- Linux-stable-mirror - lists.linaro.org

[PATCH v2] ufs: core: bsg: Fix memory crash in case arpmb command failed

by Arthur Simchaev

In case the device doesn't support arpmb, the kernel get memory crash due to copy user data in bsg_transport_sg_io_fn level. So in case ufs_bsg_exec_advanced_rpmb_req returned error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0 Fixes: 6ff265fc5ef6 ("scsi: ufs: core: bsg: Add advanced RPMB support in ufs_bsg") Cc: stable(a)vger.kernel.org Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- Changes in v2: - Add Fixes tag - Elaborate commit log Signed-off-by: Arthur Simchaev <arthur.simchaev(a)sandisk.com> --- drivers/ufs/core/ufs_bsg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index 8d4ad0a3f2cf..a8ed9bc6e4f1 100644 --- a/drivers/ufs/core/ufs_bsg.c +++ b/drivers/ufs/core/ufs_bsg.c @@ -194,10 +194,12 @@ static int ufs_bsg_request(struct bsg_job *job) ufshcd_rpm_put_sync(hba); kfree(buff); bsg_reply->result = ret; - job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : sizeof(struct ufs_rpmb_reply); /* complete the job here only if no error */ - if (ret == 0) + if (ret == 0) { + job->reply_len = !rpmb ? sizeof(struct ufs_bsg_reply) : + sizeof(struct ufs_rpmb_reply); bsg_job_done(job, ret, bsg_reply->reply_payload_rcv_len); + } return ret; } -- 2.34.1

7 months

4
7
0 0

[PATCH 5.10/5.15] smb: client: fix UAF in async decryption

by Anastasia Belova

From: Enzo Matsumiya <ematsumiya(a)suse.de> commit b0abcd65ec545701b8793e12bc27dc98042b151a upstream. Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899 [ 194.197707] [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43 [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs] [ 194.200032] Call Trace: [ 194.200191] <TASK> [ 194.200327] dump_stack_lvl+0x4e/0x70 [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110 [ 194.200809] print_report+0x174/0x505 [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 194.201352] ? srso_return_thunk+0x5/0x5f [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0 [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202128] kasan_report+0xc8/0x150 [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202616] gf128mul_4k_lle+0xc1/0x110 [ 194.202863] ghash_update+0x184/0x210 [ 194.203103] shash_ahash_update+0x184/0x2a0 [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10 [ 194.203651] ? srso_return_thunk+0x5/0x5f [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340 [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140 [ 194.204434] crypt_message+0xec1/0x10a0 [cifs] [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 194.208507] ? srso_return_thunk+0x5/0x5f [ 194.209205] ? srso_return_thunk+0x5/0x5f [ 194.209925] ? srso_return_thunk+0x5/0x5f [ 194.210443] ? srso_return_thunk+0x5/0x5f [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs] [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] [ 194.214670] ? srso_return_thunk+0x5/0x5f [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs] This is because TFM is being used in parallel. Fix this by allocating a new AEAD TFM for async decryption, but keep the existing one for synchronous READ cases (similar to what is done in smb3_calc_signature()). Also remove the calls to aead_request_set_callback() and crypto_wait_req() since it's always going to be a synchronous operation. Signed-off-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> [ Anastasia: ] --- Backport fix for CVE-2024-50047 fs/cifs/smb2ops.c | 48 +++++++++++++++++++++++++++-------------------- fs/cifs/smb2pdu.c | 6 ++++++ 2 files changed, 34 insertions(+), 20 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 68f93de2b152..8cfce01cf699 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -4291,7 +4291,7 @@ smb2_get_enc_key(struct TCP_Server_Info *server, __u64 ses_id, int enc, u8 *key) */ static int crypt_message(struct TCP_Server_Info *server, int num_rqst, - struct smb_rqst *rqst, int enc) + struct smb_rqst *rqst, int enc, struct crypto_aead *tfm) { struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)rqst[0].rq_iov[0].iov_base; @@ -4302,8 +4302,6 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, u8 key[SMB3_ENC_DEC_KEY_SIZE]; struct aead_request *req; u8 *iv; - DECLARE_CRYPTO_WAIT(wait); - struct crypto_aead *tfm; unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); void *creq; @@ -4314,15 +4312,6 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, return rc; } - rc = smb3_crypto_aead_allocate(server); - if (rc) { - cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); - return rc; - } - - tfm = enc ? server->secmech.ccmaesencrypt : - server->secmech.ccmaesdecrypt; - if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE); @@ -4361,11 +4350,7 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, aead_request_set_crypt(req, sg, sg, crypt_len, iv); aead_request_set_ad(req, assoc_data_len); - aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &wait); - - rc = crypto_wait_req(enc ? crypto_aead_encrypt(req) - : crypto_aead_decrypt(req), &wait); + rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); if (!rc && enc) memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); @@ -4454,7 +4439,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst, /* fill the 1st iov with a transform header */ fill_transform_hdr(tr_hdr, orig_len, old_rq, server->cipher_type); - rc = crypt_message(server, num_rqst, new_rq, 1); + rc = crypt_message(server, num_rqst, new_rq, 1, server->secmech.ccmaesencrypt); cifs_dbg(FYI, "Encrypt message returned %d\n", rc); if (rc) goto err_free; @@ -4480,8 +4465,9 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, unsigned int npages, unsigned int page_data_size, bool is_offloaded) { - struct kvec iov[2]; + struct crypto_aead *tfm; struct smb_rqst rqst = {NULL}; + struct kvec iov[2]; int rc; iov[0].iov_base = buf; @@ -4496,9 +4482,31 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, rqst.rq_pagesz = PAGE_SIZE; rqst.rq_tailsz = (page_data_size % PAGE_SIZE) ? : PAGE_SIZE; - rc = crypt_message(server, 1, &rqst, 0); + if (is_offloaded) { + if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) + tfm = crypto_alloc_aead("gcm(aes)", 0, 0); + else + tfm = crypto_alloc_aead("ccm(aes)", 0, 0); + if (IS_ERR(tfm)) { + rc = PTR_ERR(tfm); + cifs_server_dbg(VFS, "%s: Failed alloc decrypt TFM, rc=%d\n", __func__, rc); + + return rc; + } + } else { + if (unlikely(!server->secmech.ccmaesdecrypt)) + return -EIO; + + tfm = server->secmech.ccmaesdecrypt; + } + + rc = crypt_message(server, 1, &rqst, 0, tfm); cifs_dbg(FYI, "Decrypt message returned %d\n", rc); + if (is_offloaded) + crypto_free_aead(tfm); + if (rc) return rc; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 03651cc6b7a5..245e2dd5a194 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -998,6 +998,12 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) else cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); } + + if (server->cipher_type && !rc) { + rc = smb3_crypto_aead_allocate(server); + if (rc) + cifs_server_dbg(VFS, "%s: crypto alloc failed, rc=%d\n", __func__, rc); + } neg_exit: free_rsp_buf(resp_buftype, rsp); return rc; -- 2.43.0

7 months

1
0
0 0

[PATCH] drm/radeon: Add error handlings for r420 CP errata initialization

by Wentao Liang

In r420_cp_errata_init(), the RESYNC information is stored even when the Scratch register is not correctly allocated. Change the return type of r420_cp_errata_init() from void to int to propagate errors to the caller. Add error checking after radeon_scratch_get() to ensure RESYNC information is stored to an allocated address. Log an error message and return the error code immediately when radeon_scratch_get() fails. Additionally, handle the return value of r420_cp_errata_init() in r420_startup() to log an appropriate error message and propagate the error if initialization fails. Fixes: 62cdc0c20663 ("drm/radeon/kms: Workaround RV410/R420 CP errata (V3)") Cc: stable(a)vger.kernel.org # 2.6.33+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/radeon/r420.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/radeon/r420.c b/drivers/gpu/drm/radeon/r420.c index 9a31cdec6415..67c55153cba8 100644 --- a/drivers/gpu/drm/radeon/r420.c +++ b/drivers/gpu/drm/radeon/r420.c @@ -204,7 +204,7 @@ static void r420_clock_resume(struct radeon_device *rdev) WREG32_PLL(R_00000D_SCLK_CNTL, sclk_cntl); } -static void r420_cp_errata_init(struct radeon_device *rdev) +static int r420_cp_errata_init(struct radeon_device *rdev) { int r; struct radeon_ring *ring = &rdev->ring[RADEON_RING_TYPE_GFX_INDEX]; @@ -215,7 +215,11 @@ static void r420_cp_errata_init(struct radeon_device *rdev) * The proper workaround is to queue a RESYNC at the beginning * of the CP init, apparently. */ - radeon_scratch_get(rdev, &rdev->config.r300.resync_scratch); + r = radeon_scratch_get(rdev, &rdev->config.r300.resync_scratch); + if (r) { + DRM_ERROR("failed to get scratch reg (%d).\n", r); + return r; + } r = radeon_ring_lock(rdev, ring, 8); WARN_ON(r); radeon_ring_write(ring, PACKET0(R300_CP_RESYNC_ADDR, 1)); @@ -290,8 +294,11 @@ static int r420_startup(struct radeon_device *rdev) dev_err(rdev->dev, "failed initializing CP (%d).\n", r); return r; } - r420_cp_errata_init(rdev); - + r = r420_cp_errata_init(rdev); + if (r) { + dev_err(rdev->dev, "failed initializing CP errata workaround (%d).\n", r); + return r; + } r = radeon_ib_pool_init(rdev); if (r) { dev_err(rdev->dev, "IB initialization failed (%d).\n", r); -- 2.42.0.windows.2

7 months

2
1
0 0

[PATCH 4/4] char: misc: deallocate static minor in error path

by Thadeu Lima de Souza Cascardo

When creating sysfs files fail, the allocated minor must be freed such that it can be later reused. That is specially harmful for static minor numbers, since those would always fail to register later on. Fixes: 6d04d2b554b1 ("misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors") Cc: stable(a)vger.kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> --- drivers/char/misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/misc.c b/drivers/char/misc.c index 7a768775e558..7843a1a34d64 100644 --- a/drivers/char/misc.c +++ b/drivers/char/misc.c @@ -266,8 +266,8 @@ int misc_register(struct miscdevice *misc) device_create_with_groups(&misc_class, misc->parent, dev, misc, misc->groups, "%s", misc->name); if (IS_ERR(misc->this_device)) { + misc_minor_free(misc->minor); if (is_dynamic) { - misc_minor_free(misc->minor); misc->minor = MISC_DYNAMIC_MINOR; } err = PTR_ERR(misc->this_device); -- 2.34.1

7 months

2
1
0 0

Re: [PATCH 6.13 000/258] 6.13.4-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

7 months

1
0
0 0

Re: [PATCH 6.13 000/274] 6.13.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

7 months

1
0
0 0

Recall: [PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register

by Kathpalia, Tanmay

Kathpalia, Tanmay would like to recall the message, "[PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register".

7 months

1
0
0 0

[PATCH] usb: core: Add error handling in usb_reset_device for autoresume failure

by Wentao Liang

In usb_reset_device(), the function continues execution and calls usb_autosuspend_device() after usb_autosuspend_device fails. To fix this, add error handling for usb_autoresume_device() and return the error code immediately. This ensures that usb_autosuspend_device() is not called when usb_autoresume_device() fails, maintaining device state consistency. Fixes: 94fcda1f8ab5 ("usbcore: remove unused argument in autosuspend") Cc: stable(a)vger.kernel.org # 2.6.20+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/core/hub.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 21ac9b464696..f2efdbdd1533 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -6292,7 +6292,9 @@ int usb_reset_device(struct usb_device *udev) noio_flag = memalloc_noio_save(); /* Prevent autosuspend during the reset */ - usb_autoresume_device(udev); + ret = usb_autoresume_device(udev); + if (ret < 0) + goto error_autoresume; if (config) { for (i = 0; i < config->desc.bNumInterfaces; ++i) { @@ -6341,6 +6343,7 @@ int usb_reset_device(struct usb_device *udev) } usb_autosuspend_device(udev); +error_autoresume: memalloc_noio_restore(noio_flag); udev->reset_in_progress = 0; return ret; -- 2.42.0.windows.2

7 months

3
2
0 0

[PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register

by Kathpalia, Tanmay

From: Tanmay Kathpalia <tanmay.kathpalia(a)altera.com> A Partial Region Controller can be connected to one or more Freeze Bridge. Each Freeze Bridge has an illegal_request bit represented in the freeze_illegal_request register. Thus, instead of just set to clear the illegal_request bit for first Freeze Bridge, we need to ensure the set to clear action is applied to which ever Freeze Bridge that has occurrence of illegal request. Fixes: ca24a648f535 ("fpga: add altera freeze bridge support") Cc: stable(a)vger.kernel.org Signed-off-by: Chiau Ee Chew <chiau.ee.chew(a)intel.com> Signed-off-by: Tanmay Kathpalia <tanmay.kathpalia(a)altera.com> --- drivers/fpga/altera-freeze-bridge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/fpga/altera-freeze-bridge.c b/drivers/fpga/altera-freeze-bridge.c index 594693ff786e..23e8b2b54355 100644 --- a/drivers/fpga/altera-freeze-bridge.c +++ b/drivers/fpga/altera-freeze-bridge.c @@ -52,7 +52,7 @@ static int altera_freeze_br_req_ack(struct altera_freeze_br_data *priv, if (illegal) { dev_err(dev, "illegal request detected 0x%x", illegal); - writel(1, csr_illegal_req_addr); + writel(illegal, csr_illegal_req_addr); illegal = readl(csr_illegal_req_addr); if (illegal) -- 2.35.3

7 months

1
0
0 0

[PATCH] scsi: mpi3mr: fix invalid 64-bit phy bitmask calculation

by Fedor Pchelkin

ffs() operates on arguments of type 'int', not generally considered to be 64-bit values. Shifts like (1 << i) can also only be helpful for calculations that are expected to have a range equal to the width of type 'int'. When the left operand is of type 'int', valid values of the shift argument should not exceed the width of this type (almost always 32 bits), otherwise it is considered as undefined behavior. Since there is a need for manipulating the phy mask bits higher than that, perform the calculations directly in 64 bits. Found by Linux Verification Center (linuxtesting.org). Fixes: cb5b60894602 ("scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/scsi/mpi3mr/mpi3mr_transport.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/mpi3mr_transport.c index 0ba9e6a6a13c..f0da8c0dc55d 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -7,6 +7,7 @@ * */ +#include <linux/bits.h> #include <linux/vmalloc.h> #include "mpi3mr.h" @@ -608,10 +609,12 @@ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, mr_sas_port->num_phys--; if (host_node) { - mr_sas_port->phy_mask &= ~(1 << mr_sas_phy->phy_id); + mr_sas_port->phy_mask &= ~BIT_ULL(mr_sas_phy->phy_id); - if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id && + mr_sas_port->phy_mask) + mr_sas_port->lowest_phy = + __ffs64(mr_sas_port->phy_mask) - 1; } sas_port_delete_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 0; @@ -639,10 +642,11 @@ static void mpi3mr_add_sas_phy(struct mpi3mr_ioc *mrioc, list_add_tail(&mr_sas_phy->port_siblings, &mr_sas_port->phy_list); mr_sas_port->num_phys++; if (host_node) { - mr_sas_port->phy_mask |= (1 << mr_sas_phy->phy_id); + mr_sas_port->phy_mask |= BIT_ULL(mr_sas_phy->phy_id); if (mr_sas_phy->phy_id < mr_sas_port->lowest_phy) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + mr_sas_port->lowest_phy = + __ffs64(mr_sas_port->phy_mask) - 1; } sas_port_add_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 1; @@ -1396,7 +1400,7 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, &mr_sas_port->phy_list); mr_sas_port->num_phys++; if (mr_sas_node->host_node) - mr_sas_port->phy_mask |= (1 << i); + mr_sas_port->phy_mask |= BIT_ULL(i); } if (!mr_sas_port->num_phys) { @@ -1406,7 +1410,7 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, } if (mr_sas_node->host_node) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + mr_sas_port->lowest_phy = __ffs64(mr_sas_port->phy_mask) - 1; if (mr_sas_port->remote_identify.device_type == SAS_END_DEVICE) { tgtdev = mpi3mr_get_tgtdev_by_addr(mrioc, @@ -1738,7 +1742,7 @@ mpi3mr_refresh_sas_ports(struct mpi3mr_ioc *mrioc) found = 0; for (j = 0; j < host_port_count; j++) { if (h_port[j].handle == attached_handle) { - h_port[j].phy_mask |= (1 << i); + h_port[j].phy_mask |= BIT_ULL(i); found = 1; break; } @@ -1765,7 +1769,7 @@ mpi3mr_refresh_sas_ports(struct mpi3mr_ioc *mrioc) port_idx = host_port_count; h_port[port_idx].sas_address = le64_to_cpu(sasinf->sas_address); h_port[port_idx].handle = attached_handle; - h_port[port_idx].phy_mask = (1 << i); + h_port[port_idx].phy_mask = BIT_ULL(i); h_port[port_idx].iounit_port_id = sas_io_unit_pg0->phy_data[i].io_unit_port; h_port[port_idx].lowest_phy = sasinf->phy_num; h_port[port_idx].used = 0; -- 2.48.1

7 months

1
0
0 0

[PATCH v5.10/v5.15/v6.1] x86/i8253: Disable PIT timer 0 when not in use

by Jay Wang

commit 70e6b7d9ae3c63df90a7bba7700e8d5c300c3c60 upstream Leaving the PIT interrupt running can cause noticeable steal time for virtual guests. The VMM generally has a timer which toggles the IRQ input to the PIC and I/O APIC, which takes CPU time away from the guest. Even on real hardware, running the counter may use power needlessly (albeit not much). Make sure it's turned off if it isn't going to be used. Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Michael Kelley <mhkelley(a)outlook.com> Link: https://lore.kernel.org/all/20240802135555.564941-1-dwmw2@infradead.org Signed-off-by: Jay Wang <wanjay(a)amazon.com> Cc: stable(a)vger.kernel.org #v5.10/v5.15/v6.1 --- arch/x86/kernel/i8253.c | 11 +++++++++-- drivers/clocksource/i8253.c | 13 +++++++++---- include/linux/i8253.h | 1 + 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/i8253.c b/arch/x86/kernel/i8253.c index 2b7999a1a50a..80e262bb627f 100644 --- a/arch/x86/kernel/i8253.c +++ b/arch/x86/kernel/i8253.c @@ -8,6 +8,7 @@ #include <linux/timex.h> #include <linux/i8253.h> +#include <asm/hypervisor.h> #include <asm/apic.h> #include <asm/hpet.h> #include <asm/time.h> @@ -39,9 +40,15 @@ static bool __init use_pit(void) bool __init pit_timer_init(void) { - if (!use_pit()) + if (!use_pit()) { + /* + * Don't just ignore the PIT. Ensure it's stopped, because + * VMMs otherwise steal CPU time just to pointlessly waggle + * the (masked) IRQ. + */ + clockevent_i8253_disable(); return false; - + } clockevent_i8253_init(true); global_clock_event = &i8253_clockevent; return true; diff --git a/drivers/clocksource/i8253.c b/drivers/clocksource/i8253.c index d4350bb10b83..cb215e6f2e83 100644 --- a/drivers/clocksource/i8253.c +++ b/drivers/clocksource/i8253.c @@ -108,11 +108,8 @@ int __init clocksource_i8253_init(void) #endif #ifdef CONFIG_CLKEVT_I8253 -static int pit_shutdown(struct clock_event_device *evt) +void clockevent_i8253_disable(void) { - if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) - return 0; - raw_spin_lock(&i8253_lock); outb_p(0x30, PIT_MODE); @@ -123,6 +120,14 @@ static int pit_shutdown(struct clock_event_device *evt) } raw_spin_unlock(&i8253_lock); +} + +static int pit_shutdown(struct clock_event_device *evt) +{ + if (!clockevent_state_oneshot(evt) && !clockevent_state_periodic(evt)) + return 0; + + clockevent_i8253_disable(); return 0; } diff --git a/include/linux/i8253.h b/include/linux/i8253.h index 8336b2f6f834..bf169cfef7f1 100644 --- a/include/linux/i8253.h +++ b/include/linux/i8253.h @@ -24,6 +24,7 @@ extern raw_spinlock_t i8253_lock; extern bool i8253_clear_counter_on_shutdown; extern struct clock_event_device i8253_clockevent; extern void clockevent_i8253_init(bool oneshot); +extern void clockevent_i8253_disable(void); extern void setup_pit_timer(void); -- 2.47.1

7 months

2
2
0 0

[PATCH] scsi: message: fusion: Fix out-of-bounds shift in phy bitmask calculation

by Fedor Pchelkin

In mptsas_setup_wide_ports() the calculation of phy bitmask is a subject to undefined behavior when phy index exceeds the width of type 'int', but is still less than 64. Utilize BIT_ULL macro to fix this. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. Fixes: 547f9a218436 ("[SCSI] mptsas: wide port support") Cc: stable(a)vger.kernel.org Co-developed-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- struct mptsas_portinfo_details::phy_bitmask is used only in various logging printks throughout the driver. Another option would be to drop this field completely if it is considered a more appropriate solution.. drivers/message/fusion/mptsas.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c index 7e79da9684ed..cd95655f1592 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -43,6 +43,7 @@ */ /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/ +#include <linux/bits.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/slab.h> @@ -880,7 +881,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) "%s: [%p]: deleting phy = %d\n", ioc->name, __func__, port_details, i)); port_details->num_phys--; - port_details->phy_bitmask &= ~ (1 << phy_info->phy_id); + port_details->phy_bitmask &= ~BIT_ULL(phy_info->phy_id); memset(&phy_info->attached, 0, sizeof(struct mptsas_devinfo)); if (phy_info->phy) { devtprintk(ioc, dev_printk(KERN_DEBUG, @@ -915,7 +916,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) port_details->port_info = port_info; if (phy_info->phy_id < 64 ) port_details->phy_bitmask |= - (1 << phy_info->phy_id); + BIT_ULL(phy_info->phy_id); phy_info->sas_port_add_phy=1; dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\t\tForming port\n\t\t" "phy_id=%d sas_address=0x%018llX\n", @@ -957,7 +958,7 @@ mptsas_setup_wide_ports(MPT_ADAPTER *ioc, struct mptsas_portinfo *port_info) phy_info_cmp->port_details = port_details; if (phy_info_cmp->phy_id < 64 ) port_details->phy_bitmask |= - (1 << phy_info_cmp->phy_id); + BIT_ULL(phy_info_cmp->phy_id); port_details->num_phys++; } } -- 2.48.1

7 months

1
0
0 0

[PATCH net v3] nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

by Haoxiang Li

Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v3: - modify a spell error. Thanks, Kalesh! Changes in v2: - remove the bracket for one single-statement. Thanks, Guru! --- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c index 2ec62c8d86e1..59486fe2ad18 100644 --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c @@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size) struct sk_buff *skb; skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL); + if (!skb) + return NULL; skb_put(skb, size); return skb; -- 2.25.1

7 months

3
2
0 0

Re: [PATCH 0/2] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

<qh6envvnuw45w2omvpufqtbq5k5343ymdzswxrxmczwoe64d6g@a4z5wjdbdw6w> Reply-To: In-Reply-To: <ah4qm66q5q7we7ykhl3uywgrexi7izdxrmfyn2zm3jhswitebt@cz2ipkdgr6yf> On Tue, Feb 18, 2025 at 05:01:31PM +0100, Stefano Garzarella wrote: >> >>No, nothing I can think of. >> >>Note however that the comment above vsock_close() ("Dummy callback >>required >>by sockmap. See unconditional call of saved_close() in >>sock_map_close().") >>becomes somewhat misleading :) >> > >Yeah, we can mention in the commit description of the backport that we >backport it just to reduce conflicts but sockmap features are not >backported. I'd touch as less as possibile in the patch, otherwise IMHO >is better to just fix the conflicts in the 2 patches. > >Thanks, >Stefano > Totally agree with you, will send the backport in a couple of days if nobody has any objections. Luigi

7 months

1
0
0 0

[PATCH 5.10] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 9afbb51bd678..5fd64bc35f31 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -722,8 +722,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_PAGES)) { - f2fs_warn(sbi, "Not support %d, larger than %d", - 1 << arg, BIO_MAX_PAGES); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_PAGES); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

7 months

1
0
0 0

[PATCH 5.15] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f8aaff9b1784..c0fa7d785f3c 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -891,8 +891,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_VECS)) { - f2fs_warn(sbi, "Not support %d, larger than %d", - 1 << arg, BIO_MAX_VECS); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_VECS); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

7 months

1
0
0 0

[PATCH 6.1] f2fs: fix shift-out-of-bounds in parse_options()

by Denis Arefev

No upstream commit exists for this commit. Using an arbitrary value that does not fall into the required range as an argument of the shift operator when outputting an error is wrong in itself. Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321 parse_options+0x4ad6/0x4ae0 fs/f2fs/super.c:919 f2fs_fill_super+0x321b/0x7c40 fs/f2fs/super.c:4214 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3051 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 There is a commit 87161a2b0aed ("f2fs: deprecate io_bits") that completely removes these strings, but it's not practical to backport it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: syzbot+410500002694f3ff65b1(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=410500002694f3ff65b1 Fixes: ec91538dccd4 ("f2fs: get io size bit from mount option") Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 72160b906f4b..7d7766761fe4 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -916,8 +916,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) if (args->from && match_int(args, &arg)) return -EINVAL; if (arg <= 0 || arg > __ilog2_u32(BIO_MAX_VECS)) { - f2fs_warn(sbi, "Not support %ld, larger than %d", - BIT(arg), BIO_MAX_VECS); + f2fs_warn(sbi, "Not support 2^%d, invalid argument %d", + arg, BIO_MAX_VECS); return -EINVAL; } F2FS_OPTION(sbi).write_io_size_bits = arg; -- 2.43.0

7 months

1
0
0 0

[PATCH v2] soc: loongson: loongson2_guts: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in loongson2_guts_probe() to catch potential exception. Fixes: b82621ac8450 ("soc: loongson: add GUTS driver for loongson-2 platforms") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - modify the check position. Thanks, Binbin! - modify the title description. --- drivers/soc/loongson/loongson2_guts.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/soc/loongson/loongson2_guts.c b/drivers/soc/loongson/loongson2_guts.c index ae42e3a9127f..16913c3ef65c 100644 --- a/drivers/soc/loongson/loongson2_guts.c +++ b/drivers/soc/loongson/loongson2_guts.c @@ -114,8 +114,11 @@ static int loongson2_guts_probe(struct platform_device *pdev) if (of_property_read_string(root, "model", &machine)) of_property_read_string_index(root, "compatible", 0, &machine); of_node_put(root); - if (machine) + if (machine) { soc_dev_attr.machine = devm_kstrdup(dev, machine, GFP_KERNEL); + if (!soc_dev_attr.machine) + return -ENOMEM; + } svr = loongson2_guts_get_svr(); soc_die = loongson2_soc_die_match(svr, loongson2_soc_die); -- 2.25.1

7 months

1
0
0 0

[PATCH v3 3/5] misc: pci_endpoint_test: Fix irq_type to convey the correct type

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, "irq_type" as global and test->irq_type. The global is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). The type set in this function isn't reflected in the global "irq_type", so ioctl(PCITEST_GET_IRQTYPE) returns the previous type. As a result, the wrong type will be displayed in "pcitest" as follows: # pcitest -i 0 SET IRQ TYPE TO LEGACY: OKAY # pcitest -I GET IRQ TYPE: MSI Fix this issue by propagating the current type to the global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index f13fa32ef91a..6a0972e7674f 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -829,6 +829,7 @@ static int pci_endpoint_test_set_irq(struct pci_endpoint_test *test, return ret; } + irq_type = test->irq_type; return 0; } -- 2.25.1

7 months

3
6
0 0

[PATCH v2 2/5] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 03b35a05808c..189eb0a12f4b 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5717,6 +5717,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

7 months

2
1
0 0

[PATCH] drivers: loongson: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in loongson2_guts_probe() to catch potential exception. Fixes: b82621ac8450 ("soc: loongson: add GUTS driver for loongson-2 platforms") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/soc/loongson/loongson2_guts.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/soc/loongson/loongson2_guts.c b/drivers/soc/loongson/loongson2_guts.c index ae42e3a9127f..26212cfcf6b0 100644 --- a/drivers/soc/loongson/loongson2_guts.c +++ b/drivers/soc/loongson/loongson2_guts.c @@ -117,6 +117,8 @@ static int loongson2_guts_probe(struct platform_device *pdev) if (machine) soc_dev_attr.machine = devm_kstrdup(dev, machine, GFP_KERNEL); + if (!soc_dev_attr.machine) + return -ENOMEM; svr = loongson2_guts_get_svr(); soc_die = loongson2_soc_die_match(svr, loongson2_soc_die); if (soc_die) { -- 2.25.1

7 months

2
1
0 0

[PATCH] smb: client: Add check for next_buffer in receive_encrypted_standard()

by Haoxiang Li

Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference. Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- fs/smb/client/smb2ops.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index ec36bed54b0b..2ca8fe196051 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,6 +4964,10 @@ receive_encrypted_standard(struct TCP_Server_Info *server, next_buffer = (char *)cifs_buf_get(); else next_buffer = (char *)cifs_small_buf_get(); + if (!next_buffer) { + cifs_server_dbg(VFS, "No memory for (large) SMB response\n"); + return -1; + } memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd); } -- 2.25.1

7 months

2
1
0 0

[PATCH v2 4/5] fprobe: Fix accounting of when to unregister from function graph

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When adding a new fprobe, it will update the function hash to the functions the fprobe is attached to and register with function graph to have it call the registered functions. The fprobe_graph_active variable keeps track of the number of fprobes that are using function graph. If two fprobes attach to the same function, it increments the fprobe_graph_active for each of them. But when they are removed, the first fprobe to be removed will see that the function it is attached to is also used by another fprobe and it will not remove that function from function_graph. The logic will skip decrementing the fprobe_graph_active variable. This causes the fprobe_graph_active variable to not go to zero when all fprobes are removed, and in doing so it does not unregister from function graph. As the fgraph ops hash will now be empty, and an empty filter hash means all functions are enabled, this triggers function graph to add a callback to the fprobe infrastructure for every function! # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # echo "f:myevent2 kernel_clone%return" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0024000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 try_to_run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 cleanup_rapl_pmus (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_free_pcibus_map (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_types_exit (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 kvm_shutdown (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 vmx_dump_msrs (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 [..] # cat /sys/kernel/tracing/enabled_functions | wc -l 54702 If a fprobe is being removed and all its functions are also traced by other fprobes, still decrement the fprobe_graph_active counter. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Closes: https://lore.kernel.org/all/20250217114918.10397-A-hca@linux.ibm.com/ Reported-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- Changes since v1: https://lore.kernel.org/20250218193126.619197190@goodmis.org - Move the check into fprobe_graph_remove_ips() to keep it matching with fprobe_graph_add_ips() (Masami Hiramatsu) kernel/trace/fprobe.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 62e8f7d56602..33082c4e8154 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -407,7 +407,8 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); + if (num) + ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } static int symbols_cmp(const void *a, const void *b) @@ -677,8 +678,7 @@ int unregister_fprobe(struct fprobe *fp) } del_fprobe_hash(fp); - if (count) - fprobe_graph_remove_ips(addrs, count); + fprobe_graph_remove_ips(addrs, count); kfree_rcu(hlist_array, rcu); fp->hlist_array = NULL; -- 2.47.2

7 months

2
1
0 0

[PATCH v2 3/5] fprobe: Always unregister fgraph function from ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When the last fprobe is removed, it calls unregister_ftrace_graph() to remove the graph_ops from function graph. The issue is when it does so, it calls return before removing the function from its graph ops via ftrace_set_filter_ips(). This leaves the last function lingering in the fprobe's fgraph ops and if a probe is added it also enables that last function (even though the callback will just drop it, it does add unneeded overhead to make that call). # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions # echo "f:myevent3 kmem_cache_free" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kmem_cache_free (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 The above enabled a fprobe on kernel_clone, and then on schedule_timeout. The content of the enabled_functions shows the functions that have a callback attached to them. The fprobe attached to those functions properly. Then the fprobes were cleared, and enabled_functions was empty after that. But after adding a fprobe on kmem_cache_free, the enabled_functions shows that the schedule_timeout was attached again. This is because it was still left in the fprobe ops that is used to tell function graph what functions it wants callbacks from. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 2560b312ad57..62e8f7d56602 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -403,11 +403,9 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) lockdep_assert_held(&fprobe_mutex); fprobe_graph_active--; - if (!fprobe_graph_active) { - /* Q: should we unregister it ? */ + /* Q: should we unregister it ? */ + if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - return; - } ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } -- 2.47.2

7 months

2
1
0 0

[PATCH v3] arm: pgtable: fix NULL pointer dereference issue

by Qi Zheng

When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Reported-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Cc: stable(a)vger.kernel.org Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- Changes in v3: - move pmd_start_addr and pmd_end_addr to the top and initialize directly (David Hildenbrand) - collect an Acked-by Changes in v2: - change Ezra's email address (Ezra Buehler) - some cleanups (David Hildenbrand) arch/arm/mm/fault-armv.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c index 2bec87c3327d2..39fd5df733178 100644 --- a/arch/arm/mm/fault-armv.c +++ b/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_struct *vma, unsigned long address, } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,9 +122,10 @@ static int adjust_pte(struct vm_area_struct *vma, unsigned long address, static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { + const unsigned long pmd_start_addr = ALIGN_DOWN(addr, PMD_SIZE); + const unsigned long pmd_end_addr = pmd_start_addr + PMD_SIZE; struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; @@ -141,6 +141,14 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, */ flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { + /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + unsigned long mpnt_addr; + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA @@ -151,7 +159,12 @@ make_coherent(struct address_space *mapping, struct vm_area_struct *vma, if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + + /* Avoid deadlocks by not grabbing the same PTE lock again. */ + if (mpnt_addr >= pmd_start_addr && mpnt_addr < pmd_end_addr) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +207,7 @@ void update_mmu_cache_range(struct vm_fault *vmf, struct vm_area_struct *vma, __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } -- 2.20.1

7 months

2
2
0 0

+ mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: wait for hugetlb folios to be freed has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ge Yang <yangge1116(a)126.com> Subject: mm/hugetlb: wait for hugetlb folios to be freed Date: Wed, 19 Feb 2025 11:46:44 +0800 Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 8 ++++++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 23 insertions(+) --- a/include/linux/hugetlb.h~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_ return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) --- a/mm/hugetlb.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigne return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv --- a/mm/page_isolation.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/page_isolation.c @@ -608,6 +608,16 @@ int test_pages_isolated(unsigned long st int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch

7 months

1
0
0 0

[PATCH v2] jfs: fix slab-out-of-bounds read in ea_get()

by Qasim Ijaz

During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper limit is treated as an int, causing an overflow above 2^31 - 1. This leads "size" to wrap around and become negative (-184549328). The "size" is then passed to print_hex_dump() (called "len" in print_hex_dump()), it is passed as type size_t (an unsigned type), this is then stored inside a variable called "int remaining", which is then assigned to "int linelen" which is then passed to hex_dump_to_buffer(). In print_hex_dump() the for loop, iterates through 0 to len-1, where len is 18446744073525002176, calling hex_dump_to_buffer() on each iteration: for (i = 0; i < len; i += rowsize) { linelen = min(remaining, rowsize); remaining -= rowsize; hex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize, linebuf, sizeof(linebuf), ascii); ... } The expected stopping condition (i < len) is effectively broken since len is corrupted and very large. This eventually leads to the "ptr+i" being passed to hex_dump_to_buffer() to get closer to the end of the actual bounds of "ptr", eventually an out of bounds access is done in hex_dump_to_buffer() in the following for loop: for (j = 0; j < len; j++) { if (linebuflen < lx + 2) goto overflow2; ch = ptr[j]; ... } To fix this we should validate "EALIST_SIZE(ea_buf->xattr)" before it is utilised. Reported-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> Tested-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=4e6e7e4279d046613bc5 Fixes: d9f9d96136cb ("jfs: xattr: check invalid xattr size more strictly") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- v2: - Added Cc stable tag fs/jfs/xattr.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 24afbae87225..7575c51cce9b 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -559,11 +555,16 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) size_check: if (EALIST_SIZE(ea_buf->xattr) != ea_size) { - int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); - - printk(KERN_ERR "ea_get: invalid extended attribute\n"); - print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, - ea_buf->xattr, size, 1); + if (unlikely(EALIST_SIZE(ea_buf->xattr) > INT_MAX)) { + printk(KERN_ERR "ea_get: extended attribute size too large: %u > INT_MAX\n", + EALIST_SIZE(ea_buf->xattr)); + } else { + int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); + + printk(KERN_ERR "ea_get: invalid extended attribute\n"); + print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, + ea_buf->xattr, size, 1); + } ea_release(inode, ea_buf); rc = -EIO; goto clean_up; -- 2.39.5

7 months

2
1
0 0

FAILED: patch "[PATCH] s390/dasd: Use correct lock while counting channel queue" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ccc45cb4e7271c74dbb27776ae8f73d84557f5c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061111-tracing-shakiness-9054@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ccc45cb4e7271c74dbb27776ae8f73d84557f5c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=B6ppner?= <hoeppner(a)linux.ibm.com> Date: Fri, 9 Jun 2023 17:37:50 +0200 Subject: [PATCH] s390/dasd: Use correct lock while counting channel queue length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The lock around counting the channel queue length in the BIODASDINFO ioctl was incorrectly changed to the dasd_block->queue_lock with commit 583d6535cb9d ("dasd: remove dead code"). This can lead to endless list iterations and a subsequent crash. The queue_lock is supposed to be used only for queue lists belonging to dasd_block. For dasd_device related queue lists the ccwdev lock must be used. Fix the mentioned issues by correctly using the ccwdev lock instead of the queue lock. Fixes: 583d6535cb9d ("dasd: remove dead code") Cc: stable(a)vger.kernel.org # v5.0+ Signed-off-by: Jan Höppner <hoeppner(a)linux.ibm.com> Reviewed-by: Stefan Haberland <sth(a)linux.ibm.com> Signed-off-by: Stefan Haberland <sth(a)linux.ibm.com> Link: https://lore.kernel.org/r/20230609153750.1258763-2-sth@linux.ibm.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/s390/block/dasd_ioctl.c b/drivers/s390/block/dasd_ioctl.c index 9327dcdd6e5e..8fca725b3dae 100644 --- a/drivers/s390/block/dasd_ioctl.c +++ b/drivers/s390/block/dasd_ioctl.c @@ -552,10 +552,10 @@ static int __dasd_ioctl_information(struct dasd_block *block, memcpy(dasd_info->type, base->discipline->name, 4); - spin_lock_irqsave(&block->queue_lock, flags); + spin_lock_irqsave(get_ccwdev_lock(base->cdev), flags); list_for_each(l, &base->ccw_queue) dasd_info->chanq_len++; - spin_unlock_irqrestore(&block->queue_lock, flags); + spin_unlock_irqrestore(get_ccwdev_lock(base->cdev), flags); return 0; }

7 months

4
5
0 0

Linux 5.4.x DLM Regression

by Marc Smith

Hi, I noticed there appears to be a regression in DLM (fs/dlm/) when moving from Linux 5.4.229 to 5.4.288; I get a kernel panic when using dlm_ls_lockx() (DLM user) with a timeout >0, and the panic occurs when the timeout is reached (eg, attempting to take a lock on a resource that is already locked); the host where the timeout occurs is the one that panics: ... [ 187.976007] DLM: Assertion failed on line 1239 of file fs/dlm/lock.c DLM: assertion: "!lkb->lkb_status" DLM: time = 4294853632 [ 187.976009] lkb: nodeid 2 id 1 remid 2 exflags 40000 flags 800001 sts 1 rq 5 gr -1 wait_type 4 wait_nodeid 2 seq 0 [ 187.976009] [ 187.976010] Kernel panic - not syncing: DLM: Record message above and reboot. [ 187.976099] CPU: 9 PID: 7409 Comm: dlm_scand Kdump: loaded Tainted: P OE 5.4.288-esos.prod #1 [ 187.976195] Hardware name: Quantum H2012/H12SSW-NT, BIOS T20201009143356 10/09/2020 [ 187.976282] Call Trace: [ 187.976356] dump_stack+0x50/0x63 [ 187.976429] panic+0x10c/0x2e3 [ 187.976501] kill_lkb+0x51/0x52 [ 187.976570] kref_put+0x16/0x2f [ 187.976638] __put_lkb+0x2f/0x95 [ 187.976707] dlm_scan_timeout+0x18b/0x19c [ 187.976779] ? dlm_uevent+0x19/0x19 [ 187.976848] dlm_scand+0x94/0xd1 [ 187.976920] kthread+0xe4/0xe9 [ 187.976988] ? kthread_flush_worker+0x70/0x70 [ 187.977062] ret_from_fork+0x35/0x40 ... I examined the commits for fs/dlm/ between 5.4.229 and 5.4.288 and this is the offender: dlm: replace usage of found with dedicated list iterator variable [ Upstream commit dc1acd5c94699389a9ed023e94dd860c846ea1f6 ] Specifically, the change highlighted below in this hunk for dlm_scan_timeout() in fs/dlm/lock.c: @@ -1867,27 +1867,28 @@ void dlm_scan_timeout(struct dlm_ls *ls) do_cancel = 0; do_warn = 0; mutex_lock(&ls->ls_timeout_mutex); - list_for_each_entry(lkb, &ls->ls_timeout, lkb_time_list) { + list_for_each_entry(iter, &ls->ls_timeout, lkb_time_list) { wait_us = ktime_to_us(ktime_sub(ktime_get(), - lkb->lkb_timestamp)); + iter->lkb_timestamp)); - if ((lkb->lkb_exflags & DLM_LKF_TIMEOUT) && - wait_us >= (lkb->lkb_timeout_cs * 10000)) + if ((iter->lkb_exflags & DLM_LKF_TIMEOUT) && + wait_us >= (iter->lkb_timeout_cs * 10000)) do_cancel = 1; - if ((lkb->lkb_flags & DLM_IFL_WATCH_TIMEWARN) && + if ((iter->lkb_flags & DLM_IFL_WATCH_TIMEWARN) && wait_us >= dlm_config.ci_timewarn_cs * 10000) do_warn = 1; if (!do_cancel && !do_warn) continue; - hold_lkb(lkb); + hold_lkb(iter); + lkb = iter; break; } mutex_unlock(&ls->ls_timeout_mutex); - if (!do_cancel && !do_warn) + if (!lkb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ break; r = lkb->lkb_resource; Reverting this single line change resolves the kernel panic: $ diff -Naur fs/dlm/lock.c{.orig,} --- fs/dlm/lock.c.orig 2024-12-19 12:05:05.000000000 -0500 +++ fs/dlm/lock.c 2025-02-16 21:21:42.544181390 -0500 @@ -1888,7 +1888,7 @@ } mutex_unlock(&ls->ls_timeout_mutex); - if (!lkb) + if (!do_cancel && !do_warn) break; r = lkb->lkb_resource; It appears this same "dlm: replace usage of found with dedicated list iterator variable" commit was pulled into other stable branches as well, and I don't see any fix in the latest 5.4.x patch release (5.4.290). --Marc

7 months

3
3
0 0

[PATCH 6.6 000/389] 6.6.76-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.76 release. There are 389 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Feb 2025 15:51:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.76-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.76-rc2 Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix handling of glibc without rseq support Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Parth Pancholi <parth.pancholi(a)toradex.com> kbuild: switch from lz4c to lz4 for compression Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: WERROR unmet symbol dependency Masahiro Yamada <masahiroy(a)kernel.org> kconfig: deduplicate code in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: require a space after '#' for valid input Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Pali Rohár <pali(a)kernel.org> cifs: Fix getting and setting SACLs over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Validate EAs for WSL reparse points Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Mark riscv_v_init() as __init Hongbo Li <lihongbo22(a)huawei.com> hostfs: fix the host directory parse when mounting. Nathan Chancellor <nathan(a)kernel.org> hostfs: Add const qualifier to host_root in hostfs_fill_super() Al Viro <viro(a)zeniv.linux.org.uk> hostfs: fix string handling in __dentry_name() Hongbo Li <lihongbo22(a)huawei.com> hostfs: convert hostfs to use the new mount API Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Toke Høiland-Jørgensen <toke(a)redhat.com> net: xdp: Disallow attaching device-bound programs in generic mode Jon Maloy <jmaloy(a)redhat.com> tcp: correct handling of extreme memory squeeze Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit FIFO size by hardware capability Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit the number of MTL queues to hardware capability Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Ming Wang <wangming01(a)loongson.cn> rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Oleksij Rempel <o.rempel(a)pengutronix.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Alexandre Cassen <acassen(a)corp.free.fr> xfrm: delete intermediate secpath entry in packet offload mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix warnings during S3 suspend Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: convert nilfs_lookup_dirty_data_buffers to use folio_create_empty_buffers Matthew Wilcox (Oracle) <willy(a)infradead.org> buffer: make folio_create_empty_buffers() return a buffer_head Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Manivannan Sadhasivam <mani(a)kernel.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Simplify clock handling by using clk_bulk*() function King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Desnes Nunes <desnesn(a)redhat.com> media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> media: nxp: imx8-isi: fix v4l2-compliance test errors Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void david regan <dregan(a)broadcom.com> mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Mark Brown <broonie(a)kernel.org> spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Pei Xiao <xiaopei01(a)kylinos.cn> i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Billy Tsai <billy_tsai(a)aspeedtech.com> i3c: dw: Add hot-join support. Akhil R <akhilrajeev(a)nvidia.com> arm64: tegra: Fix DMA ID for SPI2 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Val Packett <val(a)packett.cool> arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180: fix psci power domain node names Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sc7180: change labels to lower-case David Wronek <davidwronek(a)gmail.com> arm64: dts: qcom: Add SM7125 device tree Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7180-*: Remove thermal zone polling delays Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: Convert mezzanine riser to dtso Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: omap1: Fix up the Retu IRQ on Nokia 770 Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Vasily Khoruzhick <anarsoul(a)gmail.com> arm64: dts: allwinner: a64: explicitly assign clock parent for TCON0 Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Mihai Sain <mihai.sain(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Remove mmc-ddr-3_3v property from sdmmc0 node Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6375: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm4450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdx75: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs404: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8939: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Taniya Das <quic_tdas(a)quicinc.com> arm64: dts: qcom: sa8775p: Update sleep_clk frequency Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> arm64: dts: qcom: move common parts for sa8775p-ride variants into a .dtsi Shazad Hussain <quic_shazhuss(a)quicinc.com> arm64: dts: qcom: sa8775p-ride: enable pmm8654au_0_pon_resin Andrew Halaney <ahalaney(a)redhat.com> arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy1 irq Andrew Halaney <ahalaney(a)redhat.com> arm64: dts: qcom: sa8775p-ride: Describe sgmii_phy0 irq Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen zhenwei pi <pizhenwei(a)bytedance.com> RDMA/rxe: Fix mismatched max_msg_sz Li Zhijian <lizhijian(a)fujitsu.com> RDMA/rxe: Improve newline in printing messages Mamta Shukla <mamta.shukla(a)leica-geosystems.com> arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Pali Rohár <pali(a)kernel.org> cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Chun-Tse Shao <ctshao(a)google.com> perf lock: Fix parse_lock_type which only retrieve one lock flag Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> pinctrl: amd: Take suspend type into consideration which pins are non-wake Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Do not readq() u32 registers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Abstract IPC handling Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Prefix SKL/APL-specific members Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Introduce nsinfo__set_in_pidns() Christophe Leroy <christophe.leroy(a)csgroup.eu> perf machine: Don't ignore _etext when not a text symbol Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Make dependency on UMP clearer Masahiro Yamada <masahiroy(a)kernel.org> ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/sec2 - optimize the error return process Martin KaFai Lau <martin.lau(a)kernel.org> bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Levi Yun <yeoreum.yun(a)arm.com> perf expr: Initialize is_test value in expr__ctx_new() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - use JobR's space to access page 0 regs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix boot-up self-test race Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix fill_link_info selftest on powerpc George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix set size with rbtree backend Florian Westphal <fw(a)strlen.de> netfilter: nft_set_rbtree: prefer sync gc to async worker Florian Westphal <fw(a)strlen.de> netfilter: nft_set_rbtree: rename gc deactivate+erase function Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: de-constify set commit ops function argument Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: remove firmware stats fetch in ndo_get_stats64 Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Eric Dumazet <edumazet(a)google.com> inet: ipmr: fix data-races Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Handle specific BSSID in 6GHz scanning Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix ldpc setting Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix incorrect indexing of MIB FW event Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE Phy capability Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: add max mpdu len capability Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix register mapping Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: fix omac index assignment after hardware reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: improve hardware restart reliability Felix Fietkau <nbd(a)nbd.name> wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: firmware restart on devices with a second pcie link Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix rx filter setting for bfee functionality xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7915: fix overflows seen when writing limit attributes Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't flush non-uploaded STAs Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Andy Strohman <andrew(a)andrewstrohman.com> wifi: mac80211: fix tid removal during mesh forwarding Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: syscon: Use scoped variables with memory allocators to simplify error paths Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Add of_syscon_register_regmap() API Peter Griffin <peter.griffin(a)linaro.org> mfd: syscon: Remove extern from function prototypes Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak Terry Tritton <terry.tritton(a)linaro.org> HID: fix generic desktop D-Pad controls Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: fix tx power, max reg power update to firmware Quan Nguyen <quan(a)os.amperecomputing.com> ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: drop redundant CLK_PLL_VIDEO0_2X and CLK_PLL_MIPI Vasily Khoruzhick <anarsoul(a)gmail.com> dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Manivannan Sadhasivam <mani(a)kernel.org> cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks Manivannan Sadhasivam <mani(a)kernel.org> cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available Luca Ceresoli <luca.ceresoli(a)bootlin.com> gpio: pca953x: log an error when failing to get the reset GPIO Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Fully convert to device managed resources Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Drop unused fields in struct pca953x_platform_data Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: add missing header include for brcmf_dbg Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jkosina(a)suse.com> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> clk: fix an OF node reference leak in of_clk_get_parent_name() Luca Ceresoli <luca.ceresoli(a)bootlin.com> of: remove internal arguments from of_property_for_each_u32() Alvin Šipraga <alsi(a)bang-olufsen.dk> clk: si5351: allow PLLs to be adjusted without reset Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: use device_property APIs when configuring irda mode Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description David Howells <dhowells(a)redhat.com> rxrpc: Fix handling of received connection abort Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/msm: Check return value of of_dma_configure() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Bokun Zhang <bokun.zhang(a)amd.com> drm/amdgpu/vcn: reset fw_shared under SRIOV Min-Hua Chen <minhuadotchen(a)gmail.com> drm/rockchip: vop2: include rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: move output interface related definition to rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set YUV/RGB overlay mode Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it K Prateek Nayak <kprateek.nayak(a)amd.com> x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Perry Yuan <perry.yuan(a)amd.com> x86/cpu: Enable SD_ASYM_PACKING for PKG domain on AMD Peter Zijlstra <peterz(a)infradead.org> sched/topology: Rename 'DIE' domain to 'PKG' Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Yabin Cui <yabinc(a)google.com> perf/core: Save raw sample data conditionally based on sample type David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Jens Axboe <axboe(a)kernel.dk> nvme: fix bogus kzalloc() return check in nvme_init_effects_log() Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error path for xa_store in nvme_init_effects Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix cleanup of immediately failed async calls David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Alexander Aring <aahringo(a)redhat.com> dlm: fix srcu_read_lock() return type to int Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active ------------- Diffstat: .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Makefile | 6 +- .../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 +- .../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +- arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +- .../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 2 +- arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +- arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 - arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 - .../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 - arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 + arch/arm/mach-at91/pm.c | 31 +- arch/arm/mach-omap1/board-nokia770.c | 2 +- .../boot/dts/allwinner/sun50i-a64-pinebook.dts | 2 + .../boot/dts/allwinner/sun50i-a64-teres-i.dts | 2 + arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 + arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 + .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 - arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- arch/arm64/boot/dts/qcom/Makefile | 3 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/pm6150.dtsi | 2 +- arch/arm64/boot/dts/qcom/pm6150l.dtsi | 3 - arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +- arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +- arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/sa8775p-ride.dts | 829 +-------------------- arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 814 ++++++++++++++++++++ arch/arm64/boot/dts/qcom/sc7180-firmware-tfa.dtsi | 84 +-- .../arm64/boot/dts/qcom/sc7180-trogdor-coachz.dtsi | 9 +- .../boot/dts/qcom/sc7180-trogdor-homestar.dtsi | 9 +- .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 7 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 + .../boot/dts/qcom/sc7180-trogdor-wormdingler.dtsi | 9 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 - arch/arm64/boot/dts/qcom/sc7180.dtsi | 387 +++++----- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 6 +- ...dts => sdm845-db845c-navigation-mezzanine.dtso} | 46 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm7125.dtsi | 16 + arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/loongarch/include/asm/hw_breakpoint.h | 4 +- arch/loongarch/include/asm/loongarch.h | 60 ++ arch/loongarch/kernel/hw_breakpoint.c | 16 +- arch/loongarch/power/platform.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 + arch/powerpc/kernel/smp.c | 4 +- arch/powerpc/sysdev/xive/native.c | 4 +- arch/powerpc/sysdev/xive/spapr.c | 3 +- arch/riscv/kernel/vector.c | 2 +- arch/s390/Makefile | 2 +- arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/topology.c | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/x86/events/amd/ibs.c | 2 +- arch/x86/kernel/smpboot.c | 12 +- block/genhd.c | 22 +- block/partitions/ldm.h | 2 +- crypto/algapi.c | 4 +- drivers/acpi/acpica/achware.h | 2 - drivers/acpi/fan_core.c | 10 +- drivers/base/class.c | 9 +- drivers/block/nbd.c | 1 + drivers/bluetooth/btnxpuart.c | 3 +- drivers/bus/ti-sysc.c | 4 +- drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/char/ipmi/ssif_bmc.c | 5 +- drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/clk-conf.c | 4 +- drivers/clk/clk-si5351.c | 76 +- drivers/clk/clk.c | 14 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/qcom/common.c | 4 +- drivers/clk/qcom/gcc-sdm845.c | 32 +- drivers/clk/ralink/clk-mtmips.c | 1 - drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.h | 2 - drivers/clk/sunxi/clk-simple-gates.c | 4 +- drivers/clk/sunxi/clk-sun8i-bus-gates.c | 4 +- drivers/clocksource/samsung_pwm_timer.c | 4 +- drivers/cpufreq/acpi-cpufreq.c | 36 +- drivers/cpufreq/qcom-cpufreq-hw.c | 34 +- drivers/crypto/caam/blob_gen.c | 3 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 164 ++-- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 - drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 + drivers/dma/ti/edma.c | 3 +- drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/gpio/gpio-brcmstb.c | 5 +- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 108 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +- drivers/gpu/drm/bridge/ite-it6505.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 + drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 1 - drivers/gpu/drm/rockchip/cdn-dp-core.c | 1 - drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 1 - drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 1 - drivers/gpu/drm/rockchip/inno_hdmi.c | 1 - drivers/gpu/drm/rockchip/rk3066_hdmi.c | 1 - drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 18 + drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 12 - drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 121 ++- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 18 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 1 - drivers/gpu/drm/rockchip/rockchip_rgb.c | 1 - drivers/hid/hid-core.c | 2 + drivers/hid/hid-input.c | 37 +- drivers/hid/hid-multitouch.c | 2 +- drivers/hid/hid-thrustmaster.c | 8 + drivers/i3c/master/dw-i3c-master.c | 66 +- drivers/i3c/master/dw-i3c-master.h | 2 + drivers/iio/adc/ti_am335x_adc.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/mlx4/main.c | 8 +- drivers/infiniband/hw/mlx5/odp.c | 32 +- drivers/infiniband/sw/rxe/rxe.c | 6 +- drivers/infiniband/sw/rxe/rxe.h | 6 +- drivers/infiniband/sw/rxe/rxe_comp.c | 4 +- drivers/infiniband/sw/rxe/rxe_cq.c | 4 +- drivers/infiniband/sw/rxe/rxe_mr.c | 16 +- drivers/infiniband/sw/rxe/rxe_mw.c | 2 +- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/sw/rxe/rxe_qp.c | 8 +- drivers/infiniband/sw/rxe/rxe_resp.c | 12 +- drivers/infiniband/sw/rxe/rxe_task.c | 4 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 221 +++--- drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/irqchip/irq-atmel-aic-common.c | 4 +- drivers/irqchip/irq-pic32-evic.c | 4 +- drivers/leds/leds-cht-wcove.c | 6 +- drivers/leds/leds-netxbig.c | 1 + drivers/media/i2c/imx290.c | 3 +- drivers/media/i2c/imx412.c | 42 +- drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 + .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/af9035.c | 18 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/syscon.c | 81 +- drivers/mfd/ti_am335x_tscadc.c | 4 +- drivers/misc/cardreader/rtsx_usb.c | 15 + drivers/mtd/hyperbus/hbmc-am654.c | 25 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 + drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 10 - drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +- drivers/net/team/team.c | 7 + drivers/net/usb/rtl8150.c | 22 + drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 6 +- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 + drivers/net/wireless/mediatek/mt76/mt7615/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 10 - drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 1 - .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 11 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 34 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 15 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/main.c | 8 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 15 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/base.c | 13 +- drivers/net/wireless/realtek/rtlwifi/base.h | 1 - drivers/net/wireless/realtek/rtlwifi/pci.c | 61 +- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 - drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 34 +- drivers/of/of_reserved_mem.c | 3 +- drivers/opp/core.c | 57 +- drivers/opp/of.c | 4 +- drivers/pci/controller/dwc/pci-imx6.c | 139 ++-- drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 6 +- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pinctrl/nxp/pinctrl-s32cc.c | 4 +- drivers/pinctrl/pinctrl-amd.c | 27 +- drivers/pinctrl/pinctrl-amd.h | 7 +- drivers/pinctrl/pinctrl-k210.c | 4 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 76 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++-- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/pwm-samsung.c | 4 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-loongson.c | 13 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/soc/atmel/soc.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 11 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/serial/8250/8250_port.c | 32 +- drivers/tty/serial/sc16is7xx.c | 34 +- drivers/tty/sysrq.c | 4 +- drivers/ufs/core/ufs_bsg.c | 1 + drivers/usb/dwc3/core.c | 30 +- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/gadget/function/f_tcm.c | 14 +- drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/misc/usb251xb.c | 4 +- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/vfio/iova_bitmap.c | 2 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/watchdog/rti_wdt.c | 1 + fs/afs/dir.c | 7 +- fs/afs/internal.h | 9 + fs/afs/rxrpc.c | 12 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/btrfs/super.c | 2 +- fs/buffer.c | 24 +- fs/dlm/lowcomms.c | 3 +- fs/f2fs/dir.c | 53 +- fs/f2fs/f2fs.h | 6 +- fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/hostfs/hostfs_kern.c | 157 ++-- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfsd/nfs4callback.c | 1 + fs/nilfs2/segment.c | 11 +- fs/ocfs2/quota_global.c | 5 + fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsacl.c | 25 +- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/cifssmb.c | 4 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 +- fs/smb/client/smb2ops.c | 3 +- fs/ubifs/debug.c | 22 +- include/acpi/acpixf.h | 1 + include/dt-bindings/clock/sun50i-a64-ccu.h | 2 + include/linux/buffer_head.h | 4 +- include/linux/hid.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/kallsyms.h | 2 +- include/linux/mfd/syscon.h | 33 +- include/linux/mroute_base.h | 6 +- include/linux/netdevice.h | 2 +- include/linux/of.h | 15 +- include/linux/perf_event.h | 6 + include/linux/platform_data/pca953x.h | 13 - include/linux/platform_data/si5351.h | 2 + include/linux/pps_kernel.h | 3 +- include/linux/sched.h | 1 + include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/netfilter/nf_tables.h | 8 +- include/net/xfrm.h | 16 +- include/trace/events/afs.h | 2 + include/trace/events/rxrpc.h | 25 + io_uring/uring_cmd.c | 2 +- kernel/bpf/bpf_local_storage.c | 8 +- kernel/events/core.c | 35 +- kernel/irq/internals.h | 9 +- kernel/padata.c | 45 +- kernel/power/hibernate.c | 7 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/fair.c | 19 +- kernel/sched/topology.c | 8 +- kernel/trace/bpf_trace.c | 13 +- net/ax25/af_ax25.c | 12 +- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 +- net/ax25/ax25_route.c | 2 + net/core/dev.c | 4 + net/core/filter.c | 2 +- net/core/sysctl_net_core.c | 5 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/icmp.c | 9 +- net/ipv4/inetpeer.c | 31 +- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr.c | 28 +- net/ipv4/ipmr_base.c | 9 +- net/ipv4/route.c | 17 +- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/tcp_output.c | 9 +- net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/ip6mr.c | 28 +- net/ipv6/ndisc.c | 8 +- net/mac80211/debugfs_netdev.c | 2 +- net/mac80211/driver-ops.h | 3 + net/mac80211/rx.c | 1 + net/mptcp/options.c | 13 +- net/mptcp/protocol.c | 4 +- net/mptcp/protocol.h | 30 +- net/netfilter/nf_tables_api.c | 57 +- net/netfilter/nft_flow_offload.c | 16 +- net/netfilter/nft_set_pipapo.c | 7 +- net/netfilter/nft_set_rbtree.c | 178 +++-- net/rose/af_rose.c | 16 +- net/rose/rose_timer.c | 15 + net/rxrpc/conn_event.c | 12 +- net/sched/sch_api.c | 4 + net/sched/sch_sfq.c | 58 +- net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 +- net/smc/smc_rx.h | 8 +- net/sunrpc/svcsock.c | 12 +- net/vmw_vsock/af_vsock.c | 5 + net/wireless/scan.c | 35 + net/xfrm/xfrm_replay.c | 10 +- samples/landlock/sandboxer.c | 7 + scripts/Makefile.lib | 4 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 +- scripts/kconfig/conf.c | 6 + scripts/kconfig/confdata.c | 113 ++- scripts/kconfig/lkc_proto.h | 2 + scripts/kconfig/symbol.c | 10 + security/landlock/fs.c | 11 +- sound/core/seq/Kconfig | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/arizona.c | 12 +- sound/soc/intel/avs/apl.c | 53 +- sound/soc/intel/avs/avs.h | 40 +- sound/soc/intel/avs/core.c | 51 +- sound/soc/intel/avs/ipc.c | 36 +- sound/soc/intel/avs/loader.c | 2 +- sound/soc/intel/avs/messages.h | 10 +- sound/soc/intel/avs/registers.h | 6 +- sound/soc/intel/avs/skl.c | 30 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +- sound/soc/sh/rz-ssi.c | 3 +- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/lib/bpf/linker.c | 22 +- tools/lib/bpf/usdt.c | 2 +- tools/perf/builtin-lock.c | 66 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/util/bpf-event.c | 10 +- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/expr.c | 5 +- tools/perf/util/header.c | 8 +- tools/perf/util/machine.c | 2 +- tools/perf/util/namespaces.c | 7 +- tools/perf/util/namespaces.h | 3 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- .../selftests/bpf/prog_tests/fill_link_info.c | 4 + .../selftests/bpf/progs/test_fill_link_info.c | 13 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- tools/testing/selftests/kselftest_harness.h | 24 +- tools/testing/selftests/landlock/fs_test.c | 3 +- .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- tools/testing/selftests/rseq/rseq.c | 32 +- tools/testing/selftests/rseq/rseq.h | 9 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- 455 files changed, 4496 insertions(+), 3375 deletions(-)

7 months

12
24
0 0

[PATCH v2 4/4] mm: Don't skip arch_sync_kernel_mappings() in error paths

by Ryan Roberts

Fix callers that previously skipped calling arch_sync_kernel_mappings() if an error occurred during a pgtable update. The call is still required to sync any pgtable updates that may have occurred prior to hitting the error condition. These are theoretical bugs discovered during code review. Cc: stable(a)vger.kernel.org Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered") Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- mm/memory.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 539c0f7c6d54..a15f7dd500ea 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3040,8 +3040,10 @@ static int __apply_to_page_range(struct mm_struct *mm, unsigned long addr, next = pgd_addr_end(addr, end); if (pgd_none(*pgd) && !create) continue; - if (WARN_ON_ONCE(pgd_leaf(*pgd))) - return -EINVAL; + if (WARN_ON_ONCE(pgd_leaf(*pgd))) { + err = -EINVAL; + break; + } if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) { if (!create) continue; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index a6e7acebe9ad..61981ee1c9d2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -586,13 +586,13 @@ static int vmap_small_pages_range_noflush(unsigned long addr, unsigned long end, mask |= PGTBL_PGD_MODIFIED; err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask); if (err) - return err; + break; } while (pgd++, addr = next, addr != end); if (mask & ARCH_PAGE_TABLE_SYNC_MASK) arch_sync_kernel_mappings(start, end); - return 0; + return err; } /* -- 2.43.0

7 months

2
1
0 0

FAILED: patch "[PATCH] batman-adv: Drop unmanaged ELP metric worker" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8c8ecc98f5c65947b0070a24bac11e12e47cc65d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021842-crusher-corrode-54d0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c8ecc98f5c65947b0070a24bac11e12e47cc65d Mon Sep 17 00:00:00 2001 From: Sven Eckelmann <sven(a)narfation.org> Date: Mon, 20 Jan 2025 00:06:11 +0100 Subject: [PATCH] batman-adv: Drop unmanaged ELP metric worker The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c index ac11f1f08db0..d35479c465e2 100644 --- a/net/batman-adv/bat_v.c +++ b/net/batman-adv/bat_v.c @@ -113,8 +113,6 @@ static void batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh) { ewma_throughput_init(&hardif_neigh->bat_v.throughput); - INIT_WORK(&hardif_neigh->bat_v.metric_work, - batadv_v_elp_throughput_metric_update); } /** diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 65e52de52bcd..b065578b4436 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -18,6 +18,7 @@ #include <linux/if_ether.h> #include <linux/jiffies.h> #include <linux/kref.h> +#include <linux/list.h> #include <linux/minmax.h> #include <linux/netdevice.h> #include <linux/nl80211.h> @@ -26,6 +27,7 @@ #include <linux/rcupdate.h> #include <linux/rtnetlink.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/string.h> #include <linux/types.h> @@ -41,6 +43,18 @@ #include "routing.h" #include "send.h" +/** + * struct batadv_v_metric_queue_entry - list of hardif neighbors which require + * and metric update + */ +struct batadv_v_metric_queue_entry { + /** @hardif_neigh: hardif neighbor scheduled for metric update */ + struct batadv_hardif_neigh_node *hardif_neigh; + + /** @list: list node for metric_queue */ + struct list_head list; +}; + /** * batadv_v_elp_start_timer() - restart timer for ELP periodic work * @hard_iface: the interface for which the timer has to be reset @@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, goto default_throughput; } + /* only use rtnl_trylock because the elp worker will be cancelled while + * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise + * wait forever when the elp work_item was started and it is then also + * trying to rtnl_lock + */ + if (!rtnl_trylock()) + return false; + /* if not a wifi interface, check if this device provides data via * ethtool (e.g. an Ethernet adapter) */ - rtnl_lock(); ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings); rtnl_unlock(); if (ret == 0) { @@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, /** * batadv_v_elp_throughput_metric_update() - worker updating the throughput * metric of a single hop neighbour - * @work: the work queue item + * @neigh: the neighbour to probe */ -void batadv_v_elp_throughput_metric_update(struct work_struct *work) +static void +batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh) { - struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; - struct batadv_hardif_neigh_node *neigh; u32 throughput; bool valid; - neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, - metric_work); - neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, - bat_v); - valid = batadv_v_elp_get_throughput(neigh, &throughput); if (!valid) - goto put_neigh; + return; ewma_throughput_add(&neigh->bat_v.throughput, throughput); - -put_neigh: - /* decrement refcounter to balance increment performed before scheduling - * this task - */ - batadv_hardif_neigh_put(neigh); } /** @@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) */ static void batadv_v_elp_periodic_work(struct work_struct *work) { + struct batadv_v_metric_queue_entry *metric_entry; + struct batadv_v_metric_queue_entry *metric_safe; struct batadv_hardif_neigh_node *hardif_neigh; struct batadv_hard_iface *hard_iface; struct batadv_hard_iface_bat_v *bat_v; struct batadv_elp_packet *elp_packet; + struct list_head metric_queue; struct batadv_priv *bat_priv; struct sk_buff *skb; u32 elp_interval; - bool ret; bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work); hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v); @@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) atomic_inc(&hard_iface->bat_v.elp_seqno); + INIT_LIST_HEAD(&metric_queue); + /* The throughput metric is updated on each sent packet. This way, if a * node is dead and no longer sends packets, batman-adv is still able to * react timely to its death. @@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) /* Reading the estimated throughput from cfg80211 is a task that * may sleep and that is not allowed in an rcu protected - * context. Therefore schedule a task for that. + * context. Therefore add it to metric_queue and process it + * outside rcu protected context. */ - ret = queue_work(batadv_event_workqueue, - &hardif_neigh->bat_v.metric_work); - - if (!ret) + metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC); + if (!metric_entry) { batadv_hardif_neigh_put(hardif_neigh); + continue; + } + + metric_entry->hardif_neigh = hardif_neigh; + list_add(&metric_entry->list, &metric_queue); } rcu_read_unlock(); + list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) { + batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh); + + batadv_hardif_neigh_put(metric_entry->hardif_neigh); + list_del(&metric_entry->list); + kfree(metric_entry); + } + restart_timer: batadv_v_elp_start_timer(hard_iface); out: diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h index 9e2740195fa2..c9cb0a307100 100644 --- a/net/batman-adv/bat_v_elp.h +++ b/net/batman-adv/bat_v_elp.h @@ -10,7 +10,6 @@ #include "main.h" #include <linux/skbuff.h> -#include <linux/workqueue.h> int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface); void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface); @@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface, void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface); int batadv_v_elp_packet_recv(struct sk_buff *skb, struct batadv_hard_iface *if_incoming); -void batadv_v_elp_throughput_metric_update(struct work_struct *work); #endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */ diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 04f6398b3a40..85a50096f5b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v { * neighbor */ unsigned long last_unicast_tx; - - /** @metric_work: work queue callback item for metric update */ - struct work_struct metric_work; }; /**

7 months

2
2
0 0

[PATCH v2 3/4] arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level

by Ryan Roberts

commit c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") changed the "invalidation level unknown" hint from 0 to TLBI_TTL_UNKNOWN (INT_MAX). But the fallback "unknown level" path in flush_hugetlb_tlb_range() was not updated. So as it stands, when trying to invalidate CONT_PMD_SIZE or CONT_PTE_SIZE hugetlb mappings, we will spuriously try to invalidate at level 0 on LPA2-enabled systems. Fix this so that the fallback passes TLBI_TTL_UNKNOWN, and while we are at it, explicitly use the correct stride and level for CONT_PMD_SIZE and CONT_PTE_SIZE, which should provide a minor optimization. Cc: stable(a)vger.kernel.org Fixes: c910f2b65518 ("arm64/mm: Update tlb invalidation routines for FEAT_LPA2") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- arch/arm64/include/asm/hugetlb.h | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index 03db9cb21ace..07fbf5bf85a7 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -76,12 +76,22 @@ static inline void flush_hugetlb_tlb_range(struct vm_area_struct *vma, { unsigned long stride = huge_page_size(hstate_vma(vma)); - if (stride == PMD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 2); - else if (stride == PUD_SIZE) - __flush_tlb_range(vma, start, end, stride, false, 1); - else - __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 0); + switch (stride) { +#ifndef __PAGETABLE_PMD_FOLDED + case PUD_SIZE: + __flush_tlb_range(vma, start, end, PUD_SIZE, false, 1); + break; +#endif + case CONT_PMD_SIZE: + case PMD_SIZE: + __flush_tlb_range(vma, start, end, PMD_SIZE, false, 2); + break; + case CONT_PTE_SIZE: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, 3); + break; + default: + __flush_tlb_range(vma, start, end, PAGE_SIZE, false, TLBI_TTL_UNKNOWN); + } } #endif /* __ASM_HUGETLB_H */ -- 2.43.0

7 months

3
2
0 0

[PATCH] tty: owl-uart: fix call balance of owl_port->clk handling routines

by Vitalii Mordan

If owl_port->clk was enabled in owl_uart_probe(), it must be disabled in all error paths to ensure proper cleanup. However, if uart_add_one_port() returns an error in owl_uart_probe(), the owl_port->clk clock will not be disabled. Use the devm_clk_get_enabled() helper function to ensure proper call balance for owl_port->clk. Found by Linux Verification Center (linuxtesting.org) with Klever. Fixes: abf42d2f333b ("tty: serial: owl: add "much needed" clk_prepare_enable()") Cc: stable(a)vger.kernel.org Signed-off-by: Vitalii Mordan <mordan(a)ispras.ru> --- drivers/tty/serial/owl-uart.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c index 0542882cfbbe..64446820437c 100644 --- a/drivers/tty/serial/owl-uart.c +++ b/drivers/tty/serial/owl-uart.c @@ -680,18 +680,12 @@ static int owl_uart_probe(struct platform_device *pdev) if (!owl_port) return -ENOMEM; - owl_port->clk = devm_clk_get(&pdev->dev, NULL); + owl_port->clk = devm_clk_get_enabled(&pdev->dev, NULL); if (IS_ERR(owl_port->clk)) { - dev_err(&pdev->dev, "could not get clk\n"); + dev_err(&pdev->dev, "could not get and enable clk\n"); return PTR_ERR(owl_port->clk); } - ret = clk_prepare_enable(owl_port->clk); - if (ret) { - dev_err(&pdev->dev, "could not enable clk\n"); - return ret; - } - owl_port->port.dev = &pdev->dev; owl_port->port.line = pdev->id; owl_port->port.type = PORT_OWL; @@ -701,7 +695,6 @@ static int owl_uart_probe(struct platform_device *pdev) owl_port->port.uartclk = clk_get_rate(owl_port->clk); if (owl_port->port.uartclk == 0) { dev_err(&pdev->dev, "clock rate is zero\n"); - clk_disable_unprepare(owl_port->clk); return -EINVAL; } owl_port->port.flags = UPF_BOOT_AUTOCONF | UPF_IOREMAP | UPF_LOW_LATENCY; @@ -725,7 +718,6 @@ static void owl_uart_remove(struct platform_device *pdev) uart_remove_one_port(&owl_uart_driver, &owl_port->port); owl_uart_ports[pdev->id] = NULL; - clk_disable_unprepare(owl_port->clk); } static struct platform_driver owl_uart_platform_driver = { -- 2.25.1

7 months

4
4
0 0

[PATCH RTF 3/3] usb: renesas_usbhs: Flush the notify_hotplug_work

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. Fixes: bc57381e6347 ("usb: renesas_usbhs: use delayed_work instead of work_struct") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/usb/renesas_usbhs/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 6c7857b66a21..4b35ef216125 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -781,6 +781,8 @@ static void usbhs_remove(struct platform_device *pdev) dev_dbg(&pdev->dev, "usb remove\n"); + flush_delayed_work(&priv->notify_hotplug_work); + /* power off */ if (!usbhs_get_dparam(priv, runtime_pwctrl)) usbhsc_power_ctrl(priv, 0); -- 2.43.0

7 months

1
0
0 0

[PATCH RTF 2/3] usb: renesas_usbhs: Use devm_usb_get_phy()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The gpriv->transceiver is retrieved in probe() through usb_get_phy() but never released. Use devm_usb_get_phy() to handle this scenario. This issue was identified through code investigation. No issue was found without this change. Fixes: b5a2875605ca ("usb: renesas_usbhs: Allow an OTG PHY driver to provide VBUS") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c index 105132ae87ac..e8e5723f5412 100644 --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -1094,7 +1094,7 @@ int usbhs_mod_gadget_probe(struct usbhs_priv *priv) goto usbhs_mod_gadget_probe_err_gpriv; } - gpriv->transceiver = usb_get_phy(USB_PHY_TYPE_UNDEFINED); + gpriv->transceiver = devm_usb_get_phy(dev, USB_PHY_TYPE_UNDEFINED); dev_info(dev, "%stransceiver found\n", !IS_ERR(gpriv->transceiver) ? "" : "no "); -- 2.43.0

7 months

1
0
0 0

[PATCH RTF 1/3] usb: renesas_usbhs: Call clk_put()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Clocks acquired with of_clk_get() need to be freed with clk_put(). Call clk_put() on priv->clks[0] on error path. Fixes: 3df0e240caba ("usb: renesas_usbhs: Add multiple clocks management") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/usb/renesas_usbhs/common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 935fc496fe94..6c7857b66a21 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -312,8 +312,10 @@ static int usbhsc_clk_get(struct device *dev, struct usbhs_priv *priv) priv->clks[1] = of_clk_get(dev_of_node(dev), 1); if (PTR_ERR(priv->clks[1]) == -ENOENT) priv->clks[1] = NULL; - else if (IS_ERR(priv->clks[1])) + else if (IS_ERR(priv->clks[1])) { + clk_put(priv->clks[0]); return PTR_ERR(priv->clks[1]); + } return 0; } -- 2.43.0

7 months

1
0
0 0

[PATCH RFT 5/5] phy: renesas: rcar-gen3-usb2: Set timing registers only once

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy-rcar-gen3-usb2 driver exports 4 PHYs. The timing registers are common to all PHYs. There is no need to set them every time a PHY is initialized. Set timing register only when the 1st PHY is initialized. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 087937407b0b..8e57fa8c1cff 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -467,8 +467,11 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; writel(val, usb2_base + USB2_INT_ENABLE); - writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); - writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + + if (!rcar_gen3_is_any_rphy_initialized(channel)) { + writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); + writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + } /* Initialize otg part (only if we initialize a PHY with IRQs). */ if (rphy->int_enable_bits) -- 2.43.0

7 months

1
0
0 0

[PATCH RFT 3/5] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The phy-rcar-gen3-usb2 driver exposes four individual PHYs that are requested and configured by PHY users. The struct phy_ops APIs access the same set of registers to configure all PHYs. Additionally, PHY settings can be modified through sysfs or an IRQ handler. While some struct phy_ops APIs are protected by a driver-wide mutex, others rely on individual PHY-specific mutexes. This approach can lead to various issues, including: 1/ the IRQ handler may interrupt PHY settings in progress, racing with hardware configuration protected by a mutex lock 2/ due to msleep(20) in rcar_gen3_init_otg(), while a configuration thread suspends to wait for the delay, another thread may try to configure another PHY (with phy_init() + phy_power_on()); re-running the phy_init() goes to the exact same configuration code, re-running the same hardware configuration on the same set of registers (and bits) which might impact the result of the msleep for the 1st configuring thread 3/ sysfs can configure the hardware (though role_store()) and it can still race with the phy_init()/phy_power_on() APIs calling into the drivers struct phy_ops To address these issues, add a spinlock to protect hardware register access and driver private data structures (e.g., calls to rcar_gen3_is_any_rphy_initialized()). Checking driver-specific data remains necessary as all PHY instances share common settings. With this change, the existing mutex protection is removed and the cleanup.h helpers are used. While at it, to keep the code simpler, do not skip regulator_enable()/regulator_disable() APIs in rcar_gen3_phy_usb2_power_on()/rcar_gen3_phy_usb2_power_off() as the regulators enable/disable operations are reference counted anyway. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 49 +++++++++++++----------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 826c9c4dd4c0..5c0ceba09b67 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -9,6 +9,7 @@ * Copyright (C) 2014 Cogent Embedded, Inc. */ +#include <linux/cleanup.h> #include <linux/extcon-provider.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -118,7 +119,7 @@ struct rcar_gen3_chan { struct regulator *vbus; struct reset_control *rstc; struct work_struct work; - struct mutex lock; /* protects rphys[...].powered */ + spinlock_t lock; /* protects access to hardware and driver data structure. */ enum usb_dr_mode dr_mode; u32 obint_enable_bits; bool extcon_host; @@ -348,6 +349,8 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; + guard(spinlock_irqsave)(&ch->lock); + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; @@ -415,7 +418,7 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) val = readl(usb2_base + USB2_ADPCTRL); writel(val | USB2_ADPCTRL_IDPULLUP, usb2_base + USB2_ADPCTRL); } - msleep(20); + mdelay(20); writel(0xffffffff, usb2_base + USB2_OBINTSTA); writel(ch->obint_enable_bits, usb2_base + USB2_OBINTEN); @@ -436,12 +439,14 @@ static irqreturn_t rcar_gen3_phy_usb2_irq(int irq, void *_ch) if (pm_runtime_suspended(dev)) goto rpm_put; - status = readl(usb2_base + USB2_OBINTSTA); - if (status & ch->obint_enable_bits) { - dev_vdbg(dev, "%s: %08x\n", __func__, status); - writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); - rcar_gen3_device_recognition(ch); - ret = IRQ_HANDLED; + scoped_guard(spinlock, &ch->lock) { + status = readl(usb2_base + USB2_OBINTSTA); + if (status & ch->obint_enable_bits) { + dev_vdbg(dev, "%s: %08x\n", __func__, status); + writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); + rcar_gen3_device_recognition(ch); + ret = IRQ_HANDLED; + } } rpm_put: @@ -456,6 +461,8 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + /* Initialize USB2 part */ val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; @@ -479,6 +486,8 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + rphy->initialized = false; val = readl(usb2_base + USB2_INT_ENABLE); @@ -498,16 +507,17 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) u32 val; int ret = 0; - mutex_lock(&channel->lock); - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; - if (channel->vbus) { ret = regulator_enable(channel->vbus); if (ret) - goto out; + return ret; } + guard(spinlock_irqsave)(&channel->lock); + + if (!rcar_gen3_are_all_rphys_power_off(channel)) + goto out; + val = readl(usb2_base + USB2_USBCTR); val |= USB2_USBCTR_PLL_RST; writel(val, usb2_base + USB2_USBCTR); @@ -517,7 +527,6 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) out: /* The powered flag should be set for any other phys anyway */ rphy->powered = true; - mutex_unlock(&channel->lock); return 0; } @@ -528,18 +537,12 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - mutex_lock(&channel->lock); - rphy->powered = false; - - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; + scoped_guard(spinlock_irqsave, &channel->lock) + rphy->powered = false; if (channel->vbus) ret = regulator_disable(channel->vbus); -out: - mutex_unlock(&channel->lock); - return ret; } @@ -750,7 +753,7 @@ static int rcar_gen3_phy_usb2_probe(struct platform_device *pdev) if (phy_data->no_adp_ctrl) channel->obint_enable_bits = USB2_OBINT_IDCHG_EN; - mutex_init(&channel->lock); + spin_lock_init(&channel->lock); for (i = 0; i < NUM_OF_PHYS; i++) { channel->rphys[i].phy = devm_phy_create(dev, NULL, phy_data->phy_usb2_ops); -- 2.43.0

7 months

1
0
0 0

[PATCH RFT 1/5] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 33 ++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel)) -- 2.43.0

7 months

1
0
0 0

[PATCH] drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() and alloc_workqueue() to catch potential exception. Fixes: 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/i915/display/intel_display_driver.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_display_driver.c b/drivers/gpu/drm/i915/display/intel_display_driver.c index 50ec0c3c7588..dfe5b779aefd 100644 --- a/drivers/gpu/drm/i915/display/intel_display_driver.c +++ b/drivers/gpu/drm/i915/display/intel_display_driver.c @@ -245,6 +245,11 @@ int intel_display_driver_probe_noirq(struct intel_display *display) WQ_UNBOUND, WQ_UNBOUND_MAX_ACTIVE); display->wq.cleanup = alloc_workqueue("i915_cleanup", WQ_HIGHPRI, 0); + if (!display->wq.modeset || !display->wq.flip || !display->wq.cleanup) { + ret = -ENOMEM; + goto cleanup_vga_client_pw_domain_dmc; + } + intel_mode_config_init(display); ret = intel_cdclk_init(display); -- 2.25.1

7 months

2
1
0 0

[PATCH 1/2] jffs2: initialize filesystem-private inode info in ->alloc_inode callback

by Fedor Pchelkin

The symlink body (->target) should be freed at the same time as the inode itself per commit 4fdcfab5b553 ("jffs2: fix use-after-free on symlink traversal"). It is a filesystem-specific field but there exist several error paths during generic inode allocation when ->free_inode(), namely jffs2_free_inode(), is called with still uninitialized private info. The calltrace looks like: alloc_inode inode_init_always // fails i_callback free_inode jffs2_free_inode // touches uninit ->target field Commit af9a8730ddb6 ("jffs2: Fix potential illegal address access in jffs2_free_inode") approached the observed problem but fixed it only partially. Our local Syzkaller instance is still hitting these kinds of failures. The thing is that jffs2_i_init_once(), where the initialization of f->target has been moved, is called once per slab allocation so it won't be called for the object structure possibly retrieved later from the slab cache for reuse. The practice followed by many other filesystems is to initialize filesystem-private inode contents in the corresponding ->alloc_inode() callbacks. This also allows to drop initialization from jffs2_iget() and jffs2_new_inode() as ->alloc_inode() is called in those places. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 4fdcfab5b553 ("jffs2: fix use-after-free on symlink traversal") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- fs/jffs2/fs.c | 2 -- fs/jffs2/super.c | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index d175cccb7c55..85c4b273918f 100644 --- a/fs/jffs2/fs.c +++ b/fs/jffs2/fs.c @@ -271,7 +271,6 @@ struct inode *jffs2_iget(struct super_block *sb, unsigned long ino) f = JFFS2_INODE_INFO(inode); c = JFFS2_SB_INFO(inode->i_sb); - jffs2_init_inode_info(f); mutex_lock(&f->sem); ret = jffs2_do_read_inode(c, f, inode->i_ino, &latest_node); @@ -439,7 +438,6 @@ struct inode *jffs2_new_inode (struct inode *dir_i, umode_t mode, struct jffs2_r return ERR_PTR(-ENOMEM); f = JFFS2_INODE_INFO(inode); - jffs2_init_inode_info(f); mutex_lock(&f->sem); memset(ri, 0, sizeof(*ri)); diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 4545f885c41e..b56ff63357f3 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -42,6 +42,8 @@ static struct inode *jffs2_alloc_inode(struct super_block *sb) f = alloc_inode_sb(sb, jffs2_inode_cachep, GFP_KERNEL); if (!f) return NULL; + + jffs2_init_inode_info(f); return &f->vfs_inode; } @@ -58,7 +60,6 @@ static void jffs2_i_init_once(void *foo) struct jffs2_inode_info *f = foo; mutex_init(&f->sem); - f->target = NULL; inode_init_once(&f->vfs_inode); } -- 2.39.5

7 months

3
3
0 0

[PATCH 6.12 000/418] 6.12.14-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.14 release. There are 418 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 17 Feb 2025 07:52:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.14-rc3 Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: rockchip: add reset-names for combphy on rk3568 Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Libo Chen <libo.chen(a)oracle.com> Revert "selftests/sched_ext: fix build after renames in sched_ext API" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Long Li <leo.lilong(a)huawei.com> xfs: fix mount hang during primary superblock recovery failure Darrick J. Wong <djwong(a)kernel.org> xfs: lock dquot buffer before detaching dquot from b_li_list Darrick J. Wong <djwong(a)kernel.org> xfs: release the dquot buf outside of qli_lock Darrick J. Wong <djwong(a)kernel.org> xfs: convert quotacheck to attach dquot buffers Darrick J. Wong <djwong(a)kernel.org> xfs: attach dquot buffer to dquot log item buffer Darrick J. Wong <djwong(a)kernel.org> xfs: clean up log item accesses in xfs_qm_dqflush{,_done} Darrick J. Wong <djwong(a)kernel.org> xfs: separate dquot buffer reads from xfs_dqflush Darrick J. Wong <djwong(a)kernel.org> xfs: don't lose solo superblock counter update transactions Darrick J. Wong <djwong(a)kernel.org> xfs: avoid nested calls to __xfs_trans_commit WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock Sean Christopherson <seanjc(a)google.com> KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map() Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3568.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 + arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/kvm/e500_mmu_host.c | 21 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 4 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 2 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 4 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 45 +- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/dir.c | 25 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_buf_item_recover.c | 11 +- fs/xfs/xfs_dquot.c | 199 +++++++-- fs/xfs/xfs_dquot.h | 6 +- fs/xfs/xfs_dquot_item.c | 51 ++- fs/xfs/xfs_dquot_item.h | 7 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- fs/xfs/xfs_qm.c | 50 ++- fs/xfs/xfs_qm_bhv.c | 41 +- fs/xfs/xfs_super.c | 11 +- fs/xfs/xfs_trans.c | 29 +- fs/xfs/xfs_trans_ail.c | 2 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 6 +- kernel/sched/fair.c | 19 + kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/mptcp/protocol.c | 1 + net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 4 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ .../selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 +- .../selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 +- .../testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- .../selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 +- tools/testing/selftests/sched_ext/exit.bpf.c | 4 +- tools/testing/selftests/sched_ext/maximal.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_dfl.bpf.c | 2 +- .../sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 +- .../selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 +- .../sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 +- .../selftests/sched_ext/select_cpu_vtime.bpf.c | 8 +- tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 451 files changed, 5230 insertions(+), 2579 deletions(-)

7 months

8
8
0 0

[PATCH] drm/xe: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in xe_gt_alloc() to catch potential exception. Fixes: e2d84e5b2205 ("drm/xe: Mark GT work queue with WQ_MEM_RECLAIM") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/xe/xe_gt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_gt.c b/drivers/gpu/drm/xe/xe_gt.c index 5d6fb79957b6..0f42bbcb8d42 100644 --- a/drivers/gpu/drm/xe/xe_gt.c +++ b/drivers/gpu/drm/xe/xe_gt.c @@ -79,6 +79,8 @@ struct xe_gt *xe_gt_alloc(struct xe_tile *tile) gt->tile = tile; gt->ordered_wq = alloc_ordered_workqueue("gt-ordered-wq", WQ_MEM_RECLAIM); + if (!gt->ordered_wq) + return ERR_PTR(-ENOMEM); err = drmm_add_action_or_reset(&gt_to_xe(gt)->drm, gt_fini, gt); if (err) -- 2.25.1

7 months

2
1
0 0

[PATCH 4/5] fprobe: Always unregister fgraph function from ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When the last fprobe is removed, it calls unregister_ftrace_graph() to remove the graph_ops from function graph. The issue is when it does so, it calls return before removing the function from its graph ops via ftrace_set_filter_ips(). This leaves the last function lingering in the fprobe's fgraph ops and if a probe is added it also enables that last function (even though the callback will just drop it, it does add unneeded overhead to make that call). # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc02f3000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions # echo "f:myevent3 kmem_cache_free" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kmem_cache_free (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 schedule_timeout (1) tramp: 0xffffffffc0219000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 The above enabled a fprobe on kernel_clone, and then on schedule_timeout. The content of the enabled_functions shows the functions that have a callback attached to them. The fprobe attached to those functions properly. Then the fprobes were cleared, and enabled_functions was empty after that. But after adding a fprobe on kmem_cache_free, the enabled_functions shows that the schedule_timeout was attached again. This is because it was still left in the fprobe ops that is used to tell function graph what functions it wants callbacks from. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 90241091ca61..886090845b1a 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -403,11 +403,9 @@ static void fprobe_graph_remove_ips(unsigned long *addrs, int num) lockdep_assert_held(&fprobe_mutex); fprobe_graph_active--; - if (!fprobe_graph_active) { - /* Q: should we unregister it ? */ + /* Q: should we unregister it ? */ + if (!fprobe_graph_active) unregister_ftrace_graph(&fprobe_graph_ops); - return; - } ftrace_set_filter_ips(&fprobe_graph_ops.ops, addrs, num, 1, 0); } -- 2.47.2

7 months

2
2
0 0

[PATCH 3/5] fprobe: Fix accounting of when to unregister from function graph

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When adding a new fprobe, it will update the function hash to the functions the fprobe is attached to and register with function graph to have it call the registered functions. The fprobe_graph_active variable keeps track of the number of fprobes that are using function graph. If two fprobes attach to the same function, it increments the fprobe_graph_active for each of them. But when they are removed, the first fprobe to be removed will see that the function it is attached to is also used by another fprobe and it will not remove that function from function_graph. The logic will skip decrementing the fprobe_graph_active variable. This causes the fprobe_graph_active variable to not go to zero when all fprobes are removed, and in doing so it does not unregister from function graph. As the fgraph ops hash will now be empty, and an empty filter hash means all functions are enabled, this triggers function graph to add a callback to the fprobe infrastructure for every function! # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # echo "f:myevent2 kernel_clone%return" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0024000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # > /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 try_to_run_init_process (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 cleanup_rapl_pmus (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_free_pcibus_map (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_types_exit (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 kvm_shutdown (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 vmx_dump_msrs (1) tramp: 0xffffffffc0026000 (function_trace_call+0x0/0x170) ->function_trace_call+0x0/0x170 [..] # cat /sys/kernel/tracing/enabled_functions | wc -l 54702 If a fprobe is being removed and all its functions are also traced by other fprobes, still decrement the fprobe_graph_active counter. Cc: stable(a)vger.kernel.org Fixes: 4346ba1604093 ("fprobe: Rewrite fprobe on function-graph tracer") Closes: https://lore.kernel.org/all/20250217114918.10397-A-hca@linux.ibm.com/ Reported-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fprobe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index 2560b312ad57..90241091ca61 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -681,6 +681,8 @@ int unregister_fprobe(struct fprobe *fp) if (count) fprobe_graph_remove_ips(addrs, count); + else + fprobe_graph_active--; kfree_rcu(hlist_array, rcu); fp->hlist_array = NULL; -- 2.47.2

7 months

2
2
0 0

[PATCH 0/2] bus: mhi: host: pci_generic: Couple of recovery fixes

by Manivannan Sadhasivam via B4 Relay

Hi, This series fixes a couple of issues reported by Johan in [1]. First one fixes a deadlock that happens during shutdown and suspend. Second one fixes the driver's PM behavior. [1] https://lore.kernel.org/mhi/Z1me8iaK7cwgjL92@hovoldconsulting.com Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- Manivannan Sadhasivam (2): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock bus: mhi: host: pci_generic: Recover the device synchronously from mhi_pci_runtime_resume() drivers/bus/mhi/host/pci_generic.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) --- base-commit: fc033cf25e612e840e545f8d5ad2edd6ba613ed5 change-id: 20250108-mhi_recovery_fix-a8f37168f91c Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>

7 months

4
13
0 0

[PATCH v2] arm64: dts: socfpga: agilex5: fix gpio0 address

by niravkumar.l.rabara＠intel.com

From: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> Use the correct gpio0 address for Agilex5. Fixes: 3f7c869e143a ("arm64: dts: socfpga: agilex5: Add gpio0 node and spi dma handshake id") Cc: stable(a)vger.kernel.org Signed-off-by: Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> --- changes in v2: * Fix dtbs_check warning and update commit message for better clarity. link to v1: - https://lore.kernel.org/all/20250212100131.2668403-1-niravkumar.l.rabara@in… arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi b/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi index 51c6e19e40b8..7d9394a04302 100644 --- a/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi +++ b/arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi @@ -222,9 +222,9 @@ i3c1: i3c@10da1000 { status = "disabled"; }; - gpio0: gpio@ffc03200 { + gpio0: gpio@10c03200 { compatible = "snps,dw-apb-gpio"; - reg = <0xffc03200 0x100>; + reg = <0x10c03200 0x100>; #address-cells = <1>; #size-cells = <0>; resets = <&rst GPIO0_RESET>; -- 2.25.1

7 months

3
2
0 0

[PATCH 1/2] drm/amdgpu/gfx9: manually control gfxoff for CS on RV

by Alex Deucher

When mesa started using compute queues more often we started seeing additional hangs with compute queues. Disabling gfxoff seems to mitigate that. Manually control gfxoff and gfx pg with command submissions to avoid any issues related to gfxoff. KFD already does the same thing for these chips. v2: limit to compute v3: limit to APUs v4: limit to Raven/PCO v5: only update the compute ring_funcs v6: Disable GFX PG v7: adjust order Backport the change to 6.13 and older kernels due to a change in function signatures. Reviewed-by: Lijo Lazar <lijo.lazar(a)amd.com> Suggested-by: Błażej Szczygieł <mumei6102(a)gmail.com> Suggested-by: Sergey Kovalenko <seryoga.engineering(a)gmail.com> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3861 Link: https://lists.freedesktop.org/archives/amd-gfx/2025-January/119116.html Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.12.x (cherry picked from commit b35eb9128ebeec534eed1cefd6b9b1b7282cf5ba) --- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c index 0b6f09f2cc9b..d28258bb6d29 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c @@ -7439,6 +7439,34 @@ static void gfx_v9_0_ring_emit_cleaner_shader(struct amdgpu_ring *ring) amdgpu_ring_write(ring, 0); /* RESERVED field, programmed to zero */ } +static void gfx_v9_0_ring_begin_use_compute(struct amdgpu_ring *ring) +{ + struct amdgpu_device *adev = ring->adev; + + amdgpu_gfx_enforce_isolation_ring_begin_use(ring); + + /* Raven and PCO APUs seem to have stability issues + * with compute and gfxoff and gfx pg. Disable gfx pg during + * submission and allow again afterwards. + */ + if (amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 1, 0)) + gfx_v9_0_set_powergating_state(adev, AMD_PG_STATE_UNGATE); +} + +static void gfx_v9_0_ring_end_use_compute(struct amdgpu_ring *ring) +{ + struct amdgpu_device *adev = ring->adev; + + /* Raven and PCO APUs seem to have stability issues + * with compute and gfxoff and gfx pg. Disable gfx pg during + * submission and allow again afterwards. + */ + if (amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 1, 0)) + gfx_v9_0_set_powergating_state(adev, AMD_PG_STATE_GATE); + + amdgpu_gfx_enforce_isolation_ring_end_use(ring); +} + static const struct amd_ip_funcs gfx_v9_0_ip_funcs = { .name = "gfx_v9_0", .early_init = gfx_v9_0_early_init, @@ -7615,8 +7643,8 @@ static const struct amdgpu_ring_funcs gfx_v9_0_ring_funcs_compute = { .emit_wave_limit = gfx_v9_0_emit_wave_limit, .reset = gfx_v9_0_reset_kcq, .emit_cleaner_shader = gfx_v9_0_ring_emit_cleaner_shader, - .begin_use = amdgpu_gfx_enforce_isolation_ring_begin_use, - .end_use = amdgpu_gfx_enforce_isolation_ring_end_use, + .begin_use = gfx_v9_0_ring_begin_use_compute, + .end_use = gfx_v9_0_ring_end_use_compute, }; static const struct amdgpu_ring_funcs gfx_v9_0_ring_funcs_kiq = { -- 2.48.1

7 months

1
1
0 0

[PATCH net-next v2 1/2] net: advertise 'netns local' property via netlink

by Nicolas Dichtel

Since the below commit, there is no way to see if the netns_local property is set on a device. Let's add a netlink attribute to advertise it. CC: stable(a)vger.kernel.org Fixes: 05c1280a2bcf ("netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- Documentation/netlink/specs/rt_link.yaml | 3 +++ include/uapi/linux/if_link.h | 1 + net/core/rtnetlink.c | 3 +++ 3 files changed, 7 insertions(+) diff --git a/Documentation/netlink/specs/rt_link.yaml b/Documentation/netlink/specs/rt_link.yaml index 0d492500c7e5..a646d8a6bf9d 100644 --- a/Documentation/netlink/specs/rt_link.yaml +++ b/Documentation/netlink/specs/rt_link.yaml @@ -1148,6 +1148,9 @@ attribute-sets: name: max-pacing-offload-horizon type: uint doc: EDT offload horizon supported by the device (in nsec). + - + name: netns-local + type: u8 - name: af-spec-attrs attributes: diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index bfe880fbbb24..ed4a64e1c8f1 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -378,6 +378,7 @@ enum { IFLA_GRO_IPV4_MAX_SIZE, IFLA_DPLL_PIN, IFLA_MAX_PACING_OFFLOAD_HORIZON, + IFLA_NETNS_LOCAL, __IFLA_MAX }; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index abe1a461ea67..acf787e4d22d 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1292,6 +1292,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev, + nla_total_size(4) /* IFLA_TSO_MAX_SEGS */ + nla_total_size(1) /* IFLA_OPERSTATE */ + nla_total_size(1) /* IFLA_LINKMODE */ + + nla_total_size(1) /* IFLA_NETNS_LOCAL */ + nla_total_size(4) /* IFLA_CARRIER_CHANGES */ + nla_total_size(4) /* IFLA_LINK_NETNSID */ + nla_total_size(4) /* IFLA_GROUP */ @@ -2046,6 +2047,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, netif_running(dev) ? READ_ONCE(dev->operstate) : IF_OPER_DOWN) || nla_put_u8(skb, IFLA_LINKMODE, READ_ONCE(dev->link_mode)) || + nla_put_u8(skb, IFLA_NETNS_LOCAL, dev->netns_local) || nla_put_u32(skb, IFLA_MTU, READ_ONCE(dev->mtu)) || nla_put_u32(skb, IFLA_MIN_MTU, READ_ONCE(dev->min_mtu)) || nla_put_u32(skb, IFLA_MAX_MTU, READ_ONCE(dev->max_mtu)) || @@ -2234,6 +2236,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { [IFLA_ALLMULTI] = { .type = NLA_REJECT }, [IFLA_GSO_IPV4_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1), [IFLA_GRO_IPV4_MAX_SIZE] = { .type = NLA_U32 }, + [IFLA_NETNS_LOCAL] = { .type = NLA_REJECT }, }; static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = { -- 2.47.1

7 months

2
2
0 0

[PATCH 6.1] block, bfq: split sync bfq_queues on a per-actuator basis

by Hagar Hemdan

From: Paolo Valente <paolo.valente(a)linaro.org> commit 9778369a2d6c5ed2b81a04164c4aa9da1bdb193d upstream. Single-LUN multi-actuator SCSI drives, as well as all multi-actuator SATA drives appear as a single device to the I/O subsystem [1]. Yet they address commands to different actuators internally, as a function of Logical Block Addressing (LBAs). A given sector is reachable by only one of the actuators. For example, Seagate’s Serial Advanced Technology Attachment (SATA) version contains two actuators and maps the lower half of the SATA LBA space to the lower actuator and the upper half to the upper actuator. Evidently, to fully utilize actuators, no actuator must be left idle or underutilized while there is pending I/O for it. The block layer must somehow control the load of each actuator individually. This commit lays the ground for allowing BFQ to provide such a per-actuator control. BFQ associates an I/O-request sync bfq_queue with each process doing synchronous I/O, or with a group of processes, in case of queue merging. Then BFQ serves one bfq_queue at a time. While in service, a bfq_queue is emptied in request-position order. Yet the same process, or group of processes, may generate I/O for different actuators. In this case, different streams of I/O (each for a different actuator) get all inserted into the same sync bfq_queue. So there is basically no individual control on when each stream is served, i.e., on when the I/O requests of the stream are picked from the bfq_queue and dispatched to the drive. This commit enables BFQ to control the service of each actuator individually for synchronous I/O, by simply splitting each sync bfq_queue into N queues, one for each actuator. In other words, a sync bfq_queue is now associated to a pair (process, actuator). As a consequence of this split, the per-queue proportional-share policy implemented by BFQ will guarantee that the sync I/O generated for each actuator, by each process, receives its fair share of service. This is just a preparatory patch. If the I/O of the same process happens to be sent to different queues, then each of these queues may undergo queue merging. To handle this event, the bfq_io_cq data structure must be properly extended. In addition, stable merging must be disabled to avoid loss of control on individual actuators. Finally, also async queues must be split. These issues are described in detail and addressed in next commits. As for this commit, although multiple per-process bfq_queues are provided, the I/O of each process or group of processes is still sent to only one queue, regardless of the actuator the I/O is for. The forwarding to distinct bfq_queues will be enabled after addressing the above issues. [1] https://www.linaro.org/blog/budget-fair-queueing-bfq-linux-io-scheduler-opt… Reviewed-by: Damien Le Moal <damien.lemoal(a)opensource.wdc.com> Signed-off-by: Gabriele Felici <felicigb(a)gmail.com> Signed-off-by: Carmine Zaccagnino <carmine(a)carminezacc.com> Signed-off-by: Paolo Valente <paolo.valente(a)linaro.org> Link: https://lore.kernel.org/r/20230103145503.71712-2-paolo.valente@linaro.org Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Stable-dep-of: e8b8344de398 ("block, bfq: fix bfqq uaf in bfq_limit_depth()") [Hagar: needed contextual fixes] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- block/bfq-cgroup.c | 95 +++++++++++++------------- block/bfq-iosched.c | 160 +++++++++++++++++++++++++++++--------------- block/bfq-iosched.h | 51 +++++++++++--- 3 files changed, 196 insertions(+), 110 deletions(-) diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c index 60b4299bec8ec..5d202b775beb4 100644 --- a/block/bfq-cgroup.c +++ b/block/bfq-cgroup.c @@ -704,6 +704,46 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, bfq_put_queue(bfqq); } +static void bfq_sync_bfqq_move(struct bfq_data *bfqd, + struct bfq_queue *sync_bfqq, + struct bfq_io_cq *bic, + struct bfq_group *bfqg, + unsigned int act_idx) +{ + struct bfq_queue *bfqq; + + if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) { + /* We are the only user of this bfqq, just move it */ + if (sync_bfqq->entity.sched_data != &bfqg->sched_data) + bfq_bfqq_move(bfqd, sync_bfqq, bfqg); + return; + } + + /* + * The queue was merged to a different queue. Check + * that the merge chain still belongs to the same + * cgroup. + */ + for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq) + if (bfqq->entity.sched_data != &bfqg->sched_data) + break; + if (bfqq) { + /* + * Some queue changed cgroup so the merge is not valid + * anymore. We cannot easily just cancel the merge (by + * clearing new_bfqq) as there may be other processes + * using this queue and holding refs to all queues + * below sync_bfqq->new_bfqq. Similarly if the merge + * already happened, we need to detach from bfqq now + * so that we cannot merge bio to a request from the + * old cgroup. + */ + bfq_put_cooperator(sync_bfqq); + bfq_release_process_ref(bfqd, sync_bfqq); + bic_set_bfqq(bic, NULL, true, act_idx); + } +} + /** * __bfq_bic_change_cgroup - move @bic to @bfqg. * @bfqd: the queue descriptor. @@ -714,60 +754,25 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, * sure that the reference to cgroup is valid across the call (see * comments in bfq_bic_update_cgroup on this issue) */ -static void *__bfq_bic_change_cgroup(struct bfq_data *bfqd, +static void __bfq_bic_change_cgroup(struct bfq_data *bfqd, struct bfq_io_cq *bic, struct bfq_group *bfqg) { - struct bfq_queue *async_bfqq = bic_to_bfqq(bic, false); - struct bfq_queue *sync_bfqq = bic_to_bfqq(bic, true); - struct bfq_entity *entity; + unsigned int act_idx; - if (async_bfqq) { - entity = &async_bfqq->entity; + for (act_idx = 0; act_idx < bfqd->num_actuators; act_idx++) { + struct bfq_queue *async_bfqq = bic_to_bfqq(bic, false, act_idx); + struct bfq_queue *sync_bfqq = bic_to_bfqq(bic, true, act_idx); - if (entity->sched_data != &bfqg->sched_data) { - bic_set_bfqq(bic, NULL, false); + if (async_bfqq && + async_bfqq->entity.sched_data != &bfqg->sched_data) { + bic_set_bfqq(bic, NULL, false, act_idx); bfq_release_process_ref(bfqd, async_bfqq); } - } - if (sync_bfqq) { - if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) { - /* We are the only user of this bfqq, just move it */ - if (sync_bfqq->entity.sched_data != &bfqg->sched_data) - bfq_bfqq_move(bfqd, sync_bfqq, bfqg); - } else { - struct bfq_queue *bfqq; - - /* - * The queue was merged to a different queue. Check - * that the merge chain still belongs to the same - * cgroup. - */ - for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq) - if (bfqq->entity.sched_data != - &bfqg->sched_data) - break; - if (bfqq) { - /* - * Some queue changed cgroup so the merge is - * not valid anymore. We cannot easily just - * cancel the merge (by clearing new_bfqq) as - * there may be other processes using this - * queue and holding refs to all queues below - * sync_bfqq->new_bfqq. Similarly if the merge - * already happened, we need to detach from - * bfqq now so that we cannot merge bio to a - * request from the old cgroup. - */ - bfq_put_cooperator(sync_bfqq); - bic_set_bfqq(bic, NULL, true); - bfq_release_process_ref(bfqd, sync_bfqq); - } - } + if (sync_bfqq) + bfq_sync_bfqq_move(bfqd, sync_bfqq, bic, bfqg, act_idx); } - - return bfqg; } void bfq_bic_update_cgroup(struct bfq_io_cq *bic, struct bio *bio) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index f759457646530..76b2e66d09070 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -377,16 +377,23 @@ static const unsigned long bfq_late_stable_merging = 600; #define RQ_BIC(rq) ((struct bfq_io_cq *)((rq)->elv.priv[0])) #define RQ_BFQQ(rq) ((rq)->elv.priv[1]) -struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync) +struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync, + unsigned int actuator_idx) { - return bic->bfqq[is_sync]; + if (is_sync) + return bic->bfqq[1][actuator_idx]; + + return bic->bfqq[0][actuator_idx]; } static void bfq_put_stable_ref(struct bfq_queue *bfqq); -void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync) +void bic_set_bfqq(struct bfq_io_cq *bic, + struct bfq_queue *bfqq, + bool is_sync, + unsigned int actuator_idx) { - struct bfq_queue *old_bfqq = bic->bfqq[is_sync]; + struct bfq_queue *old_bfqq = bic->bfqq[is_sync][actuator_idx]; /* Clear bic pointer if bfqq is detached from this bic */ if (old_bfqq && old_bfqq->bic == bic) @@ -405,7 +412,10 @@ void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync) * we cancel the stable merge if * bic->stable_merge_bfqq == bfqq. */ - bic->bfqq[is_sync] = bfqq; + if (is_sync) + bic->bfqq[1][actuator_idx] = bfqq; + else + bic->bfqq[0][actuator_idx] = bfqq; if (bfqq && bic->stable_merge_bfqq == bfqq) { /* @@ -680,9 +690,9 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data) { struct bfq_data *bfqd = data->q->elevator->elevator_data; struct bfq_io_cq *bic = bfq_bic_lookup(data->q); - struct bfq_queue *bfqq = bic ? bic_to_bfqq(bic, op_is_sync(opf)) : NULL; int depth; unsigned limit = data->q->nr_requests; + unsigned int act_idx; /* Sync reads have full depth available */ if (op_is_sync(opf) && !op_is_write(opf)) { @@ -692,14 +702,21 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data) limit = (limit * depth) >> bfqd->full_depth_shift; } - /* - * Does queue (or any parent entity) exceed number of requests that - * should be available to it? Heavily limit depth so that it cannot - * consume more available requests and thus starve other entities. - */ - if (bfqq && bfqq_request_over_limit(bfqq, limit)) - depth = 1; + for (act_idx = 0; bic && act_idx < bfqd->num_actuators; act_idx++) { + struct bfq_queue *bfqq = + bic_to_bfqq(bic, op_is_sync(opf), act_idx); + /* + * Does queue (or any parent entity) exceed number of + * requests that should be available to it? Heavily + * limit depth so that it cannot consume more + * available requests and thus starve other entities. + */ + if (bfqq && bfqq_request_over_limit(bfqq, limit)) { + depth = 1; + break; + } + } bfq_log(bfqd, "[%s] wr_busy %d sync %d depth %u", __func__, bfqd->wr_busy_queues, op_is_sync(opf), depth); if (depth) @@ -1820,6 +1837,18 @@ static bool bfq_bfqq_higher_class_or_weight(struct bfq_queue *bfqq, return bfqq_weight > in_serv_weight; } +/* + * Get the index of the actuator that will serve bio. + */ +static unsigned int bfq_actuator_index(struct bfq_data *bfqd, struct bio *bio) +{ + /* + * Multi-actuator support not complete yet, so always return 0 + * for the moment (to keep incomplete mechanisms off). + */ + return 0; +} + static bool bfq_better_to_idle(struct bfq_queue *bfqq); static void bfq_bfqq_handle_idle_busy_switch(struct bfq_data *bfqd, @@ -2150,7 +2179,7 @@ static void bfq_check_waker(struct bfq_data *bfqd, struct bfq_queue *bfqq, * We reset waker detection logic also if too much time has passed * since the first detection. If wakeups are rare, pointless idling * doesn't hurt throughput that much. The condition below makes sure - * we do not uselessly idle blocking waker in more than 1/64 cases. + * we do not uselessly idle blocking waker in more than 1/64 cases. */ if (bfqd->last_completed_rq_bfqq != bfqq->tentative_waker_bfqq || @@ -2486,7 +2515,8 @@ static bool bfq_bio_merge(struct request_queue *q, struct bio *bio, */ bfq_bic_update_cgroup(bic, bio); - bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf)); + bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf), + bfq_actuator_index(bfqd, bio)); } else { bfqd->bio_bfqq = NULL; } @@ -3188,7 +3218,7 @@ static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, /* * Merge queues (that is, let bic redirect its requests to new_bfqq) */ - bic_set_bfqq(bic, new_bfqq, true); + bic_set_bfqq(bic, new_bfqq, true, bfqq->actuator_idx); bfq_mark_bfqq_coop(new_bfqq); /* * new_bfqq now belongs to at least two bics (it is a shared queue): @@ -4818,11 +4848,8 @@ static struct bfq_queue *bfq_select_queue(struct bfq_data *bfqd) */ if (bfq_bfqq_wait_request(bfqq) || (bfqq->dispatched != 0 && bfq_better_to_idle(bfqq))) { - struct bfq_queue *async_bfqq = - bfqq->bic && bfqq->bic->bfqq[0] && - bfq_bfqq_busy(bfqq->bic->bfqq[0]) && - bfqq->bic->bfqq[0]->next_rq ? - bfqq->bic->bfqq[0] : NULL; + unsigned int act_idx = bfqq->actuator_idx; + struct bfq_queue *async_bfqq = NULL; struct bfq_queue *blocked_bfqq = !hlist_empty(&bfqq->woken_list) ? container_of(bfqq->woken_list.first, @@ -4830,6 +4857,10 @@ static struct bfq_queue *bfq_select_queue(struct bfq_data *bfqd) woken_list_node) : NULL; + if (bfqq->bic && bfqq->bic->bfqq[0][act_idx] && + bfq_bfqq_busy(bfqq->bic->bfqq[0][act_idx]) && + bfqq->bic->bfqq[0][act_idx]->next_rq) + async_bfqq = bfqq->bic->bfqq[0][act_idx]; /* * The next four mutually-exclusive ifs decide * whether to try injection, and choose the queue to @@ -4914,7 +4945,7 @@ static struct bfq_queue *bfq_select_queue(struct bfq_data *bfqd) icq_to_bic(async_bfqq->next_rq->elv.icq) == bfqq->bic && bfq_serv_to_charge(async_bfqq->next_rq, async_bfqq) <= bfq_bfqq_budget_left(async_bfqq)) - bfqq = bfqq->bic->bfqq[0]; + bfqq = bfqq->bic->bfqq[0][act_idx]; else if (bfqq->waker_bfqq && bfq_bfqq_busy(bfqq->waker_bfqq) && bfqq->waker_bfqq->next_rq && @@ -5375,48 +5406,54 @@ static void bfq_exit_bfqq(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_release_process_ref(bfqd, bfqq); } -static void bfq_exit_icq_bfqq(struct bfq_io_cq *bic, bool is_sync) +static void bfq_exit_icq_bfqq(struct bfq_io_cq *bic, bool is_sync, + unsigned int actuator_idx) { - struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync); + struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync, actuator_idx); struct bfq_data *bfqd; if (bfqq) bfqd = bfqq->bfqd; /* NULL if scheduler already exited */ if (bfqq && bfqd) { - unsigned long flags; - - spin_lock_irqsave(&bfqd->lock, flags); - bic_set_bfqq(bic, NULL, is_sync); + bic_set_bfqq(bic, NULL, is_sync, actuator_idx); bfq_exit_bfqq(bfqd, bfqq); - spin_unlock_irqrestore(&bfqd->lock, flags); } } static void bfq_exit_icq(struct io_cq *icq) { struct bfq_io_cq *bic = icq_to_bic(icq); + struct bfq_data *bfqd = bic_to_bfqd(bic); + unsigned long flags; + unsigned int act_idx; + /* + * If bfqd and thus bfqd->num_actuators is not available any + * longer, then cycle over all possible per-actuator bfqqs in + * next loop. We rely on bic being zeroed on creation, and + * therefore on its unused per-actuator fields being NULL. + */ + unsigned int num_actuators = BFQ_MAX_ACTUATORS; - if (bic->stable_merge_bfqq) { - struct bfq_data *bfqd = bic->stable_merge_bfqq->bfqd; + /* + * bfqd is NULL if scheduler already exited, and in that case + * this is the last time these queues are accessed. + */ + if (bfqd) { + spin_lock_irqsave(&bfqd->lock, flags); + num_actuators = bfqd->num_actuators; + } - /* - * bfqd is NULL if scheduler already exited, and in - * that case this is the last time bfqq is accessed. - */ - if (bfqd) { - unsigned long flags; + if (bic->stable_merge_bfqq) + bfq_put_stable_ref(bic->stable_merge_bfqq); - spin_lock_irqsave(&bfqd->lock, flags); - bfq_put_stable_ref(bic->stable_merge_bfqq); - spin_unlock_irqrestore(&bfqd->lock, flags); - } else { - bfq_put_stable_ref(bic->stable_merge_bfqq); - } + for (act_idx = 0; act_idx < num_actuators; act_idx++) { + bfq_exit_icq_bfqq(bic, true, act_idx); + bfq_exit_icq_bfqq(bic, false, act_idx); } - bfq_exit_icq_bfqq(bic, true); - bfq_exit_icq_bfqq(bic, false); + if (bfqd) + spin_unlock_irqrestore(&bfqd->lock, flags); } /* @@ -5493,25 +5530,27 @@ static void bfq_check_ioprio_change(struct bfq_io_cq *bic, struct bio *bio) bic->ioprio = ioprio; - bfqq = bic_to_bfqq(bic, false); + bfqq = bic_to_bfqq(bic, false, bfq_actuator_index(bfqd, bio)); if (bfqq) { struct bfq_queue *old_bfqq = bfqq; bfqq = bfq_get_queue(bfqd, bio, false, bic, true); - bic_set_bfqq(bic, bfqq, false); + bic_set_bfqq(bic, bfqq, false, bfq_actuator_index(bfqd, bio)); bfq_release_process_ref(bfqd, old_bfqq); } - bfqq = bic_to_bfqq(bic, true); + bfqq = bic_to_bfqq(bic, true, bfq_actuator_index(bfqd, bio)); if (bfqq) bfq_set_next_ioprio_data(bfqq, bic); } static void bfq_init_bfqq(struct bfq_data *bfqd, struct bfq_queue *bfqq, - struct bfq_io_cq *bic, pid_t pid, int is_sync) + struct bfq_io_cq *bic, pid_t pid, int is_sync, + unsigned int act_idx) { u64 now_ns = ktime_get_ns(); + bfqq->actuator_idx = act_idx; RB_CLEAR_NODE(&bfqq->entity.rb_node); INIT_LIST_HEAD(&bfqq->fifo); INIT_HLIST_NODE(&bfqq->burst_list_node); @@ -5762,7 +5801,7 @@ static struct bfq_queue *bfq_get_queue(struct bfq_data *bfqd, if (bfqq) { bfq_init_bfqq(bfqd, bfqq, bic, current->pid, - is_sync); + is_sync, bfq_actuator_index(bfqd, bio)); bfq_init_entity(&bfqq->entity, bfqg); bfq_log_bfqq(bfqd, bfqq, "allocated"); } else { @@ -6078,7 +6117,8 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * then complete the merge and redirect it to * new_bfqq. */ - if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) { + if (bic_to_bfqq(RQ_BIC(rq), true, + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { while (bfqq != new_bfqq) bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); } @@ -6632,7 +6672,7 @@ bfq_split_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq) return bfqq; } - bic_set_bfqq(bic, NULL, true); + bic_set_bfqq(bic, NULL, true, bfqq->actuator_idx); bfq_put_cooperator(bfqq); @@ -6646,7 +6686,8 @@ static struct bfq_queue *bfq_get_bfqq_handle_split(struct bfq_data *bfqd, bool split, bool is_sync, bool *new_queue) { - struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync); + unsigned int act_idx = bfq_actuator_index(bfqd, bio); + struct bfq_queue *bfqq = bic_to_bfqq(bic, is_sync, act_idx); if (likely(bfqq && bfqq != &bfqd->oom_bfqq)) return bfqq; @@ -6658,7 +6699,7 @@ static struct bfq_queue *bfq_get_bfqq_handle_split(struct bfq_data *bfqd, bfq_put_queue(bfqq); bfqq = bfq_get_queue(bfqd, bio, is_sync, bic, split); - bic_set_bfqq(bic, bfqq, is_sync); + bic_set_bfqq(bic, bfqq, is_sync, act_idx); if (split && is_sync) { if ((bic->was_in_burst_list && bfqd->large_burst) || bic->saved_in_large_burst) @@ -7139,8 +7180,10 @@ static int bfq_init_queue(struct request_queue *q, struct elevator_type *e) * Our fallback bfqq if bfq_find_alloc_queue() runs into OOM issues. * Grab a permanent reference to it, so that the normal code flow * will not attempt to free it. + * Set zero as actuator index: we will pretend that + * all I/O requests are for the same actuator. */ - bfq_init_bfqq(bfqd, &bfqd->oom_bfqq, NULL, 1, 0); + bfq_init_bfqq(bfqd, &bfqd->oom_bfqq, NULL, 1, 0, 0); bfqd->oom_bfqq.ref++; bfqd->oom_bfqq.new_ioprio = BFQ_DEFAULT_QUEUE_IOPRIO; bfqd->oom_bfqq.new_ioprio_class = IOPRIO_CLASS_BE; @@ -7159,6 +7202,13 @@ static int bfq_init_queue(struct request_queue *q, struct elevator_type *e) bfqd->queue = q; + /* + * Multi-actuator support not complete yet, unconditionally + * set to only one actuator for the moment (to keep incomplete + * mechanisms off). + */ + bfqd->num_actuators = 1; + INIT_LIST_HEAD(&bfqd->dispatch); hrtimer_init(&bfqd->idle_slice_timer, CLOCK_MONOTONIC, diff --git a/block/bfq-iosched.h b/block/bfq-iosched.h index 71f721670ab62..2b413ddffbb95 100644 --- a/block/bfq-iosched.h +++ b/block/bfq-iosched.h @@ -33,6 +33,14 @@ */ #define BFQ_SOFTRT_WEIGHT_FACTOR 100 +/* + * Maximum number of actuators supported. This constant is used simply + * to define the size of the static array that will contain + * per-actuator data. The current value is hopefully a good upper + * bound to the possible number of actuators of any actual drive. + */ +#define BFQ_MAX_ACTUATORS 8 + struct bfq_entity; /** @@ -225,12 +233,14 @@ struct bfq_ttime { * struct bfq_queue - leaf schedulable entity. * * A bfq_queue is a leaf request queue; it can be associated with an - * io_context or more, if it is async or shared between cooperating - * processes. @cgroup holds a reference to the cgroup, to be sure that it - * does not disappear while a bfqq still references it (mostly to avoid - * races between request issuing and task migration followed by cgroup - * destruction). - * All the fields are protected by the queue lock of the containing bfqd. + * io_context or more, if it is async or shared between cooperating + * processes. Besides, it contains I/O requests for only one actuator + * (an io_context is associated with a different bfq_queue for each + * actuator it generates I/O for). @cgroup holds a reference to the + * cgroup, to be sure that it does not disappear while a bfqq still + * references it (mostly to avoid races between request issuing and + * task migration followed by cgroup destruction). All the fields are + * protected by the queue lock of the containing bfqd. */ struct bfq_queue { /* reference counter */ @@ -395,6 +405,9 @@ struct bfq_queue { * the woken queues when this queue exits. */ struct hlist_head woken_list; + + /* index of the actuator this queue is associated with */ + unsigned int actuator_idx; }; /** @@ -403,8 +416,17 @@ struct bfq_queue { struct bfq_io_cq { /* associated io_cq structure */ struct io_cq icq; /* must be the first member */ - /* array of two process queues, the sync and the async */ - struct bfq_queue *bfqq[2]; + /* + * Matrix of associated process queues: first row for async + * queues, second row sync queues. Each row contains one + * column for each actuator. An I/O request generated by the + * process is inserted into the queue pointed by bfqq[i][j] if + * the request is to be served by the j-th actuator of the + * drive, where i==0 or i==1, depending on whether the request + * is async or sync. So there is a distinct queue for each + * actuator. + */ + struct bfq_queue *bfqq[2][BFQ_MAX_ACTUATORS]; /* per (request_queue, blkcg) ioprio */ int ioprio; #ifdef CONFIG_BFQ_GROUP_IOSCHED @@ -768,6 +790,13 @@ struct bfq_data { */ unsigned int word_depths[2][2]; unsigned int full_depth_shift; + + /* + * Number of independent actuators. This is equal to 1 in + * case of single-actuator drives. + */ + unsigned int num_actuators; + }; enum bfqq_state_flags { @@ -964,8 +993,10 @@ struct bfq_group { extern const int bfq_timeout; -struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync); -void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync); +struct bfq_queue *bic_to_bfqq(struct bfq_io_cq *bic, bool is_sync, + unsigned int actuator_idx); +void bic_set_bfqq(struct bfq_io_cq *bic, struct bfq_queue *bfqq, bool is_sync, + unsigned int actuator_idx); struct bfq_data *bic_to_bfqd(struct bfq_io_cq *bic); void bfq_pos_tree_add_move(struct bfq_data *bfqd, struct bfq_queue *bfqq); void bfq_weights_tree_add(struct bfq_data *bfqd, struct bfq_queue *bfqq, -- 2.47.1

7 months

2
3
0 0

[PATCH] drm/xe/display: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in xe_display_create() to catch potential exception. Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/xe/display/xe_display.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index b3921dbc52ff..b5d6ae05d936 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -97,6 +97,8 @@ int xe_display_create(struct xe_device *xe) spin_lock_init(&xe->display.fb_tracking.lock); xe->display.hotplug.dp_wq = alloc_ordered_workqueue("xe-dp", 0); + if (!xe->display.hotplug.dp_wq) + return -ENOMEM; return drmm_add_action_or_reset(&xe->drm, display_destroy, NULL); } -- 2.25.1

7 months

1
0
0 0

[PATCH] mlx5: Add check for get_macsec_device()

by Haoxiang Li

Add check for the return value of get_macsec_device() in mlx5r_del_gid_macsec_operations() to prevent null pointer dereference. Fixes: 58dbd6428a68 ("RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/infiniband/hw/mlx5/macsec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/infiniband/hw/mlx5/macsec.c b/drivers/infiniband/hw/mlx5/macsec.c index 3c56eb5eddf3..623b0a58f721 100644 --- a/drivers/infiniband/hw/mlx5/macsec.c +++ b/drivers/infiniband/hw/mlx5/macsec.c @@ -354,6 +354,11 @@ void mlx5r_del_gid_macsec_operations(const struct ib_gid_attr *attr) } } macsec_device = get_macsec_device(ndev, &dev->macsec.macsec_devices_list); + if (!macsec_device) { + dev_put(ndev); + mutex_unlock(&dev->macsec.lock); + return; + } mlx5_macsec_del_roce_rule(attr->index, dev->mdev->macsec_fs, &macsec_device->tx_rules_list, &macsec_device->rx_rules_list); mlx5_macsec_del_roce_gid(macsec_device, attr->index); -- 2.25.1

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021801-splinter-sappy-56b3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021855-snugly-hacked-a8fa@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

7 months

3
4
0 0

Re: [PATCH 6.13 000/274] 6.13.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

7 months

1
0
0 0

[PATCH 5.10] mm: call the security_mmap_file() LSM hook in remap_file_pages()

by Pratyush Yadav

From: Shu Han <ebpqwerty472123(a)gmail.com> commit ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 upstream. The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Pratyush Yadav <ptyadav(a)amazon.de> --- mm/mmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/mmap.c b/mm/mmap.c index 9f76625a1743..2c17eb840e44 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3078,8 +3078,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, } file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm); -- 2.47.1

7 months

2
2
0 0

[PATCH] btrfs: fix data overwriting bug during buffered write when block size < page size

by Qu Wenruo

[BUG] When running generic/417 with a btrfs whose block size < page size (subpage cases), it always fails. And the following minimal reproducer is more than enough to trigger it reliably: workload() { mkfs.btrfs -s 4k -f $dev > /dev/null dmesg -C mount $dev $mnt $fsstree_dir/src/dio-invalidate-cache -r -b 4096 -n 3 -i 1 -f $mnt/diotest ret=$? umount $mnt stop_trace if [ $ret -ne 0 ]; then fail fi } for (( i = 0; i < 1024; i++)); do echo "=== $i/$runtime ===" workload done [CAUSE] With extra trace printk added to the following functions: - btrfs_buffered_write() * Which folio is touched * The file offset (start) where the buffered write is at * How many bytes are copied * The content of the write (the first 2 bytes) - submit_one_sector() * Which folio is touched * The position inside the folio - pagecache_isize_extended() * The parameters of the function itself * The parameters of the folio_zero_range() Which are enough to show the problem: 22.158114: btrfs_buffered_write: folio pos=0 start=0 copied=4096 content=0x0101 22.158161: submit_one_sector: r/i=5/257 folio=0 pos=0 content=0x0101 22.158609: btrfs_buffered_write: folio pos=0 start=4096 copied=4096 content=0x0101 22.158634: btrfs_buffered_write: folio pos=0 start=8192 copied=4096 content=0x0101 22.158650: pagecache_isize_extended: folio=0 from=4096 to=8192 bsize=4096 zero off=4096 len=8192 22.158682: submit_one_sector: r/i=5/257 folio=0 pos=4096 content=0x0000 22.158686: submit_one_sector: r/i=5/257 folio=0 pos=8192 content=0x0101 The tool dio-invalidate-cache will start 3 threads, each doing a buffered write with 0x01 at 4096 * i (i is 0, 1 ,2), do a fsync, then do a direct read, and compare the read buffer with the write buffer. Note that all 3 btrfs_buffered_write() are writing the correct 0x01 into the page cache. But at submit_one_sector(), at file offset 4096, the content is zeroed out, mostly by pagecache_isize_extended(). The race happens like this: Thread A is writing into range [4K, 8K). Thread B is writing into range [8K, 12k). Thread A | Thread B -------------------------------------+------------------------------------ btrfs_buffered_write() | btrfs_buffered_write() |- old_isize = 4K; | |- old_isize = 4096; |- btrfs_inode_lock() | | |- write into folio range [4K, 8K) | | |- pagecache_isize_extended() | | | extend isize from 4096 to 8192 | | | no folio_zero_range() called | | |- btrfs_inode_lock() | | | |- btrfs_inode_lock() | |- write into folio range [8K, 12K) | |- pagecache_isize_extended() | | calling folio_zero_range(4K, 8K) | | This is caused by the old_isize is | | grabbed too early, without any | | inode lock. | |- btrfs_inode_unlock() The @old_isize is grabbed without inode lock, causing race between two buffered write threads and making pagecache_isize_extended() to zero range which is still containing cached data. And this is only affecting subpage btrfs, because for regular blocksize == page size case, the function pagecache_isize_extended() will do nothing if the block size >= page size. [FIX] Grab the old isize with inode lock hold. This means each buffered write thread will have a stable view of the old inode size, thus avoid the above race. Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/file.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index fd90855fe717..896dc03689d6 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1090,7 +1090,7 @@ ssize_t btrfs_buffered_write(struct kiocb *iocb, struct iov_iter *i) u64 lockend; size_t num_written = 0; ssize_t ret; - loff_t old_isize = i_size_read(inode); + loff_t old_isize; unsigned int ilock_flags = 0; const bool nowait = (iocb->ki_flags & IOCB_NOWAIT); unsigned int bdp_flags = (nowait ? BDP_ASYNC : 0); @@ -1103,6 +1103,13 @@ ssize_t btrfs_buffered_write(struct kiocb *iocb, struct iov_iter *i) if (ret < 0) return ret; + /* + * We can only trust the isize with inode lock hold, or it can race with + * other buffered writes and cause incorrect call of + * pagecache_isize_extended() to overwrite existing data. + */ + old_isize = i_size_read(inode); + ret = generic_write_checks(iocb, i); if (ret <= 0) goto out; -- 2.48.1

7 months

2
1
0 0

Re: [External] : Re: Please backport: netfilter: nft_counter: Use u64_stats_t for statistic.

by MOESSBAUER, Felix

On Fri, 2024-10-04 at 09:39 +0200, Sebastian Andrzej Siewior wrote: > On 2024-09-27 15:01:00 [-0400], Joseph Salisbury wrote: > > Is it needed in all stable release patch sets, including v5.15? > > Yes. I would appreciate backporting it all the way where the code is > available. The dependencies > 1eacdd71b3436 ("netfilter: nft_counter: Disable BH in > nft_counter_offload_stats().") > a0b39e2dc7017 ("netfilter: nft_counter: Synchronize > nft_counter_reset() against reader.") > > were already routed via stable. > The problem is that the seqcount has no lock associated so a reader > could preempt a writer and then lockup spinning. Hi, this needs to be backported to all stable RT trees (just checked 4.19 and 6.1. 5.15 already has it). We observed the reader live-lock issue in "nft_counter_fetch" on 6.1.120-rt47 (leading to a system stall) and were also able to find it with lockdep (see stacktrace below). I'm wondering if this patch could be applied to linux-stable, even if it is just a performance optimization on non-rt kernels (not a fix). The patch "netfilter: nft_counter: Use u64_stats_t for statistic" cleanly applies on 6.1.y and 6.1.127-rt48. Stacktrace from lockdep: [ 33.643632] ------------[ cut here ]------------ [ 33.643637] WARNING: CPU: 0 PID: 972 at include/linux/seqlock.h:269 nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643657] Modules linked in: br_netfilter bridge stp llc xt_comment xt_recent xt_hl ip6_tables ip6t_rt ipt_REJECT nf_reject_ipv4 xt_LOG nf_log_syslog nft_limit xt_limit xt_addrtype xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables libcrc32c nfnetlink rfkill intel_rapl_msr intel_rapl_common ccp binfmt_misc kvm irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 ppdev snd_pcm snd_timer aesni_intel snd crypto_simd cryptd soundcore pcspkr parport_pc iTCO_wdt bochs parport drm_vram_helper intel_pmc_bxt drm_ttm_helper iTCO_vendor_support button ttm drm_kms_helper watchdog sg joydev evdev serio_raw drm fuse loop efi_pstore configfs qemu_fw_cfg ip_tables x_tables autofs4 overlay nls_ascii nls_cp437 vfat fat ext4 crc32c_generic crc16 mbcache jbd2 xts ecb squashfs dm_verity dm_bufio reed_solomon dm_mod sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic virtio_net net_failover ahci failover libahci crct10dif_pclmul [ 33.643727] crct10dif_common libata virtio_pci i2c_i801 crc32_pclmul scsi_mod crc32c_intel virtio_pci_legacy_dev i2c_smbus psmouse virtio_pci_modern_dev virtio scsi_common virtio_ring lpc_ich [ 33.643739] CPU: 0 PID: 972 Comm: onboardservice Not tainted 6.1.120-rt47 #1 [ 33.643742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 33.643744] RIP: 0010:nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643759] Code: 52 3f 85 d2 74 26 65 8b 05 ba bd 52 3f 85 c0 75 1b 65 8b 05 e7 b3 52 3f a9 ff ff ff 7f 75 0d 65 8b 05 dd ba 52 3f 85 c0 74 02 <0f> 0b ff 74 24 20 4c 8d 6d 08 45 31 c9 31 c9 41 b8 01 00 00 00 31 [ 33.643776] RSP: 0018:ffffa045007736a0 EFLAGS: 00010202 [ 33.643778] RAX: 0000000000000001 RBX: ffffc044ffc2ae80 RCX: 00000000000026af [ 33.643780] RDX: 0000000000000001 RSI: ffff8d29050db388 RDI: ffffffffc0af49a4 [ 33.643781] RBP: ffff8d293f638060 R08: 0000000000000000 R09: 0000000000000000 [ 33.643782] R10: 0000000000000001 R11: 000000009bb77572 R12: ffffa04500773920 [ 33.643783] R13: ffff8d29011db358 R14: ffff8d29011db208 R15: ffff8d29011db240 [ 33.643807] FS: 000000c000047c90(0000) GS:ffff8d293f600000(0000) knlGS:0000000000000000 [ 33.643811] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.643813] CR2: 000000c0005fe000 CR3: 000000003a212000 CR4: 00000000003506f0 [ 33.643836] Call Trace: [ 33.643840] <TASK> [ 33.643844] ? __warn+0x82/0xe0 [ 33.643852] ? nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643877] ? report_bug+0x10e/0x180 [ 33.643889] ? handle_bug+0x41/0x70 [ 33.643895] ? exc_invalid_op+0x13/0x60 [ 33.643899] ? asm_exc_invalid_op+0x16/0x20 [ 33.643912] ? nft_counter_eval+0x24/0xd0 [nf_tables] [ 33.643931] ? nft_counter_eval+0x6b/0xd0 [nf_tables] [ 33.643962] nft_do_chain+0x45b/0x690 [nf_tables] [ 33.644025] nft_do_chain_ipv4+0x78/0xa0 [nf_tables] [ 33.644046] nf_hook_slow+0x41/0xc0 [ 33.644054] __ip_local_out+0x14c/0x300 [ 33.644062] ? ip_output+0xb0/0xb0 [ 33.644074] __ip_queue_xmit+0x1c0/0x7f0 [ 33.644086] __tcp_transmit_skb+0xabe/0xcb0 [ 33.644107] tcp_write_xmit+0x521/0x14a0 [ 33.644117] __tcp_push_pending_frames+0x32/0xf0 [ 33.644120] tcp_sendmsg_locked+0x4cd/0xc20 [ 33.644133] tcp_sendmsg+0x27/0x40 [ 33.644137] __sock_sendmsg+0x58/0x70 [ 33.644142] sock_write_iter+0x9a/0x100 [ 33.644151] vfs_write+0x2c8/0x330 [ 33.644164] ksys_write+0xc3/0xf0 [ 33.644169] do_syscall_64+0x55/0xb0 [ 33.644173] ? lock_acquire+0xc4/0x2d0 [ 33.644178] ? find_held_lock+0x2b/0x80 [ 33.644182] ? finish_task_switch.isra.0+0xca/0x380 [ 33.644186] ? lock_release+0xd0/0x2d0 [ 33.644191] ? lockdep_hardirqs_on_prepare+0xdc/0x190 [ 33.644196] ? finish_task_switch.isra.0+0xcf/0x380 [ 33.644201] ? __schedule+0x3f8/0xd20 [ 33.644206] ? restore_fpregs_from_fpstate+0x38/0x90 [ 33.644211] ? trace_x86_fpu_regs_activated+0x1f/0xb0 [ 33.644213] ? switch_fpu_return+0x58/0x90 [ 33.644218] ? exit_to_user_mode_prepare+0x1af/0x250 [ 33.644223] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 33.644227] RIP: 0033:0x40720e [ 33.644230] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48 [ 33.644232] RSP: 002b:000000c000069980 EFLAGS: 00000216 ORIG_RAX: 0000000000000001 [ 33.644234] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000040720e [ 33.644236] RDX: 000000000000008c RSI: 000000c0001746c0 RDI: 0000000000000009 [ 33.644237] RBP: 000000c0000699c0 R08: 0000000000000000 R09: 0000000000000000 [ 33.644238] R10: 0000000000000000 R11: 0000000000000216 R12: 000000c000069b00 [ 33.644239] R13: 000000000000000e R14: 000000c00016ed00 R15: 0000000000a88360 [ 33.644250] </TASK> [ 33.644250] irq event stamp: 10266 [ 33.644251] hardirqs last enabled at (10268): [<ffffffff96339836>] vprintk_store+0x326/0x550 [ 33.644256] hardirqs last disabled at (10269): [<ffffffff9633987c>] vprintk_store+0x36c/0x550 [ 33.644259] softirqs last enabled at (9900): [<ffffffff962af77e>] __local_bh_enable_ip+0xfe/0x140 [ 33.644264] softirqs last disabled at (9904): [<ffffffffc0af49a4>] nft_counter_eval+0x24/0xd0 [nf_tables] [ 33.644277] ---[ end trace 0000000000000000 ]--- Best regards, Felix > > Sebastian -- Siemens AG Linux Expert Center Friedrich-Ludwig-Bauer-Str. 3 85748 Garching, Germany

7 months

2
1
0 0

[PATCH v2] i2c: ls2x: Fix frequency division register access

by Binbin Zhou

According to the chip manual, the I2C register access type of Loongson-2K2000/LS7A is "B", so we can only access registers in byte form (readb/writeb). Although Loongson-2K0500/Loongson-2K1000 do not have similar constraints, register accesses in byte form also behave correctly. Also, in hardware, the frequency division registers are defined as two separate registers (high 8-bit and low 8-bit), so we just access them directly as bytes. Cc: stable(a)vger.kernel.org Fixes: 015e61f0bffd ("i2c: ls2x: Add driver for Loongson-2K/LS7A I2C controller") Co-developed-by: Hongliang Wang <wanghongliang(a)loongson.cn> Signed-off-by: Hongliang Wang <wanghongliang(a)loongson.cn> Signed-off-by: Binbin Zhou <zhoubinbin(a)loongson.cn> --- V2: - Add a comment to prevent from changing that back to 16-bit write. Link to V1: https://lore.kernel.org/all/20250218111133.3058590-1-zhoubinbin@loongson.cn/ drivers/i2c/busses/i2c-ls2x.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/busses/i2c-ls2x.c b/drivers/i2c/busses/i2c-ls2x.c index 8821cac3897b..61377693a4d6 100644 --- a/drivers/i2c/busses/i2c-ls2x.c +++ b/drivers/i2c/busses/i2c-ls2x.c @@ -10,6 +10,7 @@ * Rewritten for mainline by Binbin Zhou <zhoubinbin(a)loongson.cn> */ +#include <linux/bitfield.h> #include <linux/bits.h> #include <linux/completion.h> #include <linux/device.h> @@ -26,7 +27,8 @@ #include <linux/units.h> /* I2C Registers */ -#define I2C_LS2X_PRER 0x0 /* Freq Division Register(16 bits) */ +#define I2C_LS2X_PRER_LO 0x0 /* Freq Division Low Byte Register */ +#define I2C_LS2X_PRER_HI 0x1 /* Freq Division High Byte Register */ #define I2C_LS2X_CTR 0x2 /* Control Register */ #define I2C_LS2X_TXR 0x3 /* Transport Data Register */ #define I2C_LS2X_RXR 0x3 /* Receive Data Register */ @@ -93,6 +95,7 @@ static irqreturn_t ls2x_i2c_isr(int this_irq, void *dev_id) */ static void ls2x_i2c_adjust_bus_speed(struct ls2x_i2c_priv *priv) { + u16 val; struct i2c_timings *t = &priv->i2c_t; struct device *dev = priv->adapter.dev.parent; u32 acpi_speed = i2c_acpi_find_bus_speed(dev); @@ -104,9 +107,14 @@ static void ls2x_i2c_adjust_bus_speed(struct ls2x_i2c_priv *priv) else t->bus_freq_hz = LS2X_I2C_FREQ_STD; - /* Calculate and set i2c frequency. */ - writew(LS2X_I2C_PCLK_FREQ / (5 * t->bus_freq_hz) - 1, - priv->base + I2C_LS2X_PRER); + /* + * According to the chip manual, we can only access the registers as bytes, + * otherwise the high bits will be truncated. + * So set the I2C frequency with a sequential writeb instead of writew. + */ + val = LS2X_I2C_PCLK_FREQ / (5 * t->bus_freq_hz) - 1; + writeb(FIELD_GET(GENMASK(7, 0), val), priv->base + I2C_LS2X_PRER_LO); + writeb(FIELD_GET(GENMASK(15, 8), val), priv->base + I2C_LS2X_PRER_HI); } static void ls2x_i2c_init(struct ls2x_i2c_priv *priv) base-commit: 7e45b505e699f4c80aa8bf79b4ea2a5f5a66bb51 -- 2.47.1

7 months

2
1
0 0

[PATCH 0/2] HID: intel-ish-hid: Fix use-after-free issues in driver removal process

by Zhang Lixu

These patches address use-after-free issues in the `intel_ishtp_hid` driver during the removal process. Zhang Lixu (2): HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) base-commit: 0ae0fa3bf0b44c8611d114a9f69985bf451010c3 -- 2.43.0

7 months

2
3
0 0

[PATCH V4] mm/hugetlb: wait for hugetlb folios to be freed

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: <stable(a)vger.kernel.org> --- V4: - add a check to determine if hpage_freelist is empty suggested by David V3: - adjust code and message suggested by Muchun and David V2: - flush all folios at once suggested by David include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 8 ++++++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 23 insertions(+) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 6c6546b..0c54b3a 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(int nid, struct huge_bootmem_page *m); int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 30bc34d..8801dbc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2955,6 +2955,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index 8ed53ee0..b2fc526 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -615,6 +615,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. -- 2.7.4

7 months

3
2
0 0

[PATCH] scsi: esas2r: Add check for alloc_ordered_workqueue()

by Haoxiang Li

Add check for the return value of alloc_ordered_workqueue() in esas2r_init_adapter() to catch potential exception. Fixes: 4cb1b41a5ee4 ("scsi: esas2r: Simplify an alloc_ordered_workqueue() invocation") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/scsi/esas2r/esas2r_init.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/esas2r/esas2r_init.c b/drivers/scsi/esas2r/esas2r_init.c index 0cea5f3d1a08..48bb8aaf9df4 100644 --- a/drivers/scsi/esas2r/esas2r_init.c +++ b/drivers/scsi/esas2r/esas2r_init.c @@ -314,6 +314,11 @@ int esas2r_init_adapter(struct Scsi_Host *host, struct pci_dev *pcid, a->fw_event_q = alloc_ordered_workqueue("esas2r/%d", WQ_MEM_RECLAIM, a->index); + if (!a->fw_event_q) { + esas2r_log(ESAS2R_LOG_CRIT, "failed to create work queue\n"); + esas2r_kill_adapter(index); + return 0; + } init_waitqueue_head(&a->buffered_ioctl_waiter); init_waitqueue_head(&a->nvram_waiter); init_waitqueue_head(&a->fm_api_waiter); -- 2.25.1

7 months

1
0
0 0

[PATCH] Revert "ext4: apply umask if ACL support is disabled"

by Max Kellermann

This reverts commit 484fd6c1de13b336806a967908a927cc0356e312. The commit caused a regression because now the umask was applied to symlinks and the fix is unnecessary because the umask/O_TMPFILE bug has been fixed somewhere else already. Fixes: https://lore.kernel.org/lkml/28DSITL9912E1.2LSZUVTGTO52Q@mforney.org/ Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ext4/acl.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h index ef4c19e5f570..0c5a79c3b5d4 100644 --- a/fs/ext4/acl.h +++ b/fs/ext4/acl.h @@ -68,11 +68,6 @@ extern int ext4_init_acl(handle_t *, struct inode *, struct inode *); static inline int ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir) { - /* usually, the umask is applied by posix_acl_create(), but if - ext4 ACL support is disabled at compile time, we need to do - it here, because posix_acl_create() will never be called */ - inode->i_mode &= ~current_umask(); - return 0; } #endif /* CONFIG_EXT4_FS_POSIX_ACL */ -- 2.39.2

7 months

6
6
0 0

Re: [PATCH] jfs: fix slab-out-of-bounds read in ea_get()

by Qasim Ijaz

On Thu, Feb 13, 2025 at 11:07:07AM +0100, Greg KH wrote: > On Thu, Feb 13, 2025 at 12:20:25AM +0000, Qasim Ijaz wrote: > > During the "size_check" label in ea_get(), the code checks if the extended > > attribute list (xattr) size matches ea_size. If not, it logs > > "ea_get: invalid extended attribute" and calls print_hex_dump(). > > > > Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds > > INT_MAX (2,147,483,647). Then ea_size is clamped: > > > > int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); > > > > Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper > > limit is treated as an int, causing an overflow above 2^31 - 1. This leads > > "size" to wrap around and become negative (-184549328). > > > > The "size" is then passed to print_hex_dump() (called "len" in > > print_hex_dump()), it is passed as type size_t (an unsigned > > type), this is then stored inside a variable called > > "int remaining", which is then assigned to "int linelen" which > > is then passed to hex_dump_to_buffer(). In print_hex_dump() > > the for loop, iterates through 0 to len-1, where len is > > 18446744073525002176, calling hex_dump_to_buffer() > > on each iteration: > > > > for (i = 0; i < len; i += rowsize) { > > linelen = min(remaining, rowsize); > > remaining -= rowsize; > > > > hex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize, > > linebuf, sizeof(linebuf), ascii); > > > > ... > > } > > > > The expected stopping condition (i < len) is effectively broken > > since len is corrupted and very large. This eventually leads to > > the "ptr+i" being passed to hex_dump_to_buffer() to get closer > > to the end of the actual bounds of "ptr", eventually an out of > > bounds access is done in hex_dump_to_buffer() in the following > > for loop: > > > > for (j = 0; j < len; j++) { > > if (linebuflen < lx + 2) > > goto overflow2; > > ch = ptr[j]; > > ... > > } > > > > To fix this we should validate "EALIST_SIZE(ea_buf->xattr)" > > before it is utilised. > > > > Reported-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> > > Tested-by: syzbot <syzbot+4e6e7e4279d046613bc5(a)syzkaller.appspotmail.com> > > Closes: https://syzkaller.appspot.com/bug?extid=4e6e7e4279d046613bc5 > > Fixes: d9f9d96136cb ("jfs: xattr: check invalid xattr size more strictly") > > Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> > > --- > > fs/jfs/xattr.c | 15 ++++++++++----- > > 1 file changed, 10 insertions(+), 5 deletions(-) > > > > diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c > > index 24afbae87225..7575c51cce9b 100644 > > --- a/fs/jfs/xattr.c > > +++ b/fs/jfs/xattr.c > > @@ -559,11 +555,16 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) > > > > size_check: > > if (EALIST_SIZE(ea_buf->xattr) != ea_size) { > > - int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); > > - > > - printk(KERN_ERR "ea_get: invalid extended attribute\n"); > > - print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, > > - ea_buf->xattr, size, 1); > > + if (unlikely(EALIST_SIZE(ea_buf->xattr) > INT_MAX)) { > > + printk(KERN_ERR "ea_get: extended attribute size too large: %u > INT_MAX\n", > > + EALIST_SIZE(ea_buf->xattr)); > > + } else { > > + int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); > > + > > + printk(KERN_ERR "ea_get: invalid extended attribute\n"); > > + print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1, > > + ea_buf->xattr, size, 1); > > + } > > ea_release(inode, ea_buf); > > rc = -EIO; > > goto clean_up; > > -- > > 2.39.5 > > > > Hi, > > This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him > a patch that has triggered this response. He used to manually respond > to these common problems, but in order to save his sanity (he kept > writing the same thing over and over, yet to different people), I was > created. Hopefully you will not take offence and will fix the problem > in your patch and resubmit it so that it can be accepted into the Linux > kernel tree. > > You are receiving this message because of the following common error(s) > as indicated below: > > - You have marked a patch with a "Fixes:" tag for a commit that is in an > older released kernel, yet you do not have a cc: stable line in the > signed-off-by area at all, which means that the patch will not be > applied to any older kernel releases. To properly fix this, please > follow the documented rules in the > Documentation/process/stable-kernel-rules.rst file for how to resolve > this. > > If you wish to discuss this problem further, or you have questions about > how to resolve this issue, please feel free to respond to this email and > Greg will reply once he has dug out from the pending patches received > from other developers. > Hi Greg, Just following up on this patch. I’ve sent v2 with the added CC stable tag. Here’s the link: https://lore.kernel.org/all/20250213210553.28613-1-qasdev00@gmail.com/ Let me know if any further changes are needed. Thanks, Qasim > thanks, > > greg k-h's patch email bot

7 months

2
1
0 0

[PATCH v2 Linux-6.12.y Linux-6.13.y 1/1] selftests/mm: build with -O2

by Yifei Liu

From: Kevin Brodsky <kevin.brodsky(a)arm.com> [ Upstream commit 46036188ea1f5266df23a6149dea0df1c77cd1c7 ] The mm kselftests are currently built with no optimisation (-O0). It's unclear why, and besides being obviously suboptimal, this also prevents the pkeys tests from working as intended. Let's build all the tests with -O2. [kevin.brodsky(a)arm.com: silence unused-result warnings] Link: https://lkml.kernel.org/r/20250107170110.2819685-1-kevin.brodsky@arm.com Link: https://lkml.kernel.org/r/20241209095019.1732120-6-kevin.brodsky@arm.com Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Joey Gouly <joey.gouly(a)arm.com> Cc: Keith Lucas <keith.lucas(a)oracle.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> (cherry picked from commit 46036188ea1f5266df23a6149dea0df1c77cd1c7) [Yifei: This commit also fix the failure of pkey_sighandler_tests_64, which is also in linux-6.12.y and linux-6.13.y, thus backport this commit] Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- tools/testing/selftests/mm/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 02e1204971b0..c0138cb19705 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -33,9 +33,16 @@ endif # LDLIBS. MAKEFLAGS += --no-builtin-rules -CFLAGS = -Wall -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) +CFLAGS = -Wall -O2 -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) LDLIBS = -lrt -lpthread -lm +# Some distributions (such as Ubuntu) configure GCC so that _FORTIFY_SOURCE is +# automatically enabled at -O1 or above. This triggers various unused-result +# warnings where functions such as read() or write() are called and their +# return value is not checked. Disable _FORTIFY_SOURCE to silence those +# warnings. +CFLAGS += -U_FORTIFY_SOURCE + TEST_GEN_FILES = cow TEST_GEN_FILES += compaction_test TEST_GEN_FILES += gup_longterm -- 2.46.0

7 months

4
7
0 0

[PATCH] drm/xe: Fix exporting xe buffers multiple times

by Jacek Lawrynowicz

From: Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> The `struct ttm_resource->placement` contains TTM_PL_FLAG_* flags, but it was incorrectly tested for XE_PL_* flags. This caused xe_dma_buf_pin() to always fail when invoked for the second time. Fix this by checking the `mem_type` field instead. Fixes: 7764222d54b7 ("drm/xe: Disallow pinning dma-bufs in VRAM") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: Michal Wajdeczko <michal.wajdeczko(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_bo.h | 2 -- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.h b/drivers/gpu/drm/xe/xe_bo.h index d9386ab031404..43bf6f140d40d 100644 --- a/drivers/gpu/drm/xe/xe_bo.h +++ b/drivers/gpu/drm/xe/xe_bo.h @@ -341,7 +341,6 @@ static inline unsigned int xe_sg_segment_size(struct device *dev) return round_down(max / 2, PAGE_SIZE); } -#if IS_ENABLED(CONFIG_DRM_XE_KUNIT_TEST) /** * xe_bo_is_mem_type - Whether the bo currently resides in the given * TTM memory type @@ -356,4 +355,3 @@ static inline bool xe_bo_is_mem_type(struct xe_bo *bo, u32 mem_type) return bo->ttm.resource->mem_type == mem_type; } #endif -#endif diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c index c5b95470fa324..f67803e15a0e6 100644 --- a/drivers/gpu/drm/xe/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/xe_dma_buf.c @@ -58,7 +58,7 @@ static int xe_dma_buf_pin(struct dma_buf_attachment *attach) * 1) Avoid pinning in a placement not accessible to some importers. * 2) Pinning in VRAM requires PIN accounting which is a to-do. */ - if (xe_bo_is_pinned(bo) && bo->ttm.resource->placement != XE_PL_TT) { + if (xe_bo_is_pinned(bo) && !xe_bo_is_mem_type(bo, XE_PL_TT)) { drm_dbg(&xe->drm, "Can't migrate pinned bo for dma-buf pin.\n"); return -EINVAL; } -- 2.45.1

7 months

2
1
0 0

[PATCH V3] mm/hugetlb: wait for hugetlb folios to be freed

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: <stable(a)vger.kernel.org> --- V3: - adjust code and message suggested by Muchun and David V2: - flush all folios at once suggested by David include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 5 +++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 6c6546b..0c54b3a 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(int nid, struct huge_bootmem_page *m); int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 30bc34d..b4630b3 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2955,6 +2955,11 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index 8ed53ee0..b2fc526 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -615,6 +615,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. -- 2.7.4

7 months

3
4
0 0

[PATCH] wifi: mt76: Add check for devm_kstrdup()

by Haoxiang Li

Add check for the return value of devm_kstrdup() in mt76_get_of_data_from_mtd() to catch potential exception. Fixes: e7a6a044f9b9 ("mt76: testmode: move mtd part to mt76_dev") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/eeprom.c b/drivers/net/wireless/mediatek/mt76/eeprom.c index 0bc66cc19acd..443517d06c9f 100644 --- a/drivers/net/wireless/mediatek/mt76/eeprom.c +++ b/drivers/net/wireless/mediatek/mt76/eeprom.c @@ -95,6 +95,10 @@ int mt76_get_of_data_from_mtd(struct mt76_dev *dev, void *eep, int offset, int l #ifdef CONFIG_NL80211_TESTMODE dev->test_mtd.name = devm_kstrdup(dev->dev, part, GFP_KERNEL); + if (!dev->test_mtd.name) { + ret = -ENOMEM; + goto out_put_node; + } dev->test_mtd.offset = offset; #endif -- 2.25.1

7 months

1
0
0 0

[PATCH net] gve: set xdp redirect target only when it is available

by joshwash＠google.com

From: Joshua Washington <joshwash(a)google.com> Before this patch the NETDEV_XDP_ACT_NDO_XMIT XDP feature flag is set by default as part of driver initialization, and is never cleared. However, this flag differs from others in that it is used as an indicator for whether the driver is ready to perform the ndo_xdp_xmit operation as part of an XDP_REDIRECT. Kernel helpers xdp_features_(set|clear)_redirect_target exist to convey this meaning. This patch ensures that the netdev is only reported as a redirect target when XDP queues exist to forward traffic. Fixes: 39a7f4aa3e4a ("gve: Add XDP REDIRECT support for GQI-QPL format") Cc: stable(a)vger.kernel.org Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Jeroen de Borst <jeroendb(a)google.com> Signed-off-by: Joshua Washington <joshwash(a)google.com> --- drivers/net/ethernet/google/gve/gve.h | 10 ++++++++++ drivers/net/ethernet/google/gve/gve_main.c | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h index 8167cc5fb0df..78d2a19593d1 100644 --- a/drivers/net/ethernet/google/gve/gve.h +++ b/drivers/net/ethernet/google/gve/gve.h @@ -1116,6 +1116,16 @@ static inline u32 gve_xdp_tx_start_queue_id(struct gve_priv *priv) return gve_xdp_tx_queue_id(priv, 0); } +static inline bool gve_supports_xdp_xmit(struct gve_priv *priv) +{ + switch (priv->queue_format) { + case GVE_GQI_QPL_FORMAT: + return true; + default: + return false; + } +} + /* gqi napi handler defined in gve_main.c */ int gve_napi_poll(struct napi_struct *napi, int budget); diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index 533e659b15b3..92237fb0b60c 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -1903,6 +1903,8 @@ static void gve_turndown(struct gve_priv *priv) /* Stop tx queues */ netif_tx_disable(priv->dev); + xdp_features_clear_redirect_target(priv->dev); + gve_clear_napi_enabled(priv); gve_clear_report_stats(priv); @@ -1972,6 +1974,9 @@ static void gve_turnup(struct gve_priv *priv) napi_schedule(&block->napi); } + if (priv->num_xdp_queues && gve_supports_xdp_xmit(priv)) + xdp_features_set_redirect_target(priv->dev, false); + gve_set_napi_enabled(priv); } @@ -2246,7 +2251,6 @@ static void gve_set_netdev_xdp_features(struct gve_priv *priv) if (priv->queue_format == GVE_GQI_QPL_FORMAT) { xdp_features = NETDEV_XDP_ACT_BASIC; xdp_features |= NETDEV_XDP_ACT_REDIRECT; - xdp_features |= NETDEV_XDP_ACT_NDO_XMIT; xdp_features |= NETDEV_XDP_ACT_XSK_ZEROCOPY; } else { xdp_features = 0; -- 2.48.1.601.g30ceb7b040-goog

7 months

2
1
0 0

FAILED: patch "[PATCH] io_uring/kbuf: reallocate buf lists on upgrade" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 8802766324e1f5d414a81ac43365c20142e85603 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021855-fancy-trough-87ae@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8802766324e1f5d414a81ac43365c20142e85603 Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 12 Feb 2025 13:46:46 +0000 Subject: [PATCH] io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. Cc: stable(a)vger.kernel.org Reported-by: Pumpkin Chang <pumpkin(a)devco.re> Fixes: 2fcabce2d7d34 ("io_uring: disallow mixed provided buffer group registrations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 04bf493eecae..8e72de7712ac 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -415,6 +415,13 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) } } +static void io_destroy_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + scoped_guard(mutex, &ctx->mmap_lock) + WARN_ON_ONCE(xa_erase(&ctx->io_bl_xa, bl->bgid) != bl); + io_put_bl(ctx, bl); +} + int io_remove_buffers_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { struct io_provide_buf *p = io_kiocb_to_cmd(req, struct io_provide_buf); @@ -636,12 +643,13 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) /* if mapped buffer ring OR classic exists, don't allow */ if (bl->flags & IOBL_BUF_RING || !list_empty(&bl->buf_list)) return -EEXIST; - } else { - free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); - if (!bl) - return -ENOMEM; + io_destroy_bl(ctx, bl); } + free_bl = bl = kzalloc(sizeof(*bl), GFP_KERNEL); + if (!bl) + return -ENOMEM; + mmap_offset = (unsigned long)reg.bgid << IORING_OFF_PBUF_SHIFT; ring_size = flex_array_size(br, bufs, reg.ring_entries);

7 months

2
1
0 0

[PATCH 5.15.y] nfsd: release svc_expkey/svc_export with rcu_work

by lanbincn＠qq.com

From: Yang Erkun <yangerkun(a)huawei.com> commit f8c989a0c89a75d30f899a7cabdc14d72522bb8d upstream. The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues: 1. The `svc_export_put` will directly free ex_uuid. However, `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can trigger a use-after-free issue, shown below. ================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870 CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e 2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`. However, `svc_export_put`/`expkey_put` will call path_put, which subsequently triggers a sleeping operation due to the following `dput`. ============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted ----------------------------- ... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Fix these issues by using `rcu_work` to help release `svc_expkey`/`svc_export`. This approach allows for an asynchronous context to invoke `path_put` and also facilitates the freeing of `uuid/exp/key` after an RCU grace period. Fixes: 9ceddd9da134 ("knfsd: Allow lockless lookups of the exports") Signed-off-by: Yang Erkun <yangerkun(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- fs/nfsd/export.c | 31 +++++++++++++++++++++++++------ fs/nfsd/export.h | 4 ++-- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 39228bd7492a..78db46f6cbc6 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -40,15 +40,24 @@ #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) -static void expkey_put(struct kref *ref) +static void expkey_put_work(struct work_struct *work) { - struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); + struct svc_expkey *key = + container_of(to_rcu_work(work), struct svc_expkey, ek_rcu_work); if (test_bit(CACHE_VALID, &key->h.flags) && !test_bit(CACHE_NEGATIVE, &key->h.flags)) path_put(&key->ek_path); auth_domain_put(key->ek_client); - kfree_rcu(key, ek_rcu); + kfree(key); +} + +static void expkey_put(struct kref *ref) +{ + struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); + + INIT_RCU_WORK(&key->ek_rcu_work, expkey_put_work); + queue_rcu_work(system_wq, &key->ek_rcu_work); } static int expkey_upcall(struct cache_detail *cd, struct cache_head *h) @@ -351,16 +360,26 @@ static void export_stats_destroy(struct export_stats *stats) EXP_STATS_COUNTERS_NUM); } -static void svc_export_put(struct kref *ref) +static void svc_export_put_work(struct work_struct *work) { - struct svc_export *exp = container_of(ref, struct svc_export, h.ref); + struct svc_export *exp = + container_of(to_rcu_work(work), struct svc_export, ex_rcu_work); + path_put(&exp->ex_path); auth_domain_put(exp->ex_client); nfsd4_fslocs_free(&exp->ex_fslocs); export_stats_destroy(exp->ex_stats); kfree(exp->ex_stats); kfree(exp->ex_uuid); - kfree_rcu(exp, ex_rcu); + kfree(exp); +} + +static void svc_export_put(struct kref *ref) +{ + struct svc_export *exp = container_of(ref, struct svc_export, h.ref); + + INIT_RCU_WORK(&exp->ex_rcu_work, svc_export_put_work); + queue_rcu_work(system_wq, &exp->ex_rcu_work); } static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h) diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index f73e23bb24a1..fa545d8dcc36 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -75,7 +75,7 @@ struct svc_export { u32 ex_layout_types; struct nfsd4_deviceid_map *ex_devid_map; struct cache_detail *cd; - struct rcu_head ex_rcu; + struct rcu_work ex_rcu_work; struct export_stats *ex_stats; }; @@ -91,7 +91,7 @@ struct svc_expkey { u32 ek_fsid[6]; struct path ek_path; - struct rcu_head ek_rcu; + struct rcu_work ek_rcu_work; }; #define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC)) -- 2.43.0

7 months

3
2
0 0

+ dma-kmsan-export-kmsan_handle_dma-for-modules.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: dma: kmsan: export kmsan_handle_dma() for modules has been added to the -mm mm-hotfixes-unstable branch. Its filename is dma-kmsan-export-kmsan_handle_dma-for-modules.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Subject: dma: kmsan: export kmsan_handle_dma() for modules Date: Tue, 18 Feb 2025 10:14:11 +0100 kmsan_handle_dma() is used by virtio_ring() which can be built as a module. kmsan_handle_dma() needs to be exported otherwise building the virtio_ring fails. Export kmsan_handle_dma for modules. Link: https://lkml.kernel.org/r/20250218091411.MMS3wBN9@linutronix.de Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202502150634.qjxwSeJR-lkp@intel.com/ Fixes: 7ade4f10779cb ("dma: kmsan: unpoison DMA mappings") Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Macro Elver <elver(a)google.com> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/hooks.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/kmsan/hooks.c~dma-kmsan-export-kmsan_handle_dma-for-modules +++ a/mm/kmsan/hooks.c @@ -357,6 +357,7 @@ void kmsan_handle_dma(struct page *page, size -= to_go; } } +EXPORT_SYMBOL_GPL(kmsan_handle_dma); void kmsan_handle_dma_sg(struct scatterlist *sg, int nents, enum dma_data_direction dir) _ Patches currently in -mm which might be from bigeasy(a)linutronix.de are dma-kmsan-export-kmsan_handle_dma-for-modules.patch rcu-provide-a-static-initializer-for-hlist_nulls_head.patch ucount-replace-get_ucounts_or_wrap-with-atomic_inc_not_zero.patch ucount-use-rcu-for-ucounts-lookups.patch ucount-use-rcuref_t-for-reference-counting.patch

7 months

1
0
0 0

+ mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: wait for hugetlb folios to be freed has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ge Yang <yangge1116(a)126.com> Subject: mm/hugetlb: wait for hugetlb folios to be freed Date: Tue, 18 Feb 2025 19:40:28 +0800 Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739878828-9960-1-git-send-email-yangge1116@126.c… Fixes: c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 5 +++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 20 insertions(+) --- a/include/linux/hugetlb.h~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/include/linux/hugetlb.h @@ -697,6 +697,7 @@ bool hugetlb_bootmem_page_zones_valid(in int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1092,6 +1093,10 @@ static inline int replace_free_hugepage_ return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) --- a/mm/hugetlb.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/hugetlb.c @@ -2955,6 +2955,11 @@ int replace_free_hugepage_folios(unsigne return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv --- a/mm/page_isolation.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/page_isolation.c @@ -615,6 +615,16 @@ int test_pages_isolated(unsigned long st int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-hugetlb-wait-for-hugepage-folios-to-be-freed.patch mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch

7 months

1
0
0 0

Re: [REGRESSION] xfs kernel panic

by Lorenz Brun

Am Mo., 17. Feb. 2025 um 16:00 Uhr schrieb Lorenz Brun <lorenz(a)monogon.tech>: > > Hi everyone, > > Linux 6.12.14 (released today) contains a regression for XFS, causing > a kernel panic after just a few seconds of working with a > freshly-created (xfsprogs 6.9) XFS filesystem. I have not yet bisected > this because I wanted to get this report out ASAP but I'm going to do > that now. There are multiple associated stack traces, but all of them > have xfs_buf_offset as the faulting function. > > Example backtrace: > [ 31.745932] BUG: kernel NULL pointer dereference, address: 0000000000000098 > [ 31.746590] #PF: supervisor read access in kernel mode > [ 31.747072] #PF: error_code(0x0000) - not-present page > [ 31.747537] PGD 5bee067 P4D 5bee067 PUD 5bef067 PMD 0 > [ 31.748016] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI > [ 31.748459] CPU: 0 UID: 0 PID: 116 Comm: xfsaild/vda4 Not tainted > 6.12.14-metropolis #1 9b2470be3d7713b818a3236e4a2804dd9cbef735 > [ 31.749490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), > BIOS 0.0.0 02/06/2015 > [ 31.750340] RIP: 0010:xfs_buf_offset+0x9/0x50 > [ 31.750823] Code: 08 5b e9 8a 2c c4 00 66 2e 0f 1f 84 00 00 00 00 > 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f > 44 00 00 <48> 8b 87 98 00 00 00 48 85 c0 75 2e 48 8b 87 00 01 00 00 48 > 89 f2 > [ 31.752775] RSP: 0018:ffffbf50c07abdb8 EFLAGS: 00010246 > [ 31.753343] RAX: 0000000000000002 RBX: ffff9c0985817d58 RCX: 0000000000000016 > [ 31.754103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [ 31.754734] RBP: 0000000000000000 R08: ffff9c09fb704000 R09: 00000000e0be9fc4 > [ 31.755396] R10: 0000000000000000 R11: ffff9c0985827df8 R12: ffff9c09fb57ff58 > [ 31.756078] R13: ffff9c0985817eb0 R14: ffff9c09fb704000 R15: ffff9c0985817f00 > [ 31.756764] FS: 0000000000000000(0000) GS:ffff9c09fc000000(0000) > knlGS:0000000000000000 > [ 31.757529] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 31.758041] CR2: 0000000000000098 CR3: 0000000005b70000 CR4: 0000000000350ef0 > [ 31.758696] Call Trace: > [ 31.758940] <TASK> > [ 31.759172] ? __die+0x56/0x97 > [ 31.759473] ? page_fault_oops+0x15c/0x2d0 > [ 31.759853] ? exc_page_fault+0x4c5/0x790 > [ 31.760237] ? asm_exc_page_fault+0x26/0x30 > [ 31.760637] ? xfs_buf_offset+0x9/0x50 > [ 31.761002] ? srso_return_thunk+0x5/0x5f > [ 31.761409] xfs_qm_dqflush+0xd0/0x350 > [ 31.761799] xfs_qm_dquot_logitem_push+0xe9/0x140 > [ 31.762253] xfsaild+0x347/0xa10 > [ 31.762567] ? srso_return_thunk+0x5/0x5f > [ 31.762952] ? srso_return_thunk+0x5/0x5f > [ 31.763325] ? __pfx_xfsaild+0x10/0x10 > [ 31.763665] kthread+0xd2/0x100 > [ 31.763985] ? __pfx_kthread+0x10/0x10 > [ 31.764342] ret_from_fork+0x34/0x50 > [ 31.764675] ? __pfx_kthread+0x10/0x10 > [ 31.765029] ret_from_fork_asm+0x1a/0x30 > [ 31.765408] </TASK> > [ 31.765618] Modules linked in: kvm_amd > [ 31.765978] CR2: 0000000000000098 > [ 31.766297] ---[ end trace 0000000000000000 ]--- > [ 32.371004] RIP: 0010:xfs_buf_offset+0x9/0x50 > [ 32.371453] Code: 08 5b e9 8a 2c c4 00 66 2e 0f 1f 84 00 00 00 00 > 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f > 44 00 00 <48> 8b 87 98 00 00 00 48 85 c0 75 2e 48 8b 87 00 01 00 00 48 > 89 f2 > [ 32.373133] RSP: 0018:ffffbf50c07abdb8 EFLAGS: 00010246 > [ 32.373611] RAX: 0000000000000002 RBX: ffff9c0985817d58 RCX: 0000000000000016 > [ 32.374275] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [ 32.374921] RBP: 0000000000000000 R08: ffff9c09fb704000 R09: 00000000e0be9fc4 > [ 32.375720] R10: 0000000000000000 R11: ffff9c0985827df8 R12: ffff9c09fb57ff58 > [ 32.376376] R13: ffff9c0985817eb0 R14: ffff9c09fb704000 R15: ffff9c0985817f00 > [ 32.377027] FS: 0000000000000000(0000) GS:ffff9c09fc000000(0000) > knlGS:0000000000000000 > [ 32.377761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 32.378292] CR2: 0000000000000098 CR3: 0000000005b70000 CR4: 0000000000350ef0 > [ 32.378940] Kernel panic - not syncing: Fatal exception > [ 32.379492] Kernel Offset: 0x2a600000 from 0xffffffff81000000 > (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > > #regzbot introduced: v6.12.13..v6.12.14 > > Regards, > Lorenz Hi everyone, I root-caused this to 5808d420 ("xfs: attach dquot buffer to dquot log item buffer"), but needs reverting of the 3 follow-up commits (d331fc15, ee6984a2 and 84307caf) as well as they depend on the broken one. With that 6.12.14 passes our test suite again. Reproduction should be rather easy by just creating a fresh filesystem, mounting with "prjquota" and performing I/O. Regards, Lorenz

7 months

3
4
0 0

[PATCH AUTOSEL 5.4 1/3] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index 8f8dfdf64833e..871f043eeba1e 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -549,14 +549,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && jiffies - prev_sync < 20 * HZ) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

7 months

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index a45ac7fa417b9..da896f5c74424 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -549,14 +549,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && jiffies - prev_sync < 20 * HZ) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

7 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/6] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index ba45605fc6b52..a48f7cd514b0f 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -577,14 +577,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && jiffies - prev_sync < 20 * HZ) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

7 months

1
5
0 0

[PATCH AUTOSEL 6.1 01/13] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index dd5fc60874ba1..b1a41c90c5741 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -577,14 +577,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && time_before(jiffies, prev_sync + 20 * HZ)) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

7 months

1
12
0 0

[PATCH AUTOSEL 6.12 01/31] sched_ext: selftests/dsp_local_on: Fix sporadic failures

by Sasha Levin

From: Tejun Heo <tj(a)kernel.org> [ Upstream commit e9fe182772dcb2630964724fd93e9c90b68ea0fd ] dsp_local_on has several incorrect assumptions, one of which is that p->nr_cpus_allowed always tracks p->cpus_ptr. This is not true when a task is scheduled out while migration is disabled - p->cpus_ptr is temporarily overridden to the previous CPU while p->nr_cpus_allowed remains unchanged. This led to sporadic test faliures when dsp_local_on_dispatch() tries to put a migration disabled task to a different CPU. Fix it by keeping the previous CPU when migration is disabled. There are SCX schedulers that make use of p->nr_cpus_allowed. They should also implement explicit handling for p->migration_disabled. Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Ihor Solodrai <ihor.solodrai(a)pm.me> Cc: Andrea Righi <arighi(a)nvidia.com> Cc: Changwoo Min <changwoo(a)igalia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c index c9a2da0575a0f..eea06decb6f59 100644 --- a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c +++ b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c @@ -43,7 +43,7 @@ void BPF_STRUCT_OPS(dsp_local_on_dispatch, s32 cpu, struct task_struct *prev) if (!p) return; - if (p->nr_cpus_allowed == nr_cpus) + if (p->nr_cpus_allowed == nr_cpus && !p->migration_disabled) target = bpf_get_prandom_u32() % nr_cpus; else target = scx_bpf_task_cpu(p); -- 2.39.5

7 months

1
30
0 0

[PATCH AUTOSEL 6.13 01/31] sched_ext: selftests/dsp_local_on: Fix sporadic failures

by Sasha Levin

From: Tejun Heo <tj(a)kernel.org> [ Upstream commit e9fe182772dcb2630964724fd93e9c90b68ea0fd ] dsp_local_on has several incorrect assumptions, one of which is that p->nr_cpus_allowed always tracks p->cpus_ptr. This is not true when a task is scheduled out while migration is disabled - p->cpus_ptr is temporarily overridden to the previous CPU while p->nr_cpus_allowed remains unchanged. This led to sporadic test faliures when dsp_local_on_dispatch() tries to put a migration disabled task to a different CPU. Fix it by keeping the previous CPU when migration is disabled. There are SCX schedulers that make use of p->nr_cpus_allowed. They should also implement explicit handling for p->migration_disabled. Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Ihor Solodrai <ihor.solodrai(a)pm.me> Cc: Andrea Righi <arighi(a)nvidia.com> Cc: Changwoo Min <changwoo(a)igalia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c index fbda6bf546712..758b479bd1ee1 100644 --- a/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c +++ b/tools/testing/selftests/sched_ext/dsp_local_on.bpf.c @@ -43,7 +43,7 @@ void BPF_STRUCT_OPS(dsp_local_on_dispatch, s32 cpu, struct task_struct *prev) if (!p) return; - if (p->nr_cpus_allowed == nr_cpus) + if (p->nr_cpus_allowed == nr_cpus && !p->migration_disabled) target = bpf_get_prandom_u32() % nr_cpus; else target = scx_bpf_task_cpu(p); -- 2.39.5

7 months

1
30
0 0

[PATCH v3] HID: corsair-void: Update power supply values with a unified work handler

by Stuart Hayhurst

corsair_void_process_receiver can be called from an interrupt context, locking battery_mutex in it was causing a kernel panic. Fix it by moving the critical section into its own work, sharing this work with battery_add_work and battery_remove_work to remove the need for any locking Closes: https://bugzilla.suse.com/show_bug.cgi?id=1236843 Fixes: 6ea2a6fd3872 ("HID: corsair-void: Add Corsair Void headset family driver") Cc: stable(a)vger.kernel.org Signed-off-by: Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> --- v2 -> v3: - Use an enum instead of a define for battery flag values - Use an integer instead of BIT() for the bit index - Drop unhelpful comments - Simplify corsair_void_battery_work_handler logic - Remove extra newline in commit message v1 -> v2: - Actually remove the mutex --- drivers/hid/hid-corsair-void.c | 83 ++++++++++++++++++---------------- 1 file changed, 43 insertions(+), 40 deletions(-) diff --git a/drivers/hid/hid-corsair-void.c b/drivers/hid/hid-corsair-void.c index 56e858066c3c..afbd67aa9719 100644 --- a/drivers/hid/hid-corsair-void.c +++ b/drivers/hid/hid-corsair-void.c @@ -71,11 +71,9 @@ #include <linux/bitfield.h> #include <linux/bitops.h> -#include <linux/cleanup.h> #include <linux/device.h> #include <linux/hid.h> #include <linux/module.h> -#include <linux/mutex.h> #include <linux/power_supply.h> #include <linux/usb.h> #include <linux/workqueue.h> @@ -120,6 +118,12 @@ enum { CORSAIR_VOID_BATTERY_CHARGING = 5, }; +enum { + CORSAIR_VOID_ADD_BATTERY = 0, + CORSAIR_VOID_REMOVE_BATTERY = 1, + CORSAIR_VOID_UPDATE_BATTERY = 2, +}; + static enum power_supply_property corsair_void_battery_props[] = { POWER_SUPPLY_PROP_STATUS, POWER_SUPPLY_PROP_PRESENT, @@ -155,12 +159,12 @@ struct corsair_void_drvdata { struct power_supply *battery; struct power_supply_desc battery_desc; - struct mutex battery_mutex; struct delayed_work delayed_status_work; struct delayed_work delayed_firmware_work; - struct work_struct battery_remove_work; - struct work_struct battery_add_work; + + unsigned long battery_work_flags; + struct work_struct battery_work; }; /* @@ -260,11 +264,9 @@ static void corsair_void_process_receiver(struct corsair_void_drvdata *drvdata, /* Inform power supply if battery values changed */ if (memcmp(&orig_battery_data, battery_data, sizeof(*battery_data))) { - scoped_guard(mutex, &drvdata->battery_mutex) { - if (drvdata->battery) { - power_supply_changed(drvdata->battery); - } - } + set_bit(CORSAIR_VOID_UPDATE_BATTERY, + &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); } } @@ -536,29 +538,11 @@ static void corsair_void_firmware_work_handler(struct work_struct *work) } -static void corsair_void_battery_remove_work_handler(struct work_struct *work) -{ - struct corsair_void_drvdata *drvdata; - - drvdata = container_of(work, struct corsair_void_drvdata, - battery_remove_work); - scoped_guard(mutex, &drvdata->battery_mutex) { - if (drvdata->battery) { - power_supply_unregister(drvdata->battery); - drvdata->battery = NULL; - } - } -} - -static void corsair_void_battery_add_work_handler(struct work_struct *work) +static void corsair_void_add_battery(struct corsair_void_drvdata *drvdata) { - struct corsair_void_drvdata *drvdata; struct power_supply_config psy_cfg = {}; struct power_supply *new_supply; - drvdata = container_of(work, struct corsair_void_drvdata, - battery_add_work); - guard(mutex)(&drvdata->battery_mutex); if (drvdata->battery) return; @@ -583,16 +567,42 @@ static void corsair_void_battery_add_work_handler(struct work_struct *work) drvdata->battery = new_supply; } +static void corsair_void_battery_work_handler(struct work_struct *work) +{ + struct corsair_void_drvdata *drvdata = container_of(work, + struct corsair_void_drvdata, battery_work); + + bool add_battery = test_and_clear_bit(CORSAIR_VOID_ADD_BATTERY, + &drvdata->battery_work_flags); + bool remove_battery = test_and_clear_bit(CORSAIR_VOID_REMOVE_BATTERY, + &drvdata->battery_work_flags); + bool update_battery = test_and_clear_bit(CORSAIR_VOID_UPDATE_BATTERY, + &drvdata->battery_work_flags); + + if (add_battery && !remove_battery) { + corsair_void_add_battery(drvdata); + } else if (remove_battery && !add_battery && drvdata->battery) { + power_supply_unregister(drvdata->battery); + drvdata->battery = NULL; + } + + if (update_battery && drvdata->battery) + power_supply_changed(drvdata->battery); + +} + static void corsair_void_headset_connected(struct corsair_void_drvdata *drvdata) { - schedule_work(&drvdata->battery_add_work); + set_bit(CORSAIR_VOID_ADD_BATTERY, &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); schedule_delayed_work(&drvdata->delayed_firmware_work, msecs_to_jiffies(100)); } static void corsair_void_headset_disconnected(struct corsair_void_drvdata *drvdata) { - schedule_work(&drvdata->battery_remove_work); + set_bit(CORSAIR_VOID_REMOVE_BATTERY, &drvdata->battery_work_flags); + schedule_work(&drvdata->battery_work); corsair_void_set_unknown_wireless_data(drvdata); corsair_void_set_unknown_batt(drvdata); @@ -678,13 +688,7 @@ static int corsair_void_probe(struct hid_device *hid_dev, drvdata->battery_desc.get_property = corsair_void_battery_get_property; drvdata->battery = NULL; - INIT_WORK(&drvdata->battery_remove_work, - corsair_void_battery_remove_work_handler); - INIT_WORK(&drvdata->battery_add_work, - corsair_void_battery_add_work_handler); - ret = devm_mutex_init(drvdata->dev, &drvdata->battery_mutex); - if (ret) - return ret; + INIT_WORK(&drvdata->battery_work, corsair_void_battery_work_handler); ret = sysfs_create_group(&hid_dev->dev.kobj, &corsair_void_attr_group); if (ret) @@ -721,8 +725,7 @@ static void corsair_void_remove(struct hid_device *hid_dev) struct corsair_void_drvdata *drvdata = hid_get_drvdata(hid_dev); hid_hw_stop(hid_dev); - cancel_work_sync(&drvdata->battery_remove_work); - cancel_work_sync(&drvdata->battery_add_work); + cancel_work_sync(&drvdata->battery_work); if (drvdata->battery) power_supply_unregister(drvdata->battery); -- 2.47.2

7 months

4
4
0 0

[PATCH RFC 2/2] usb: typec: ucsi: increase timeout for PPM reset operations

by Fedor Pchelkin

It is observed that on some systems an initial PPM reset during the boot phase can trigger a timeout: [ 6.482546] ucsi_acpi USBC000:00: failed to reset PPM! [ 6.482551] ucsi_acpi USBC000:00: error -ETIMEDOUT: PPM init failed Still, increasing the timeout value, albeit being the most straightforward solution, eliminates the problem: the initial PPM reset may take up to ~8000-10000ms on some Lenovo laptops. When it is reset after the above period of time (or even if ucsi_reset_ppm() is not called overall), UCSI works as expected. Moreover, if the ucsi_acpi module is loaded/unloaded manually after the system has booted, reading the CCI values and resetting the PPM works perfectly, without any timeout. Thus it's only a boot-time issue. The reason for this behavior is not clear but it may be the consequence of some tricks that the firmware performs or be an actual firmware bug. As a workaround, increase the timeout to avoid failing the UCSI initialization prematurely. Fixes: b1b59e16075f ("usb: typec: ucsi: Increase command completion timeout value") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> --- drivers/usb/typec/ucsi/ucsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 0fe1476f4c29..7a56d3f840d7 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -25,7 +25,7 @@ * difficult to estimate the time it takes for the system to process the command * before it is actually passed to the PPM. */ -#define UCSI_TIMEOUT_MS 5000 +#define UCSI_TIMEOUT_MS 10000 /* * UCSI_SWAP_TIMEOUT_MS - Timeout for role swap requests -- 2.48.1

7 months

4
5
0 0

[PATCH vhost] vdpa/mlx5: Fix oversized null mkey longer than 32bit

by Dragos Tatulea

From: Si-Wei Liu <si-wei.liu(a)oracle.com> create_user_mr() has correct code to count the number of null keys used to fill in a hole for the memory map. However, fill_indir() does not follow the same to cap the range up to the 1GB limit correspondinly. Fill in more null keys for the gaps in between, so that null keys are correctly populated. Fixes: 94abbccdf291 ("vdpa/mlx5: Add shared memory registration code") Cc: stable(a)vger.kernel.org Signed-off-by: Si-Wei Liu <si-wei.liu(a)oracle.com> Signed-off-by: Dragos Tatulea <dtatulea(a)nvidia.com> --- drivers/vdpa/mlx5/core/mr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/vdpa/mlx5/core/mr.c b/drivers/vdpa/mlx5/core/mr.c index 8455f08f5d40..61424342c096 100644 --- a/drivers/vdpa/mlx5/core/mr.c +++ b/drivers/vdpa/mlx5/core/mr.c @@ -190,9 +190,12 @@ static void fill_indir(struct mlx5_vdpa_dev *mvdev, struct mlx5_vdpa_mr *mkey, v klm->bcount = cpu_to_be32(klm_bcount(dmr->end - dmr->start)); preve = dmr->end; } else { + u64 bcount = min_t(u64, dmr->start - preve, MAX_KLM_SIZE); + klm->key = cpu_to_be32(mvdev->res.null_mkey); - klm->bcount = cpu_to_be32(klm_bcount(dmr->start - preve)); - preve = dmr->start; + klm->bcount = cpu_to_be32(klm_bcount(bcount)); + preve += bcount; + goto again; } } -- 2.43.0

7 months

2
2
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupport...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] in drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.o (drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:bd2798b6baf3af3d8f6fcf670eac9f5235e8b3… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: c703a7b9b55f8b3d701c14cd8d841ead509baa08 Log excerpt: ===================================================== drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c:3795:6: error: stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3795 | void dml31_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## x86_64_defconfig on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67b4a3dc50b59caecce1cb05 #kernelci issue maestro:bd2798b6baf3af3d8f6fcf670eac9f5235e8b3a6 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months

1
0
0 0

[PATCH 2/5] ftrace: Do not add duplicate entries in subops manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Check if a function is already in the manager ops of a subops. A manager ops contains multiple subops, and if two or more subops are tracing the same function, the manager ops only needs a single entry in its hash. Cc: stable(a)vger.kernel.org Fixes: 4f554e955614f ("ftrace: Add ftrace_set_filter_ips function") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 03b35a05808c..189eb0a12f4b 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5717,6 +5717,9 @@ __ftrace_match_addr(struct ftrace_hash *hash, unsigned long ip, int remove) return -ENOENT; free_hash_entry(hash, entry); return 0; + } else if (__ftrace_lookup_ip(hash, ip) != NULL) { + /* Already exists */ + return 0; } entry = add_hash_entry(hash, ip); -- 2.47.2

7 months

1
0
0 0

[PATCH 1/5] ftrace: Fix accounting of adding subops to a manager ops

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Function graph uses a subops and manager ops mechanism to attach to ftrace. The manager ops connects to ftrace and the functions it connects to is defined by a list of subops that it manages. The function hash that defines what the above ops attaches to limits the functions to attach if the hash has any content. If the hash is empty, it means to trace all functions. The creation of the manager ops hash is done by iterating over all the subops hashes. If any of the subops hashes is empty, it means that the manager ops hash must trace all functions as well. The issue is in the creation of the manager ops. When a second subops is attached, a new hash is created by starting it as NULL and adding the subops one at a time. But the NULL ops is mistaken as an empty hash, and once an empty hash is found, it stops the loop of subops and just enables all functions. # echo "f:myevent1 kernel_clone" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions kernel_clone (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 # echo "f:myevent2 schedule_timeout" >> /sys/kernel/tracing/dynamic_events # cat /sys/kernel/tracing/enabled_functions trace_initcall_start_cb (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 try_to_run_init_process (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 x86_pmu_show_pmu_cap (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 cleanup_rapl_pmus (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_free_pcibus_map (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_types_exit (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 uncore_pci_exit.part.0 (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 kvm_shutdown (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_dump_msrs (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 vmx_cleanup_l1d_flush (1) tramp: 0xffffffffc0309000 (ftrace_graph_func+0x0/0x60) ->ftrace_graph_func+0x0/0x60 [..] Fix this by initializing the new hash to NULL and if the hash is NULL do not treat it as an empty hash but instead allocate by copying the content of the first sub ops. Then on subsequent iterations, the new hash will not be NULL, but the content of the previous subops. If that first subops attached to all functions, then new hash may assume that the manager ops also needs to attach to all functions. Cc: stable(a)vger.kernel.org Fixes: 5fccc7552ccbc ("ftrace: Add subops logic to allow one ops to manage many") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 728ecda6e8d4..03b35a05808c 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -3220,15 +3220,22 @@ static struct ftrace_hash *copy_hash(struct ftrace_hash *src) * The filter_hash updates uses just the append_hash() function * and the notrace_hash does not. */ -static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash) +static int append_hash(struct ftrace_hash **hash, struct ftrace_hash *new_hash, + int size_bits) { struct ftrace_func_entry *entry; int size; int i; - /* An empty hash does everything */ - if (ftrace_hash_empty(*hash)) - return 0; + if (*hash) { + /* An empty hash does everything */ + if (ftrace_hash_empty(*hash)) + return 0; + } else { + *hash = alloc_ftrace_hash(size_bits); + if (!*hash) + return -ENOMEM; + } /* If new_hash has everything make hash have everything */ if (ftrace_hash_empty(new_hash)) { @@ -3292,16 +3299,18 @@ static int intersect_hash(struct ftrace_hash **hash, struct ftrace_hash *new_has /* Return a new hash that has a union of all @ops->filter_hash entries */ static struct ftrace_hash *append_hashes(struct ftrace_ops *ops) { - struct ftrace_hash *new_hash; + struct ftrace_hash *new_hash = NULL; struct ftrace_ops *subops; + int size_bits; int ret; - new_hash = alloc_ftrace_hash(ops->func_hash->filter_hash->size_bits); - if (!new_hash) - return NULL; + if (ops->func_hash->filter_hash) + size_bits = ops->func_hash->filter_hash->size_bits; + else + size_bits = FTRACE_HASH_DEFAULT_BITS; list_for_each_entry(subops, &ops->subop_list, list) { - ret = append_hash(&new_hash, subops->func_hash->filter_hash); + ret = append_hash(&new_hash, subops->func_hash->filter_hash, size_bits); if (ret < 0) { free_ftrace_hash(new_hash); return NULL; @@ -3505,7 +3514,8 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int filter_hash = alloc_and_copy_ftrace_hash(size_bits, ops->func_hash->filter_hash); if (!filter_hash) return -ENOMEM; - ret = append_hash(&filter_hash, subops->func_hash->filter_hash); + ret = append_hash(&filter_hash, subops->func_hash->filter_hash, + size_bits); if (ret < 0) { free_ftrace_hash(filter_hash); return ret; -- 2.47.2

7 months

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) ./arch/mips/include/asm/syscall.h:66:28: error: ‘struct pt_regs’ h...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- ./arch/mips/include/asm/syscall.h:66:28: error: ‘struct pt_regs’ has no member named ‘args’ in arch/mips/kernel/ptrace.o (arch/mips/kernel/ptrace.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:609e973861db59e6d6e75d96a9f0f0a24ba09b… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 46b505f46fed8d28d9f0cf8e2aace766b99e48ce Log excerpt: ===================================================== In file included from arch/mips/kernel/ptrace.c:45: ./arch/mips/include/asm/syscall.h: In function ‘mips_get_syscall_arg’: ./arch/mips/include/asm/syscall.h:66:28: error: ‘struct pt_regs’ has no member named ‘args’ 66 | *arg = regs->args[n]; | ^~ ===================================================== # Builds where the incident occurred: ## 32r2el_defconfig on (mips): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67b4a28b50b59caecce1c871 #kernelci issue maestro:609e973861db59e6d6e75d96a9f0f0a24ba09ba0 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

7 months

1
0
0 0

[PATCH v3] ACPI: platform-profile: Fix CFI violation when accessing sysfs files

by Nathan Chancellor

When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be the same type as the callbacks in 'struct kobj_attribute'. However, the platform_profile sysfs functions have the type of the ->show() and ->store() callbacks in 'struct device_attribute', which results a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: stable(a)vger.kernel.org Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes in v3: - Rebase on 6.14-rc1, which includes updates to the driver to address Greg's previous concerns but this change is still needed for the legacy sysfs interface. v2 can be used for the stable backport. - Link to v2: https://lore.kernel.org/r/20241118-acpi-platform_profile-fix-cfi-violation-… Changes in v2: - Rebase on linux-pm/acpi - Pick up Sami's reviewed-by tag - Adjust wording around why there is no functional issue from the mismatched types - Link to v1: https://lore.kernel.org/r/20240819-acpi-platform_profile-fix-cfi-violation-… --- drivers/acpi/platform_profile.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL }; --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20240819-acpi-platform_profile-fix-cfi-violation-de278753bd5f Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

7 months

4
5
0 0

Re: Patch "s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH" has been added to the 6.13-stable tree

by Alexandra Winter

On 18.02.25 13:36, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH > > to the 6.13-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > s390-qeth-move-netif_napi_add_tx-and-napi_enable-fro.patch > and it can be found in the queue-6.13 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hello Sasha, this is a fix for a regression that was introduced with v6.14-rc1. So I do not think it needs to go into 6.13 stable tree. But it does not hurt either. > > > commit 48eda8093b86b426078bd245a9b4fbc5d057c436 > Author: Alexandra Winter <wintera(a)linux.ibm.com> > Date: Wed Feb 12 17:36:59 2025 +0100 > > s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH > > [ Upstream commit 0d0b752f2497471ddd2b32143d167d42e18a8f3c ] > > Like other drivers qeth is calling local_bh_enable() after napi_schedule() > to kick-start softirqs [0]. > Since netif_napi_add_tx() and napi_enable() now take the netdev_lock() > mutex [1], move them out from under the BH protection. Same solution as in > commit a60558644e20 ("wifi: mt76: move napi_enable() from under BH") > > Fixes: 1b23cdbd2bbc ("net: protect netdev->napi_list with netdev_lock()") > Link: https://lore.kernel.org/netdev/20240612181900.4d9d18d0@kernel.org/ [0] > Link: https://lore.kernel.org/netdev/20250115035319.559603-1-kuba@kernel.org/ [1] > Signed-off-by: Alexandra Winter <wintera(a)linux.ibm.com> > Acked-by: Joe Damato <jdamato(a)fastly.com> > Link: https://patch.msgid.link/20250212163659.2287292-1-wintera@linux.ibm.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c > index a3adaec5504e4..20328d695ef92 100644 > --- a/drivers/s390/net/qeth_core_main.c > +++ b/drivers/s390/net/qeth_core_main.c > @@ -7050,14 +7050,16 @@ int qeth_open(struct net_device *dev) > card->data.state = CH_STATE_UP; > netif_tx_start_all_queues(dev); > > - local_bh_disable(); > qeth_for_each_output_queue(card, queue, i) { > netif_napi_add_tx(dev, &queue->napi, qeth_tx_poll); > napi_enable(&queue->napi); > - napi_schedule(&queue->napi); > } > - > napi_enable(&card->napi); > + > + local_bh_disable(); > + qeth_for_each_output_queue(card, queue, i) { > + napi_schedule(&queue->napi); > + } > napi_schedule(&card->napi); > /* kick-start the NAPI softirq: */ > local_bh_enable();

7 months

2
3
0 0

FAILED: patch "[PATCH] Revert "net: skb: introduce and use a single page frag cache"" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 011b0335903832facca86cd8ed05d7d8d94c9c76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021859-renewal-onto-1877@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 011b0335903832facca86cd8ed05d7d8d94c9c76 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 6 Feb 2025 22:28:48 +0100 Subject: [PATCH] Revert "net: skb: introduce and use a single page frag cache" This reverts commit dbae2b062824 ("net: skb: introduce and use a single page frag cache"). The intended goal of such change was to counter a performance regression introduced by commit 3226b158e67c ("net: avoid 32 x truesize under-estimation for tiny skbs"). Unfortunately, the blamed commit introduces another regression for the virtio_net driver. Such a driver calls napi_alloc_skb() with a tiny size, so that the whole head frag could fit a 512-byte block. The single page frag cache uses a 1K fragment for such allocation, and the additional overhead, under small UDP packets flood, makes the page allocator a bottleneck. Thanks to commit bf9f1baa279f ("net: add dedicated kmem_cache for typical/small skb->head"), this revert does not re-introduce the original regression. Actually, in the relevant test on top of this revert, I measure a small but noticeable positive delta, just above noise level. The revert itself required some additional mangling due to the introduction of the SKB_HEAD_ALIGN() helper and local lock infra in the affected code. Suggested-by: Eric Dumazet <edumazet(a)google.com> Fixes: dbae2b062824 ("net: skb: introduce and use a single page frag cache") Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Link: https://patch.msgid.link/e649212fde9f0fdee23909ca0d14158d32bb7425.173887729… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index c0a86afb85da..365f0e2098d1 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -4115,7 +4115,6 @@ void netif_receive_skb_list(struct list_head *head); gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); void napi_gro_flush(struct napi_struct *napi, bool flush_old); struct sk_buff *napi_get_frags(struct napi_struct *napi); -void napi_get_frags_check(struct napi_struct *napi); gro_result_t napi_gro_frags(struct napi_struct *napi); static inline void napi_free_frags(struct napi_struct *napi) diff --git a/net/core/dev.c b/net/core/dev.c index b91658e8aedb..55e356a68db6 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -6920,6 +6920,23 @@ netif_napi_dev_list_add(struct net_device *dev, struct napi_struct *napi) list_add_rcu(&napi->dev_list, higher); /* adds after higher */ } +/* Double check that napi_get_frags() allocates skbs with + * skb->head being backed by slab, not a page fragment. + * This is to make sure bug fixed in 3226b158e67c + * ("net: avoid 32 x truesize under-estimation for tiny skbs") + * does not accidentally come back. + */ +static void napi_get_frags_check(struct napi_struct *napi) +{ + struct sk_buff *skb; + + local_bh_disable(); + skb = napi_get_frags(napi); + WARN_ON_ONCE(skb && skb->head_frag); + napi_free_frags(napi); + local_bh_enable(); +} + void netif_napi_add_weight_locked(struct net_device *dev, struct napi_struct *napi, int (*poll)(struct napi_struct *, int), diff --git a/net/core/skbuff.c b/net/core/skbuff.c index a441613a1e6c..6a99c453397f 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -220,67 +220,9 @@ static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) #define NAPI_SKB_CACHE_BULK 16 #define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2) -#if PAGE_SIZE == SZ_4K - -#define NAPI_HAS_SMALL_PAGE_FRAG 1 -#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc) - -/* specialized page frag allocator using a single order 0 page - * and slicing it into 1K sized fragment. Constrained to systems - * with a very limited amount of 1K fragments fitting a single - * page - to avoid excessive truesize underestimation - */ - -struct page_frag_1k { - void *va; - u16 offset; - bool pfmemalloc; -}; - -static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp) -{ - struct page *page; - int offset; - - offset = nc->offset - SZ_1K; - if (likely(offset >= 0)) - goto use_frag; - - page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); - if (!page) - return NULL; - - nc->va = page_address(page); - nc->pfmemalloc = page_is_pfmemalloc(page); - offset = PAGE_SIZE - SZ_1K; - page_ref_add(page, offset / SZ_1K); - -use_frag: - nc->offset = offset; - return nc->va + offset; -} -#else - -/* the small page is actually unused in this build; add dummy helpers - * to please the compiler and avoid later preprocessor's conditionals - */ -#define NAPI_HAS_SMALL_PAGE_FRAG 0 -#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false - -struct page_frag_1k { -}; - -static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask) -{ - return NULL; -} - -#endif - struct napi_alloc_cache { local_lock_t bh_lock; struct page_frag_cache page; - struct page_frag_1k page_small; unsigned int skb_count; void *skb_cache[NAPI_SKB_CACHE_SIZE]; }; @@ -290,23 +232,6 @@ static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache) = { .bh_lock = INIT_LOCAL_LOCK(bh_lock), }; -/* Double check that napi_get_frags() allocates skbs with - * skb->head being backed by slab, not a page fragment. - * This is to make sure bug fixed in 3226b158e67c - * ("net: avoid 32 x truesize under-estimation for tiny skbs") - * does not accidentally come back. - */ -void napi_get_frags_check(struct napi_struct *napi) -{ - struct sk_buff *skb; - - local_bh_disable(); - skb = napi_get_frags(napi); - WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag); - napi_free_frags(napi); - local_bh_enable(); -} - void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) { struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); @@ -813,10 +738,8 @@ struct sk_buff *napi_alloc_skb(struct napi_struct *napi, unsigned int len) /* If requested length is either too small or too big, * we use kmalloc() for skb->head allocation. - * When the small frag allocator is available, prefer it over kmalloc - * for small fragments */ - if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) || + if (len <= SKB_WITH_OVERHEAD(1024) || len > SKB_WITH_OVERHEAD(PAGE_SIZE) || (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI, @@ -826,32 +749,16 @@ struct sk_buff *napi_alloc_skb(struct napi_struct *napi, unsigned int len) goto skb_success; } + len = SKB_HEAD_ALIGN(len); + if (sk_memalloc_socks()) gfp_mask |= __GFP_MEMALLOC; local_lock_nested_bh(&napi_alloc_cache.bh_lock); nc = this_cpu_ptr(&napi_alloc_cache); - if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) { - /* we are artificially inflating the allocation size, but - * that is not as bad as it may look like, as: - * - 'len' less than GRO_MAX_HEAD makes little sense - * - On most systems, larger 'len' values lead to fragment - * size above 512 bytes - * - kmalloc would use the kmalloc-1k slab for such values - * - Builds with smaller GRO_MAX_HEAD will very likely do - * little networking, as that implies no WiFi and no - * tunnels support, and 32 bits arches. - */ - len = SZ_1K; - data = page_frag_alloc_1k(&nc->page_small, gfp_mask); - pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small); - } else { - len = SKB_HEAD_ALIGN(len); - - data = page_frag_alloc(&nc->page, len, gfp_mask); - pfmemalloc = page_frag_cache_is_pfmemalloc(&nc->page); - } + data = page_frag_alloc(&nc->page, len, gfp_mask); + pfmemalloc = page_frag_cache_is_pfmemalloc(&nc->page); local_unlock_nested_bh(&napi_alloc_cache.bh_lock); if (unlikely(!data))

7 months

2
2
0 0

[PATCH 0/2] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

Hi all, This series contains two patches that are already available upstream: - The first commit fixes a use-after-free[1], but introduced a null-ptr-deref[2]. - The second commit fixes it. [3] I suggested waiting for both of them to be merged upstream and then applying them togheter to stable[4]. It should be applied to: - 6.13.y - 6.12.y - 6.6.y I will send another series for - 6.1.y - 5.15.y - 5.10.y because of conflicts. [1]https://lore.kernel.org/all/20250128-vsock-transport-vs-autobind-v3-0-1cf… [2]https://lore.kernel.org/all/67a09300.050a0220.d7c5a.008b.GAE@google.com/ [3]https://lore.kernel.org/all/20250210-vsock-linger-nullderef-v3-0-ef6244d0… [4]https://lore.kernel.org/all/2025020644-unwitting-scary-3c0d@gregkh/ Thanks, Luigi --- Michal Luczaj (2): vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release net/vmw_vsock/af_vsock.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- base-commit: a1856aaa2ca74c88751f7d255dfa0c8c50fcc1ca change-id: 20250214-linux-rolling-stable-d73f0bed815d Best regards, -- Luigi Leonardi <leonardi(a)redhat.com>

7 months

3
7
0 0

[PATCH 6.6.y] drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer

by Xiangyu Chen

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit f22f4754aaa47d8c59f166ba3042182859e5dff7 ] This commit addresses a potential null pointer dereference issue in the `dcn201_acquire_free_pipe_for_layer` function. The issue could occur when `head_pipe` is null. The fix adds a check to ensure `head_pipe` is not null before asserting it. If `head_pipe` is null, the function returns NULL to prevent a potential null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010) Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Roman Li <roman.li(a)amd.com> Cc: Alex Hung <alex.hung(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [dcn201 was moved from drivers/gpu/drm/amd/display/dc to drivers/gpu/drm/amd/display/dc/resource since 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory"). The path is changed accordingly to apply the patch on 6.6.y.] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test only due to we don't have DCN201 device. --- drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c index 2dc4d2c1410b..8efe3f32a0e7 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_resource.c @@ -1002,8 +1002,10 @@ static struct pipe_ctx *dcn201_acquire_free_pipe_for_layer( struct pipe_ctx *head_pipe = resource_get_otg_master_for_stream(res_ctx, opp_head_pipe->stream); struct pipe_ctx *idle_pipe = resource_find_free_secondary_pipe_legacy(res_ctx, pool, head_pipe); - if (!head_pipe) + if (!head_pipe) { ASSERT(0); + return NULL; + } if (!idle_pipe) return NULL; -- 2.25.1

7 months

3
2
0 0

Re: Patch "alpha: make stack 16-byte aligned (most cases)" has been added to the 6.6-stable tree

by Ivan Kokshaysky

On Tue, Feb 18, 2025 at 01:55:45PM +0100, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > alpha: make stack 16-byte aligned (most cases) Hi Greg, thanks for applying this! > Patches currently in stable-queue which might be from ink(a)unseen.parts are > > queue-6.6/alpha-make-stack-16-byte-aligned-most-cases.patch > queue-6.6/alpha-align-stack-for-page-fault-and-user-unaligned-trap-handlers.patch The third one (commit 77b823fa619f97d alpha: replace hardcoded stack offsets with autogenerated ones) is also needed, but it won't apply as-is to 6.6 and older kernels. Do you want me to provide the patches? Ivan.

7 months

2
4
0 0

[PATCH 6.6.y] drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags

by Xiangyu Chen

From: Alex Hung <alex.hung(a)amd.com> [ upstream commit 5559598742fb4538e4c51c48ef70563c49c2af23 ] [WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This fixes 2 FORWARD_NULL issues reported by Coverity. Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Jerry Zuo <jerry.zuo(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [dcn20 and dcn21 were moved from drivers/gpu/drm/amd/display/dc to drivers/gpu/drm/amd/display/dc/resource since 8b8eed05a1c6 ("drm/amd/display: Refactor resource into component directory"). The path is changed accordingly to apply the patch on 6.6.y.] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test only due to we don't have dcn20/dcn21 device. --- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 3 ++- drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c index d587f807dfd7..294609557b73 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c @@ -2026,6 +2026,7 @@ bool dcn20_fast_validate_bw( { bool out = false; int split[MAX_PIPES] = { 0 }; + bool merge[MAX_PIPES] = { false }; int pipe_cnt, i, pipe_idx, vlevel; ASSERT(pipes); @@ -2050,7 +2051,7 @@ bool dcn20_fast_validate_bw( if (vlevel > context->bw_ctx.dml.soc.num_states) goto validate_fail; - vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL); + vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge); /*initialize pipe_just_split_from to invalid idx*/ for (i = 0; i < MAX_PIPES; i++) diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c index 8dffa5b6426e..24105a5b9f2a 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c @@ -800,6 +800,7 @@ bool dcn21_fast_validate_bw(struct dc *dc, { bool out = false; int split[MAX_PIPES] = { 0 }; + bool merge[MAX_PIPES] = { false }; int pipe_cnt, i, pipe_idx, vlevel; ASSERT(pipes); @@ -842,7 +843,7 @@ bool dcn21_fast_validate_bw(struct dc *dc, goto validate_fail; } - vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, NULL); + vlevel = dcn20_validate_apply_pipe_split_flags(dc, context, vlevel, split, merge); for (i = 0, pipe_idx = 0; i < dc->res_pool->pipe_count; i++) { struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i]; -- 2.25.1

7 months

2
1
0 0

6.12.y stable backport request for bpf selftests fixes

by Alan Maguire

Please backport 42602e3a06f8e5b9a059344e305c9bee2dcc87c8 bpf: handle implicit declaration of function gettid in bpf_iter.c and 4b7c05598a644782b8451e415bb56f31e5c9d3ee selftests/bpf: Fix uprobe consumer test to 6.12.y to fix BPF selftest-related issues (compilation failure and test failure respectively). Both apply to linux-6.12.y cleanly. Thank you! Alan

7 months

2
1
0 0

Patches for the stable branches

by Jürgen Groß

Greg, please add the following upstream commits to the stable branches: 5cc2db37124bb33914996d6fdbb2ddb3811f2945 98a5cfd2320966f40fe049a9855f8787f0126825 0bd797b801bd8ee06c822844e20d73aaea0878dd They are fixing boot failures when running as a Xen PVH guest for some kernel configurations. Thanks, Juergen

7 months

2
1
0 0

Request to apply 6d3e0d8cc632 to stable kernels

by Brian Norris

Hi, May I request this be ported to stable kernels? 6d3e0d8cc632 ("kdb: Do not assume write() callback available") It landed in v6.6, and I've tested the trivial cherry-pick to v6.1.y. AFAICT, it makes sense and applies cleanly to at least v5.15.y and v5.10.y (and possibly more), although I didn't test those. It's a bit of an older (but trivial) fix, and I assume not many folks actually test out KDB/KGDB that often, but I wasted my time re-discovering it. Thanks, Brian

7 months

2
1
0 0

FAILED: patch "[PATCH] Revert "net: skb: introduce and use a single page frag cache"" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 011b0335903832facca86cd8ed05d7d8d94c9c76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021858-cobalt-scanner-666f@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 011b0335903832facca86cd8ed05d7d8d94c9c76 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 6 Feb 2025 22:28:48 +0100 Subject: [PATCH] Revert "net: skb: introduce and use a single page frag cache" This reverts commit dbae2b062824 ("net: skb: introduce and use a single page frag cache"). The intended goal of such change was to counter a performance regression introduced by commit 3226b158e67c ("net: avoid 32 x truesize under-estimation for tiny skbs"). Unfortunately, the blamed commit introduces another regression for the virtio_net driver. Such a driver calls napi_alloc_skb() with a tiny size, so that the whole head frag could fit a 512-byte block. The single page frag cache uses a 1K fragment for such allocation, and the additional overhead, under small UDP packets flood, makes the page allocator a bottleneck. Thanks to commit bf9f1baa279f ("net: add dedicated kmem_cache for typical/small skb->head"), this revert does not re-introduce the original regression. Actually, in the relevant test on top of this revert, I measure a small but noticeable positive delta, just above noise level. The revert itself required some additional mangling due to the introduction of the SKB_HEAD_ALIGN() helper and local lock infra in the affected code. Suggested-by: Eric Dumazet <edumazet(a)google.com> Fixes: dbae2b062824 ("net: skb: introduce and use a single page frag cache") Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Link: https://patch.msgid.link/e649212fde9f0fdee23909ca0d14158d32bb7425.173887729… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index c0a86afb85da..365f0e2098d1 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -4115,7 +4115,6 @@ void netif_receive_skb_list(struct list_head *head); gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); void napi_gro_flush(struct napi_struct *napi, bool flush_old); struct sk_buff *napi_get_frags(struct napi_struct *napi); -void napi_get_frags_check(struct napi_struct *napi); gro_result_t napi_gro_frags(struct napi_struct *napi); static inline void napi_free_frags(struct napi_struct *napi) diff --git a/net/core/dev.c b/net/core/dev.c index b91658e8aedb..55e356a68db6 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -6920,6 +6920,23 @@ netif_napi_dev_list_add(struct net_device *dev, struct napi_struct *napi) list_add_rcu(&napi->dev_list, higher); /* adds after higher */ } +/* Double check that napi_get_frags() allocates skbs with + * skb->head being backed by slab, not a page fragment. + * This is to make sure bug fixed in 3226b158e67c + * ("net: avoid 32 x truesize under-estimation for tiny skbs") + * does not accidentally come back. + */ +static void napi_get_frags_check(struct napi_struct *napi) +{ + struct sk_buff *skb; + + local_bh_disable(); + skb = napi_get_frags(napi); + WARN_ON_ONCE(skb && skb->head_frag); + napi_free_frags(napi); + local_bh_enable(); +} + void netif_napi_add_weight_locked(struct net_device *dev, struct napi_struct *napi, int (*poll)(struct napi_struct *, int), diff --git a/net/core/skbuff.c b/net/core/skbuff.c index a441613a1e6c..6a99c453397f 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -220,67 +220,9 @@ static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) #define NAPI_SKB_CACHE_BULK 16 #define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2) -#if PAGE_SIZE == SZ_4K - -#define NAPI_HAS_SMALL_PAGE_FRAG 1 -#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc) - -/* specialized page frag allocator using a single order 0 page - * and slicing it into 1K sized fragment. Constrained to systems - * with a very limited amount of 1K fragments fitting a single - * page - to avoid excessive truesize underestimation - */ - -struct page_frag_1k { - void *va; - u16 offset; - bool pfmemalloc; -}; - -static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp) -{ - struct page *page; - int offset; - - offset = nc->offset - SZ_1K; - if (likely(offset >= 0)) - goto use_frag; - - page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); - if (!page) - return NULL; - - nc->va = page_address(page); - nc->pfmemalloc = page_is_pfmemalloc(page); - offset = PAGE_SIZE - SZ_1K; - page_ref_add(page, offset / SZ_1K); - -use_frag: - nc->offset = offset; - return nc->va + offset; -} -#else - -/* the small page is actually unused in this build; add dummy helpers - * to please the compiler and avoid later preprocessor's conditionals - */ -#define NAPI_HAS_SMALL_PAGE_FRAG 0 -#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false - -struct page_frag_1k { -}; - -static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask) -{ - return NULL; -} - -#endif - struct napi_alloc_cache { local_lock_t bh_lock; struct page_frag_cache page; - struct page_frag_1k page_small; unsigned int skb_count; void *skb_cache[NAPI_SKB_CACHE_SIZE]; }; @@ -290,23 +232,6 @@ static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache) = { .bh_lock = INIT_LOCAL_LOCK(bh_lock), }; -/* Double check that napi_get_frags() allocates skbs with - * skb->head being backed by slab, not a page fragment. - * This is to make sure bug fixed in 3226b158e67c - * ("net: avoid 32 x truesize under-estimation for tiny skbs") - * does not accidentally come back. - */ -void napi_get_frags_check(struct napi_struct *napi) -{ - struct sk_buff *skb; - - local_bh_disable(); - skb = napi_get_frags(napi); - WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag); - napi_free_frags(napi); - local_bh_enable(); -} - void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) { struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); @@ -813,10 +738,8 @@ struct sk_buff *napi_alloc_skb(struct napi_struct *napi, unsigned int len) /* If requested length is either too small or too big, * we use kmalloc() for skb->head allocation. - * When the small frag allocator is available, prefer it over kmalloc - * for small fragments */ - if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) || + if (len <= SKB_WITH_OVERHEAD(1024) || len > SKB_WITH_OVERHEAD(PAGE_SIZE) || (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI, @@ -826,32 +749,16 @@ struct sk_buff *napi_alloc_skb(struct napi_struct *napi, unsigned int len) goto skb_success; } + len = SKB_HEAD_ALIGN(len); + if (sk_memalloc_socks()) gfp_mask |= __GFP_MEMALLOC; local_lock_nested_bh(&napi_alloc_cache.bh_lock); nc = this_cpu_ptr(&napi_alloc_cache); - if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) { - /* we are artificially inflating the allocation size, but - * that is not as bad as it may look like, as: - * - 'len' less than GRO_MAX_HEAD makes little sense - * - On most systems, larger 'len' values lead to fragment - * size above 512 bytes - * - kmalloc would use the kmalloc-1k slab for such values - * - Builds with smaller GRO_MAX_HEAD will very likely do - * little networking, as that implies no WiFi and no - * tunnels support, and 32 bits arches. - */ - len = SZ_1K; - data = page_frag_alloc_1k(&nc->page_small, gfp_mask); - pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small); - } else { - len = SKB_HEAD_ALIGN(len); - - data = page_frag_alloc(&nc->page, len, gfp_mask); - pfmemalloc = page_frag_cache_is_pfmemalloc(&nc->page); - } + data = page_frag_alloc(&nc->page, len, gfp_mask); + pfmemalloc = page_frag_cache_is_pfmemalloc(&nc->page); local_unlock_nested_bh(&napi_alloc_cache.bh_lock); if (unlikely(!data))

7 months

2
1
0 0

[PATCH v2] KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests

by Amit Machhiwal

Currently on book3s-hv, the capability KVM_CAP_SPAPR_TCE_VFIO is only available for KVM Guests running on PowerNV and not for the KVM guests running on pSeries hypervisors. This prevents a pSeries L2 guest from leveraging the in-kernel acceleration for H_PUT_TCE_INDIRECT and H_STUFF_TCE hcalls that results in slow startup times for large memory guests. Fix this by enabling the CAP_SPAPR_TCE_VFIO on the pSeries hosts as well for the nested PAPR guests. With the patch, booting an L2 guest with 128G memory results in an average improvement of 11% in the startup times. Fixes: f431a8cde7f1 ("powerpc/iommu: Reimplement the iommu_table_group_ops for pSeries") Cc: stable(a)vger.kernel.org Signed-off-by: Amit Machhiwal <amachhiw(a)linux.ibm.com> --- Changes since v1: * Addressed review comments from Ritesh * v1: https://lore.kernel.org/all/20250109132053.158436-1-amachhiw@linux.ibm.com/ arch/powerpc/kvm/powerpc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c index ce1d91eed231..a7138eb18d59 100644 --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c @@ -543,26 +543,23 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) r = !hv_enabled; break; #ifdef CONFIG_KVM_MPIC case KVM_CAP_IRQ_MPIC: r = 1; break; #endif #ifdef CONFIG_PPC_BOOK3S_64 case KVM_CAP_SPAPR_TCE: + fallthrough; case KVM_CAP_SPAPR_TCE_64: - r = 1; - break; case KVM_CAP_SPAPR_TCE_VFIO: - r = !!cpu_has_feature(CPU_FTR_HVMODE); - break; case KVM_CAP_PPC_RTAS: case KVM_CAP_PPC_FIXUP_HCALL: case KVM_CAP_PPC_ENABLE_HCALL: #ifdef CONFIG_KVM_XICS case KVM_CAP_IRQ_XICS: #endif case KVM_CAP_PPC_GET_CPU_CHAR: r = 1; break; #ifdef CONFIG_KVM_XIVE base-commit: 6d61a53dd6f55405ebcaea6ee38d1ab5a8856c2c -- 2.48.1

7 months

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror