- Linux-stable-mirror - lists.linaro.org

[PATCH] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Spec 2.10 Section 38.4.1: For Tdx, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 has been removed here, and it appears that this will not affect other functionalities. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- include/linux/tpm_eventlog.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..05c0ae5 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -202,8 +202,7 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev event_type = event->event_type; /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || - event_header->event_type != NO_ACTION || + if (event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; goto out; -- 2.7.4

6 days, 13 hours

4
6
0 0

[PATCH 6.1 000/132] 6.1.143-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.143 release. There are 132 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 05 Jul 2025 14:39:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.143-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.143-rc1 Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Sibi Sankar <quic_sibis(a)quicinc.com> firmware: arm_scmi: Ensure that the message-id supports fastchannel Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add a common helper to check if a message is supported Pavel Begunkov <asml.silence(a)gmail.com> io_uring/kbuf: account ring io_buffer_list memory Jens Axboe <axboe(a)kernel.dk> nvme: always punt polled uring_cmd end_io work to task_work Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c Sergio González Collado <sergio.collado(a)gmail.com> Kunit to check the longest symbol length Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy() Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: fix one of the W=1 warnings about fortified memcpy() Chen Ni <nichen(a)iscas.ac.cn> fbdev: hyperv_fb: Convert comma to semicolon Gustavo A. R. Silva <gustavoars(a)kernel.org> fs: omfs: Use flexible-array member in struct omfs_extent Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unsafe_memcpy use in session setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Use unsafe_memcpy() for ntlm_negotiate Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't call skb_get() for OOB skb. Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: remove unneeded forward declarations Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() Janne Grunau <j(a)jannau.net> PCI: apple: Set only available ports up Zhang Zekun <zhangzekun11(a)huawei.com> PCI: apple: Use helper function for_each_child_of_node_scoped() Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Long Li <longli(a)microsoft.com> Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails Kameron Carr <kameroncarr(a)linux.microsoft.com> Drivers: hv: Change hv_free_hyperv_page() to take void * argument Long Li <longli(a)microsoft.com> Drivers: hv: move panic report code from vmbus to hv early init code Michael Kelley <mikelley(a)microsoft.com> Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages Guilherme G. Piccoli <gpiccoli(a)igalia.com> drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Cleanup after an allocation error Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Reset slot data pointers when freed Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Support to assign slot for encoder/decoder Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Add a timeout mechanism for each frame Jason Wang <wangborong(a)cdjrlc.com> media: imx-jpeg: Remove unnecessary memset() after dma_alloc_coherent() Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Lukas Wunner <lukas(a)wunner.de> Revert "iommu/amd: Prevent binding other PCI drivers to IOMMU PCI devices" FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 3 +- arch/s390/kernel/entry.S | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 ++++- arch/x86/tools/insn_decoder_test.c | 5 +- arch/x86/um/asm/checksum.h | 3 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/firmware/arm_scmi/driver.c | 44 ++ drivers/firmware/arm_scmi/protocols.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 32 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 ++-- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/hid/hid-lenovo.c | 11 +- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 15 +- drivers/hv/connection.c | 134 ++--- drivers/hv/hv.c | 36 -- drivers/hv/hv_common.c | 231 ++++++++ drivers/hv/hyperv_vmbus.h | 7 +- drivers/hv/vmbus_drv.c | 206 +------ drivers/hwmon/pmbus/max34440.c | 48 +- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 2 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/iommu/amd/init.c | 3 - drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h | 1 - drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 216 ++++--- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.h | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 +- drivers/mfd/max14577.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 26 +- drivers/net/ethernet/broadcom/bnxt/bnxt_hsi.h | 644 +++------------------ drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/nvme/host/ioctl.c | 15 +- drivers/pci/controller/pcie-apple.c | 7 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +- drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/uartlite.c | 25 +- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/video/console/dummycon.c | 24 +- drivers/video/console/mdacon.c | 21 +- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +- drivers/video/console/vgacon.c | 34 +- drivers/video/fbdev/core/fbcon.c | 40 +- drivers/video/fbdev/core/fbmem.c | 18 +- drivers/video/fbdev/hyperv_fb.c | 8 + fs/btrfs/disk-io.c | 3 +- fs/btrfs/inode.c | 83 ++- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +- fs/namespace.c | 8 +- fs/nfs/inode.c | 2 + fs/nfs/nfs4proc.c | 17 +- fs/omfs/file.c | 12 +- fs/omfs/omfs_fs.h | 2 +- fs/overlayfs/util.c | 4 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/misc.c | 8 + fs/smb/client/sess.c | 1 + fs/smb/server/smb2pdu.c | 62 +- include/asm-generic/mshyperv.h | 2 +- include/linux/console.h | 13 +- include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/uapi/linux/vm_sockets.h | 4 + io_uring/kbuf.c | 2 +- lib/Kconfig.debug | 9 + lib/Makefile | 2 + lib/longest_symbol_kunit.c | 82 +++ net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/util.c | 2 +- net/unix/af_unix.c | 58 +- net/unix/garbage.c | 24 +- rust/macros/module.rs | 1 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/wcd9335.c | 62 +- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 124 files changed, 1597 insertions(+), 1489 deletions(-)

6 days, 18 hours

12
144
0 0

Re: [PATCH] mod_devicetable: Enlarge the maximum platform_device_id name length

by Vitaly Chikunov

Andy, Kees, On Wed, Apr 16, 2025 at 09:45:52AM +0300, Andy Shevchenko wrote: > On Tue, Apr 15, 2025 at 04:14:24PM -0700, Kees Cook wrote: > > The 20 byte length of struct platform_device_id::name is not long enough > > for many devices (especially regulators), where the string initialization > > is getting truncated and missing the trailing NUL byte. This is seen > > with GCC 15's -Wunterminated-string-initialization option: > > > > drivers/regulator/hi6421v530-regulator.c:189:19: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (21 chars into 20 available) [-Wunterminated-string-initialization] > > 189 | { .name = "hi6421v530-regulator" }, > > | ^~~~~~~~~~~~~~~~~~~~~~ > > drivers/regulator/hi6421v600-regulator.c:278:19: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (21 chars into 20 available) [-Wunterminated-string-initialization] > > 278 | { .name = "hi6421v600-regulator" }, > > | ^~~~~~~~~~~~~~~~~~~~~~ > > drivers/regulator/lp87565-regulator.c:233:11: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (21 chars into 20 available) [-Wunterminated-string-initialization] > > 233 | { "lp87565-q1-regulator", }, > > | ^~~~~~~~~~~~~~~~~~~~~~ > > sound/soc/fsl/imx-pcm-rpmsg.c:818:19: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (21 chars into 20 available) [-Wunterminated-string-initialization] > > 818 | { .name = "rpmsg-micfil-channel" }, > > | ^~~~~~~~~~~~~~~~~~~~~~ > > drivers/iio/light/hid-sensor-als.c:457:25: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (21 chars into 20 available) [-Wunterminated-string-initialization] > > 457 | .name = "HID-SENSOR-LISS-0041", > > | ^~~~~~~~~~~~~~~~~~~~~~ > > drivers/iio/light/hid-sensor-prox.c:366:25: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (21 chars into 20 available) [-Wunterminated-string-initialization] > > 366 | .name = "HID-SENSOR-LISS-0226", > > | ^~~~~~~~~~~~~~~~~~~~~~ > > > > Increase the length to 24, slightly more than is currently being used by > > the affected drivers. The string is used in '%s' format strings and via > > the module code, which appears to do its own length encoding. This size > > was chosen because there was already a 4 byte hole in the structure: > > > > struct platform_device_id { > > char name[20]; /* 0 20 */ > > > > /* XXX 4 bytes hole, try to pack */ > > > > kernel_ulong_t driver_data; /* 24 8 */ > > > > /* size: 32, cachelines: 1, members: 2 */ > > /* sum members: 28, holes: 1, sum holes: 4 */ > > /* last cacheline: 32 bytes */ > > }; > > Since there is no even potential ABI breakage, I'm fine with the change. > Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> This definitely breaks ABI on 32-bit architectures such as i586, because there is no gap from alignment. Perhaps, this also make the commit not suitable for backporting to stable branches? I recently stumbled on build failure on v5.10.239 for i586: make: Entering directory '/usr/src/kernel-source-5.10' DEPMOD 5.10.239 depmod: FATAL: Module index: bad character '�'=0x80 - only 7-bit ASCII is supported: platform:jsl_rt5682_max98360ax� make: *** [Makefile:1786: modules_install] Error 1 make: Leaving directory '/usr/src/kernel-source-5.10' With this patch not applied "jsl_rt5682_max98360a" have terminating '\0' truncated due to PLATFORM_NAME_SIZE being same as the string length and concatenated with the following binary data: { .name = "jsl_rt5682_max98360a", .driver_data = (kernel_ulong_t)(SOF_RT5682_MCLK_EN | SOF_RT5682_MCLK_24MHZ | SOF_RT5682_SSP_CODEC(0) | SOF_SPEAKER_AMP_PRESENT | SOF_MAX98360A_SPEAKER_AMP_PRESENT | SOF_RT5682_SSP_AMP(1)), }, modpost then interprets it as an asciiz string concatenating with `driver_data` resulting in bad characters. static int do_platform_entry(const char *filename, void *symval, char *alias) { DEF_FIELD_ADDR(symval, platform_device_id, name); sprintf(alias, PLATFORM_MODULE_PREFIX "%s", *name); return 1; } creating in an incorrect alias, and this somehow breaks depmod in kmod 34.2 (maybe earlier). Old kmod 30 successfully adds incorrect alias: $ modinfo snd-soc-sof_rt5682.ko | grep jsl_rt5682_max98360a alias: platform:jsl_rt5682_max98360a alias: platform:jsl_rt5682_max98360ax� and modules.alias:alias platform:jsl_rt5682_max98360ax� snd_soc_sof_rt5682 Perhaps, scripts/mod/file2alias.c should be updated with: - sprintf(alias, PLATFORM_MODULE_PREFIX "%s", *name); + sprintf(alias, PLATFORM_MODULE_PREFIX "%.*s", PLATFORM_NAME_SIZE, *name); (Or even producing an error if more serious truncation occurs.) Thanks, > > -- > With Best Regards, > Andy Shevchenko > >

6 days, 20 hours

1
0
0 0

+ mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Date: Fri, 4 Jul 2025 19:30:53 +0900 Commit 48b4800a1c6a ("zsmalloc: page migration support") added support for migrating zsmalloc pages using the movable_operations migration framework. However, the commit did not take into account that zsmalloc supports migration only when CONFIG_COMPACTION is enabled. Tracing shows that zsmalloc was still passing the __GFP_MOVABLE flag even when compaction is not supported. This can result in unmovable pages being allocated from movable page blocks (even without stealing page blocks), ZONE_MOVABLE and CMA area. Possible user visible effects: - Some ZONE_MOVABLE memory can be not actually movable - CMA allocation can fail because of this - Increased memory fragmentation due to ignoring the page mobility grouping feature I'm not really sure who uses kernels without compaction support, though :( To fix this, clear the __GFP_MOVABLE flag when !IS_ENABLED(CONFIG_COMPACTION). Link: https://lkml.kernel.org/r/20250704103053.6913-1-harry.yoo@oracle.com Fixes: 48b4800a1c6a ("zsmalloc: page migration support") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zsmalloc.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/zsmalloc.c~mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n +++ a/mm/zsmalloc.c @@ -1043,6 +1043,9 @@ static struct zspage *alloc_zspage(struc if (!zspage) return NULL; + if (!IS_ENABLED(CONFIG_COMPACTION)) + gfp &= ~__GFP_MOVABLE; + zspage->magic = ZSPAGE_MAGIC; zspage->pool = pool; zspage->class = class->index; _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch

6 days, 23 hours

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hang has been added to the -mm mm-unstable branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hang Date: Sat, 5 Jul 2025 02:17:40 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap-in", v4. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio), !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (24 samples each): Before: 11.02, stddev: 0.06 After patch 1: 10.74, stddev: 0.03 After patch 2: 10.72, stddev: 0.01 After patch 3: 10.73, stddev: 0.04 After patch 4: 10.72, stddev: 0.02 After patch 5: 10.74, stddev: 0.01 After patch 6: 10.13, stddev: 0.09 After patch 7: 9.95, stddev: 0.02 After patch 8: 9.88, stddev: 0.04 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 test runs): Before: system time avg: 3911.80s After: system time avg: 3863.76s This patch (of 9): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seem the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250704181748.63181-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250704181748.63181-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-tidy-up-thp-swapin-checks.patch mm-shmem-swap-tidy-up-swap-entry-splitting.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch mm-shmem-swap-never-use-swap-cache-and-readahead-for-swp_synchronous_io.patch mm-shmem-swap-simplify-swapin-path-and-result-handling.patch mm-shmem-swap-simplify-swap-entry-and-index-calculation-of-large-swapin.patch mm-shmem-swap-fix-major-fault-counting.patch

1 week

1
0
0 0

[PATCH v4 1/9] mm/shmem, swap: improve cached mTHP handling and fix potential hung

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index 334b7b4a61a0..e3c9a1365ff4 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struct folio *folio, pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struct folio *folio, gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } -- 2.50.0

1 week

1
0
0 0

[PATCH] usb: typec: fusb302: cache PD RX state

by Sebastian Reichel

This patch fixes a race condition communication error, which ends up in PD hard resets when losing the race. Some systems, like the Radxa ROCK 5B are powered through USB-C without any backup power source and use a FUSB302 chip to do the PD negotiation. This means it is quite important to avoid hard resets, since that effectively kills the system's power-supply. I've found the following race condition while debugging unplanned power loss during booting the board every now and then: 1. lots of TCPM/FUSB302/PD initialization stuff 2. TCPM ends up in SNK_WAIT_CAPABILITIES (tcpm_set_pd_rx is enabled here) 3. the remote PD source does not send anything, so TCPM does a SOFT RESET 4. TCPM ends up in SNK_WAIT_CAPABILITIES for the second time (tcpm_set_pd_rx is enabled again, even though it is still on) At this point I've seen broken CRC good messages being send by the FUSB302 with a logic analyzer sniffing the CC lines. Also it looks like messages are being lost and things generally going haywire with one of the two sides doing a hard reset once a broken CRC good message was send to the bus. I think the system is running into a race condition, that the FIFOs are being cleared and/or the automatic good CRC message generation flag is being updated while a message is already arriving. Let's avoid this by caching the PD RX enabled state, as we have already processed anything in the FIFOs and are in a good state. As a side effect that this also optimizes I2C bus usage :) As far as I can tell the problem theoretically also exists when TCPM enters SNK_WAIT_CAPABILITIES the first time, but I believe this is less critical for the following reason: On devices like the ROCK 5B, which are powered through a TCPM backed USB-C port, the bootloader must have done some prior PD communication (initial communication must happen within 5 seconds after plugging the USB-C plug). This means the first time the kernel TCPM state machine reaches SNK_WAIT_CAPABILITIES, the remote side is not sending messages actively. On other devices a hard reset simply adds some extra delay and things should be good afterwards. Fixes: c034a43e72dda ("staging: typec: Fairchild FUSB302 Type-c chip driver") Cc: stable(a)vger.kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> --- drivers/usb/typec/tcpm/fusb302.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/typec/tcpm/fusb302.c b/drivers/usb/typec/tcpm/fusb302.c index f15c63d3a8f441569ec98302f5b241430d8e4547..870a71f953f6cd8dfc618caea56f72782e40ee1c 100644 --- a/drivers/usb/typec/tcpm/fusb302.c +++ b/drivers/usb/typec/tcpm/fusb302.c @@ -104,6 +104,7 @@ struct fusb302_chip { bool vconn_on; bool vbus_on; bool charge_on; + bool pd_rx_on; bool vbus_present; enum typec_cc_polarity cc_polarity; enum typec_cc_status cc1; @@ -841,6 +842,11 @@ static int tcpm_set_pd_rx(struct tcpc_dev *dev, bool on) int ret = 0; mutex_lock(&chip->lock); + if (chip->pd_rx_on == on) { + fusb302_log(chip, "pd is already %s", str_on_off(on)); + goto done; + } + ret = fusb302_pd_rx_flush(chip); if (ret < 0) { fusb302_log(chip, "cannot flush pd rx buffer, ret=%d", ret); @@ -863,6 +869,8 @@ static int tcpm_set_pd_rx(struct tcpc_dev *dev, bool on) str_on_off(on), ret); goto done; } + + chip->pd_rx_on = on; fusb302_log(chip, "pd := %s", str_on_off(on)); done: mutex_unlock(&chip->lock); --- base-commit: c435a4f487e8c6a3b23dafbda87d971d4fd14e0b change-id: 20250704-fusb302-race-condition-fix-9cc9de73f05d Best regards, -- Sebastian Reichel <sre(a)kernel.org>

1 week

1
0
0 0

[PATCH] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented

by Mark Brown

We have a number of hwcaps for various SME subfeatures enumerated via ID_AA64SMFR0_EL1. Currently we advertise these without cross checking against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which means that if the two are out of sync userspace can see a confusing situation where SME subfeatures are advertised without the base SME hwcap. This can be readily triggered by using the arm64.nosme override which only masks out ID_AA64PFR1_EL1.SME, and there have also been reports of VMMs which do the same thing. Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the SME subfeature hwcaps when FEAT_SME is not present. Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support") Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kernel/cpufeature.c | 57 ++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b34044e20128..e151585c6cca 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3135,6 +3135,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) } #endif +#ifdef CONFIG_ARM64_SME +static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sme() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3223,31 +3230,31 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC), #ifdef CONFIG_ARM64_SME HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), - HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), - HWCAP_CAP(ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), - HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), - HWCAP_CAP(ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), - HWCAP_CAP(ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), - HWCAP_CAP(ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p2, CAP_HWCAP, KERNEL_HWCAP_SME2P2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SBitPerm, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SBITPERM), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, AES, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_AES), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SFEXPA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SFEXPA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, STMOP, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_STMOP), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMOP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SMOP4), #endif /* CONFIG_ARM64_SME */ HWCAP_CAP(ID_AA64FPFR0_EL1, F8CVT, IMP, CAP_HWCAP, KERNEL_HWCAP_F8CVT), HWCAP_CAP(ID_AA64FPFR0_EL1, F8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_F8FMA), --- base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e change-id: 20250618-arm64-sme-filter-hwcaps-b763242f5625 Best regards, -- Mark Brown <broonie(a)kernel.org>

1 week

2
1
0 0

100% Direct Investment Loan

by Capital Reliance Investment Corporation

1 week

1
0
0 0

patch "iio: dac: ad3530r: Fix incorrect masking for channels 4-7 in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad3530r: Fix incorrect masking for channels 4-7 in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 1131e70558bc70f1fc52515281de2663e961e1cc Mon Sep 17 00:00:00 2001 From: Kim Seer Paller <kimseer.paller(a)analog.com> Date: Thu, 26 Jun 2025 16:38:12 +0800 Subject: iio: dac: ad3530r: Fix incorrect masking for channels 4-7 in powerdown mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the current implementation of ad3530r_set_dac_powerdown() function, the macro AD3530R_OP_MODE_CHAN_MSK(chan->channel) is used to generate the bitmask for the operating mode of a specific channel. However, this macro does not account for channels 4-7, which map to the second register AD3530R_OUTPUT_OPERATING_MODE_1 for the 8 channeled device. As a result, the bitmask is incorrectly calculated for these channels, leading to improper configuration of the powerdown mode. Resolve this issue by adjusting the channel index for channels 4-7 by subtracting 4 before applying the macro. This ensures that the correct bitmask is generated for the second register. Fixes: 93583174a3df ("iio: dac: ad3530r: Add driver for AD3530R and AD3531R") Signed-off-by: Kim Seer Paller <kimseer.paller(a)analog.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250626-bug_fix-v1-1-eb3c2b370f10@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/ad3530r.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iio/dac/ad3530r.c b/drivers/iio/dac/ad3530r.c index f9752a571aa5..6134613777b8 100644 --- a/drivers/iio/dac/ad3530r.c +++ b/drivers/iio/dac/ad3530r.c @@ -166,7 +166,9 @@ static ssize_t ad3530r_set_dac_powerdown(struct iio_dev *indio_dev, AD3530R_OUTPUT_OPERATING_MODE_0 : AD3530R_OUTPUT_OPERATING_MODE_1; pdmode = powerdown ? st->chan[chan->channel].powerdown_mode : 0; - mask = AD3530R_OP_MODE_CHAN_MSK(chan->channel); + mask = chan->channel < AD3531R_MAX_CHANNELS ? + AD3530R_OP_MODE_CHAN_MSK(chan->channel) : + AD3530R_OP_MODE_CHAN_MSK(chan->channel - 4); val = field_prep(mask, pdmode); ret = regmap_update_bits(st->regmap, reg, mask, val); -- 2.50.0

1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror