- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051221-pacifist-liability-19cf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

1 month, 4 weeks

3
4
0 0

My name is Hendrick John Neverett an International Trade Compliance Expert and Loan Facilitator for individual and corporate Loan Services. It is my pleasure to inform you of my intention to start a business investment in your country and I want you to be my partner/fiduciary agent.Respond for further

by Hendrick John Neverett

1 month, 4 weeks

1
0
0 0

[PATCH v2] dummycon: Trigger redraw when switching consoles with deferred takeover

by Thomas Zimmermann

Signal vt subsystem to redraw console when switching to dummycon with deferred takeover enabled. Makes the console switch to fbcon and displays the available output. With deferred takeover enabled, dummycon acts as the placeholder until the first output to the console happens. At that point, fbcon takes over. If the output happens while dummycon is not active, it cannot inform fbcon. This is the case if the vt subsystem runs in graphics mode. A typical graphical boot starts plymouth, a display manager and a compositor; all while leaving out dummycon. Switching to a text-mode console leaves the console with dummycon even if a getty terminal has been started. Returning true from dummycon's con_switch helper signals the vt subsystem to redraw the screen. If there's output available dummycon's con_putc{s} helpers trigger deferred takeover of fbcon, which sets a display mode and displays the output. If no output is available, dummycon remains active. v2: - make the comment slightly more verbose (Javier) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Andrei Borzenkov <arvidjaar(a)gmail.com> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1242191 Tested-by: Andrei Borzenkov <arvidjaar(a)gmail.com> Acked-by: Javier Martinez Canillas <javierm(a)redhat.com> Fixes: 83d83bebf401 ("console/fbcon: Add support for deferred console takeover") Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: linux-fbdev(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.19+ --- drivers/video/console/dummycon.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c index 139049368fdc..7d02470f19b9 100644 --- a/drivers/video/console/dummycon.c +++ b/drivers/video/console/dummycon.c @@ -85,6 +85,15 @@ static bool dummycon_blank(struct vc_data *vc, enum vesa_blank_mode blank, /* Redraw, so that we get putc(s) for output done while blanked */ return true; } + +static bool dummycon_switch(struct vc_data *vc) +{ + /* + * Redraw, so that we get putc(s) for output done while switched + * away. Informs deferred consoles to take over the display. + */ + return true; +} #else static void dummycon_putc(struct vc_data *vc, u16 c, unsigned int y, unsigned int x) { } @@ -95,6 +104,10 @@ static bool dummycon_blank(struct vc_data *vc, enum vesa_blank_mode blank, { return false; } +static bool dummycon_switch(struct vc_data *vc) +{ + return false; +} #endif static const char *dummycon_startup(void) @@ -124,11 +137,6 @@ static bool dummycon_scroll(struct vc_data *vc, unsigned int top, return false; } -static bool dummycon_switch(struct vc_data *vc) -{ - return false; -} - /* * The console `switch' structure for the dummy console * -- 2.49.0

1 month, 4 weeks

1
0
0 0

[PATCH] sched/eevdf: avoid pick_eevdf() returns NULL

by limingming3

pick_eevdf() may return NULL, which would triggers NULL pointer dereference and crash when best and curr are both NULL. There are two cases when curr would be NULL: 1) curr is NULL when enter pick_eevdf 2) we set it to NUll when curr is not on_rq or eligible. And when we went to the best = curr flow, the se should never be NULL, So when best and curr are both NULL, we'd better set best = se to avoid return NULL. Below crash is what I encounter very low probability on our server and I have not reproduce it, and I also found other people feedback some similar crash on lore. So believe the issue is really exit. <1>[ 8.607396] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 <1>[ 8.607399] Mem abort info: <1>[ 8.607400] ESR = 0x0000000096000004 <1>[ 8.607401] EC = 0x25: DABT (current EL), IL = 32 bits <1>[ 8.607402] SET = 0, FnV = 0 <1>[ 8.607403] EA = 0, S1PTW = 0 <1>[ 8.607403] FSC = 0x04: level 0 translation fault <1>[ 8.607404] Data abort info: <1>[ 8.607404] ISV = 0, ISS = 0x00000004 <1>[ 8.607404] CM = 0, WnR = 0 <1>[ 8.607405] user pgtable: 4k pages, 48-bit VAs, pgdp=000000011efef000 <1>[ 8.607406] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 <0>[ 8.607409] Internal error: Oops: 0000000096000004 [#1] PREEMPT_RT SMP <4>[ 8.607412] Modules linked in: tegradisp(O) sch_ingress xt_tcpudp iptable_filter 8021q garp mrp um_heap(O) nvhost_isp5(O) spidev nvhost_vi5(O) bridge nvhost_nvcsi_t194(O) tegra_capture_isp(O) tegra210_adma stp llc nvhost_capture(O) tegra_aconnect watchdog_tegra_t18x(O) spi_tegra114 tegra_camera(O) v4l2_dv_timings v4l2_fwnode v4l2_async videobuf2_dma_contig tegra_drm(O) cpuidle_tegra_auto(O) nvhost_nvcsi(O) nvhost_nvdla(O) tegra_camera_platform(O) drm_dp_aux_bus camchar(O) capture_ivc(O) cec videobuf2_v4l2 camera_diagnostics(O) snd_soc_tegra_virt_t210ref_pcm(O) drm_display_helper videobuf2_memops rtcpu_debug(O) snd_soc_tegra210_virt_alt_adsp(O) videobuf2_common drm_kms_helper videodev nvadsp(O) cdi_mgr(O) nvhost_pva(O) cdi_pwm(O) isc_mgr(O) sha3_ce isc_pwm(O) sha3_generic cdi_dev(O) sha512_ce lm90 snd_soc_tegra210_virt_alt_admaif(O) tegra_bpmp_thermal sha512_arm64 tegra_hv_vcpu_yield(O) tegra_hv_pm_ctl(O) cam_fsync(O) cdi_gpio(O) ukl(O) isc_dev(O) mc tegra_camera_rtcpu(O) <4>[ 8.607458] board_id_driver(O) tegra_fsicom(O) isc_gpio(O) ivc_bus(O) hsp_mailbox_client(O) nvhwpm(O) host1x_nvhost(O) nvgpu(O) mc_utils(O) nvmap(O) hvc_sysfs(O) tegra_nvvse_cryptodev(O) tegra_hv_vse_safety(O) host1x_fence(O) host1x(O) nvsciipc(O) userspace_ivc_mempool(O) ivc_cdev(O) logger(O) drm fuse ip_tables x_tables nvme nvme_core hashed_ecid(O) oak_pci(O) nvethernet(O) nvpps(O) tegra_bpmp(O) tegra_vblk(O) li_osdump(O) tegra_hv_vblk_oops(O) <4>[ 8.607479] CPU: 9 PID: 1300 Comm: R000000007400 Tainted: G W O 6.1.119-rt45-prod-rt-tegra #1 <4>[ 8.607481] Hardware name: p3960-0010 (DT) <4>[ 8.607482] pstate: 224000c5 (nzCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) <4>[ 8.607483] pc : pick_next_task_fair+0x98/0x490 <4>[ 8.607490] lr : pick_next_task_fair+0x98/0x490 <4>[ 8.607490] sp : ffff800021bdb1b0 <4>[ 8.607491] x29: ffff800021bdb1b0 x28: ffff0000836205c0 x27: 0000000000001000 <4>[ 8.607492] x26: d8e0d16df7b8e848 x25: ffff000e881b6dc0 x24: ffff000e881b6dc0 <4>[ 8.607494] x23: ffff800021bdb268 x22: ffff000e881b6d40 x21: ffff000083620000 <4>[ 8.607495] x20: ffff000e881b6dc0 x19: ffff000e881b6d40 x18: 00000000000005c8 <4>[ 8.607496] x17: 0000000000000000 x16: ffffd16df7896b40 x15: 0000000000000000 <4>[ 8.607497] x14: 0000000000000014 x13: ffff800021bdba90 x12: ffff0000b052f300 <4>[ 8.607498] x11: 00000000c425686b x10: 00000002010a4ab3 x9 : ffffd16df6ca7778 <4>[ 8.607499] x8 : ffff800021bdb390 x7 : 0000000000000000 x6 : 0000000000000002 <4>[ 8.607500] x5 : 0000000000000003 x4 : 0000000000000003 x3 : 0ab3e2bc8934c987 <4>[ 8.607501] x2 : ffff000085241ec0 x1 : 0abe8499696457cc x0 : 0000000000000000 <4>[ 8.607503] Call trace: <4>[ 8.607503] pick_next_task_fair+0x98/0x490 <4>[ 8.607505] __schedule+0x16c/0x870 <4>[ 8.607511] schedule_rtlock+0x28/0x60 <4>[ 8.607513] rtlock_slowlock_locked+0x3a0/0xcf0 <4>[ 8.607515] rt_spin_lock+0xb0/0xe0 <4>[ 8.607516] __wake_up_common_lock+0x68/0xe0 <4>[ 8.607519] __wake_up_sync_key+0x28/0x50 <4>[ 8.607520] sock_def_readable+0x48/0xa0 <4>[ 8.607523] __udp_enqueue_schedule_skb+0x158/0x2e0 <4>[ 8.607527] udp_queue_rcv_one_skb+0x1f8/0x6f0 <4>[ 8.607529] udp_queue_rcv_skb+0x64/0x290 <4>[ 8.607531] __udp4_lib_rcv+0x654/0x980 <4>[ 8.607532] udp_rcv+0x28/0x40 <4>[ 8.607533] ip_protocol_deliver_rcu+0x40/0x1d0 <4>[ 8.607538] ip_local_deliver_finish+0x84/0xe0 <4>[ 8.607540] ip_local_deliver+0x84/0x130 <4>[ 8.607542] ip_rcv+0x78/0x150 <4>[ 8.607544] __netif_receive_skb_one_core+0x60/0xb0 <4>[ 8.607548] __netif_receive_skb+0x20/0x80 <4>[ 8.607549] process_backlog+0xcc/0x1a0 <4>[ 8.607551] __napi_poll.constprop.0+0x40/0x230 <4>[ 8.607552] net_rx_action+0x13c/0x310 <4>[ 8.607553] handle_softirqs.isra.0+0x118/0x3a0 <4>[ 8.607556] __local_bh_enable_ip+0x8c/0x110 <4>[ 8.607556] netif_rx+0xf4/0x1d0 <4>[ 8.607558] dev_loopback_xmit+0x88/0x170 <4>[ 8.607559] ip_mc_finish_output+0x7c/0x180 <4>[ 8.607561] ip_mc_output+0x338/0x350 <4>[ 8.607562] ip_send_skb+0x58/0x130 <4>[ 8.607563] udp_send_skb+0x11c/0x3d0 <4>[ 8.607564] udp_sendmsg+0x794/0x9d0 <4>[ 8.607566] inet_sendmsg+0x4c/0xa0 <4>[ 8.607568] __sock_sendmsg+0x64/0x80 <4>[ 8.607572] __sys_sendto+0x114/0x170 <4>[ 8.607573] __arm64_sys_sendto+0x30/0x50 <4>[ 8.607575] invoke_syscall+0x50/0x140 <4>[ 8.607579] el0_svc_common.constprop.0+0x4c/0x110 <4>[ 8.607581] do_el0_svc+0x2c/0x90 <4>[ 8.607583] el0_svc+0x2c/0xa0 <4>[ 8.607585] el0t_64_sync_handler+0x124/0x130 <4>[ 8.607586] el0t_64_sync+0x190/0x194 <0>[ 8.607589] Code: 97fff1ee 37000200 aa1403e0 97ffddc7 (f9405014) <4>[ 8.607596] ---[ end trace 0000000000000000 ]--- Signed-off-by: limingming3 <limingming3(a)lixiang.com> --- kernel/sched/fair.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 0fb9bf995a47..7fd867d6b62d 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -978,7 +978,7 @@ static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq) } found: if (!best || (curr && entity_before(curr, best))) - best = curr; + best = curr ? curr : se; return best; } -- 2.48.1

1 month, 4 weeks

4
4
0 0

Linux 6.14.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.7 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .clippy.toml | 2 Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 168 ++++++++ Documentation/admin-guide/kernel-parameters.txt | 18 Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/spectre.h | 3 arch/arm64/kernel/cpufeature.c | 9 arch/arm64/kernel/proton-pack.c | 13 arch/arm64/kvm/mmu.c | 13 arch/arm64/lib/insn.c | 60 +- arch/arm64/net/bpf_jit_comp.c | 57 ++ arch/mips/include/asm/ptrace.h | 3 arch/riscv/kernel/process.c | 6 arch/riscv/kernel/traps.c | 64 +-- arch/riscv/kernel/traps_misaligned.c | 17 arch/s390/kernel/entry.S | 3 arch/s390/pci/pci_clp.c | 2 arch/x86/Kconfig | 12 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/microcode.h | 2 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 10 arch/x86/kernel/alternative.c | 208 +++++++++- arch/x86/kernel/cpu/bugs.c | 176 ++++++++ arch/x86/kernel/cpu/common.c | 72 ++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/microcode/core.c | 58 +- arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/cpu/microcode/internal.h | 1 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/head32.c | 4 arch/x86/kernel/module.c | 6 arch/x86/kernel/static_call.c | 4 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/mmu/mmu.c | 69 ++- arch/x86/kvm/smm.c | 1 arch/x86/kvm/svm/svm.c | 4 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/mm/tlb.c | 23 + arch/x86/net/bpf_jit_comp.c | 58 ++ drivers/accel/ivpu/ivpu_hw.c | 2 drivers/accel/ivpu/ivpu_job.c | 90 +++- drivers/base/cpu.c | 3 drivers/block/loop.c | 43 +- drivers/bluetooth/btmtk.c | 10 drivers/clocksource/i8253.c | 4 drivers/firmware/arm_scmi/driver.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 29 - drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 4 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 + drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 14 drivers/gpu/drm/panel/panel-simple.c | 25 - drivers/gpu/drm/v3d/v3d_sched.c | 28 + drivers/gpu/drm/xe/tests/xe_mocs.c | 7 drivers/gpu/drm/xe/xe_gt_debugfs.c | 9 drivers/gpu/drm/xe/xe_gt_pagefault.c | 11 drivers/hv/hyperv_vmbus.h | 6 drivers/hv/vmbus_drv.c | 100 ++++ drivers/iio/accel/adis16201.c | 4 drivers/iio/accel/adxl355_core.c | 2 drivers/iio/accel/adxl367.c | 10 drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/adc/dln2-adc.c | 2 drivers/iio/adc/rockchip_saradc.c | 17 drivers/iio/chemical/pms7003.c | 5 drivers/iio/chemical/sps30.c | 2 drivers/iio/common/hid-sensors/hid-sensor-attributes.c | 4 drivers/iio/imu/bmi270/bmi270_core.c | 6 drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 drivers/iio/light/hid-sensor-prox.c | 22 - drivers/iio/light/opt3001.c | 5 drivers/iio/pressure/mprls0025pa.h | 17 drivers/iio/temperature/maxim_thermocouple.c | 2 drivers/input/joystick/xpad.c | 40 + drivers/input/keyboard/mtk-pmic-keys.c | 4 drivers/input/mouse/synaptics.c | 5 drivers/input/touchscreen/cyttsp5.c | 7 drivers/md/dm-table.c | 3 drivers/net/can/m_can/m_can.c | 3 drivers/net/can/rockchip/rockchip_canfd-core.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +- drivers/net/dsa/b53/b53_common.c | 207 +++++++-- drivers/net/dsa/b53/b53_priv.h | 3 drivers/net/dsa/bcm_sf2.c | 1 drivers/net/ethernet/intel/ice/ice_adapter.c | 47 -- drivers/net/ethernet/intel/ice/ice_adapter.h | 6 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 19 drivers/net/ethernet/meta/fbnic/fbnic_csr.h | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 197 +++++---- drivers/net/ethernet/meta/fbnic/fbnic_mac.c | 6 drivers/net/virtio_net.c | 23 - drivers/nvme/host/core.c | 3 drivers/pci/hotplug/s390_pci_hpc.c | 1 drivers/staging/axis-fifo/axis-fifo.c | 14 drivers/staging/iio/adc/ad7816.c | 2 drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c | 1 drivers/uio/uio_hv_generic.c | 39 - drivers/usb/cdns3/cdnsp-gadget.c | 31 + drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-pci.c | 12 drivers/usb/cdns3/cdnsp-ring.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/class/usbtmc.c | 59 +- drivers/usb/dwc3/core.h | 4 drivers/usb/dwc3/gadget.c | 60 +- drivers/usb/gadget/composite.c | 12 drivers/usb/gadget/function/f_ecm.c | 7 drivers/usb/gadget/udc/tegra-xudc.c | 4 drivers/usb/host/uhci-platform.c | 2 drivers/usb/host/xhci-dbgcap.c | 19 drivers/usb/host/xhci-dbgcap.h | 3 drivers/usb/host/xhci-tegra.c | 3 drivers/usb/misc/onboard_usb_dev.c | 10 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/displayport.c | 21 - drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 2 drivers/vfio/pci/vfio_pci_core.c | 12 drivers/xen/swiotlb-xen.c | 1 drivers/xen/xenbus/xenbus.h | 2 drivers/xen/xenbus/xenbus_comms.c | 9 drivers/xen/xenbus/xenbus_dev_frontend.c | 2 drivers/xen/xenbus/xenbus_xs.c | 18 fs/btrfs/volumes.c | 91 ---- fs/erofs/fileio.c | 4 fs/erofs/zdata.c | 31 - fs/namespace.c | 3 fs/ocfs2/alloc.c | 1 fs/ocfs2/journal.c | 80 ++- fs/ocfs2/journal.h | 1 fs/ocfs2/ocfs2.h | 17 fs/ocfs2/quota_local.c | 9 fs/ocfs2/suballoc.c | 38 + fs/ocfs2/suballoc.h | 1 fs/ocfs2/super.c | 3 fs/smb/client/cached_dir.c | 10 fs/smb/server/oplock.c | 7 fs/smb/server/smb2pdu.c | 5 fs/smb/server/vfs.c | 7 fs/smb/server/vfs_cache.c | 33 + fs/userfaultfd.c | 28 + include/linux/cpu.h | 2 include/linux/execmem.h | 3 include/linux/hyperv.h | 6 include/linux/ieee80211.h | 2 include/linux/module.h | 5 include/linux/timekeeper_internal.h | 8 include/linux/vmalloc.h | 1 include/net/netdev_queues.h | 6 init/Kconfig | 3 io_uring/io_uring.c | 58 +- io_uring/sqpoll.c | 2 kernel/params.c | 4 kernel/time/timekeeping.c | 50 ++ kernel/time/vsyscall.c | 4 mm/huge_memory.c | 11 mm/internal.h | 27 - mm/memblock.c | 9 mm/page_alloc.c | 161 ++++--- mm/vmalloc.c | 31 + net/can/gw.c | 149 ++++--- net/core/filter.c | 1 net/core/netdev-genl.c | 69 ++- net/ipv6/addrconf.c | 15 net/mac80211/mlme.c | 12 net/netfilter/ipset/ip_set_hash_gen.h | 2 net/netfilter/ipvs/ip_vs_xmit.c | 27 - net/openvswitch/actions.c | 3 net/sched/sch_htb.c | 15 net/wireless/scan.c | 2 rust/bindings/lib.rs | 1 rust/kernel/alloc/kvec.rs | 3 rust/kernel/list.rs | 3 rust/kernel/str.rs | 46 +- rust/macros/module.rs | 19 rust/macros/paste.rs | 2 rust/macros/pinned_drop.rs | 3 rust/uapi/lib.rs | 1 tools/objtool/check.c | 1 tools/testing/selftests/Makefile | 1 tools/testing/selftests/mm/compaction_test.c | 19 tools/testing/selftests/mm/pkey-powerpc.h | 14 tools/testing/selftests/mm/pkey_util.c | 1 tools/testing/selftests/x86/bugs/Makefile | 3 tools/testing/selftests/x86/bugs/common.py | 164 +++++++ tools/testing/selftests/x86/bugs/its_indirect_alignment.py | 150 +++++++ tools/testing/selftests/x86/bugs/its_permutations.py | 109 +++++ tools/testing/selftests/x86/bugs/its_ret_alignment.py | 139 ++++++ tools/testing/selftests/x86/bugs/its_sysfs.py | 65 +++ 215 files changed, 3564 insertions(+), 1212 deletions(-) Aditya Garg (3): Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Al Viro (1): do_umount(): add missing barrier before refcount checks in sync case Alex Deucher (7): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush Alex Williamson (1): vfio/pci: Align huge faults to order Alexander Duyck (7): fbnic: Fix initialization of mailbox descriptor rings fbnic: Gate AXI read/write enabling on FW mailbox fbnic: Actually flush_tx instead of stalling out fbnic: Cleanup handling of completions fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context fbnic: Do not allow mailbox to toggle to ready outside fbnic_mbx_poll_tx_ready Alexey Charkov (1): usb: uhci-platform: Make the clock really optional Andrei Kuchynski (2): usb: typec: ucsi: displayport: Fix deadlock usb: typec: ucsi: displayport: Fix NULL pointer access Angelo Dureghello (1): iio: adc: ad7606: fix serial register access Antonios Salios (1): can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe Aurabindo Pillai (1): drm/amd/display: more liberal vmin/vmax update for freesync Borislav Petkov (AMD) (1): x86/microcode: Consolidate the loader enablement checking Christoph Hellwig (1): loop: factor out a loop_assign_backing_file helper Clément Léger (2): riscv: misaligned: factorize trap handling riscv: misaligned: enable IRQs while handling misaligned accesses Cong Wang (1): sch_htb: make htb_deactivate() idempotent Cristian Marussi (1): firmware: arm_scmi: Fix timeout checks on polling path Dan Carpenter (1): dm: add missing unlock on in dm_keyslot_evict() Daniel Golle (1): net: ethernet: mtk_eth_soc: reset all TX queues on DMA free Daniel Sneddon (2): x86/bpf: Call branch history clearing sequence on exit x86/bpf: Add IBHF call at end of classic BPF Daniel Wagner (1): nvme: unblock ctrl state transition for firmware update Dave Hansen (1): x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return Dave Stevenson (1): staging: bcm2835-camera: Initialise dev in v4l2_dev David Lechner (4): iio: chemical: sps30: use aligned_s64 for timestamp iio: chemical: pms7003: use aligned_s64 for timestamp iio: imu: inv_mpu6050: align buffer for timestamp iio: pressure: mprls0025pa: use aligned_s64 for timestamp Dmitry Antipov (1): module: ensure that kobject_put() is safe for module type kobjects Dmitry Torokhov (1): Input: synaptics - enable SMBus for HP Elitebook 850 G1 Eelco Chaudron (1): openvswitch: Fix unsafe attribute parsing in output_userspace() Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Frank Wunderlich (1): net: ethernet: mtk_eth_soc: do not reset PSE when setting FE Gabriel Krisman Bertazi (1): io_uring/sqpoll: Increase task_work submission batch size Gabriel Shahrouzi (4): staging: iio: adc: ad7816: Correct conditional logic for store mode staging: axis-fifo: Remove hardware resets for user errors staging: axis-fifo: Correct handling of tx_fifo_depth for size validation iio: adis16201: Correct inclinometer channel resolution Gao Xiang (1): erofs: ensure the extra temporary copy is valid for shortened bvecs Gary Bisson (1): Input: mtk-pmic-keys - fix possible null pointer dereference Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Greg Kroah-Hartman (1): Linux 6.14.7 Guillaume Nault (1): gre: Fix again IPv6 link-local address generation. Gustavo Silva (1): iio: imu: bmi270: fix initial sampling frequency configuration Hao Qin (1): Bluetooth: btmtk: Remove the resetting step before downloading the fw Heiko Carstens (1): s390/entry: Fix last breaking event handling in case of stack corruption Heming Zhao (1): ocfs2: fix the issue with discontiguous allocation in the global_bitmap Hugo Villeneuve (1): Input: cyttsp5 - ensure minimum reset pulse width Jacek Lawrynowicz (1): accel/ivpu: Increase state dump msg timeout Jakub Kicinski (4): virtio-net: don't re-enable refill work too early when NAPI is disabled virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() net: export a helper for adding up queue stats virtio-net: fix total qstat values James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (3): ocfs2: switch osb->disable_recovery to enum ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: stop quota recovery before disabling quotas Jason Andryuk (1): xenbus: Use kref to track req lifetime Jens Axboe (2): io_uring: ensure deferred completions are flushed for multishot io_uring: always arm linked timeouts prior to issue Jim Lin (1): usb: host: tegra: Prevent host controller crash when OTG port is used Johannes Weiner (2): mm: page_alloc: don't steal single pages from biggest buddy mm: page_alloc: speed up fallbacks in rmqueue_bulk() John Ernberg (1): xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it Jonas Gorski (11): net: dsa: b53: allow leaky reserved multicast net: dsa: b53: keep CPU port always tagged again net: dsa: b53: fix clearing PVID of a port net: dsa: b53: fix flushing old pvid VLAN on pvid change net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave net: dsa: b53: always rejoin default untagged VLAN on bridge leave net: dsa: b53: do not allow to configure VLAN 0 net: dsa: b53: do not program vlans when vlan filtering is off net: dsa: b53: fix toggling vlan_filtering net: dsa: b53: fix learning on VLAN unaware bridges net: dsa: b53: do not set learning and unicast/multicast on up Jonathan Cameron (5): iio: adc: ad7768-1: Fix insufficient alignment of timestamp. iio: adc: ad7266: Fix potential timestamp alignment issue. iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 iio: adc: dln2: Use aligned_s64 for timestamp Jozsef Kadlecsik (1): netfilter: ipset: fix region locking in hash types Julian Anastasov (1): ipvs: fix uninit-value for saddr in do_output_route4 Karol Wachowski (2): accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation accel/ivpu: Correct mutex unlock order in job submission Kees Cook (1): mm: vmalloc: support more granular vrealloc() sizing Kelsey Maes (1): can: mcp251xfd: fix TDC setting for low data bit rates Kevin Baker (1): drm/panel: simple: Update timings for AUO G101EVN010 Lizhi Xu (1): loop: Add sanity check for read/write_iter Lode Willems (1): Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller Lothar Rubusch (1): iio: accel: adxl367: fix setting odr for activity time update Luca Ceresoli (1): iio: light: opt3001: fix deadlock due to concurrent flag access Lukasz Czechowski (1): usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs Madhavan Srinivasan (1): selftests/mm: fix build break when compiling pkey_util.c Manuel Fombuena (1): Input: synaptics - enable InterTouch on Dynabook Portege X30-D Marc Kleine-Budde (3): can: mcan: m_can_class_unregister(): fix order of unregistration calls can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls Mark Tinguely (1): ocfs2: fix panic in failed foilio allocation Mathias Nyman (1): xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Matthew Brost (1): drm/xe: Add page queue multiplier Max Kellermann (1): fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() Maíra Canal (1): drm/v3d: Add job to pending list if the reset was skipped Michael-CY Lee (1): wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping Miguel Ojeda (5): rust: clean Rust 1.88.0's `unnecessary_transmutes` lint objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0 rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration rust: allow Rust 1.87.0's `clippy::ptr_eq` lint rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint Mikael Gonella-Bolduc (1): Input: cyttsp5 - fix power control issue on wakeup Mikhail Lobanov (1): KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Nam Cao (1): riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL Naman Jain (1): uio_hv_generic: Fix sysfs creation path for ring buffer Namjae Jeon (1): ksmbd: prevent rename with empty string Niklas Schnelle (2): s390/pci: Fix missing check for zpci_create_device() error return s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs Norbert Szetei (1): ksmbd: prevent out-of-bounds stream writes by validating *pos Nylon Chen (1): riscv: misaligned: Add handling for ZCB instructions Nysal Jan K.A. (1): selftests/mm: fix a build failure on powerpc Oliver Hartkopp (1): can: gw: fix RCU/BH usage in cgw_create_job() Oliver Neukum (1): USB: usbtmc: use interruptible sleep in usbtmc_read Paul Aurich (1): smb: client: Avoid race in open_cached_dir with lease breaks Paul Chaignon (1): bpf: Scrub packet on bpf_redirect_peer Pawan Gupta (11): x86/bhi: Do not set BHI_DIS_S in 32-bit mode Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Add support for RSB stuffing mitigation x86/its: Align RETs in BHB clear sequence to avoid thunking x86/ibt: Keep IBT disabled during alternative patching selftest/x86/bugs: Add selftests for ITS Pawel Laszczak (2): usb: cdnsp: Fix issue with resuming from L1 usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Peter Xu (1): mm/userfaultfd: fix uninitialized output field for -EAGAIN race Peter Zijlstra (2): x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Petr Vaněk (1): mm: fix folio_pte_batch() on XEN PV Prashanth K (3): usb: dwc3: gadget: Make gadget_wakeup asynchronous usb: gadget: f_ecm: Add get_status callback usb: gadget: Use get_status callback to set remote wakeup capability Przemek Kitszel (1): ice: use DSN instead of PCI BDF for ice_adapter index Qu Wenruo (1): Revert "btrfs: canonicalize the device path before adding it" RD Babiera (1): usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Roman Li (1): drm/amd/display: Fix invalid context error in dml helper Ruijing Dong (1): drm/amdgpu/vcn: using separate VCN1_AON_SOC offset Samuel Holland (1): riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm Sean Christopherson (1): KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Sean Heelan (1): ksmbd: Fix UAF in __close_file_table_ids Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Sebastian Ott (1): KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Shuicheng Lin (1): drm/xe: Release force wake first then runtime power Silvano Seva (2): iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Simon Xue (1): iio: adc: rockchip: Fix clock initialization sequence Tejas Upadhyay (1): drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs Thomas Gleixner (1): timekeeping: Prevent coarse clocks going backwards Thorsten Blum (1): MIPS: Fix MAX_REG_OFFSET Tom Lendacky (1): memblock: Accept allocated memory before use in memblock_double_array() Veerendranath Jakkam (1): wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Vicki Pfau (2): Input: xpad - fix Share button on Xbox One controllers Input: xpad - fix two controller table values Wang Zhaolong (1): ksmbd: fix memory leak in parse_lease_state() Wayne Chang (1): usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Wayne Lin (5): drm/amd/display: Shift DMUB AUX reply command if necessary drm/amd/display: Fix the checking condition in dmub aux handling drm/amd/display: Remove incorrect checking in dmub aux handler drm/amd/display: Fix wrong handling for AUX_DEFER case drm/amd/display: Copy AUX read reply data whenever length > 0 Wojciech Dubowik (1): arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 Yeoreum Yun (1): arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation Zhang Lixu (3): iio: hid-sensor-prox: Restore lost scale assignments iio: hid-sensor-prox: support multi-channel SCALE calculation iio: hid-sensor-prox: Fix incorrect OFFSET calculation

1 month, 4 weeks

2
2
0 0

[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- arch/powerpc/lib/crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5da..3f9e1bbd9905b 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -8,10 +8,11 @@ config CRYPTO_CHACHA20_P10 select CRYPTO_ARCH_HAVE_LIB_CHACHA config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC config CRYPTO_SHA256_PPC_SPE base-commit: 57999ed153ed7e651afecbabe0e998e75cf2d798 -- 2.49.0

1 month, 4 weeks

3
7
0 0

[PATCH 0/4 RESEND] crypto: octeontx2: Fix hang and address alignment issues

by Bharat Bhushan

First patch of the series fixes possible infinite loop. Remaining three patches fixes address alignment issue observed after "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size()" Patch-2 and patch-3 applies to stable version 6.6 onwards. Patch-4 applies to stable version 6.12 onwards Bharat Bhushan (4): crypto: octeontx2: add timeout for load_fvc completion poll crypto: octeontx2: Fix address alignment issue on ucode loading crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2 crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0 .../marvell/octeontx2/otx2_cpt_reqmgr.h | 119 +++++++++++++----- .../marvell/octeontx2/otx2_cptpf_ucode.c | 46 ++++--- 2 files changed, 121 insertions(+), 44 deletions(-) -- 2.34.1

1 month, 4 weeks

4
9
0 0

[PATCH 1/1] Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests

by mhkelley58＠gmail.com

From: Michael Kelley <mhklinux(a)outlook.com> The Hyper-V host provides guest VMs with a range of MMIO addresses that guest VMBus drivers can use. The VMBus driver in Linux manages that MMIO space, and allocates portions to drivers upon request. As part of managing that MMIO space in a Generation 2 VM, the VMBus driver must reserve the portion of the MMIO space that Hyper-V has designated for the synthetic frame buffer, and not allocate this space to VMBus drivers other than graphics framebuffer drivers. The synthetic frame buffer MMIO area is described by the screen_info data structure that is passed to the Linux kernel at boot time, so the VMBus driver must access screen_info for Generation 2 VMs. (In Generation 1 VMs, the framebuffer MMIO space is communicated to the guest via a PCI pseudo-device, and access to screen_info is not needed.) In commit a07b50d80ab6 ("hyperv: avoid dependency on screen_info") the VMBus driver's access to screen_info is restricted to when CONFIG_SYSFB is enabled. CONFIG_SYSFB is typically enabled in kernels built for Hyper-V by virtue of having at least one of CONFIG_FB_EFI, CONFIG_FB_VESA, or CONFIG_SYSFB_SIMPLEFB enabled, so the restriction doesn't usually affect anything. But it's valid to have none of these enabled, in which case CONFIG_SYSFB is not enabled, and the VMBus driver is unable to properly reserve the framebuffer MMIO space for graphics framebuffer drivers. The framebuffer MMIO space may be assigned to some other VMBus driver, with undefined results. As an example, if a VM is using a PCI pass-thru NVMe controller to host the OS disk, the PCI NVMe controller is probed before any graphic devices, and the NVMe controller is assigned a portion of the framebuffer MMIO space. Hyper-V reports an error to Linux during the probe, and the OS disk fails to get setup. Then Linux fails to boot in the VM. Fix this by having CONFIG_HYPERV always select SYSFB. Then the VMBus driver in a Gen 2 VM can always reserve the MMIO space for the graphics framebuffer driver, and prevent the undefined behavior. Fixes: a07b50d80ab6 ("hyperv: avoid dependency on screen_info") Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> --- drivers/hv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig index eefa0b559b73..e3b07f390c03 100644 --- a/drivers/hv/Kconfig +++ b/drivers/hv/Kconfig @@ -9,6 +9,7 @@ config HYPERV select PARAVIRT select X86_HV_CALLBACK_VECTOR if X86 select OF_EARLY_FLATTREE if OF + select SYSFB help Select this option to run Linux as a Hyper-V client operating system. -- 2.25.1

1 month, 4 weeks

5
8
0 0

[PATCH] mmc: sdhci-omap: Add error handling for sdhci_runtime_suspend_host()

by Wentao Liang

The sdhci_omap_runtime_suspend() calls sdhci_runtime_suspend_host() but does not handle the return value. A proper implementation can be found in sdhci_am654_runtime_suspend(). Add error handling for sdhci_runtime_suspend_host(). Return the error code if the suspend fails. Fixes: f433e8aac6b9 ("mmc: sdhci-omap: Implement PM runtime functions") Cc: stable(a)vger.kernel.org # v5.16 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/mmc/host/sdhci-omap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-omap.c b/drivers/mmc/host/sdhci-omap.c index 54d795205fb4..69b2e4e5cb20 100644 --- a/drivers/mmc/host/sdhci-omap.c +++ b/drivers/mmc/host/sdhci-omap.c @@ -1438,6 +1438,7 @@ static int __maybe_unused sdhci_omap_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_omap_host *omap_host = sdhci_pltfm_priv(pltfm_host); + int ret; if (host->tuning_mode != SDHCI_TUNING_MODE_3) mmc_retune_needed(host->mmc); @@ -1445,7 +1446,9 @@ static int __maybe_unused sdhci_omap_runtime_suspend(struct device *dev) if (omap_host->con != -EINVAL) sdhci_runtime_suspend_host(host); - sdhci_omap_context_save(omap_host); + ret = sdhci_omap_context_save(omap_host); + if (ret) + return ret; pinctrl_pm_select_idle_state(dev); -- 2.42.0.windows.2

1 month, 4 weeks

2
1
0 0

+ alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: alloc_tag: allocate percpu counters for module tags dynamically has been added to the -mm mm-hotfixes-unstable branch. Its filename is alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: allocate percpu counters for module tags dynamically Date: Fri, 16 May 2025 17:07:39 -0700 When a module gets unloaded it checks whether any of its tags are still in use and if so, we keep the memory containing module's allocation tags alive until all tags are unused. However percpu counters referenced by the tags are freed by free_module(). This will lead to UAF if the memory allocated by a module is accessed after module was unloaded. To fix this we allocate percpu counters for module allocation tags dynamically and we keep it alive for tags which are still in use after module unloading. This also removes the requirement of a larger PERCPU_MODULE_RESERVE when memory allocation profiling is enabled because percpu memory for counters does not need to be reserved anymore. Link: https://lkml.kernel.org/r/20250517000739.5930-1-surenb@google.com Fixes: 0db6f8d7820a ("alloc_tag: load module tags into separate contiguous memory") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: David Wang <00107082(a)163.com> Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/ Tested-by: David Wang <00107082(a)163.com> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: Dennis Zhou <dennis(a)kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/alloc_tag.h | 12 ++++ include/linux/codetag.h | 8 +-- include/linux/percpu.h | 4 - lib/alloc_tag.c | 89 ++++++++++++++++++++++++++++-------- lib/codetag.c | 5 +- 5 files changed, 89 insertions(+), 29 deletions(-) --- a/include/linux/alloc_tag.h~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/include/linux/alloc_tag.h @@ -104,6 +104,16 @@ DECLARE_PER_CPU(struct alloc_tag_counter #else /* ARCH_NEEDS_WEAK_PER_CPU */ +#ifdef MODULE + +#define DEFINE_ALLOC_TAG(_alloc_tag) \ + static struct alloc_tag _alloc_tag __used __aligned(8) \ + __section(ALLOC_TAG_SECTION_NAME) = { \ + .ct = CODE_TAG_INIT, \ + .counters = NULL }; + +#else /* MODULE */ + #define DEFINE_ALLOC_TAG(_alloc_tag) \ static DEFINE_PER_CPU(struct alloc_tag_counters, _alloc_tag_cntr); \ static struct alloc_tag _alloc_tag __used __aligned(8) \ @@ -111,6 +121,8 @@ DECLARE_PER_CPU(struct alloc_tag_counter .ct = CODE_TAG_INIT, \ .counters = &_alloc_tag_cntr }; +#endif /* MODULE */ + #endif /* ARCH_NEEDS_WEAK_PER_CPU */ DECLARE_STATIC_KEY_MAYBE(CONFIG_MEM_ALLOC_PROFILING_ENABLED_BY_DEFAULT, --- a/include/linux/codetag.h~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/include/linux/codetag.h @@ -36,10 +36,10 @@ union codetag_ref { struct codetag_type_desc { const char *section; size_t tag_size; - void (*module_load)(struct codetag_type *cttype, - struct codetag_module *cmod); - void (*module_unload)(struct codetag_type *cttype, - struct codetag_module *cmod); + void (*module_load)(struct module *mod, + struct codetag *start, struct codetag *end); + void (*module_unload)(struct module *mod, + struct codetag *start, struct codetag *end); #ifdef CONFIG_MODULES void (*module_replaced)(struct module *mod, struct module *new_mod); bool (*needs_section_mem)(struct module *mod, unsigned long size); --- a/include/linux/percpu.h~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/include/linux/percpu.h @@ -15,11 +15,7 @@ /* enough to cover all DEFINE_PER_CPUs in modules */ #ifdef CONFIG_MODULES -#ifdef CONFIG_MEM_ALLOC_PROFILING -#define PERCPU_MODULE_RESERVE (8 << 13) -#else #define PERCPU_MODULE_RESERVE (8 << 10) -#endif #else #define PERCPU_MODULE_RESERVE 0 #endif --- a/lib/alloc_tag.c~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/lib/alloc_tag.c @@ -350,18 +350,28 @@ static bool needs_section_mem(struct mod return size >= sizeof(struct alloc_tag); } -static struct alloc_tag *find_used_tag(struct alloc_tag *from, struct alloc_tag *to) +static bool clean_unused_counters(struct alloc_tag *start_tag, + struct alloc_tag *end_tag) { - while (from <= to) { + struct alloc_tag *tag; + bool ret = true; + + for (tag = start_tag; tag <= end_tag; tag++) { struct alloc_tag_counters counter; - counter = alloc_tag_read(from); - if (counter.bytes) - return from; - from++; + if (!tag->counters) + continue; + + counter = alloc_tag_read(tag); + if (!counter.bytes) { + free_percpu(tag->counters); + tag->counters = NULL; + } else { + ret = false; + } } - return NULL; + return ret; } /* Called with mod_area_mt locked */ @@ -371,12 +381,16 @@ static void clean_unused_module_areas_lo struct module *val; mas_for_each(&mas, val, module_tags.size) { + struct alloc_tag *start_tag; + struct alloc_tag *end_tag; + if (val != &unloaded_mod) continue; /* Release area if all tags are unused */ - if (!find_used_tag((struct alloc_tag *)(module_tags.start_addr + mas.index), - (struct alloc_tag *)(module_tags.start_addr + mas.last))) + start_tag = (struct alloc_tag *)(module_tags.start_addr + mas.index); + end_tag = (struct alloc_tag *)(module_tags.start_addr + mas.last); + if (clean_unused_counters(start_tag, end_tag)) mas_erase(&mas); } } @@ -561,7 +575,8 @@ unlock: static void release_module_tags(struct module *mod, bool used) { MA_STATE(mas, &mod_area_mt, module_tags.size, module_tags.size); - struct alloc_tag *tag; + struct alloc_tag *start_tag; + struct alloc_tag *end_tag; struct module *val; mas_lock(&mas); @@ -575,15 +590,22 @@ static void release_module_tags(struct m if (!used) goto release_area; - /* Find out if the area is used */ - tag = find_used_tag((struct alloc_tag *)(module_tags.start_addr + mas.index), - (struct alloc_tag *)(module_tags.start_addr + mas.last)); - if (tag) { - struct alloc_tag_counters counter = alloc_tag_read(tag); - - pr_info("%s:%u module %s func:%s has %llu allocated at module unload\n", - tag->ct.filename, tag->ct.lineno, tag->ct.modname, - tag->ct.function, counter.bytes); + start_tag = (struct alloc_tag *)(module_tags.start_addr + mas.index); + end_tag = (struct alloc_tag *)(module_tags.start_addr + mas.last); + if (!clean_unused_counters(start_tag, end_tag)) { + struct alloc_tag *tag; + + for (tag = start_tag; tag <= end_tag; tag++) { + struct alloc_tag_counters counter; + + if (!tag->counters) + continue; + + counter = alloc_tag_read(tag); + pr_info("%s:%u module %s func:%s has %llu allocated at module unload\n", + tag->ct.filename, tag->ct.lineno, tag->ct.modname, + tag->ct.function, counter.bytes); + } } else { used = false; } @@ -596,6 +618,34 @@ out: mas_unlock(&mas); } +static void load_module(struct module *mod, struct codetag *start, struct codetag *stop) +{ + /* Allocate module alloc_tag percpu counters */ + struct alloc_tag *start_tag; + struct alloc_tag *stop_tag; + struct alloc_tag *tag; + + if (!mod) + return; + + start_tag = ct_to_alloc_tag(start); + stop_tag = ct_to_alloc_tag(stop); + for (tag = start_tag; tag < stop_tag; tag++) { + WARN_ON(tag->counters); + tag->counters = alloc_percpu(struct alloc_tag_counters); + if (!tag->counters) { + while (--tag >= start_tag) { + free_percpu(tag->counters); + tag->counters = NULL; + } + shutdown_mem_profiling(true); + pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s. Memory allocation profiling is disabled!\n", + mod->name); + break; + } + } +} + static void replace_module(struct module *mod, struct module *new_mod) { MA_STATE(mas, &mod_area_mt, 0, module_tags.size); @@ -757,6 +807,7 @@ static int __init alloc_tag_init(void) .needs_section_mem = needs_section_mem, .alloc_section_mem = reserve_module_tags, .free_section_mem = release_module_tags, + .module_load = load_module, .module_replaced = replace_module, #endif }; --- a/lib/codetag.c~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/lib/codetag.c @@ -194,7 +194,7 @@ static int codetag_module_init(struct co if (err >= 0) { cttype->count += range_size(cttype, &range); if (cttype->desc.module_load) - cttype->desc.module_load(cttype, cmod); + cttype->desc.module_load(mod, range.start, range.stop); } up_write(&cttype->mod_lock); @@ -333,7 +333,8 @@ void codetag_unload_module(struct module } if (found) { if (cttype->desc.module_unload) - cttype->desc.module_unload(cttype, cmod); + cttype->desc.module_unload(cmod->mod, + cmod->range.start, cmod->range.stop); cttype->count -= range_size(cttype, &cmod->range); idr_remove(&cttype->mod_idr, mod_id); _ Patches currently in -mm which might be from surenb(a)google.com are alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch

2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror