- Linux-stable-mirror - lists.linaro.org

[PATCH 04/14] iommu/ipmmu-vmsa: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 7b2d59611fef ("iommu/ipmmu-vmsa: Replace local utlb code with fwspec ids") Cc: stable(a)vger.kernel.org # 4.14 Cc: Magnus Damm <damm+renesas(a)opensource.se> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/ipmmu-vmsa.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/ipmmu-vmsa.c b/drivers/iommu/ipmmu-vmsa.c index ffa892f65714..02a2a55ffa0a 100644 --- a/drivers/iommu/ipmmu-vmsa.c +++ b/drivers/iommu/ipmmu-vmsa.c @@ -720,6 +720,8 @@ static int ipmmu_init_platform_device(struct device *dev, dev_iommu_priv_set(dev, platform_get_drvdata(ipmmu_pdev)); + put_device(&ipmmu_pdev->dev); + return 0; } -- 2.49.1

2 months, 1 week

1
0
0 0

[PATCH 03/14] iommu/exynos: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: aa759fd376fb ("iommu/exynos: Add callback for initializing devices from device tree") Cc: stable(a)vger.kernel.org # 4.2 Cc: Marek Szyprowski <m.szyprowski(a)samsung.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/exynos-iommu.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c index b6edd178fe25..ce9e935cb84c 100644 --- a/drivers/iommu/exynos-iommu.c +++ b/drivers/iommu/exynos-iommu.c @@ -1446,17 +1446,14 @@ static int exynos_iommu_of_xlate(struct device *dev, return -ENODEV; data = platform_get_drvdata(sysmmu); - if (!data) { - put_device(&sysmmu->dev); + put_device(&sysmmu->dev); + if (!data) return -ENODEV; - } if (!owner) { owner = kzalloc(sizeof(*owner), GFP_KERNEL); - if (!owner) { - put_device(&sysmmu->dev); + if (!owner) return -ENOMEM; - } INIT_LIST_HEAD(&owner->controllers); mutex_init(&owner->rpm_lock); -- 2.49.1

2 months, 1 week

1
0
0 0

[PATCH 02/14] iommu/qcom: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Note that commit e2eae09939a8 ("iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate()") fixed the leak in a couple of error paths, but the reference is still leaking on success and late failures. Fixes: 0ae349a0f33f ("iommu/qcom: Add qcom_iommu") Cc: stable(a)vger.kernel.org # 4.14: e2eae09939a8 Cc: Rob Clark <robin.clark(a)oss.qualcomm.com> Cc: Yu Kuai <yukuai3(a)huawei.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/arm/arm-smmu/qcom_iommu.c b/drivers/iommu/arm/arm-smmu/qcom_iommu.c index c5be95e56031..9c1166a3af6c 100644 --- a/drivers/iommu/arm/arm-smmu/qcom_iommu.c +++ b/drivers/iommu/arm/arm-smmu/qcom_iommu.c @@ -565,14 +565,14 @@ static int qcom_iommu_of_xlate(struct device *dev, qcom_iommu = platform_get_drvdata(iommu_pdev); + put_device(&iommu_pdev->dev); + /* make sure the asid specified in dt is valid, so we don't have * to sanity check this elsewhere: */ if (WARN_ON(asid > qcom_iommu->max_asid) || - WARN_ON(qcom_iommu->ctxs[asid] == NULL)) { - put_device(&iommu_pdev->dev); + WARN_ON(qcom_iommu->ctxs[asid] == NULL)) return -EINVAL; - } if (!dev_iommu_priv_get(dev)) { dev_iommu_priv_set(dev, qcom_iommu); @@ -581,10 +581,8 @@ static int qcom_iommu_of_xlate(struct device *dev, * multiple different iommu devices. Multiple context * banks are ok, but multiple devices are not: */ - if (WARN_ON(qcom_iommu != dev_iommu_priv_get(dev))) { - put_device(&iommu_pdev->dev); + if (WARN_ON(qcom_iommu != dev_iommu_priv_get(dev))) return -EINVAL; - } } return iommu_fwspec_add_ids(dev, &asid, 1); -- 2.49.1

2 months, 1 week

1
0
0 0

[PATCH 01/14] iommu/apple-dart: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 46d1fb072e76 ("iommu/dart: Add DART iommu driver") Cc: stable(a)vger.kernel.org # 5.15 Cc: Sven Peter <sven(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/apple-dart.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/apple-dart.c b/drivers/iommu/apple-dart.c index 190f28d76615..1aa7c10262a8 100644 --- a/drivers/iommu/apple-dart.c +++ b/drivers/iommu/apple-dart.c @@ -790,6 +790,8 @@ static int apple_dart_of_xlate(struct device *dev, struct apple_dart *cfg_dart; int i, sid; + put_device(&iommu_pdev->dev); + if (args->args_count != 1) return -EINVAL; sid = args->args[0]; -- 2.49.1

2 months, 1 week

1
0
0 0

[PATCH v2] cpufreq: Handle CPUFREQ_ETERNAL with a default transition latency

by Shawn Guo

From: Shawn Guo <shawnguo(a)kernel.org> A regression is seen with 6.6 -> 6.12 kernel upgrade on platforms where cpufreq-dt driver sets cpuinfo.transition_latency as CPUFREQ_ETERNAL (-1), due to that platform's DT doesn't provide the optional property 'clock-latency-ns'. The dbs sampling_rate was 10000 us on 6.6 and suddently becomes 6442450 us (4294967295 / 1000 * 1.5) on 6.12 for these platforms, because the default transition delay was dropped by the commits below. commit 37c6dccd6837 ("cpufreq: Remove LATENCY_MULTIPLIER") commit a755d0e2d41b ("cpufreq: Honour transition_latency over transition_delay_us") commit e13aa799c2a6 ("cpufreq: Change default transition delay to 2ms") It slows down dbs governor's reacting to CPU loading change dramatically. Also, as transition_delay_us is used by schedutil governor as rate_limit_us, it shows a negative impact on device idle power consumption, because the device gets slightly less time in the lowest OPP. Fix the regressions by defining a default transition latency for handling the case of CPUFREQ_ETERNAL. Cc: stable(a)vger.kernel.org Fixes: 37c6dccd6837 ("cpufreq: Remove LATENCY_MULTIPLIER") Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> --- Changes for v2: - Follow Rafael's suggestion to define a default transition latency for handling CPUFREQ_ETERNAL, and pave the way to get rid of CPUFREQ_ETERNAL completely later. v1: https://lkml.org/lkml/2025/9/10/294 drivers/cpufreq/cpufreq.c | 3 +++ include/linux/cpufreq.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c index fc7eace8b65b..c69d10f0e8ec 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -549,6 +549,9 @@ unsigned int cpufreq_policy_transition_delay_us(struct cpufreq_policy *policy) if (policy->transition_delay_us) return policy->transition_delay_us; + if (policy->cpuinfo.transition_latency == CPUFREQ_ETERNAL) + policy->cpuinfo.transition_latency = CPUFREQ_DEFAULT_TANSITION_LATENCY_NS; + latency = policy->cpuinfo.transition_latency / NSEC_PER_USEC; if (latency) /* Give a 50% breathing room between updates */ diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h index 95f3807c8c55..935e9a660039 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h @@ -36,6 +36,8 @@ /* Print length for names. Extra 1 space for accommodating '\n' in prints */ #define CPUFREQ_NAME_PLEN (CPUFREQ_NAME_LEN + 1) +#define CPUFREQ_DEFAULT_TANSITION_LATENCY_NS NSEC_PER_MSEC + struct cpufreq_governor; enum cpufreq_table_sorting { -- 2.43.0

2 months, 1 week

3
4
0 0

Linux 6.16.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.16.9 kernel. All users of the 6.16 kernel series must upgrade. The updated 6.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/serial/8250.yaml | 77 +++-- Documentation/netlink/specs/conntrack.yaml | 9 Documentation/netlink/specs/mptcp_pm.yaml | 4 Makefile | 2 arch/loongarch/Kconfig | 12 arch/loongarch/Makefile | 15 arch/loongarch/include/asm/acenv.h | 7 arch/loongarch/include/asm/kvm_mmu.h | 20 + arch/loongarch/kernel/env.c | 2 arch/loongarch/kernel/stacktrace.c | 3 arch/loongarch/kernel/vdso.c | 3 arch/loongarch/kvm/intc/eiointc.c | 87 +++-- arch/loongarch/kvm/intc/pch_pic.c | 21 - arch/loongarch/kvm/mmu.c | 8 arch/s390/include/asm/pci_insn.h | 10 arch/um/drivers/virtio_uml.c | 6 arch/um/os-Linux/file.c | 2 arch/x86/include/asm/sev.h | 38 +- arch/x86/kvm/svm/svm.c | 3 crypto/af_alg.c | 10 drivers/block/zram/zram_drv.c | 8 drivers/clk/sunxi-ng/ccu_mp.c | 2 drivers/crypto/ccp/sev-dev.c | 2 drivers/dpll/dpll_netlink.c | 4 drivers/gpio/gpiolib-acpi-core.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 16 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 24 - drivers/gpu/drm/amd/amdkfd/kfd_device.c | 36 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 39 ++ drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 2 drivers/gpu/drm/bridge/analogix/anx7625.c | 6 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 6 drivers/gpu/drm/xe/abi/guc_actions_abi.h | 5 drivers/gpu/drm/xe/abi/guc_klvs_abi.h | 40 ++ drivers/gpu/drm/xe/xe_exec_queue.c | 22 - drivers/gpu/drm/xe/xe_exec_queue_types.h | 8 drivers/gpu/drm/xe/xe_execlist.c | 25 + drivers/gpu/drm/xe/xe_execlist_types.h | 2 drivers/gpu/drm/xe/xe_gt.c | 3 drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 1 drivers/gpu/drm/xe/xe_guc.c | 62 +++- drivers/gpu/drm/xe/xe_guc.h | 1 drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 4 drivers/gpu/drm/xe/xe_guc_submit.c | 139 +++++++-- drivers/gpu/drm/xe/xe_guc_submit.h | 2 drivers/gpu/drm/xe/xe_tile_sysfs.c | 12 drivers/gpu/drm/xe/xe_uc.c | 4 drivers/gpu/drm/xe/xe_vm.c | 4 drivers/iommu/amd/amd_iommu_types.h | 1 drivers/iommu/amd/init.c | 9 drivers/iommu/amd/io_pgtable.c | 25 + drivers/iommu/intel/iommu.c | 7 drivers/iommu/s390-iommu.c | 29 + drivers/md/dm-raid.c | 6 drivers/md/dm-stripe.c | 10 drivers/mmc/host/mvsdio.c | 2 drivers/mmc/host/sdhci-pci-gli.c | 68 ++++ drivers/mmc/host/sdhci-uhs2.c | 3 drivers/mmc/host/sdhci.c | 34 +- drivers/net/bonding/bond_main.c | 2 drivers/net/ethernet/broadcom/cnic.c | 3 drivers/net/ethernet/cavium/liquidio/request_manager.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 2 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 drivers/net/ethernet/intel/ice/ice_txrx.c | 80 ++--- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_main.c | 12 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 22 - drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 16 + drivers/net/ethernet/marvell/octeon_ep/octep_pfvf_mbox.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 27 + drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 1 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h | 15 drivers/net/ethernet/mellanox/mlx5/core/port.c | 6 drivers/net/ethernet/natsemi/ns83820.c | 13 drivers/net/ethernet/qlogic/qed/qed_debug.c | 7 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 drivers/net/wireless/microchip/wilc1000/wlan_cfg.c | 37 +- drivers/net/wireless/microchip/wilc1000/wlan_cfg.h | 5 drivers/nvme/host/core.c | 18 - drivers/pcmcia/omap_cf.c | 8 drivers/platform/x86/asus-nb-wmi.c | 25 + drivers/platform/x86/asus-wmi.h | 3 drivers/power/supply/bq27xxx_battery.c | 4 fs/btrfs/delayed-inode.c | 3 fs/btrfs/inode.c | 11 fs/btrfs/tree-checker.c | 4 fs/btrfs/tree-log.c | 2 fs/btrfs/zoned.c | 2 fs/nilfs2/sysfs.c | 4 fs/nilfs2/sysfs.h | 8 fs/smb/client/cifsproto.h | 4 fs/smb/client/inode.c | 23 + fs/smb/client/misc.c | 38 +- fs/smb/client/smbdirect.c | 132 +++++--- fs/smb/client/smbdirect.h | 23 - fs/smb/common/smbdirect/smbdirect_socket.h | 29 + fs/smb/server/transport_rdma.c | 183 ++++++++---- include/crypto/if_alg.h | 10 include/linux/io_uring_types.h | 3 include/linux/mlx5/driver.h | 1 include/linux/swap.h | 10 include/net/dst_metadata.h | 11 include/net/sock.h | 5 include/sound/sdca.h | 1 include/uapi/linux/mptcp.h | 2 include/uapi/linux/mptcp_pm.h | 4 io_uring/io-wq.c | 6 io_uring/io_uring.c | 10 io_uring/io_uring.h | 4 io_uring/msg_ring.c | 24 - io_uring/notif.c | 2 io_uring/poll.c | 2 io_uring/timeout.c | 2 io_uring/uring_cmd.c | 2 kernel/cgroup/cgroup.c | 43 ++ kernel/sched/ext.c | 6 mm/gup.c | 52 ++- mm/mlock.c | 6 mm/swap.c | 50 +-- mm/vmscan.c | 2 net/ipv4/tcp.c | 5 net/ipv4/tcp_ao.c | 4 net/mac80211/driver-ops.h | 2 net/mac80211/main.c | 7 net/mptcp/options.c | 6 net/mptcp/pm_netlink.c | 7 net/mptcp/protocol.c | 16 + net/mptcp/subflow.c | 4 net/rds/ib_frmr.c | 20 - net/rfkill/rfkill-gpio.c | 4 net/rxrpc/rxgk.c | 18 - net/rxrpc/rxgk_app.c | 29 + net/rxrpc/rxgk_common.h | 14 net/tls/tls.h | 1 net/tls/tls_strp.c | 14 net/tls/tls_sw.c | 3 samples/damon/mtier.c | 25 - samples/damon/prcl.c | 31 +- samples/damon/wsse.c | 22 - sound/firewire/motu/motu-hwdep.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/acp/acp-i2s.c | 11 sound/soc/codecs/sma1307.c | 7 sound/soc/codecs/wm8940.c | 9 sound/soc/codecs/wm8974.c | 8 sound/soc/intel/catpt/pcm.c | 23 + sound/soc/qcom/qdsp6/audioreach.c | 1 sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 7 sound/soc/sdca/sdca_device.c | 20 + sound/soc/sdca/sdca_functions.c | 13 sound/soc/sdca/sdca_regmap.c | 2 sound/soc/sof/intel/hda-stream.c | 2 sound/usb/qcom/qc_audio_offload.c | 92 +++--- tools/arch/loongarch/include/asm/inst.h | 12 tools/objtool/arch/loongarch/decode.c | 33 +- tools/perf/util/maps.c | 9 tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 16 - tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 7 tools/testing/selftests/net/mptcp/userspace_pm.sh | 14 169 files changed, 1794 insertions(+), 821 deletions(-) Ajay.Kathat(a)microchip.com (1): wifi: wilc1000: avoid buffer overflow in WID string configuration Alex Deucher (2): drm/amdkfd: add proper handling for S0ix drm/amdgpu: suspend KFD and KGD user queues for S0ix Alex Elder (1): dt-bindings: serial: 8250: move a constraint Alexey Nepomnyashih (1): net: liquidio: fix overflow in octeon_init_instr_queue() Amadeusz Sławiński (1): ASoC: Intel: catpt: Expose correct bit depth to userspace Anderson Nascimento (1): net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR Andrea Righi (1): Revert "sched_ext: Skip per-CPU tasks in scx_bpf_reenqueue_local()" Antheas Kapenekakis (2): platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk Ben Chuang (3): mmc: sdhci: Move the code related to setting the clock from sdhci_set_ios_common() into sdhci_set_ios() mmc: sdhci-pci-gli: GL9767: Fix initializing the UHS-II interface during a power-on mmc: sdhci-uhs2: Fix calling incorrect sdhci_set_clock() function Bibo Mao (5): LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_ctrl_access() LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_regs_access() LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_sw_status_access() LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_pch_pic_regs_access() LoongArch: KVM: Fix VM migration failure with PTW enabled Borislav Petkov (AMD) (1): crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() Charles Keepax (4): ASoC: wm8940: Correct PLL rate rounding ASoC: wm8940: Correct typo in control name ASoC: wm8974: Correct PLL rate rounding ASoC: SDCA: Fix return value in sdca_regmap_mbq_size() Chen Ridong (1): cgroup: split cgroup_destroy_wq into 3 workqueues Chen-Yu Tsai (1): clk: sunxi-ng: mp: Fix dual-divider clock rate readback Christoph Hellwig (1): nvme: fix PI insert on write Colin Ian King (1): ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message Dan Carpenter (2): ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() Daniele Ceraolo Spurio (3): drm/xe: Fix error handling if PXP fails to start drm/xe/guc: Enable extended CAT error reporting drm/xe/guc: Set RCS/CCS yield policy David Howells (2): rxrpc: Fix unhandled errors in rxgk_verify_packet_integrity() rxrpc: Fix untrusted unsigned subtract Duoming Zhou (2): cnic: Fix use-after-free bugs in cnic_delete_task octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() Eric Dumazet (1): net: clear sk->sk_ino in sk_set_socket(sk, NULL) Eugene Koira (1): iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() Felix Fietkau (1): wifi: mt76: do not add non-sta wcid entries to the poll list Filipe Manana (1): btrfs: fix invalid extref key setup when replaying dentry Frank Li (1): dt-bindings: serial: 8250: allow clock 'uartclk' and 'reg' for nxp,lpc1850-uart Geert Uytterhoeven (1): pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch Geliang Tang (1): selftests: mptcp: sockopt: fix error messages Greg Kroah-Hartman (1): Linux 6.16.9 Guangshuo Li (1): LoongArch: vDSO: Check kcalloc() result in init_vdso() H. Nikolaus Schaller (2): power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery power: supply: bq27xxx: restrict no-battery detection to bq27000 Hangbin Liu (2): bonding: set random address only when slaves already exist bonding: don't set oif to bond dev when getting NS target destination Hans de Goede (1): net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Herbert Xu (2): crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg crypto: af_alg - Set merge to zero early in af_alg_sendmsg Honggyu Kim (1): samples/damon: change enable parameters to enabled Huacai Chen (1): LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled Hugh Dickins (5): mm/gup: check ref_count instead of lru before migration mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" mm/gup: local lru_add_drain() to avoid lru_add_drain_all() mm: revert "mm: vmscan.c: fix OOM on swap stress test" mm: folio_may_be_lru_cached() unless folio_test_large() Håkon Bugge (1): rds: ib: Increment i_fastreg_wrs before bailing out Ian Rogers (1): perf maps: Ensure kmap is set up for all inserts Ilya Maximets (1): net: dst_metadata: fix IP_DF bit not extracted from tunnel headers Ioana Ciornei (1): dpaa2-switch: fix buffer pool seeding for control traffic Ivan Lipski (1): drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put Ivan Vecera (1): dpll: fix clock quality level reporting Jacob Keller (1): ice: fix Rx page leak on multi-buffer frames Jakub Kicinski (1): tls: make sure to abort the stream if headers are bogus Jamie Bainbridge (1): qed: Don't collect too many protection override GRC elements Jedrzej Jagielski (2): ixgbe: initialize aci.lock before it's used ixgbe: destroy aci.lock later within ixgbe_remove path Jens Axboe (2): io_uring: include dying ring in task_work "should cancel" state io_uring/msg_ring: kill alloc_cache for io_kiocb allocations Jianbo Liu (1): net/mlx5e: Harden uplink netdev access against device unbind Johannes Thumshirn (1): btrfs: zoned: fix incorrect ASSERT in btrfs_zoned_reserve_data_reloc_bg() Kamal Heib (1): octeon_ep: Validate the VF ID Kohei Enju (1): igc: don't fail igc_probe() on LED setup error Krzysztof Kozlowski (1): ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed Kuniyuki Iwashima (1): tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Lachlan Hodges (1): wifi: mac80211: increase scan_ies_len for S1G Lama Kayal (1): net/mlx5e: Add a miss level for ipsec crypto offload Li Tian (1): net/mlx5: Not returning mlx5_link_info table when speed is unknown Li Zhe (1): gup: optimize longterm pin_user_pages() for large folio Liao Yuanhong (1): wifi: mac80211: fix incorrect type for ret Loic Poulain (1): drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ Maciej Fijalkowski (1): i40e: remove redundant memory barrier when cleaning Tx descs Maciej S. Szmigiero (1): KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Maciej Strozek (1): ASoC: SDCA: Add quirk for incorrect function types for 3 systems Mario Limonciello (1): drm/amd: Only restore cached manual clock settings in restore if OD enabled Matthew Rosato (1): iommu/s390: Fix memory corruption when using identity domain Matthieu Baerts (NGI0) (7): mptcp: set remote_deny_join_id0 on SYN recv selftests: mptcp: userspace pm: validate deny-join-id0 flag mptcp: tfo: record 'deny join id0' info mptcp: propagate shutdown to subflows when possible selftests: mptcp: connect: catch IO errors on listen side selftests: mptcp: avoid spurious errors on TCP disconnect mptcp: pm: nl: announce deny-join-id0 flag Max Kellermann (1): io_uring/io-wq: fix `max_workers` breakage and `nr_workers` underflow Miaoqian Lin (1): um: virtio_uml: Fix use-after-free after put_device in probe Michal Wajdeczko (1): drm/xe/pf: Drop rounddown_pow_of_two fair LMEM limitation Mikulas Patocka (2): dm-raid: don't set io_min and io_opt for raid1 dm-stripe: fix a possible integer overflow Mohammad Rafi Shaik (2): ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S Namjae Jeon (1): ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer Nathan Chancellor (1): nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Niklas Schnelle (1): iommu/s390: Make attach succeed when the device was surprise removed Paulo Alcantara (2): smb: client: fix filename matching of deferred files smb: client: fix file open check in __cifs_unlink() Praful Adiga (1): ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx Qi Xi (1): drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path Qu Wenruo (1): btrfs: tree-checker: fix the incorrect inode ref size check Remy D. Farley (1): doc/netlink: Fix typos in operation attributes Sathesh B Edara (1): octeon_ep: fix VF MAC address lifecycle handling SeongJae Park (3): samples/damon/prcl: fix boot time enable crash samples/damon/mtier: avoid starting DAMON before initialization samples/damon/prcl: avoid starting DAMON before initialization Sergey Senozhatsky (1): zram: fix slot write race condition Shuicheng Lin (1): drm/xe/tile: Release kobject for the failure path Stefan Metzmacher (10): smb: server: let smb_direct_writev() respect SMB_DIRECT_MAX_SEND_SGES ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size smb: smbdirect: introduce smbdirect_socket.recv_io.expected smb: client: make use of smbdirect_socket->recv_io.expected smb: smbdirect: introduce struct smbdirect_recv_io smb: client: make use of struct smbdirect_recv_io smb: client: let recv_done verify data_offset, data_length and remaining_data_length smb: client: use disable[_delayed]_work_sync in smbdirect.c smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path Sébastien Szymanski (1): gpiolib: acpi: initialize acpi_gpio_info struct Takashi Iwai (1): ALSA: usb: qcom: Fix false-positive address space check Takashi Sakamoto (1): ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Tao Cui (1): LoongArch: Check the return value when creating kobj Tariq Toukan (1): Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Thomas Fourier (1): mmc: mvsdio: Fix dma_unmap_sg() nents value Tiezhu Yang (6): LoongArch: Update help info of ARCH_STRICT_ALIGN objtool/LoongArch: Mark types based on break immediate code objtool/LoongArch: Mark special atomic instruction as INSN_BUG type LoongArch: Fix unreliable stack for live patching LoongArch: Make LTO case independent in Makefile LoongArch: Handle jump tables options for RUST Tiwei Bie (1): um: Fix FD copy size in os_rcv_fd_msg() Tom Lendacky (1): x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT Vasant Hegde (2): iommu/amd/pgtbl: Fix possible race while increase page table level iommu/amd: Fix alias device DTE setting Venkata Prasad Potturu (1): ASoC: amd: acp: Fix incorrect retrival of acp_chip_info Yang Xiuwei (1): io_uring: fix incorrect io_kiocb reference in io_link_skb Yeounsu Moon (1): net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure Yixun Lan (1): dt-bindings: serial: 8250: spacemit: set clocks property as required Zhen Ni (1): iommu/amd: Fix ivrs_base memleak in early_amd_iommu_init() austinchang (1): btrfs: initialize inode::file_extent_tree after i_mode has been set

2 months, 1 week

1
1
0 0

Linux 6.12.49

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.49 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/srso.rst | 13 Documentation/netlink/specs/mptcp_pm.yaml | 4 Makefile | 2 arch/loongarch/Kconfig | 8 arch/loongarch/include/asm/acenv.h | 7 arch/loongarch/kernel/env.c | 2 arch/loongarch/kernel/stacktrace.c | 3 arch/loongarch/kernel/vdso.c | 3 arch/um/drivers/virtio_uml.c | 6 arch/um/os-Linux/file.c | 2 arch/x86/events/intel/core.c | 2 arch/x86/include/asm/cpufeatures.h | 5 arch/x86/include/asm/msr-index.h | 1 arch/x86/kernel/cpu/bugs.c | 28 +- arch/x86/kvm/svm/svm.c | 68 ++++ arch/x86/kvm/svm/svm.h | 2 arch/x86/lib/msr.c | 2 crypto/af_alg.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 39 ++ drivers/gpu/drm/bridge/analogix/anx7625.c | 6 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 6 drivers/gpu/drm/xe/xe_tile_sysfs.c | 12 drivers/gpu/drm/xe/xe_vm.c | 4 drivers/iommu/amd/amd_iommu_types.h | 1 drivers/iommu/amd/io_pgtable.c | 25 + drivers/iommu/intel/iommu.c | 7 drivers/md/dm-raid.c | 6 drivers/md/dm-stripe.c | 10 drivers/mmc/host/mvsdio.c | 2 drivers/net/bonding/bond_main.c | 2 drivers/net/ethernet/broadcom/cnic.c | 3 drivers/net/ethernet/cavium/liquidio/request_manager.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 2 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 drivers/net/ethernet/intel/ice/ice.h | 3 drivers/net/ethernet/intel/ice/ice_base.c | 34 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 80 ++--- drivers/net/ethernet/intel/ice/ice_txrx.h | 4 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 7 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_main.c | 12 drivers/net/ethernet/marvell/octeon_ep/octep_pfvf_mbox.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 27 + drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h | 15 + drivers/net/ethernet/natsemi/ns83820.c | 13 drivers/net/ethernet/qlogic/qed/qed_debug.c | 7 drivers/net/vmxnet3/vmxnet3_drv.c | 10 drivers/net/wireless/microchip/wilc1000/wlan_cfg.c | 37 +- drivers/net/wireless/microchip/wilc1000/wlan_cfg.h | 5 drivers/nvme/host/core.c | 18 - drivers/pcmcia/omap_cf.c | 8 drivers/platform/x86/asus-nb-wmi.c | 25 + drivers/platform/x86/asus-wmi.h | 3 drivers/power/supply/bq27xxx_battery.c | 4 drivers/rtc/rtc-pcf2127.c | 10 drivers/usb/host/xhci-dbgcap.c | 94 ++++-- drivers/usb/host/xhci-debugfs.c | 5 drivers/usb/host/xhci-mem.c | 74 ++--- drivers/usb/host/xhci.c | 24 - drivers/usb/host/xhci.h | 9 fs/btrfs/tree-checker.c | 4 fs/btrfs/tree-log.c | 2 fs/nilfs2/sysfs.c | 4 fs/nilfs2/sysfs.h | 8 fs/smb/client/cifsproto.h | 4 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 38 +- fs/smb/client/smbdirect.c | 7 fs/smb/server/transport_rdma.c | 26 + include/crypto/if_alg.h | 10 include/linux/io_uring_types.h | 4 include/linux/minmax.h | 205 ++++++--------- include/linux/mlx5/driver.h | 1 include/linux/mm.h | 55 ++++ include/uapi/linux/mptcp.h | 2 include/uapi/linux/mptcp_pm.h | 4 io_uring/io_uring.c | 12 io_uring/io_uring.h | 13 io_uring/kbuf.h | 2 io_uring/msg_ring.c | 24 - io_uring/notif.c | 2 io_uring/poll.c | 3 io_uring/timeout.c | 2 io_uring/uring_cmd.c | 6 kernel/cgroup/cgroup.c | 43 ++- mm/gup.c | 41 ++- mm/migrate.c | 22 - mm/vmscan.c | 2 net/ipv4/tcp.c | 5 net/ipv4/tcp_ao.c | 4 net/mac80211/driver-ops.h | 2 net/mac80211/main.c | 7 net/mptcp/options.c | 6 net/mptcp/pm_netlink.c | 7 net/mptcp/protocol.c | 16 + net/mptcp/subflow.c | 4 net/rds/ib_frmr.c | 20 - net/rfkill/rfkill-gpio.c | 4 net/tls/tls.h | 1 net/tls/tls_strp.c | 14 - net/tls/tls_sw.c | 3 sound/firewire/motu/motu-hwdep.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wm8940.c | 9 sound/soc/codecs/wm8974.c | 8 sound/soc/intel/catpt/pcm.c | 23 + sound/soc/qcom/qdsp6/audioreach.c | 1 sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 7 sound/soc/sof/intel/hda-stream.c | 2 tools/arch/loongarch/include/asm/inst.h | 12 tools/objtool/arch/loongarch/decode.c | 33 ++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 16 - tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 7 tools/testing/selftests/net/mptcp/userspace_pm.sh | 14 - 118 files changed, 1062 insertions(+), 564 deletions(-) Ajay.Kathat(a)microchip.com (1): wifi: wilc1000: avoid buffer overflow in WID string configuration Alexey Nepomnyashih (1): net: liquidio: fix overflow in octeon_init_instr_queue() Amadeusz Sławiński (1): ASoC: Intel: catpt: Expose correct bit depth to userspace Anderson Nascimento (1): net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR Antheas Kapenekakis (2): platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk Borislav Petkov (1): x86/bugs: KVM: Add support for SRSO_MSR_FIX Borislav Petkov (AMD) (1): x86/bugs: Add SRSO_USER_KERNEL_NO support Bruno Thomsen (1): rtc: pcf2127: fix SPI command byte for PCF2131 backport Charles Keepax (3): ASoC: wm8940: Correct PLL rate rounding ASoC: wm8940: Correct typo in control name ASoC: wm8974: Correct PLL rate rounding Chen Ridong (1): cgroup: split cgroup_destroy_wq into 3 workqueues Christoph Hellwig (1): nvme: fix PI insert on write Colin Ian King (1): ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message Dan Carpenter (1): drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() David Laight (7): minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once Duoming Zhou (2): cnic: Fix use-after-free bugs in cnic_delete_task octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() Eugene Koira (1): iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() Filipe Manana (1): btrfs: fix invalid extref key setup when replaying dentry Geert Uytterhoeven (1): pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch Geliang Tang (1): selftests: mptcp: sockopt: fix error messages Greg Kroah-Hartman (1): Linux 6.12.49 Guangshuo Li (1): LoongArch: vDSO: Check kcalloc() result in init_vdso() H. Nikolaus Schaller (2): power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery power: supply: bq27xxx: restrict no-battery detection to bq27000 Hangbin Liu (2): bonding: set random address only when slaves already exist bonding: don't set oif to bond dev when getting NS target destination Hans de Goede (1): net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Herbert Xu (2): crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg crypto: af_alg - Set merge to zero early in af_alg_sendmsg Huacai Chen (1): LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled Hugh Dickins (2): mm: revert "mm: vmscan.c: fix OOM on swap stress test" mm/gup: check ref_count instead of lru before migration Håkon Bugge (1): rds: ib: Increment i_fastreg_wrs before bailing out Ioana Ciornei (1): dpaa2-switch: fix buffer pool seeding for control traffic Ivan Lipski (1): drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put Jacob Keller (2): ice: store max_frame and rx_buf_len only in ice_rx_ring ice: fix Rx page leak on multi-buffer frames Jakub Kicinski (1): tls: make sure to abort the stream if headers are bogus Jamie Bainbridge (1): qed: Don't collect too many protection override GRC elements Jens Axboe (4): io_uring: backport io_should_terminate_tw() io_uring: include dying ring in task_work "should cancel" state io_uring/msg_ring: kill alloc_cache for io_kiocb allocations io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check Jianbo Liu (1): net/mlx5e: Harden uplink netdev access against device unbind Kan Liang (1): perf/x86/intel: Fix crash in icl_update_topdown_event() Kohei Enju (1): igc: don't fail igc_probe() on LED setup error Krzysztof Kozlowski (1): ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed Kuniyuki Iwashima (1): tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Lachlan Hodges (1): wifi: mac80211: increase scan_ies_len for S1G Li Zhe (1): gup: optimize longterm pin_user_pages() for large folio Liao Yuanhong (1): wifi: mac80211: fix incorrect type for ret Loic Poulain (1): drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ Maciej Fijalkowski (1): i40e: remove redundant memory barrier when cleaning Tx descs Maciej S. Szmigiero (1): KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Mathias Nyman (2): xhci: dbc: decouple endpoint allocation from initialization xhci: dbc: Fix full DbC transfer ring after several reconnects Matthieu Baerts (NGI0) (7): mptcp: set remote_deny_join_id0 on SYN recv selftests: mptcp: userspace pm: validate deny-join-id0 flag mptcp: tfo: record 'deny join id0' info mptcp: propagate shutdown to subflows when possible selftests: mptcp: connect: catch IO errors on listen side selftests: mptcp: avoid spurious errors on TCP disconnect mptcp: pm: nl: announce deny-join-id0 flag Miaoqian Lin (1): um: virtio_uml: Fix use-after-free after put_device in probe Mikulas Patocka (2): dm-raid: don't set io_min and io_opt for raid1 dm-stripe: fix a possible integer overflow Mohammad Rafi Shaik (2): ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S Namjae Jeon (1): ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer Nathan Chancellor (1): nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Niklas Neronin (2): usb: xhci: introduce macro for ring segment list iteration usb: xhci: remove option to change a default ring's TRB cycle bit Paulo Alcantara (1): smb: client: fix filename matching of deferred files Pavel Begunkov (1): io_uring/cmd: let cmds to know about dying task Praful Adiga (1): ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx Qi Xi (1): drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path Qu Wenruo (1): btrfs: tree-checker: fix the incorrect inode ref size check Sankararaman Jayaraman (1): vmxnet3: unregister xdp rxq info in the reset path Sathesh B Edara (1): octeon_ep: fix VF MAC address lifecycle handling Sean Christopherson (1): KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions Shivank Garg (1): mm: add folio_expected_ref_count() for reference count calculation Shuicheng Lin (1): drm/xe/tile: Release kobject for the failure path Stefan Metzmacher (3): ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path Takashi Sakamoto (1): ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Tao Cui (1): LoongArch: Check the return value when creating kobj Tariq Toukan (1): Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Thomas Fourier (1): mmc: mvsdio: Fix dma_unmap_sg() nents value Tiezhu Yang (4): LoongArch: Update help info of ARCH_STRICT_ALIGN objtool/LoongArch: Mark types based on break immediate code objtool/LoongArch: Mark special atomic instruction as INSN_BUG type LoongArch: Fix unreliable stack for live patching Tiwei Bie (1): um: Fix FD copy size in os_rcv_fd_msg() Vasant Hegde (1): iommu/amd/pgtbl: Fix possible race while increase page table level Yang Xiuwei (1): io_uring: fix incorrect io_kiocb reference in io_link_skb Yeounsu Moon (1): net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure

2 months, 1 week

1
1
0 0

Linux 6.6.108

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.108 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/Kconfig | 8 + arch/loongarch/include/asm/acenv.h | 7 - arch/loongarch/kernel/env.c | 2 arch/um/drivers/virtio_uml.c | 6 - arch/x86/kvm/svm/svm.c | 3 arch/x86/mm/pgtable.c | 2 crypto/af_alg.c | 10 + drivers/block/loop.c | 38 +----- drivers/edac/sb_edac.c | 4 drivers/gpu/drm/bridge/analogix/anx7625.c | 6 - drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 6 - drivers/gpu/drm/drm_color_mgmt.c | 2 drivers/iommu/amd/amd_iommu_types.h | 1 drivers/iommu/amd/io_pgtable.c | 26 +++- drivers/iommu/intel/iommu.c | 7 + drivers/md/dm-integrity.c | 6 - drivers/mmc/host/mvsdio.c | 2 drivers/net/bonding/bond_main.c | 2 drivers/net/ethernet/broadcom/cnic.c | 3 drivers/net/ethernet/cavium/liquidio/request_manager.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 2 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 27 +++- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 85 +++++++++++++-- drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h | 15 ++ drivers/net/ethernet/natsemi/ns83820.c | 13 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 7 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/vmxnet3/vmxnet3_drv.c | 10 - drivers/net/wireless/microchip/wilc1000/wlan_cfg.c | 37 ++++-- drivers/net/wireless/microchip/wilc1000/wlan_cfg.h | 5 drivers/pcmcia/omap_cf.c | 8 + drivers/phy/broadcom/phy-bcm-ns-usb3.c | 9 - drivers/phy/marvell/phy-berlin-usb.c | 7 - drivers/phy/ralink/phy-ralink-usb.c | 10 - drivers/phy/rockchip/phy-rockchip-pcie.c | 11 - drivers/phy/rockchip/phy-rockchip-usb.c | 10 - drivers/phy/ti/phy-omap-control.c | 9 - drivers/phy/ti/phy-omap-usb2.c | 24 +++- drivers/phy/ti/phy-ti-pipe3.c | 14 -- drivers/power/supply/bq27xxx_battery.c | 4 drivers/rtc/rtc-pcf2127.c | 10 - drivers/usb/host/xhci-dbgcap.c | 94 ++++++++++++----- fs/btrfs/tree-checker.c | 4 fs/btrfs/tree-log.c | 2 fs/nilfs2/sysfs.c | 4 fs/nilfs2/sysfs.h | 8 - fs/smb/client/smbdirect.c | 4 fs/smb/server/transport_rdma.c | 26 +++- include/crypto/if_alg.h | 10 + include/linux/minmax.h | 26 +++- include/linux/mlx5/driver.h | 1 include/linux/pageblock-flags.h | 2 include/uapi/linux/mptcp.h | 6 - io_uring/io_uring.c | 7 - io_uring/io_uring.h | 13 ++ io_uring/poll.c | 3 io_uring/timeout.c | 2 kernel/cgroup/cgroup.c | 43 ++++++- net/ipv4/proc.c | 2 net/ipv4/tcp.c | 5 net/ipv6/proc.c | 2 net/mac80211/driver-ops.h | 2 net/mac80211/main.c | 7 + net/mptcp/options.c | 6 - net/mptcp/pm_netlink.c | 7 + net/mptcp/protocol.c | 16 ++ net/mptcp/subflow.c | 4 net/rds/ib_frmr.c | 20 ++- net/rfkill/rfkill-gpio.c | 4 net/tls/tls.h | 1 net/tls/tls_strp.c | 14 +- net/tls/tls_sw.c | 3 sound/firewire/motu/motu-hwdep.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wm8940.c | 9 + sound/soc/codecs/wm8974.c | 8 + sound/soc/qcom/qdsp6/audioreach.c | 1 sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 7 - sound/soc/sof/intel/hda-stream.c | 2 tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 + tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 16 +- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 7 + tools/testing/selftests/net/mptcp/userspace_pm.sh | 14 +- 87 files changed, 599 insertions(+), 298 deletions(-) Ajay.Kathat(a)microchip.com (1): wifi: wilc1000: avoid buffer overflow in WID string configuration Alexey Nepomnyashih (1): net: liquidio: fix overflow in octeon_init_instr_queue() Bruno Thomsen (1): rtc: pcf2127: fix SPI command byte for PCF2131 backport Charles Keepax (3): ASoC: wm8940: Correct PLL rate rounding ASoC: wm8940: Correct typo in control name ASoC: wm8974: Correct PLL rate rounding Chen Ridong (1): cgroup: split cgroup_destroy_wq into 3 workqueues Colin Ian King (1): ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message Duoming Zhou (2): cnic: Fix use-after-free bugs in cnic_delete_task octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() Eric Hagberg (1): Revert "loop: Avoid updating block size under exclusive owner" Eugene Koira (1): iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() Filipe Manana (1): btrfs: fix invalid extref key setup when replaying dentry Geert Uytterhoeven (1): pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch Geliang Tang (1): selftests: mptcp: sockopt: fix error messages Greg Kroah-Hartman (1): Linux 6.6.108 H. Nikolaus Schaller (2): power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery power: supply: bq27xxx: restrict no-battery detection to bq27000 Hangbin Liu (2): bonding: set random address only when slaves already exist bonding: don't set oif to bond dev when getting NS target destination Hans de Goede (1): net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Herbert Xu (2): crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg crypto: af_alg - Set merge to zero early in af_alg_sendmsg Huacai Chen (1): LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled Håkon Bugge (1): rds: ib: Increment i_fastreg_wrs before bailing out Ioana Ciornei (1): dpaa2-switch: fix buffer pool seeding for control traffic Jakub Kicinski (1): tls: make sure to abort the stream if headers are bogus Jamie Bainbridge (1): qed: Don't collect too many protection override GRC elements Jens Axboe (2): io_uring: backport io_should_terminate_tw() io_uring: include dying ring in task_work "should cancel" state Jianbo Liu (2): net/mlx5e: Consider aggregated port speed during rate configuration net/mlx5e: Harden uplink netdev access against device unbind Johan Hovold (1): phy: ti: omap-usb2: fix device leak at unbind Krzysztof Kozlowski (1): ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed Kuniyuki Iwashima (1): tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Lachlan Hodges (1): wifi: mac80211: increase scan_ies_len for S1G Liao Yuanhong (1): wifi: mac80211: fix incorrect type for ret Linus Torvalds (3): minmax: avoid overly complicated constant expressions in VM code minmax: simplify and clarify min_t()/max_t() implementation minmax: add a few more MIN_T/MAX_T users Loic Poulain (1): drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ Maciej Fijalkowski (1): i40e: remove redundant memory barrier when cleaning Tx descs Maciej S. Szmigiero (1): KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Mathias Nyman (2): xhci: dbc: decouple endpoint allocation from initialization xhci: dbc: Fix full DbC transfer ring after several reconnects Matthieu Baerts (NGI0) (7): mptcp: set remote_deny_join_id0 on SYN recv mptcp: tfo: record 'deny join id0' info selftests: mptcp: connect: catch IO errors on listen side selftests: mptcp: avoid spurious errors on TCP disconnect mptcp: pm: nl: announce deny-join-id0 flag selftests: mptcp: userspace pm: validate deny-join-id0 flag mptcp: propagate shutdown to subflows when possible Miaoqian Lin (1): um: virtio_uml: Fix use-after-free after put_device in probe Mohammad Rafi Shaik (2): ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S Namjae Jeon (1): ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer Nathan Chancellor (1): nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Praful Adiga (1): ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx Qi Xi (1): drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path Qu Wenruo (1): btrfs: tree-checker: fix the incorrect inode ref size check Rob Herring (1): phy: Use device_get_match_data() Sankararaman Jayaraman (1): vmxnet3: unregister xdp rxq info in the reset path Stefan Metzmacher (2): ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path Takashi Sakamoto (1): ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Tao Cui (1): LoongArch: Check the return value when creating kobj Tariq Toukan (1): Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Thomas Fourier (1): mmc: mvsdio: Fix dma_unmap_sg() nents value Tiezhu Yang (1): LoongArch: Update help info of ARCH_STRICT_ALIGN Vasant Hegde (1): iommu/amd/pgtbl: Fix possible race while increase page table level Yeounsu Moon (1): net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure

2 months, 1 week

1
1
0 0

Linux 6.1.154

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.154 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/include/asm/acenv.h | 7 - arch/loongarch/kernel/env.c | 2 arch/um/drivers/virtio_uml.c | 6 arch/x86/kvm/svm/svm.c | 3 crypto/af_alg.c | 112 ++++++----------- drivers/gpu/drm/bridge/analogix/anx7625.c | 6 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 6 drivers/iommu/intel/iommu.c | 7 - drivers/mmc/host/mvsdio.c | 2 drivers/net/bonding/bond_main.c | 1 drivers/net/ethernet/broadcom/cnic.c | 3 drivers/net/ethernet/cavium/liquidio/request_manager.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 2 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/natsemi/ns83820.c | 13 - drivers/net/ethernet/qlogic/qed/qed_debug.c | 7 - drivers/pcmcia/omap_cf.c | 8 + drivers/phy/broadcom/phy-bcm-ns-usb3.c | 9 - drivers/phy/marvell/phy-berlin-usb.c | 7 - drivers/phy/ralink/phy-ralink-usb.c | 10 - drivers/phy/rockchip/phy-rockchip-pcie.c | 11 - drivers/phy/rockchip/phy-rockchip-usb.c | 10 - drivers/phy/ti/phy-omap-control.c | 9 - drivers/phy/ti/phy-omap-usb2.c | 24 ++- drivers/phy/ti/phy-ti-pipe3.c | 14 -- drivers/power/supply/bq27xxx_battery.c | 4 drivers/usb/host/xhci-dbgcap.c | 94 ++++++++++---- fs/btrfs/tree-checker.c | 4 fs/btrfs/tree-log.c | 2 fs/nilfs2/sysfs.c | 4 fs/nilfs2/sysfs.h | 8 - fs/smb/client/smbdirect.c | 4 fs/smb/server/transport_rdma.c | 26 ++- include/crypto/if_alg.h | 10 - include/uapi/linux/mptcp.h | 6 io_uring/io_uring.c | 13 + io_uring/io_uring.h | 13 + io_uring/poll.c | 3 io_uring/timeout.c | 2 kernel/cgroup/cgroup.c | 43 +++++- net/ipv4/tcp.c | 5 net/mac80211/driver-ops.h | 2 net/mac80211/main.c | 7 - net/mptcp/pm_netlink.c | 7 + net/mptcp/protocol.c | 15 ++ net/mptcp/subflow.c | 4 net/rds/ib_frmr.c | 20 +-- net/rfkill/rfkill-gpio.c | 22 ++- net/tls/tls.h | 1 net/tls/tls_strp.c | 14 +- net/tls/tls_sw.c | 3 sound/firewire/motu/motu-hwdep.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wm8940.c | 2 sound/soc/codecs/wm8974.c | 8 - sound/soc/qcom/qdsp6/audioreach.c | 1 sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 38 +++-- sound/soc/sof/intel/hda-stream.c | 2 tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 - tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 7 + tools/testing/selftests/net/mptcp/userspace_pm.sh | 14 +- 64 files changed, 440 insertions(+), 272 deletions(-) Alexey Nepomnyashih (1): net: liquidio: fix overflow in octeon_init_instr_queue() Charles Keepax (2): ASoC: wm8940: Correct typo in control name ASoC: wm8974: Correct PLL rate rounding Chen Ridong (1): cgroup: split cgroup_destroy_wq into 3 workqueues Colin Ian King (1): ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message David Howells (2): crypto: af_alg: Indent the loop in af_alg_sendmsg() crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES Duoming Zhou (2): cnic: Fix use-after-free bugs in cnic_delete_task octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() Eugene Koira (1): iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() Filipe Manana (1): btrfs: fix invalid extref key setup when replaying dentry Geert Uytterhoeven (1): pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch Greg Kroah-Hartman (1): Linux 6.1.154 H. Nikolaus Schaller (2): power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery power: supply: bq27xxx: restrict no-battery detection to bq27000 Hangbin Liu (1): bonding: don't set oif to bond dev when getting NS target destination Hans de Goede (1): net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Herbert Xu (2): crypto: af_alg - Set merge to zero early in af_alg_sendmsg crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Huacai Chen (1): LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled Håkon Bugge (1): rds: ib: Increment i_fastreg_wrs before bailing out Ioana Ciornei (1): dpaa2-switch: fix buffer pool seeding for control traffic Jakub Kicinski (1): tls: make sure to abort the stream if headers are bogus Jamie Bainbridge (1): qed: Don't collect too many protection override GRC elements Jens Axboe (2): io_uring: backport io_should_terminate_tw() io_uring: include dying ring in task_work "should cancel" state Johan Hovold (1): phy: ti: omap-usb2: fix device leak at unbind Krzysztof Kozlowski (2): phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed Kuniyuki Iwashima (1): tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Lachlan Hodges (1): wifi: mac80211: increase scan_ies_len for S1G Liao Yuanhong (1): wifi: mac80211: fix incorrect type for ret Loic Poulain (1): drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ Maciej Fijalkowski (1): i40e: remove redundant memory barrier when cleaning Tx descs Maciej S. Szmigiero (1): KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Mathias Nyman (2): xhci: dbc: decouple endpoint allocation from initialization xhci: dbc: Fix full DbC transfer ring after several reconnects Matthieu Baerts (NGI0) (6): mptcp: set remote_deny_join_id0 on SYN recv selftests: mptcp: avoid spurious errors on TCP disconnect mptcp: pm: nl: announce deny-join-id0 flag selftests: mptcp: userspace pm: validate deny-join-id0 flag mptcp: propagate shutdown to subflows when possible selftests: mptcp: connect: catch IO errors on listen side Miaoqian Lin (1): um: virtio_uml: Fix use-after-free after put_device in probe Mohammad Rafi Shaik (2): ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S Namjae Jeon (1): ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer Nathan Chancellor (1): nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Philipp Zabel (1): net: rfkill: gpio: add DT support Praful Adiga (1): ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx Qi Xi (1): drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path Qu Wenruo (1): btrfs: tree-checker: fix the incorrect inode ref size check Rob Herring (1): phy: Use device_get_match_data() Srinivas Kandagatla (2): ASoC: qcom: q6apm-lpass-dai: close graphs before opening a new one ASoC: q6apm-lpass-dai: close graph on prepare errors Stefan Metzmacher (2): ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path Takashi Sakamoto (1): ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Tao Cui (1): LoongArch: Check the return value when creating kobj Tariq Toukan (1): Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Thomas Fourier (1): mmc: mvsdio: Fix dma_unmap_sg() nents value Yeounsu Moon (1): net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure

2 months, 1 week

1
1
0 0

[PATCH v2] fs/netfs: fix reference leak

by Max Kellermann

Commit 20d72b00ca81 ("netfs: Fix the request's work item to not require a ref") modified netfs_alloc_request() to initialize the reference counter to 2 instead of 1. The rationale was that the requet's "work" would release the second reference after completion (via netfs_{read,write}_collection_worker()). That works most of the time if all goes well. However, it leaks this additional reference if the request is released before the I/O operation has been submitted: the error code path only decrements the reference counter once and the work item will never be queued because there will never be a completion. This has caused outages of our whole server cluster today because tasks were blocked in netfs_wait_for_outstanding_io(), leading to deadlocks in Ceph (another bug that I will address soon in another patch). This was caused by a netfs_pgpriv2_begin_copy_to_cache() call which failed in fscache_begin_write_operation(). The leaked netfs_io_request was never completed, leaving `netfs_inode.io_count` with a positive value forever. All of this is super-fragile code. Finding out which code paths will lead to an eventual completion and which do not is hard to see: - Some functions like netfs_create_write_req() allocate a request, but will never submit any I/O. - netfs_unbuffered_read_iter_locked() calls netfs_unbuffered_read() and then netfs_put_request(); however, netfs_unbuffered_read() can also fail early before submitting the I/O request, therefore another netfs_put_request() call must be added there. A rule of thumb is that functions that return a `netfs_io_request` do not submit I/O, and all of their callers must be checked. For my taste, the whole netfs code needs an overhaul to make reference counting easier to understand and less fragile & obscure. But to fix this bug here and now and produce a patch that is adequate for a stable backport, I tried a minimal approach that quickly frees the request object upon early failure. I decided against adding a second netfs_put_request() each time because that would cause code duplication which obscures the code further. Instead, I added the function netfs_put_failed_request() which frees such a failed request synchronously under the assumption that the reference count is exactly 2 (as initially set by netfs_alloc_request() and never touched), verified by a WARN_ON_ONCE(). It then deinitializes the request object (without going through the "cleanup_work" indirection) and frees the allocation (with RCU protection to protect against concurrent access by netfs_requests_seq_start()). All code paths that fail early have been changed to call netfs_put_failed_request() instead of netfs_put_request(). Additionally, I have added a netfs_put_request() call to netfs_unbuffered_read() as explained above because the netfs_put_failed_request() approach does not work there. Fixes: 20d72b00ca81 ("netfs: Fix the request's work item to not require a ref") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- v1->v2: free the request with call_rcu() because a proc reader might be accessing it (suggested by David Howells) --- fs/netfs/buffered_read.c | 10 +++++----- fs/netfs/direct_read.c | 7 ++++++- fs/netfs/direct_write.c | 6 +++++- fs/netfs/internal.h | 1 + fs/netfs/objects.c | 28 +++++++++++++++++++++++++--- fs/netfs/read_pgpriv2.c | 2 +- fs/netfs/read_single.c | 2 +- fs/netfs/write_issue.c | 3 +-- 8 files changed, 45 insertions(+), 14 deletions(-) diff --git a/fs/netfs/buffered_read.c b/fs/netfs/buffered_read.c index 18b3dc74c70e..37ab6f28b5ad 100644 --- a/fs/netfs/buffered_read.c +++ b/fs/netfs/buffered_read.c @@ -369,7 +369,7 @@ void netfs_readahead(struct readahead_control *ractl) return netfs_put_request(rreq, netfs_rreq_trace_put_return); cleanup_free: - return netfs_put_request(rreq, netfs_rreq_trace_put_failed); + return netfs_put_failed_request(rreq); } EXPORT_SYMBOL(netfs_readahead); @@ -472,7 +472,7 @@ static int netfs_read_gaps(struct file *file, struct folio *folio) return ret < 0 ? ret : 0; discard: - netfs_put_request(rreq, netfs_rreq_trace_put_discard); + netfs_put_failed_request(rreq); alloc_error: folio_unlock(folio); return ret; @@ -532,7 +532,7 @@ int netfs_read_folio(struct file *file, struct folio *folio) return ret < 0 ? ret : 0; discard: - netfs_put_request(rreq, netfs_rreq_trace_put_discard); + netfs_put_failed_request(rreq); alloc_error: folio_unlock(folio); return ret; @@ -699,7 +699,7 @@ int netfs_write_begin(struct netfs_inode *ctx, return 0; error_put: - netfs_put_request(rreq, netfs_rreq_trace_put_failed); + netfs_put_failed_request(rreq); error: if (folio) { folio_unlock(folio); @@ -754,7 +754,7 @@ int netfs_prefetch_for_write(struct file *file, struct folio *folio, return ret < 0 ? ret : 0; error_put: - netfs_put_request(rreq, netfs_rreq_trace_put_discard); + netfs_put_failed_request(rreq); error: _leave(" = %d", ret); return ret; diff --git a/fs/netfs/direct_read.c b/fs/netfs/direct_read.c index a05e13472baf..a498ee8d6674 100644 --- a/fs/netfs/direct_read.c +++ b/fs/netfs/direct_read.c @@ -131,6 +131,7 @@ static ssize_t netfs_unbuffered_read(struct netfs_io_request *rreq, bool sync) if (rreq->len == 0) { pr_err("Zero-sized read [R=%x]\n", rreq->debug_id); + netfs_put_request(rreq, netfs_rreq_trace_put_discard); return -EIO; } @@ -205,7 +206,7 @@ ssize_t netfs_unbuffered_read_iter_locked(struct kiocb *iocb, struct iov_iter *i if (user_backed_iter(iter)) { ret = netfs_extract_user_iter(iter, rreq->len, &rreq->buffer.iter, 0); if (ret < 0) - goto out; + goto error_put; rreq->direct_bv = (struct bio_vec *)rreq->buffer.iter.bvec; rreq->direct_bv_count = ret; rreq->direct_bv_unpin = iov_iter_extract_will_pin(iter); @@ -238,6 +239,10 @@ ssize_t netfs_unbuffered_read_iter_locked(struct kiocb *iocb, struct iov_iter *i if (ret > 0) orig_count -= ret; return ret; + +error_put: + netfs_put_failed_request(rreq); + return ret; } EXPORT_SYMBOL(netfs_unbuffered_read_iter_locked); diff --git a/fs/netfs/direct_write.c b/fs/netfs/direct_write.c index a16660ab7f83..a9d1c3b2c084 100644 --- a/fs/netfs/direct_write.c +++ b/fs/netfs/direct_write.c @@ -57,7 +57,7 @@ ssize_t netfs_unbuffered_write_iter_locked(struct kiocb *iocb, struct iov_iter * n = netfs_extract_user_iter(iter, len, &wreq->buffer.iter, 0); if (n < 0) { ret = n; - goto out; + goto error_put; } wreq->direct_bv = (struct bio_vec *)wreq->buffer.iter.bvec; wreq->direct_bv_count = n; @@ -101,6 +101,10 @@ ssize_t netfs_unbuffered_write_iter_locked(struct kiocb *iocb, struct iov_iter * out: netfs_put_request(wreq, netfs_rreq_trace_put_return); return ret; + +error_put: + netfs_put_failed_request(wreq); + return ret; } EXPORT_SYMBOL(netfs_unbuffered_write_iter_locked); diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h index d4f16fefd965..4319611f5354 100644 --- a/fs/netfs/internal.h +++ b/fs/netfs/internal.h @@ -87,6 +87,7 @@ struct netfs_io_request *netfs_alloc_request(struct address_space *mapping, void netfs_get_request(struct netfs_io_request *rreq, enum netfs_rreq_ref_trace what); void netfs_clear_subrequests(struct netfs_io_request *rreq); void netfs_put_request(struct netfs_io_request *rreq, enum netfs_rreq_ref_trace what); +void netfs_put_failed_request(struct netfs_io_request *rreq); struct netfs_io_subrequest *netfs_alloc_subrequest(struct netfs_io_request *rreq); static inline void netfs_see_request(struct netfs_io_request *rreq, diff --git a/fs/netfs/objects.c b/fs/netfs/objects.c index e8c99738b5bb..39d5e13f7248 100644 --- a/fs/netfs/objects.c +++ b/fs/netfs/objects.c @@ -116,10 +116,8 @@ static void netfs_free_request_rcu(struct rcu_head *rcu) netfs_stat_d(&netfs_n_rh_rreq); } -static void netfs_free_request(struct work_struct *work) +static void netfs_deinit_request(struct netfs_io_request *rreq) { - struct netfs_io_request *rreq = - container_of(work, struct netfs_io_request, cleanup_work); struct netfs_inode *ictx = netfs_inode(rreq->inode); unsigned int i; @@ -149,6 +147,14 @@ static void netfs_free_request(struct work_struct *work) if (atomic_dec_and_test(&ictx->io_count)) wake_up_var(&ictx->io_count); +} + +static void netfs_free_request(struct work_struct *work) +{ + struct netfs_io_request *rreq = + container_of(work, struct netfs_io_request, cleanup_work); + + netfs_deinit_request(rreq); call_rcu(&rreq->rcu, netfs_free_request_rcu); } @@ -167,6 +173,22 @@ void netfs_put_request(struct netfs_io_request *rreq, enum netfs_rreq_ref_trace } } +/* + * Free a request (synchronously) that was just allocated but has + * failed before it could be submitted. + */ +void netfs_put_failed_request(struct netfs_io_request *rreq) +{ + /* new requests have two references (see + * netfs_alloc_request(), and this function is only allowed on + * new request objects + */ + WARN_ON_ONCE(refcount_read(&rreq->ref) != 2); + + trace_netfs_rreq_ref(rreq->debug_id, 0, netfs_rreq_trace_put_failed); + netfs_free_request(&rreq->cleanup_work); +} + /* * Allocate and partially initialise an I/O request structure. */ diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c index 8097bc069c1d..a1489aa29f78 100644 --- a/fs/netfs/read_pgpriv2.c +++ b/fs/netfs/read_pgpriv2.c @@ -118,7 +118,7 @@ static struct netfs_io_request *netfs_pgpriv2_begin_copy_to_cache( return creq; cancel_put: - netfs_put_request(creq, netfs_rreq_trace_put_return); + netfs_put_failed_request(creq); cancel: rreq->copy_to_cache = ERR_PTR(-ENOBUFS); clear_bit(NETFS_RREQ_FOLIO_COPY_TO_CACHE, &rreq->flags); diff --git a/fs/netfs/read_single.c b/fs/netfs/read_single.c index fa622a6cd56d..5c0dc4efc792 100644 --- a/fs/netfs/read_single.c +++ b/fs/netfs/read_single.c @@ -189,7 +189,7 @@ ssize_t netfs_read_single(struct inode *inode, struct file *file, struct iov_ite return ret; cleanup_free: - netfs_put_request(rreq, netfs_rreq_trace_put_failed); + netfs_put_failed_request(rreq); return ret; } EXPORT_SYMBOL(netfs_read_single); diff --git a/fs/netfs/write_issue.c b/fs/netfs/write_issue.c index 0584cba1a043..dd8743bc8d7f 100644 --- a/fs/netfs/write_issue.c +++ b/fs/netfs/write_issue.c @@ -133,8 +133,7 @@ struct netfs_io_request *netfs_create_write_req(struct address_space *mapping, return wreq; nomem: - wreq->error = -ENOMEM; - netfs_put_request(wreq, netfs_rreq_trace_put_failed); + netfs_put_failed_request(wreq); return ERR_PTR(-ENOMEM); } -- 2.47.3

2 months, 1 week

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror