- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.240 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 2 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 156 +++++ Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 28 Documentation/devicetree/bindings/serial/8250.yaml | 2 Makefile | 2 arch/arm64/mm/mmu.c | 3 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/Makefile | 2 arch/s390/purgatory/Makefile | 2 arch/um/drivers/ubd_user.c | 2 arch/um/drivers/vector_kern.c | 42 - arch/um/include/asm/asm-prototypes.h | 5 arch/x86/Kconfig | 22 arch/x86/entry/entry.S | 8 arch/x86/include/asm/alternative.h | 26 arch/x86/include/asm/cpu.h | 13 arch/x86/include/asm/cpufeature.h | 5 arch/x86/include/asm/cpufeatures.h | 14 arch/x86/include/asm/disabled-features.h | 2 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/msr-index.h | 13 arch/x86/include/asm/mwait.h | 19 arch/x86/include/asm/nospec-branch.h | 50 + arch/x86/include/asm/required-features.h | 2 arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 308 +++++++++- arch/x86/kernel/cpu/amd.c | 58 + arch/x86/kernel/cpu/bugs.c | 272 ++++++++ arch/x86/kernel/cpu/common.c | 77 ++ arch/x86/kernel/cpu/mce/amd.c | 15 arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 arch/x86/kernel/cpu/scattered.c | 1 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/kprobes/core.c | 39 - arch/x86/kernel/module.c | 14 arch/x86/kernel/process.c | 15 arch/x86/kernel/static_call.c | 2 arch/x86/kernel/vmlinux.lds.S | 8 arch/x86/kvm/cpuid.c | 31 - arch/x86/kvm/cpuid.h | 1 arch/x86/kvm/svm/vmenter.S | 3 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/net/bpf_jit_comp.c | 8 arch/x86/um/asm/checksum.h | 3 drivers/acpi/acpi_pad.c | 7 drivers/acpi/acpica/dsmethod.c | 7 drivers/acpi/battery.c | 19 drivers/ata/pata_cs5536.c | 2 drivers/atm/idt77252.c | 5 drivers/base/cpu.c | 15 drivers/dma-buf/dma-resv.c | 2 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 drivers/gpu/drm/bridge/cdns-dsi.c | 27 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/tegra/dc.c | 17 drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/udl/udl_drv.c | 2 drivers/gpu/drm/v3d/v3d_drv.h | 7 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 38 - drivers/hid/hid-ids.h | 5 drivers/hid/hid-quirks.c | 3 drivers/hid/wacom_sys.c | 6 drivers/hv/channel_mgmt.c | 117 ++- drivers/hv/hyperv_vmbus.h | 19 drivers/hv/vmbus_drv.c | 2 drivers/hwmon/pmbus/max34440.c | 48 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/core/iwcm.c | 38 - drivers/infiniband/core/iwcm.h | 2 drivers/infiniband/hw/mlx5/counters.c | 2 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 33 + drivers/input/joystick/xpad.c | 5 drivers/input/keyboard/atkbd.c | 3 drivers/leds/led-class-multicolor.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/bcache/super.c | 7 drivers/md/dm-raid.c | 2 drivers/md/md-bitmap.c | 2 drivers/md/raid1.c | 1 drivers/media/platform/omap3isp/ispccdc.c | 8 drivers/media/platform/omap3isp/ispstat.c | 6 drivers/media/usb/uvc/uvc_ctrl.c | 61 + drivers/mfd/max14577.c | 1 drivers/misc/vmw_vmci/vmci_host.c | 9 drivers/mmc/host/mtk-sd.c | 39 - drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 drivers/net/can/m_can/m_can.c | 2 drivers/net/can/m_can/tcan4x5x.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 78 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 141 +++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 20 drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/sun/niu.c | 31 - drivers/net/ethernet/sun/niu.h | 4 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 2 drivers/net/phy/smsc.c | 28 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/pci-hyperv.c | 17 drivers/pinctrl/qcom/pinctrl-msm.c | 20 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/pwm/pwm-mediatek.c | 15 drivers/regulator/gpio-regulator.c | 4 drivers/rtc/lib_test.c | 2 drivers/rtc/rtc-cmos.c | 10 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/ufs/ufs-sysfs.c | 4 drivers/spi/spi-fsl-dspi.c | 11 drivers/staging/rtl8723bs/core/rtw_security.c | 46 - drivers/target/target_core_pr.c | 4 drivers/tty/vt/vt.c | 1 drivers/uio/uio_hv_generic.c | 18 drivers/usb/class/cdc-wdm.c | 23 drivers/usb/common/usb-conn-gpio.c | 25 drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 14 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/gadget/function/u_serial.c | 6 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/typec/altmodes/displayport.c | 5 drivers/usb/typec/tcpm/tcpci_maxim.c | 20 drivers/vhost/scsi.c | 7 fs/btrfs/inode.c | 36 - fs/btrfs/tree-log.c | 4 fs/btrfs/volumes.c | 6 fs/ceph/file.c | 2 fs/cifs/misc.c | 8 fs/f2fs/super.c | 30 fs/jfs/jfs_dmap.c | 41 - fs/namespace.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 121 ++- fs/nfs/inode.c | 17 fs/nfs/nfs4proc.c | 12 fs/nfs/pnfs.c | 4 fs/overlayfs/util.c | 4 fs/proc/array.c | 6 fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 include/drm/spsc_queue.h | 4 include/linux/cpu.h | 3 include/linux/hyperv.h | 2 include/linux/ipv6.h | 1 include/linux/module.h | 5 include/linux/usb/typec_dp.h | 1 include/uapi/linux/vm_sockets.h | 30 kernel/events/core.c | 2 kernel/rcu/tree.c | 4 kernel/rseq.c | 60 + lib/test_objagg.c | 4 net/appletalk/ddp.c | 1 net/atm/clip.c | 75 +- net/atm/resources.c | 3 net/bluetooth/l2cap_core.c | 9 net/ipv6/ip6_output.c | 9 net/mac80211/rx.c | 4 net/mac80211/util.c | 2 net/netlink/af_netlink.c | 82 +- net/rose/rose_route.c | 15 net/rxrpc/call_accept.c | 3 net/sched/sch_api.c | 42 - net/sched/sch_sfq.c | 10 net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 78 ++ net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 4 sound/pci/hda/hda_bind.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/fsl/fsl_asrc.c | 3 sound/usb/stream.c | 2 tools/lib/bpf/btf_dump.c | 3 202 files changed, 2709 insertions(+), 793 deletions(-) Al Viro (2): attach_recursive_mnt(): do not lock the covering tree when sliding something under it fix proc_sys_compare() handling of in-lookup dentries Alexandre Belloni (1): rtc: lib_test: add MODULE_LICENSE Alexandru Ardelean (1): uio: uio_hv_generic: use devm_kzalloc() for private data alloc Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Fix support for max34451 Alok Tiwari (2): enic: fix incorrect MTU comparison in enic_change_mtu() net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Andra Paraschiv (4): vm_sockets: Add flags field in the vsock address data structure vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag af_vsock: Set VMADDR_FLAG_TO_HOST flag on the receive path af_vsock: Assign the vsock transport considering the vsock address flags Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Aradhya Bhatia (4): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Badhri Jagan Sridharan (1): usb: typec: tcpci_maxim: Fix uninitialized return variable Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: x86: add support for CPUID leaf 0x80000021 KVM: SVM: Advertise TSA CPUID bits to guests x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Brett A C Sheffield (Librecast) (1): Revert "ipv6: save dontfrag in cork" Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chance Yang (1): usb: common: usb-conn-gpio: use a unique name for usb connector device Chao Yu (1): f2fs: don't over-report free space or inodes in statvfs Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Howells (1): rxrpc: Fix oops due to non-existence of prealloc backlog struct David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Dongli Zhang (1): vhost-scsi: protect vq->log_used with vq->mutex Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Eric Dumazet (2): net_sched: sch_sfq: reject invalid perturb period atm: clip: prevent NULL deref in clip_push() Filipe Manana (3): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak George Kennedy (1): VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Greg Kroah-Hartman (1): Linux 5.10.240 Gustavo A. R. Silva (1): net: rose: Fix fall-through warnings for Clang Haiyang Zhang (1): Drivers: hv: vmbus: Fix duplicate CPU assignments within a device Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heinz Mauelshagen (1): dm-raid: fix variable in journal device check Ioana Ciornei (2): dpaa2-eth: rename dpaa2_eth_xdp_release_buf into dpaa2_eth_recycle_buf net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jakub Kicinski (1): netlink: make sure we allow at least one dump skb James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jay Cornwall (1): drm/amdkfd: Fix race in GWS queue scheduling Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Junlin Yang (2): usb: typec: tcpci_maxim: remove redundant assignment usb: typec: tcpci_maxim: add terminating newlines to logging Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): mfd: max14577: Fix wakeup source leaks on device unbind Kuen-Han Tsai (1): usb: gadget: u_serial: Fix race condition in TTY wakeup Kuniyuki Iwashima (8): atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Linggang Zeng (1): bcache: fix NULL pointer in cache_set_flush() Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Long Li (1): uio_hv_generic: Align ring size to system page Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (2): media: omap3isp: use sgtable-based scatterlist wrappers drm/exynos: fimd: Guard display clock control with runtime PM calls Mark Harmstone (1): btrfs: update superblock's device bytes_used when dropping chunk Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Matt Reynolds (1): Input: xpad - add support for Amazon Game Controller Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Jeanson (1): rseq: Fix segfault on registration when rseq_cs is non-zero Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Nathan Chancellor (2): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Nicolas Pitre (1): vt: add missing notification when switching back to text mode Niklas Cassel (1): PCI: cadence-ep: Correct PBA offset in .set_msix() callback Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleg Nesterov (1): fs/proc: do_task_stat: use __for_each_thread() Oleksij Rempel (3): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Olga Kornievskaia (1): NFSv4.2: fix listxattr to return selinux security label Oliver Neukum (1): Logitech C-270 even more broken Pali Rohár (1): cifs: Fix cifs_query_path_info() for Windows NT servers Patrisious Haddad (2): RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peng Fan (1): mailbox: Not protect module_put with spin_lock_irqsave Peter Zijlstra (5): perf: Revert to requiring CAP_SYS_ADMIN for uprobes x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak Qiu-ji Chen (1): drm/tegra: Fix a possible null pointer dereference RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Radu Bulie (2): dpaa2-eth: Update dpni_get_single_step_cfg command dpaa2-eth: Update SINGLE_STEP register access Rafael J. Wysocki (2): ACPICA: Refuse to evaluate a method if arguments are missing Revert "ACPI: battery: negate current when discharging" Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Rollback non processed entities on error Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Sami Tolvanen (1): um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Saurabh Sengar (2): Drivers: hv: vmbus: Add utility function for querying ring size uio_hv_generic: Query the ringbuffer size for device Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shravya KN (1): bnxt_en: Fix DCB ETS validation Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Sven Schwermer (1): leds: multicolor: Fix intensity setting while SW blinking Takashi Iwai (1): ALSA: sb: Force to disable DMAs once when DMA mode is changed Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (5): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() nui: Fix dma_mapping_error() check ethernet: atl1: Add missing DMA mapping error checks and count errors atm: idt77252: Add missing `dma_map_error()` Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Thomas Zimmermann (1): drm/udl: Unregister device before cleaning up on disconnect Tigran Mkrtchyan (1): flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Tiwei Bie (2): um: ubd: Add missing error check in start_io_thread() um: vector: Reduce stack usage in vector_eth_configure() Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Vicki Pfau (1): Input: xpad - add VID for Turtle Beach controllers Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vijendar Mukunda (1): ALSA: hda: Add new pci id for AMD GPU display HD audio controller Vitaly Kuznetsov (1): Drivers: hv: Rename 'alloced' to 'allocated' Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Weihang Li (1): RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Wolfram Sang (2): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yao Zi (1): dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Yazen Ghannam (2): x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (1): md/md-bitmap: fix dm-raid max_write_behind setting Yuan Chen (1): libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yue Hu (1): mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months

1
1
0 0

Linux 5.4.296

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.296 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-driver-ufs | 2 Makefile | 2 arch/arm64/mm/mmu.c | 3 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/Makefile | 2 arch/s390/purgatory/Makefile | 2 arch/um/drivers/ubd_user.c | 2 arch/x86/Kconfig | 2 arch/x86/kernel/cpu/mce/amd.c | 15 - arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 drivers/acpi/acpi_pad.c | 7 drivers/acpi/acpica/dsmethod.c | 7 drivers/acpi/battery.c | 19 - drivers/ata/pata_cs5536.c | 2 drivers/atm/idt77252.c | 5 drivers/dma-buf/dma-resv.c | 5 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/gpu/drm/bridge/cdns-dsi.c | 11 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_ringbuffer.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/tegra/dc.c | 12 drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/v3d/v3d_drv.h | 9 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 36 +- drivers/hid/hid-ids.h | 5 drivers/hid/hid-quirks.c | 3 drivers/hid/wacom_sys.c | 6 drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/core/device.c | 1 drivers/infiniband/core/iwcm.c | 38 +- drivers/infiniband/core/iwcm.h | 2 drivers/infiniband/core/uverbs_std_types_counters.c | 17 - drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 55 ++- drivers/input/joystick/xpad.c | 5 drivers/input/keyboard/atkbd.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/dm-raid.c | 2 drivers/md/md-bitmap.c | 2 drivers/md/raid1.c | 1 drivers/media/platform/omap3isp/ispccdc.c | 8 drivers/media/platform/omap3isp/ispstat.c | 6 drivers/media/platform/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 36 +- drivers/media/usb/uvc/uvc_ctrl.c | 61 +++- drivers/mfd/max14577.c | 1 drivers/misc/vmw_vmci/vmci_host.c | 9 drivers/mmc/host/mtk-sd.c | 39 +- drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++-- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/sun/niu.c | 31 ++ drivers/net/ethernet/sun/niu.h | 4 drivers/net/phy/microchip.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pinctrl/qcom/pinctrl-msm.c | 20 + drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/pwm/pwm-mediatek.c | 15 - drivers/regulator/gpio-regulator.c | 19 + drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/ufs/ufs-sysfs.c | 4 drivers/spi/spi-fsl-dspi.c | 55 ++- drivers/staging/rtl8723bs/core/rtw_security.c | 46 --- drivers/tty/serial/uartlite.c | 15 - drivers/tty/vt/vt.c | 1 drivers/usb/class/cdc-wdm.c | 23 - drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 14 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/gadget/function/u_serial.c | 6 drivers/usb/typec/altmodes/displayport.c | 5 fs/btrfs/inode.c | 36 +- fs/btrfs/ioctl.c | 3 fs/btrfs/tree-log.c | 4 fs/ceph/file.c | 2 fs/cifs/misc.c | 8 fs/jfs/jfs_dmap.c | 41 -- fs/namespace.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 144 +++++++-- fs/nfs/inode.c | 17 - fs/overlayfs/util.c | 4 fs/proc/inode.c | 16 - fs/proc/proc_sysctl.c | 18 - include/drm/spsc_queue.h | 4 include/linux/of.h | 291 +++++++++----------- include/linux/regulator/gpio-regulator.h | 2 include/linux/usb/typec_dp.h | 1 include/rdma/ib_verbs.h | 7 include/uapi/linux/vm_sockets.h | 4 init/Kconfig | 4 lib/test_objagg.c | 4 net/appletalk/ddp.c | 1 net/atm/clip.c | 64 +++- net/atm/resources.c | 3 net/bluetooth/l2cap_core.c | 9 net/bpfilter/Makefile | 5 net/ipv6/route.c | 3 net/mac80211/rx.c | 4 net/mac80211/util.c | 2 net/netlink/af_netlink.c | 82 +++-- net/rose/rose_route.c | 15 - net/rxrpc/call_accept.c | 3 net/sched/sch_api.c | 42 +- net/tipc/topsrv.c | 2 net/vmw_vsock/vmci_transport.c | 4 scripts/Kbuild.include | 2 scripts/Makefile.host | 4 scripts/Makefile.lib | 8 sound/isa/sb/sb16_main.c | 4 sound/pci/hda/hda_bind.c | 2 sound/soc/meson/meson-card-utils.c | 2 sound/usb/stream.c | 2 usr/include/Makefile | 6 132 files changed, 1178 insertions(+), 680 deletions(-) Al Viro (2): attach_recursive_mnt(): do not lock the covering tree when sliding something under it fix proc_sys_compare() handling of in-lookup dentries Alok Tiwari (1): enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Aradhya Bhatia (3): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config Arnd Bergmann (1): kbuild: hdrcheck: fix cross build with clang Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Dan Carpenter (2): lib: test_objagg: Set error message in check_expect_hints_stats() drm/i915/selftests: Change mock_request() to return error pointers Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Howells (1): rxrpc: Fix oops due to non-existence of prealloc backlog struct David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Denis Arefev (1): media: vivid: Change the siize of the composing Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Edward Adam Davis (1): media: cxusb: no longer judge rbuf when the write fails Eric W. Biederman (1): proc: Clear the pieces of proc_inode that proc_evict_inode cares about Filipe Manana (3): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Georg Kohmann (1): net: ipv6: Discard next-hop MTU less than minimum link MTU George Kennedy (1): VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Greg Kroah-Hartman (1): Linux 5.4.296 Gustavo A. R. Silva (1): net: rose: Fix fall-through warnings for Clang Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heinz Mauelshagen (1): dm-raid: fix variable in journal device check JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jakub Lewalski (1): tty: serial: uartlite: register uart driver in init James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jerome Neanne (1): regulator: gpio: Add input_supply support in gpio_regulator_config Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): mfd: max14577: Fix wakeup source leaks on device unbind Kuen-Han Tsai (1): usb: gadget: u_serial: Fix race condition in TTY wakeup Kuniyuki Iwashima (8): atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Leon Romanovsky (1): RDMA/core: Create and destroy counters in the ib_core Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (2): media: omap3isp: use sgtable-based scatterlist wrappers drm/exynos: fimd: Guard display clock control with runtime PM calls Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Masahiro Yamada (3): kbuild: use -MMD instead of -MD to exclude system headers from dependency bpfilter: match bit size of bpfilter_umh to that of the kernel kbuild: add --target to correctly cross-compile UAPI headers with Clang Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Matt Reynolds (1): Input: xpad - add support for Amazon Game Controller Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Walle (1): of: property: define of_property_read_u{8,16,32,64}_array() unconditionally Nathan Chancellor (2): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (1): net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oliver Neukum (1): Logitech C-270 even more broken Omar Sandoval (1): btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Pali Rohár (1): cifs: Fix cifs_query_path_info() for Windows NT servers Patrisious Haddad (2): RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Peng Fan (1): mailbox: Not protect module_put with spin_lock_irqsave Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (2): ACPICA: Refuse to evaluate a method if arguments are missing Revert "ACPI: battery: negate current when discharging" Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Rollback non processed entities on error Rob Herring (1): of: Add of_property_present() helper Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Sean Young (1): media: cxusb: use dev_dbg() rather than hand-rolled debug Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shravya KN (1): bnxt_en: Fix DCB ETS validation Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Takashi Iwai (1): ALSA: sb: Force to disable DMAs once when DMA mode is changed Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (4): scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() nui: Fix dma_mapping_error() check ethernet: atl1: Add missing DMA mapping error checks and count errors atm: idt77252: Add missing `dma_map_error()` Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Tigran Mkrtchyan (1): flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Tiwei Bie (1): um: ubd: Add missing error check in start_io_thread() Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Vicki Pfau (1): Input: xpad - add VID for Turtle Beach controllers Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vladimir Oltean (2): spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Weihang Li (1): RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Wolfram Sang (2): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yazen Ghannam (2): x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (1): md/md-bitmap: fix dm-raid max_write_behind setting Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yue Hu (1): mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY

2 months

1
1
0 0

[PATCH vulns] CVE-2022-49501: Fix affected versions

by He Zhe

As mentioned in the commit log of the fix, it is commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") that causes this CVE. Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- cve/published/2022/CVE-2022-49501.vulnerable | 1 + 1 file changed, 1 insertion(+) create mode 100644 cve/published/2022/CVE-2022-49501.vulnerable diff --git a/cve/published/2022/CVE-2022-49501.vulnerable b/cve/published/2022/CVE-2022-49501.vulnerable new file mode 100644 index 000000000..138b53caf --- /dev/null +++ b/cve/published/2022/CVE-2022-49501.vulnerable @@ -0,0 +1 @@ +2c9d6c2b871d5841ce26ede3e81fd37e2e33c42c -- 2.34.1

2 months

2
1
0 0

[PATCH v2] iommu/amd: Fix geometry.aperture_end for V2 tables

by Jason Gunthorpe

The AMD IOMMU documentation seems pretty clear that the V2 table follows the normal CPU expectation of sign extension. This is shown in Figure 25: AMD64 Long Mode 4-Kbyte Page Address Translation Where bits Sign-Extend [63:57] == [56]. This is typical for x86 which would have three regions in the page table: lower, non-canonical, upper. The manual describes that the V1 table does not sign extend in section 2.2.4 Sharing AMD64 Processor and IOMMU Page Tables GPA-to-SPA Further, Vasant has checked this and indicates the HW has an addtional behavior that the manual does not yet describe. The AMDv2 table does not have the sign extended behavior when attached to PASID 0, which may explain why this has gone unnoticed. The iommu domain geometry does not directly support sign extended page tables. The driver should report only one of the lower/upper spaces. Solve this by removing the top VA bit from the geometry to use only the lower space. This will also make the iommu_domain work consistently on all PASID 0 and PASID != 1. Adjust dma_max_address() to remove the top VA bit. It now returns: 5 Level: Before 0x1ffffffffffffff After 0x0ffffffffffffff 4 Level: Before 0xffffffffffff After 0x7fffffffffff Fixes: 11c439a19466 ("iommu/amd/pgtbl_v2: Fix domain max address") Link: https://lore.kernel.org/all/8858d4d6-d360-4ef0-935c-bfd13ea54f42@amd.com/ Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> --- drivers/iommu/amd/iommu.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) v2: - Revise the commit message and comment with the new information from Vasant. v1: https://patch.msgid.link/r/0-v1-6925ece6b623+296-amdv2_geo_jgg@nvidia.com diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 3117d99cf83d0d..1baa9d3583f369 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -2526,8 +2526,21 @@ static inline u64 dma_max_address(enum protection_domain_mode pgtable) if (pgtable == PD_MODE_V1) return ~0ULL; - /* V2 with 4/5 level page table */ - return ((1ULL << PM_LEVEL_SHIFT(amd_iommu_gpt_level)) - 1); + /* + * V2 with 4/5 level page table. Note that "2.2.6.5 AMD64 4-Kbyte Page + * Translation" shows that the V2 table sign extends the top of the + * address space creating a reserved region in the middle of the + * translation, just like the CPU does. Further Vasant says the docs are + * incomplete and this only applies to non-zero PASIDs. If the AMDv2 + * page table is assigned to the 0 PASID then there is no sign extension + * check. + * + * Since the IOMMU must have a fixed geometry, and the core code does + * not understand sign extended addressing, we have to chop off the high + * bit to get consistent behavior with attachments of the domain to any + * PASID. + */ + return ((1ULL << (PM_LEVEL_SHIFT(amd_iommu_gpt_level) - 1)) - 1); } static bool amd_iommu_hd_support(struct amd_iommu *iommu) base-commit: eb328711b15b17987021dbb674f446b7b008dca5 -- 2.43.0

2 months

4
8
0 0

Backport 36569780b0d6 ("sched: Change nr_uninterruptible type to unsigned long") to linux-stable

by Aruna Ramakrishna

Hi maintainers, Please consider backporting this upstream commit: 36569780b0d6 ("sched: Change nr_uninterruptible type to unsigned long”) into all stable branches newer than (and including) linux-5.14.y. This fixes an overflow bug introduced in commit: e6fe3f422be1 ("sched: Make multiple runqueue task counters 32-bit”) which was merged into 5.14. I forgot to tag the original patch for inclusion into stable - I apologize for the oversight. The patch should apply cleanly to all versions - let me know if you’d like me to send a separate patch for stable. Thanks very much, Aruna

2 months

1
0
0 0

[PATCH net] phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()

by Nathan Chancellor

A new warning in clang [1] points out a place in pep_sock_accept() where dst is uninitialized then passed as a const pointer to pep_find_pipe(): net/phonet/pep.c:829:37: error: variable 'dst' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 829 | newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle); | ^~~: Move the call to pn_skb_get_dst_sockaddr(), which initializes dst, to before the call to pep_find_pipe(), so that dst is consistently used initialized throughout the function. Cc: stable(a)vger.kernel.org Fixes: f7ae8d59f661 ("Phonet: allocate sock from accept syscall rather than soft IRQ") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2101 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- net/phonet/pep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/phonet/pep.c b/net/phonet/pep.c index 53a858478e22..62527e1ebb88 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -826,6 +826,7 @@ static struct sock *pep_sock_accept(struct sock *sk, } /* Check for duplicate pipe handle */ + pn_skb_get_dst_sockaddr(skb, &dst); newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle); if (unlikely(newsk)) { __sock_put(newsk); @@ -850,7 +851,6 @@ static struct sock *pep_sock_accept(struct sock *sk, newsk->sk_destruct = pipe_destruct; newpn = pep_sk(newsk); - pn_skb_get_dst_sockaddr(skb, &dst); pn_skb_get_src_sockaddr(skb, &src); newpn->pn_sk.sobject = pn_sockaddr_get_object(&dst); newpn->pn_sk.dobject = pn_sockaddr_get_object(&src); --- base-commit: 0e9418961f897be59b1fab6e31ae1b09a0bae902 change-id: 20250715-net-phonet-fix-uninit-const-pointer-64f0182b11e1 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months

2
1
0 0

[PATCH v9 1/4] serial: 8250: fix panic due to PSLVERR

by Yunhui Cui

When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FIFO via serial_out(p, UART_FCR, p->fcr). Execution proceeds to the serial_port_in(port, UART_RX). This satisfies the PSLVERR trigger condition. When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) == (lcr & ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter dw8250_force_idle(). Put serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port->lock to fix this issue. Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a [ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e ... [ 0.442416] console_on_rootfs+0x26/0x70 Fixes: c49436b657d0 ("serial: 8250_dw: Improve unwritable LCR workaround") Link: https://lore.kernel.org/all/84cydt5peu.fsf@jogness.linutronix.de/T/ Signed-off-by: Yunhui Cui <cuiyunhui(a)bytedance.com> Cc: stable(a)vger.kernel.org --- drivers/tty/serial/8250/8250_port.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 6d7b8c4667c9c..07fe818dffa34 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2376,9 +2376,10 @@ int serial8250_do_startup(struct uart_port *port) /* * Now, initialize the UART */ - serial_port_out(port, UART_LCR, UART_LCR_WLEN8); uart_port_lock_irqsave(port, &flags); + serial_port_out(port, UART_LCR, UART_LCR_WLEN8); + if (up->port.flags & UPF_FOURPORT) { if (!up->port.irq) up->port.mctrl |= TIOCM_OUT1; -- 2.39.5

2 months

4
3
0 0

[PATCH v2 1/3] bus: mhi: host: keep bhi buffer through suspend cycle

by Muhammad Usama Anjum

When there is memory pressure, at resume time dma_alloc_coherent() returns error which in turn fails the loading of firmware and hence the driver crashes: kernel: kworker/u33:5: page allocation failure: order:7, mode:0xc04(GFP_NOIO|GFP_DMA32), nodemask=(null),cpuset=/,mems_allowed=0 kernel: CPU: 1 UID: 0 PID: 7693 Comm: kworker/u33:5 Not tainted 6.11.11-valve17-1-neptune-611-g027868a0ac03 #1 3843143b92e9da0fa2d3d5f21f51beaed15c7d59 kernel: Hardware name: Valve Galileo/Galileo, BIOS F7G0112 08/01/2024 kernel: Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi] kernel: Call Trace: kernel: <TASK> kernel: dump_stack_lvl+0x4e/0x70 kernel: warn_alloc+0x164/0x190 kernel: ? srso_return_thunk+0x5/0x5f kernel: ? __alloc_pages_direct_compact+0xaf/0x360 kernel: __alloc_pages_slowpath.constprop.0+0xc75/0xd70 kernel: __alloc_pages_noprof+0x321/0x350 kernel: __dma_direct_alloc_pages.isra.0+0x14a/0x290 kernel: dma_direct_alloc+0x70/0x270 kernel: mhi_fw_load_handler+0x126/0x340 [mhi a96cb91daba500cc77f86bad60c1f332dc3babdf] kernel: mhi_pm_st_worker+0x5e8/0xac0 [mhi a96cb91daba500cc77f86bad60c1f332dc3babdf] kernel: ? srso_return_thunk+0x5/0x5f kernel: process_one_work+0x17e/0x330 kernel: worker_thread+0x2ce/0x3f0 kernel: ? __pfx_worker_thread+0x10/0x10 kernel: kthread+0xd2/0x100 kernel: ? __pfx_kthread+0x10/0x10 kernel: ret_from_fork+0x34/0x50 kernel: ? __pfx_kthread+0x10/0x10 kernel: ret_from_fork_asm+0x1a/0x30 kernel: </TASK> kernel: Mem-Info: kernel: active_anon:513809 inactive_anon:152 isolated_anon:0 active_file:359315 inactive_file:2487001 isolated_file:0 unevictable:637 dirty:19 writeback:0 slab_reclaimable:160391 slab_unreclaimable:39729 mapped:175836 shmem:51039 pagetables:4415 sec_pagetables:0 bounce:0 kernel_misc_reclaimable:0 free:125666 free_pcp:0 free_cma:0 In above example, if we sum all the consumed memory, it comes out to be 15.5GB and free memory is ~ 500MB from a total of 16GB RAM. Even though memory is present. But all of the dma memory has been exhausted or fragmented. Fix it by allocating it only once and then reuse the same allocated memory. As we'll allocate this memory only once, this memory will stay allocated. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 Fixes: cd457afb1667 ("bus: mhi: core: Add support for downloading firmware over BHIe") Cc: stable(a)vger.kernel.org Cc: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- Reported here: https://lore.kernel.org/all/ead32f5b-730a-4b81-b38f-93d822f990c6@collabora.… Still a lot of more fixes are required. Hence, I'm not adding closes tag. Changes since v1: - fix mhi_load_image_bhi() - Cc stable and fix tested on tag --- drivers/bus/mhi/host/boot.c | 25 +++++++++++++++---------- drivers/bus/mhi/host/init.c | 5 +++++ drivers/bus/mhi/host/internal.h | 2 ++ include/linux/mhi.h | 1 + 4 files changed, 23 insertions(+), 10 deletions(-) diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c index b3a85aa3c4768..9fc983bc12d49 100644 --- a/drivers/bus/mhi/host/boot.c +++ b/drivers/bus/mhi/host/boot.c @@ -302,8 +302,8 @@ static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl, return -EIO; } -static void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl, - struct image_info *image_info) +void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl, + struct image_info *image_info) { struct mhi_buf *mhi_buf = image_info->mhi_buf; @@ -455,18 +455,23 @@ static enum mhi_fw_load_type mhi_fw_load_type_get(const struct mhi_controller *m static int mhi_load_image_bhi(struct mhi_controller *mhi_cntrl, const u8 *fw_data, size_t size) { - struct image_info *image; + struct image_info **image = &mhi_cntrl->bhi_image; int ret; - ret = mhi_alloc_bhi_buffer(mhi_cntrl, &image, size); - if (ret) - return ret; + if (!(*image)) { + ret = mhi_alloc_bhi_buffer(mhi_cntrl, image, size); + if (ret) + return ret; - /* Load the firmware into BHI vec table */ - memcpy(image->mhi_buf->buf, fw_data, size); + /* Load the firmware into BHI vec table */ + memcpy((*image)->mhi_buf->buf, fw_data, size); + } - ret = mhi_fw_load_bhi(mhi_cntrl, &image->mhi_buf[image->entries - 1]); - mhi_free_bhi_buffer(mhi_cntrl, image); + ret = mhi_fw_load_bhi(mhi_cntrl, &(*image)->mhi_buf[(*image)->entries - 1]); + if (ret) { + mhi_free_bhi_buffer(mhi_cntrl, *image); + *image = NULL; + } return ret; } diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c index 6e06e4efec765..2e0f18c939e68 100644 --- a/drivers/bus/mhi/host/init.c +++ b/drivers/bus/mhi/host/init.c @@ -1228,6 +1228,11 @@ void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl) mhi_cntrl->rddm_image = NULL; } + if (mhi_cntrl->bhi_image) { + mhi_free_bhi_buffer(mhi_cntrl, mhi_cntrl->bhi_image); + mhi_cntrl->bhi_image = NULL; + } + mhi_deinit_dev_ctxt(mhi_cntrl); } EXPORT_SYMBOL_GPL(mhi_unprepare_after_power_down); diff --git a/drivers/bus/mhi/host/internal.h b/drivers/bus/mhi/host/internal.h index 1054e67bb450d..60b0699323375 100644 --- a/drivers/bus/mhi/host/internal.h +++ b/drivers/bus/mhi/host/internal.h @@ -324,6 +324,8 @@ int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, struct image_info **image_info, size_t alloc_size); void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl, struct image_info *image_info); +void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl, + struct image_info *image_info); /* Power management APIs */ enum mhi_pm_state __must_check mhi_tryset_pm_state( diff --git a/include/linux/mhi.h b/include/linux/mhi.h index 4c567907933a5..593012f779d97 100644 --- a/include/linux/mhi.h +++ b/include/linux/mhi.h @@ -391,6 +391,7 @@ struct mhi_controller { size_t reg_len; struct image_info *fbc_image; struct image_info *rddm_image; + struct image_info *bhi_image; struct mhi_chan *mhi_chan; struct list_head lpm_chans; int *irq; -- 2.39.5

2 months

3
4
0 0

[PATCH v2 0/1] nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails

by Rick Wertenbroek

Changes from v1 : - Updated comment for nvmet_pci_epf_queue_response() per Damien's suggestion. - Fixed typo in commit message. - Added 3 tags in commit message: Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Fixes: 0faa0fe6f90e ("nvmet: New NVMe PCI endpoint function target driver") Cc: stable(a)vger.kernel.org Best regards, Rick Rick Wertenbroek (1): nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails drivers/nvme/target/pci-epf.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) -- 2.25.1

2 months

4
4
0 0

[PATCH v2 1/1] arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default

by Aleksandrs Vinarskis

pm8010 is a camera specific PMIC, and may not be present on some devices. These may instead use a dedicated vreg for this purpose (Dell XPS 9345, Dell Inspiron..) or use USB webcam instead of a MIPI one alltogether (Lenovo Thinbook 16, Lenovo Yoga..). Disable pm8010 by default, let platforms that actually have one onboard enable it instead. Cc: <stable(a)vger.kernel.org> Fixes: 2559e61e7ef4 ("arm64: dts: qcom: x1e80100-pmics: Add the missing PMICs") Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> --- arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi b/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi index e3888bc143a0..621890ada153 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi @@ -475,6 +475,8 @@ pm8010: pmic@c { #address-cells = <1>; #size-cells = <0>; + status = "disabled"; + pm8010_temp_alarm: temp-alarm@2400 { compatible = "qcom,spmi-temp-alarm"; reg = <0x2400>; -- 2.48.1

2 months

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror