to the range, Does not update @mas->index and + * @mas->last on overflow. * Restarts on dead nodes. * * Return: the next entry or %NULL. */ static inline void *mas_next_entry(struct ma_state *mas, unsigned long limit) { - if (mas->last >= limit) + if (mas->last >= limit) { + mas->node = MAS_OVERFLOW; return NULL; + } - return mas_next_slot(mas, limit, false); + return mas_next_slot(mas, limit, false, true); } /* @@ -4837,7 +4882,7 @@ void *mas_walk(struct ma_state *mas) { void *entry; - if (mas_is_none(mas) || mas_is_paused(mas) || mas_is_ptr(mas)) + if (!mas_is_active(mas) || !mas_is_start(mas)) mas->node = MAS_START; retry: entry = mas_state_walk(mas); @@ -5294,14 +5339,22 @@ static inline void mte_destroy_walk(stru static void mas_wr_store_setup(struct ma_wr_state *wr_mas) { - if (mas_is_start(wr_mas->mas)) - return; + if (!mas_is_active(wr_mas->mas)) { + if (mas_is_start(wr_mas->mas)) + return; - if (unlikely(mas_is_paused(wr_mas->mas))) - goto reset; + if (unlikely(mas_is_paused(wr_mas->mas))) + goto reset; - if (unlikely(mas_is_none(wr_mas->mas))) - goto reset; + if (unlikely(mas_is_none(wr_mas->mas))) + goto reset; + + if (unlikely(mas_is_overflow(wr_mas->mas))) + goto reset; + + if (unlikely(mas_is_underflow(wr_mas->mas))) + goto reset; + } /* * A less strict version of mas_is_span_wr() where we allow spanning @@ -5595,8 +5648,25 @@ static inline bool mas_next_setup(struct { bool was_none = mas_is_none(mas); - if (mas_is_none(mas) || mas_is_paused(mas)) + if (unlikely(mas->last >= max)) { + mas->node = MAS_OVERFLOW; + return true; + } + + if (mas_is_active(mas)) + return false; + + if (mas_is_none(mas) || mas_is_paused(mas)) { + mas->node = MAS_START; + } else if (mas_is_overflow(mas)) { + /* Overflowed before, but the max changed */ mas->node = MAS_START; + } else if (mas_is_underflow(mas)) { + mas->node = MAS_START; + *entry = mas_walk(mas); + if (*entry) + return true; + } if (mas_is_start(mas)) *entry = mas_walk(mas); /* Retries on dead nodes handled by mas_walk */ @@ -5615,6 +5685,7 @@ static inline bool mas_next_setup(struct if (mas_is_none(mas)) return true; + return false; } @@ -5637,7 +5708,7 @@ void *mas_next(struct ma_state *mas, uns return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, false); + return mas_next_slot(mas, max, false, true); } EXPORT_SYMBOL_GPL(mas_next); @@ -5660,7 +5731,7 @@ void *mas_next_range(struct ma_state *ma return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, true); + return mas_next_slot(mas, max, true, true); } EXPORT_SYMBOL_GPL(mas_next_range); @@ -5691,18 +5762,31 @@ EXPORT_SYMBOL_GPL(mt_next); static inline bool mas_prev_setup(struct ma_state *mas, unsigned long min, void **entry) { - if (mas->index <= min) - goto none; + if (unlikely(mas->index <= min)) { + mas->node = MAS_UNDERFLOW; + return true; + } - if (mas_is_none(mas) || mas_is_paused(mas)) + if (mas_is_active(mas)) + return false; + + if (mas_is_overflow(mas)) { mas->node = MAS_START; + *entry = mas_walk(mas); + if (*entry) + return true; + } - if (mas_is_start(mas)) { - mas_walk(mas); - if (!mas->index) - goto none; + if (mas_is_none(mas) || mas_is_paused(mas)) { + mas->node = MAS_START; + } else if (mas_is_underflow(mas)) { + /* underflowed before but the min changed */ + mas->node = MAS_START; } + if (mas_is_start(mas)) + mas_walk(mas); + if (unlikely(mas_is_ptr(mas))) { if (!mas->index) goto none; @@ -5747,7 +5831,7 @@ void *mas_prev(struct ma_state *mas, uns if (mas_prev_setup(mas, min, &entry)) return entry; - return mas_prev_slot(mas, min, false); + return mas_prev_slot(mas, min, false, true); } EXPORT_SYMBOL_GPL(mas_prev); @@ -5770,7 +5854,7 @@ void *mas_prev_range(struct ma_state *ma if (mas_prev_setup(mas, min, &entry)) return entry; - return mas_prev_slot(mas, min, true); + return mas_prev_slot(mas, min, true, true); } EXPORT_SYMBOL_GPL(mas_prev_range); @@ -5828,24 +5912,35 @@ EXPORT_SYMBOL_GPL(mas_pause); static inline bool mas_find_setup(struct ma_state *mas, unsigned long max, void **entry) { - *entry = NULL; + if (mas_is_active(mas)) { + if (mas->last < max) + return false; + + return true; + } - if (unlikely(mas_is_none(mas))) { + if (mas_is_paused(mas)) { if (unlikely(mas->last >= max)) return true; - mas->index = mas->last; + mas->index = ++mas->last; mas->node = MAS_START; - } else if (unlikely(mas_is_paused(mas))) { + } else if (mas_is_none(mas)) { if (unlikely(mas->last >= max)) return true; + mas->index = mas->last; mas->node = MAS_START; - mas->index = ++mas->last; - } else if (unlikely(mas_is_ptr(mas))) - goto ptr_out_of_range; + } else if (mas_is_overflow(mas) || mas_is_underflow(mas)) { + if (mas->index > max) { + mas->node = MAS_OVERFLOW; + return true; + } - if (unlikely(mas_is_start(mas))) { + mas->node = MAS_START; + } + + if (mas_is_start(mas)) { /* First run or continue */ if (mas->index > max) return true; @@ -5895,7 +5990,7 @@ void *mas_find(struct ma_state *mas, uns return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, false); + return mas_next_slot(mas, max, false, false); } EXPORT_SYMBOL_GPL(mas_find); @@ -5913,13 +6008,13 @@ EXPORT_SYMBOL_GPL(mas_find); */ void *mas_find_range(struct ma_state *mas, unsigned long max) { - void *entry; + void *entry = NULL; if (mas_find_setup(mas, max, &entry)) return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, true); + return mas_next_slot(mas, max, true, false); } EXPORT_SYMBOL_GPL(mas_find_range); @@ -5934,26 +6029,36 @@ EXPORT_SYMBOL_GPL(mas_find_range); static inline bool mas_find_rev_setup(struct ma_state *mas, unsigned long min, void **entry) { - *entry = NULL; - - if (unlikely(mas_is_none(mas))) { - if (mas->index <= min) - goto none; + if (mas_is_active(mas)) { + if (mas->index > min) + return false; - mas->last = mas->index; - mas->node = MAS_START; + return true; } - if (unlikely(mas_is_paused(mas))) { + if (mas_is_paused(mas)) { if (unlikely(mas->index <= min)) { mas->node = MAS_NONE; return true; } mas->node = MAS_START; mas->last = --mas->index; + } else if (mas_is_none(mas)) { + if (mas->index <= min) + goto none; + + mas->last = mas->index; + mas->node = MAS_START; + } else if (mas_is_underflow(mas) || mas_is_overflow(mas)) { + if (mas->last <= min) { + mas->node = MAS_UNDERFLOW; + return true; + } + + mas->node = MAS_START; } - if (unlikely(mas_is_start(mas))) { + if (mas_is_start(mas)) { /* First run or continue */ if (mas->index < min) return true; @@ -6004,13 +6109,13 @@ none: */ void *mas_find_rev(struct ma_state *mas, unsigned long min) { - void *entry; + void *entry = NULL; if (mas_find_rev_setup(mas, min, &entry)) return entry; /* Retries on dead nodes handled by mas_prev_slot */ - return mas_prev_slot(mas, min, false); + return mas_prev_slot(mas, min, false, false); } EXPORT_SYMBOL_GPL(mas_find_rev); @@ -6030,13 +6135,13 @@ EXPORT_SYMBOL_GPL(mas_find_rev); */ void *mas_find_range_rev(struct ma_state *mas, unsigned long min) { - void *entry; + void *entry = NULL; if (mas_find_rev_setup(mas, min, &entry)) return entry; /* Retries on dead nodes handled by mas_prev_slot */ - return mas_prev_slot(mas, min, true); + return mas_prev_slot(mas, min, true, false); } EXPORT_SYMBOL_GPL(mas_find_range_rev); --- a/lib/test_maple_tree.c~maple_tree-add-mas_underflow-and-mas_overflow-states +++ a/lib/test_maple_tree.c @@ -2166,7 +2166,7 @@ static noinline void __init next_prev_te MT_BUG_ON(mt, val != NULL); MT_BUG_ON(mt, mas.index != 0); MT_BUG_ON(mt, mas.last != 5); - MT_BUG_ON(mt, mas.node != MAS_NONE); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); mas.index = 0; mas.last = 5; @@ -2917,6 +2917,7 @@ static noinline void __init check_empty_ * exists MAS_NONE active range * exists active active range * DNE active active set to last range + * ERANGE active MAS_OVERFLOW last range * * Function ENTRY Start Result index & last * mas_prev() @@ -2945,6 +2946,7 @@ static noinline void __init check_empty_ * any MAS_ROOT MAS_NONE 0 * exists active active range * DNE active active last range + * ERANGE active MAS_UNDERFLOW last range * * Function ENTRY Start Result index & last * mas_find() @@ -2955,7 +2957,7 @@ static noinline void __init check_empty_ * DNE MAS_START MAS_NONE 0 * DNE MAS_PAUSE MAS_NONE 0 * DNE MAS_ROOT MAS_NONE 0 - * DNE MAS_NONE MAS_NONE 0 + * DNE MAS_NONE MAS_NONE 1 * if index == 0 * exists MAS_START MAS_ROOT 0 * exists MAS_PAUSE MAS_ROOT 0 @@ -2967,7 +2969,7 @@ static noinline void __init check_empty_ * DNE MAS_START active set to max * exists MAS_PAUSE active range * DNE MAS_PAUSE active set to max - * exists MAS_NONE active range + * exists MAS_NONE active range (start at last) * exists active active range * DNE active active last range (max < last) * @@ -2992,7 +2994,7 @@ static noinline void __init check_empty_ * DNE MAS_START active set to min * exists MAS_PAUSE active range * DNE MAS_PAUSE active set to min - * exists MAS_NONE active range + * exists MAS_NONE active range (start at index) * exists active active range * DNE active active last range (min > index) * @@ -3039,10 +3041,10 @@ static noinline void __init check_state_ mtree_store_range(mt, 0, 0, ptr, GFP_KERNEL); mas_lock(&mas); - /* prev: Start -> none */ + /* prev: Start -> underflow*/ entry = mas_prev(&mas, 0); MT_BUG_ON(mt, entry != NULL); - MT_BUG_ON(mt, mas.node != MAS_NONE); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); /* prev: Start -> root */ mas_set(&mas, 10); @@ -3069,7 +3071,7 @@ static noinline void __init check_state_ MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.node != MAS_NONE); - /* next: start -> none */ + /* next: start -> none*/ mas_set(&mas, 10); entry = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, mas.index != 1); @@ -3268,25 +3270,46 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x2500); MT_BUG_ON(mt, !mas_active(mas)); - /* next:active -> active out of range*/ + /* next:active -> active beyond data */ entry = mas_next(&mas, 0x2999); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0x2501); MT_BUG_ON(mt, mas.last != 0x2fff); MT_BUG_ON(mt, !mas_active(mas)); - /* Continue after out of range*/ + /* Continue after last range ends after max */ entry = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, entry != ptr3); MT_BUG_ON(mt, mas.index != 0x3000); MT_BUG_ON(mt, mas.last != 0x3500); MT_BUG_ON(mt, !mas_active(mas)); - /* next:active -> active out of range*/ + /* next:active -> active continued */ + entry = mas_next(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0x3501); + MT_BUG_ON(mt, mas.last != ULONG_MAX); + MT_BUG_ON(mt, !mas_active(mas)); + + /* next:active -> overflow */ entry = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0x3501); MT_BUG_ON(mt, mas.last != ULONG_MAX); + MT_BUG_ON(mt, mas.node != MAS_OVERFLOW); + + /* next:overflow -> overflow */ + entry = mas_next(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0x3501); + MT_BUG_ON(mt, mas.last != ULONG_MAX); + MT_BUG_ON(mt, mas.node != MAS_OVERFLOW); + + /* prev:overflow -> active */ + entry = mas_prev(&mas, 0); + MT_BUG_ON(mt, entry != ptr3); + MT_BUG_ON(mt, mas.index != 0x3000); + MT_BUG_ON(mt, mas.last != 0x3500); MT_BUG_ON(mt, !mas_active(mas)); /* next: none -> active, skip value at location */ @@ -3307,11 +3330,46 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x1500); MT_BUG_ON(mt, !mas_active(mas)); - /* prev:active -> active out of range*/ + /* prev:active -> active spanning end range */ + entry = mas_prev(&mas, 0x0100); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0); + MT_BUG_ON(mt, mas.last != 0x0FFF); + MT_BUG_ON(mt, !mas_active(mas)); + + /* prev:active -> underflow */ + entry = mas_prev(&mas, 0); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0); + MT_BUG_ON(mt, mas.last != 0x0FFF); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); + + /* prev:underflow -> underflow */ entry = mas_prev(&mas, 0); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0); MT_BUG_ON(mt, mas.last != 0x0FFF); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); + + /* next:underflow -> active */ + entry = mas_next(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != ptr); + MT_BUG_ON(mt, mas.index != 0x1000); + MT_BUG_ON(mt, mas.last != 0x1500); + MT_BUG_ON(mt, !mas_active(mas)); + + /* prev:first value -> underflow */ + entry = mas_prev(&mas, 0x1000); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0x1000); + MT_BUG_ON(mt, mas.last != 0x1500); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); + + /* find:underflow -> first value */ + entry = mas_find(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != ptr); + MT_BUG_ON(mt, mas.index != 0x1000); + MT_BUG_ON(mt, mas.last != 0x1500); MT_BUG_ON(mt, !mas_active(mas)); /* prev: pause ->active */ @@ -3325,14 +3383,14 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x2500); MT_BUG_ON(mt, !mas_active(mas)); - /* prev:active -> active out of range*/ + /* prev:active -> active spanning min */ entry = mas_prev(&mas, 0x1600); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0x1501); MT_BUG_ON(mt, mas.last != 0x1FFF); MT_BUG_ON(mt, !mas_active(mas)); - /* prev: active ->active, continue*/ + /* prev: active ->active, continue */ entry = mas_prev(&mas, 0); MT_BUG_ON(mt, entry != ptr); MT_BUG_ON(mt, mas.index != 0x1000); @@ -3379,7 +3437,7 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x2FFF); MT_BUG_ON(mt, !mas_active(mas)); - /* find: none ->active */ + /* find: overflow ->active */ entry = mas_find(&mas, 0x5000); MT_BUG_ON(mt, entry != ptr3); MT_BUG_ON(mt, mas.index != 0x3000); @@ -3778,7 +3836,6 @@ static int __init maple_tree_seed(void) check_empty_area_fill(&tree); mtree_destroy(&tree); - mt_init_flags(&tree, MT_FLAGS_ALLOC_RANGE); check_state_handling(&tree); mtree_destroy(&tree); _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch mmap-add-clarifying-comment-to-vma_merge-code.patch radix-tree-test-suite-fix-allocation-calculation-in-kmem_cache_alloc_bulk.patch

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-add-mas_active-to-detect-in-tree-walks.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: add mas_is_active() to detect in-tree walks has been removed from the -mm tree. Its filename was maple_tree-add-mas_active-to-detect-in-tree-walks.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: add mas_is_active() to detect in-tree walks Date: Thu, 21 Sep 2023 14:12:35 -0400 Patch series "maple_tree: Fix mas_prev() state regression". Pedro Falcato retported an mprotect regression [1] which was bisected back to the iterator changes for maple tree. Root cause analysis showed the mas_prev() running off the end of the VMA space (previous from 0) followed by mas_find(), would skip the first value. This patchset introduces maple state underflow/overflow so the sequence of calls on the maple state will return what the user expects. Users who encounter this bug may see mprotect(), userfaultfd_register(), and mlock() fail on VMAs mapped with address 0. This patch (of 2): Instead of constantly checking each possibility of the maple state, create a fast path that will skip over checking unlikely states. Link: https://lkml.kernel.org/r/20230921181236.509072-1-Liam.Howlett@oracle.com Link: https://lkml.kernel.org/r/20230921181236.509072-2-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Pedro Falcato <pedro.falcato(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/maple_tree.h | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/include/linux/maple_tree.h~maple_tree-add-mas_active-to-detect-in-tree-walks +++ a/include/linux/maple_tree.h @@ -511,6 +511,15 @@ static inline bool mas_is_paused(const s return mas->node == MAS_PAUSE; } +/* Check if the mas is pointing to a node or not */ +static inline bool mas_is_active(struct ma_state *mas) +{ + if ((unsigned long)mas->node >= MAPLE_RESERVED_RANGE) + return true; + + return false; +} + /** * mas_reset() - Reset a Maple Tree operation state. * @mas: Maple Tree operation state. _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_underflow-and-mas_overflow-states.patch mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch mmap-add-clarifying-comment-to-vma_merge-code.patch radix-tree-test-suite-fix-allocation-calculation-in-kmem_cache_alloc_bulk.patch

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-potential-use-after-free-in-nilfs_gccache_submit_read_data.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() has been removed from the -mm tree. Its filename was nilfs2-fix-potential-use-after-free-in-nilfs_gccache_submit_read_data.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Pan Bian <bianpan2016(a)163.com> Subject: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() Date: Thu, 21 Sep 2023 23:17:31 +0900 In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If the reference count hits 0 and its owner page gets unlocked, bh may be freed. However, bh->b_page is dereferenced to put the page after that, which may result in a use-after-free bug. This patch moves the release operation after unlocking and putting the page. NOTE: The function in question is only called in GC, and in combination with current userland tools, address translation using DAT does not occur in that function, so the code path that causes this issue will not be executed. However, it is possible to run that code path by intentionally modifying the userland GC library or by calling the GC ioctl directly. [konishi.ryusuke(a)gmail.com: NOTE added to the commit log] Link: https://lkml.kernel.org/r/1543201709-53191-1-git-send-email-bianpan2016@163… Link: https://lkml.kernel.org/r/20230921141731.10073-1-konishi.ryusuke@gmail.com Fixes: a3d93f709e89 ("nilfs2: block cache for garbage collection") Signed-off-by: Pan Bian <bianpan2016(a)163.com> Reported-by: Ferry Meng <mengferry(a)linux.alibaba.com> Closes: https://lkml.kernel.org/r/20230818092022.111054-1-mengferry@linux.alibaba.c… Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/gcinode.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/fs/nilfs2/gcinode.c~nilfs2-fix-potential-use-after-free-in-nilfs_gccache_submit_read_data +++ a/fs/nilfs2/gcinode.c @@ -73,10 +73,8 @@ int nilfs_gccache_submit_read_data(struc struct the_nilfs *nilfs = inode->i_sb->s_fs_info; err = nilfs_dat_translate(nilfs->ns_dat, vbn, &pbn); - if (unlikely(err)) { /* -EIO, -ENOMEM, -ENOENT */ - brelse(bh); + if (unlikely(err)) /* -EIO, -ENOMEM, -ENOENT */ goto failed; - } } lock_buffer(bh); @@ -102,6 +100,8 @@ int nilfs_gccache_submit_read_data(struc failed: unlock_page(bh->b_page); put_page(bh->b_page); + if (unlikely(err)) + brelse(bh); return err; } _ Patches currently in -mm which might be from bianpan2016(a)163.com are

2 years, 1 month

1
0
0 0

[merged mm-hotfixes-stable] fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs: binfmt_elf_efpic: fix personality for ELF-FDPIC has been removed from the -mm tree. Its filename was fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Greg Ungerer <gerg(a)kernel.org> Subject: fs: binfmt_elf_efpic: fix personality for ELF-FDPIC Date: Thu, 7 Sep 2023 11:18:08 +1000 The elf-fdpic loader hard sets the process personality to either PER_LINUX_FDPIC for true elf-fdpic binaries or to PER_LINUX for normal ELF binaries (in this case they would be constant displacement compiled with -pie for example). The problem with that is that it will lose any other bits that may be in the ELF header personality (such as the "bug emulation" bits). On the ARM architecture the ADDR_LIMIT_32BIT flag is used to signify a normal 32bit binary - as opposed to a legacy 26bit address binary. This matters since start_thread() will set the ARM CPSR register as required based on this flag. If the elf-fdpic loader loses this bit the process will be mis-configured and crash out pretty quickly. Modify elf-fdpic loader personality setting so that it preserves the upper three bytes by using the SET_PERSONALITY macro to set it. This macro in the generic case sets PER_LINUX and preserves the upper bytes. Architectures can override this for their specific use case, and ARM does exactly this. The problem shows up quite easily running under qemu using the ARM architecture, but not necessarily on all types of real ARM hardware. If the underlying ARM processor does not support the legacy 26-bit addressing mode then everything will work as expected. Link: https://lkml.kernel.org/r/20230907011808.2985083-1-gerg@kernel.org Fixes: 1bde925d23547 ("fs/binfmt_elf_fdpic.c: provide NOMMU loader for regular ELF binaries") Signed-off-by: Greg Ungerer <gerg(a)kernel.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: Greg Ungerer <gerg(a)kernel.org> Cc: Kees Cook <keescook(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/binfmt_elf_fdpic.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/fs/binfmt_elf_fdpic.c~fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic +++ a/fs/binfmt_elf_fdpic.c @@ -345,10 +345,9 @@ static int load_elf_fdpic_binary(struct /* there's now no turning back... the old userspace image is dead, * defunct, deceased, etc. */ + SET_PERSONALITY(exec_params.hdr); if (elf_check_fdpic(&exec_params.hdr)) - set_personality(PER_LINUX_FDPIC); - else - set_personality(PER_LINUX); + current->personality |= PER_LINUX_FDPIC; if (elf_read_implies_exec(&exec_params.hdr, executable_stack)) current->personality |= READ_IMPLIES_EXEC; _ Patches currently in -mm which might be from gerg(a)kernel.org are

2 years, 1 month

1
0
0 0

[PATCH v2 0/2] Fix set_huge_pte_at() panic on arm64

by Ryan Roberts

Hi All, This series fixes a bug in arm64's implementation of set_huge_pte_at(), which can result in an unprivileged user causing a kernel panic. The problem was triggered when running the new uffd poison mm selftest for HUGETLB memory. This test (and the uffd poison feature) was merged for v6.5-rc7. Ideally, I'd like to get this fix in for v6.6 and I've cc'ed stable (correctly this time) to get it backported to v6.5, where the issue first showed up. Description of Bug ------------------ arm64's huge pte implementation supports multiple huge page sizes, some of which are implemented in the page table with multiple contiguous entries. So set_huge_pte_at() needs to work out how big the logical pte is, so that it can also work out how many physical ptes (or pmds) need to be written. It previously did this by grabbing the folio out of the pte and querying its size. However, there are cases when the pte being set is actually a swap entry. But this also used to work fine, because for huge ptes, we only ever saw migration entries and hwpoison entries. And both of these types of swap entries have a PFN embedded, so the code would grab that and everything still worked out. But over time, more calls to set_huge_pte_at() have been added that set swap entry types that do not embed a PFN. And this causes the code to go bang. The triggering case is for the uffd poison test, commit 99aa77215ad0 ("selftests/mm: add uffd unit test for UFFDIO_POISON"), which causes a PTE_MARKER_POISONED swap entry to be set, coutesey of commit 8a13897fb0da ("mm: userfaultfd: support UFFDIO_POISON for hugetlbfs") - added in v6.5-rc7. Although review shows that there are other call sites that set PTE_MARKER_UFFD_WP (which also has no PFN), these don't trigger on arm64 because arm64 doesn't support UFFD WP. If CONFIG_DEBUG_VM is enabled, we do at least get a BUG(), but otherwise, it will dereference a bad pointer in page_folio(): static inline struct folio *hugetlb_swap_entry_to_folio(swp_entry_t entry) { VM_BUG_ON(!is_migration_entry(entry) && !is_hwpoison_entry(entry)); return page_folio(pfn_to_page(swp_offset_pfn(entry))); } Fix --- The simplest fix would have been to revert the dodgy cleanup commit 18f3962953e4 ("mm: hugetlb: kill set_huge_swap_pte_at()"), but since things have moved on, this would have required an audit of all the new set_huge_pte_at() call sites to see if they should be converted to set_huge_swap_pte_at(). As per the original intent of the change, it would also leave us open to future bugs when people invariably get it wrong and call the wrong helper. So instead, I've added a huge page size parameter to set_huge_pte_at(). This means that the arm64 code has the size in all cases. It's a bigger change, due to needing to touch the arches that implement the function, but it is entirely mechanical, so in my view, low risk. I've compile-tested all touched arches; arm64, parisc, powerpc, riscv, s390, sparc (and additionally x86_64). I've additionally booted and run mm selftests against arm64, where I observe the uffd poison test is fixed, and there are no other regressions. Patches ------- patch 1: Convert core mm and arches to pass extra param (no behavioral change) patch 8: Fix the arm64 bug Patches based on v6.6-rc2. Changes since v1 [1] -------------------- - Pass extra size param instead of converting mm to vma. - Passing vma was problematic for kernel mapping case without vma - Squash all interface changes to single patch - Simplify powerpc so that is doesn't require __set_huge_page_at() - Added Reviewed-bys [1] https://lore.kernel.org/linux-arm-kernel/20230921162007.1630149-1-ryan.robe… Thanks, Ryan Ryan Roberts (2): mm: hugetlb: Add huge page size param to set_huge_pte_at() arm64: hugetlb: Fix set_huge_pte_at() to work with all swap entries arch/arm64/include/asm/hugetlb.h | 2 +- arch/arm64/mm/hugetlbpage.c | 23 +++------- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- .../include/asm/nohash/32/hugetlb-8xx.h | 3 +- arch/powerpc/mm/book3s64/hugetlbpage.c | 5 ++- arch/powerpc/mm/book3s64/radix_hugetlbpage.c | 3 +- arch/powerpc/mm/nohash/8xx.c | 3 +- arch/powerpc/mm/pgtable.c | 3 +- arch/riscv/include/asm/hugetlb.h | 3 +- arch/riscv/mm/hugetlbpage.c | 3 +- arch/s390/include/asm/hugetlb.h | 6 ++- arch/s390/mm/hugetlbpage.c | 8 +++- arch/sparc/include/asm/hugetlb.h | 6 ++- arch/sparc/mm/hugetlbpage.c | 8 +++- include/asm-generic/hugetlb.h | 2 +- include/linux/hugetlb.h | 6 ++- mm/damon/vaddr.c | 3 +- mm/hugetlb.c | 43 +++++++++++-------- mm/migrate.c | 7 ++- mm/rmap.c | 23 +++++++--- mm/vmalloc.c | 2 +- 22 files changed, 103 insertions(+), 63 deletions(-) -- 2.25.1

2 years, 1 month

6
9
0 0

[PATCH] mm/mempolicy: Fix set_mempolicy_home_node() previous VMA pointer

by Liam R. Howlett

The two users of mbind_range() are expecting that mbind_range() will update the pointer to the previous VMA, or return an error. However, set_mempolicy_home_node() does not call mbind_range() if there is no VMA policy. The fix is to update the pointer to the previous VMA prior to continuing iterating the VMAs when there is no policy. Users may experience a WARN_ON() during VMA policy updates when updating a range of VMAs on the home node. Reported-by: Yikebaer Aizezi <yikebaer61(a)gmail.com> Closes: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HG… Link: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HG… Fixes: f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator") Cc: stable(a)vger.kernel.org Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> --- mm/mempolicy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) For completeness, here is the syzbot reproducer so that it is available from the mailing list: #define _GNU_SOURCE #include <endian.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/syscall.h> #include <sys/types.h> #include <unistd.h> #ifndef __NR_set_mempolicy_home_node #define __NR_set_mempolicy_home_node 450 #endif int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); *(uint64_t*)0x20000000 = 0xffffffffffffff81; syscall(__NR_mbind, /*addr=*/0x20ffa000ul, /*len=*/0x4000ul, /*mode=*/2ul, /*nodemask=*/0x20000000ul, /*maxnode=*/7ul, /*flags=*/0ul); syscall(__NR_mbind, /*addr=*/0x20ff9000ul, /*len=*/0x3000ul, /*mode=*/0ul, /*nodemask=*/0ul, /*maxnode=*/0ul, /*flags=*/0ul); syscall(__NR_set_mempolicy_home_node, /*addr=*/0x20ffa000ul, /*len=*/0x4000ul, /*home_node=*/0ul, /*flags=*/0ul); return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 42b5567e3773..717d93c175f2 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1544,8 +1544,10 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned long, start, unsigned long, le * the home node for vmas we already updated before. */ old = vma_policy(vma); - if (!old) + if (!old) { + prev = vma; continue; + } if (old->mode != MPOL_BIND && old->mode != MPOL_PREFERRED_MANY) { err = -EOPNOTSUPP; break; -- 2.40.1

2 years, 1 month

2
1
0 0

[PATCH V6] PCI: qcom: Fix broken pcie enumeration for 2_3_3 configs ops

by Sricharan Ramabadhran

PARF_SLV_ADDR_SPACE_SIZE_2_3_3 macro is used for qcom_pcie_post_init_2_3_3. PCIe slave address space size register offset is 0x358, but was wrongly changed to 0x16c as a part of commit 39171b33f652 ("PCI: qcom: Remove PCIE20_ prefix from register definitions"). Fixing it, by using the right macro and remove the unused PARF_SLV_ADDR_SPACE_SIZE_2_3_3. Without this access to the registers of slave addr space like iATU etc are broken leading to PCIe enumeration failure on IPQ8074. Fixes: 39171b33f652 ("PCI: qcom: Remove PCIE20_ prefix from register definitions") Cc: <Stable(a)vger.kernel.org> Reviewed-by: Manivannan Sadhasivam <mani(a)kernel.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Tested-by: Robert Marko <robimarko(a)gmail.com> Signed-off-by: Sricharan Ramabadhran <quic_srichara(a)quicinc.com> --- [V6] Fixed subject and commit text as per Bjorn Helgaas drivers/pci/controller/dwc/pcie-qcom.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index e2f29404c84e..64420ecc24d1 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -43,7 +43,6 @@ #define PARF_PHY_REFCLK 0x4c #define PARF_CONFIG_BITS 0x50 #define PARF_DBI_BASE_ADDR 0x168 -#define PARF_SLV_ADDR_SPACE_SIZE_2_3_3 0x16c /* Register offset specific to IP ver 2.3.3 */ #define PARF_MHI_CLOCK_RESET_CTRL 0x174 #define PARF_AXI_MSTR_WR_ADDR_HALT 0x178 #define PARF_AXI_MSTR_WR_ADDR_HALT_V2 0x1a8 @@ -797,8 +796,7 @@ static int qcom_pcie_post_init_2_3_3(struct qcom_pcie *pcie) u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); u32 val; - writel(SLV_ADDR_SPACE_SZ, - pcie->parf + PARF_SLV_ADDR_SPACE_SIZE_2_3_3); + writel(SLV_ADDR_SPACE_SZ, pcie->parf + PARF_SLV_ADDR_SPACE_SIZE); val = readl(pcie->parf + PARF_PHY_CTRL); val &= ~PHY_TEST_PWR_DOWN; -- 2.34.1

2 years, 1 month

4
3
0 0

[PATCH 5.15 000/511] 5.15.132-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.132 release. There are 511 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 19 Sep 2023 19:10:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.132-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.132-rc1 Wesley Chalmers <wesley.chalmers(a)amd.com> drm/amd/display: Fix a bug when searching for insert_above_mpcc Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Only fiddle with CHECKFLAGS if `need-compiler' Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ixgbe: fix timestamp configuration code Eric Dumazet <edumazet(a)google.com> ipv6: fix ip6_sock_set_addr_preferences() typo Liu Jian <liujian56(a)huawei.com> net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Fix potential buffer overflows Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop jumbo frames Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors Shigeru Yoshida <syoshida(a)redhat.com> kcm: Fix memory leak in error path of kcm_sendmsg() Hayes Wang <hayeswang(a)realtek.com> r8152: check budget for r8152_poll() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: hide all multicast addresses from "bridge fdb show" Ziyang Xuan <william.xuanziyang(a)huawei.com> hsr: Fix uninit-value access in fill_frame_info() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add Björn Töpel <bjorn(a)rivosinc.com> kselftest/runner.sh: Propagate SIGTERM to runner child Liu Jian <liujian56(a)huawei.com> net: ipv4: fix one memleak in __inet_del_ifa() Aleksey Nasibulin <alealexpro100(a)ya.ru> ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size Li Lingfeng <lilingfeng3(a)huawei.com> block: don't add or resize partition on the disk with GENHD_FL_NO_PART Christoph Hellwig <hch(a)lst.de> block: rename GENHD_FL_NO_PART_SCAN to GENHD_FL_NO_PART Christoph Hellwig <hch(a)lst.de> block: move GENHD_FL_BLOCK_EVENTS_ON_EXCL_WRITE to disk->event_flags Christoph Hellwig <hch(a)lst.de> block: move GENHD_FL_NATIVE_CAPACITY to disk->state Christoph Hellwig <hch(a)lst.de> pcd: cleanup initialization Christoph Hellwig <hch(a)lst.de> pcd: move the identify buffer into pcd_identify Namhyung Kim <namhyung(a)kernel.org> perf hists browser: Fix the number of entries for 'e' key Namhyung Kim <namhyung(a)kernel.org> perf tools: Handle old data in PERF_RECORD_ATTR Namhyung Kim <namhyung(a)kernel.org> perf hists browser: Fix hierarchy mode header Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS `modules_install' regression Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: prevent potential division by zero errors William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential false time out warning William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix crash during the panic_write Anand Jain <anand.jain(a)oracle.com> btrfs: use the correct superblock to compare fsid in btrfs_validate_super Filipe Manana <fdmanana(a)suse.com> btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART Boris Burkov <boris(a)bur.io> btrfs: free qgroup rsv on io failure ruanmeisi <ruan.meisi(a)zte.com.cn> fuse: nlookup missing decrement in fuse_direntplus_link Damien Le Moal <dlemoal(a)kernel.org> ata: pata_ftide010: Add missing MODULE_DESCRIPTION Damien Le Moal <dlemoal(a)kernel.org> ata: sata_gemini: Add missing MODULE_DESCRIPTION Michael Schmitz <schmitzmic(a)gmail.com> ata: pata_falcon: fix IO base selection for Q40 Nathan Chancellor <nathan(a)kernel.org> lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix() Wang Jianjian <wangjianjian0(a)foxmail.com> ext4: add correct group descriptors and reserved GDT blocks to system zone Zhihao Cheng <chengzhihao1(a)huawei.com> jbd2: check 'jh->b_transaction' before removing it from checkpoint Zhang Yi <yi.zhang(a)huawei.com> jbd2: fix checkpoint cleanup performance regression Hien Huynh <hien.huynh.px(a)renesas.com> dmaengine: sh: rz-dmac: Fix destination and source data size setting Pavel Kozlov <pavel.kozlov(a)synopsys.com> ARC: atomics: Add compiler barrier to atomic operations... Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5: Free IRQ rmap and notifier on kernel shutdown Petr Tesarik <petr.tesarik.ext(a)huawei.com> sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() Jie Wang <wangjie125(a)huawei.com> net: hns3: remove GSO partial feature bit Yisen Zhuang <yisen.zhuang(a)huawei.com> net: hns3: fix the port information display when sfp is absent Jijie Shao <shaojijie(a)huawei.com> net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue Hao Chen <chenhao418(a)huawei.com> net: hns3: fix debugfs concurrency issue between kfree buffer and read Hao Chen <chenhao418(a)huawei.com> net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read() Wander Lairson Costa <wander(a)redhat.com> netfilter: nfnetlink_osf: avoid OOB read Florian Westphal <fw(a)strlen.de> netfilter: nftables: exthdr: fix 4-byte stack OOB write Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: complete tc-cbs offload support on SJA1110 Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload Eric Dumazet <edumazet(a)google.com> ip_tunnels: use DEV_STATS_INC() Ariel Marcovitch <arielmarcovitch(a)gmail.com> idr: fix param name in idr_alloc_cyclic() doc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> s390/zcrypt: don't leak memory if dev_set_name() fails Olga Zaborska <olga.zaborska(a)intel.com> igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler Shigeru Yoshida <syoshida(a)redhat.com> kcm: Destroy mutex in kcm_exit_net() valis <sec(a)valis.email> net: sched: sch_qfq: Fix UAF in qfq_dequeue() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data race around sk->sk_err. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around sk->sk_shutdown. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-race around unix_tot_inflight. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around user->unix_inflight. Oleksij Rempel <linux(a)rempel-privat.de> net: phy: micrel: Correct bit assignments for phy_device flags Alex Henrie <alexhenrie24(a)gmail.com> net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Liang Chen <liangchen.linux(a)gmail.com> veth: Fixing transmit return status for dropped packets Corinna Vinschen <vinschen(a)redhat.com> igb: disable virtualization features on 82580 Sriram Yagnaraman <sriram.yagnaraman(a)est.tech> ipv4: ignore dst hint for multipath routes Sean Christopherson <seanjc(a)google.com> drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() Xiubo Li <xiubli(a)redhat.com> ceph: make members in struct ceph_mds_request_args_ext a union Magnus Karlsson <magnus.karlsson(a)intel.com> xsk: Fix xsk_diag use-after-free error during socket cleanup Florian Westphal <fw(a)strlen.de> net: fib: avoid warn splat in flow dissector Eric Dumazet <edumazet(a)google.com> net: read sk->sk_family once in sk_mc_loop() Eric Dumazet <edumazet(a)google.com> ipv4: annotate data-races around fi->fib_dead Eric Dumazet <edumazet(a)google.com> sctp: annotate data-races around sk->sk_wmem_queued Eric Dumazet <edumazet(a)google.com> net/sched: fq_pie: avoid stalls in fq_pie_timer() Vladimir Zapolskiy <vz(a)mleia.com> pwm: lpc32xx: Remove handling of PWM channels Raag Jadav <raag.jadav(a)intel.com> watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't pass an ERR_PTR() directly to perf_session__delete() Kajol Jain <kjain(a)linux.ibm.com> perf vendor events: Drop some of the JSON/events for power10 platform Kajol Jain <kjain(a)linux.ibm.com> perf vendor events: Update the JSON/events descriptions for power10 platform Sean Christopherson <seanjc(a)google.com> x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate bpf: Don't enclose non-debug code with an assert() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: tca6416-keypad - fix interrupt enable disbalance Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: tca6416-keypad - always expect proper IRQ number in i2c client Ying Liu <victor.liu(a)nxp.com> backlight: gpio_backlight: Drop output GPIO direction check for initial power state Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Fix resource freeing in error path and remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Harmonize resource allocation order Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Convert to platform remove callback returning void Arnaldo Carvalho de Melo <acme(a)redhat.com> perf trace: Really free the evsel->priv area Arnaldo Carvalho de Melo <acme(a)redhat.com> perf trace: Use zfree() to reduce chances of use after free Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> kconfig: fix possible buffer overflow Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: low-memory forced flush fixes Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Switch to wait_event in gfs2_logd Masahiro Yamada <masahiroy(a)kernel.org> kbuild: do not run depmod for 'make modules_sign' Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Skip MHI reset if device is in RDDM Fedor Pchelkin <pchelkin(a)ispras.ru> NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a potential data corruption Johan Hovold <johan+linaro(a)kernel.org> clk: qcom: mss-sc7180: fix missing resume during probe Johan Hovold <johan+linaro(a)kernel.org> clk: qcom: q6sstop-qcs404: fix missing resume during probe Chris Lew <quic_clew(a)quicinc.com> soc: qcom: qmi_encdec: Restrict string length in decode Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: clock: xlnx,versal-clk: drop select:false Raag Jadav <raag.jadav(a)intel.com> pinctrl: cherryview: fix address_space_handler() argument Helge Deller <deller(a)gmx.de> parisc: led: Reduce CPU overhead for disk & lan LED computation Helge Deller <deller(a)gmx.de> parisc: led: Fix LAN receive and transmit LEDs Andrew Donnellan <ajd(a)linux.ibm.com> lib/test_meminit: allocate pages up to order MAX_ORDER Johan Hovold <johan+linaro(a)kernel.org> clk: qcom: turingcc-qcs404: fix missing resume during probe Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix DRAM init on AST2200 Johan Hovold <johan+linaro(a)kernel.org> clk: qcom: camcc-sc7180: fix async resume during probe Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix firmware resource tracking Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Error code did not return to upper layer Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Flush mailbox commands on chip reset Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: Remove unsupported ql2xenabledif option Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix TMF leak through Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix session hang in gnl Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Turn off noisy message log Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix erroneous link up failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush during TMF Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: fix inconsistent TMF timeout Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix deletion race condition Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Limit TMF to 8 per function Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Adjust IOCB resource on qpair create Pavel Begunkov <asml.silence(a)gmail.com> io_uring: break iopolling on signal Pavel Begunkov <asml.silence(a)gmail.com> io_uring: break out of iowq iopoll on teardown Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always lock in io_apoll_task_func Quan Tian <qtian(a)vmware.com> net/ipv6: SKB symmetric hash should incorporate transport ports Tom Rix <trix(a)redhat.com> udf: initialize newblock to 0 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "drm/amdgpu: install stub fence into potential unused fence pointers" Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: remove unnecessary local variable in backlog_store() Brian Foster <bfoster(a)redhat.com> tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY Kan Liang <kan.liang(a)linux.intel.com> perf/x86/uncore: Correct the number of CHAs on EMR Jack Wang <jinpu.wang(a)ionos.com> x86/sgx: Break up long non-preemptible delays in sgx_vepc_release() Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix oversight in SuperSpeed initialization Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Alan Stern <stern(a)rowland.harvard.edu> USB: core: Change usb_get_device_descriptor() API Alan Stern <stern(a)rowland.harvard.edu> USB: core: Unite old scheme and new scheme descriptor reads RD Babiera <rdbabiera(a)google.com> usb: typec: bus: verify partner exists in typec_altmode_attention RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: set initial svdm version based on pd revision Gustavo A. R. Silva <gustavoars(a)kernel.org> cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32 - fix loop iterating through scatterlist for DMA Sven Schnelle <svens(a)linux.ibm.com> s390/ipl: add missing secure/has_secure file to ipl type 'unknown' D Scott Phillips <scott(a)os.amperecomputing.com> arm64: sdei: abort running SDEI handlers during crash Enlin Mu <enlin.mu(a)unisoc.com> pstore/ram: Check start of empty przs during init Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: renesas_sdhi: register irqs before registering controller Eric Biggers <ebiggers(a)google.com> fsverity: skip PKCS#7 parser when keyring is empty Nicolas Dichtel <nicolas.dichtel(a)6wind.com> net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Thore Sommer <public(a)thson.de> X.509: if signature is unsupported skip validation Jann Horn <jannh(a)google.com> dccp: Fix out of bounds access in DCCP error handler Alexander Aring <aahringo(a)redhat.com> dlm: fix plock lookup when using multiple lockspaces Yafang Shao <laoar.shao(a)gmail.com> bpf: Fix issue in verifying allow_ptr_leaks Helge Deller <deller(a)gmx.de> parisc: Fix /proc/cpuinfo output for lscpu Aleksa Sarai <cyphar(a)cyphar.com> procfs: block chmod on /proc/thread-self/comm Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Dave Jiang <dave.jiang(a)intel.com> ntb: Fix calculation ntb_transport_tx_free_entry() Dave Jiang <dave.jiang(a)intel.com> ntb: Clean up tx tail index on link down Dave Jiang <dave.jiang(a)intel.com> ntb: Drop packets when qp link is down Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Perform additional retries if doorbell read returns 0 Nilesh Javali <njavali(a)marvell.com> Revert "scsi: qla2xxx: Fix buffer overrun" Konrad Dybcio <konrad.dybcio(a)linaro.org> media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> media: dvb: symbol fixup for dvb_attach() Will Deacon <will(a)kernel.org> arm64: csum: Fix OoB access in IP checksum code for negative lengths Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix probe failure when no i3c device exist Max Filippov <jcmvbkbc(a)gmail.com> xtensa: PMU: fix base address for the newer hardware Thomas Zimmermann <tzimmermann(a)suse.de> backlight/lv5207lp: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/bd6107: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/gpio_backlight: Compare against struct fb_info.device Gustavo A. R. Silva <gustavoars(a)kernel.org> ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() Yi Yang <yiyang13(a)huawei.com> ipmi_si: fix a memleak in try_smi_init() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Check rules is non-NULL Joel Fernandes (Google) <joel(a)joelfernandes.org> mm/vmalloc: add a safer version of find_vm_area() for debug Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix the scsi_set_resid() documentation Kees Cook <keescook(a)chromium.org> printk: ringbuffer: Fix truncating buffer size min_t cast Zqiang <qiang.zhang1211(a)gmail.com> rcu: dump vmalloc memory info safely Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl Boris Brezillon <boris.brezillon(a)collabora.com> PM / devfreq: Fix leak in devfreq_dev_release() Radoslaw Tyl <radoslawx.tyl(a)intel.com> igb: set max size RX buffer when store bad packet is enabled Mohamed Khalfella <mkhalfella(a)purestorage.com> skbuff: skb_segment, Call zero copy functions before using skbuff frags Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_sctp: validate the flag_info count Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_u32: validate user space input Kyle Zeng <zengyhkyle(a)gmail.com> netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Eric Dumazet <edumazet(a)google.com> igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU Yuan Yao <yuanyaogoog(a)chromium.org> virtio_ring: fix avail_wrap_counter in virtqueue_add_packed Liao Chang <liaochang1(a)huawei.com> cpufreq: Fix the race condition while updating the transition_task of policy ruanjinjie <ruanjinjie(a)huawei.com> dmaengine: ste_dma40: Add missing IRQ check in d40_probe Randy Dunlap <rdunlap(a)infradead.org> um: Fix hostaudio build errors Yi Yang <yiyang13(a)huawei.com> mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() Hsin-Yi Wang <hsinyi(a)chromium.org> mtd: spi-nor: Check bus width while setting QE bit Marek Behún <kabel(a)kernel.org> leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead Marek Behún <kabel(a)kernel.org> leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false Marek Behún <kabel(a)kernel.org> leds: multicolor: Use rounded division when calculating color components Dan Carpenter <dan.carpenter(a)linaro.org> leds: pwm: Fix error code in led_pwm_create_fwnode() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rpmsg: glink: Add check for kstrdup Jonas Karlman <jonas(a)kwiboo.se> phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write Zheng Yang <zhengyang(a)rock-chips.com> phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate Jonas Karlman <jonas(a)kwiboo.se> phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix mtd oobsize Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Fix race issue between cpu buffer write and swap Mikhail Kobuk <m.kobuk(a)ispras.ru> tracing: Remove extra space at the end of hwlat_detector/mode Dave Hansen <dave.hansen(a)linux.intel.com> x86/speculation: Mark all Skylake CPUs as vulnerable to GDS Rahul Rameshbabu <sergeantsagara(a)protonmail.com> HID: multitouch: Correct devm device reference for hidinput input_dev name Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() Leon Romanovsky <leon(a)kernel.org> Revert "IB/isert: Fix incorrect release of isert connection" Peng Fan <peng.fan(a)nxp.com> amba: bus: fix refcount leak Yi Yang <yiyang13(a)huawei.com> serial: tegra: handle clk prepare error in tegra_uart_hw_init() Chengfeng Ye <dg573847474(a)gmail.com> scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Tony Battersby <tonyb(a)cybernetics.com> scsi: core: Use 32-bit hostnum in scsi_host_lookup() Lu Jialin <lujialin4(a)huawei.com> cgroup:namespace: Remove unused cgroup_namespaces_init() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: i2c: rdacm21: Fix uninitialized value Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Add ov2680_fill_format() helper function Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Don't take the lock for try_fmt calls Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix vflip / hflip set functions Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix ov2680_bayer_order() Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Remove auto-gain and auto-exposure controls Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips Marek Vasut <marex(a)denx.de> media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: f_mass_storage: Fix unused variable warning Konrad Dybcio <konrad.dybcio(a)linaro.org> media: venus: hfi_venus: Only consider sys_idle_indicator on V1 Colin Ian King <colin.i.king(a)gmail.com> media: go7007: Remove redundant if statement Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-sysman: Fix reference leak Yanfei Xu <yanfei.xu(a)intel.com> iommu/vt-d: Fix to flush cache of PASID directory table AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Disable and reset context bank before programming Eddie James <eajames(a)linux.ibm.com> fsi: aspeed: Reset master errors after CFAM reset Xiang Yang <xiangyang3(a)huawei.com> IB/uverbs: Fix an potential error pointer dereference Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix CQ and QP cache affinity Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix incorrect post-send with direct wqe of wr-list Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix port active speed Jason Gunthorpe <jgg(a)ziepe.ca> iommu/sprd: Add missing force_aperture Dan Carpenter <dan.carpenter(a)linaro.org> driver core: test_async: fix an error code Rob Clark <robdclark(a)chromium.org> dma-buf/sync_file: Fix docs syntax Ruidong Tian <tianruidong(a)linux.alibaba.com> coresight: tmc: Explicit type conversions to prevent integer overflow Gustavo A. R. Silva <gustavoars(a)kernel.org> RDMA/irdma: Replace one-element array with flexible-array member Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Randy Dunlap <rdunlap(a)infradead.org> x86/APM: drop the duplicate APM_MINOR_DEV macro Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: Fix DMA buffer leak issue Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: Assign sprd_port after initialized to avoid wrong access Lin Ma <linma(a)zju.edu.cn> scsi: qla4xxx: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: be2iscsi: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Lin Ma <linma(a)zju.edu.cn> scsi: iscsi: Add length check for nlattr payload Wenchao Hao <haowenchao(a)huawei.com> scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() Bart Van Assche <bvanassche(a)acm.org> scsi: RDMA/srp: Fix residual handling Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Return NULL if no vdec_fb is found Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: rkvdec: increase max supported height for H.264 Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix normally completed I/O analysed as failed Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix warnings detected by sparse Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Modify v3 HW SATA completion error processing Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Modify v3 HW SSP underflow error processing Daniil Dulov <d.dulov(a)aladdin.ru> media: cx24120: Add retval check for cx24120_message_send() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Daniil Dulov <d.dulov(a)aladdin.ru> media: dib7000p: Fix potential division by zero Dongliang Mu <dzm91(a)hust.edu.cn> drivers: usb: smsusb: fix error handling code in smsusb_init_device Jonas Karlman <jonas(a)kwiboo.se> iommu: rockchip: Fix directory table address encoding Daniel Marcovitch <dmarcovitch(a)nvidia.com> iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() Claudiu Beznea <claudiu.beznea(a)microchip.com> media: i2c: tvp5150: check return value of devm_kasprintf() Hans de Goede <hdegoede(a)redhat.com> media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables Minjie Du <duminjie(a)vivo.com> RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() Anna Schumaker <Anna.Schumaker(a)Netapp.com> pNFS: Fix assignment of xprtdata.cred Olga Kornievskaia <kolga(a)netapp.com> NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ Benjamin Coddington <bcodding(a)redhat.com> NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN Chuck Lever <chuck.lever(a)oracle.com> NFSD: da_addr_body field missing in some GETDEVICEINFO replies Su Hui <suhui(a)nfschina.com> fs: lockd: avoid possible wrong NULL parameter Alexei Filippov <halip0503(a)gmail.com> jfs: validate max amount of blocks before allocation. Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: fix unttached inode after power cut with orphan file feature enabled Russell Currey <ruscur(a)russell.cc> powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Dan Carpenter <dan.carpenter(a)linaro.org> nfs/blocklayout: Use the passed in gfp flags Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Don't include lppaca.h in paca.h Xiaowei Bao <xiaowei.bao(a)nxp.com> PCI: layerscape: Add workaround for lost link capabilities during reset Frank Li <Frank.Li(a)nxp.com> PCI: layerscape: Add the endpoint linkup notifier support Serge Semin <Sergey.Semin(a)baikalelectronics.ru> PCI: dwc: Add start_link/stop_link inlines Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: ath10k: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: ath11k: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> net/mlx5: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> drm/radeon: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> drm/amdgpu: Use RMW accessors for changing LNKCTL Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/perf: Convert fsl_emb notifier to state machine callbacks Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/fadump: reset dump area size if fadump memory reserve fails Stefan Hajnoczi <stefanha(a)redhat.com> vfio/type1: fix cap_migration information leak Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op Marco Felsch <m.felsch(a)pengutronix.de> clk: imx8mp: fix sai4 clock Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI/ASPM: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Use RMW accessors for changing LNKCTL Claudiu Beznea <claudiu.beznea(a)microchip.com> pinctrl: mcp23s08: check return value of devm_kasprintf() Wu Zongyong <wuzongyong(a)linux.alibaba.com> PCI: Mark NVIDIA T4 GPUs to avoid bus reset Daire McNamara <daire.mcnamara(a)microchip.com> PCI: microchip: Correct the DED and SEC interrupt bit offsets Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gcc_sdcc2_apps_clk_src Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: reset: Use the correct type of sleep/delay based on length Patrick Whewell <patrick.whewell(a)sightlineapplications.com> clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid potential data overflow in next_linear_group Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: correct grp validation in ext4_mb_good_group Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix the issue of no error events David Wronek <davidwronek(a)gmail.com> clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src Zhang Jianhua <chris.zjh(a)huawei.com> clk: sunxi-ng: Modify mismatched function name Minjie Du <duminjie(a)vivo.com> drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Corey Minyard <minyard(a)acm.org> ipmi:ssif: Fix a memory leak when scanning for an adapter Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ipmi:ssif: Add check for kstrdup Su Hui <suhui(a)nfschina.com> ALSA: ac97: Fix possible error value of *rac97 Geert Uytterhoeven <geert+renesas(a)glider.be> of: unittest: Fix overlay type in apply/revert check Geert Uytterhoeven <geert+renesas(a)glider.be> of: overlay: Call of_changeset_init() early David Jeffery <djeffery(a)redhat.com> md: raid0: account for split bio in iostat accounting Jan Kara <jack(a)suse.cz> md/raid0: Fix performance regression for large sequential writes Jan Kara <jack(a)suse.cz> md/raid0: Factor out helper for mapping and submitting a bio Mariusz Tkaczyk <mariusz.tkaczyk(a)linux.intel.com> md: add error_handlers for raid0 and linear Mariusz Tkaczyk <mariusz.tkaczyk(a)linux.intel.com> md: Set MD_BROKEN for RAID1 and RAID10 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix cast to enum warning Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> arm64: dts: qcom: apq8016-sbc: Fix ov5640 regulator supply names Sui Jingfeng <suijingfeng(a)loongson.cn> drm/mediatek: Fix potential memory leak if vmap() fail Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Remove freeing not dynamic allocated memory Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix build warning for 64-bit build Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix drain stalls by invalid SQE Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix possible soft lockup in __audit_inode_child() Fabio Estevam <festevam(a)denx.de> drm/msm/a2xx: Call adreno_gpu_init() earlier Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() Dan Carpenter <dan.carpenter(a)linaro.org> smackfs: Prevent underflow in smk_set_cipso() Zhang Shurong <zhang_shurong(a)foxmail.com> firmware: meson_sm: fix to avoid potential NULL pointer dereference Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/msm/mdp5: Don't leak some plane state Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask Nayna Jain <nayna(a)linux.ibm.com> ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 Geert Uytterhoeven <geert+renesas(a)glider.be> drm/armada: Fix off-by-one error in armada_overlay_get_property() Zeyan Li <qaz6750(a)outlook.com> arm64: dts: qcom: sm8150: Fix the I2C7 interrupt Ruan Jinjie <ruanjinjie(a)huawei.com> of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Yangtao Li <frank.li(a)vivo.com> drm/tegra: dpaux: Fix incorrect return value of platform_get_irq Ryan McCann <quic_rmccann(a)quicinc.com> drm/msm: Update dev core dump to not print backwards Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: hold 'reconfig_mutex' in backlog_store() Guoqing Jiang <guoqing.jiang(a)linux.dev> md/bitmap: don't set max_write_behind if there is no write mostly device Li Nan <linan122(a)huawei.com> md/raid10: use dereference_rdev_and_rrdev() to get devices Li Nan <linan122(a)huawei.com> md/raid10: factor out dereference_rdev_and_rrdev() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' Manivannan Sadhasivam <mani(a)kernel.org> arm64: dts: qcom: sdm845: Fix the min frequency of "ice_core_clk" Manivannan Sadhasivam <mani(a)kernel.org> arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Fix Ethernet info for Luxul devices Bogdan Togorean <bogdan.togorean(a)analog.com> drm: adv7511: Fix low refresh rate register for ADV7533/5 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: s3c64xx: align pinctrl with dtschema Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> x86/mm: Fix PAT bit missing from page protection modify mask Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix dumping of active MMU context Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: pmi8994: Add missing OVP interrupt Marijn Suijten <marijn.suijten(a)somainline.org> arm64: dts: qcom: Move WLED num-strings from pmi8994 to sony-xperia-tone Marijn Suijten <marijn.suijten(a)somainline.org> arm64: dts: qcom: pmi8994: Remove hardcoded linear WLED enabled-strings Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: pm660l: Add missing short interrupt Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: correct SPMI WLED register range encoding AngeloGioacchino Del Regno <angelogioacchino.delregno(a)somainline.org> arm64: dts: qcom: pmi8998: Add node for WLED Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8250-sony-xperia: correct GPIO keys wakeup again Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Add cells sizes to PCIe node Arnd Bergmann <arnd(a)arndb.de> drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8250: Mark PCIe hosts as DMA coherent Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: pmk8350: fix ADC-TM compatible string Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8350: Use proper CPU compatibles Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8350: Add missing LMH interrupts to cpufreq Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8250-edo: Rectify gpio-keys Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8250-edo: Add GPIO line names for PMIC GPIOs Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8250-edo: Add gpio line names for TLMM Vincent Guittot <vincent.guittot(a)linaro.org> arm64: dts: qcom: sm8250: correct dynamic power coefficients Luca Weiss <luca(a)z3ntu.xyz> soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros Luca Weiss <luca(a)z3ntu.xyz> soc: qcom: ocmem: Add OCMEM hardware version print Randy Dunlap <rdunlap(a)infradead.org> ASoC: stac9766: fix build errors with REGMAP_AC97 Baokun Li <libaokun1(a)huawei.com> quota: fix dqput() to follow the guarantees dquot_srcu should provide Baokun Li <libaokun1(a)huawei.com> quota: add new helper dquot_active() Baokun Li <libaokun1(a)huawei.com> quota: rename dquot_active() to inode_quota_active() Baokun Li <libaokun1(a)huawei.com> quota: factor out dquot_write_dquot() Marek Vasut <marex(a)denx.de> drm/bridge: tc358764: Fix debug print parameter order Kuniyuki Iwashima <kuniyu(a)amazon.com> netrom: Deny concurrent connect(). Budimir Markovic <markovicbudimir(a)gmail.com> net/sched: sch_hfsc: Ensure inner classes have fsc curve Biju Das <biju.das.jz(a)bp.renesas.com> hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Limit single transaction buffer size Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Fix chunk size setting in output mailbox buffer Jinjie Ruan <ruanjinjie(a)huawei.com> net: arcnet: Do not call kfree_skb() under local_irq_disable() Wang Ming <machel(a)vivo.com> wifi: ath9k: use IS_ERR() with debugfs_create_dir() Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: avoid possible NULL skb pointer dereference Lin Ma <linma(a)zju.edu.cn> wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: protect WMI command response buffer replacement with a lock Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx Daniel T. Lee <danieltimlee(a)gmail.com> samples/bpf: fix broken map lookup probe Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix missed return in oob checks failed path Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Artem Chernyshev <artem.chernyshev(a)red-soft.ru> fs: ocfs2: namei: check return value of ocfs2_add_entry() Yan Zhai <yan(a)cloudflare.com> lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Yan Zhai <yan(a)cloudflare.com> lwt: Fix return values of BPF xmit ops Florian Fainelli <florian.fainelli(a)broadcom.com> hwrng: iproc-rng200 - Implement suspend and resume calls Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - fix unchecked return value error Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: ice_aq_check_events: fix off-by-one check when filling buffer Abel Wu <wuyun.abel(a)bytedance.com> net-memcg: Fix scope of sockmem pressure indicators Yipeng Zou <zouyipeng(a)huawei.com> selftests/bpf: Clean up fmod_ret in bench_rename test script Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Min Li <lm0963hack(a)gmail.com> Bluetooth: Fix potential use-after-free when clear keys Yuanjun Gong <ruc_gongyuanjun(a)163.com> Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Use work queue in crypto_destroy_instance Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> crypto: stm32 - Properly handle pm_runtime_get failing Alan Maguire <alan.maguire(a)oracle.com> selftests/bpf: fix static assert compilation issue for test_cls_*.c Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix OOB and integer underflow when rx packets Ryder Lee <ryder.lee(a)mediatek.com> wifi: mt76: mt7915: fix power-limits while chan_switch Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Zhang Shurong <zhang_shurong(a)foxmail.com> spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Lin Ma <linma(a)zju.edu.cn> wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH David Ahern <dsahern(a)kernel.org> ipv6: Add reasons for skb drops to __udp6_lib_rcv Lorenz Bauer <lmb(a)isovalent.com> bpf: reject unhashed sockets in bpf_sk_assign Lorenz Bauer <lmb(a)isovalent.com> udp: re-score reuseport groups when connected sockets are present Dan Carpenter <dan.carpenter(a)linaro.org> regmap: rbtree: Use alloc_flags for memory allocations Martin Kaiser <martin(a)kaiser.cx> hwrng: pic32 - use devm_clk_get_enabled Martin Kaiser <martin(a)kaiser.cx> hwrng: nomadik - keep clock enabled while hwrng is registered Eric Dumazet <edumazet(a)google.com> tcp: tcp_enter_quickack_mode() should be static Yafang Shao <laoar.shao(a)gmail.com> bpf: Clear the probe_addr for uprobe Alexander Lobakin <alobakin(a)pm.me> bpftool: Use a local bpf_perf_event_value to fix accessing its fields Liao Chang <liaochang1(a)huawei.com> cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Mikel Rychliski <mikel(a)mikelr.com> x86/efistub: Fix PCI ROM preservation in mixed mode Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: s2idle: Post-increment variables when getting constraints Holger Dengler <dengler(a)linux.ibm.com> s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: fix/harmonize internal keyblob headers Nysal Jan K.A <nysal(a)linux.ibm.com> selftests/futex: Order calls to futex_lock_pi Xu Yang <xu.yang_2(a)nxp.com> perf/imx_ddr: don't enable counter0 if none of 4 counters are used Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Close perf value read fd on errors Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Unmount resctrl FS if child fails to run benchmark Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Don't leak buffer in fill_cache() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Add resctrl.h into build deps Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> selftests/resctrl: Make resctrl_tests run using kselftest framework Manivannan Sadhasivam <mani(a)kernel.org> OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() Waiman Long <longman(a)redhat.com> refscale: Fix uninitalized use of wait_queue_head_t Kees Cook <keescook(a)chromium.org> ARM: ptrace: Restore syscall skipping for tracers Kees Cook <keescook(a)chromium.org> ARM: ptrace: Restore syscall restart tracing Kees Cook <keescook(a)chromium.org> selftests/harness: Actually report SKIP for signal tests Christian Brauner <brauner(a)kernel.org> tmpfs: verify {g,u}id mount options correctly Wang Ming <machel(a)vivo.com> fs: Fix error checking for d_hash_and_lookup() Wen Yang <wenyang.linux(a)foxmail.com> eventfd: prevent underflow for eventfd semaphores Matthew Wilcox <willy(a)infradead.org> reiserfs: Check the return value from __getblk() Sabrina Dubroca <sd(a)queasysnail.net> Revert "net: macsec: preserve ingress frame ordering" Jan Kara <jack(a)suse.cz> udf: Handle error when adding extent to a file Vladislav Efanov <VEfanov(a)ispras.ru> udf: Check consistency of Space Bitmap Descriptor Nathan Chancellor <nathan(a)kernel.org> of: kexec: Mark ima_{free,stable}_kexec_buffer() as __init Jordan Rife <jrife(a)google.com> net: Avoid address overwrite in kernel_connect Joey Gouly <joey.gouly(a)arm.com> arm64: lib: Import latest version of Arm Optimized Routines' strncmp Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rsa-pkcs1pad - Use helper to set reqsize Shih-Yi Chen <shihyic(a)nvidia.com> platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Introduce pipe_cpumask to avoid race on trace_pipes Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Fix racy open/close of MIDI devices Justin Tee <justintee8345(a)gmail.com> scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Always set no_report_opcodes Dan Carpenter <dan.carpenter(a)linaro.org> sctp: handle invalid error codes without calling BUG() David Christensen <drc(a)linux.vnet.ibm.com> bnx2x: fix page fault following EEH recovery Dmitry Mastykin <dmastykin(a)astralinux.ru> netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Match against exact bootloader status Jian Shen <shenjian15(a)huawei.com> net: hns3: restore user pause configure when disable autoneg Chengfeng Ye <dg573847474(a)gmail.com> scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove reftag check in DIF paths Baoquan He <bhe(a)redhat.com> idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Fix field-spanning write in brcmf_scan_params_v2_to_v1() Martin Kohn <m.kohn(a)welotec.com> net: usb: qmi_wwan: add Quectel EM05GV2 Ani Sinha <anisinha(a)redhat.com> vmbus_testing: fix wrong python syntax for integer value comparison Baoquan He <bhe(a)redhat.com> clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes: Prohibit probing on CFI preamble symbol Christian Göttsche <cgzones(a)googlemail.com> security: keys: perform capable check only on privileged operations Minjie Du <duminjie(a)vivo.com> ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer() Eric Snowberg <eric.snowberg(a)oracle.com> ovl: Always reevaluate the file signature for IMA Leo Chen <sancchen(a)amd.com> drm/amd/display: Exit idle optimizations before attempt to access PHY Konstantin Shelekhin <k.shelekhin(a)ftml.net> platform/x86: huawei-wmi: Silence ambient light sensor Maxim Mikityanskiy <maxtram95(a)gmail.com> platform/x86/intel/hid: Add HP Dragonfly G2 to VGBS DMI quirks Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel: hid: Always call BTNL ACPI method Guiting Shen <aarongt.shen(a)gmail.com> ASoC: atmel: Fix the 8K sample parameter in I2SC master Shuming Fan <shumingf(a)realtek.com> ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 Shuming Fan <shumingf(a)realtek.com> ASoC: rt711: fix for JD event handling in ClockStop Mode0 Edgar <ljijcj(a)163.com> ASoc: codecs: ES8316: Fix DMIC config Shuming Fan <shumingf(a)realtek.com> ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 Winston Wen <wentao(a)uniontech.com> fs/nls: make load_nls() take a const parameter Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging device after request requeue Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: use correct number of retries for ERP requests Ben Hutchings <benh(a)debian.org> m68k: Fix invalid .section syntax Jiri Benc <jbenc(a)redhat.com> vxlan: generalize vxlan_parse_gpe_hdr and remove unused args Yuanjun Gong <ruc_gongyuanjun(a)163.com> ethernet: atheros: fix return value check in atl1c_tso_csum() Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Check for failure reading AAD IRQ events Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Flush pending AAD IRQ when suspending Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: no response from compound read Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out of bounds in smb3_decrypt_req() Dominique Martinet <asmadeus(a)codewreck.org> 9p: virtio: make sure 'offs' is initialized in zc_request Nikolay Burykin <burikin(a)ivk.ru> media: pci: cx23885: fix error handling for cx23885 ATSC boards Dmitry Antipov <dmantipov(a)yandex.ru> media: pulse8-cec: handle possible ping error Adrien Thierry <athierry(a)redhat.com> phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code Xiaolei Wang <xiaolei.wang(a)windriver.com> ARM: dts: imx: Set default tuning step for imx7d usdhc Stefan Wahren <stefan.wahren(a)i2se.com> ARM: dts: imx: Adjust dma-apbh node name Marek Vasut <marex(a)denx.de> ARM: dts: imx7s: Drop dma-apb interrupt-names Joy Zou <joy.zou(a)nxp.com> ARM: dts: imx: update sdma node name format ------------- Diffstat: .../devicetree/bindings/clock/xlnx,versal-clk.yaml | 2 - Documentation/scsi/scsi_mid_low_api.rst | 4 +- Makefile | 6 +- arch/arc/include/asm/atomic-llsc.h | 6 +- arch/arc/include/asm/atomic64-arcv2.h | 6 +- arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 13 + arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 13 + arch/arm/boot/dts/bcm53573.dtsi | 3 + arch/arm/boot/dts/bcm947189acdbmr.dts | 6 +- arch/arm/boot/dts/exynos4210-i9100.dts | 4 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx31.dtsi | 2 +- arch/arm/boot/dts/imx35.dtsi | 2 +- arch/arm/boot/dts/imx50.dtsi | 2 +- arch/arm/boot/dts/imx51.dtsi | 2 +- arch/arm/boot/dts/imx53.dtsi | 2 +- arch/arm/boot/dts/imx6qdl.dtsi | 4 +- arch/arm/boot/dts/imx6sl.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 4 +- arch/arm/boot/dts/imx6ul.dtsi | 4 +- arch/arm/boot/dts/imx7s.dtsi | 11 +- arch/arm/boot/dts/s3c6410-mini6410.dts | 6 +- arch/arm/boot/dts/s3c64xx-pinctrl.dtsi | 210 ++++++------- arch/arm/boot/dts/s5pv210-smdkv210.dts | 10 +- arch/arm/include/asm/syscall.h | 3 + arch/arm/kernel/entry-common.S | 1 + arch/arm/kernel/ptrace.c | 5 +- arch/arm/mach-omap2/powerdomain.c | 2 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 6 +- .../boot/dts/qcom/msm8996-sony-xperia-tone.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 + arch/arm64/boot/dts/qcom/pm660l.dtsi | 7 +- arch/arm64/boot/dts/qcom/pmi8994.dtsi | 10 +- arch/arm64/boot/dts/qcom/pmi8998.dtsi | 12 + arch/arm64/boot/dts/qcom/pmk8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 3 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 2 +- .../dts/qcom/sm8250-sony-xperia-edo-pdx203.dts | 233 ++++++++++++++ .../dts/qcom/sm8250-sony-xperia-edo-pdx206.dts | 243 ++++++++++++++ .../boot/dts/qcom/sm8250-sony-xperia-edo.dtsi | 54 +++- arch/arm64/boot/dts/qcom/sm8250.dtsi | 11 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 23 +- arch/arm64/include/asm/sdei.h | 6 + arch/arm64/kernel/entry.S | 27 +- arch/arm64/kernel/sdei.c | 3 + arch/arm64/kernel/smp.c | 8 +- arch/arm64/lib/csum.c | 2 +- arch/arm64/lib/strncmp.S | 234 ++++++++------ arch/m68k/fpsp040/skeleton.S | 4 +- arch/m68k/ifpsp060/os.S | 4 +- arch/m68k/kernel/relocate_kernel.S | 4 +- arch/mips/Makefile | 6 +- arch/parisc/include/asm/led.h | 4 +- arch/parisc/kernel/processor.c | 13 +- arch/powerpc/include/asm/lppaca.h | 13 +- arch/powerpc/include/asm/paca.h | 6 +- arch/powerpc/include/asm/paravirt.h | 1 + arch/powerpc/include/asm/plpar_wrappers.h | 1 + arch/powerpc/kernel/fadump.c | 1 + arch/powerpc/kernel/iommu.c | 17 +- arch/powerpc/kvm/book3s_hv_ras.c | 1 + arch/powerpc/mm/book3s64/radix_tlb.c | 240 +++++++------- arch/powerpc/mm/book3s64/slb.c | 1 + arch/powerpc/perf/core-fsl-emb.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 10 +- arch/powerpc/platforms/pseries/lparcfg.c | 4 +- arch/powerpc/platforms/pseries/setup.c | 2 +- arch/powerpc/xmon/xmon.c | 1 + arch/s390/crypto/paes_s390.c | 2 +- arch/s390/kernel/ipl.c | 2 + arch/sh/boards/mach-ap325rxa/setup.c | 2 +- arch/sh/boards/mach-ecovec24/setup.c | 6 +- arch/sh/boards/mach-kfr2r09/setup.c | 2 +- arch/sh/boards/mach-migor/setup.c | 2 +- arch/sh/boards/mach-se/7724/setup.c | 6 +- arch/um/configs/i386_defconfig | 1 + arch/um/configs/x86_64_defconfig | 1 + arch/um/drivers/Kconfig | 16 +- arch/um/drivers/Makefile | 2 +- arch/x86/boot/compressed/head_64.S | 30 +- arch/x86/events/intel/uncore_snbep.c | 12 +- arch/x86/include/asm/pgtable_types.h | 11 +- arch/x86/include/asm/virtext.h | 6 - arch/x86/kernel/apm_32.c | 6 - arch/x86/kernel/cpu/common.c | 8 +- arch/x86/kernel/cpu/sgx/virt.c | 3 + arch/xtensa/include/asm/core.h | 9 + arch/xtensa/kernel/perf_event.c | 17 +- block/bdev.c | 2 +- block/genhd.c | 2 +- block/ioctl.c | 2 + block/partitions/core.c | 15 +- crypto/algapi.c | 16 +- crypto/asymmetric_keys/x509_public_key.c | 5 + crypto/rsa-pkcs1pad.c | 5 +- drivers/acpi/x86/s2idle.c | 39 +-- drivers/amba/bus.c | 1 + drivers/ata/pata_arasan_cf.c | 3 +- drivers/ata/pata_falcon.c | 50 +-- drivers/ata/pata_ftide010.c | 1 + drivers/ata/sata_gemini.c | 1 + drivers/base/regmap/regcache-rbtree.c | 10 +- drivers/base/test/test_async_driver_probe.c | 2 +- drivers/block/loop.c | 8 +- drivers/block/n64cart.c | 2 +- drivers/block/paride/pcd.c | 298 ++++++++---------- drivers/bluetooth/btusb.c | 2 +- drivers/bluetooth/hci_nokia.c | 6 +- drivers/bus/mhi/host/pm.c | 5 + drivers/bus/ti-sysc.c | 2 +- drivers/char/hw_random/iproc-rng200.c | 25 ++ drivers/char/hw_random/nomadik-rng.c | 12 +- drivers/char/hw_random/pic32-rng.c | 19 +- drivers/char/ipmi/ipmi_si_intf.c | 5 + drivers/char/ipmi/ipmi_ssif.c | 7 +- drivers/clk/Kconfig | 1 + drivers/clk/imx/clk-composite-8m.c | 12 +- drivers/clk/imx/clk-imx8mp.c | 5 - drivers/clk/imx/clk-pll14xx.c | 2 - drivers/clk/keystone/pll.c | 2 +- drivers/clk/qcom/camcc-sc7180.c | 2 +- drivers/clk/qcom/gcc-mdm9615.c | 2 +- drivers/clk/qcom/gcc-sc7180.c | 1 + drivers/clk/qcom/gcc-sm6350.c | 1 + drivers/clk/qcom/gcc-sm8250.c | 1 + drivers/clk/qcom/mss-sc7180.c | 13 +- drivers/clk/qcom/q6sstop-qcs404.c | 15 +- drivers/clk/qcom/reset.c | 3 +- drivers/clk/qcom/turingcc-qcs404.c | 13 +- drivers/clk/sunxi-ng/ccu_mmc_timing.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 6 +- drivers/cpufreq/cpufreq.c | 2 + drivers/cpufreq/powernow-k8.c | 3 +- drivers/cpuidle/cpuidle-pseries.c | 8 +- drivers/crypto/caam/caampkc.c | 4 +- drivers/crypto/stm32/stm32-hash.c | 9 +- drivers/devfreq/devfreq.c | 1 + drivers/dma/Kconfig | 2 + drivers/dma/sh/rz-dmac.c | 11 +- drivers/dma/ste_dma40.c | 4 + drivers/edac/igen6_edac.c | 8 +- drivers/firmware/arm_sdei.c | 19 ++ drivers/firmware/efi/libstub/x86-stub.c | 2 +- drivers/firmware/meson/meson_sm.c | 2 + drivers/fsi/fsi-master-aspeed.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +- drivers/gpu/drm/amd/amdgpu/cik.c | 36 +-- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 15 +- drivers/gpu/drm/amd/amdgpu/si.c | 36 +-- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 + drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 5 +- .../drm/amd/display/modules/freesync/freesync.c | 9 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 10 +- drivers/gpu/drm/armada/armada_overlay.c | 6 +- drivers/gpu/drm/ast/ast_post.c | 2 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 9 +- drivers/gpu/drm/bridge/tc358764.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_dump.c | 14 +- drivers/gpu/drm/i915/gvt/gtt.c | 18 -- drivers/gpu/drm/i915/gvt/gtt.h | 1 - drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 7 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 6 +- drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 8 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 3 +- drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c | 2 +- drivers/gpu/drm/panel/panel-simple.c | 4 +- drivers/gpu/drm/radeon/cik.c | 36 +-- drivers/gpu/drm/radeon/si.c | 37 +-- drivers/gpu/drm/tegra/dpaux.c | 2 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 4 +- drivers/hid/hid-logitech-dj.c | 5 +- drivers/hid/hid-multitouch.c | 13 +- drivers/hwmon/tmp513.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-etf.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-etr.c | 5 +- drivers/hwtracing/coresight/coresight-tmc.h | 2 +- drivers/i3c/master/svc-i3c-master.c | 14 +- .../infiniband/core/uverbs_std_types_counters.c | 2 + drivers/infiniband/hw/hns/hns_roce_device.h | 1 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 3 +- drivers/infiniband/hw/hns/hns_roce_main.c | 7 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 28 +- drivers/infiniband/hw/irdma/main.h | 2 +- drivers/infiniband/hw/irdma/verbs.c | 1 - drivers/infiniband/ulp/isert/ib_isert.c | 2 + drivers/infiniband/ulp/srp/ib_srp.c | 4 - drivers/input/keyboard/tca6416-keypad.c | 31 +- drivers/iommu/amd/iommu_v2.c | 4 +- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 7 + drivers/iommu/intel/pasid.c | 2 +- drivers/iommu/rockchip-iommu.c | 43 +-- drivers/iommu/sprd-iommu.c | 1 + drivers/leds/led-class-multicolor.c | 8 +- drivers/leds/led-core.c | 8 +- drivers/leds/leds-pwm.c | 2 +- drivers/leds/trigger/ledtrig-tty.c | 12 +- drivers/md/md-bitmap.c | 28 +- drivers/md/md-linear.c | 14 +- drivers/md/md.c | 30 +- drivers/md/md.h | 72 ++--- drivers/md/raid0.c | 96 +++--- drivers/md/raid1.c | 43 ++- drivers/md/raid10.c | 82 +++-- drivers/media/cec/usb/pulse8/pulse8-cec.c | 7 +- drivers/media/dvb-frontends/ascot2e.c | 2 +- drivers/media/dvb-frontends/atbm8830.c | 2 +- drivers/media/dvb-frontends/au8522_dig.c | 2 +- drivers/media/dvb-frontends/bcm3510.c | 2 +- drivers/media/dvb-frontends/cx22700.c | 2 +- drivers/media/dvb-frontends/cx22702.c | 2 +- drivers/media/dvb-frontends/cx24110.c | 2 +- drivers/media/dvb-frontends/cx24113.c | 2 +- drivers/media/dvb-frontends/cx24116.c | 2 +- drivers/media/dvb-frontends/cx24120.c | 6 +- drivers/media/dvb-frontends/cx24123.c | 2 +- drivers/media/dvb-frontends/cxd2820r_core.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 4 +- drivers/media/dvb-frontends/cxd2880/cxd2880_top.c | 2 +- drivers/media/dvb-frontends/dib0070.c | 2 +- drivers/media/dvb-frontends/dib0090.c | 4 +- drivers/media/dvb-frontends/dib3000mb.c | 2 +- drivers/media/dvb-frontends/dib3000mc.c | 2 +- drivers/media/dvb-frontends/dib7000m.c | 2 +- drivers/media/dvb-frontends/dib7000p.c | 4 +- drivers/media/dvb-frontends/dib8000.c | 2 +- drivers/media/dvb-frontends/dib9000.c | 2 +- drivers/media/dvb-frontends/drx39xyj/drxj.c | 2 +- drivers/media/dvb-frontends/drxd_hard.c | 2 +- drivers/media/dvb-frontends/drxk_hard.c | 2 +- drivers/media/dvb-frontends/ds3000.c | 2 +- drivers/media/dvb-frontends/dvb-pll.c | 2 +- drivers/media/dvb-frontends/ec100.c | 2 +- drivers/media/dvb-frontends/helene.c | 4 +- drivers/media/dvb-frontends/horus3a.c | 2 +- drivers/media/dvb-frontends/isl6405.c | 2 +- drivers/media/dvb-frontends/isl6421.c | 2 +- drivers/media/dvb-frontends/isl6423.c | 2 +- drivers/media/dvb-frontends/itd1000.c | 2 +- drivers/media/dvb-frontends/ix2505v.c | 2 +- drivers/media/dvb-frontends/l64781.c | 2 +- drivers/media/dvb-frontends/lg2160.c | 2 +- drivers/media/dvb-frontends/lgdt3305.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 2 +- drivers/media/dvb-frontends/lgdt330x.c | 2 +- drivers/media/dvb-frontends/lgs8gxx.c | 2 +- drivers/media/dvb-frontends/lnbh25.c | 2 +- drivers/media/dvb-frontends/lnbp21.c | 4 +- drivers/media/dvb-frontends/lnbp22.c | 2 +- drivers/media/dvb-frontends/m88ds3103.c | 2 +- drivers/media/dvb-frontends/m88rs2000.c | 2 +- drivers/media/dvb-frontends/mb86a16.c | 2 +- drivers/media/dvb-frontends/mb86a20s.c | 2 +- drivers/media/dvb-frontends/mt312.c | 2 +- drivers/media/dvb-frontends/mt352.c | 2 +- drivers/media/dvb-frontends/nxt200x.c | 2 +- drivers/media/dvb-frontends/nxt6000.c | 2 +- drivers/media/dvb-frontends/or51132.c | 2 +- drivers/media/dvb-frontends/or51211.c | 2 +- drivers/media/dvb-frontends/s5h1409.c | 2 +- drivers/media/dvb-frontends/s5h1411.c | 2 +- drivers/media/dvb-frontends/s5h1420.c | 2 +- drivers/media/dvb-frontends/s5h1432.c | 2 +- drivers/media/dvb-frontends/s921.c | 2 +- drivers/media/dvb-frontends/si21xx.c | 2 +- drivers/media/dvb-frontends/sp887x.c | 2 +- drivers/media/dvb-frontends/stb0899_drv.c | 2 +- drivers/media/dvb-frontends/stb6000.c | 2 +- drivers/media/dvb-frontends/stb6100.c | 2 +- drivers/media/dvb-frontends/stv0288.c | 2 +- drivers/media/dvb-frontends/stv0297.c | 2 +- drivers/media/dvb-frontends/stv0299.c | 2 +- drivers/media/dvb-frontends/stv0367.c | 6 +- drivers/media/dvb-frontends/stv0900_core.c | 2 +- drivers/media/dvb-frontends/stv090x.c | 2 +- drivers/media/dvb-frontends/stv6110.c | 2 +- drivers/media/dvb-frontends/stv6110x.c | 2 +- drivers/media/dvb-frontends/tda10021.c | 2 +- drivers/media/dvb-frontends/tda10023.c | 2 +- drivers/media/dvb-frontends/tda10048.c | 2 +- drivers/media/dvb-frontends/tda1004x.c | 4 +- drivers/media/dvb-frontends/tda10086.c | 2 +- drivers/media/dvb-frontends/tda665x.c | 2 +- drivers/media/dvb-frontends/tda8083.c | 2 +- drivers/media/dvb-frontends/tda8261.c | 2 +- drivers/media/dvb-frontends/tda826x.c | 2 +- drivers/media/dvb-frontends/ts2020.c | 2 +- drivers/media/dvb-frontends/tua6100.c | 2 +- drivers/media/dvb-frontends/ves1820.c | 2 +- drivers/media/dvb-frontends/ves1x93.c | 2 +- drivers/media/dvb-frontends/zl10036.c | 2 +- drivers/media/dvb-frontends/zl10039.c | 2 +- drivers/media/dvb-frontends/zl10353.c | 2 +- drivers/media/i2c/ad5820.c | 2 - drivers/media/i2c/ccs/ccs-data.c | 101 +++--- drivers/media/i2c/ov2680.c | 332 +++++--------------- drivers/media/i2c/ov5640.c | 4 +- drivers/media/i2c/rdacm21.c | 2 +- drivers/media/i2c/tvp5150.c | 4 + drivers/media/pci/bt8xx/dst.c | 2 +- drivers/media/pci/bt8xx/dst_ca.c | 2 +- drivers/media/pci/cx23885/cx23885-dvb.c | 12 - drivers/media/pci/ddbridge/ddbridge-dummy-fe.c | 2 +- .../media/platform/mtk-vcodec/vdec/vdec_vp9_if.c | 5 +- drivers/media/platform/qcom/venus/hfi_venus.c | 20 +- drivers/media/tuners/fc0011.c | 2 +- drivers/media/tuners/fc0012.c | 2 +- drivers/media/tuners/fc0013.c | 2 +- drivers/media/tuners/max2165.c | 2 +- drivers/media/tuners/mc44s803.c | 2 +- drivers/media/tuners/mt2060.c | 2 +- drivers/media/tuners/mt2131.c | 2 +- drivers/media/tuners/mt2266.c | 2 +- drivers/media/tuners/mxl5005s.c | 2 +- drivers/media/tuners/qt1010.c | 2 +- drivers/media/tuners/tda18218.c | 2 +- drivers/media/tuners/xc4000.c | 2 +- drivers/media/tuners/xc5000.c | 2 +- drivers/media/usb/dvb-usb/m920x.c | 5 +- drivers/media/usb/go7007/go7007-i2c.c | 2 - drivers/media/usb/siano/smsusb.c | 21 +- drivers/media/v4l2-core/v4l2-fwnode.c | 18 +- drivers/mmc/core/block.c | 4 +- drivers/mmc/host/renesas_sdhi_core.c | 10 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 45 ++- drivers/mtd/nand/raw/fsmc_nand.c | 7 +- drivers/mtd/spi-nor/core.c | 19 +- drivers/net/arcnet/arcnet.c | 2 +- drivers/net/can/usb/gs_usb.c | 5 +- drivers/net/dsa/sja1105/sja1105.h | 2 + drivers/net/dsa/sja1105/sja1105_main.c | 62 +++- drivers/net/dsa/sja1105/sja1105_spi.c | 4 + drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 1 + drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 - drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 20 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c | 14 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 10 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 2 - .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.h | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 13 +- drivers/net/ethernet/intel/igb/igb.h | 4 +- drivers/net/ethernet/intel/igb/igb_main.c | 16 +- drivers/net/ethernet/intel/igbvf/igbvf.h | 4 +- drivers/net/ethernet/intel/igc/igc.h | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 28 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 21 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 17 +- drivers/net/ethernet/mellanox/mlxsw/i2c.c | 5 +- drivers/net/macsec.c | 3 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 3 + drivers/net/veth.c | 4 +- drivers/net/vxlan/vxlan_core.c | 58 ++-- drivers/net/wireless/ath/ath10k/pci.c | 9 +- drivers/net/wireless/ath/ath11k/pci.c | 10 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +- drivers/net/wireless/ath/ath9k/wmi.c | 20 +- .../broadcom/brcm80211/brcmfmac/fwil_types.h | 7 +- drivers/net/wireless/marvell/mwifiex/debugfs.c | 9 +- drivers/net/wireless/marvell/mwifiex/pcie.c | 25 +- drivers/net/wireless/marvell/mwifiex/sta_rx.c | 12 +- drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 30 +- drivers/net/wireless/marvell/mwifiex/util.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 +- drivers/net/wireless/mediatek/mt76/testmode.c | 1 + drivers/ntb/ntb_transport.c | 19 +- drivers/of/kexec.c | 2 +- drivers/of/overlay.c | 3 +- drivers/of/unittest.c | 12 +- drivers/opp/core.c | 2 +- drivers/parisc/led.c | 4 +- drivers/pci/controller/dwc/pci-layerscape-ep.c | 123 +++++++- drivers/pci/controller/dwc/pcie-designware-ep.c | 8 +- drivers/pci/controller/dwc/pcie-designware-host.c | 10 +- drivers/pci/controller/dwc/pcie-designware-plat.c | 10 - drivers/pci/controller/dwc/pcie-designware.h | 14 + drivers/pci/controller/pcie-microchip-host.c | 8 +- drivers/pci/controller/pcie-rockchip.h | 6 +- drivers/pci/hotplug/pciehp_hpc.c | 12 +- drivers/pci/pcie/aspm.c | 30 +- drivers/perf/fsl_imx8_ddr_perf.c | 24 +- drivers/phy/qualcomm/phy-qcom-snps-femto-v2.c | 6 +- drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 18 +- drivers/pinctrl/intel/pinctrl-cherryview.c | 5 +- drivers/pinctrl/pinctrl-mcp23s08_spi.c | 10 + drivers/platform/mellanox/mlxbf-pmc.c | 41 +-- drivers/platform/mellanox/mlxbf-tmfifo.c | 91 ++++-- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 9 +- drivers/platform/x86/huawei-wmi.c | 2 + drivers/platform/x86/intel/hid.c | 27 +- drivers/pwm/pwm-atmel-tcb.c | 70 ++--- drivers/pwm/pwm-lpc32xx.c | 16 +- drivers/rpmsg/qcom_glink_native.c | 4 + drivers/s390/block/dasd.c | 125 +++----- drivers/s390/block/dasd_3990_erp.c | 2 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/s390/crypto/zcrypt_api.c | 1 + drivers/s390/crypto/zcrypt_ep11misc.c | 4 +- drivers/s390/crypto/zcrypt_ep11misc.h | 9 +- drivers/scsi/be2iscsi/be_iscsi.c | 4 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 11 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 55 +++- drivers/scsi/hosts.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 8 +- drivers/scsi/lpfc/lpfc_scsi.c | 20 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 46 ++- drivers/scsi/mpt3sas/mpt3sas_base.h | 1 + drivers/scsi/qedf/qedf_dbg.h | 2 + drivers/scsi/qedf/qedf_debugfs.c | 35 ++- drivers/scsi/qedi/qedi_main.c | 5 +- drivers/scsi/qla2xxx/qla_attr.c | 2 - drivers/scsi/qla2xxx/qla_dbg.c | 2 +- drivers/scsi/qla2xxx/qla_def.h | 21 +- drivers/scsi/qla2xxx/qla_dfs.c | 10 + drivers/scsi/qla2xxx/qla_gbl.h | 1 + drivers/scsi/qla2xxx/qla_init.c | 236 +++++++++----- drivers/scsi/qla2xxx/qla_inline.h | 57 +++- drivers/scsi/qla2xxx/qla_iocb.c | 1 + drivers/scsi/qla2xxx/qla_isr.c | 7 +- drivers/scsi/qla2xxx/qla_mbx.c | 7 +- drivers/scsi/qla2xxx/qla_nvme.c | 3 +- drivers/scsi/qla2xxx/qla_os.c | 26 +- drivers/scsi/qla2xxx/qla_target.c | 14 +- drivers/scsi/qla4xxx/ql4_os.c | 15 + drivers/scsi/scsi_transport_iscsi.c | 80 +++-- drivers/scsi/sr.c | 5 +- drivers/scsi/storvsc_drv.c | 2 + drivers/soc/qcom/ocmem.c | 14 +- drivers/soc/qcom/qmi_encdec.c | 4 +- drivers/spi/spi-tegra20-sflash.c | 6 +- drivers/staging/media/av7110/sp8870.c | 2 +- drivers/staging/media/rkvdec/rkvdec.c | 2 +- drivers/tty/serial/serial-tegra.c | 6 +- drivers/tty/serial/sprd_serial.c | 30 +- drivers/usb/core/hcd.c | 10 +- drivers/usb/core/hub.c | 349 ++++++++++++--------- drivers/usb/core/message.c | 29 +- drivers/usb/core/usb.h | 4 +- drivers/usb/gadget/function/f_mass_storage.c | 2 +- drivers/usb/phy/phy-mxs-usb.c | 10 +- drivers/usb/typec/bus.c | 12 +- drivers/usb/typec/tcpm/tcpm.c | 38 ++- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/bd6107.c | 2 +- drivers/video/backlight/gpio_backlight.c | 5 +- drivers/video/backlight/lv5207lp.c | 2 +- drivers/video/fbdev/ep93xx-fb.c | 1 - drivers/virtio/virtio_ring.c | 2 +- drivers/watchdog/intel-mid_wdt.c | 1 + fs/btrfs/disk-io.c | 5 +- fs/btrfs/inode.c | 7 + fs/btrfs/transaction.c | 7 +- fs/dlm/plock.c | 6 +- fs/eventfd.c | 2 +- fs/ext4/balloc.c | 15 +- fs/ext4/block_validity.c | 8 +- fs/ext4/ext4.h | 2 + fs/ext4/mballoc.c | 7 +- fs/ext4/namei.c | 3 + fs/fuse/readdir.c | 10 +- fs/gfs2/aops.c | 4 +- fs/gfs2/log.c | 25 +- fs/jbd2/checkpoint.c | 22 +- fs/jfs/jfs_extent.c | 5 + fs/ksmbd/smb2pdu.c | 8 +- fs/lockd/mon.c | 3 + fs/namei.c | 2 +- fs/nfs/blocklayout/dev.c | 4 +- fs/nfs/direct.c | 20 +- fs/nfs/nfs2xdr.c | 2 +- fs/nfs/nfs3xdr.c | 2 +- fs/nfs/nfs42proc.c | 5 +- fs/nfs/pnfs_dev.c | 2 +- fs/nfs/pnfs_nfs.c | 2 +- fs/nfsd/blocklayoutxdr.c | 9 + fs/nfsd/flexfilelayoutxdr.c | 9 + fs/nfsd/nfs4xdr.c | 25 +- fs/nls/nls_base.c | 4 +- fs/ocfs2/namei.c | 4 + fs/overlayfs/super.c | 2 +- fs/proc/base.c | 3 +- fs/pstore/ram_core.c | 2 +- fs/quota/dquot.c | 174 ++++++---- fs/reiserfs/journal.c | 4 +- fs/udf/balloc.c | 31 +- fs/udf/inode.c | 45 ++- fs/verity/signature.c | 16 + include/crypto/algapi.h | 3 + include/linux/arm_sdei.h | 2 + include/linux/ceph/ceph_fs.h | 24 +- include/linux/genhd.h | 27 +- include/linux/if_arp.h | 4 + include/linux/memcontrol.h | 9 +- include/linux/micrel_phy.h | 6 +- include/linux/nls.h | 2 +- include/linux/of.h | 2 +- include/linux/tca6416_keypad.h | 1 - include/linux/trace_events.h | 3 +- include/linux/usb/typec_altmode.h | 2 +- include/net/ip.h | 1 + include/net/ip6_fib.h | 5 +- include/net/ip_fib.h | 5 +- include/net/ip_tunnels.h | 15 +- include/net/ipv6.h | 2 +- include/net/lwtunnel.h | 5 +- include/net/tcp.h | 1 - include/scsi/scsi_host.h | 2 +- include/uapi/linux/sync_file.h | 2 +- io_uring/io-wq.c | 10 + io_uring/io-wq.h | 1 + io_uring/io_uring.c | 11 +- kernel/auditsc.c | 2 + kernel/bpf/verifier.c | 17 +- kernel/cgroup/namespace.c | 6 - kernel/kprobes.c | 14 +- kernel/printk/printk_ringbuffer.c | 2 +- kernel/rcu/refscale.c | 3 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 72 ++++- kernel/trace/trace.h | 2 + kernel/trace/trace_hwlat.c | 2 +- kernel/trace/trace_uprobe.c | 3 +- lib/idr.c | 2 +- lib/test_meminit.c | 2 +- lib/test_scanf.c | 2 +- mm/shmem.c | 28 +- mm/util.c | 4 +- mm/vmalloc.c | 26 +- mm/vmpressure.c | 8 + net/9p/trans_virtio.c | 2 +- net/bluetooth/hci_core.c | 16 +- net/core/filter.c | 2 + net/core/flow_dissector.c | 3 +- net/core/lwt_bpf.c | 7 +- net/core/skbuff.c | 34 +- net/core/sock.c | 9 +- net/dccp/ipv4.c | 13 +- net/dccp/ipv6.c | 15 +- net/hsr/hsr_forward.c | 1 + net/ipv4/devinet.c | 10 +- net/ipv4/fib_semantics.c | 5 +- net/ipv4/fib_trie.c | 3 +- net/ipv4/igmp.c | 3 +- net/ipv4/ip_input.c | 3 +- net/ipv4/ip_output.c | 2 +- net/ipv4/route.c | 1 + net/ipv4/tcp_input.c | 3 +- net/ipv4/tcp_timer.c | 18 +- net/ipv4/udp.c | 20 +- net/ipv6/addrconf.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/udp.c | 30 +- net/kcm/kcmsock.c | 15 +- net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + net/netfilter/nfnetlink_osf.c | 8 + net/netfilter/nft_exthdr.c | 22 +- net/netfilter/xt_sctp.c | 2 + net/netfilter/xt_u32.c | 21 ++ net/netlabel/netlabel_kapi.c | 3 +- net/netrom/af_netrom.c | 5 + net/sched/sch_fq_pie.c | 27 +- net/sched/sch_hfsc.c | 4 + net/sched/sch_plug.c | 2 +- net/sched/sch_qfq.c | 22 +- net/sctp/proc.c | 2 +- net/sctp/sm_sideeffect.c | 5 +- net/sctp/socket.c | 10 +- net/smc/smc_core.c | 2 + net/socket.c | 6 +- net/tls/tls_sw.c | 4 +- net/unix/af_unix.c | 2 +- net/unix/scm.c | 6 +- net/wireless/nl80211.c | 1 + net/xdp/xsk_diag.c | 3 + samples/bpf/tracex6_kern.c | 17 +- scripts/kconfig/preprocess.c | 3 + security/integrity/ima/Kconfig | 12 - security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_kexec.c | 2 +- security/keys/keyctl.c | 11 +- security/smack/smackfs.c | 2 +- sound/Kconfig | 2 +- sound/core/pcm_compat.c | 8 +- sound/core/seq/oss/seq_oss_midi.c | 35 ++- sound/pci/ac97/ac97_codec.c | 5 +- sound/soc/atmel/atmel-i2s.c | 5 +- sound/soc/codecs/Kconfig | 1 + sound/soc/codecs/da7219-aad.c | 12 +- sound/soc/codecs/es8316.c | 2 +- sound/soc/codecs/rt5682-sdw.c | 9 +- sound/soc/codecs/rt711-sdca-sdw.c | 10 +- sound/soc/codecs/rt711-sdw.c | 9 +- tools/bpf/bpftool/skeleton/profiler.bpf.c | 27 +- tools/hv/vmbus_testing | 4 +- tools/perf/builtin-top.c | 1 + tools/perf/builtin-trace.c | 15 +- .../pmu-events/arch/powerpc/power10/cache.json | 4 +- .../arch/powerpc/power10/floating_point.json | 7 - .../pmu-events/arch/powerpc/power10/frontend.json | 30 +- .../pmu-events/arch/powerpc/power10/marked.json | 30 +- .../pmu-events/arch/powerpc/power10/memory.json | 6 +- .../pmu-events/arch/powerpc/power10/others.json | 53 ++-- .../pmu-events/arch/powerpc/power10/pipeline.json | 30 +- .../perf/pmu-events/arch/powerpc/power10/pmc.json | 4 +- .../arch/powerpc/power10/translation.json | 11 +- tools/perf/ui/browsers/hists.c | 60 ++-- tools/perf/util/annotate.c | 10 +- tools/perf/util/header.c | 11 +- tools/testing/selftests/Makefile | 1 + .../selftests/bpf/benchs/run_bench_rename.sh | 2 +- .../selftests/bpf/progs/test_cls_redirect.h | 9 + .../futex/functional/futex_wait_timeout.c | 7 + tools/testing/selftests/kselftest/runner.sh | 3 +- tools/testing/selftests/kselftest_harness.h | 11 +- tools/testing/selftests/resctrl/Makefile | 17 +- tools/testing/selftests/resctrl/cache.c | 18 +- tools/testing/selftests/resctrl/fill_buf.c | 3 +- tools/testing/selftests/resctrl/resctrl.h | 1 + 631 files changed, 5111 insertions(+), 3232 deletions(-)

2 years, 1 month

11
523
0 0

[PATCH 5.10 000/406] 5.10.195-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.195 release. There are 406 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 19 Sep 2023 19:10:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.195-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.195-rc1 Helge Deller <deller(a)gmx.de> parisc: Drop loops_per_jiffy from per_cpu struct Wesley Chalmers <wesley.chalmers(a)amd.com> drm/amd/display: Fix a bug when searching for insert_above_mpcc Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ixgbe: fix timestamp configuration code Eric Dumazet <edumazet(a)google.com> ipv6: fix ip6_sock_set_addr_preferences() typo Liu Jian <liujian56(a)huawei.com> net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop jumbo frames Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors Shigeru Yoshida <syoshida(a)redhat.com> kcm: Fix memory leak in error path of kcm_sendmsg() Hayes Wang <hayeswang(a)realtek.com> r8152: check budget for r8152_poll() Ziyang Xuan <william.xuanziyang(a)huawei.com> hsr: Fix uninit-value access in fill_frame_info() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add Björn Töpel <bjorn(a)rivosinc.com> kselftest/runner.sh: Propagate SIGTERM to runner child SeongJae Park <sjpark(a)amazon.de> selftests/kselftest/runner/run_one(): allow running non-executable files Liu Jian <liujian56(a)huawei.com> net: ipv4: fix one memleak in __inet_del_ifa() Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Skip MHI reset if device is in RDDM Aleksey Nasibulin <alealexpro100(a)ya.ru> ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Flush mailbox commands on chip reset Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix crash in PCIe error handling Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry D Scott Phillips <scott(a)os.amperecomputing.com> arm64: sdei: abort running SDEI handlers during crash Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: explicit init of HEST and GHES in apci_init() Namhyung Kim <namhyung(a)kernel.org> perf hists browser: Fix the number of entries for 'e' key Namhyung Kim <namhyung(a)kernel.org> perf tools: Handle old data in PERF_RECORD_ATTR Namhyung Kim <namhyung(a)kernel.org> perf hists browser: Fix hierarchy mode header Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: prevent potential division by zero errors William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential false time out warning William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix crash during the panic_write Anand Jain <anand.jain(a)oracle.com> btrfs: use the correct superblock to compare fsid in btrfs_validate_super Filipe Manana <fdmanana(a)suse.com> btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART ruanmeisi <ruan.meisi(a)zte.com.cn> fuse: nlookup missing decrement in fuse_direntplus_link Damien Le Moal <dlemoal(a)kernel.org> ata: pata_ftide010: Add missing MODULE_DESCRIPTION Damien Le Moal <dlemoal(a)kernel.org> ata: sata_gemini: Add missing MODULE_DESCRIPTION Wang Jianjian <wangjianjian0(a)foxmail.com> ext4: add correct group descriptors and reserved GDT blocks to system zone Petr Tesarik <petr.tesarik.ext(a)huawei.com> sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() Yisen Zhuang <yisen.zhuang(a)huawei.com> net: hns3: fix the port information display when sfp is absent Wander Lairson Costa <wander(a)redhat.com> netfilter: nfnetlink_osf: avoid OOB read Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload Eric Dumazet <edumazet(a)google.com> ip_tunnels: use DEV_STATS_INC() Ariel Marcovitch <arielmarcovitch(a)gmail.com> idr: fix param name in idr_alloc_cyclic() doc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> s390/zcrypt: don't leak memory if dev_set_name() fails Olga Zaborska <olga.zaborska(a)intel.com> igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 Shigeru Yoshida <syoshida(a)redhat.com> kcm: Destroy mutex in kcm_exit_net() valis <sec(a)valis.email> net: sched: sch_qfq: Fix UAF in qfq_dequeue() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data race around sk->sk_err. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around sk->sk_shutdown. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-race around unix_tot_inflight. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around user->unix_inflight. Alex Henrie <alexhenrie24(a)gmail.com> net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Liang Chen <liangchen.linux(a)gmail.com> veth: Fixing transmit return status for dropped packets Corinna Vinschen <vinschen(a)redhat.com> igb: disable virtualization features on 82580 Sriram Yagnaraman <sriram.yagnaraman(a)est.tech> ipv4: ignore dst hint for multipath routes Sean Christopherson <seanjc(a)google.com> drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() Colin Xu <colin.xu(a)intel.com> drm/i915/gvt: Save/restore HW status to support GVT suspend/resume Eric Dumazet <edumazet(a)google.com> net: read sk->sk_family once in sk_mc_loop() Eric Dumazet <edumazet(a)google.com> ipv4: annotate data-races around fi->fib_dead Eric Dumazet <edumazet(a)google.com> sctp: annotate data-races around sk->sk_wmem_queued Eric Dumazet <edumazet(a)google.com> net/sched: fq_pie: avoid stalls in fq_pie_timer() Vladimir Zapolskiy <vz(a)mleia.com> pwm: lpc32xx: Remove handling of PWM channels Raag Jadav <raag.jadav(a)intel.com> watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't pass an ERR_PTR() directly to perf_session__delete() Sean Christopherson <seanjc(a)google.com> x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate bpf: Don't enclose non-debug code with an assert() Ying Liu <victor.liu(a)nxp.com> backlight: gpio_backlight: Drop output GPIO direction check for initial power state Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> kconfig: fix possible buffer overflow Fedor Pchelkin <pchelkin(a)ispras.ru> NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a potential data corruption Chris Lew <quic_clew(a)quicinc.com> soc: qcom: qmi_encdec: Restrict string length in decode Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: clock: xlnx,versal-clk: drop select:false Raag Jadav <raag.jadav(a)intel.com> pinctrl: cherryview: fix address_space_handler() argument Helge Deller <deller(a)gmx.de> parisc: led: Reduce CPU overhead for disk & lan LED computation Helge Deller <deller(a)gmx.de> parisc: led: Fix LAN receive and transmit LEDs Andrew Donnellan <ajd(a)linux.ibm.com> lib/test_meminit: allocate pages up to order MAX_ORDER Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix DRAM init on AST2200 Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: Remove unsupported ql2xenabledif option Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Turn off noisy message log Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix erroneous link up failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: fix inconsistent TMF timeout Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix deletion race condition Pavel Begunkov <asml.silence(a)gmail.com> io_uring: break iopolling on signal Pavel Begunkov <asml.silence(a)gmail.com> io_uring: break out of iowq iopoll on teardown Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always lock in io_apoll_task_func Quan Tian <qtian(a)vmware.com> net/ipv6: SKB symmetric hash should incorporate transport ports Tom Rix <trix(a)redhat.com> udf: initialize newblock to 0 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: remove unnecessary local variable in backlog_store() Brian Foster <bfoster(a)redhat.com> tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: clear the fault status bit Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix oversight in SuperSpeed initialization Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Alan Stern <stern(a)rowland.harvard.edu> USB: core: Change usb_get_device_descriptor() API Alan Stern <stern(a)rowland.harvard.edu> USB: core: Unite old scheme and new scheme descriptor reads RD Babiera <rdbabiera(a)google.com> usb: typec: bus: verify partner exists in typec_altmode_attention Gustavo A. R. Silva <gustavoars(a)kernel.org> cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32 - fix loop iterating through scatterlist for DMA Sven Schnelle <svens(a)linux.ibm.com> s390/ipl: add missing secure/has_secure file to ipl type 'unknown' Enlin Mu <enlin.mu(a)unisoc.com> pstore/ram: Check start of empty przs during init Eric Biggers <ebiggers(a)google.com> fsverity: skip PKCS#7 parser when keyring is empty Nicolas Dichtel <nicolas.dichtel(a)6wind.com> net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Thore Sommer <public(a)thson.de> X.509: if signature is unsupported skip validation Jann Horn <jannh(a)google.com> dccp: Fix out of bounds access in DCCP error handler Alexander Aring <aahringo(a)redhat.com> dlm: fix plock lookup when using multiple lockspaces Yafang Shao <laoar.shao(a)gmail.com> bpf: Fix issue in verifying allow_ptr_leaks Helge Deller <deller(a)gmx.de> parisc: Fix /proc/cpuinfo output for lscpu Aleksa Sarai <cyphar(a)cyphar.com> procfs: block chmod on /proc/thread-self/comm Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Dave Jiang <dave.jiang(a)intel.com> ntb: Fix calculation ntb_transport_tx_free_entry() Dave Jiang <dave.jiang(a)intel.com> ntb: Clean up tx tail index on link down Dave Jiang <dave.jiang(a)intel.com> ntb: Drop packets when qp link is down Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Perform additional retries if doorbell read returns 0 Nilesh Javali <njavali(a)marvell.com> Revert "scsi: qla2xxx: Fix buffer overrun" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> media: dvb: symbol fixup for dvb_attach() Will Deacon <will(a)kernel.org> arm64: csum: Fix OoB access in IP checksum code for negative lengths Max Filippov <jcmvbkbc(a)gmail.com> xtensa: PMU: fix base address for the newer hardware Thomas Zimmermann <tzimmermann(a)suse.de> backlight/lv5207lp: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/bd6107: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/gpio_backlight: Compare against struct fb_info.device Gustavo A. R. Silva <gustavoars(a)kernel.org> ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() Yi Yang <yiyang13(a)huawei.com> ipmi_si: fix a memleak in try_smi_init() Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix the scsi_set_resid() documentation Kees Cook <keescook(a)chromium.org> printk: ringbuffer: Fix truncating buffer size min_t cast Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl Boris Brezillon <boris.brezillon(a)collabora.com> PM / devfreq: Fix leak in devfreq_dev_release() Radoslaw Tyl <radoslawx.tyl(a)intel.com> igb: set max size RX buffer when store bad packet is enabled Mohamed Khalfella <mkhalfella(a)purestorage.com> skbuff: skb_segment, Call zero copy functions before using skbuff frags Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_sctp: validate the flag_info count Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_u32: validate user space input Kyle Zeng <zengyhkyle(a)gmail.com> netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Eric Dumazet <edumazet(a)google.com> igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU Yuan Yao <yuanyaogoog(a)chromium.org> virtio_ring: fix avail_wrap_counter in virtqueue_add_packed Liao Chang <liaochang1(a)huawei.com> cpufreq: Fix the race condition while updating the transition_task of policy ruanjinjie <ruanjinjie(a)huawei.com> dmaengine: ste_dma40: Add missing IRQ check in d40_probe Randy Dunlap <rdunlap(a)infradead.org> um: Fix hostaudio build errors Yi Yang <yiyang13(a)huawei.com> mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() Hsin-Yi Wang <hsinyi(a)chromium.org> mtd: spi-nor: Check bus width while setting QE bit Marek Behún <kabel(a)kernel.org> leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rpmsg: glink: Add check for kstrdup Jonas Karlman <jonas(a)kwiboo.se> phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write Zheng Yang <zhengyang(a)rock-chips.com> phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate Jonas Karlman <jonas(a)kwiboo.se> phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix mtd oobsize Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Fix race issue between cpu buffer write and swap Dave Hansen <dave.hansen(a)linux.intel.com> x86/speculation: Mark all Skylake CPUs as vulnerable to GDS Rahul Rameshbabu <sergeantsagara(a)protonmail.com> HID: multitouch: Correct devm device reference for hidinput input_dev name Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Correct wrong debug message Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Balance the reference of cep->kref in the error path Leon Romanovsky <leon(a)kernel.org> Revert "IB/isert: Fix incorrect release of isert connection" Peng Fan <peng.fan(a)nxp.com> amba: bus: fix refcount leak Yi Yang <yiyang13(a)huawei.com> serial: tegra: handle clk prepare error in tegra_uart_hw_init() Chengfeng Ye <dg573847474(a)gmail.com> scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Tony Battersby <tonyb(a)cybernetics.com> scsi: core: Use 32-bit hostnum in scsi_host_lookup() Lu Jialin <lujialin4(a)huawei.com> cgroup:namespace: Remove unused cgroup_namespaces_init() Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix vflip / hflip set functions Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix ov2680_bayer_order() Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Remove auto-gain and auto-exposure controls Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips Marek Vasut <marex(a)denx.de> media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: f_mass_storage: Fix unused variable warning Colin Ian King <colin.i.king(a)gmail.com> media: go7007: Remove redundant if statement Yanfei Xu <yanfei.xu(a)intel.com> iommu/vt-d: Fix to flush cache of PASID directory table AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Disable and reset context bank before programming Eddie James <eajames(a)linux.ibm.com> fsi: aspeed: Reset master errors after CFAM reset Xiang Yang <xiangyang3(a)huawei.com> IB/uverbs: Fix an potential error pointer dereference Dan Carpenter <dan.carpenter(a)linaro.org> driver core: test_async: fix an error code Rob Clark <robdclark(a)chromium.org> dma-buf/sync_file: Fix docs syntax Ruidong Tian <tianruidong(a)linux.alibaba.com> coresight: tmc: Explicit type conversions to prevent integer overflow Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Randy Dunlap <rdunlap(a)infradead.org> x86/APM: drop the duplicate APM_MINOR_DEV macro Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: Fix DMA buffer leak issue Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: Assign sprd_port after initialized to avoid wrong access Lin Ma <linma(a)zju.edu.cn> scsi: qla4xxx: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: be2iscsi: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Lin Ma <linma(a)zju.edu.cn> scsi: iscsi: Add length check for nlattr payload Wenchao Hao <haowenchao(a)huawei.com> scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() Bart Van Assche <bvanassche(a)acm.org> scsi: RDMA/srp: Fix residual handling Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Return NULL if no vdec_fb is found Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: rkvdec: increase max supported height for H.264 Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix normally completed I/O analysed as failed Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix warnings detected by sparse Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Modify v3 HW SATA completion error processing Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Modify v3 HW SSP underflow error processing Bart Van Assche <bvanassche(a)acm.org> scsi: libsas: Introduce more SAM status code aliases in enum exec_status Luo Jiaxing <luojiaxing(a)huawei.com> scsi: hisi_sas: Print SAS address for v3 hw erroneous completion print Daniil Dulov <d.dulov(a)aladdin.ru> media: cx24120: Add retval check for cx24120_message_send() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Daniil Dulov <d.dulov(a)aladdin.ru> media: dib7000p: Fix potential division by zero Dongliang Mu <dzm91(a)hust.edu.cn> drivers: usb: smsusb: fix error handling code in smsusb_init_device Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() Claudiu Beznea <claudiu.beznea(a)microchip.com> media: i2c: tvp5150: check return value of devm_kasprintf() Hans de Goede <hdegoede(a)redhat.com> media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables Olga Kornievskaia <kolga(a)netapp.com> NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ Benjamin Coddington <bcodding(a)redhat.com> NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN Chuck Lever <chuck.lever(a)oracle.com> NFSD: da_addr_body field missing in some GETDEVICEINFO replies Su Hui <suhui(a)nfschina.com> fs: lockd: avoid possible wrong NULL parameter Alexei Filippov <halip0503(a)gmail.com> jfs: validate max amount of blocks before allocation. Russell Currey <ruscur(a)russell.cc> powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Dan Carpenter <dan.carpenter(a)linaro.org> nfs/blocklayout: Use the passed in gfp flags Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Don't include lppaca.h in paca.h Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: ath10k: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> net/mlx5: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> drm/radeon: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> drm/amdgpu: Use RMW accessors for changing LNKCTL Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/perf: Convert fsl_emb notifier to state machine callbacks Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/fadump: reset dump area size if fadump memory reserve fails Stefan Hajnoczi <stefanha(a)redhat.com> vfio/type1: fix cap_migration information leak Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op Marco Felsch <m.felsch(a)pengutronix.de> clk: imx8mp: fix sai4 clock Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI/ASPM: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Use RMW accessors for changing LNKCTL Claudiu Beznea <claudiu.beznea(a)microchip.com> pinctrl: mcp23s08: check return value of devm_kasprintf() Wu Zongyong <wuzongyong(a)linux.alibaba.com> PCI: Mark NVIDIA T4 GPUs to avoid bus reset Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: reset: Use the correct type of sleep/delay based on length Patrick Whewell <patrick.whewell(a)sightlineapplications.com> clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-sm8250: use ARRAY_SIZE instead of specifying num_parents Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: correct grp validation in ext4_mb_good_group David Wronek <davidwronek(a)gmail.com> clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-sc7180: use ARRAY_SIZE instead of specifying num_parents Zhang Jianhua <chris.zjh(a)huawei.com> clk: sunxi-ng: Modify mismatched function name Minjie Du <duminjie(a)vivo.com> drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Corey Minyard <minyard(a)acm.org> ipmi:ssif: Fix a memory leak when scanning for an adapter Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ipmi:ssif: Add check for kstrdup Su Hui <suhui(a)nfschina.com> ALSA: ac97: Fix possible error value of *rac97 Geert Uytterhoeven <geert+renesas(a)glider.be> of: unittest: Fix overlay type in apply/revert check Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix cast to enum warning Sui Jingfeng <suijingfeng(a)loongson.cn> drm/mediatek: Fix potential memory leak if vmap() fail Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix build warning for 64-bit build Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix possible soft lockup in __audit_inode_child() Fabio Estevam <festevam(a)denx.de> drm/msm/a2xx: Call adreno_gpu_init() earlier Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() Dan Carpenter <dan.carpenter(a)linaro.org> smackfs: Prevent underflow in smk_set_cipso() Zhang Shurong <zhang_shurong(a)foxmail.com> firmware: meson_sm: fix to avoid potential NULL pointer dereference Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/msm/mdp5: Don't leak some plane state Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask Nayna Jain <nayna(a)linux.ibm.com> ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 Geert Uytterhoeven <geert+renesas(a)glider.be> drm/armada: Fix off-by-one error in armada_overlay_get_property() Ruan Jinjie <ruanjinjie(a)huawei.com> of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Yangtao Li <frank.li(a)vivo.com> drm/tegra: dpaux: Fix incorrect return value of platform_get_irq Tan Zhongjun <tanzhongjun(a)yulong.com> drm/tegra: Remove superfluous error messages around platform_get_irq() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: hold 'reconfig_mutex' in backlog_store() Guoqing Jiang <guoqing.jiang(a)linux.dev> md/bitmap: don't set max_write_behind if there is no write mostly device Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> arm64: dts: qcom: sdm845: Fix the min frequency of "ice_core_clk" Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Fix Ethernet info for Luxul devices Bogdan Togorean <bogdan.togorean(a)analog.com> drm: adv7511: Fix low refresh rate register for ADV7533/5 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: s5pv210: adjust node names to DT spec Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: s3c64xx: align pinctrl with dtschema Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> x86/mm: Fix PAT bit missing from page protection modify mask Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix dumping of active MMU context Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Add cells sizes to PCIe node Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent #usb-cells Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name Arnd Bergmann <arnd(a)arndb.de> drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller Luca Weiss <luca(a)z3ntu.xyz> soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros Luca Weiss <luca(a)z3ntu.xyz> soc: qcom: ocmem: Add OCMEM hardware version print Randy Dunlap <rdunlap(a)infradead.org> ASoC: stac9766: fix build errors with REGMAP_AC97 Baokun Li <libaokun1(a)huawei.com> quota: fix dqput() to follow the guarantees dquot_srcu should provide Baokun Li <libaokun1(a)huawei.com> quota: add new helper dquot_active() Baokun Li <libaokun1(a)huawei.com> quota: rename dquot_active() to inode_quota_active() Baokun Li <libaokun1(a)huawei.com> quota: factor out dquot_write_dquot() Marek Vasut <marex(a)denx.de> drm/bridge: tc358764: Fix debug print parameter order Kuniyuki Iwashima <kuniyu(a)amazon.com> netrom: Deny concurrent connect(). Budimir Markovic <markovicbudimir(a)gmail.com> net/sched: sch_hfsc: Ensure inner classes have fsc curve Biju Das <biju.das.jz(a)bp.renesas.com> hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Limit single transaction buffer size Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Fix chunk size setting in output mailbox buffer Jinjie Ruan <ruanjinjie(a)huawei.com> net: arcnet: Do not call kfree_skb() under local_irq_disable() Wang Ming <machel(a)vivo.com> wifi: ath9k: use IS_ERR() with debugfs_create_dir() Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: avoid possible NULL skb pointer dereference Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: protect WMI command response buffer replacement with a lock Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx Daniel T. Lee <danieltimlee(a)gmail.com> samples/bpf: fix broken map lookup probe Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix missed return in oob checks failed path Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Artem Chernyshev <artem.chernyshev(a)red-soft.ru> fs: ocfs2: namei: check return value of ocfs2_add_entry() Yan Zhai <yan(a)cloudflare.com> lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Yan Zhai <yan(a)cloudflare.com> lwt: Fix return values of BPF xmit ops Florian Fainelli <florian.fainelli(a)broadcom.com> hwrng: iproc-rng200 - Implement suspend and resume calls Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - fix unchecked return value error Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: ice_aq_check_events: fix off-by-one check when filling buffer Yipeng Zou <zouyipeng(a)huawei.com> selftests/bpf: Clean up fmod_ret in bench_rename test script Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Min Li <lm0963hack(a)gmail.com> Bluetooth: Fix potential use-after-free when clear keys Yuanjun Gong <ruc_gongyuanjun(a)163.com> Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Use work queue in crypto_destroy_instance Eric Biggers <ebiggers(a)google.com> crypto: blake2b - sync with blake2s implementation Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> crypto: stm32 - Properly handle pm_runtime_get failing Alan Maguire <alan.maguire(a)oracle.com> selftests/bpf: fix static assert compilation issue for test_cls_*.c Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix OOB and integer underflow when rx packets Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Zhang Shurong <zhang_shurong(a)foxmail.com> spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Lin Ma <linma(a)zju.edu.cn> wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH Lorenz Bauer <lmb(a)isovalent.com> bpf: reject unhashed sockets in bpf_sk_assign Lorenz Bauer <lmb(a)isovalent.com> udp: re-score reuseport groups when connected sockets are present Dan Carpenter <dan.carpenter(a)linaro.org> regmap: rbtree: Use alloc_flags for memory allocations Martin Kaiser <martin(a)kaiser.cx> hwrng: nomadik - keep clock enabled while hwrng is registered Eric Dumazet <edumazet(a)google.com> tcp: tcp_enter_quickack_mode() should be static Yafang Shao <laoar.shao(a)gmail.com> bpf: Clear the probe_addr for uprobe Alexander Lobakin <alobakin(a)pm.me> bpftool: Use a local bpf_perf_event_value to fix accessing its fields Liao Chang <liaochang1(a)huawei.com> cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Mikel Rychliski <mikel(a)mikelr.com> x86/efistub: Fix PCI ROM preservation in mixed mode Holger Dengler <dengler(a)linux.ibm.com> s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: fix/harmonize internal keyblob headers Xu Yang <xu.yang_2(a)nxp.com> perf/imx_ddr: don't enable counter0 if none of 4 counters are used Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Close perf value read fd on errors Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Unmount resctrl FS if child fails to run benchmark Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Don't leak buffer in fill_cache() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() Waiman Long <longman(a)redhat.com> refscale: Fix uninitalized use of wait_queue_head_t Kees Cook <keescook(a)chromium.org> selftests/harness: Actually report SKIP for signal tests Christian Brauner <brauner(a)kernel.org> tmpfs: verify {g,u}id mount options correctly Wang Ming <machel(a)vivo.com> fs: Fix error checking for d_hash_and_lookup() Wen Yang <wenyang.linux(a)foxmail.com> eventfd: prevent underflow for eventfd semaphores David Woodhouse <dwmw(a)amazon.co.uk> eventfd: Export eventfd_ctx_do_read() Matthew Wilcox <willy(a)infradead.org> reiserfs: Check the return value from __getblk() Sabrina Dubroca <sd(a)queasysnail.net> Revert "net: macsec: preserve ingress frame ordering" Jan Kara <jack(a)suse.cz> udf: Handle error when adding extent to a file Vladislav Efanov <VEfanov(a)ispras.ru> udf: Check consistency of Space Bitmap Descriptor Jordan Rife <jrife(a)google.com> net: Avoid address overwrite in kernel_connect Shih-Yi Chen <shihyic(a)nvidia.com> platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Introduce pipe_cpumask to avoid race on trace_pipes Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Fix racy open/close of MIDI devices Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Always set no_report_opcodes Dan Carpenter <dan.carpenter(a)linaro.org> sctp: handle invalid error codes without calling BUG() David Christensen <drc(a)linux.vnet.ibm.com> bnx2x: fix page fault following EEH recovery Dmitry Mastykin <dmastykin(a)astralinux.ru> netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Chengfeng Ye <dg573847474(a)gmail.com> scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Baoquan He <bhe(a)redhat.com> idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Martin Kohn <m.kohn(a)welotec.com> net: usb: qmi_wwan: add Quectel EM05GV2 Ani Sinha <anisinha(a)redhat.com> vmbus_testing: fix wrong python syntax for integer value comparison Baoquan He <bhe(a)redhat.com> clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes: Prohibit probing on CFI preamble symbol Christian Göttsche <cgzones(a)googlemail.com> security: keys: perform capable check only on privileged operations Minjie Du <duminjie(a)vivo.com> ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer() Eric Snowberg <eric.snowberg(a)oracle.com> ovl: Always reevaluate the file signature for IMA Leo Chen <sancchen(a)amd.com> drm/amd/display: Exit idle optimizations before attempt to access PHY Konstantin Shelekhin <k.shelekhin(a)ftml.net> platform/x86: huawei-wmi: Silence ambient light sensor Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel: hid: Always call BTNL ACPI method Guiting Shen <aarongt.shen(a)gmail.com> ASoC: atmel: Fix the 8K sample parameter in I2SC master Edgar <ljijcj(a)163.com> ASoc: codecs: ES8316: Fix DMIC config Winston Wen <wentao(a)uniontech.com> fs/nls: make load_nls() take a const parameter Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging device after request requeue Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: use correct number of retries for ERP requests Ben Hutchings <benh(a)debian.org> m68k: Fix invalid .section syntax Jiri Benc <jbenc(a)redhat.com> vxlan: generalize vxlan_parse_gpe_hdr and remove unused args Yuanjun Gong <ruc_gongyuanjun(a)163.com> ethernet: atheros: fix return value check in atl1c_tso_csum() Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Check for failure reading AAD IRQ events Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Flush pending AAD IRQ when suspending Dominique Martinet <asmadeus(a)codewreck.org> 9p: virtio: make sure 'offs' is initialized in zc_request Nikolay Burykin <burikin(a)ivk.ru> media: pci: cx23885: fix error handling for cx23885 ATSC boards Dmitry Antipov <dmantipov(a)yandex.ru> media: pulse8-cec: handle possible ping error Adrien Thierry <athierry(a)redhat.com> phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code Xiaolei Wang <xiaolei.wang(a)windriver.com> ARM: dts: imx: Set default tuning step for imx7d usdhc Stefan Wahren <stefan.wahren(a)i2se.com> ARM: dts: imx: Adjust dma-apbh node name Marek Vasut <marex(a)denx.de> ARM: dts: imx7s: Drop dma-apb interrupt-names Joy Zou <joy.zou(a)nxp.com> ARM: dts: imx: update sdma node name format Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Don't show `Invalid config param` errors Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Juerg Haefliger <juerg.haefliger(a)canonical.com> fsi: master-ast-cf: Add MODULE_FIRMWARE macro Wang Ming <machel(a)vivo.com> firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug when first setting GPIO direction Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix broken port 0 uart init Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix opp vote on shutdown Sishuai Gong <sishuai(a)purdue.edu> configfs: fix a race in configfs_lookup() Zheng Wang <zyytlz.wz(a)163.com> Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition Nam Cao <namcaov(a)gmail.com> staging: rtl8712: fix race condition Aaron Armstrong Skomra <aaron.skomra(a)wacom.com> HID: wacom: remove the battery when the EKR is off Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 Luke Lu <luke.lu(a)libre.computer> usb: dwc3: meson-g12a: do post init to fix broken usb after resumption Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add FOXCONN T99W368/T99W373 product Martin Kohn <m.kohn(a)welotec.com> USB: serial: option: add Quectel EM05G variant (0x030e) Christoph Hellwig <hch(a)lst.de> modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Christoph Hellwig <hch(a)lst.de> rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Christoph Hellwig <hch(a)lst.de> net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Christoph Hellwig <hch(a)lst.de> mmc: au1xmmc: force non-modular build and remove symbol_get usage Arnd Bergmann <arnd(a)arndb.de> ARM: pxa: remove use of symbol_get() Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: ensure that the post-EOF tails are all zeroed ------------- Diffstat: .../devicetree/bindings/clock/xlnx,versal-clk.yaml | 2 - Documentation/scsi/scsi_mid_low_api.rst | 4 +- Makefile | 4 +- arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 13 + arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 13 + arch/arm/boot/dts/bcm5301x.dtsi | 4 +- arch/arm/boot/dts/bcm53573.dtsi | 27 +- arch/arm/boot/dts/bcm947189acdbmr.dts | 6 +- arch/arm/boot/dts/exynos4210-i9100.dts | 4 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx31.dtsi | 2 +- arch/arm/boot/dts/imx35.dtsi | 2 +- arch/arm/boot/dts/imx50.dtsi | 2 +- arch/arm/boot/dts/imx51.dtsi | 2 +- arch/arm/boot/dts/imx53.dtsi | 2 +- arch/arm/boot/dts/imx6qdl.dtsi | 4 +- arch/arm/boot/dts/imx6sl.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 4 +- arch/arm/boot/dts/imx6ul.dtsi | 4 +- arch/arm/boot/dts/imx7s.dtsi | 11 +- arch/arm/boot/dts/s3c6410-mini6410.dts | 6 +- arch/arm/boot/dts/s3c64xx-pinctrl.dtsi | 210 ++++++------- arch/arm/boot/dts/s5pv210-aquila.dts | 12 +- arch/arm/boot/dts/s5pv210-aries.dtsi | 4 +- arch/arm/boot/dts/s5pv210-goni.dts | 14 +- arch/arm/boot/dts/s5pv210-smdkv210.dts | 30 +- arch/arm/mach-omap2/powerdomain.c | 2 +- arch/arm/mach-pxa/sharpsl_pm.c | 2 - arch/arm/mach-pxa/spitz.c | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 3 +- arch/arm64/include/asm/sdei.h | 6 + arch/arm64/kernel/entry.S | 27 +- arch/arm64/kernel/sdei.c | 3 + arch/arm64/kernel/smp.c | 8 +- arch/arm64/lib/csum.c | 2 +- arch/m68k/fpsp040/skeleton.S | 4 +- arch/m68k/ifpsp060/os.S | 4 +- arch/m68k/kernel/relocate_kernel.S | 4 +- arch/mips/alchemy/devboards/db1000.c | 8 +- arch/mips/alchemy/devboards/db1200.c | 19 +- arch/mips/alchemy/devboards/db1300.c | 10 +- arch/parisc/include/asm/led.h | 4 +- arch/parisc/include/asm/processor.h | 1 - arch/parisc/kernel/processor.c | 18 +- arch/powerpc/include/asm/lppaca.h | 13 +- arch/powerpc/include/asm/paca.h | 6 +- arch/powerpc/include/asm/paravirt.h | 1 + arch/powerpc/include/asm/plpar_wrappers.h | 1 + arch/powerpc/kernel/fadump.c | 1 + arch/powerpc/kernel/iommu.c | 17 +- arch/powerpc/kvm/book3s_hv_ras.c | 1 + arch/powerpc/mm/book3s64/slb.c | 1 + arch/powerpc/perf/core-fsl-emb.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 10 +- arch/powerpc/platforms/pseries/lparcfg.c | 4 +- arch/powerpc/platforms/pseries/setup.c | 2 +- arch/powerpc/xmon/xmon.c | 1 + arch/s390/crypto/paes_s390.c | 2 +- arch/s390/kernel/ipl.c | 2 + arch/sh/boards/mach-ap325rxa/setup.c | 2 +- arch/sh/boards/mach-ecovec24/setup.c | 6 +- arch/sh/boards/mach-kfr2r09/setup.c | 2 +- arch/sh/boards/mach-migor/setup.c | 2 +- arch/sh/boards/mach-se/7724/setup.c | 6 +- arch/um/configs/i386_defconfig | 1 + arch/um/configs/x86_64_defconfig | 1 + arch/um/drivers/Kconfig | 16 +- arch/um/drivers/Makefile | 2 +- arch/x86/boot/compressed/head_64.S | 30 +- arch/x86/include/asm/pgtable_types.h | 11 +- arch/x86/include/asm/virtext.h | 6 - arch/x86/kernel/apm_32.c | 6 - arch/x86/kernel/cpu/common.c | 8 +- arch/xtensa/include/asm/core.h | 9 + arch/xtensa/kernel/perf_event.c | 17 +- crypto/algapi.c | 16 +- crypto/asymmetric_keys/x509_public_key.c | 5 + crypto/blake2b_generic.c | 226 +++---------- drivers/acpi/apei/ghes.c | 19 +- drivers/acpi/bus.c | 2 + drivers/acpi/pci_root.c | 3 - drivers/amba/bus.c | 1 + drivers/ata/pata_arasan_cf.c | 3 +- drivers/ata/pata_ftide010.c | 1 + drivers/ata/sata_gemini.c | 1 + drivers/base/regmap/regcache-rbtree.c | 10 +- drivers/base/test/test_async_driver_probe.c | 2 +- drivers/bluetooth/btsdio.c | 1 + drivers/bluetooth/btusb.c | 2 +- drivers/bluetooth/hci_nokia.c | 6 +- drivers/bus/mhi/host/pm.c | 5 + drivers/bus/ti-sysc.c | 2 +- drivers/char/hw_random/iproc-rng200.c | 25 ++ drivers/char/hw_random/nomadik-rng.c | 12 +- drivers/char/ipmi/ipmi_si_intf.c | 5 + drivers/char/ipmi/ipmi_ssif.c | 7 +- drivers/clk/Kconfig | 1 + drivers/clk/imx/clk-composite-8m.c | 12 +- drivers/clk/imx/clk-imx8mp.c | 5 - drivers/clk/imx/clk-pll14xx.c | 2 - drivers/clk/keystone/pll.c | 2 +- drivers/clk/qcom/gcc-mdm9615.c | 2 +- drivers/clk/qcom/gcc-sc7180.c | 33 +- drivers/clk/qcom/gcc-sm8250.c | 93 +++--- drivers/clk/qcom/reset.c | 3 +- drivers/clk/sunxi-ng/ccu_mmc_timing.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 6 +- drivers/cpufreq/cpufreq.c | 2 + drivers/cpufreq/powernow-k8.c | 3 +- drivers/cpuidle/cpuidle-pseries.c | 8 +- drivers/crypto/caam/caampkc.c | 4 +- drivers/crypto/stm32/stm32-hash.c | 9 +- drivers/devfreq/devfreq.c | 1 + drivers/dma/Kconfig | 2 + drivers/dma/ste_dma40.c | 4 + drivers/firmware/Kconfig | 1 + drivers/firmware/arm_sdei.c | 32 +- drivers/firmware/efi/libstub/x86-stub.c | 2 +- drivers/firmware/meson/meson_sm.c | 2 + drivers/firmware/stratix10-svc.c | 2 +- drivers/fsi/fsi-master-aspeed.c | 2 + drivers/fsi/fsi-master-ast-cf.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 14 +- drivers/gpu/drm/amd/amdgpu/cik.c | 36 +-- drivers/gpu/drm/amd/amdgpu/si.c | 36 +-- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 + drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 5 +- .../drm/amd/display/modules/freesync/freesync.c | 9 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 10 +- drivers/gpu/drm/armada/armada_overlay.c | 6 +- drivers/gpu/drm/ast/ast_post.c | 2 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 9 +- drivers/gpu/drm/bridge/tc358764.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_dump.c | 14 +- drivers/gpu/drm/i915/gvt/gtt.c | 68 +++- drivers/gpu/drm/i915/gvt/gtt.h | 5 +- drivers/gpu/drm/i915/gvt/gvt.c | 9 + drivers/gpu/drm/i915/gvt/gvt.h | 3 + drivers/gpu/drm/i915/gvt/handlers.c | 44 ++- drivers/gpu/drm/i915/gvt/mmio.h | 4 + drivers/gpu/drm/i915/intel_gvt.c | 15 + drivers/gpu/drm/i915/intel_gvt.h | 5 + drivers/gpu/drm/mediatek/mtk_drm_gem.c | 6 +- drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 8 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 3 +- drivers/gpu/drm/panel/panel-simple.c | 4 +- drivers/gpu/drm/radeon/cik.c | 36 +-- drivers/gpu/drm/radeon/si.c | 37 +-- drivers/gpu/drm/tegra/dpaux.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 4 +- drivers/hid/hid-logitech-dj.c | 5 +- drivers/hid/hid-multitouch.c | 13 +- drivers/hid/wacom.h | 1 + drivers/hid/wacom_sys.c | 25 +- drivers/hid/wacom_wac.c | 1 + drivers/hid/wacom_wac.h | 1 + drivers/hwmon/tmp513.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-etf.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-etr.c | 5 +- drivers/hwtracing/coresight/coresight-tmc.h | 2 +- .../infiniband/core/uverbs_std_types_counters.c | 2 + drivers/infiniband/sw/siw/siw_cm.c | 1 - drivers/infiniband/sw/siw/siw_verbs.c | 2 +- drivers/infiniband/ulp/isert/ib_isert.c | 2 + drivers/infiniband/ulp/srp/ib_srp.c | 4 - drivers/iommu/arm/arm-smmu/qcom_iommu.c | 7 + drivers/iommu/intel/pasid.c | 2 +- drivers/leds/led-core.c | 8 +- drivers/md/md-bitmap.c | 28 +- drivers/media/cec/usb/pulse8/pulse8-cec.c | 7 +- drivers/media/dvb-frontends/ascot2e.c | 2 +- drivers/media/dvb-frontends/atbm8830.c | 2 +- drivers/media/dvb-frontends/au8522_dig.c | 2 +- drivers/media/dvb-frontends/bcm3510.c | 2 +- drivers/media/dvb-frontends/cx22700.c | 2 +- drivers/media/dvb-frontends/cx22702.c | 2 +- drivers/media/dvb-frontends/cx24110.c | 2 +- drivers/media/dvb-frontends/cx24113.c | 2 +- drivers/media/dvb-frontends/cx24116.c | 2 +- drivers/media/dvb-frontends/cx24120.c | 6 +- drivers/media/dvb-frontends/cx24123.c | 2 +- drivers/media/dvb-frontends/cxd2820r_core.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 4 +- drivers/media/dvb-frontends/cxd2880/cxd2880_top.c | 2 +- drivers/media/dvb-frontends/dib0070.c | 2 +- drivers/media/dvb-frontends/dib0090.c | 4 +- drivers/media/dvb-frontends/dib3000mb.c | 2 +- drivers/media/dvb-frontends/dib3000mc.c | 2 +- drivers/media/dvb-frontends/dib7000m.c | 2 +- drivers/media/dvb-frontends/dib7000p.c | 4 +- drivers/media/dvb-frontends/dib8000.c | 2 +- drivers/media/dvb-frontends/dib9000.c | 2 +- drivers/media/dvb-frontends/drx39xyj/drxj.c | 2 +- drivers/media/dvb-frontends/drxd_hard.c | 2 +- drivers/media/dvb-frontends/drxk_hard.c | 2 +- drivers/media/dvb-frontends/ds3000.c | 2 +- drivers/media/dvb-frontends/dvb-pll.c | 2 +- drivers/media/dvb-frontends/ec100.c | 2 +- drivers/media/dvb-frontends/helene.c | 4 +- drivers/media/dvb-frontends/horus3a.c | 2 +- drivers/media/dvb-frontends/isl6405.c | 2 +- drivers/media/dvb-frontends/isl6421.c | 2 +- drivers/media/dvb-frontends/isl6423.c | 2 +- drivers/media/dvb-frontends/itd1000.c | 2 +- drivers/media/dvb-frontends/ix2505v.c | 2 +- drivers/media/dvb-frontends/l64781.c | 2 +- drivers/media/dvb-frontends/lg2160.c | 2 +- drivers/media/dvb-frontends/lgdt3305.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 2 +- drivers/media/dvb-frontends/lgdt330x.c | 2 +- drivers/media/dvb-frontends/lgs8gxx.c | 2 +- drivers/media/dvb-frontends/lnbh25.c | 2 +- drivers/media/dvb-frontends/lnbp21.c | 4 +- drivers/media/dvb-frontends/lnbp22.c | 2 +- drivers/media/dvb-frontends/m88ds3103.c | 2 +- drivers/media/dvb-frontends/m88rs2000.c | 2 +- drivers/media/dvb-frontends/mb86a16.c | 2 +- drivers/media/dvb-frontends/mb86a20s.c | 2 +- drivers/media/dvb-frontends/mt312.c | 2 +- drivers/media/dvb-frontends/mt352.c | 2 +- drivers/media/dvb-frontends/nxt200x.c | 2 +- drivers/media/dvb-frontends/nxt6000.c | 2 +- drivers/media/dvb-frontends/or51132.c | 2 +- drivers/media/dvb-frontends/or51211.c | 2 +- drivers/media/dvb-frontends/s5h1409.c | 2 +- drivers/media/dvb-frontends/s5h1411.c | 2 +- drivers/media/dvb-frontends/s5h1420.c | 2 +- drivers/media/dvb-frontends/s5h1432.c | 2 +- drivers/media/dvb-frontends/s921.c | 2 +- drivers/media/dvb-frontends/si21xx.c | 2 +- drivers/media/dvb-frontends/sp887x.c | 2 +- drivers/media/dvb-frontends/stb0899_drv.c | 2 +- drivers/media/dvb-frontends/stb6000.c | 2 +- drivers/media/dvb-frontends/stb6100.c | 2 +- drivers/media/dvb-frontends/stv0288.c | 2 +- drivers/media/dvb-frontends/stv0297.c | 2 +- drivers/media/dvb-frontends/stv0299.c | 2 +- drivers/media/dvb-frontends/stv0367.c | 6 +- drivers/media/dvb-frontends/stv0900_core.c | 2 +- drivers/media/dvb-frontends/stv090x.c | 2 +- drivers/media/dvb-frontends/stv6110.c | 2 +- drivers/media/dvb-frontends/stv6110x.c | 2 +- drivers/media/dvb-frontends/tda10021.c | 2 +- drivers/media/dvb-frontends/tda10023.c | 2 +- drivers/media/dvb-frontends/tda10048.c | 2 +- drivers/media/dvb-frontends/tda1004x.c | 4 +- drivers/media/dvb-frontends/tda10086.c | 2 +- drivers/media/dvb-frontends/tda665x.c | 2 +- drivers/media/dvb-frontends/tda8083.c | 2 +- drivers/media/dvb-frontends/tda8261.c | 2 +- drivers/media/dvb-frontends/tda826x.c | 2 +- drivers/media/dvb-frontends/ts2020.c | 2 +- drivers/media/dvb-frontends/tua6100.c | 2 +- drivers/media/dvb-frontends/ves1820.c | 2 +- drivers/media/dvb-frontends/ves1x93.c | 2 +- drivers/media/dvb-frontends/zl10036.c | 2 +- drivers/media/dvb-frontends/zl10039.c | 2 +- drivers/media/dvb-frontends/zl10353.c | 2 +- drivers/media/i2c/ad5820.c | 2 - drivers/media/i2c/ov2680.c | 246 +++------------ drivers/media/i2c/ov5640.c | 4 +- drivers/media/i2c/tvp5150.c | 4 + drivers/media/pci/bt8xx/dst.c | 2 +- drivers/media/pci/bt8xx/dst_ca.c | 2 +- drivers/media/pci/cx23885/cx23885-dvb.c | 12 - drivers/media/pci/ddbridge/ddbridge-dummy-fe.c | 2 +- .../media/platform/mtk-vcodec/vdec/vdec_vp9_if.c | 5 +- drivers/media/tuners/fc0011.c | 2 +- drivers/media/tuners/fc0012.c | 2 +- drivers/media/tuners/fc0013.c | 2 +- drivers/media/tuners/max2165.c | 2 +- drivers/media/tuners/mc44s803.c | 2 +- drivers/media/tuners/mt2060.c | 2 +- drivers/media/tuners/mt2131.c | 2 +- drivers/media/tuners/mt2266.c | 2 +- drivers/media/tuners/mxl5005s.c | 2 +- drivers/media/tuners/qt1010.c | 2 +- drivers/media/tuners/tda18218.c | 2 +- drivers/media/tuners/xc4000.c | 2 +- drivers/media/tuners/xc5000.c | 2 +- drivers/media/usb/dvb-usb/m920x.c | 5 +- drivers/media/usb/go7007/go7007-i2c.c | 2 - drivers/media/usb/siano/smsusb.c | 21 +- drivers/media/v4l2-core/v4l2-fwnode.c | 18 +- drivers/mmc/host/Kconfig | 5 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 45 ++- drivers/mtd/nand/raw/fsmc_nand.c | 7 +- drivers/mtd/spi-nor/core.c | 19 +- drivers/net/arcnet/arcnet.c | 2 +- drivers/net/can/usb/gs_usb.c | 5 +- drivers/net/dsa/sja1105/sja1105_main.c | 38 ++- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +- drivers/net/ethernet/freescale/enetc/enetc_ptp.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +- drivers/net/ethernet/intel/ice/ice_main.c | 13 +- drivers/net/ethernet/intel/igb/igb.h | 4 +- drivers/net/ethernet/intel/igb/igb_main.c | 16 +- drivers/net/ethernet/intel/igbvf/igbvf.h | 4 +- drivers/net/ethernet/intel/igc/igc.h | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 28 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 5 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 9 +- drivers/net/ethernet/mellanox/mlxsw/i2c.c | 5 +- drivers/net/macsec.c | 3 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 3 + drivers/net/veth.c | 4 +- drivers/net/vxlan/vxlan_core.c | 58 ++-- drivers/net/wireless/ath/ath10k/pci.c | 9 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +- drivers/net/wireless/ath/ath9k/wmi.c | 20 +- drivers/net/wireless/marvell/mwifiex/debugfs.c | 9 +- drivers/net/wireless/marvell/mwifiex/pcie.c | 25 +- drivers/net/wireless/marvell/mwifiex/sta_rx.c | 12 +- drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 30 +- drivers/net/wireless/marvell/mwifiex/util.c | 10 +- drivers/net/wireless/mediatek/mt76/testmode.c | 1 + drivers/ntb/ntb_transport.c | 19 +- drivers/of/unittest.c | 12 +- drivers/opp/core.c | 2 +- drivers/parisc/led.c | 4 +- drivers/pci/hotplug/pciehp_hpc.c | 12 +- drivers/pci/pcie/aspm.c | 30 +- drivers/perf/fsl_imx8_ddr_perf.c | 24 +- drivers/phy/qualcomm/phy-qcom-snps-femto-v2.c | 6 +- drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 18 +- drivers/pinctrl/intel/pinctrl-cherryview.c | 5 +- drivers/pinctrl/pinctrl-amd.c | 4 +- drivers/pinctrl/pinctrl-mcp23s08_spi.c | 10 + drivers/platform/mellanox/mlxbf-tmfifo.c | 91 ++++-- drivers/platform/x86/huawei-wmi.c | 2 + drivers/platform/x86/intel-hid.c | 21 +- drivers/pwm/pwm-lpc32xx.c | 16 +- drivers/rpmsg/qcom_glink_native.c | 4 + drivers/rtc/rtc-ds1685.c | 2 +- drivers/s390/block/dasd.c | 125 +++----- drivers/s390/block/dasd_3990_erp.c | 2 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/s390/crypto/zcrypt_api.c | 1 + drivers/s390/crypto/zcrypt_ep11misc.c | 4 +- drivers/s390/crypto/zcrypt_ep11misc.h | 9 +- drivers/scsi/aic94xx/aic94xx_task.c | 2 +- drivers/scsi/be2iscsi/be_iscsi.c | 4 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/hisi_sas/hisi_sas_v1_hw.c | 8 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 19 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 62 ++-- drivers/scsi/hosts.c | 4 +- drivers/scsi/isci/request.c | 10 +- drivers/scsi/isci/task.c | 2 +- drivers/scsi/libsas/sas_ata.c | 7 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/libsas/sas_task.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 46 ++- drivers/scsi/mpt3sas/mpt3sas_base.h | 1 + drivers/scsi/mvsas/mv_sas.c | 10 +- drivers/scsi/pm8001/pm8001_hwi.c | 16 +- drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm80xx_hwi.c | 14 +- drivers/scsi/qedf/qedf_dbg.h | 2 + drivers/scsi/qedf/qedf_debugfs.c | 35 ++- drivers/scsi/qedi/qedi_main.c | 5 +- drivers/scsi/qla2xxx/qla_attr.c | 2 - drivers/scsi/qla2xxx/qla_dbg.c | 18 +- drivers/scsi/qla2xxx/qla_def.h | 12 +- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 68 ++-- drivers/scsi/qla2xxx/qla_inline.h | 46 +++ drivers/scsi/qla2xxx/qla_iocb.c | 60 +++- drivers/scsi/qla2xxx/qla_isr.c | 16 +- drivers/scsi/qla2xxx/qla_mbx.c | 7 +- drivers/scsi/qla2xxx/qla_nvme.c | 12 +- drivers/scsi/qla2xxx/qla_os.c | 223 +++++++------ drivers/scsi/qla2xxx/qla_target.c | 14 +- drivers/scsi/qla4xxx/ql4_os.c | 15 + drivers/scsi/scsi_transport_iscsi.c | 80 +++-- drivers/scsi/storvsc_drv.c | 2 + drivers/soc/qcom/ocmem.c | 14 +- drivers/soc/qcom/qmi_encdec.c | 4 +- drivers/spi/spi-tegra20-sflash.c | 6 +- drivers/staging/media/rkvdec/rkvdec.c | 2 +- drivers/staging/rtl8712/os_intfs.c | 1 + drivers/staging/rtl8712/usb_intf.c | 1 - drivers/tty/serial/qcom_geni_serial.c | 5 + drivers/tty/serial/sc16is7xx.c | 17 +- drivers/tty/serial/serial-tegra.c | 6 +- drivers/tty/serial/sprd_serial.c | 30 +- drivers/usb/chipidea/ci_hdrc_imx.c | 10 +- drivers/usb/chipidea/usbmisc_imx.c | 6 +- drivers/usb/core/hcd.c | 10 +- drivers/usb/core/hub.c | 349 ++++++++++++--------- drivers/usb/core/message.c | 29 +- drivers/usb/core/usb.h | 4 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 6 + drivers/usb/gadget/function/f_mass_storage.c | 2 +- drivers/usb/phy/phy-mxs-usb.c | 10 +- drivers/usb/serial/option.c | 7 + drivers/usb/typec/bus.c | 12 +- drivers/usb/typec/tcpm/tcpci.c | 4 + drivers/usb/typec/tcpm/tcpci.h | 1 + drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/bd6107.c | 2 +- drivers/video/backlight/gpio_backlight.c | 5 +- drivers/video/backlight/lv5207lp.c | 2 +- drivers/video/fbdev/ep93xx-fb.c | 1 - drivers/virtio/virtio_ring.c | 2 +- drivers/watchdog/intel-mid_wdt.c | 1 + fs/btrfs/disk-io.c | 5 +- fs/btrfs/transaction.c | 7 +- fs/configfs/dir.c | 2 + fs/dlm/plock.c | 6 +- fs/erofs/zdata.c | 2 + fs/eventfd.c | 7 +- fs/ext4/balloc.c | 15 +- fs/ext4/block_validity.c | 8 +- fs/ext4/ext4.h | 2 + fs/ext4/mballoc.c | 2 +- fs/fuse/readdir.c | 10 +- fs/jfs/jfs_extent.c | 5 + fs/lockd/mon.c | 3 + fs/namei.c | 2 +- fs/nfs/blocklayout/dev.c | 4 +- fs/nfs/direct.c | 20 +- fs/nfs/nfs2xdr.c | 2 +- fs/nfs/nfs3xdr.c | 2 +- fs/nfs/nfs42proc.c | 5 +- fs/nfs/pnfs_dev.c | 2 +- fs/nfsd/blocklayoutxdr.c | 9 + fs/nfsd/flexfilelayoutxdr.c | 9 + fs/nfsd/nfs4xdr.c | 25 +- fs/nilfs2/alloc.c | 3 +- fs/nilfs2/inode.c | 7 +- fs/nilfs2/segment.c | 5 + fs/nls/nls_base.c | 4 +- fs/ocfs2/namei.c | 4 + fs/overlayfs/super.c | 2 +- fs/proc/base.c | 3 +- fs/pstore/ram_core.c | 2 +- fs/quota/dquot.c | 174 ++++++---- fs/reiserfs/journal.c | 4 +- fs/udf/balloc.c | 31 +- fs/udf/inode.c | 45 ++- fs/verity/signature.c | 16 + include/acpi/apei.h | 4 +- include/crypto/algapi.h | 3 + include/crypto/blake2b.h | 67 ++++ include/crypto/internal/blake2b.h | 115 +++++++ include/linux/arm_sdei.h | 4 + include/linux/eventfd.h | 6 + include/linux/if_arp.h | 4 + include/linux/nls.h | 2 +- include/linux/trace_events.h | 3 +- include/linux/usb/typec_altmode.h | 2 +- include/net/ip.h | 1 + include/net/ip_tunnels.h | 15 +- include/net/ipv6.h | 2 +- include/net/lwtunnel.h | 5 +- include/net/tcp.h | 1 - include/scsi/libsas.h | 12 +- include/scsi/scsi_host.h | 2 +- include/uapi/linux/sync_file.h | 2 +- io_uring/io-wq.c | 10 + io_uring/io-wq.h | 1 + io_uring/io_uring.c | 9 +- kernel/auditsc.c | 2 + kernel/bpf/verifier.c | 17 +- kernel/cgroup/namespace.c | 6 - kernel/kprobes.c | 14 +- kernel/module.c | 15 +- kernel/printk/printk_ringbuffer.c | 2 +- kernel/rcu/refscale.c | 3 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 72 ++++- kernel/trace/trace.h | 2 + kernel/trace/trace_uprobe.c | 3 +- lib/idr.c | 2 +- lib/test_meminit.c | 2 +- mm/shmem.c | 28 +- net/9p/trans_virtio.c | 2 +- net/bluetooth/hci_core.c | 16 +- net/core/filter.c | 2 + net/core/flow_dissector.c | 3 +- net/core/lwt_bpf.c | 7 +- net/core/skbuff.c | 34 +- net/core/sock.c | 9 +- net/dccp/ipv4.c | 13 +- net/dccp/ipv6.c | 15 +- net/hsr/hsr_forward.c | 1 + net/ipv4/devinet.c | 10 +- net/ipv4/fib_semantics.c | 5 +- net/ipv4/fib_trie.c | 3 +- net/ipv4/igmp.c | 3 +- net/ipv4/ip_input.c | 3 +- net/ipv4/ip_output.c | 2 +- net/ipv4/route.c | 1 + net/ipv4/tcp_input.c | 3 +- net/ipv4/tcp_timer.c | 18 +- net/ipv4/udp.c | 20 +- net/ipv6/addrconf.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/udp.c | 19 +- net/kcm/kcmsock.c | 15 +- net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + net/netfilter/nfnetlink_osf.c | 8 + net/netfilter/xt_sctp.c | 2 + net/netfilter/xt_u32.c | 21 ++ net/netlabel/netlabel_kapi.c | 3 +- net/netrom/af_netrom.c | 5 + net/sched/sch_fq_pie.c | 27 +- net/sched/sch_hfsc.c | 4 + net/sched/sch_plug.c | 2 +- net/sched/sch_qfq.c | 22 +- net/sctp/proc.c | 2 +- net/sctp/sm_sideeffect.c | 5 +- net/sctp/socket.c | 10 +- net/smc/smc_core.c | 2 + net/socket.c | 6 +- net/tls/tls_sw.c | 4 +- net/unix/af_unix.c | 2 +- net/unix/scm.c | 6 +- samples/bpf/tracex6_kern.c | 17 +- scripts/kconfig/preprocess.c | 3 + security/integrity/ima/Kconfig | 12 - security/keys/keyctl.c | 11 +- security/smack/smackfs.c | 2 +- sound/Kconfig | 2 +- sound/core/pcm_compat.c | 8 +- sound/core/seq/oss/seq_oss_midi.c | 35 ++- sound/pci/ac97/ac97_codec.c | 5 +- sound/soc/atmel/atmel-i2s.c | 5 +- sound/soc/codecs/Kconfig | 1 + sound/soc/codecs/da7219-aad.c | 12 +- sound/soc/codecs/es8316.c | 2 +- sound/soc/codecs/rt5682-sdw.c | 7 +- tools/bpf/bpftool/skeleton/profiler.bpf.c | 27 +- tools/hv/vmbus_testing | 4 +- tools/perf/builtin-top.c | 1 + tools/perf/ui/browsers/hists.c | 60 ++-- tools/perf/util/annotate.c | 10 +- tools/perf/util/header.c | 11 +- .../selftests/bpf/benchs/run_bench_rename.sh | 2 +- .../selftests/bpf/progs/test_cls_redirect.h | 9 + tools/testing/selftests/kselftest/runner.sh | 29 +- tools/testing/selftests/kselftest_harness.h | 11 +- tools/testing/selftests/resctrl/cache.c | 18 +- tools/testing/selftests/resctrl/fill_buf.c | 3 +- tools/testing/selftests/resctrl/resctrl.h | 1 + 555 files changed, 3750 insertions(+), 2444 deletions(-)

2 years, 1 month

14
430
0 0

+ mmap-fix-error-paths-with-dup_anon_vma.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mmap: fix error paths with dup_anon_vma() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmap-fix-error-paths-with-dup_anon_vma.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix error paths with dup_anon_vma() Date: Fri, 29 Sep 2023 14:30:40 -0400 When the calling function fails after the dup_anon_vma(), the duplication of the anon_vma is not being undone. Add the necessary unlink_anon_vma() call to the error paths that are missing them. This issue showed up during inspection of the error path in vma_merge() for an unrelated vma iterator issue. Users may experience increased memory usage, which may be problematic as the failure would likely be caused by a low memory situation. Link: https://lkml.kernel.org/r/20230929183041.2835469-3-Liam.Howlett@oracle.com Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Jann Horn <jannh(a)google.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) --- a/mm/mmap.c~mmap-fix-error-paths-with-dup_anon_vma +++ a/mm/mmap.c @@ -583,11 +583,12 @@ again: * dup_anon_vma() - Helper function to duplicate anon_vma * @dst: The destination VMA * @src: The source VMA + * @dup: Pointer to the destination VMA when successful. * * Returns: 0 on success. */ static inline int dup_anon_vma(struct vm_area_struct *dst, - struct vm_area_struct *src) + struct vm_area_struct *src, struct vm_area_struct **dup) { /* * Easily overlooked: when mprotect shifts the boundary, make sure the @@ -595,9 +596,15 @@ static inline int dup_anon_vma(struct vm * anon pages imported. */ if (src->anon_vma && !dst->anon_vma) { + int ret; + vma_assert_write_locked(dst); dst->anon_vma = src->anon_vma; - return anon_vma_clone(dst, src); + ret = anon_vma_clone(dst, src); + if (ret) + return ret; + + *dup = dst; } return 0; @@ -624,6 +631,7 @@ int vma_expand(struct vma_iterator *vmi, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next) { + struct vm_area_struct *anon_dup = NULL; bool remove_next = false; struct vma_prepare vp; @@ -633,7 +641,7 @@ int vma_expand(struct vma_iterator *vmi, remove_next = true; vma_start_write(next); - ret = dup_anon_vma(vma, next); + ret = dup_anon_vma(vma, next, &anon_dup); if (ret) return ret; } @@ -661,6 +669,8 @@ int vma_expand(struct vma_iterator *vmi, return 0; nomem: + if (anon_dup) + unlink_anon_vmas(anon_dup); return -ENOMEM; } @@ -860,6 +870,7 @@ struct vm_area_struct *vma_merge(struct { struct vm_area_struct *curr, *next, *res; struct vm_area_struct *vma, *adjust, *remove, *remove2; + struct vm_area_struct *anon_dup = NULL; struct vma_prepare vp; pgoff_t vma_pgoff; int err = 0; @@ -927,18 +938,18 @@ struct vm_area_struct *vma_merge(struct vma_start_write(next); remove = next; /* case 1 */ vma_end = next->vm_end; - err = dup_anon_vma(prev, next); + err = dup_anon_vma(prev, next, &anon_dup); if (curr) { /* case 6 */ vma_start_write(curr); remove = curr; remove2 = next; if (!next->anon_vma) - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); } } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ remove = curr; } else { /* case 5 */ @@ -954,7 +965,7 @@ struct vm_area_struct *vma_merge(struct vma_end = addr; adjust = next; adj_start = -(prev->vm_end - addr); - err = dup_anon_vma(next, prev); + err = dup_anon_vma(next, prev, &anon_dup); } else { /* * Note that cases 3 and 8 are the ONLY ones where prev @@ -968,7 +979,7 @@ struct vm_area_struct *vma_merge(struct vma_pgoff = curr->vm_pgoff; vma_start_write(curr); remove = curr; - err = dup_anon_vma(next, curr); + err = dup_anon_vma(next, curr, &anon_dup); } } } @@ -1018,6 +1029,9 @@ struct vm_area_struct *vma_merge(struct return res; prealloc_fail: + if (anon_dup) + unlink_anon_vmas(anon_dup); + anon_vma_fail: vma_iter_set(vmi, addr); vma_iter_load(vmi); _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch

2 years, 1 month

1
0
0 0

+ mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mmap: fix vma_iterator in error path of vma_merge() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix vma_iterator in error path of vma_merge() Date: Fri, 29 Sep 2023 14:30:39 -0400 During the error path, the vma iterator may not be correctly positioned or set to the correct range. Undo the vma_prev() call by resetting to the passed in address. Re-walking to the same range will fix the range to the area previously passed in. Users would notice increased cycles as vma_merge() would be called an extra time with vma == prev, and thus would fail to merge and return. Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Link: https://lkml.kernel.org/r/20230929183041.2835469-2-Liam.Howlett@oracle.com Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/mm/mmap.c~mmap-fix-vma_iterator-in-error-path-of-vma_merge +++ a/mm/mmap.c @@ -975,7 +975,7 @@ struct vm_area_struct *vma_merge(struct /* Error in anon_vma clone. */ if (err) - return NULL; + goto anon_vma_fail; if (vma_start < vma->vm_start || vma_end > vma->vm_end) vma_expanded = true; @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct } if (vma_iter_prealloc(vmi, vma)) - return NULL; + goto prealloc_fail; init_multi_vma_prep(&vp, vma, adjust, remove, remove2); VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_complete(&vp, vmi, mm); khugepaged_enter_vma(res, vm_flags); return res; + +prealloc_fail: +anon_vma_fail: + vma_iter_set(vmi, addr); + vma_iter_load(vmi); + return NULL; } /* _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch

2 years, 1 month

1
0
0 0

Build failure in v5.15.133

by Guenter Roeck

Hi, I see the following build failure with v5.15.133. Build reference: v5.15.133 Compiler version: aarch64-linux-gcc (GCC) 11.4.0 Assembler version: GNU assembler (GNU Binutils) 2.40 Building arm64:allnoconfig ... passed Building arm64:tinyconfig ... passed Building arm64:defconfig ... failed -------------- Error log: drivers/interconnect/core.c: In function 'icc_init': drivers/interconnect/core.c:1148:9: error: implicit declaration of function 'fs_reclaim_acquire' [-Werror=implicit-function-declaration] 1148 | fs_reclaim_acquire(GFP_KERNEL); | ^~~~~~~~~~~~~~~~~~ drivers/interconnect/core.c:1150:9: error: implicit declaration of function 'fs_reclaim_release' [-Werror=implicit-function-declaration] 1150 | fs_reclaim_release(GFP_KERNEL); | ^~~~~~~~~~~~~~~~~~ This also affects alpha:allmodconfig and m68k:allmodconfig. The problem was introduced with 'interconnect: Teach lockdep about icc_bw_lock order'. #include <linux/sched/mm.h> is missing. Presumably that is included indirectly in the upstream kernel, but I wasn't able to determine which commit added it. Guenter

2 years, 1 month

3
2
0 0

[PATCH 2/3] mmap: Fix error paths with dup_anon_vma()

by Liam R. Howlett

When the calling function fails after the dup_anon_vma(), the duplication of the anon_vma is not being undone. Add the necessary unlink_anon_vma() call to the error paths that are missing them. This issue showed up during inspection of the error path in vma_merge() for an unrelated vma iterator issue. Users may experience increased memory usage, which may be problematic as the failure would likely be caused by a low memory situation. Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree") Cc: stable(a)vger.kernel.org Cc: Jann Horn <jannh(a)google.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> --- mm/mmap.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index b5bc4ca9bdc4..2f0ee489db8a 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -587,7 +587,7 @@ static inline void vma_complete(struct vma_prepare *vp, * Returns: 0 on success. */ static inline int dup_anon_vma(struct vm_area_struct *dst, - struct vm_area_struct *src) + struct vm_area_struct *src, struct vm_area_struct **dup) { /* * Easily overlooked: when mprotect shifts the boundary, make sure the @@ -597,6 +597,7 @@ static inline int dup_anon_vma(struct vm_area_struct *dst, if (src->anon_vma && !dst->anon_vma) { vma_assert_write_locked(dst); dst->anon_vma = src->anon_vma; + *dup = dst; return anon_vma_clone(dst, src); } @@ -624,6 +625,7 @@ int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next) { + struct vm_area_struct *anon_dup = NULL; bool remove_next = false; struct vma_prepare vp; @@ -633,7 +635,7 @@ int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma, remove_next = true; vma_start_write(next); - ret = dup_anon_vma(vma, next); + ret = dup_anon_vma(vma, next, &anon_dup); if (ret) return ret; } @@ -661,6 +663,8 @@ int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma, return 0; nomem: + if (anon_dup) + unlink_anon_vmas(anon_dup); return -ENOMEM; } @@ -860,6 +864,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, { struct vm_area_struct *curr, *next, *res; struct vm_area_struct *vma, *adjust, *remove, *remove2; + struct vm_area_struct *anon_dup = NULL; struct vma_prepare vp; pgoff_t vma_pgoff; int err = 0; @@ -927,18 +932,18 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, vma_start_write(next); remove = next; /* case 1 */ vma_end = next->vm_end; - err = dup_anon_vma(prev, next); + err = dup_anon_vma(prev, next, &anon_dup); if (curr) { /* case 6 */ vma_start_write(curr); remove = curr; remove2 = next; if (!next->anon_vma) - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); } } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ remove = curr; } else { /* case 5 */ @@ -954,7 +959,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, vma_end = addr; adjust = next; adj_start = -(prev->vm_end - addr); - err = dup_anon_vma(next, prev); + err = dup_anon_vma(next, prev, &anon_dup); } else { /* * Note that cases 3 and 8 are the ONLY ones where prev @@ -1018,6 +1023,9 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, return res; prealloc_fail: + if (anon_dup) + unlink_anon_vmas(anon_dup); + anon_vma_fail: if (merge_prev) vma_next(vmi); -- 2.40.1

2 years, 1 month

3
2
0 0

[PATCH 1/3] mmap: Fix vma_iterator in error path of vma_merge()

by Liam R. Howlett

When merging of the previous VMA fails after the vma iterator has been moved to the previous entry, the vma iterator must be advanced to ensure the caller takes the correct action on the next vma iterator event. Fix this by adding a vma_next() call to the error path. Users may experience higher CPU usage, most likely in very low memory situations. Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.") Cc: stable(a)vger.kernel.org Cc: Jann Horn <jannh(a)google.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> --- mm/mmap.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index b56a7f0c9f85..b5bc4ca9bdc4 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -968,14 +968,14 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, vma_pgoff = curr->vm_pgoff; vma_start_write(curr); remove = curr; - err = dup_anon_vma(next, curr); + err = dup_anon_vma(next, curr, &anon_dup); } } } /* Error in anon_vma clone. */ if (err) - return NULL; + goto anon_vma_fail; if (vma_start < vma->vm_start || vma_end > vma->vm_end) vma_expanded = true; @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, } if (vma_iter_prealloc(vmi, vma)) - return NULL; + goto prealloc_fail; init_multi_vma_prep(&vp, vma, adjust, remove, remove2); VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_iterator *vmi, struct mm_struct *mm, vma_complete(&vp, vmi, mm); khugepaged_enter_vma(res, vm_flags); return res; + +prealloc_fail: +anon_vma_fail: + if (merge_prev) + vma_next(vmi); + return NULL; } /* -- 2.40.1

2 years, 1 month

5
7
0 0

[PATCH 5.15 1/2] sched/cpuacct: Optimize away RCU read lock

by ovidiu.panait＠windriver.com

From: Chengming Zhou <zhouchengming(a)bytedance.com> commit dc6e0818bc9a0336d9accf3ea35d146d72aa7a18 upstream. Since cpuacct_charge() is called from the scheduler update_curr(), we must already have rq lock held, then the RCU read lock can be optimized away. And do the same thing in it's wrapper cgroup_account_cputime(), but we can't use lockdep_assert_rq_held() there, which defined in kernel/sched/sched.h. Suggested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Chengming Zhou <zhouchengming(a)bytedance.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lore.kernel.org/r/20220220051426.5274-2-zhouchengming@bytedance.com Signed-off-by: Ovidiu Panait <ovidiu.panait(a)windriver.com> --- include/linux/cgroup.h | 2 -- kernel/sched/cpuacct.c | 4 +--- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h index 45cdb12243e3..f425389ce4bb 100644 --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -792,11 +792,9 @@ static inline void cgroup_account_cputime(struct task_struct *task, cpuacct_charge(task, delta_exec); - rcu_read_lock(); cgrp = task_dfl_cgroup(task); if (cgroup_parent(cgrp)) __cgroup_account_cputime(cgrp, delta_exec); - rcu_read_unlock(); } static inline void cgroup_account_cputime_field(struct task_struct *task, diff --git a/kernel/sched/cpuacct.c b/kernel/sched/cpuacct.c index cacc2076ad21..f0af0fecde9d 100644 --- a/kernel/sched/cpuacct.c +++ b/kernel/sched/cpuacct.c @@ -331,12 +331,10 @@ void cpuacct_charge(struct task_struct *tsk, u64 cputime) unsigned int cpu = task_cpu(tsk); struct cpuacct *ca; - rcu_read_lock(); + lockdep_assert_rq_held(cpu_rq(cpu)); for (ca = task_ca(tsk); ca; ca = parent_ca(ca)) *per_cpu_ptr(ca->cpuusage, cpu) += cputime; - - rcu_read_unlock(); } /* -- 2.31.1

2 years, 1 month

1
1
0 0

[PATCH 5/6] serial: core: make sure RS485 is cannot be enabled when it is not supported

by Lino Sanfilippo

From: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> Some uart drivers specify a rs485_config() function and then decide later to disable RS485 support for some reason (e.g. imx and ar933). In these cases userspace may be able to activate RS485 via TIOCSRS485 nevertheless, since in uart_set_rs485_config() an existing rs485_config() function indicates that RS485 is supported. Make sure that this is not longer possible by checking the uarts rs485_supported.flags instead and bailing out if SER_RS485_ENABLED is not set. Furthermore instead of returning an empty structure return -ENOTTY if the RS485 configuration is requested via TIOCGRS485 but RS485 is not supported. Cc: stable(a)vger.kernel.org Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/serial_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index f4feebf8200f..dca09877fabc 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1432,6 +1432,9 @@ static int uart_get_rs485_config(struct uart_port *port, unsigned long flags; struct serial_rs485 aux; + if (!(port->rs485_supported.flags & SER_RS485_ENABLED)) + return -ENOTTY; + spin_lock_irqsave(&port->lock, flags); aux = port->rs485; spin_unlock_irqrestore(&port->lock, flags); @@ -1449,7 +1452,7 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, int ret; unsigned long flags; - if (!port->rs485_config) + if (!(port->rs485_supported.flags & SER_RS485_ENABLED)) return -ENOTTY; if (copy_from_user(&rs485, rs485_user, sizeof(*rs485_user))) -- 2.40.1

2 years, 1 month

2
2
0 0

[PATCH 1/6] serial: Do not hold the port lock when setting rx-during-tx GPIO

by Lino Sanfilippo

From: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> Both the imx and stm32 driver set the rx-during-tx GPIO in the rs485_config() function by means of gpiod_set_value(). Since rs485_config() is called with the port lock held, this can be an problem in case that setting the GPIO line can sleep (e.g. if a GPIO expander is used which is connected via SPI or I2C). Avoid this issue by setting the GPIO outside of the port lock in the serial core and by using gpiod_set_value_cansleep() instead of gpiod_set_value(). Since now both the term and the rx-during-tx GPIO are set within the serial core use a common function uart_set_rs485_gpios() to set both. With moving it into the serial core setting the rx-during-tx GPIO is now automatically done for all drivers that support such a GPIO. Cc: stable(a)vger.kernel.org Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/imx.c | 4 ---- drivers/tty/serial/serial_core.c | 10 ++++++---- drivers/tty/serial/stm32-usart.c | 5 +---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 13cb78340709..edb2ec6a5567 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -1947,10 +1947,6 @@ static int imx_uart_rs485_config(struct uart_port *port, struct ktermios *termio rs485conf->flags & SER_RS485_RX_DURING_TX) imx_uart_start_rx(port); - if (port->rs485_rx_during_tx_gpio) - gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, - !!(rs485conf->flags & SER_RS485_RX_DURING_TX)); - return 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 7bdc21d5e13b..ef0500be3553 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1391,14 +1391,16 @@ static void uart_sanitize_serial_rs485(struct uart_port *port, struct serial_rs4 memset(rs485->padding1, 0, sizeof(rs485->padding1)); } -static void uart_set_rs485_termination(struct uart_port *port, - const struct serial_rs485 *rs485) +static void uart_set_rs485_gpios(struct uart_port *port, + const struct serial_rs485 *rs485) { if (!(rs485->flags & SER_RS485_ENABLED)) return; gpiod_set_value_cansleep(port->rs485_term_gpio, !!(rs485->flags & SER_RS485_TERMINATE_BUS)); + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, + !!(rs485->flags & SER_RS485_RX_DURING_TX)); } static int uart_rs485_config(struct uart_port *port) @@ -1407,7 +1409,7 @@ static int uart_rs485_config(struct uart_port *port) int ret; uart_sanitize_serial_rs485(port, rs485); - uart_set_rs485_termination(port, rs485); + uart_set_rs485_gpios(port, rs485); ret = port->rs485_config(port, NULL, rs485); if (ret) @@ -1449,7 +1451,7 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, if (ret) return ret; uart_sanitize_serial_rs485(port, &rs485); - uart_set_rs485_termination(port, &rs485); + uart_set_rs485_gpios(port, &rs485); spin_lock_irqsave(&port->lock, flags); ret = port->rs485_config(port, &tty->termios, &rs485); diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c index 5e9cf0c48813..8eb13bf055f2 100644 --- a/drivers/tty/serial/stm32-usart.c +++ b/drivers/tty/serial/stm32-usart.c @@ -226,10 +226,7 @@ static int stm32_usart_config_rs485(struct uart_port *port, struct ktermios *ter stm32_usart_clr_bits(port, ofs->cr1, BIT(cfg->uart_enable_bit)); - if (port->rs485_rx_during_tx_gpio) - gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, - !!(rs485conf->flags & SER_RS485_RX_DURING_TX)); - else + if (!port->rs485_rx_during_tx_gpio) rs485conf->flags |= SER_RS485_RX_DURING_TX; if (rs485conf->flags & SER_RS485_ENABLED) { -- 2.40.1

2 years, 1 month

2
2
0 0

[RESEND PATCH V3] usb: gadget: udc-xilinx: replace memcpy with memcpy_toio

by Piyush Mehta

For ARM processor, unaligned access to device memory is not allowed. Method memcpy does not take care of alignment. USB detection failure with the unalingned address of memory, with below kernel crash. To fix the unalingned address kernel panic, replace memcpy with memcpy_toio method. Kernel crash: Unable to handle kernel paging request at virtual address ffff80000c05008a Mem abort info: ESR = 0x96000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061 CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000000143b000 [ffff80000c05008a] pgd=100000087ffff003, p4d=100000087ffff003, pud=100000087fffe003, pmd=1000000800bcc003, pte=00680000a0010713 Internal error: Oops: 96000061 [#1] SMP Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.19-xilinx-v2022.1 #1 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __memcpy+0x30/0x260 lr : __xudc_ep0_queue+0xf0/0x110 sp : ffff800008003d00 x29: ffff800008003d00 x28: ffff800009474e80 x27: 00000000000000a0 x26: 0000000000000100 x25: 0000000000000012 x24: ffff000800bc8080 x23: 0000000000000001 x22: 0000000000000012 x21: ffff000800bc8080 x20: 0000000000000012 x19: ffff000800bc8080 x18: 0000000000000000 x17: ffff800876482000 x16: ffff800008004000 x15: 0000000000004000 x14: 00001f09785d0400 x13: 0103020101005567 x12: 0781400000000200 x11: 00000000c5672a10 x10: 00000000000008d0 x9 : ffff800009463cf0 x8 : ffff8000094757b0 x7 : 0201010055670781 x6 : 4000000002000112 x5 : ffff80000c05009a x4 : ffff000800a15012 x3 : ffff00080362ad80 x2 : 0000000000000012 x1 : ffff000800a15000 x0 : ffff80000c050088 Call trace: __memcpy+0x30/0x260 xudc_ep0_queue+0x3c/0x60 usb_ep_queue+0x38/0x44 composite_ep0_queue.constprop.0+0x2c/0xc0 composite_setup+0x8d0/0x185c configfs_composite_setup+0x74/0xb0 xudc_irq+0x570/0xa40 __handle_irq_event_percpu+0x58/0x170 handle_irq_event+0x60/0x120 handle_fasteoi_irq+0xc0/0x220 handle_domain_irq+0x60/0x90 gic_handle_irq+0x74/0xa0 call_on_irq_stack+0x2c/0x60 do_interrupt_handler+0x54/0x60 el1_interrupt+0x30/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x78/0x7c arch_cpu_idle+0x18/0x2c do_idle+0xdc/0x15c cpu_startup_entry+0x28/0x60 rest_init+0xc8/0xe0 arch_call_rest_init+0x10/0x1c start_kernel+0x694/0x6d4 __primary_switched+0xa4/0xac Fixes: 1f7c51660034 ("usb: gadget: Add xilinx usb2 device support") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/all/202209020044.CX2PfZzM-lkp@intel.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Piyush Mehta <piyush.mehta(a)amd.com> --- Changes in RESEND V3: - Resend Patch- Created on https://github.com/torvalds/linux.git Branch: master Changes in V3: - Added "(void __iomem *)" proper type-cast for memcpy_toio API. - Resubmitting the patch because it was reverted due to a sparse error/warning. - Sparse error/warning fix available in usb-next branch: Links: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/?h=us… https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/?h=us… https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/?h=us… - This patch created based on REPO: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git Branch: usb-next base-commit: 895ed7eb263d7ce2d2592fdd3e211464a556084a Link: https://lore.kernel.org/all/202209020044.CX2PfZzM-lkp@intel.com/ Changes in V2: - Address Greg KH review comments: - Added information in the form of a Fixes: commit Id (commit message). - Cc stable kernel. Link:https://lore.kernel.org/all/YwW8zE8ieLCsSxPN@kroah.com/ --- drivers/usb/gadget/udc/udc-xilinx.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/usb/gadget/udc/udc-xilinx.c b/drivers/usb/gadget/udc/udc-xilinx.c index 56b8286a8009..74590f93ea61 100644 --- a/drivers/usb/gadget/udc/udc-xilinx.c +++ b/drivers/usb/gadget/udc/udc-xilinx.c @@ -497,11 +497,13 @@ static int xudc_eptxrx(struct xusb_ep *ep, struct xusb_req *req, /* Get the Buffer address and copy the transmit data.*/ eprambase = (u32 __force *)(udc->addr + ep->rambase); if (ep->is_in) { - memcpy(eprambase, bufferptr, bytestosend); + memcpy_toio((void __iomem *)eprambase, bufferptr, + bytestosend); udc->write_fn(udc->addr, ep->offset + XUSB_EP_BUF0COUNT_OFFSET, bufferlen); } else { - memcpy(bufferptr, eprambase, bytestosend); + memcpy_toio((void __iomem *)bufferptr, eprambase, + bytestosend); } /* * Enable the buffer for transmission. @@ -515,11 +517,13 @@ static int xudc_eptxrx(struct xusb_ep *ep, struct xusb_req *req, eprambase = (u32 __force *)(udc->addr + ep->rambase + ep->ep_usb.maxpacket); if (ep->is_in) { - memcpy(eprambase, bufferptr, bytestosend); + memcpy_toio((void __iomem *)eprambase, bufferptr, + bytestosend); udc->write_fn(udc->addr, ep->offset + XUSB_EP_BUF1COUNT_OFFSET, bufferlen); } else { - memcpy(bufferptr, eprambase, bytestosend); + memcpy_toio((void __iomem *)bufferptr, eprambase, + bytestosend); } /* * Enable the buffer for transmission. @@ -1021,7 +1025,7 @@ static int __xudc_ep0_queue(struct xusb_ep *ep0, struct xusb_req *req) udc->addr); length = req->usb_req.actual = min_t(u32, length, EP0_MAX_PACKET); - memcpy(corebuf, req->usb_req.buf, length); + memcpy_toio((void __iomem *)corebuf, req->usb_req.buf, length); udc->write_fn(udc->addr, XUSB_EP_BUF0COUNT_OFFSET, length); udc->write_fn(udc->addr, XUSB_BUFFREADY_OFFSET, 1); } else { @@ -1752,7 +1756,7 @@ static void xudc_handle_setup(struct xusb_udc *udc) /* Load up the chapter 9 command buffer.*/ ep0rambase = (u32 __force *) (udc->addr + XUSB_SETUP_PKT_ADDR_OFFSET); - memcpy(&setup, ep0rambase, 8); + memcpy_toio((void __iomem *)&setup, ep0rambase, 8); udc->setup = setup; udc->setup.wValue = cpu_to_le16((u16 __force)setup.wValue); @@ -1839,7 +1843,7 @@ static void xudc_ep0_out(struct xusb_udc *udc) (ep0->rambase << 2)); buffer = req->usb_req.buf + req->usb_req.actual; req->usb_req.actual = req->usb_req.actual + bytes_to_rx; - memcpy(buffer, ep0rambase, bytes_to_rx); + memcpy_toio((void __iomem *)buffer, ep0rambase, bytes_to_rx); if (req->usb_req.length == req->usb_req.actual) { /* Data transfer completed get ready for Status stage */ @@ -1915,7 +1919,7 @@ static void xudc_ep0_in(struct xusb_udc *udc) (ep0->rambase << 2)); buffer = req->usb_req.buf + req->usb_req.actual; req->usb_req.actual = req->usb_req.actual + length; - memcpy(ep0rambase, buffer, length); + memcpy_toio((void __iomem *)ep0rambase, buffer, length); } udc->write_fn(udc->addr, XUSB_EP_BUF0COUNT_OFFSET, count); udc->write_fn(udc->addr, XUSB_BUFFREADY_OFFSET, 1); -- 2.17.1

2 years, 1 month

1
0
0 0

Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable

by Timo Sigurdsson

Hi, recently, Debian updated their stable kernel from 6.1.38 to 6.1.52 which broke nftables ruleset loading on one of my machines with lots of "Operation not supported" errors. I've reported this to the Debian project (see link below) and Salvatore Bonaccorso and I identified "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" (0ebc1064e487) as the offending commit that introduced the regression. Salvatore also found that this issue affects the 5.10 stable tree as well (observed in 5.10.191), but he cannot reproduce it on 6.4.13 and 6.5.2. The issue only occurs with some rulesets. While I can't trigger it with simple/minimal rulesets that I use on some machines, it does occur with a more complex ruleset that has been in use for months (if not years, for large parts of it). I'm attaching a somewhat stripped down version of the ruleset from the machine I originally observed this issue on. It's still not a small or simple ruleset, but I'll try to reduce it further when I have more time. The error messages shown when trying to load the ruleset don't seem to be helpful. Just two simple examples: Just to give two simple examples from the log when nftables fails to start: /etc/nftables.conf:99:4-44: Error: Could not process rule: Operation not supported tcp option maxseg size 1-500 counter drop ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ /etc/nftables.conf:308:4-27: Error: Could not process rule: Operation not supported tcp dport sip-tls accept ^^^^^^^^^^^^^^^^^^^^^^^^ Since the issue only affects some stable trees, Salvatore thought it might be an incomplete backport that causes this. If you need further information, please let me know. Thanks and kind regards, Timo #regzbot introduced: 0ebc1064e487 #regzbot monitor: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051592

2 years, 1 month

5
10
0 0

[PATCH 0/3] Fixes for vma_merge() error path

by Liam R. Howlett

Jann Horn reported a potential vma iterator issue in the failure path of the vma_merge() code. After examining the interface, it seemed the best course of action is to simply add an undo path in the unlikely case of an error. On examining the vma iterator issue, another issue was discovered that would increase the memory usage during failure scenarios, so this is addressed in patch 2. Since it is unclear in the code, another patch adds comments to the vma_merge() function on why dup_anon_vma() is safe in 'case 6'. Changes since v1: - Moved dup_anon_vma() call update from patch 1 to patch 2 - Thanks Matthew Wilcox - Changed comment on patch 1 - Thanks Andrew Morton v1: https://lore.kernel.org/linux-mm/20230927160746.1928098-1-Liam.Howlett@orac… Liam R. Howlett (3): mmap: Fix vma_iterator in error path of vma_merge() mmap: Fix error paths with dup_anon_vma() mmap: Add clarifying comment to vma_merge() code mm/mmap.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) -- 2.40.1

2 years, 1 month

5
7
0 0

[PATCH 1/1] tee: amdtee: fix use-after-free vulnerability in amdtee_close_session

by Rijo Thomas

There is a potential race condition in amdtee_close_session that may cause use-after-free in amdtee_open_session. For instance, if a session has refcount == 1, and one thread tries to free this session via: kref_put(&sess->refcount, destroy_session); the reference count will get decremented, and the next step would be to call destroy_session(). However, if in another thread, amdtee_open_session() is called before destroy_session() has completed execution, alloc_session() may return 'sess' that will be freed up later in destroy_session() leading to use-after-free in amdtee_open_session. To fix this issue, treat decrement of sess->refcount and invocation of destroy_session() as a single critical section, so that it is executed atomically. Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") Cc: stable(a)vger.kernel.org Signed-off-by: Rijo Thomas <Rijo-john.Thomas(a)amd.com> --- drivers/tee/amdtee/core.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/tee/amdtee/core.c b/drivers/tee/amdtee/core.c index 372d64756ed6..04cee03bec9d 100644 --- a/drivers/tee/amdtee/core.c +++ b/drivers/tee/amdtee/core.c @@ -217,14 +217,13 @@ static int copy_ta_binary(struct tee_context *ctx, void *ptr, void **ta, return rc; } +/* mutex must be held by caller */ static void destroy_session(struct kref *ref) { struct amdtee_session *sess = container_of(ref, struct amdtee_session, refcount); - mutex_lock(&session_list_mutex); list_del(&sess->list_node); - mutex_unlock(&session_list_mutex); kfree(sess); } @@ -272,7 +271,9 @@ int amdtee_open_session(struct tee_context *ctx, if (arg->ret != TEEC_SUCCESS) { pr_err("open_session failed %d\n", arg->ret); handle_unload_ta(ta_handle); + mutex_lock(&session_list_mutex); kref_put(&sess->refcount, destroy_session); + mutex_unlock(&session_list_mutex); goto out; } @@ -290,7 +291,9 @@ int amdtee_open_session(struct tee_context *ctx, pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS); handle_close_session(ta_handle, session_info); handle_unload_ta(ta_handle); + mutex_lock(&session_list_mutex); kref_put(&sess->refcount, destroy_session); + mutex_unlock(&session_list_mutex); rc = -ENOMEM; goto out; } @@ -331,7 +334,9 @@ int amdtee_close_session(struct tee_context *ctx, u32 session) handle_close_session(ta_handle, session_info); handle_unload_ta(ta_handle); + mutex_lock(&session_list_mutex); kref_put(&sess->refcount, destroy_session); + mutex_unlock(&session_list_mutex); return 0; } -- 2.25.1

2 years, 1 month

2
2
0 0

[PATCH net, 2/3] net: mana: Fix the tso_bytes calculation

by Haiyang Zhang

sizeof(struct hop_jumbo_hdr) is not part of tso_bytes, so remove the subtraction from header size. Cc: stable(a)vger.kernel.org Fixes: bd7fc6e1957c ("net: mana: Add new MANA VF performance counters for easier troubleshooting") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/mana_en.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 5cdcf7561b38..86e724c3eb89 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -264,8 +264,6 @@ netdev_tx_t mana_start_xmit(struct sk_buff *skb, struct net_device *ndev) ihs = skb_transport_offset(skb) + sizeof(struct udphdr); } else { ihs = skb_tcp_all_headers(skb); - if (ipv6_has_hopopt_jumbo(skb)) - ihs -= sizeof(struct hop_jumbo_hdr); } u64_stats_update_begin(&tx_stats->syncp); -- 2.25.1

2 years, 1 month

2
1
0 0

[PATCH v1] i2c: designware: Disable TX_EMPTY irq while waiting for block length byte

by Tam Nguyen

During SMBus block data read process, we have seen high interrupt rate because of TX_EMPTY irq status while waiting for block length byte (the first data byte after the address phase). The interrupt handler does not do anything because the internal state is kept as STATUS_WRITE_IN_PROGRESS. Hence, we should disable TX_EMPTY irq until I2C DW receives first data byte from I2C device, then re-enable it. It takes 0.789 ms for host to receive data length from slave. Without the patch, i2c_dw_isr is called 99 times by TX_EMPTY interrupt. And it is none after applying the patch. Cc: stable(a)vger.kernel.org Signed-off-by: Chuong Tran <chuong(a)os.amperecomputing.com> Signed-off-by: Tam Nguyen <tamnguyenchi(a)os.amperecomputing.com> --- drivers/i2c/busses/i2c-designware-master.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index 55ea91a63382..2152b1f9b27c 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -462,6 +462,13 @@ i2c_dw_xfer_msg(struct dw_i2c_dev *dev) if (buf_len > 0 || flags & I2C_M_RECV_LEN) { /* more bytes to be written */ dev->status |= STATUS_WRITE_IN_PROGRESS; + /* + * In I2C_FUNC_SMBUS_BLOCK_DATA case, there is no data + * to send before receiving data length from slave. + * Disable TX_EMPTY while waiting for data length byte + */ + if (flags & I2C_M_RECV_LEN) + intr_mask &= ~DW_IC_INTR_TX_EMPTY; break; } else dev->status &= ~STATUS_WRITE_IN_PROGRESS; @@ -485,6 +492,7 @@ i2c_dw_recv_len(struct dw_i2c_dev *dev, u8 len) { struct i2c_msg *msgs = dev->msgs; u32 flags = msgs[dev->msg_read_idx].flags; + u32 intr_mask; /* * Adjust the buffer length and mask the flag @@ -495,6 +503,11 @@ i2c_dw_recv_len(struct dw_i2c_dev *dev, u8 len) msgs[dev->msg_read_idx].len = len; msgs[dev->msg_read_idx].flags &= ~I2C_M_RECV_LEN; + /* Re-enable TX_EMPTY interrupt. */ + regmap_read(dev->map, DW_IC_INTR_MASK, &intr_mask); + intr_mask |= DW_IC_INTR_TX_EMPTY; + regmap_write(dev->map, DW_IC_INTR_MASK, intr_mask); + return len; } -- 2.25.1

2 years, 1 month

1
0
0 0

[PATCH] x86/sgx: fix a NULL pointer

by Haitao Huang

Under heavy load, the SGX EPC reclaimers (current ksgxd or future EPC cgroup worker) may reclaim the SECS EPC page for an enclave and set encl->secs.epc_page to NULL. But the SECS EPC page is used for EAUG in the SGX #PF handler without checking for NULL and reloading. Fix this by checking if SECS is loaded before EAUG and load it if it was reclaimed. Fixes: 5a90d2c3f5ef8 ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Signed-off-by: Haitao Huang <haitao.huang(a)linux.intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 25 ++++++++++++++++++++----- arch/x86/kernel/cpu/sgx/main.c | 4 ++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 2a0e90fe2abc..d39e502bb7b0 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -235,6 +235,16 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, return epc_page; } +static struct sgx_epc_page *sgx_encl_load_secs(struct sgx_encl *encl) +{ + struct sgx_epc_page *epc_page = encl->secs.epc_page; + + if (!epc_page) { + epc_page = sgx_encl_eldu(&encl->secs, NULL); + } + return epc_page; +} + static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, struct sgx_encl_page *entry) { @@ -248,11 +258,9 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, return entry; } - if (!(encl->secs.epc_page)) { - epc_page = sgx_encl_eldu(&encl->secs, NULL); - if (IS_ERR(epc_page)) - return ERR_CAST(epc_page); - } + epc_page = sgx_encl_load_secs(encl); + if (IS_ERR(epc_page)) + return ERR_CAST(epc_page); epc_page = sgx_encl_eldu(entry, encl->secs.epc_page); if (IS_ERR(epc_page)) @@ -339,6 +347,13 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, mutex_lock(&encl->lock); + epc_page = sgx_encl_load_secs(encl); + if (IS_ERR(epc_page)) { + if (PTR_ERR(epc_page) == -EBUSY) + vmret = VM_FAULT_NOPAGE; + goto err_out_unlock; + } + epc_page = sgx_alloc_epc_page(encl_page, false); if (IS_ERR(epc_page)) { if (PTR_ERR(epc_page) == -EBUSY) diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 166692f2d501..4662a364ce62 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -257,6 +257,10 @@ static void sgx_reclaimer_write(struct sgx_epc_page *epc_page, mutex_lock(&encl->lock); + /* Should not be possible */ + if (WARN_ON(!(encl->secs.epc_page))) + goto out; + sgx_encl_ewb(epc_page, backing); encl_page->epc_page = NULL; encl->secs_child_cnt--; -- 2.25.1

2 years, 1 month

5
38
0 0

[PATCH v2 3/4] x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested()

by Maxim Levitsky

svm_leave_nested() similar to a nested VM exit, get the vCPU out of nested mode and thus should end the local inhibition of AVIC on this vCPU. Failure to do so, can lead to hangs on guest reboot. Raise the KVM_REQ_APICV_UPDATE request to refresh the AVIC state of the current vCPU in this case. Fixes: f44509f849fe ("KVM: x86: SVM: allow AVIC to co-exist with a nested guest running") Cc: stable(a)vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/kvm/svm/nested.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index dd496c9e5f91f28..3fea8c47679e689 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1253,6 +1253,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu) nested_svm_uninit_mmu_context(vcpu); vmcb_mark_all_dirty(svm->vmcb); + + if (kvm_apicv_activated(vcpu->kvm)) + kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } kvm_clear_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu); -- 2.26.3

2 years, 1 month

2
1
0 0

[PATCH v2 2/4] x86: KVM: SVM: add support for Invalid IPI Vector interception

by Maxim Levitsky

In later revisions of AMD's APM, there is a new 'incomplete IPI' exit code: "Invalid IPI Vector - The vector for the specified IPI was set to an illegal value (VEC < 16)" Note that tests on Zen2 machine show that this VM exit doesn't happen and instead AVIC just does nothing. Add support for this exit code by doing nothing, instead of filling the kernel log with errors. Also replace an unthrottled 'pr_err()' if another unknown incomplete IPI exit happens with vcpu_unimpl() (e.g in case AMD adds yet another 'Invalid IPI' exit reason) Cc: <stable(a)vger.kernel.org> Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/avic.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0da0..3ac0ffc4f3e202b 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -268,6 +268,7 @@ enum avic_ipi_failure_cause { AVIC_IPI_FAILURE_TARGET_NOT_RUNNING, AVIC_IPI_FAILURE_INVALID_TARGET, AVIC_IPI_FAILURE_INVALID_BACKING_PAGE, + AVIC_IPI_FAILURE_INVALID_IPI_VECTOR, }; #define AVIC_PHYSICAL_MAX_INDEX_MASK GENMASK_ULL(8, 0) diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index 2092db892d7d052..4b74ea91f4e6bb6 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -529,8 +529,11 @@ int avic_incomplete_ipi_interception(struct kvm_vcpu *vcpu) case AVIC_IPI_FAILURE_INVALID_BACKING_PAGE: WARN_ONCE(1, "Invalid backing page\n"); break; + case AVIC_IPI_FAILURE_INVALID_IPI_VECTOR: + /* Invalid IPI with vector < 16 */ + break; default: - pr_err("Unknown IPI interception\n"); + vcpu_unimpl(vcpu, "Unknown avic incomplete IPI interception\n"); } return 1; -- 2.26.3

2 years, 1 month

2
1
0 0

[tip: x86/urgent] x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race

by tip-bot2 for Haitao Huang

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: c6c2adcba50c2622ed25ba5d5e7f05f584711358 Gitweb: https://git.kernel.org/tip/c6c2adcba50c2622ed25ba5d5e7f05f584711358 Author: Haitao Huang <haitao.huang(a)linux.intel.com> AuthorDate: Thu, 27 Jul 2023 22:10:24 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Thu, 28 Sep 2023 16:16:40 -07:00 x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enclave and set secs.epc_page to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for secs.epc_page is only done for ELDU, not EAUG before being used. Fix this by doing the same NULL check and reloading of the SECS page as needed for both EAUG and ELDU. The SECS page holds global enclave metadata. It can only be reclaimed when there are no other enclave pages remaining. At that point, virtually nothing can be done with the enclave until the SECS page is paged back in. An enclave can not run nor generate page faults without a resident SECS page. But it is still possible for a #PF for a non-SECS page to race with paging out the SECS page: when the last resident non-SECS page A triggers a #PF in a non-resident page B, and then page A and the SECS both are paged out before the #PF on B is handled. Hitting this bug requires that race triggered with a #PF for EAUG. Following is a trace when it happens. BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:sgx_encl_eaug_page+0xc7/0x210 Call Trace: ? __kmem_cache_alloc_node+0x16a/0x440 ? xa_load+0x6e/0xa0 sgx_vma_fault+0x119/0x230 __do_fault+0x36/0x140 do_fault+0x12f/0x400 __handle_mm_fault+0x728/0x1110 handle_mm_fault+0x105/0x310 do_user_addr_fault+0x1ee/0x750 ? __this_cpu_preempt_check+0x13/0x20 exc_page_fault+0x76/0x180 asm_exc_page_fault+0x27/0x30 Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Signed-off-by: Haitao Huang <haitao.huang(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Acked-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20230728051024.33063-1-haitao.huang%40linux.int… --- arch/x86/kernel/cpu/sgx/encl.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 91fa70e..279148e 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -235,6 +235,21 @@ static struct sgx_epc_page *sgx_encl_eldu(struct sgx_encl_page *encl_page, return epc_page; } +/* + * Ensure the SECS page is not swapped out. Must be called with encl->lock + * to protect the enclave states including SECS and ensure the SECS page is + * not swapped out again while being used. + */ +static struct sgx_epc_page *sgx_encl_load_secs(struct sgx_encl *encl) +{ + struct sgx_epc_page *epc_page = encl->secs.epc_page; + + if (!epc_page) + epc_page = sgx_encl_eldu(&encl->secs, NULL); + + return epc_page; +} + static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, struct sgx_encl_page *entry) { @@ -248,11 +263,9 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, return entry; } - if (!(encl->secs.epc_page)) { - epc_page = sgx_encl_eldu(&encl->secs, NULL); - if (IS_ERR(epc_page)) - return ERR_CAST(epc_page); - } + epc_page = sgx_encl_load_secs(encl); + if (IS_ERR(epc_page)) + return ERR_CAST(epc_page); epc_page = sgx_encl_eldu(entry, encl->secs.epc_page); if (IS_ERR(epc_page)) @@ -339,6 +352,13 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, mutex_lock(&encl->lock); + epc_page = sgx_encl_load_secs(encl); + if (IS_ERR(epc_page)) { + if (PTR_ERR(epc_page) == -EBUSY) + vmret = VM_FAULT_NOPAGE; + goto err_out_unlock; + } + epc_page = sgx_alloc_epc_page(encl_page, false); if (IS_ERR(epc_page)) { if (PTR_ERR(epc_page) == -EBUSY)

2 years, 1 month

1
0
0 0

[PATCH 4/6] serial: core: fix sanitizing check for RTS settings

by Lino Sanfilippo

From: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> Among other things uart_sanitize_serial_rs485() tests the sanity of the RTS settings in a RS485 configuration that has been passed by userspace. If RTS-on-send and RTS-after-send are both set or unset the configuration is adjusted and RTS-after-send is disabled and RTS-on-send enabled. This however makes only sense if both RTS modes are actually supported by the driver. With commit be2e2cb1d281 ("serial: Sanitize rs485_struct") the code does take the driver support into account but only checks if one of both RTS modes are supported. This may lead to the errorneous result of RTS-on-send being set even if only RTS-after-send is supported. Fix this by changing the implemented logic: First clear all unsupported flags in the RS485 configuration, then adjust an invalid RTS setting by taking into account which RTS mode is supported. Cc: stable(a)vger.kernel.org Fixes: be2e2cb1d281 ("serial: Sanitize rs485_struct") Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/serial_core.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 697c36dc7ec8..f4feebf8200f 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1370,19 +1370,27 @@ static void uart_sanitize_serial_rs485(struct uart_port *port, struct serial_rs4 return; } + rs485->flags &= supported_flags; + /* Pick sane settings if the user hasn't */ - if ((supported_flags & (SER_RS485_RTS_ON_SEND|SER_RS485_RTS_AFTER_SEND)) && - !(rs485->flags & SER_RS485_RTS_ON_SEND) == + if (!(rs485->flags & SER_RS485_RTS_ON_SEND) == !(rs485->flags & SER_RS485_RTS_AFTER_SEND)) { - dev_warn_ratelimited(port->dev, - "%s (%d): invalid RTS setting, using RTS_ON_SEND instead\n", - port->name, port->line); - rs485->flags |= SER_RS485_RTS_ON_SEND; - rs485->flags &= ~SER_RS485_RTS_AFTER_SEND; - supported_flags |= SER_RS485_RTS_ON_SEND|SER_RS485_RTS_AFTER_SEND; - } + if (supported_flags & SER_RS485_RTS_ON_SEND) { + rs485->flags |= SER_RS485_RTS_ON_SEND; + rs485->flags &= ~SER_RS485_RTS_AFTER_SEND; - rs485->flags &= supported_flags; + dev_warn_ratelimited(port->dev, + "%s (%d): invalid RTS setting, using RTS_ON_SEND instead\n", + port->name, port->line); + } else { + rs485->flags |= SER_RS485_RTS_AFTER_SEND; + rs485->flags &= ~SER_RS485_RTS_ON_SEND; + + dev_warn_ratelimited(port->dev, + "%s (%d): invalid RTS setting, using RTS_AFTER_SEND instead\n", + port->name, port->line); + } + } uart_sanitize_serial_rs485_delays(port, rs485); -- 2.40.1

2 years, 1 month

1
0
0 0

[PATCH 3/6] serial: core: set missing supported flag for RX during TX GPIO

by Lino Sanfilippo

From: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> If the RS485 feature RX-during-TX is supported by means of a GPIO set the according supported flag. Otherwise setting this feature from userspace may not be possible, since in uart_sanitize_serial_rs485() the passed RS485 configuration is matched against the supported features and unsupported settings are thereby removed and thus take no effect. Cc: stable(a)vger.kernel.org Fixes: 163f080eb717 ("serial: core: Add option to output RS485 RX_DURING_TX state via GPIO") Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/serial_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index ef0500be3553..697c36dc7ec8 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -3622,6 +3622,8 @@ int uart_get_rs485_mode(struct uart_port *port) port->rs485_rx_during_tx_gpio = NULL; return dev_err_probe(dev, ret, "Cannot get rs485-rx-during-tx-gpios\n"); } + if (port->rs485_rx_during_tx_gpio) + port->rs485_supported.flags |= SER_RS485_RX_DURING_TX; return 0; } -- 2.40.1

2 years, 1 month

1
0
0 0

[PATCH] sched/rt: Fix live lock between select_fallback_rq() and RT push

by Joel Fernandes (Google)

During RCU-boost testing with the TREE03 rcutorture config, I found that after a few hours, the machine locks up. On tracing, I found that there is a live lock happening between 2 CPUs. One CPU has an RT task running, while another CPU is being offlined which also has an RT task running. During this offlining, all threads are migrated. The migration thread is repeatedly scheduled to migrate actively running tasks on the CPU being offlined. This results in a live lock because select_fallback_rq() keeps picking the CPU that an RT task is already running on only to get pushed back to the CPU being offlined. It is anyway pointless to pick CPUs for pushing tasks to if they are being offlined only to get migrated away to somewhere else. This could also add unwanted latency to this task. Fix these issues by not selecting CPUs in RT if they are not 'active' for scheduling, using the cpu_active_mask. Other parts in core.c already use cpu_active_mask to prevent tasks from being put on CPUs going offline. Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- kernel/sched/cpupri.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/cpupri.c b/kernel/sched/cpupri.c index a286e726eb4b..42c40cfdf836 100644 --- a/kernel/sched/cpupri.c +++ b/kernel/sched/cpupri.c @@ -101,6 +101,7 @@ static inline int __cpupri_find(struct cpupri *cp, struct task_struct *p, if (lowest_mask) { cpumask_and(lowest_mask, &p->cpus_mask, vec->mask); + cpumask_and(lowest_mask, lowest_mask, cpu_active_mask); /* * We have to ensure that we have at least one bit -- 2.42.0.515.g380fc7ccd1-goog

2 years, 1 month

5
4
0 0

+ mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer Date: Thu, 28 Sep 2023 13:24:32 -0400 The two users of mbind_range() are expecting that mbind_range() will update the pointer to the previous VMA, or return an error. However, set_mempolicy_home_node() does not call mbind_range() if there is no VMA policy. The fix is to update the pointer to the previous VMA prior to continuing iterating the VMAs when there is no policy. Users may experience a WARN_ON() during VMA policy updates when updating a range of VMAs on the home node. Link: https://lkml.kernel.org/r/20230928172432.2246534-1-Liam.Howlett@oracle.com Link: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HG… Fixes: f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Yikebaer Aizezi <yikebaer61(a)gmail.com> Closes: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HG… Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/mempolicy.c~mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer +++ a/mm/mempolicy.c @@ -1543,8 +1543,10 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, * the home node for vmas we already updated before. */ old = vma_policy(vma); - if (!old) + if (!old) { + prev = vma; continue; + } if (old->mode != MPOL_BIND && old->mode != MPOL_PREFERRED_MANY) { err = -EOPNOTSUPP; break; _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch mmap-add-clarifying-comment-to-vma_merge-code.patch

2 years, 1 month

1
0
0 0

+ mmap-fix-error-paths-with-dup_anon_vma.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mmap: fix error paths with dup_anon_vma() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmap-fix-error-paths-with-dup_anon_vma.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix error paths with dup_anon_vma() Date: Thu, 28 Sep 2023 13:16:33 -0400 When the calling function fails after the dup_anon_vma(), the duplication of the anon_vma is not being undone. Add the necessary unlink_anon_vma() call to the error paths that are missing them. This issue showed up during inspection of the error path in vma_merge() for an unrelated vma iterator issue. Users may experience increased memory usage, which may be problematic as the failure would likely be caused by a low memory situation. Link: https://lkml.kernel.org/r/20230928171634.2245042-3-Liam.Howlett@oracle.com Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) --- a/mm/mmap.c~mmap-fix-error-paths-with-dup_anon_vma +++ a/mm/mmap.c @@ -587,7 +587,7 @@ again: * Returns: 0 on success. */ static inline int dup_anon_vma(struct vm_area_struct *dst, - struct vm_area_struct *src) + struct vm_area_struct *src, struct vm_area_struct **dup) { /* * Easily overlooked: when mprotect shifts the boundary, make sure the @@ -597,6 +597,7 @@ static inline int dup_anon_vma(struct vm if (src->anon_vma && !dst->anon_vma) { vma_assert_write_locked(dst); dst->anon_vma = src->anon_vma; + *dup = dst; return anon_vma_clone(dst, src); } @@ -624,6 +625,7 @@ int vma_expand(struct vma_iterator *vmi, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next) { + struct vm_area_struct *anon_dup = NULL; bool remove_next = false; struct vma_prepare vp; @@ -633,7 +635,7 @@ int vma_expand(struct vma_iterator *vmi, remove_next = true; vma_start_write(next); - ret = dup_anon_vma(vma, next); + ret = dup_anon_vma(vma, next, &anon_dup); if (ret) return ret; } @@ -661,6 +663,8 @@ int vma_expand(struct vma_iterator *vmi, return 0; nomem: + if (anon_dup) + unlink_anon_vmas(anon_dup); return -ENOMEM; } @@ -860,6 +864,7 @@ struct vm_area_struct *vma_merge(struct { struct vm_area_struct *curr, *next, *res; struct vm_area_struct *vma, *adjust, *remove, *remove2; + struct vm_area_struct *anon_dup = NULL; struct vma_prepare vp; pgoff_t vma_pgoff; int err = 0; @@ -927,18 +932,18 @@ struct vm_area_struct *vma_merge(struct vma_start_write(next); remove = next; /* case 1 */ vma_end = next->vm_end; - err = dup_anon_vma(prev, next); + err = dup_anon_vma(prev, next, &anon_dup); if (curr) { /* case 6 */ vma_start_write(curr); remove = curr; remove2 = next; if (!next->anon_vma) - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); } } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ remove = curr; } else { /* case 5 */ @@ -954,7 +959,7 @@ struct vm_area_struct *vma_merge(struct vma_end = addr; adjust = next; adj_start = -(prev->vm_end - addr); - err = dup_anon_vma(next, prev); + err = dup_anon_vma(next, prev, &anon_dup); } else { /* * Note that cases 3 and 8 are the ONLY ones where prev @@ -968,7 +973,7 @@ struct vm_area_struct *vma_merge(struct vma_pgoff = curr->vm_pgoff; vma_start_write(curr); remove = curr; - err = dup_anon_vma(next, curr); + err = dup_anon_vma(next, curr, &anon_dup); } } } @@ -1018,6 +1023,9 @@ struct vm_area_struct *vma_merge(struct return res; prealloc_fail: + if (anon_dup) + unlink_anon_vmas(anon_dup); + anon_vma_fail: if (merge_prev) vma_next(vmi); _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch

2 years, 1 month

1
0
0 0

+ mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mmap: fix vma_iterator in error path of vma_merge() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix vma_iterator in error path of vma_merge() Date: Thu, 28 Sep 2023 13:16:32 -0400 When merging of the previous VMA fails after the vma iterator has been moved to the previous entry, the vma iterator must be advanced to ensure the caller takes the correct action on the next vma iterator event. Fix this by adding a vma_next() call to the error path. Users would not notice the effects as it would result in an extra vma_merge() call if the first call ended due to an out-of-memory event. Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Link: https://lkml.kernel.org/r/20230928171634.2245042-2-Liam.Howlett@oracle.com Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/mm/mmap.c~mmap-fix-vma_iterator-in-error-path-of-vma_merge +++ a/mm/mmap.c @@ -975,7 +975,7 @@ struct vm_area_struct *vma_merge(struct /* Error in anon_vma clone. */ if (err) - return NULL; + goto anon_vma_fail; if (vma_start < vma->vm_start || vma_end > vma->vm_end) vma_expanded = true; @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct } if (vma_iter_prealloc(vmi, vma)) - return NULL; + goto prealloc_fail; init_multi_vma_prep(&vp, vma, adjust, remove, remove2); VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_complete(&vp, vmi, mm); khugepaged_enter_vma(res, vm_flags); return res; + +prealloc_fail: +anon_vma_fail: + if (merge_prev) + vma_next(vmi); + return NULL; } /* _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch

2 years, 1 month

1
0
0 0

[PATCH] mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified

by Yang Shi

When calling mbind() with MPOL_MF_{MOVE|MOVEALL} | MPOL_MF_STRICT, kernel should attempt to migrate all existing pages, and return -EIO if there is misplaced or unmovable page. Then commit 6f4576e3687b ("mempolicy: apply page table walker on queue_pages_range()") messed up the return value and didn't break VMA scan early ianymore when MPOL_MF_STRICT alone. The return value problem was fixed by commit a7f40cfe3b7a ("mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified"), but it broke the VMA walk early if unmovable page is met, it may cause some pages are not migrated as expected. The code should conceptually do: if (MPOL_MF_MOVE|MOVEALL) scan all vmas try to migrate the existing pages return success else if (MPOL_MF_MOVE* | MPOL_MF_STRICT) scan all vmas try to migrate the existing pages return -EIO if unmovable or migration failed else /* MPOL_MF_STRICT alone */ break early if meets unmovable and don't call mbind_range() at all else /* none of those flags */ check the ranges in test_walk, EFAULT without mbind_range() if discontig. Fixed the behavior. Cc: Hugh Dickins <hughd(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Rafael Aquini <aquini(a)redhat.com> Cc: Kirill A. Shutemov <kirill(a)shutemov.name> Cc: David Rientjes <rientjes(a)google.com> Cc: <stable(a)vger.kernel.org> v4.9+ Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> --- mm/mempolicy.c | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 42b5567e3773..f1b00d6ac7ee 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -426,6 +426,7 @@ struct queue_pages { unsigned long start; unsigned long end; struct vm_area_struct *first; + bool has_unmovable; }; /* @@ -446,9 +447,8 @@ static inline bool queue_folio_required(struct folio *folio, /* * queue_folios_pmd() has three possible return values: * 0 - folios are placed on the right node or queued successfully, or - * special page is met, i.e. huge zero page. - * 1 - there is unmovable folio, and MPOL_MF_MOVE* & MPOL_MF_STRICT were - * specified. + * special page is met, i.e. zero page, or unmovable page is found + * but continue walking (indicated by queue_pages.has_unmovable). * -EIO - is migration entry or only MPOL_MF_STRICT was specified and an * existing folio was already on a node that does not follow the * policy. @@ -479,7 +479,7 @@ static int queue_folios_pmd(pmd_t *pmd, spinlock_t *ptl, unsigned long addr, if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) { if (!vma_migratable(walk->vma) || migrate_folio_add(folio, qp->pagelist, flags)) { - ret = 1; + qp->has_unmovable = true; goto unlock; } } else @@ -495,9 +495,8 @@ static int queue_folios_pmd(pmd_t *pmd, spinlock_t *ptl, unsigned long addr, * * queue_folios_pte_range() has three possible return values: * 0 - folios are placed on the right node or queued successfully, or - * special page is met, i.e. zero page. - * 1 - there is unmovable folio, and MPOL_MF_MOVE* & MPOL_MF_STRICT were - * specified. + * special page is met, i.e. zero page, or unmovable page is found + * but continue walking (indicated by queue_pages.has_unmovable). * -EIO - only MPOL_MF_STRICT was specified and an existing folio was already * on a node that does not follow the policy. */ @@ -508,7 +507,6 @@ static int queue_folios_pte_range(pmd_t *pmd, unsigned long addr, struct folio *folio; struct queue_pages *qp = walk->private; unsigned long flags = qp->flags; - bool has_unmovable = false; pte_t *pte, *mapped_pte; pte_t ptent; spinlock_t *ptl; @@ -538,11 +536,12 @@ static int queue_folios_pte_range(pmd_t *pmd, unsigned long addr, if (!queue_folio_required(folio, qp)) continue; if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) { - /* MPOL_MF_STRICT must be specified if we get here */ - if (!vma_migratable(vma)) { - has_unmovable = true; - break; - } + /* + * MPOL_MF_STRICT must be specified if we get here. + * Continue walking vmas due to MPOL_MF_MOVE* flags. + */ + if (!vma_migratable(vma)) + qp->has_unmovable = true; /* * Do not abort immediately since there may be @@ -550,16 +549,13 @@ static int queue_folios_pte_range(pmd_t *pmd, unsigned long addr, * need migrate other LRU pages. */ if (migrate_folio_add(folio, qp->pagelist, flags)) - has_unmovable = true; + qp->has_unmovable = true; } else break; } pte_unmap_unlock(mapped_pte, ptl); cond_resched(); - if (has_unmovable) - return 1; - return addr != end ? -EIO : 0; } @@ -599,7 +595,7 @@ static int queue_folios_hugetlb(pte_t *pte, unsigned long hmask, * Detecting misplaced folio but allow migrating folios which * have been queued. */ - ret = 1; + qp->has_unmovable = true; goto unlock; } @@ -620,7 +616,7 @@ static int queue_folios_hugetlb(pte_t *pte, unsigned long hmask, * Failed to isolate folio but allow migrating pages * which have been queued. */ - ret = 1; + qp->has_unmovable = true; } unlock: spin_unlock(ptl); @@ -756,12 +752,15 @@ queue_pages_range(struct mm_struct *mm, unsigned long start, unsigned long end, .start = start, .end = end, .first = NULL, + .has_unmovable = false, }; const struct mm_walk_ops *ops = lock_vma ? &queue_pages_lock_vma_walk_ops : &queue_pages_walk_ops; err = walk_page_range(mm, start, end, ops, &qp); + if (qp.has_unmovable) + err = 1; if (!qp.first) /* whole range in hole */ err = -EFAULT; @@ -1358,7 +1357,7 @@ static long do_mbind(unsigned long start, unsigned long len, putback_movable_pages(&pagelist); } - if ((ret > 0) || (nr_failed && (flags & MPOL_MF_STRICT))) + if (((ret > 0) || nr_failed) && (flags & MPOL_MF_STRICT)) err = -EIO; } else { up_out: -- 2.39.0

2 years, 1 month

3
6
0 0

[to-be-updated] mmap-fix-error-paths-with-dup_anon_vma.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mmap: fix error paths with dup_anon_vma() has been removed from the -mm tree. Its filename was mmap-fix-error-paths-with-dup_anon_vma.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix error paths with dup_anon_vma() Date: Wed, 27 Sep 2023 12:07:45 -0400 When the calling function fails after the dup_anon_vma(), the duplication of the anon_vma is not being undone. Add the necessary unlink_anon_vma() call to the error paths that are missing them. This issue showed up during inspection of the error path in vma_merge() for an unrelated vma iterator issue. Users may experience increased memory usage, which may be problematic as the failure would likely be caused by a low memory situation. Link: https://lkml.kernel.org/r/20230927160746.1928098-3-Liam.Howlett@oracle.com Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree") Cc: Jann Horn <jannh(a)google.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) --- a/mm/mmap.c~mmap-fix-error-paths-with-dup_anon_vma +++ a/mm/mmap.c @@ -587,7 +587,7 @@ again: * Returns: 0 on success. */ static inline int dup_anon_vma(struct vm_area_struct *dst, - struct vm_area_struct *src) + struct vm_area_struct *src, struct vm_area_struct **dup) { /* * Easily overlooked: when mprotect shifts the boundary, make sure the @@ -597,6 +597,7 @@ static inline int dup_anon_vma(struct vm if (src->anon_vma && !dst->anon_vma) { vma_assert_write_locked(dst); dst->anon_vma = src->anon_vma; + *dup = dst; return anon_vma_clone(dst, src); } @@ -624,6 +625,7 @@ int vma_expand(struct vma_iterator *vmi, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next) { + struct vm_area_struct *anon_dup = NULL; bool remove_next = false; struct vma_prepare vp; @@ -633,7 +635,7 @@ int vma_expand(struct vma_iterator *vmi, remove_next = true; vma_start_write(next); - ret = dup_anon_vma(vma, next); + ret = dup_anon_vma(vma, next, &anon_dup); if (ret) return ret; } @@ -661,6 +663,8 @@ int vma_expand(struct vma_iterator *vmi, return 0; nomem: + if (anon_dup) + unlink_anon_vmas(anon_dup); return -ENOMEM; } @@ -860,6 +864,7 @@ struct vm_area_struct *vma_merge(struct { struct vm_area_struct *curr, *next, *res; struct vm_area_struct *vma, *adjust, *remove, *remove2; + struct vm_area_struct *anon_dup = NULL; struct vma_prepare vp; pgoff_t vma_pgoff; int err = 0; @@ -927,18 +932,18 @@ struct vm_area_struct *vma_merge(struct vma_start_write(next); remove = next; /* case 1 */ vma_end = next->vm_end; - err = dup_anon_vma(prev, next); + err = dup_anon_vma(prev, next, &anon_dup); if (curr) { /* case 6 */ vma_start_write(curr); remove = curr; remove2 = next; if (!next->anon_vma) - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); } } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ remove = curr; } else { /* case 5 */ @@ -954,7 +959,7 @@ struct vm_area_struct *vma_merge(struct vma_end = addr; adjust = next; adj_start = -(prev->vm_end - addr); - err = dup_anon_vma(next, prev); + err = dup_anon_vma(next, prev, &anon_dup); } else { /* * Note that cases 3 and 8 are the ONLY ones where prev @@ -1018,6 +1023,9 @@ struct vm_area_struct *vma_merge(struct return res; prealloc_fail: + if (anon_dup) + unlink_anon_vmas(anon_dup); + anon_vma_fail: if (merge_prev) vma_next(vmi); _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-add-clarifying-comment-to-vma_merge-code.patch

2 years, 1 month

1
0
0 0

[to-be-updated] mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mmap: fix vma_iterator in error path of vma_merge() has been removed from the -mm tree. Its filename was mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix vma_iterator in error path of vma_merge() Date: Wed, 27 Sep 2023 12:07:44 -0400 When merging of the previous VMA fails after the vma iterator has been moved to the previous entry, the vma iterator must be advanced to ensure the caller takes the correct action on the next vma iterator event. Fix this by adding a vma_next() call to the error path. Users may experience higher CPU usage, most likely in very low memory situations. Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Link: https://lkml.kernel.org/r/20230927160746.1928098-2-Liam.Howlett@oracle.com Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/mm/mmap.c~mmap-fix-vma_iterator-in-error-path-of-vma_merge +++ a/mm/mmap.c @@ -968,14 +968,14 @@ struct vm_area_struct *vma_merge(struct vma_pgoff = curr->vm_pgoff; vma_start_write(curr); remove = curr; - err = dup_anon_vma(next, curr); + err = dup_anon_vma(next, curr, &anon_dup); } } } /* Error in anon_vma clone. */ if (err) - return NULL; + goto anon_vma_fail; if (vma_start < vma->vm_start || vma_end > vma->vm_end) vma_expanded = true; @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct } if (vma_iter_prealloc(vmi, vma)) - return NULL; + goto prealloc_fail; init_multi_vma_prep(&vp, vma, adjust, remove, remove2); VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_complete(&vp, vmi, mm); khugepaged_enter_vma(res, vm_flags); return res; + +prealloc_fail: +anon_vma_fail: + if (merge_prev) + vma_next(vmi); + return NULL; } /* _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-fix-error-paths-with-dup_anon_vma.patch mmap-add-clarifying-comment-to-vma_merge-code.patch

2 years, 1 month

1
0
0 0

[obsolete] mm-lock-vmas-skipped-by-a-failed-queue_pages_range.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: lock VMAs skipped by a failed queue_pages_range() has been removed from the -mm tree. Its filename was mm-lock-vmas-skipped-by-a-failed-queue_pages_range.patch This patch was dropped because it is obsolete ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: mm: lock VMAs skipped by a failed queue_pages_range() Date: Mon, 18 Sep 2023 14:16:08 -0700 When queue_pages_range() encounters an unmovable page, it terminates its page walk. This walk, among other things, locks the VMAs in the range. This termination might result in some VMAs being left unlocked after queue_pages_range() completes. Since do_mbind() continues to operate on these VMAs despite the failure from queue_pages_range(), it will encounter an unlocked VMA, leading to a BUG(). This mbind() behavior has been modified several times before and might need some changes to either finish the page walk even in the presence of unmovable pages or to error out immediately after the failure to queue_pages_range(). However that requires more discussions, so to fix the immediate issue, explicitly lock the VMAs in the range if queue_pages_range() failed. The added condition does not save much but is added for documentation purposes to understand when this extra locking is needed. Link: https://lkml.kernel.org/r/20230918211608.3580629-1-surenb@google.com Fixes: 49b0638502da ("mm: enable page walking API to lock vmas during the walk") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: syzbot+b591856e0f0139f83023(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000f392a60604a65085@google.com/ Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/mempolicy.c~mm-lock-vmas-skipped-by-a-failed-queue_pages_range +++ a/mm/mempolicy.c @@ -1342,6 +1342,9 @@ static long do_mbind(unsigned long start vma_iter_init(&vmi, mm, start); prev = vma_prev(&vmi); for_each_vma_range(vmi, vma, end) { + /* If queue_pages_range failed then not all VMAs might be locked */ + if (ret) + vma_start_write(vma); err = mbind_range(&vmi, vma, &prev, start, end, new); if (err) break; _ Patches currently in -mm which might be from surenb(a)google.com are selftests-mm-add-uffdio_remap-ioctl-test.patch

2 years, 1 month

1
0
0 0

[PATCH 3/5] x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested()

by Maxim Levitsky

svm_leave_nested() similar to a nested VM exit, get the vCPU out of nested mode and thus should end the local inhibition of AVIC on this vCPU. Failure to do so, can lead to hangs on guest reboot. Raise the KVM_REQ_APICV_UPDATE request to refresh the AVIC state of the current vCPU in this case. Cc: stable(a)vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/kvm/svm/nested.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index dd496c9e5f91f28..3fea8c47679e689 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1253,6 +1253,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu) nested_svm_uninit_mmu_context(vcpu); vmcb_mark_all_dirty(svm->vmcb); + + if (kvm_apicv_activated(vcpu->kvm)) + kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } kvm_clear_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu); -- 2.26.3

2 years, 1 month

2
1
0 0

[PATCH AUTOSEL 4.14 1/6] parisc: sba: Fix compile warning wrt list of SBA devices

by Sasha Levin

From: Helge Deller <deller(a)gmx.de> [ Upstream commit eb3255ee8f6f4691471a28fbf22db5e8901116cd ] Fix this makecheck warning: drivers/parisc/sba_iommu.c:98:19: warning: symbol 'sba_list' was not declared. Should it be static? Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/parisc/include/asm/ropes.h | 3 +++ drivers/char/agp/parisc-agp.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/parisc/include/asm/ropes.h b/arch/parisc/include/asm/ropes.h index 8e51c775c80a6..62399c7ea94a1 100644 --- a/arch/parisc/include/asm/ropes.h +++ b/arch/parisc/include/asm/ropes.h @@ -86,6 +86,9 @@ struct sba_device { struct ioc ioc[MAX_IOC]; }; +/* list of SBA's in system, see drivers/parisc/sba_iommu.c */ +extern struct sba_device *sba_list; + #define ASTRO_RUNWAY_PORT 0x582 #define IKE_MERCED_PORT 0x803 #define REO_MERCED_PORT 0x804 diff --git a/drivers/char/agp/parisc-agp.c b/drivers/char/agp/parisc-agp.c index 1d5510cb6db4e..1962ff624b7c5 100644 --- a/drivers/char/agp/parisc-agp.c +++ b/drivers/char/agp/parisc-agp.c @@ -385,8 +385,6 @@ find_quicksilver(struct device *dev, void *data) static int __init parisc_agp_init(void) { - extern struct sba_device *sba_list; - int err = -1; struct parisc_device *sba = NULL, *lba = NULL; struct lba_device *lbadev = NULL; -- 2.40.1

2 years, 1 month

2
6
0 0

[PATCH 1/5] x86: KVM: SVM: fix for x2avic CVE-2023-5090

by Maxim Levitsky

The following problem exists since the x2avic was enabled in the KVM: svm_set_x2apic_msr_interception is called to enable the interception of the x2apic msrs. In particular it is called at the moment the guest resets its apic. Assuming that the guest's apic was in x2apic mode, the reset will bring it back to the xapic mode. The svm_set_x2apic_msr_interception however has an erroneous check for '!apic_x2apic_mode()' which prevents it from doing anything in this case. As a result of this, all x2apic msrs are left unintercepted, and that exposes the bare metal x2apic (if enabled) to the guest. Oops. Remove the erroneous '!apic_x2apic_mode()' check to fix that. Cc: stable(a)vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/kvm/svm/svm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9507df93f410a63..acdd0b89e4715a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -913,8 +913,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) if (intercept == svm->x2avic_msrs_intercepted) return; - if (!x2avic_enabled || - !apic_x2apic_mode(svm->vcpu.arch.apic)) + if (!x2avic_enabled) return; for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) { -- 2.26.3

2 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] ata: libahci: clear pending interrupt status" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 737dd811a3dbfd7edd4ad2ba5152e93d99074f83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023092019-aptitude-device-3909@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 737dd811a3db ("ata: libahci: clear pending interrupt status") 93c7711494f4 ("ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 737dd811a3dbfd7edd4ad2ba5152e93d99074f83 Mon Sep 17 00:00:00 2001 From: Szuying Chen <chensiying21(a)gmail.com> Date: Thu, 7 Sep 2023 16:17:10 +0800 Subject: [PATCH] ata: libahci: clear pending interrupt status When a CRC error occurs, the HBA asserts an interrupt to indicate an interface fatal error (PxIS.IFS). The ISR clears PxIE and PxIS, then does error recovery. If the adapter receives another SDB FIS with an error (PxIS.TFES) from the device before the start of the EH recovery process, the interrupt signaling the new SDB cannot be serviced as PxIE was cleared already. This in turn results in the HBA inability to issue any command during the error recovery process after setting PxCMD.ST to 1 because PxIS.TFES is still set. According to AHCI 1.3.1 specifications section 6.2.2, fatal errors notified by setting PxIS.HBFS, PxIS.HBDS, PxIS.IFS or PxIS.TFES will cause the HBA to enter the ERR:Fatal state. In this state, the HBA shall not issue any new commands. To avoid this situation, introduce the function ahci_port_clear_pending_irq() to clear pending interrupts before executing a COMRESET. This follows the AHCI 1.3.1 - section 6.2.2.2 specification. Signed-off-by: Szuying Chen <Chloe_Chen(a)asmedia.com.tw> Fixes: e0bfd149973d ("[PATCH] ahci: stop engine during hard reset") Cc: stable(a)vger.kernel.org Reviewed-by: Niklas Cassel <niklas.cassel(a)wdc.com> Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c index e2bacedf28ef..f1263364fa97 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1256,6 +1256,26 @@ static ssize_t ahci_activity_show(struct ata_device *dev, char *buf) return sprintf(buf, "%d\n", emp->blink_policy); } +static void ahci_port_clear_pending_irq(struct ata_port *ap) +{ + struct ahci_host_priv *hpriv = ap->host->private_data; + void __iomem *port_mmio = ahci_port_base(ap); + u32 tmp; + + /* clear SError */ + tmp = readl(port_mmio + PORT_SCR_ERR); + dev_dbg(ap->host->dev, "PORT_SCR_ERR 0x%x\n", tmp); + writel(tmp, port_mmio + PORT_SCR_ERR); + + /* clear port IRQ */ + tmp = readl(port_mmio + PORT_IRQ_STAT); + dev_dbg(ap->host->dev, "PORT_IRQ_STAT 0x%x\n", tmp); + if (tmp) + writel(tmp, port_mmio + PORT_IRQ_STAT); + + writel(1 << ap->port_no, hpriv->mmio + HOST_IRQ_STAT); +} + static void ahci_port_init(struct device *dev, struct ata_port *ap, int port_no, void __iomem *mmio, void __iomem *port_mmio) @@ -1270,18 +1290,7 @@ static void ahci_port_init(struct device *dev, struct ata_port *ap, if (rc) dev_warn(dev, "%s (%d)\n", emsg, rc); - /* clear SError */ - tmp = readl(port_mmio + PORT_SCR_ERR); - dev_dbg(dev, "PORT_SCR_ERR 0x%x\n", tmp); - writel(tmp, port_mmio + PORT_SCR_ERR); - - /* clear port IRQ */ - tmp = readl(port_mmio + PORT_IRQ_STAT); - dev_dbg(dev, "PORT_IRQ_STAT 0x%x\n", tmp); - if (tmp) - writel(tmp, port_mmio + PORT_IRQ_STAT); - - writel(1 << port_no, mmio + HOST_IRQ_STAT); + ahci_port_clear_pending_irq(ap); /* mark esata ports */ tmp = readl(port_mmio + PORT_CMD); @@ -1603,6 +1612,8 @@ int ahci_do_hardreset(struct ata_link *link, unsigned int *class, tf.status = ATA_BUSY; ata_tf_to_fis(&tf, 0, 0, d2h_fis); + ahci_port_clear_pending_irq(ap); + rc = sata_link_hardreset(link, timing, deadline, online, ahci_check_ready);

2 years, 1 month

2
2
0 0

[PATCH 2/5] x86: KVM: SVM: add support for Invalid IPI Vector interception

by Maxim Levitsky

In later revisions of AMD's APM, there is a new 'incomplete IPI' exit code: "Invalid IPI Vector - The vector for the specified IPI was set to an illegal value (VEC < 16)" Note that tests on Zen2 machine show that this VM exit doesn't happen and instead AVIC just does nothing. Add support for this exit code by doing nothing, instead of filling the kernel log with errors. Also replace an unthrottled 'pr_err()' if another unknown incomplete IPI exit happens with WARN_ON_ONCE() (e.g in case AMD adds yet another 'Invalid IPI' exit reason) Cc: <stable(a)vger.kernel.org> Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/avic.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0da0..3ac0ffc4f3e202b 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -268,6 +268,7 @@ enum avic_ipi_failure_cause { AVIC_IPI_FAILURE_TARGET_NOT_RUNNING, AVIC_IPI_FAILURE_INVALID_TARGET, AVIC_IPI_FAILURE_INVALID_BACKING_PAGE, + AVIC_IPI_FAILURE_INVALID_IPI_VECTOR, }; #define AVIC_PHYSICAL_MAX_INDEX_MASK GENMASK_ULL(8, 0) diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index 2092db892d7d052..c44b65af494e3ff 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -529,8 +529,11 @@ int avic_incomplete_ipi_interception(struct kvm_vcpu *vcpu) case AVIC_IPI_FAILURE_INVALID_BACKING_PAGE: WARN_ONCE(1, "Invalid backing page\n"); break; + case AVIC_IPI_FAILURE_INVALID_IPI_VECTOR: + /* Invalid IPI with vector < 16 */ + break; default: - pr_err("Unknown IPI interception\n"); + WARN_ONCE(1, "Unknown avic incomplete IPI interception\n"); } return 1; -- 2.26.3

2 years, 1 month

2
1
0 0

[REGRESSION] EINVAL with mount in selinux_set_mnt_opts when mounting in a guest vm with selinux disabled

by Simon Kaegi

#regzbot introduced v6.1.52..v6.1.53 #regzbot introduced: ed134f284b4ed85a70d5f760ed0686e3cd555f9b We hit this regression when updating our guest vm kernel from 6.1.52 to 6.1.53 -- bisecting this problem was introduced in ed134f284b4ed85a70d5f760ed0686e3cd555f9b -- vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… We're getting an EINVAL in `selinux_set_mnt_opts` in `security/selinux/hooks.c` when mounting a folder in a guest VM where selinux is disabled. We're mounting from another folder that we suspect has selinux labels set from the host. The EINVAL is getting set in the following block... ``` if (!selinux_initialized(&selinux_state)) { if (!opts) { /* Defer initialization until selinux_complete_init, after the initial policy is loaded and the security server is ready to handle calls. */ goto out; } rc = -EINVAL; pr_warn("SELinux: Unable to set superblock options " "before the security server is initialized\n"); goto out; } ``` We can reproduce 100% of the time but don't currently have a simple reproducer as the problem was found in our build service which uses kata-containers (with cloud-hypervisor and rootfs mounted via virtio-blk). We have not checked the mainline as we currently are tied to 6.1.x. -Simon

2 years, 1 month

3
4
0 0

[PATCH 6.4, 6.5] ASoC: cs35l56: Disable low-power hibernation mode

by Richard Fitzgerald

commit 18789be8e0d9fbb78b2290dcf93f500726ed19f0 upstream. Please apply to 6.4 and 6.5. Do not allow the CS35L56 to be put into its lowest power "hibernation" mode. This only affects I2C because "hibernation" is already disabled on SPI and SoundWire. Recent firmwares need a different wake-up sequence. Until that sequence has been specified, the chip "hibernation" mode must be disabled otherwise it can intermittently fail to wake. Backport note: This is the same change as upstream commit, to delete one line, but the upstream commit would not apply cleanly on older branches because of minor differences to the surrounding code. Signed-off-by: Richard Fitzgerald <rf(a)opensource.cirrus.com> Link: https://lore.kernel.org/r/20230912133841.3480466-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown <broonie(a)kernel.org> --- sound/soc/codecs/cs35l56-i2c.c | 1 - 1 file changed, 1 deletion(-) diff --git a/sound/soc/codecs/cs35l56-i2c.c b/sound/soc/codecs/cs35l56-i2c.c index c613a2554fa3..494adabd4f43 100644 --- a/sound/soc/codecs/cs35l56-i2c.c +++ b/sound/soc/codecs/cs35l56-i2c.c @@ -27,7 +27,6 @@ static int cs35l56_i2c_probe(struct i2c_client *client) return -ENOMEM; cs35l56->dev = dev; - cs35l56->can_hibernate = true; i2c_set_clientdata(client, cs35l56); cs35l56->regmap = devm_regmap_init_i2c(client, regmap_config); -- 2.30.2

2 years, 1 month

2
1
0 0

[PATCH -stable,5.10 0/2] Netfilter stable fixes for 5.10

by Pablo Neira Ayuso

Hi Greg, Sasha, The following small batch contains two more fixes for a WARNING splat on chain unregistration and UaF in the flowtable unregistration that is exercised from netns path for 5.10 -stable. I am using original commit IDs for reference: 1) 6069da443bf6 ("netfilter: nf_tables: unregister flowtable hooks on netns exit") 2) f9a43007d3f7 ("netfilter: nf_tables: double hook unregistration in netns path") Please, apply. Thanks. Pablo Neira Ayuso (2): netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: double hook unregistration in netns path net/netfilter/nf_tables_api.c | 68 ++++++++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 16 deletions(-) -- 2.30.2

2 years, 1 month

2
3
0 0

6.5 pre-emption hangs

by Mario Limonciello

Hi, Some hangs are reported on GFX9 hardware related to pre-emption. The hangs that are root caused to this are fixed by this commit from 6.6: 8cbbd11547f6 ("drm/amdgpu: set completion status as preempted for the resubmission") Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2447#note_2100975 Can you please bring this back to 6.5.y? Thanks,

2 years, 1 month

2
1
0 0

[PATCH] drm/i915: Don't set PIPE_CONTROL_FLUSH_L3 for aux inval

by Nirmoy Das

PIPE_CONTROL_FLUSH_L3 is not needed for aux invalidation so don't set that. Fixes: 78a6ccd65fa3 ("drm/i915/gt: Ensure memory quiesced before invalidation") Cc: Jonathan Cavitt <jonathan.cavitt(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v5.8+ Cc: Andrzej Hajda <andrzej.hajda(a)intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: Prathap Kumar Valsan <prathap.kumar.valsan(a)intel.com> Cc: Tapani Pälli <tapani.palli(a)intel.com> Cc: Mark Janes <mark.janes(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gt/gen8_engine_cs.c b/drivers/gpu/drm/i915/gt/gen8_engine_cs.c index 0143445dba83..ba4c2422b340 100644 --- a/drivers/gpu/drm/i915/gt/gen8_engine_cs.c +++ b/drivers/gpu/drm/i915/gt/gen8_engine_cs.c @@ -271,8 +271,17 @@ int gen12_emit_flush_rcs(struct i915_request *rq, u32 mode) if (GRAPHICS_VER_FULL(rq->i915) >= IP_VER(12, 70)) bit_group_0 |= PIPE_CONTROL_CCS_FLUSH; + /* + * L3 fabric flush is needed for AUX CCS invalidation + * which happens as part of pipe-control so we can + * ignore PIPE_CONTROL_FLUSH_L3. Also PIPE_CONTROL_FLUSH_L3 + * deals with Protected Memory which is not needed for + * AUX CCS invalidation and lead to unwanted side effects. + */ + if (mode & EMIT_FLUSH) + bit_group_1 |= PIPE_CONTROL_FLUSH_L3; + bit_group_1 |= PIPE_CONTROL_TILE_CACHE_FLUSH; - bit_group_1 |= PIPE_CONTROL_FLUSH_L3; bit_group_1 |= PIPE_CONTROL_RENDER_TARGET_CACHE_FLUSH; bit_group_1 |= PIPE_CONTROL_DEPTH_CACHE_FLUSH; /* Wa_1409600907:tgl,adl-p */ -- 2.41.0

2 years, 1 month

6
6
0 0

[PATCH] x86/srso: Add SRSO mitigation for Hygon processors

by Pu Wen

From: Pu Wen <puwen(a)hygon.cn> Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors. Signed-off-by: Pu Wen <puwen(a)hygon.cn> Cc: <stable(a)vger.kernel.org> --- arch/x86/kernel/cpu/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 382d4e6b848d..4e5ffc8b0e46 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1303,7 +1303,7 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { VULNBL_AMD(0x15, RETBLEED), VULNBL_AMD(0x16, RETBLEED), VULNBL_AMD(0x17, RETBLEED | SMT_RSB | SRSO), - VULNBL_HYGON(0x18, RETBLEED | SMT_RSB), + VULNBL_HYGON(0x18, RETBLEED | SMT_RSB | SRSO), VULNBL_AMD(0x19, SRSO), {} }; -- 2.23.0

2 years, 1 month

3
2
0 0

Napływ Klientów ze strony

by Wiktor Nurek

Dzień dobry, chciałbym poinformować Państwa o możliwości pozyskania nowych zleceń ze strony www. Widzimy zainteresowanie potencjalnych Klientów Państwa firmą, dlatego chętnie pomożemy Państwu dotrzeć z ofertą do większego grona odbiorców poprzez efektywne metody pozycjonowania strony w Google. Czy mógłbym liczyć na kontakt zwrotny? Pozdrawiam serdecznie Wiktor Nurek

2 years, 1 month

1
0
0 0

[PATCH v3] firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit

by Kathiravan Thirumoorthy

Per the "SMC calling convention specification", the 64-bit calling convention can only be used when the client is 64-bit. Whereas the 32-bit calling convention can be used by either a 32-bit or a 64-bit client. Currently during SCM probe, irrespective of the client, 64-bit calling convention is made, which is incorrect and may lead to the undefined behaviour when the client is 32-bit. Let's fix it. Cc: stable(a)vger.kernel.org Fixes: 9a434cee773a ("firmware: qcom_scm: Dynamically support SMCCC and legacy conventions") Reviewed-By: Elliot Berman <quic_eberman(a)quicinc.com> Signed-off-by: Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> --- Changes in V3: - reworded the commit title and msg - pick up the R-b tag Changes in V2: - Added the Fixes tag and cc'd stable mailing list --- drivers/firmware/qcom_scm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c index c2c7fafef34b..520de9b5633a 100644 --- a/drivers/firmware/qcom_scm.c +++ b/drivers/firmware/qcom_scm.c @@ -215,6 +215,12 @@ static enum qcom_scm_convention __get_convention(void) if (likely(qcom_scm_convention != SMC_CONVENTION_UNKNOWN)) return qcom_scm_convention; + /* + * Per the "SMC calling convention specification", the 64-bit calling + * convention can only be used when the client is 64-bit, otherwise + * system will encounter the undefined behaviour. + */ +#if IS_ENABLED(CONFIG_ARM64) /* * Device isn't required as there is only one argument - no device * needed to dma_map_single to secure world @@ -235,6 +241,7 @@ static enum qcom_scm_convention __get_convention(void) forced = true; goto found; } +#endif probed_convention = SMC_CONVENTION_ARM_32; ret = __scm_smc_call(NULL, &desc, probed_convention, &res, true); --- base-commit: 8fff9184d1b5810dca5dd1a02726d4f844af88fc change-id: 20230925-scm-d62c6cd1947b Best regards, -- Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com>

2 years, 1 month

2
1
0 0

[PATCH v3] ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM

by Sven Frotscher

Like the Lenovo 82TL, 82V2, 82QF and 82UG, the 82YM (Yoga 7 14ARP8) requires an entry in the quirk list to enable the internal microphone. The latter two received similar fixes in commit 1263cc0f414d ("ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG"). Fixes: c008323fe361 ("ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ") Cc: stable(a)vger.kernel.org Signed-off-by: Sven Frotscher <sven.frotscher(a)gmail.com> --- v2->v3 changes: * add message title of referenced commit to commit message * make whitespace consistent with surrounding code * use a patch-friendly e-mail client --- v1->v2 changes: * add Fixes and Cc tags to commit message * remove redundant LKML link from commit message * fix mangled diff --- sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index 94e9eb8e73f2..15a864dcd7bd 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -241,6 +241,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "82V2"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "82YM"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.42.0

2 years, 1 month

1
0
0 0

+ mmap-fix-error-paths-with-dup_anon_vma.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mmap: fix error paths with dup_anon_vma() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmap-fix-error-paths-with-dup_anon_vma.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix error paths with dup_anon_vma() Date: Wed, 27 Sep 2023 12:07:45 -0400 When the calling function fails after the dup_anon_vma(), the duplication of the anon_vma is not being undone. Add the necessary unlink_anon_vma() call to the error paths that are missing them. This issue showed up during inspection of the error path in vma_merge() for an unrelated vma iterator issue. Users may experience increased memory usage, which may be problematic as the failure would likely be caused by a low memory situation. Link: https://lkml.kernel.org/r/20230927160746.1928098-3-Liam.Howlett@oracle.com Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree") Cc: Jann Horn <jannh(a)google.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) --- a/mm/mmap.c~mmap-fix-error-paths-with-dup_anon_vma +++ a/mm/mmap.c @@ -587,7 +587,7 @@ again: * Returns: 0 on success. */ static inline int dup_anon_vma(struct vm_area_struct *dst, - struct vm_area_struct *src) + struct vm_area_struct *src, struct vm_area_struct **dup) { /* * Easily overlooked: when mprotect shifts the boundary, make sure the @@ -597,6 +597,7 @@ static inline int dup_anon_vma(struct vm if (src->anon_vma && !dst->anon_vma) { vma_assert_write_locked(dst); dst->anon_vma = src->anon_vma; + *dup = dst; return anon_vma_clone(dst, src); } @@ -624,6 +625,7 @@ int vma_expand(struct vma_iterator *vmi, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next) { + struct vm_area_struct *anon_dup = NULL; bool remove_next = false; struct vma_prepare vp; @@ -633,7 +635,7 @@ int vma_expand(struct vma_iterator *vmi, remove_next = true; vma_start_write(next); - ret = dup_anon_vma(vma, next); + ret = dup_anon_vma(vma, next, &anon_dup); if (ret) return ret; } @@ -661,6 +663,8 @@ int vma_expand(struct vma_iterator *vmi, return 0; nomem: + if (anon_dup) + unlink_anon_vmas(anon_dup); return -ENOMEM; } @@ -860,6 +864,7 @@ struct vm_area_struct *vma_merge(struct { struct vm_area_struct *curr, *next, *res; struct vm_area_struct *vma, *adjust, *remove, *remove2; + struct vm_area_struct *anon_dup = NULL; struct vma_prepare vp; pgoff_t vma_pgoff; int err = 0; @@ -927,18 +932,18 @@ struct vm_area_struct *vma_merge(struct vma_start_write(next); remove = next; /* case 1 */ vma_end = next->vm_end; - err = dup_anon_vma(prev, next); + err = dup_anon_vma(prev, next, &anon_dup); if (curr) { /* case 6 */ vma_start_write(curr); remove = curr; remove2 = next; if (!next->anon_vma) - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); } } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr); + err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ remove = curr; } else { /* case 5 */ @@ -954,7 +959,7 @@ struct vm_area_struct *vma_merge(struct vma_end = addr; adjust = next; adj_start = -(prev->vm_end - addr); - err = dup_anon_vma(next, prev); + err = dup_anon_vma(next, prev, &anon_dup); } else { /* * Note that cases 3 and 8 are the ONLY ones where prev @@ -1018,6 +1023,9 @@ struct vm_area_struct *vma_merge(struct return res; prealloc_fail: + if (anon_dup) + unlink_anon_vmas(anon_dup); + anon_vma_fail: if (merge_prev) vma_next(vmi); _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch mmap-add-clarifying-comment-to-vma_merge-code.patch

2 years, 1 month

1
0
0 0

+ mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mmap: fix vma_iterator in error path of vma_merge() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mmap: fix vma_iterator in error path of vma_merge() Date: Wed, 27 Sep 2023 12:07:44 -0400 When merging of the previous VMA fails after the vma iterator has been moved to the previous entry, the vma iterator must be advanced to ensure the caller takes the correct action on the next vma iterator event. Fix this by adding a vma_next() call to the error path. Users may experience higher CPU usage, most likely in very low memory situations. Link: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Link: https://lkml.kernel.org/r/20230927160746.1928098-2-Liam.Howlett@oracle.com Fixes: 18b098af2890 ("vma_merge: set vma iterator to correct position.") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Closes: https://lore.kernel.org/linux-mm/CAG48ez12VN1JAOtTNMY+Y2YnsU45yL5giS-Qn=ejt… Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/mm/mmap.c~mmap-fix-vma_iterator-in-error-path-of-vma_merge +++ a/mm/mmap.c @@ -968,14 +968,14 @@ struct vm_area_struct *vma_merge(struct vma_pgoff = curr->vm_pgoff; vma_start_write(curr); remove = curr; - err = dup_anon_vma(next, curr); + err = dup_anon_vma(next, curr, &anon_dup); } } } /* Error in anon_vma clone. */ if (err) - return NULL; + goto anon_vma_fail; if (vma_start < vma->vm_start || vma_end > vma->vm_end) vma_expanded = true; @@ -988,7 +988,7 @@ struct vm_area_struct *vma_merge(struct } if (vma_iter_prealloc(vmi, vma)) - return NULL; + goto prealloc_fail; init_multi_vma_prep(&vp, vma, adjust, remove, remove2); VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && @@ -1016,6 +1016,12 @@ struct vm_area_struct *vma_merge(struct vma_complete(&vp, vmi, mm); khugepaged_enter_vma(res, vm_flags); return res; + +prealloc_fail: +anon_vma_fail: + if (merge_prev) + vma_next(vmi); + return NULL; } /* _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch mmap-fix-vma_iterator-in-error-path-of-vma_merge.patch mmap-fix-error-paths-with-dup_anon_vma.patch mmap-add-clarifying-comment-to-vma_merge-code.patch

2 years, 1 month

1
0
0 0

[PATCH net] can: sja1000: Always restart the Tx queue after an overrun

by Miquel Raynal

Upstream commit 717c6ec241b5 ("can: sja1000: Prevent overrun stalls with a soft reset on Renesas SoCs") fixes an issue with Renesas own SJA1000 CAN controller reception: the Rx buffer is only 5 messages long, so when the bus loaded (eg. a message every 50us), overrun may easily happen. Upon an overrun situation, due to a possible internal crosstalk situation, the controller enters a frozen state which only can be unlocked with a soft reset (experimentally). The solution was to offload a call to sja1000_start() in a threaded handler. This needs to happen in process context as this operation requires to sleep. sja1000_start() basically enters "reset mode", performs a proper software reset and returns back into "normal mode". Since this fix was introduced, we no longer observe any stalls in reception. However it was sporadically observed that the transmit path would now freeze. Further investigation blamed the fix mentioned above, and especially the reset operation. Reproducing the reset in a loop helped identifying what could possibly go wrong. The sja1000 is a single Tx queue device, which leverages the netdev helpers to process one Tx message at a time. The logic is: the queue is stopped, the message sent to the transceiver, once properly transmitted the controller sets a status bit which triggers an interrupt, in the interrupt handler the transmission status is checked and the queue woken up. Unfortunately, if an overrun happens, we might perform the soft reset precisely between the transmission of the buffer to the transceiver and the advent of the transmission status bit. We would then stop the transmission operation without re-enabling the queue, leading to all further transmissions to be ignored. The reset interrupt can only happen while the device is "open", and after a reset we anyway want to resume normal operations, no matter if a packet to transmit got dropped in the process, so we shall wake up the queue. Restarting the device and waking-up the queue is exactly what sja1000_set_mode(CAN_MODE_START) does. In order to be consistent about the queue state, we must acquire a lock both in the reset handler and in the transmit path to ensure serialization of both operations. As the reset handler might still be called after the transmission of a frame to the transceiver but before it actually gets transmitted, we must ensure we don't leak the skb, so we free it (the behavior is consistent, no matter if there was an skb on the stack or not). Fixes: 717c6ec241b5 ("can: sja1000: Prevent overrun stalls with a soft reset on Renesas SoCs") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- This patch was written and tested on a slightly older stable kernel as this is the kernel that runs on the boards which shown the problem, but there should be no difference with upstream kernels. drivers/net/can/sja1000/sja1000.c | 13 ++++++++++++- drivers/net/can/sja1000/sja1000.h | 1 + drivers/net/can/sja1000/sja1000_platform.c | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c index ae47fc72aa96..fe1d818f5d51 100644 --- a/drivers/net/can/sja1000/sja1000.c +++ b/drivers/net/can/sja1000/sja1000.c @@ -297,6 +297,8 @@ static netdev_tx_t sja1000_start_xmit(struct sk_buff *skb, if (can_dropped_invalid_skb(dev, skb)) return NETDEV_TX_OK; + spin_lock(&priv->tx_lock); + netif_stop_queue(dev); fi = dlc = cf->can_dlc; @@ -335,6 +337,8 @@ static netdev_tx_t sja1000_start_xmit(struct sk_buff *skb, sja1000_write_cmdreg(priv, cmd_reg_val); + spin_unlock(&priv->tx_lock); + return NETDEV_TX_OK; } @@ -394,9 +398,16 @@ static void sja1000_rx(struct net_device *dev) static irqreturn_t sja1000_reset_interrupt(int irq, void *dev_id) { struct net_device *dev = (struct net_device *)dev_id; + struct sja1000_priv *priv = netdev_priv(dev); netdev_dbg(dev, "performing a soft reset upon overrun\n"); - sja1000_start(dev); + + spin_lock(&priv->tx_lock); + + can_free_echo_skb(dev, 0); + sja1000_set_mode(dev, CAN_MODE_START); + + spin_unlock(&priv->tx_lock); return IRQ_HANDLED; } diff --git a/drivers/net/can/sja1000/sja1000.h b/drivers/net/can/sja1000/sja1000.h index 9f041d027dcc..85def6329edb 100644 --- a/drivers/net/can/sja1000/sja1000.h +++ b/drivers/net/can/sja1000/sja1000.h @@ -166,6 +166,7 @@ struct sja1000_priv { void __iomem *reg_base; /* ioremap'ed address to registers */ unsigned long irq_flags; /* for request_irq() */ spinlock_t cmdreg_lock; /* lock for concurrent cmd register writes */ + spinlock_t tx_lock; /* lock for serializing transmissions and soft resets */ u16 flags; /* custom mode flags */ u8 ocr; /* output control register */ diff --git a/drivers/net/can/sja1000/sja1000_platform.c b/drivers/net/can/sja1000/sja1000_platform.c index f33bad164813..ca3bcab461d8 100644 --- a/drivers/net/can/sja1000/sja1000_platform.c +++ b/drivers/net/can/sja1000/sja1000_platform.c @@ -305,6 +305,8 @@ static int sp_probe(struct platform_device *pdev) priv->can.clock.freq = clk_get_rate(clk) / 2; } + spin_lock_init(&priv->tx_lock); + platform_set_drvdata(pdev, dev); SET_NETDEV_DEV(dev, &pdev->dev); -- 2.34.1

2 years, 1 month

2
3
0 0

+ mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/page_alloc: correct start page when guard page debug is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm/page_alloc: correct start page when guard page debug is enabled Date: Wed, 27 Sep 2023 17:44:01 +0800 When guard page debug is enabled and set_page_guard returns success, we miss to forward page to point to start of next split range and we will do split unexpectedly in page range without target page. Move start page update before set_page_guard to fix this. As we split to wrong target page, then splited pages are not able to merge back to original order when target page is put back and splited pages except target page is not usable. To be specific: Consider target page is the third page in buddy page with order 2. | buddy-2 | Page | Target | Page | After break down to target page, we will only set first page to Guard because of bug. | Guard | Page | Target | Page | When we try put_page_back_buddy with target page, the buddy page of target if neither guard nor buddy, Then it's not able to construct original page with order 2 | Guard | Page | buddy-0 | Page | All pages except target page is not in free list and is not usable. Link: https://lkml.kernel.org/r/20230927094401.68205-1-shikemeng@huaweicloud.com Fixes: 06be6ff3d2ec ("mm,hwpoison: rework soft offline for free pages") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Acked-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/page_alloc.c~mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled +++ a/mm/page_alloc.c @@ -6475,6 +6475,7 @@ static void break_down_buddy_pages(struc next_page = page; current_buddy = page + size; } + page = next_page; if (set_page_guard(zone, current_buddy, high, migratetype)) continue; @@ -6482,7 +6483,6 @@ static void break_down_buddy_pages(struc if (current_buddy != target) { add_to_free_list(current_buddy, zone, high, migratetype); set_buddy_order(current_buddy, high); - page = next_page; } } } _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch mm-compaction-use-correct-list-in-move_freelist_head-tail.patch mm-compaction-call-list_is_first-last-more-intuitively-in-move_freelist_head-tail.patch mm-compaction-correctly-return-failure-with-bogus-compound_order-in-strict-mode.patch mm-compaction-remove-repeat-compact_blockskip_flush-check-in-reset_isolation_suitable.patch mm-compaction-improve-comment-of-is_via_compact_memory.patch mm-compaction-factor-out-code-to-test-if-we-should-run-compaction-for-target-order.patch

2 years, 1 month

1
0
0 0

[tip: timers/core] timers: Tag (hr)timer softirq as hotplug safe

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the timers/core branch of tip: Commit-ID: 1a6a464774947920dcedcf7409be62495c7cedd0 Gitweb: https://git.kernel.org/tip/1a6a464774947920dcedcf7409be62495c7cedd0 Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Tue, 12 Sep 2023 12:44:06 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 27 Sep 2023 16:54:03 +02:00 timers: Tag (hr)timer softirq as hotplug safe Specific stress involving frequent CPU-hotplug operations, such as running rcutorture for example, may trigger the following message: NOHZ tick-stop error: local softirq work is pending, handler #02!!!" This happens in the CPU-down hotplug process, after CPUHP_AP_SMPBOOT_THREADS whose teardown callback parks ksoftirqd, and before the target CPU shuts down through CPUHP_AP_IDLE_DEAD. In this fragile intermediate state, softirqs waiting for threaded handling may be forever ignored and eventually reported by the idle task as in the above example. However some vectors are known to be safe as long as the corresponding subsystems have teardown callbacks handling the migration of their events. The above error message reports pending timers softirq although this vector can be considered as hotplug safe because the CPUHP_TIMERS_PREPARE teardown callback performs the necessary migration of timers after the death of the CPU. Hrtimers also have a similar hotplug handling. Therefore this error message, as far as (hr-)timers are concerned, can be considered spurious and the relevant softirq vectors can be marked as hotplug safe. Fixes: 0345691b24c0 ("tick/rcu: Stop allowing RCU_SOFTIRQ in idle") Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20230912104406.312185-6-frederic@kernel.org --- include/linux/interrupt.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h index a92bce4..4a1dc88 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h @@ -569,8 +569,12 @@ enum * 2) rcu_report_dead() reports the final quiescent states. * * _ IRQ_POLL: irq_poll_cpu_dead() migrates the queue + * + * _ (HR)TIMER_SOFTIRQ: (hr)timers_dead_cpu() migrates the queue */ -#define SOFTIRQ_HOTPLUG_SAFE_MASK (BIT(RCU_SOFTIRQ) | BIT(IRQ_POLL_SOFTIRQ)) +#define SOFTIRQ_HOTPLUG_SAFE_MASK (BIT(TIMER_SOFTIRQ) | BIT(IRQ_POLL_SOFTIRQ) |\ + BIT(HRTIMER_SOFTIRQ) | BIT(RCU_SOFTIRQ)) + /* map softirq index to softirq name. update 'softirq_to_name' in * kernel/softirq.c when adding a new softirq.

2 years, 1 month

1
0
0 0

[PATCH v4] usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call

by Krishna Kurapati

When NCM is used with hosts like Windows PC, it is observed that there are multiple NTB's contained in one usb request giveback. Since the driver unwraps the obtained request data assuming only one NTB is present, we loose the subsequent NTB's present resulting in data loss. Fix this by checking the parsed block length with the obtained data length in usb request and continue parsing after the last byte of current NTB. Cc: stable(a)vger.kernel.org Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- Changes in v4: Replaced void* with __le16* typecast for tmp variable Changes in v3: Removed explicit void* typecast for ntb_ptr variable drivers/usb/gadget/function/f_ncm.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index 424bb3b666db..faf90a217419 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -1171,7 +1171,8 @@ static int ncm_unwrap_ntb(struct gether *port, struct sk_buff_head *list) { struct f_ncm *ncm = func_to_ncm(&port->func); - __le16 *tmp = (void *) skb->data; + unsigned char *ntb_ptr = skb->data; + __le16 *tmp; unsigned index, index2; int ndp_index; unsigned dg_len, dg_len2; @@ -1184,6 +1185,10 @@ static int ncm_unwrap_ntb(struct gether *port, const struct ndp_parser_opts *opts = ncm->parser_opts; unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0; int dgram_counter; + int to_process = skb->len; + +parse_ntb: + tmp = (__le16 *)ntb_ptr; /* dwSignature */ if (get_unaligned_le32(tmp) != opts->nth_sign) { @@ -1230,7 +1235,7 @@ static int ncm_unwrap_ntb(struct gether *port, * walk through NDP * dwSignature */ - tmp = (void *)(skb->data + ndp_index); + tmp = (__le16 *)(ntb_ptr + ndp_index); if (get_unaligned_le32(tmp) != ncm->ndp_sign) { INFO(port->func.config->cdev, "Wrong NDP SIGN\n"); goto err; @@ -1287,11 +1292,11 @@ static int ncm_unwrap_ntb(struct gether *port, if (ncm->is_crc) { uint32_t crc, crc2; - crc = get_unaligned_le32(skb->data + + crc = get_unaligned_le32(ntb_ptr + index + dg_len - crc_len); crc2 = ~crc32_le(~0, - skb->data + index, + ntb_ptr + index, dg_len - crc_len); if (crc != crc2) { INFO(port->func.config->cdev, @@ -1318,7 +1323,7 @@ static int ncm_unwrap_ntb(struct gether *port, dg_len - crc_len); if (skb2 == NULL) goto err; - skb_put_data(skb2, skb->data + index, + skb_put_data(skb2, ntb_ptr + index, dg_len - crc_len); skb_queue_tail(list, skb2); @@ -1331,10 +1336,17 @@ static int ncm_unwrap_ntb(struct gether *port, } while (ndp_len > 2 * (opts->dgram_item_len * 2)); } while (ndp_index); - dev_consume_skb_any(skb); - VDBG(port->func.config->cdev, "Parsed NTB with %d frames\n", dgram_counter); + + to_process -= block_len; + if (to_process != 0) { + ntb_ptr = (unsigned char *)(ntb_ptr + block_len); + goto parse_ntb; + } + + dev_consume_skb_any(skb); + return 0; err: skb_queue_purge(list); -- 2.42.0

2 years, 1 month

2
1
0 0

RE: I’m Philip A. Mosaki. I sent a message to you before, but I did not hear from you, did you receive it?

by Philip Mosakki

2 years, 1 month

1
0
0 0

PROJECT PROPOSAL....

by Mrs. Angela Juanni Marcus

Greeting my beloved, I sent you a Humanitarian Gesture Project Proposal, please did you receive it? From Mrs. Angela Juanni Marcus.

2 years, 1 month

1
0
0 0

[PATCH v3] mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A

by Bean Huo

From: Bean Huo <beanhuo(a)micron.com> Micron MTFC4GACAJCN eMMC supports cache but requires that flush cache operation be allowed only after a write has occurred. Otherwise, the cache flush command or subsequent commands will time out. Signed-off-by: Bean Huo <beanhuo(a)micron.com> Co-developed-by: Rafael Beims <rafael.beims(a)toradex.com> Cc: stable(a)vger.kernel.org --- Changelog: v2--v3: 1. Set card->written_flag in mmc_blk_mq_issue_rq(). v1--v2: 1. Add Rafael's test-tag, and Co-developed-by. 2. Check host->card whether NULL or not in __mmc_start_request() before asserting host->card->->quirks --- drivers/mmc/core/block.c | 4 ++++ drivers/mmc/core/mmc.c | 5 +++++ drivers/mmc/core/quirks.h | 7 ++++--- include/linux/mmc/card.h | 2 ++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 3a8f27c3e310..14d0dc7942de 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -2387,6 +2387,10 @@ enum mmc_issued mmc_blk_mq_issue_rq(struct mmc_queue *mq, struct request *req) ret = mmc_blk_cqe_issue_rw_rq(mq, req); else ret = mmc_blk_mq_issue_rw_rq(mq, req); + + if (host->card->quirks & MMC_QUIRK_BROKEN_CACHE_FLUSH && + !host->card->written_flag && !ret) + host->card->written_flag = true; break; default: WARN_ON_ONCE(1); diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c index 89cd48fcec79..a2edd065fa1b 100644 --- a/drivers/mmc/core/mmc.c +++ b/drivers/mmc/core/mmc.c @@ -1929,6 +1929,8 @@ static int mmc_init_card(struct mmc_host *host, u32 ocr, if (!oldcard) host->card = card; + card->written_flag = false; + return 0; free_card: @@ -2081,6 +2083,9 @@ static int _mmc_flush_cache(struct mmc_host *host) { int err = 0; + if (host->card->quirks & MMC_QUIRK_BROKEN_CACHE_FLUSH && !host->card->written_flag) + return err; + if (_mmc_cache_enabled(host)) { err = mmc_switch(host->card, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_FLUSH_CACHE, 1, diff --git a/drivers/mmc/core/quirks.h b/drivers/mmc/core/quirks.h index 32b64b564fb1..5e68c8b4cdca 100644 --- a/drivers/mmc/core/quirks.h +++ b/drivers/mmc/core/quirks.h @@ -110,11 +110,12 @@ static const struct mmc_fixup __maybe_unused mmc_blk_fixups[] = { MMC_QUIRK_TRIM_BROKEN), /* - * Micron MTFC4GACAJCN-1M advertises TRIM but it does not seems to - * support being used to offload WRITE_ZEROES. + * Micron MTFC4GACAJCN-1M supports TRIM but does not appear to suppor + * WRITE_ZEROES offloading. It also supports caching, but the cache can + * only be flushed after a write has occurred. */ MMC_FIXUP("Q2J54A", CID_MANFID_MICRON, 0x014e, add_quirk_mmc, - MMC_QUIRK_TRIM_BROKEN), + MMC_QUIRK_TRIM_BROKEN | MMC_QUIRK_BROKEN_CACHE_FLUSH), /* * Kingston EMMC04G-M627 advertises TRIM but it does not seems to diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index daa2f40d9ce6..7b12eebc5586 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -295,7 +295,9 @@ struct mmc_card { #define MMC_QUIRK_BROKEN_HPI (1<<13) /* Disable broken HPI support */ #define MMC_QUIRK_BROKEN_SD_DISCARD (1<<14) /* Disable broken SD discard support */ #define MMC_QUIRK_BROKEN_SD_CACHE (1<<15) /* Disable broken SD cache support */ +#define MMC_QUIRK_BROKEN_CACHE_FLUSH (1<<16) /* Don't flush cache until the write has occurred */ + bool written_flag; /* Indicates eMMC has been written since power on */ bool reenable_cmdq; /* Re-enable Command Queue */ unsigned int erase_size; /* erase size in sectors */ -- 2.34.1

2 years, 1 month

5
5
0 0

Re: [PATCH] drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet

by Francesco Dolcini

On Mon, Apr 03, 2023 at 09:02:42PM +0200, Marek Vasut wrote: > Do not generate the HS front and back porch gaps, the HSA gap and > EOT packet, as per "SN65DSI83 datasheet SLLSEC1I - SEPTEMBER 2012 > - REVISED OCTOBER 2020", page 22, these packets are not required. > This makes the TI SN65DSI83 bridge work with Samsung DSIM on i.MX8MN. > > Signed-off-by: Marek Vasut <marex(a)denx.de> Hello, can you please queue up this to kernel v6.1-stable ? commit ca161b259cc84fe1f4a2ce4c73c3832cf6f713f1 Author: Marek Vasut <marex(a)denx.de> Commit: Robert Foss <rfoss(a)kernel.org> drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet Do not generate the HS front and back porch gaps, the HSA gap and EOT packet, as per "SN65DSI83 datasheet SLLSEC1I - SEPTEMBER 2012 - REVISED OCTOBER 2020", page 22, these packets are not required. This makes the TI SN65DSI83 bridge work with Samsung DSIM on i.MX8MN. Signed-off-by: Marek Vasut <marex(a)denx.de> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Robert Foss <rfoss(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20230403190242.224490-1-marex… It solves a real issue with some displays not working without it. Thanks, Francesco

2 years, 1 month

1
0
0 0

[PATCH RFC] binfmt_elf: fully allocate bss pages

by Thomas Weißschuh

When allocating the pages for bss the start address needs to be rounded down instead of up. Otherwise the start of the bss segment may be unmapped. The was reported to happen on Aarch64: Memory allocated by set_brk(): Before: start=0x420000 end=0x420000 After: start=0x41f000 end=0x420000 The triggering binary looks like this: Elf file type is EXEC (Executable file) Entry point 0x400144 There are 4 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000 0x0000000000000178 0x0000000000000178 R E 0x10000 LOAD 0x000000000000ffe8 0x000000000041ffe8 0x000000000041ffe8 0x0000000000000000 0x0000000000000008 RW 0x10000 NOTE 0x0000000000000120 0x0000000000400120 0x0000000000400120 0x0000000000000024 0x0000000000000024 R 0x4 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10 Section to Segment mapping: Segment Sections... 00 .note.gnu.build-id .text .eh_frame 01 .bss 02 .note.gnu.build-id 03 Reported-by: Sebastian Ott <sebott(a)redhat.com> Closes: https://lore.kernel.org/lkml/5d49767a-fbdc-fbe7-5fb2-d99ece3168cb@redhat.co… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- I'm not really familiar with the ELF loading process, so putting this out as RFC. A example binary compiled with aarch64-linux-gnu-gcc 13.2.0 is available at https://test.t-8ch.de/binfmt-bss-repro.bin --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 7b3d2d491407..4008a57d388b 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -112,7 +112,7 @@ static struct linux_binfmt elf_format = { static int set_brk(unsigned long start, unsigned long end, int prot) { - start = ELF_PAGEALIGN(start); + start = ELF_PAGESTART(start); end = ELF_PAGEALIGN(end); if (end > start) { /* --- base-commit: aed8aee11130a954356200afa3f1b8753e8a9482 change-id: 20230914-bss-alloc-f523fa61718c Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

2 years, 1 month

8
18
0 0

[PATCH] ACPI: FPDT: break out of the loop if record length is zero

by Vasily Khoruzhick

Buggy BIOSes may have zero-length records in FPDT, table, as a result fpdt_process_subtable() spins in eternal loop. Break out of the loop if record length is zero. Fixes: d1eb86e59be0 ("ACPI: tables: introduce support for FPDT table") Cc: stable(a)vger.kernel.org Signed-off-by: Vasily Khoruzhick <anarsoul(a)gmail.com> --- drivers/acpi/acpi_fpdt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/acpi/acpi_fpdt.c b/drivers/acpi/acpi_fpdt.c index a2056c4c8cb7..53d8f9601a55 100644 --- a/drivers/acpi/acpi_fpdt.c +++ b/drivers/acpi/acpi_fpdt.c @@ -194,6 +194,11 @@ static int fpdt_process_subtable(u64 address, u32 subtable_type) record_header = (void *)subtable_header + offset; offset += record_header->length; + if (!record_header->length) { + pr_info(FW_BUG "Zero-length record found.\n"); + break; + } + switch (record_header->type) { case RECORD_S3_RESUME: if (subtable_type != SUBTABLE_S3PT) { -- 2.42.0

2 years, 1 month

2
2
0 0

[PATCH] LoongArch: numa: Fix high_memory calculation

by Huacai Chen

high_memory is the virtual address of the 'highest physical address' in the system. But __va(get_num_physpages() << PAGE_SHIFT) is not what we want because there may be holes in the physical address space. On the other hand, max_low_pfn is calculated from memblock_end_of_DRAM(), which is exactly corresponding to the highest physical address, so use it for high_memory calculation. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chong Qiao <qiaochong(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/kernel/numa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/loongarch/kernel/numa.c b/arch/loongarch/kernel/numa.c index c7d33c489e04..6e65ff12d5c7 100644 --- a/arch/loongarch/kernel/numa.c +++ b/arch/loongarch/kernel/numa.c @@ -436,7 +436,7 @@ void __init paging_init(void) void __init mem_init(void) { - high_memory = (void *) __va(get_num_physpages() << PAGE_SHIFT); + high_memory = (void *) __va(max_low_pfn << PAGE_SHIFT); memblock_free_all(); } -- 2.39.3

2 years, 1 month

3
2
0 0

Re: [PATCH v4 0/2] Avoid spurious freezer wakeups

by Carlos Llamas

On Tue, Sep 26, 2023 at 10:02:38PM +0200, Peter Zijlstra wrote: > On Tue, Sep 26, 2023 at 04:17:33PM +0000, Carlos Llamas wrote: > > > > This issue is hurting the performance of our stable 6.1 releases. Does > > it make sense to backport these patches into stable branches once they > > land in mainline? I would assume we want to fix the perf regression > > there too? > > Note that these patches are in tip/sched/core, slated for the next merge > window. We can wait, no problem. I just wanted to make sure we also patch stable if needed. Elliot, would you be able to send a backport of your patches to stable once they land in mainline on the next merge window? Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org -- Carlos Llamas

2 years, 1 month

2
1
0 0

[PATCH 04/14] drm/amd/display: apply edge-case DISPCLK WDIVIDER changes to master OTG pipes only

by Aurabindo Pillai

From: Samson Tam <samson.tam(a)amd.com> [Why] The edge-case DISPCLK WDIVIDER changes call stream_enc functions. But with MPC pipes, downstream pipes have null stream_enc and will cause crash. [How] Only call stream_enc functions for pipes that are OTG master. Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Samson Tam <samson.tam(a)amd.com> --- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn20/dcn20_clk_mgr.c | 4 ++-- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn20/dcn20_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn20/dcn20_clk_mgr.c index c435f7632e8e..5ee87965a078 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn20/dcn20_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn20/dcn20_clk_mgr.c @@ -157,7 +157,7 @@ void dcn20_update_clocks_update_dentist(struct clk_mgr_internal *clk_mgr, struct int32_t N; int32_t j; - if (!pipe_ctx->stream) + if (!resource_is_pipe_type(pipe_ctx, OTG_MASTER)) continue; /* Virtual encoders don't have this function */ if (!stream_enc->funcs->get_fifo_cal_average_level) @@ -188,7 +188,7 @@ void dcn20_update_clocks_update_dentist(struct clk_mgr_internal *clk_mgr, struct int32_t N; int32_t j; - if (!pipe_ctx->stream) + if (!resource_is_pipe_type(pipe_ctx, OTG_MASTER)) continue; /* Virtual encoders don't have this function */ if (!stream_enc->funcs->get_fifo_cal_average_level) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c index 37ffa0050e60..a496930b1f9c 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c @@ -363,7 +363,7 @@ static void dcn32_update_clocks_update_dentist( int32_t N; int32_t j; - if (!pipe_ctx->stream) + if (!resource_is_pipe_type(pipe_ctx, OTG_MASTER)) continue; /* Virtual encoders don't have this function */ if (!stream_enc->funcs->get_fifo_cal_average_level) @@ -409,7 +409,7 @@ static void dcn32_update_clocks_update_dentist( int32_t N; int32_t j; - if (!pipe_ctx->stream) + if (!resource_is_pipe_type(pipe_ctx, OTG_MASTER)) continue; /* Virtual encoders don't have this function */ if (!stream_enc->funcs->get_fifo_cal_average_level) -- 2.42.0

2 years, 1 month

1
0
0 0

[PATCH 03/14] drm/amd/display: enable dsc_clk even if dsc_pg disabled

by Aurabindo Pillai

From: Muhammad Ahmed <ahmed.ahmed(a)amd.com> [why] need to enable dsc_clk regardless dsc_pg Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Muhammad Ahmed <ahmed.ahmed(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 8 ++++---- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 3 +++ drivers/gpu/drm/amd/display/dc/dcn35/dcn35_resource.c | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index cb3cb2db90ee..6f2300f71ca8 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -1853,7 +1853,7 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c if (dc->hwss.subvp_pipe_control_lock) dc->hwss.subvp_pipe_control_lock(dc, context, true, true, NULL, subvp_prev_use); - if (dc->debug.enable_double_buffered_dsc_pg_support) + if (dc->hwss.update_dsc_pg) dc->hwss.update_dsc_pg(dc, context, false); disable_dangling_plane(dc, context); @@ -1960,7 +1960,7 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c dc->hwss.optimize_bandwidth(dc, context); } - if (dc->debug.enable_double_buffered_dsc_pg_support) + if (dc->hwss.update_dsc_pg) dc->hwss.update_dsc_pg(dc, context, true); if (dc->ctx->dce_version >= DCE_VERSION_MAX) @@ -2207,7 +2207,7 @@ void dc_post_update_surfaces_to_stream(struct dc *dc) dc->hwss.optimize_bandwidth(dc, context); - if (dc->debug.enable_double_buffered_dsc_pg_support) + if (dc->hwss.update_dsc_pg) dc->hwss.update_dsc_pg(dc, context, true); } @@ -3565,7 +3565,7 @@ static void commit_planes_for_stream(struct dc *dc, if (get_seamless_boot_stream_count(context) == 0) dc->hwss.prepare_bandwidth(dc, context); - if (dc->debug.enable_double_buffered_dsc_pg_support) + if (dc->hwss.update_dsc_pg) dc->hwss.update_dsc_pg(dc, context, false); context_clock_trace(dc, context); diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c index 76fd7a41bdbf..45b557d8e089 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c @@ -77,6 +77,9 @@ void dcn32_dsc_pg_control( if (hws->ctx->dc->debug.disable_dsc_power_gate) return; + if (!hws->ctx->dc->debug.enable_double_buffered_dsc_pg_support) + return; + REG_GET(DC_IP_REQUEST_CNTL, IP_REQUEST_EN, &org_ip_request_cntl); if (org_ip_request_cntl == 0) REG_SET(DC_IP_REQUEST_CNTL, 0, IP_REQUEST_EN, 1); diff --git a/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_resource.c b/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_resource.c index 10ae1b3da751..6214866916c7 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_resource.c @@ -742,7 +742,7 @@ static const struct dc_debug_options debug_defaults_drv = { .disable_mem_low_power = false, .enable_hpo_pg_support = false, //must match enable_single_display_2to1_odm_policy to support dynamic ODM transitions - .enable_double_buffered_dsc_pg_support = false, + .enable_double_buffered_dsc_pg_support = true, .enable_dp_dig_pixel_rate_div_policy = 1, .disable_z10 = false, .ignore_pg = true, -- 2.42.0

2 years, 1 month

1
0
0 0

[PATCH 02/14] drm/amd/display: Add Null check for DPP resource

by Aurabindo Pillai

From: Gabe Teeger <gabe.teeger(a)amd.com> [what and why] Check whether dpp resource pointer is null in advance and return early if so. Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Reviewed-by: Martin Leung <martin.leung(a)amd.com> Signed-off-by: Gabe Teeger <gabe.teeger(a)amd.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 628b902a4cec..aa7b5db83644 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -945,7 +945,7 @@ static void adjust_recout_for_visual_confirm(struct rect *recout, struct dc *dc = pipe_ctx->stream->ctx->dc; int dpp_offset, base_offset; - if (dc->debug.visual_confirm == VISUAL_CONFIRM_DISABLE) + if (dc->debug.visual_confirm == VISUAL_CONFIRM_DISABLE || !pipe_ctx->plane_res.dpp) return; dpp_offset = pipe_ctx->stream->timing.v_addressable / VISUAL_CONFIRM_DPP_OFFSET_DENO; -- 2.42.0

2 years, 1 month

1
0
0 0

+ selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Juntong Deng <juntong.deng(a)outlook.com> Subject: selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error Date: Wed, 27 Sep 2023 02:19:44 +0800 According to the awk manual, the -e option does not need to be specified in front of 'program' (unless you need to mix program-file). The redundant -e option can cause error when users use awk tools other than gawk (for example, mawk does not support the -e option). Error Example: awk: not an option: -e Link: https://lkml.kernel.org/r/VI1P193MB075228810591AF2FDD7D42C599C3A@VI1P193MB0… Signed-off-by: Juntong Deng <juntong.deng(a)outlook.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 ++-- tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) --- a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh~selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error +++ a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh @@ -25,7 +25,7 @@ if [[ "$1" == "-cgroup-v2" ]]; then fi if [[ $cgroup2 ]]; then - cgroup_path=$(mount -t cgroup2 | head -1 | awk -e '{print $3}') + cgroup_path=$(mount -t cgroup2 | head -1 | awk '{print $3}') if [[ -z "$cgroup_path" ]]; then cgroup_path=/dev/cgroup/memory mount -t cgroup2 none $cgroup_path @@ -33,7 +33,7 @@ if [[ $cgroup2 ]]; then fi echo "+hugetlb" >$cgroup_path/cgroup.subtree_control else - cgroup_path=$(mount -t cgroup | grep ",hugetlb" | awk -e '{print $3}') + cgroup_path=$(mount -t cgroup | grep ",hugetlb" | awk '{print $3}') if [[ -z "$cgroup_path" ]]; then cgroup_path=/dev/cgroup/memory mount -t cgroup memory,hugetlb $cgroup_path --- a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh~selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error +++ a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh @@ -20,7 +20,7 @@ fi if [[ $cgroup2 ]]; then - CGROUP_ROOT=$(mount -t cgroup2 | head -1 | awk -e '{print $3}') + CGROUP_ROOT=$(mount -t cgroup2 | head -1 | awk '{print $3}') if [[ -z "$CGROUP_ROOT" ]]; then CGROUP_ROOT=/dev/cgroup/memory mount -t cgroup2 none $CGROUP_ROOT @@ -28,7 +28,7 @@ if [[ $cgroup2 ]]; then fi echo "+hugetlb +memory" >$CGROUP_ROOT/cgroup.subtree_control else - CGROUP_ROOT=$(mount -t cgroup | grep ",hugetlb" | awk -e '{print $3}') + CGROUP_ROOT=$(mount -t cgroup | grep ",hugetlb" | awk '{print $3}') if [[ -z "$CGROUP_ROOT" ]]; then CGROUP_ROOT=/dev/cgroup/memory mount -t cgroup memory,hugetlb $CGROUP_ROOT _ Patches currently in -mm which might be from juntong.deng(a)outlook.com are selftests-mm-fix-awk-usage-in-charge_reserved_hugetlbsh-and-hugetlb_reparenting_testsh-that-may-cause-error.patch

2 years, 1 month

1
0
0 0

[PATCH] x86/kvm: Account for fpstate->user_xfeatures changes

by Tyler Stachecki

Live-migrations under qemu result in guest corruption when the following three conditions are all met: * The source host CPU has capabilities that itself extend that of the guest CPU fpstate->user_xfeatures * The source kernel emits guest_fpu->user_xfeatures with respect to the host CPU (i.e. it *does not* have the "Fixes:" commit) * The destination kernel enforces that the xfeatures in the buffer given to KVM_SET_IOCTL are compatible with the guest CPU (i.e., it *does* have the "Fixes:" commit) When these conditions are met, the semantical changes to fpstate->user_features trigger a subtle bug in qemu that results in qemu failing to put the XSAVE architectural state into KVM. qemu then both ceases to put the remaining (non-XSAVE) x86 architectural state into KVM and makes the fateful mistake of resuming the guest anyways. This usually results in immediate guest corruption, silent or not. Due to the grave nature of this qemu bug, attempt to retain behavior of old kernels by clamping the xfeatures specified in the buffer given to KVM_SET_IOCTL such that it aligns with the guests fpstate->user_xfeatures instead of returning an error. Fixes: ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0") Cc: stable(a)vger.kernel.org Cc: Leonardo Bras <leobras(a)redhat.com> Signed-off-by: Tyler Stachecki <tstachecki(a)bloomberg.net> --- arch/x86/kvm/x86.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 6c9c81e82e65..baad160b592f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5407,11 +5407,21 @@ static void kvm_vcpu_ioctl_x86_get_xsave2(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, struct kvm_xsave *guest_xsave) { + union fpregs_state *ustate = (union fpregs_state *) guest_xsave->region; + u64 user_xfeatures = vcpu->arch.guest_fpu.fpstate->user_xfeatures; + if (fpstate_is_confidential(&vcpu->arch.guest_fpu)) return 0; - return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, - guest_xsave->region, + /* + * In previous kernels, kvm_arch_vcpu_create() set the guest's fpstate + * based on what the host CPU supported. Recent kernels changed this + * and only accept ustate containing xfeatures that the guest CPU is + * capable of supporting. + */ + ustate->xsave.header.xfeatures &= user_xfeatures; + + return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, ustate, kvm_caps.supported_xcr0, &vcpu->arch.pkru); } -- 2.30.2

2 years, 1 month

4
15
0 0

[PATCH 5.4 000/367] 5.4.257-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.257 release. There are 367 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.257-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.257-rc1 Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire rsvp classifier Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix amdgpu_cs_p1_user_fence William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller Shida Zhang <zhangshida(a)kylinos.cn> ext4: fix rec_len verify error Junxiao Bi <junxiao.bi(a)oracle.com> scsi: megaraid_sas: Fix deadlock on firmware crashdump Tommy Huang <tommy_huang(a)aspeedtech.com> i2c: aspeed: Reset the i2c controller when timeout occurs Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Add missing lockdown check to tracefs_create_dir() Jeff Layton <jlayton(a)kernel.org> nfsd: fix change_info in NFSv4 RENAME replies Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have option files inc the trace array ref count Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have current_trace inc the trace array ref count Filipe Manana <fdmanana(a)suse.com> btrfs: fix lockdep splat and potential deadlock after failure running delayed items Christian Brauner <brauner(a)kernel.org> attr: block mode changes of symlinks Nigel Croxon <ncroxon(a)redhat.com> md/raid1: fix error: ISO C90 forbids mixed declarations Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Fix to unmount tracefs for recovering environment Anand Jain <anand.jain(a)oracle.com> btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super Anand Jain <anand.jain(a)oracle.com> btrfs: add a helper to read the superblock metadata_uuid Josef Bacik <josef(a)toxicpanda.com> btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h Namhyung Kim <namhyung(a)kernel.org> perf build: Update build rule for generated files Ian Rogers <rogers.email(a)gmail.com> perf jevents: Switch build to use jevents.py Ian Rogers <irogers(a)google.com> perf tools: Add an option to build without libbfd John Garry <john.garry(a)huawei.com> perf jevents: Make build dependency on test JSONs Arnaldo Carvalho de Melo <acme(a)redhat.com> tools features: Add feature test to check if libbfd has buildid support Zhen Lei <thunder.leizhen(a)huawei.com> kobject: Add sanity check for kset->kobj.ktype in kset_register() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning Christophe Leroy <christophe.leroy(a)csgroup.eu> serial: cpm_uart: Avoid suspicious locking Konstantin Shelekhin <k.shelekhin(a)yadro.com> scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() Ma Ke <make_ruc2021(a)163.com> usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: replace BUG with error return Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: tuners: qt1010: replace BUG_ON with a regular error Zhang Shurong <zhang_shurong(a)foxmail.com> media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() Zhang Shurong <zhang_shurong(a)foxmail.com> media: anysee: fix null-ptr-deref in anysee_master_xfer Zhang Shurong <zhang_shurong(a)foxmail.com> media: af9005: Fix null-ptr-deref in af9005_i2c_xfer Zhang Shurong <zhang_shurong(a)foxmail.com> media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() Zhang Shurong <zhang_shurong(a)foxmail.com> media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer ruanjinjie <ruanjinjie(a)huawei.com> powerpc/pseries: fix possible memory leak in ibmebus_bus_init() Liu Shixin via Jfs-discussion <jfs-discussion(a)lists.sourceforge.net> jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount Andrew Kanner <andrew.kanner(a)gmail.com> fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Georg Ottinger <g.ottinger(a)gmx.at> ext2: fix datatype of block number in ext2_xattr_set2() Zhang Shurong <zhang_shurong(a)foxmail.com> md: raid1: fix potential OOB in raid1_remove_disk() Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Configure uart quirks for k3 SoC Tuo Li <islituo(a)gmail.com> drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() Hao Luo <haoluo(a)google.com> libbpf: Free btf_vmlinux when closing bpf_object Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211_hwsim: drop short frames GONG, Ruiqi <gongruiqi1(a)huawei.com> alx: fix OOB-read compiler warning Giulio Benetti <giulio.benetti(a)benettiengineering.com> mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 Alexander Steffen <Alexander.Steffen(a)infineon.com> tpm_tis: Resend command to recover from data transfer errors Mark O'Donovan <shiftee(a)posteo.net> crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix fortify warning Dongliang Mu <dzm91(a)hust.edu.cn> wifi: ath9k: fix printk specifier Jiri Pirko <jiri(a)nvidia.com> devlink: remove reload failed checks in params get/set callbacks Tomislav Novak <tnovak(a)meta.com> hw_breakpoint: fix single-stepping when using bpf_overflow_handler Yicong Yang <yangyicong(a)hisilicon.com> perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 Jiri Slaby (SUSE) <jirislaby(a)kernel.org> ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 Wander Lairson Costa <wander(a)redhat.com> kernel/fork: beware of __put_task_struct() calling context Abhishek Mainkar <abmainkar(a)nvidia.com> ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer Will Shiu <Will.Shiu(a)mediatek.com> locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock Qu Wenruo <wqu(a)suse.com> btrfs: output extra debug info if we failed to find an inline backref Fedor Pchelkin <pchelkin(a)ispras.ru> autofs: fix memory leak of waitqueues in autofs_catatonic_mode Helge Deller <deller(a)gmx.de> parisc: Drop loops_per_jiffy from per_cpu struct Wesley Chalmers <wesley.chalmers(a)amd.com> drm/amd/display: Fix a bug when searching for insert_above_mpcc Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ixgbe: fix timestamp configuration code Liu Jian <liujian56(a)huawei.com> net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop jumbo frames Michael S. Tsirkin <mst(a)redhat.com> mlxbf-tmfifo: sparse tags for config access Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors Shigeru Yoshida <syoshida(a)redhat.com> kcm: Fix memory leak in error path of kcm_sendmsg() Hayes Wang <hayeswang(a)realtek.com> r8152: check budget for r8152_poll() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() Liu Jian <liujian56(a)huawei.com> net: ipv4: fix one memleak in __inet_del_ifa() Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz Anson Huang <Anson.Huang(a)nxp.com> clk: imx: pll14xx: Add new frequency entries for pll1443x table YueHaibing <yuehaibing(a)huawei.com> clk: imx: clk-pll14xx: Make two variables static Anson Huang <Anson.Huang(a)nxp.com> clk: imx8mm: Move 1443X/1416X PLL clock structure to common place Aleksey Nasibulin <alealexpro100(a)ya.ru> ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 RD Babiera <rdbabiera(a)google.com> usb: typec: bus: verify partner exists in typec_altmode_attention Hans de Goede <hdegoede(a)redhat.com> usb: typec: tcpm: Refactor tcpm_handle_vdm_request Hans de Goede <hdegoede(a)redhat.com> usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling Namhyung Kim <namhyung(a)kernel.org> perf tools: Handle old data in PERF_RECORD_ATTR Namhyung Kim <namhyung(a)kernel.org> perf hists browser: Fix hierarchy mode header William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential false time out warning William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix crash during the panic_write Anand Jain <anand.jain(a)oracle.com> btrfs: use the correct superblock to compare fsid in btrfs_validate_super Filipe Manana <fdmanana(a)suse.com> btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART ruanmeisi <ruan.meisi(a)zte.com.cn> fuse: nlookup missing decrement in fuse_direntplus_link Damien Le Moal <dlemoal(a)kernel.org> ata: pata_ftide010: Add missing MODULE_DESCRIPTION Damien Le Moal <dlemoal(a)kernel.org> ata: sata_gemini: Add missing MODULE_DESCRIPTION Petr Tesarik <petr.tesarik.ext(a)huawei.com> sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() Yisen Zhuang <yisen.zhuang(a)huawei.com> net: hns3: fix the port information display when sfp is absent Wander Lairson Costa <wander(a)redhat.com> netfilter: nfnetlink_osf: avoid OOB read Eric Dumazet <edumazet(a)google.com> ip_tunnels: use DEV_STATS_INC() Ariel Marcovitch <arielmarcovitch(a)gmail.com> idr: fix param name in idr_alloc_cyclic() doc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> s390/zcrypt: don't leak memory if dev_set_name() fails Olga Zaborska <olga.zaborska(a)intel.com> igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 Shigeru Yoshida <syoshida(a)redhat.com> kcm: Destroy mutex in kcm_exit_net() valis <sec(a)valis.email> net: sched: sch_qfq: Fix UAF in qfq_dequeue() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data race around sk->sk_err. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around sk->sk_shutdown. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-race around unix_tot_inflight. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around user->unix_inflight. Alex Henrie <alexhenrie24(a)gmail.com> net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Liang Chen <liangchen.linux(a)gmail.com> veth: Fixing transmit return status for dropped packets Corinna Vinschen <vinschen(a)redhat.com> igb: disable virtualization features on 82580 Eric Dumazet <edumazet(a)google.com> net: read sk->sk_family once in sk_mc_loop() Eric Dumazet <edumazet(a)google.com> ipv4: annotate data-races around fi->fib_dead Eric Dumazet <edumazet(a)google.com> sctp: annotate data-races around sk->sk_wmem_queued Vladimir Zapolskiy <vz(a)mleia.com> pwm: lpc32xx: Remove handling of PWM channels Raag Jadav <raag.jadav(a)intel.com> watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't pass an ERR_PTR() directly to perf_session__delete() Sean Christopherson <seanjc(a)google.com> x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate bpf: Don't enclose non-debug code with an assert() Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> kconfig: fix possible buffer overflow Fedor Pchelkin <pchelkin(a)ispras.ru> NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Chris Lew <quic_clew(a)quicinc.com> soc: qcom: qmi_encdec: Restrict string length in decode Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Helge Deller <deller(a)gmx.de> parisc: led: Reduce CPU overhead for disk & lan LED computation Helge Deller <deller(a)gmx.de> parisc: led: Fix LAN receive and transmit LEDs Andrew Donnellan <ajd(a)linux.ibm.com> lib/test_meminit: allocate pages up to order MAX_ORDER Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix DRAM init on AST2200 Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: Remove unsupported ql2xenabledif option Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Turn off noisy message log Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix erroneous link up failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: fix inconsistent TMF timeout Quan Tian <qtian(a)vmware.com> net/ipv6: SKB symmetric hash should incorporate transport ports Jia Yang <jiayang5(a)huawei.com> drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create Tom Rix <trix(a)redhat.com> udf: initialize newblock to 0 Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: clear the fault status bit Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix broken port 0 uart init Daniel Mack <daniel(a)zonque.org> sc16is7xx: Set iobase to device index Gustavo A. R. Silva <gustavoars(a)kernel.org> cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32 - fix loop iterating through scatterlist for DMA Sven Schnelle <svens(a)linux.ibm.com> s390/ipl: add missing secure/has_secure file to ipl type 'unknown' Enlin Mu <enlin.mu(a)unisoc.com> pstore/ram: Check start of empty przs during init Eric Biggers <ebiggers(a)google.com> fsverity: skip PKCS#7 parser when keyring is empty Nicolas Dichtel <nicolas.dichtel(a)6wind.com> net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Thore Sommer <public(a)thson.de> X.509: if signature is unsupported skip validation Jann Horn <jannh(a)google.com> dccp: Fix out of bounds access in DCCP error handler Alexander Aring <aahringo(a)redhat.com> dlm: fix plock lookup when using multiple lockspaces Helge Deller <deller(a)gmx.de> parisc: Fix /proc/cpuinfo output for lscpu Aleksa Sarai <cyphar(a)cyphar.com> procfs: block chmod on /proc/thread-self/comm Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Dave Jiang <dave.jiang(a)intel.com> ntb: Fix calculation ntb_transport_tx_free_entry() Dave Jiang <dave.jiang(a)intel.com> ntb: Clean up tx tail index on link down Dave Jiang <dave.jiang(a)intel.com> ntb: Drop packets when qp link is down Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> media: dvb: symbol fixup for dvb_attach() Max Filippov <jcmvbkbc(a)gmail.com> xtensa: PMU: fix base address for the newer hardware Thomas Zimmermann <tzimmermann(a)suse.de> backlight/lv5207lp: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/bd6107: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/gpio_backlight: Compare against struct fb_info.device Gustavo A. R. Silva <gustavoars(a)kernel.org> ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() Yi Yang <yiyang13(a)huawei.com> ipmi_si: fix a memleak in try_smi_init() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl Boris Brezillon <boris.brezillon(a)collabora.com> PM / devfreq: Fix leak in devfreq_dev_release() Radoslaw Tyl <radoslawx.tyl(a)intel.com> igb: set max size RX buffer when store bad packet is enabled Mohamed Khalfella <mkhalfella(a)purestorage.com> skbuff: skb_segment, Call zero copy functions before using skbuff frags Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_sctp: validate the flag_info count Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_u32: validate user space input Kyle Zeng <zengyhkyle(a)gmail.com> netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Eric Dumazet <edumazet(a)google.com> igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU Yuan Yao <yuanyaogoog(a)chromium.org> virtio_ring: fix avail_wrap_counter in virtqueue_add_packed Liao Chang <liaochang1(a)huawei.com> cpufreq: Fix the race condition while updating the transition_task of policy ruanjinjie <ruanjinjie(a)huawei.com> dmaengine: ste_dma40: Add missing IRQ check in d40_probe Randy Dunlap <rdunlap(a)infradead.org> um: Fix hostaudio build errors Yi Yang <yiyang13(a)huawei.com> mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rpmsg: glink: Add check for kstrdup Jonas Karlman <jonas(a)kwiboo.se> phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write Zheng Yang <zhengyang(a)rock-chips.com> phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate Jonas Karlman <jonas(a)kwiboo.se> phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Fix race issue between cpu buffer write and swap Dave Hansen <dave.hansen(a)linux.intel.com> x86/speculation: Mark all Skylake CPUs as vulnerable to GDS Rahul Rameshbabu <sergeantsagara(a)protonmail.com> HID: multitouch: Correct devm device reference for hidinput input_dev name Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Correct wrong debug message Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Balance the reference of cep->kref in the error path Leon Romanovsky <leonro(a)nvidia.com> Revert "IB/isert: Fix incorrect release of isert connection" Peng Fan <peng.fan(a)nxp.com> amba: bus: fix refcount leak Yi Yang <yiyang13(a)huawei.com> serial: tegra: handle clk prepare error in tegra_uart_hw_init() Chengfeng Ye <dg573847474(a)gmail.com> scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Tony Battersby <tonyb(a)cybernetics.com> scsi: core: Use 32-bit hostnum in scsi_host_lookup() Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix vflip / hflip set functions Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Fix ov2680_bayer_order() Hans de Goede <hdegoede(a)redhat.com> media: ov2680: Remove auto-gain and auto-exposure controls Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips Marek Vasut <marex(a)denx.de> media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> media: i2c: ov5640: Configure HVP lines in s_power callback Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: f_mass_storage: Fix unused variable warning Colin Ian King <colin.i.king(a)gmail.com> media: go7007: Remove redundant if statement Yanfei Xu <yanfei.xu(a)intel.com> iommu/vt-d: Fix to flush cache of PASID directory table Xiang Yang <xiangyang3(a)huawei.com> IB/uverbs: Fix an potential error pointer dereference Dan Carpenter <dan.carpenter(a)linaro.org> driver core: test_async: fix an error code Rob Clark <robdclark(a)chromium.org> dma-buf/sync_file: Fix docs syntax Ruidong Tian <tianruidong(a)linux.alibaba.com> coresight: tmc: Explicit type conversions to prevent integer overflow Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Randy Dunlap <rdunlap(a)infradead.org> x86/APM: drop the duplicate APM_MINOR_DEV macro Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: Fix DMA buffer leak issue Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: Assign sprd_port after initialized to avoid wrong access Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: remove redundant sprd_port cleanup Chunyan Zhang <chunyan.zhang(a)unisoc.com> serial: sprd: getting port index via serial aliases only Lin Ma <linma(a)zju.edu.cn> scsi: qla4xxx: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: be2iscsi: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Return NULL if no vdec_fb is found Daniil Dulov <d.dulov(a)aladdin.ru> media: cx24120: Add retval check for cx24120_message_send() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Daniil Dulov <d.dulov(a)aladdin.ru> media: dib7000p: Fix potential division by zero Dongliang Mu <dzm91(a)hust.edu.cn> drivers: usb: smsusb: fix error handling code in smsusb_init_device Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() Marco Felsch <m.felsch(a)pengutronix.de> media: v4l2-fwnode: simplify v4l2_fwnode_parse_link Marco Felsch <m.felsch(a)pengutronix.de> media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling Benjamin Coddington <bcodding(a)redhat.com> NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN Chuck Lever <chuck.lever(a)oracle.com> NFSD: da_addr_body field missing in some GETDEVICEINFO replies Su Hui <suhui(a)nfschina.com> fs: lockd: avoid possible wrong NULL parameter Alexei Filippov <halip0503(a)gmail.com> jfs: validate max amount of blocks before allocation. Russell Currey <ruscur(a)russell.cc> powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Dan Carpenter <dan.carpenter(a)linaro.org> nfs/blocklayout: Use the passed in gfp flags Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: ath10k: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> drm/radeon: Use RMW accessors for changing LNKCTL Frederick Lawler <fred(a)fredlawl.com> drm/radeon: Prefer pcie_capability_read_word() Bjorn Helgaas <bhelgaas(a)google.com> drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions Bjorn Helgaas <bhelgaas(a)google.com> drm/radeon: Correct Transmit Margin masks Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> drm/amdgpu: Use RMW accessors for changing LNKCTL Frederick Lawler <fred(a)fredlawl.com> drm/amdgpu: Prefer pcie_capability_read_word() Bjorn Helgaas <bhelgaas(a)google.com> drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions Bjorn Helgaas <bhelgaas(a)google.com> drm/amdgpu: Correct Transmit Margin masks Bjorn Helgaas <bhelgaas(a)google.com> PCI: Add #defines for Enter Compliance, Transmit Margin Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/fadump: reset dump area size if fadump memory reserve fails Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI/ASPM: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Use RMW accessors for changing LNKCTL Wu Zongyong <wuzongyong(a)linux.alibaba.com> PCI: Mark NVIDIA T4 GPUs to avoid bus reset Zhang Jianhua <chris.zjh(a)huawei.com> clk: sunxi-ng: Modify mismatched function name Minjie Du <duminjie(a)vivo.com> drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Corey Minyard <minyard(a)acm.org> ipmi:ssif: Fix a memory leak when scanning for an adapter Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ipmi:ssif: Add check for kstrdup Su Hui <suhui(a)nfschina.com> ALSA: ac97: Fix possible error value of *rac97 Geert Uytterhoeven <geert+renesas(a)glider.be> of: unittest: Fix overlay type in apply/revert check Sui Jingfeng <suijingfeng(a)loongson.cn> drm/mediatek: Fix potential memory leak if vmap() fail Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix possible soft lockup in __audit_inode_child() Dan Carpenter <dan.carpenter(a)linaro.org> smackfs: Prevent underflow in smk_set_cipso() Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/msm/mdp5: Don't leak some plane state Nayna Jain <nayna(a)linux.ibm.com> ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 Geert Uytterhoeven <geert+renesas(a)glider.be> drm/armada: Fix off-by-one error in armada_overlay_get_property() Ruan Jinjie <ruanjinjie(a)huawei.com> of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Yangtao Li <frank.li(a)vivo.com> drm/tegra: dpaux: Fix incorrect return value of platform_get_irq Tan Zhongjun <tanzhongjun(a)yulong.com> drm/tegra: Remove superfluous error messages around platform_get_irq() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: hold 'reconfig_mutex' in backlog_store() Guoqing Jiang <guoqing.jiang(a)linux.dev> md/bitmap: don't set max_write_behind if there is no write mostly device Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Fix Ethernet info for Luxul devices Bogdan Togorean <bogdan.togorean(a)analog.com> drm: adv7511: Fix low refresh rate register for ADV7533/5 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: s5pv210: correct ethernet unit address in SMDKV210 Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210 Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: s3c64xx: align pinctrl with dtschema Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410 Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix dumping of active MMU context Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Add cells sizes to PCIe node Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Arnd Bergmann <arnd(a)arndb.de> drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() Baokun Li <libaokun1(a)huawei.com> quota: fix dqput() to follow the guarantees dquot_srcu should provide Baokun Li <libaokun1(a)huawei.com> quota: add new helper dquot_active() Baokun Li <libaokun1(a)huawei.com> quota: rename dquot_active() to inode_quota_active() Baokun Li <libaokun1(a)huawei.com> quota: factor out dquot_write_dquot() Chengguang Xu <cgxu519(a)zoho.com.cn> quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list Marek Vasut <marex(a)denx.de> drm/bridge: tc358764: Fix debug print parameter order Kuniyuki Iwashima <kuniyu(a)amazon.com> netrom: Deny concurrent connect(). Budimir Markovic <markovicbudimir(a)gmail.com> net/sched: sch_hfsc: Ensure inner classes have fsc curve Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Limit single transaction buffer size Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Fix chunk size setting in output mailbox buffer Jinjie Ruan <ruanjinjie(a)huawei.com> net: arcnet: Do not call kfree_skb() under local_irq_disable() Wang Ming <machel(a)vivo.com> wifi: ath9k: use IS_ERR() with debugfs_create_dir() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: avoid possible NULL skb pointer dereference Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: protect WMI command response buffer replacement with a lock Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix missed return in oob checks failed path Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Artem Chernyshev <artem.chernyshev(a)red-soft.ru> fs: ocfs2: namei: check return value of ocfs2_add_entry() Yan Zhai <yan(a)cloudflare.com> lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Yan Zhai <yan(a)cloudflare.com> lwt: Fix return values of BPF xmit ops Florian Fainelli <florian.fainelli(a)broadcom.com> hwrng: iproc-rng200 - Implement suspend and resume calls Julia Lawall <Julia.Lawall(a)inria.fr> hwrng: iproc-rng200 - use semicolons rather than commas to separate statements Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - fix unchecked return value error Yuanjun Gong <ruc_gongyuanjun(a)163.com> Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> crypto: stm32 - Properly handle pm_runtime_get failing Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mwifiex: switch from 'pci_' to 'dma_' API Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix OOB and integer underflow when rx packets Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Zhang Shurong <zhang_shurong(a)foxmail.com> spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Dan Carpenter <dan.carpenter(a)linaro.org> regmap: rbtree: Use alloc_flags for memory allocations Eric Dumazet <edumazet(a)google.com> tcp: tcp_enter_quickack_mode() should be static Yafang Shao <laoar.shao(a)gmail.com> bpf: Clear the probe_addr for uprobe Liao Chang <liaochang1(a)huawei.com> cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Xu Yang <xu.yang_2(a)nxp.com> perf/imx_ddr: don't enable counter0 if none of 4 counters are used Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved Jiri Slaby <jslaby(a)suse.cz> x86/boot: Annotate local functions Jiri Slaby <jslaby(a)suse.cz> x86/asm: Make more symbols local Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() Christian Brauner <brauner(a)kernel.org> tmpfs: verify {g,u}id mount options correctly Wang Ming <machel(a)vivo.com> fs: Fix error checking for d_hash_and_lookup() Al Viro <viro(a)zeniv.linux.org.uk> new helper: lookup_positive_unlocked() Wen Yang <wenyang.linux(a)foxmail.com> eventfd: prevent underflow for eventfd semaphores David Woodhouse <dwmw(a)amazon.co.uk> eventfd: Export eventfd_ctx_do_read() Matthew Wilcox <willy(a)infradead.org> reiserfs: Check the return value from __getblk() Sabrina Dubroca <sd(a)queasysnail.net> Revert "net: macsec: preserve ingress frame ordering" Jan Kara <jack(a)suse.cz> udf: Handle error when adding extent to a file Vladislav Efanov <VEfanov(a)ispras.ru> udf: Check consistency of Space Bitmap Descriptor Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32s: Fix assembler warning about r0 Jordan Rife <jrife(a)google.com> net: Avoid address overwrite in kernel_connect Shih-Yi Chen <shihyic(a)nvidia.com> platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Fix racy open/close of MIDI devices Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Always set no_report_opcodes Shyam Prasad N <sprasad(a)microsoft.com> cifs: add a warning when the in-flight count goes negative Dan Carpenter <dan.carpenter(a)linaro.org> sctp: handle invalid error codes without calling BUG() David Christensen <drc(a)linux.vnet.ibm.com> bnx2x: fix page fault following EEH recovery Dmitry Mastykin <dmastykin(a)astralinux.ru> netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Chengfeng Ye <dg573847474(a)gmail.com> scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Baoquan He <bhe(a)redhat.com> idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Martin Kohn <m.kohn(a)welotec.com> net: usb: qmi_wwan: add Quectel EM05GV2 Baoquan He <bhe(a)redhat.com> clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM Christian Göttsche <cgzones(a)googlemail.com> security: keys: perform capable check only on privileged operations Konstantin Shelekhin <k.shelekhin(a)ftml.net> platform/x86: huawei-wmi: Silence ambient light sensor Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel: hid: Always call BTNL ACPI method Guiting Shen <aarongt.shen(a)gmail.com> ASoC: atmel: Fix the 8K sample parameter in I2SC master Edgar <ljijcj(a)163.com> ASoc: codecs: ES8316: Fix DMIC config Winston Wen <wentao(a)uniontech.com> fs/nls: make load_nls() take a const parameter Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging device after request requeue Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: use correct number of retries for ERP requests Ben Hutchings <benh(a)debian.org> m68k: Fix invalid .section syntax Jiri Benc <jbenc(a)redhat.com> vxlan: generalize vxlan_parse_gpe_hdr and remove unused args Yuanjun Gong <ruc_gongyuanjun(a)163.com> ethernet: atheros: fix return value check in atl1c_tso_csum() Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Check for failure reading AAD IRQ events Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Flush pending AAD IRQ when suspending Dominique Martinet <asmadeus(a)codewreck.org> 9p: virtio: make sure 'offs' is initialized in zc_request Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Don't show `Invalid config param` errors Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Juerg Haefliger <juerg.haefliger(a)canonical.com> fsi: master-ast-cf: Add MODULE_FIRMWARE macro Wang Ming <machel(a)vivo.com> firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug when first setting GPIO direction Zheng Wang <zyytlz.wz(a)163.com> Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition Nam Cao <namcaov(a)gmail.com> staging: rtl8712: fix race condition Aaron Armstrong Skomra <aaron.skomra(a)wacom.com> HID: wacom: remove the battery when the EKR is off Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add FOXCONN T99W368/T99W373 product Martin Kohn <m.kohn(a)welotec.com> USB: serial: option: add Quectel EM05G variant (0x030e) Christoph Hellwig <hch(a)lst.de> modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Christoph Hellwig <hch(a)lst.de> rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Christoph Hellwig <hch(a)lst.de> net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Christoph Hellwig <hch(a)lst.de> mmc: au1xmmc: force non-modular build and remove symbol_get usage Arnd Bergmann <arnd(a)arndb.de> ARM: pxa: remove use of symbol_get() Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: ensure that the post-EOF tails are all zeroed ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 14 +- arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 15 +- arch/arm/boot/dts/bcm53573.dtsi | 3 + arch/arm/boot/dts/bcm947189acdbmr.dts | 6 +- arch/arm/boot/dts/s3c6410-mini6410.dts | 38 +- arch/arm/boot/dts/s3c64xx-pinctrl.dtsi | 210 +++--- arch/arm/boot/dts/s5pv210-smdkv210.dts | 24 +- arch/arm/kernel/hw_breakpoint.c | 8 +- arch/arm/mach-omap2/powerdomain.c | 2 +- arch/arm/mach-pxa/sharpsl_pm.c | 2 - arch/arm/mach-pxa/spitz.c | 14 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 1 + arch/arm64/kernel/hw_breakpoint.c | 4 +- arch/m68k/fpsp040/skeleton.S | 4 +- arch/m68k/ifpsp060/os.S | 4 +- arch/m68k/kernel/relocate_kernel.S | 4 +- arch/mips/alchemy/devboards/db1000.c | 8 +- arch/mips/alchemy/devboards/db1200.c | 19 +- arch/mips/alchemy/devboards/db1300.c | 10 +- arch/parisc/include/asm/led.h | 4 +- arch/parisc/include/asm/processor.h | 1 - arch/parisc/kernel/processor.c | 18 +- arch/powerpc/kernel/fadump.c | 1 + arch/powerpc/kernel/head_32.S | 2 +- arch/powerpc/kernel/iommu.c | 17 +- arch/powerpc/platforms/pseries/ibmebus.c | 1 + arch/s390/kernel/ipl.c | 2 + arch/sh/boards/mach-ap325rxa/setup.c | 2 +- arch/sh/boards/mach-ecovec24/setup.c | 6 +- arch/sh/boards/mach-kfr2r09/setup.c | 2 +- arch/sh/boards/mach-migor/setup.c | 2 +- arch/sh/boards/mach-se/7724/setup.c | 6 +- arch/um/configs/i386_defconfig | 1 + arch/um/configs/x86_64_defconfig | 1 + arch/um/drivers/Kconfig | 16 +- arch/um/drivers/Makefile | 2 +- arch/x86/boot/compressed/head_32.S | 3 +- arch/x86/boot/compressed/head_64.S | 39 +- arch/x86/boot/pmjump.S | 6 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/include/asm/virtext.h | 6 - arch/x86/kernel/apm_32.c | 6 - arch/x86/kernel/cpu/common.c | 8 +- arch/x86/realmode/rm/wakeup_asm.S | 6 +- arch/xtensa/include/asm/core.h | 9 + arch/xtensa/kernel/perf_event.c | 17 +- crypto/asymmetric_keys/x509_public_key.c | 5 + drivers/acpi/acpica/psopcode.c | 2 +- drivers/acpi/arm64/iort.c | 5 +- drivers/acpi/video_detect.c | 9 + drivers/amba/bus.c | 1 + drivers/ata/pata_ftide010.c | 1 + drivers/ata/sata_gemini.c | 1 + drivers/base/regmap/regcache-rbtree.c | 10 +- drivers/base/test/test_async_driver_probe.c | 2 +- drivers/bluetooth/btsdio.c | 1 + drivers/bluetooth/hci_nokia.c | 6 +- drivers/bus/ti-sysc.c | 2 + drivers/char/hw_random/iproc-rng200.c | 33 +- drivers/char/ipmi/ipmi_si_intf.c | 5 + drivers/char/ipmi/ipmi_ssif.c | 7 +- drivers/char/tpm/tpm_tis_core.c | 15 +- drivers/clk/Kconfig | 1 + drivers/clk/imx/clk-composite-8m.c | 12 +- drivers/clk/imx/clk-imx8mm.c | 87 +-- drivers/clk/imx/clk-pll14xx.c | 30 + drivers/clk/imx/clk.h | 3 + drivers/clk/keystone/pll.c | 2 +- drivers/clk/qcom/gcc-mdm9615.c | 2 +- drivers/clk/sunxi-ng/ccu_mmc_timing.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 6 +- drivers/cpufreq/cpufreq.c | 2 + drivers/cpufreq/powernow-k8.c | 3 +- drivers/crypto/caam/caampkc.c | 4 +- drivers/crypto/stm32/stm32-hash.c | 9 +- drivers/devfreq/devfreq.c | 1 + drivers/dma/Kconfig | 2 + drivers/dma/ste_dma40.c | 4 + drivers/firmware/stratix10-svc.c | 2 +- drivers/fsi/fsi-master-ast-cf.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 14 +- drivers/gpu/drm/amd/amdgpu/cik.c | 97 +-- drivers/gpu/drm/amd/amdgpu/si.c | 99 +-- drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 5 +- drivers/gpu/drm/armada/armada_overlay.c | 6 +- drivers/gpu/drm/ast/ast_post.c | 2 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 9 +- drivers/gpu/drm/bridge/tc358764.c | 2 +- drivers/gpu/drm/drm_gem_vram_helper.c | 24 +- drivers/gpu/drm/etnaviv/etnaviv_dump.c | 14 +- drivers/gpu/drm/exynos/exynos_drm_crtc.c | 5 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 6 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 3 +- drivers/gpu/drm/panel/panel-simple.c | 4 +- drivers/gpu/drm/radeon/cik.c | 96 +-- drivers/gpu/drm/radeon/si.c | 98 +-- drivers/gpu/drm/tegra/dpaux.c | 6 +- drivers/hid/hid-logitech-dj.c | 5 +- drivers/hid/hid-multitouch.c | 13 +- drivers/hid/wacom.h | 1 + drivers/hid/wacom_sys.c | 25 +- drivers/hid/wacom_wac.c | 1 + drivers/hid/wacom_wac.h | 1 + drivers/hwtracing/coresight/coresight-tmc-etf.c | 2 +- drivers/hwtracing/coresight/coresight-tmc-etr.c | 5 +- drivers/hwtracing/coresight/coresight-tmc.h | 2 +- drivers/i2c/busses/i2c-aspeed.c | 7 +- .../infiniband/core/uverbs_std_types_counters.c | 2 + drivers/infiniband/sw/siw/siw_cm.c | 1 - drivers/infiniband/sw/siw/siw_verbs.c | 2 +- drivers/infiniband/ulp/isert/ib_isert.c | 2 + drivers/iommu/intel-pasid.c | 2 +- drivers/md/md-bitmap.c | 26 + drivers/md/raid1.c | 3 + drivers/media/dvb-frontends/ascot2e.c | 2 +- drivers/media/dvb-frontends/atbm8830.c | 2 +- drivers/media/dvb-frontends/au8522_dig.c | 2 +- drivers/media/dvb-frontends/bcm3510.c | 2 +- drivers/media/dvb-frontends/cx22700.c | 2 +- drivers/media/dvb-frontends/cx22702.c | 2 +- drivers/media/dvb-frontends/cx24110.c | 2 +- drivers/media/dvb-frontends/cx24113.c | 2 +- drivers/media/dvb-frontends/cx24116.c | 2 +- drivers/media/dvb-frontends/cx24120.c | 6 +- drivers/media/dvb-frontends/cx24123.c | 2 +- drivers/media/dvb-frontends/cxd2820r_core.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 4 +- drivers/media/dvb-frontends/cxd2880/cxd2880_top.c | 2 +- drivers/media/dvb-frontends/dib0070.c | 2 +- drivers/media/dvb-frontends/dib0090.c | 4 +- drivers/media/dvb-frontends/dib3000mb.c | 2 +- drivers/media/dvb-frontends/dib3000mc.c | 2 +- drivers/media/dvb-frontends/dib7000m.c | 2 +- drivers/media/dvb-frontends/dib7000p.c | 4 +- drivers/media/dvb-frontends/dib8000.c | 2 +- drivers/media/dvb-frontends/dib9000.c | 2 +- drivers/media/dvb-frontends/drx39xyj/drxj.c | 2 +- drivers/media/dvb-frontends/drxd_hard.c | 2 +- drivers/media/dvb-frontends/drxk_hard.c | 2 +- drivers/media/dvb-frontends/ds3000.c | 2 +- drivers/media/dvb-frontends/dvb-pll.c | 2 +- drivers/media/dvb-frontends/ec100.c | 2 +- drivers/media/dvb-frontends/helene.c | 4 +- drivers/media/dvb-frontends/horus3a.c | 2 +- drivers/media/dvb-frontends/isl6405.c | 2 +- drivers/media/dvb-frontends/isl6421.c | 2 +- drivers/media/dvb-frontends/isl6423.c | 2 +- drivers/media/dvb-frontends/itd1000.c | 2 +- drivers/media/dvb-frontends/ix2505v.c | 2 +- drivers/media/dvb-frontends/l64781.c | 2 +- drivers/media/dvb-frontends/lg2160.c | 2 +- drivers/media/dvb-frontends/lgdt3305.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 2 +- drivers/media/dvb-frontends/lgdt330x.c | 2 +- drivers/media/dvb-frontends/lgs8gxx.c | 2 +- drivers/media/dvb-frontends/lnbh25.c | 2 +- drivers/media/dvb-frontends/lnbp21.c | 4 +- drivers/media/dvb-frontends/lnbp22.c | 2 +- drivers/media/dvb-frontends/m88ds3103.c | 2 +- drivers/media/dvb-frontends/m88rs2000.c | 2 +- drivers/media/dvb-frontends/mb86a16.c | 2 +- drivers/media/dvb-frontends/mb86a20s.c | 2 +- drivers/media/dvb-frontends/mt312.c | 2 +- drivers/media/dvb-frontends/mt352.c | 2 +- drivers/media/dvb-frontends/nxt200x.c | 2 +- drivers/media/dvb-frontends/nxt6000.c | 2 +- drivers/media/dvb-frontends/or51132.c | 2 +- drivers/media/dvb-frontends/or51211.c | 2 +- drivers/media/dvb-frontends/s5h1409.c | 2 +- drivers/media/dvb-frontends/s5h1411.c | 2 +- drivers/media/dvb-frontends/s5h1420.c | 2 +- drivers/media/dvb-frontends/s5h1432.c | 2 +- drivers/media/dvb-frontends/s921.c | 2 +- drivers/media/dvb-frontends/si21xx.c | 2 +- drivers/media/dvb-frontends/sp887x.c | 2 +- drivers/media/dvb-frontends/stb0899_drv.c | 2 +- drivers/media/dvb-frontends/stb6000.c | 2 +- drivers/media/dvb-frontends/stb6100.c | 2 +- drivers/media/dvb-frontends/stv0288.c | 2 +- drivers/media/dvb-frontends/stv0297.c | 2 +- drivers/media/dvb-frontends/stv0299.c | 2 +- drivers/media/dvb-frontends/stv0367.c | 6 +- drivers/media/dvb-frontends/stv0900_core.c | 2 +- drivers/media/dvb-frontends/stv090x.c | 2 +- drivers/media/dvb-frontends/stv6110.c | 2 +- drivers/media/dvb-frontends/stv6110x.c | 2 +- drivers/media/dvb-frontends/tda10021.c | 2 +- drivers/media/dvb-frontends/tda10023.c | 2 +- drivers/media/dvb-frontends/tda10048.c | 2 +- drivers/media/dvb-frontends/tda1004x.c | 4 +- drivers/media/dvb-frontends/tda10086.c | 2 +- drivers/media/dvb-frontends/tda665x.c | 2 +- drivers/media/dvb-frontends/tda8083.c | 2 +- drivers/media/dvb-frontends/tda8261.c | 2 +- drivers/media/dvb-frontends/tda826x.c | 2 +- drivers/media/dvb-frontends/ts2020.c | 2 +- drivers/media/dvb-frontends/tua6100.c | 2 +- drivers/media/dvb-frontends/ves1820.c | 2 +- drivers/media/dvb-frontends/ves1x93.c | 2 +- drivers/media/dvb-frontends/zl10036.c | 2 +- drivers/media/dvb-frontends/zl10039.c | 2 +- drivers/media/dvb-frontends/zl10353.c | 2 +- drivers/media/i2c/ov2680.c | 246 ++----- drivers/media/i2c/ov5640.c | 127 ++-- drivers/media/pci/bt8xx/dst.c | 2 +- drivers/media/pci/bt8xx/dst_ca.c | 2 +- drivers/media/pci/cx23885/cx23885-video.c | 2 +- drivers/media/pci/intel/ipu3/ipu3-cio2.c | 2 +- .../media/platform/mtk-vcodec/vdec/vdec_vp9_if.c | 5 +- drivers/media/tuners/fc0011.c | 2 +- drivers/media/tuners/fc0012.c | 2 +- drivers/media/tuners/fc0013.c | 2 +- drivers/media/tuners/max2165.c | 2 +- drivers/media/tuners/mc44s803.c | 2 +- drivers/media/tuners/mt2060.c | 2 +- drivers/media/tuners/mt2131.c | 2 +- drivers/media/tuners/mt2266.c | 2 +- drivers/media/tuners/mxl5005s.c | 2 +- drivers/media/tuners/qt1010.c | 13 +- drivers/media/tuners/tda18218.c | 2 +- drivers/media/tuners/xc4000.c | 2 +- drivers/media/tuners/xc5000.c | 2 +- drivers/media/usb/dvb-usb-v2/af9035.c | 14 +- drivers/media/usb/dvb-usb-v2/anysee.c | 2 +- drivers/media/usb/dvb-usb-v2/az6007.c | 8 + drivers/media/usb/dvb-usb/af9005.c | 5 + drivers/media/usb/dvb-usb/dw2102.c | 24 + drivers/media/usb/dvb-usb/m920x.c | 5 +- drivers/media/usb/go7007/go7007-i2c.c | 2 - drivers/media/usb/siano/smsusb.c | 21 +- drivers/media/v4l2-core/v4l2-fwnode.c | 43 +- drivers/mmc/host/Kconfig | 5 +- drivers/mmc/host/sdhci-esdhc-imx.c | 7 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 112 ++- drivers/mtd/nand/raw/fsmc_nand.c | 7 +- drivers/net/arcnet/arcnet.c | 2 +- drivers/net/can/usb/gs_usb.c | 5 +- drivers/net/ethernet/atheros/alx/ethtool.c | 5 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +- drivers/net/ethernet/freescale/enetc/enetc_ptp.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +- drivers/net/ethernet/intel/igb/igb.h | 4 +- drivers/net/ethernet/intel/igb/igb_main.c | 16 +- drivers/net/ethernet/intel/igbvf/igbvf.h | 4 +- drivers/net/ethernet/intel/igc/igc.h | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 28 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 5 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlxsw/i2c.c | 5 +- drivers/net/macsec.c | 3 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 3 + drivers/net/veth.c | 4 +- drivers/net/vxlan.c | 58 +- drivers/net/wireless/ath/ath10k/pci.c | 9 +- drivers/net/wireless/ath/ath9k/ahb.c | 4 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +- drivers/net/wireless/ath/ath9k/pci.c | 4 +- drivers/net/wireless/ath/ath9k/wmi.c | 20 +- drivers/net/wireless/mac80211_hwsim.c | 7 +- drivers/net/wireless/marvell/mwifiex/debugfs.c | 9 +- drivers/net/wireless/marvell/mwifiex/pcie.c | 176 ++--- drivers/net/wireless/marvell/mwifiex/sta_rx.c | 12 +- drivers/net/wireless/marvell/mwifiex/tdls.c | 9 +- drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 30 +- drivers/net/wireless/marvell/mwifiex/util.c | 10 +- drivers/ntb/ntb_transport.c | 19 +- drivers/of/unittest.c | 12 +- drivers/opp/core.c | 2 +- drivers/parisc/led.c | 4 +- drivers/pci/hotplug/pciehp_hpc.c | 12 +- drivers/pci/pcie/aspm.c | 30 +- drivers/perf/arm_smmuv3_pmu.c | 46 +- drivers/perf/fsl_imx8_ddr_perf.c | 24 +- drivers/phy/rockchip/phy-rockchip-inno-hdmi.c | 18 +- drivers/pinctrl/pinctrl-amd.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 104 ++- drivers/platform/x86/huawei-wmi.c | 2 + drivers/platform/x86/intel-hid.c | 21 +- drivers/pwm/pwm-lpc32xx.c | 16 +- drivers/rpmsg/qcom_glink_native.c | 4 + drivers/rtc/rtc-ds1685.c | 2 +- drivers/s390/block/dasd.c | 125 ++-- drivers/s390/block/dasd_3990_erp.c | 2 +- drivers/s390/crypto/zcrypt_api.c | 1 + drivers/scsi/be2iscsi/be_iscsi.c | 4 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/hosts.c | 4 +- drivers/scsi/megaraid/megaraid_sas.h | 2 +- drivers/scsi/megaraid/megaraid_sas_base.c | 21 +- drivers/scsi/qedf/qedf_dbg.h | 2 + drivers/scsi/qedf/qedf_debugfs.c | 35 +- drivers/scsi/qedi/qedi_main.c | 5 +- drivers/scsi/qla2xxx/qla_attr.c | 2 - drivers/scsi/qla2xxx/qla_dbg.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/qla2xxx/qla_isr.c | 7 +- drivers/scsi/qla2xxx/qla_nvme.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 9 +- drivers/scsi/qla4xxx/ql4_os.c | 15 + drivers/scsi/scsi_transport_iscsi.c | 8 + drivers/scsi/storvsc_drv.c | 2 + drivers/soc/qcom/qmi_encdec.c | 4 +- drivers/spi/spi-tegra20-sflash.c | 6 +- drivers/staging/rtl8712/os_intfs.c | 1 + drivers/staging/rtl8712/usb_intf.c | 1 - drivers/target/iscsi/iscsi_target_configfs.c | 54 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 13 +- drivers/tty/serial/sc16is7xx.c | 18 +- drivers/tty/serial/serial-tegra.c | 6 +- drivers/tty/serial/sprd_serial.c | 68 +- drivers/usb/gadget/function/f_mass_storage.c | 2 +- drivers/usb/gadget/udc/fsl_qe_udc.c | 2 + drivers/usb/phy/phy-mxs-usb.c | 10 +- drivers/usb/serial/option.c | 7 + drivers/usb/typec/bus.c | 12 +- drivers/usb/typec/tcpm/tcpci.c | 4 + drivers/usb/typec/tcpm/tcpci.h | 1 + drivers/usb/typec/tcpm/tcpm.c | 122 ++-- drivers/video/backlight/bd6107.c | 2 +- drivers/video/backlight/gpio_backlight.c | 2 +- drivers/video/backlight/lv5207lp.c | 2 +- drivers/video/fbdev/ep93xx-fb.c | 1 - drivers/virtio/virtio_ring.c | 2 +- drivers/watchdog/intel-mid_wdt.c | 1 + fs/attr.c | 20 +- fs/autofs/waitq.c | 3 +- fs/btrfs/ctree.h | 2 - fs/btrfs/delayed-inode.c | 19 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/extent-tree.c | 5 + fs/btrfs/transaction.c | 7 +- fs/btrfs/volumes.c | 8 + fs/btrfs/volumes.h | 3 + fs/cifs/cifsfs.c | 7 +- fs/cifs/smb2ops.c | 1 + fs/debugfs/inode.c | 6 +- fs/dlm/plock.c | 6 +- fs/erofs/zdata.c | 2 + fs/eventfd.c | 7 +- fs/ext2/xattr.c | 4 +- fs/ext4/namei.c | 26 +- fs/fuse/readdir.c | 10 +- fs/jfs/jfs_dmap.c | 1 + fs/jfs/jfs_extent.c | 5 + fs/jfs/jfs_imap.c | 1 + fs/kernfs/mount.c | 2 +- fs/lockd/mon.c | 3 + fs/locks.c | 2 +- fs/namei.c | 22 +- fs/nfs/blocklayout/dev.c | 4 +- fs/nfs/nfs2xdr.c | 2 +- fs/nfs/nfs3xdr.c | 2 +- fs/nfs/pnfs_dev.c | 2 +- fs/nfsd/blocklayoutxdr.c | 9 + fs/nfsd/flexfilelayoutxdr.c | 9 + fs/nfsd/nfs3xdr.c | 4 +- fs/nfsd/nfs4proc.c | 4 +- fs/nfsd/nfs4xdr.c | 36 +- fs/nilfs2/alloc.c | 3 +- fs/nilfs2/inode.c | 7 +- fs/nilfs2/segment.c | 5 + fs/nls/nls_base.c | 4 +- fs/ocfs2/namei.c | 4 + fs/overlayfs/namei.c | 24 +- fs/proc/base.c | 3 +- fs/pstore/ram_core.c | 2 +- fs/quota/dquot.c | 184 +++-- fs/reiserfs/journal.c | 4 +- fs/tracefs/inode.c | 3 + fs/udf/balloc.c | 31 +- fs/udf/inode.c | 45 +- fs/verity/signature.c | 16 + include/linux/acpi_iort.h | 1 + include/linux/eventfd.h | 6 + include/linux/if_arp.h | 4 + include/linux/namei.h | 1 + include/linux/nls.h | 2 +- include/linux/perf_event.h | 22 +- include/linux/sched/task.h | 28 +- include/linux/trace_events.h | 3 +- include/linux/usb/typec_altmode.h | 2 +- include/net/ip_tunnels.h | 15 +- include/net/lwtunnel.h | 5 +- include/net/tcp.h | 1 - include/scsi/scsi_host.h | 2 +- include/uapi/linux/pci_regs.h | 2 + include/uapi/linux/sync_file.h | 2 +- kernel/auditsc.c | 2 + kernel/fork.c | 8 + kernel/module.c | 15 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 43 +- kernel/trace/trace_uprobe.c | 3 +- lib/idr.c | 2 +- lib/kobject.c | 5 + lib/mpi/mpi-cmp.c | 8 +- lib/test_meminit.c | 2 +- mm/shmem.c | 28 +- net/9p/trans_virtio.c | 2 +- net/core/devlink.c | 4 +- net/core/flow_dissector.c | 3 +- net/core/lwt_bpf.c | 7 +- net/core/skbuff.c | 34 +- net/core/sock.c | 9 +- net/dccp/ipv4.c | 13 +- net/dccp/ipv6.c | 15 +- net/ipv4/devinet.c | 10 +- net/ipv4/fib_semantics.c | 5 +- net/ipv4/fib_trie.c | 3 +- net/ipv4/igmp.c | 3 +- net/ipv4/ip_output.c | 2 +- net/ipv4/tcp_input.c | 3 +- net/ipv6/addrconf.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/kcm/kcmsock.c | 15 +- net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + net/netfilter/nfnetlink_osf.c | 8 + net/netfilter/xt_sctp.c | 2 + net/netfilter/xt_u32.c | 21 + net/netlabel/netlabel_kapi.c | 3 +- net/netrom/af_netrom.c | 5 + net/sched/Kconfig | 28 - net/sched/Makefile | 2 - net/sched/cls_rsvp.c | 24 - net/sched/cls_rsvp.h | 777 --------------------- net/sched/cls_rsvp6.c | 24 - net/sched/sch_hfsc.c | 4 + net/sched/sch_plug.c | 2 +- net/sched/sch_qfq.c | 22 +- net/sctp/proc.c | 2 +- net/sctp/sm_sideeffect.c | 5 +- net/sctp/socket.c | 10 +- net/socket.c | 6 +- net/tls/tls_sw.c | 4 +- net/unix/af_unix.c | 2 +- net/unix/scm.c | 6 +- scripts/kconfig/preprocess.c | 3 + security/integrity/ima/Kconfig | 12 - security/keys/keyctl.c | 11 +- security/smack/smackfs.c | 2 +- sound/Kconfig | 2 +- sound/core/pcm_compat.c | 8 +- sound/core/seq/oss/seq_oss_midi.c | 35 +- sound/pci/ac97/ac97_codec.c | 5 +- sound/soc/atmel/atmel-i2s.c | 5 +- sound/soc/codecs/da7219-aad.c | 12 +- sound/soc/codecs/es8316.c | 2 +- tools/build/Makefile.build | 10 + tools/build/Makefile.feature | 2 + tools/build/feature/Makefile | 4 + tools/build/feature/test-all.c | 5 + tools/build/feature/test-libbfd-buildid.c | 8 + tools/lib/bpf/libbpf.c | 1 + tools/perf/Makefile.config | 62 +- tools/perf/Makefile.perf | 1 + tools/perf/builtin-top.c | 1 + tools/perf/pmu-events/Build | 22 +- tools/perf/pmu-events/empty-pmu-events.c | 158 +++++ tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/annotate.c | 10 +- tools/perf/util/header.c | 11 +- tools/testing/selftests/ftrace/ftracetest | 8 + 469 files changed, 3117 insertions(+), 2928 deletions(-)

2 years, 1 month

10
384
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror