- Linux-stable-mirror - lists.linaro.org

[PATCH] drm/v3d: Assign job pointer to NULL before signaling the fence

by Maíra Canal

In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to assign the job pointer to NULL after completing a job, indicating job completion. However, this approach created a race condition between the DRM scheduler workqueue and the IRQ execution thread. As soon as the fence is signaled in the IRQ execution thread, a new job starts to be executed. This results in a race condition where the IRQ execution thread sets the job pointer to NULL simultaneously as the `run_job()` function assigns a new job to the pointer. This race condition can lead to a NULL pointer dereference if the IRQ execution thread sets the job pointer to NULL after `run_job()` assigns it to the new job. When the new job completes and the GPU emits an interrupt, `v3d_irq()` is triggered, potentially causing a crash. [ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 466.318928] Mem abort info: [ 466.321723] ESR = 0x0000000096000005 [ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits [ 466.330807] SET = 0, FnV = 0 [ 466.333864] EA = 0, S1PTW = 0 [ 466.337010] FSC = 0x05: level 1 translation fault [ 466.341900] Data abort info: [ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000 [ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6 [ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18 [ 466.467336] Tainted: [C]=CRAP [ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) [ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d] [ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228 [ 466.492327] sp : ffffffc080003ea0 [ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000 [ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200 [ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000 [ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000 [ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000 [ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0 [ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70 [ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000 [ 466.567263] Call trace: [ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P) [ 466.573826] __handle_irq_event_percpu+0x60/0x228 [ 466.578546] handle_irq_event+0x54/0xb8 [ 466.582391] handle_fasteoi_irq+0xac/0x240 [ 466.586498] generic_handle_domain_irq+0x34/0x58 [ 466.591128] gic_handle_irq+0x48/0xd8 [ 466.594798] call_on_irq_stack+0x24/0x58 [ 466.598730] do_interrupt_handler+0x88/0x98 [ 466.602923] el0_interrupt+0x44/0xc0 [ 466.606508] __el0_irq_handler_common+0x18/0x28 [ 466.611050] el0t_64_irq_handler+0x10/0x20 [ 466.615156] el0t_64_irq+0x198/0x1a0 [ 466.618740] Code: 52800035 3607faf3 f9442e80 52800021 (f9406018) [ 466.624853] ---[ end trace 0000000000000000 ]--- [ 466.629483] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 466.636384] SMP: stopping secondary CPUs [ 466.640320] Kernel Offset: 0x100c400000 from 0xffffffc080000000 [ 466.646259] PHYS_OFFSET: 0x0 [ 466.649141] CPU features: 0x100,00000170,00901250,0200720b [ 466.654644] Memory Limit: none [ 466.657706] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- Fix the crash by assigning the job pointer to NULL before signaling the fence. This ensures that the job pointer is cleared before any new job starts execution, preventing the race condition and the NULL pointer dereference crash. Cc: stable(a)vger.kernel.org Fixes: e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_irq.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c index da203045df9b..72b6a119412f 100644 --- a/drivers/gpu/drm/v3d/v3d_irq.c +++ b/drivers/gpu/drm/v3d/v3d_irq.c @@ -107,8 +107,10 @@ v3d_irq(int irq, void *arg) v3d_job_update_stats(&v3d->bin_job->base, V3D_BIN); trace_v3d_bcl_irq(&v3d->drm, fence->seqno); - dma_fence_signal(&fence->base); + v3d->bin_job = NULL; + dma_fence_signal(&fence->base); + status = IRQ_HANDLED; } @@ -118,8 +120,10 @@ v3d_irq(int irq, void *arg) v3d_job_update_stats(&v3d->render_job->base, V3D_RENDER); trace_v3d_rcl_irq(&v3d->drm, fence->seqno); - dma_fence_signal(&fence->base); + v3d->render_job = NULL; + dma_fence_signal(&fence->base); + status = IRQ_HANDLED; } @@ -129,8 +133,10 @@ v3d_irq(int irq, void *arg) v3d_job_update_stats(&v3d->csd_job->base, V3D_CSD); trace_v3d_csd_irq(&v3d->drm, fence->seqno); - dma_fence_signal(&fence->base); + v3d->csd_job = NULL; + dma_fence_signal(&fence->base); + status = IRQ_HANDLED; } @@ -167,8 +173,10 @@ v3d_hub_irq(int irq, void *arg) v3d_job_update_stats(&v3d->tfu_job->base, V3D_TFU); trace_v3d_tfu_irq(&v3d->drm, fence->seqno); - dma_fence_signal(&fence->base); + v3d->tfu_job = NULL; + dma_fence_signal(&fence->base); + status = IRQ_HANDLED; } -- 2.39.5 (Apple Git-154)

8 hours, 13 minutes

4
4
0 0

[tip: timers/urgent] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Gitweb: https://git.kernel.org/tip/53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Sat, 18 Jan 2025 00:24:33 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 23 Jan 2025 20:06:35 +01:00 hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com --- include/linux/hrtimer_defs.h | 1 +- kernel/time/hrtimer.c | 103 +++++++++++++++++++++++++++------- 2 files changed, 83 insertions(+), 21 deletions(-) diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7e..84a5045 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8..deb1aa3 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ again: raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ again: } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,10 +1242,16 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the * remote data correctly. @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

8 hours, 20 minutes

1
0
0 0

[PATCH net 0/3] mptcp: fixes addressing syzbot reports

by Matthieu Baerts (NGI0)

Recently, a few issues linked to MPTCP have been reported by syzbot. All the remaining ones are addressed in this series. - Patch 1: Address "KMSAN: uninit-value in mptcp_incoming_options (2)". A fix for v5.11. - Patch 2: Address "WARNING in mptcp_pm_nl_set_flags (2)". A fix for v5.18. - Patch 3: Address "WARNING in __mptcp_clean_una (2)". A fix for v6.4, backported up to v6.1. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (1): mptcp: pm: only set fullmesh for subflow endp Paolo Abeni (2): mptcp: consolidate suboption status mptcp: handle fastopen disconnect correctly net/mptcp/options.c | 13 +++++-------- net/mptcp/pm_netlink.c | 3 ++- net/mptcp/protocol.c | 4 +++- net/mptcp/protocol.h | 30 ++++++++++++++++-------------- 4 files changed, 26 insertions(+), 24 deletions(-) --- base-commit: 15a901361ec3fb1c393f91880e1cbf24ec0a88bd change-id: 20250123-net-mptcp-syzbot-issues-ffdbbb9b85d7 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

9 hours, 27 minutes

1
3
0 0

[PATCH v1 1/2] mm: Clear uffd-wp PTE/PMD state on mremap()

by Ryan Roberts

When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in flag clearing leads to a mismatch between the vma flags (which have uffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp cleared). This mismatch causes a subsequent mprotect(PROT_WRITE) to trigger a warning in page_table_check_pte_flags() due to setting the pte to writable while uffd-wp is still set. Fix this by always explicitly clearing the uffd-wp pte/pmd flags on any such mremap() so that the values are consistent with the existing clearing of VM_UFFD_WP. Be careful to clear the logical flag regardless of its physical form; a PTE bit, a swap PTE bit, or a PTE marker. Cover PTE, huge PMD and hugetlb paths. Co-developed-by: Mikołaj Lenczewski <miko.lenczewski(a)arm.com> Signed-off-by: Mikołaj Lenczewski <miko.lenczewski(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Closes: https://lore.kernel.org/linux-mm/810b44a8-d2ae-4107-b665-5a42eae2d948@arm.c… Fixes: 63b2d4174c4a ("userfaultfd: wp: add the writeprotect API to userfaultfd ioctl") Cc: stable(a)vger.kernel.org --- include/linux/userfaultfd_k.h | 12 ++++++++++++ mm/huge_memory.c | 12 ++++++++++++ mm/hugetlb.c | 14 +++++++++++++- mm/mremap.c | 32 +++++++++++++++++++++++++++++++- 4 files changed, 68 insertions(+), 2 deletions(-) diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h index cb40f1a1d081..75342022d144 100644 --- a/include/linux/userfaultfd_k.h +++ b/include/linux/userfaultfd_k.h @@ -247,6 +247,13 @@ static inline bool vma_can_userfault(struct vm_area_struct *vma, vma_is_shmem(vma); } +static inline bool vma_has_uffd_without_event_remap(struct vm_area_struct *vma) +{ + struct userfaultfd_ctx *uffd_ctx = vma->vm_userfaultfd_ctx.ctx; + + return uffd_ctx && (uffd_ctx->features & UFFD_FEATURE_EVENT_REMAP) == 0; +} + extern int dup_userfaultfd(struct vm_area_struct *, struct list_head *); extern void dup_userfaultfd_complete(struct list_head *); void dup_userfaultfd_fail(struct list_head *); @@ -402,6 +409,11 @@ static inline bool userfaultfd_wp_async(struct vm_area_struct *vma) return false; } +static inline bool vma_has_uffd_without_event_remap(struct vm_area_struct *vma) +{ + return false; +} + #endif /* CONFIG_USERFAULTFD */ static inline bool userfaultfd_wp_use_markers(struct vm_area_struct *vma) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index c89aed1510f1..2654a9548749 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2212,6 +2212,16 @@ static pmd_t move_soft_dirty_pmd(pmd_t pmd) return pmd; } +static pmd_t clear_uffd_wp_pmd(pmd_t pmd) +{ + if (pmd_present(pmd)) + pmd = pmd_clear_uffd_wp(pmd); + else if (is_swap_pmd(pmd)) + pmd = pmd_swp_clear_uffd_wp(pmd); + + return pmd; +} + bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, unsigned long new_addr, pmd_t *old_pmd, pmd_t *new_pmd) { @@ -2250,6 +2260,8 @@ bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, pgtable_trans_huge_deposit(mm, new_pmd, pgtable); } pmd = move_soft_dirty_pmd(pmd); + if (vma_has_uffd_without_event_remap(vma)) + pmd = clear_uffd_wp_pmd(pmd); set_pmd_at(mm, new_addr, new_pmd, pmd); if (force_flush) flush_pmd_tlb_range(vma, old_addr, old_addr + PMD_SIZE); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 354eec6f7e84..cdbc55d5384f 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5454,6 +5454,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, unsigned long new_addr, pte_t *src_pte, pte_t *dst_pte, unsigned long sz) { + bool need_clear_uffd_wp = vma_has_uffd_without_event_remap(vma); struct hstate *h = hstate_vma(vma); struct mm_struct *mm = vma->vm_mm; spinlock_t *src_ptl, *dst_ptl; @@ -5470,7 +5471,18 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); - set_huge_pte_at(mm, new_addr, dst_pte, pte, sz); + + if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) + huge_pte_clear(mm, new_addr, dst_pte, sz); + else { + if (need_clear_uffd_wp) { + if (pte_present(pte)) + pte = huge_pte_clear_uffd_wp(pte); + else if (is_swap_pte(pte)) + pte = pte_swp_clear_uffd_wp(pte); + } + set_huge_pte_at(mm, new_addr, dst_pte, pte, sz); + } if (src_ptl != dst_ptl) spin_unlock(src_ptl); diff --git a/mm/mremap.c b/mm/mremap.c index 60473413836b..cff7f552f909 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -138,6 +138,7 @@ static int move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, struct vm_area_struct *new_vma, pmd_t *new_pmd, unsigned long new_addr, bool need_rmap_locks) { + bool need_clear_uffd_wp = vma_has_uffd_without_event_remap(vma); struct mm_struct *mm = vma->vm_mm; pte_t *old_pte, *new_pte, pte; pmd_t dummy_pmdval; @@ -216,7 +217,18 @@ static int move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, force_flush = true; pte = move_pte(pte, old_addr, new_addr); pte = move_soft_dirty_pte(pte); - set_pte_at(mm, new_addr, new_pte, pte); + + if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) + pte_clear(mm, new_addr, new_pte); + else { + if (need_clear_uffd_wp) { + if (pte_present(pte)) + pte = pte_clear_uffd_wp(pte); + else if (is_swap_pte(pte)) + pte = pte_swp_clear_uffd_wp(pte); + } + set_pte_at(mm, new_addr, new_pte, pte); + } } arch_leave_lazy_mmu_mode(); @@ -278,6 +290,15 @@ static bool move_normal_pmd(struct vm_area_struct *vma, unsigned long old_addr, if (WARN_ON_ONCE(!pmd_none(*new_pmd))) return false; + /* If this pmd belongs to a uffd vma with remap events disabled, we need + * to ensure that the uffd-wp state is cleared from all pgtables. This + * means recursing into lower page tables in move_page_tables(), and we + * can reuse the existing code if we simply treat the entry as "not + * moved". + */ + if (vma_has_uffd_without_event_remap(vma)) + return false; + /* * We don't have to worry about the ordering of src and dst * ptlocks because exclusive mmap_lock prevents deadlock. @@ -333,6 +354,15 @@ static bool move_normal_pud(struct vm_area_struct *vma, unsigned long old_addr, if (WARN_ON_ONCE(!pud_none(*new_pud))) return false; + /* If this pud belongs to a uffd vma with remap events disabled, we need + * to ensure that the uffd-wp state is cleared from all pgtables. This + * means recursing into lower page tables in move_page_tables(), and we + * can reuse the existing code if we simply treat the entry as "not + * moved". + */ + if (vma_has_uffd_without_event_remap(vma)) + return false; + /* * We don't have to worry about the ordering of src and dst * ptlocks because exclusive mmap_lock prevents deadlock. -- 2.43.0

9 hours, 53 minutes

5
11
0 0

[PATCH for-current] wifi: ath12k: fix handling of 6 GHz rules

by Aditya Kumar Singh

In the US country code, to avoid including 6 GHz rules in the 5 GHz rules list, the number of 5 GHz rules is set to a default constant value of 4 (REG_US_5G_NUM_REG_RULES). However, if there are more than 4 valid 5 GHz rules, the current logic will bypass the legitimate 6 GHz rules. For example, if there are 5 valid 5 GHz rules and 1 valid 6 GHz rule, the current logic will only consider 4 of the 5 GHz rules, treating the last valid rule as a 6 GHz rule. Consequently, the actual 6 GHz rule is never processed, leading to the eventual disabling of 6 GHz channels. To fix this issue, instead of hardcoding the value to 4, use a helper function to determine the number of 6 GHz rules present in the 5 GHz rules list and ignore only those rules. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Cc: stable(a)vger.kernel.org Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> --- drivers/net/wireless/ath/ath12k/wmi.c | 61 ++++++++++++++++++++++++++--------- drivers/net/wireless/ath/ath12k/wmi.h | 1 - 2 files changed, 45 insertions(+), 17 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index a7625a3d1a3a9b1bbcf90cee30d3c707de03c439..296238c7ee0fd95045a3e0859d730e3bd73ec906 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -4852,6 +4852,22 @@ static struct ath12k_reg_rule return reg_rule_ptr; } +static u8 ath12k_wmi_ignore_num_extra_rules(struct ath12k_wmi_reg_rule_ext_params *rule, + u32 num_reg_rules) +{ + u8 num_invalid_5ghz_rules = 0; + u32 count, start_freq; + + for (count = 0; count < num_reg_rules; count++) { + start_freq = le32_get_bits(rule[count].freq_info, REG_RULE_START_FREQ); + + if (start_freq >= ATH12K_MIN_6G_FREQ) + num_invalid_5ghz_rules++; + } + + return num_invalid_5ghz_rules; +} + static int ath12k_pull_reg_chan_list_ext_update_ev(struct ath12k_base *ab, struct sk_buff *skb, struct ath12k_reg_info *reg_info) @@ -4862,6 +4878,7 @@ static int ath12k_pull_reg_chan_list_ext_update_ev(struct ath12k_base *ab, u32 num_2g_reg_rules, num_5g_reg_rules; u32 num_6g_reg_rules_ap[WMI_REG_CURRENT_MAX_AP_TYPE]; u32 num_6g_reg_rules_cl[WMI_REG_CURRENT_MAX_AP_TYPE][WMI_REG_MAX_CLIENT_TYPE]; + u8 num_invalid_5ghz_ext_rules; u32 total_reg_rules = 0; int ret, i, j; @@ -4955,20 +4972,6 @@ static int ath12k_pull_reg_chan_list_ext_update_ev(struct ath12k_base *ab, memcpy(reg_info->alpha2, &ev->alpha2, REG_ALPHA2_LEN); - /* FIXME: Currently FW includes 6G reg rule also in 5G rule - * list for country US. - * Having same 6G reg rule in 5G and 6G rules list causes - * intersect check to be true, and same rules will be shown - * multiple times in iw cmd. So added hack below to avoid - * parsing 6G rule from 5G reg rule list, and this can be - * removed later, after FW updates to remove 6G reg rule - * from 5G rules list. - */ - if (memcmp(reg_info->alpha2, "US", 2) == 0) { - reg_info->num_5g_reg_rules = REG_US_5G_NUM_REG_RULES; - num_5g_reg_rules = reg_info->num_5g_reg_rules; - } - reg_info->dfs_region = le32_to_cpu(ev->dfs_region); reg_info->phybitmap = le32_to_cpu(ev->phybitmap); reg_info->num_phy = le32_to_cpu(ev->num_phy); @@ -5071,8 +5074,29 @@ static int ath12k_pull_reg_chan_list_ext_update_ev(struct ath12k_base *ab, } } + ext_wmi_reg_rule += num_2g_reg_rules; + + /* Firmware might include 6 GHz reg rule in 5 GHz rule list + * for few countries along with separate 6 GHz rule. + * Having same 6 GHz reg rule in 5 GHz and 6 GHz rules list + * causes intersect check to be true, and same rules will be + * shown multiple times in iw cmd. + * Hence, avoid parsing 6 GHz rule from 5 GHz reg rule list + */ + num_invalid_5ghz_ext_rules = ath12k_wmi_ignore_num_extra_rules(ext_wmi_reg_rule, + num_5g_reg_rules); + + if (num_invalid_5ghz_ext_rules) { + ath12k_dbg(ab, ATH12K_DBG_WMI, + "CC: %s 5 GHz reg rules number %d from fw, %d number of invalid 5 GHz rules", + reg_info->alpha2, reg_info->num_5g_reg_rules, + num_invalid_5ghz_ext_rules); + + num_5g_reg_rules = num_5g_reg_rules - num_invalid_5ghz_ext_rules; + reg_info->num_5g_reg_rules = num_5g_reg_rules; + } + if (num_5g_reg_rules) { - ext_wmi_reg_rule += num_2g_reg_rules; reg_info->reg_rules_5g_ptr = create_ext_reg_rules_from_wmi(num_5g_reg_rules, ext_wmi_reg_rule); @@ -5084,7 +5108,12 @@ static int ath12k_pull_reg_chan_list_ext_update_ev(struct ath12k_base *ab, } } - ext_wmi_reg_rule += num_5g_reg_rules; + /* We have adjusted the number of 5 GHz reg rules above. But still those + * many rules needs to be adjusted in ext_wmi_reg_rule. + * + * NOTE: num_invalid_5ghz_ext_rules will be 0 for rest other cases. + */ + ext_wmi_reg_rule += (num_5g_reg_rules + num_invalid_5ghz_ext_rules); for (i = 0; i < WMI_REG_CURRENT_MAX_AP_TYPE; i++) { reg_info->reg_rules_6g_ap_ptr[i] = diff --git a/drivers/net/wireless/ath/ath12k/wmi.h b/drivers/net/wireless/ath/ath12k/wmi.h index 38aed18b99f4239e40d369181549b4bc78faa862..81248253a36872f6fd93db772b5394f3ef9d3bf9 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.h +++ b/drivers/net/wireless/ath/ath12k/wmi.h @@ -4093,7 +4093,6 @@ struct ath12k_wmi_eht_rate_set_params { #define MAX_REG_RULES 10 #define REG_ALPHA2_LEN 2 #define MAX_6G_REG_RULES 5 -#define REG_US_5G_NUM_REG_RULES 4 enum wmi_start_event_param { WMI_VDEV_START_RESP_EVENT = 0, --- base-commit: c4e4e37afc8b8d178b0f00f607c30b3b81253597 change-id: 20250123-fix_6ghz_rules_handling-ff85f1efb30b

10 hours, 21 minutes

2
1
0 0

Linux 6.12.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.11 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/include/asm/special_insns.h | 2 arch/x86/kernel/fred.c | 8 drivers/acpi/resource.c | 6 drivers/block/zram/zram_drv.c | 1 drivers/cpufreq/Kconfig | 4 drivers/cpuidle/governors/teo.c | 91 +-- drivers/firmware/efi/Kconfig | 4 drivers/firmware/efi/libstub/Makefile.zboot | 18 drivers/gpio/gpio-sim.c | 48 + drivers/gpio/gpio-virtuser.c | 47 + drivers/gpio/gpio-xilinx.c | 32 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_fw_attestation.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 41 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 25 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 35 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 3 drivers/gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 11 drivers/gpu/drm/i915/display/intel_fb.c | 2 drivers/gpu/drm/nouveau/nouveau_fence.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/mcp77.c | 1 drivers/gpu/drm/tests/drm_kunit_helpers.c | 3 drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 3 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 20 drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 5 drivers/gpu/drm/xe/xe_hw_engine.c | 2 drivers/gpu/drm/xe/xe_oa.c | 1 drivers/hwmon/ltc2991.c | 2 drivers/hwmon/tmp513.c | 7 drivers/i2c/busses/i2c-rcar.c | 20 drivers/i2c/i2c-atr.c | 2 drivers/i2c/i2c-core-base.c | 1 drivers/i2c/i2c-slave-testunit.c | 19 drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 drivers/infiniband/hw/bnxt_re/ib_verbs.h | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 1 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 1 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/irqchip/irqchip.c | 4 drivers/mtd/spi-nor/core.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 25 drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 7 drivers/net/ethernet/freescale/fec_main.c | 19 drivers/net/ethernet/intel/ice/ice.h | 5 drivers/net/ethernet/intel/ice/ice_adapter.c | 6 drivers/net/ethernet/intel/ice/ice_adapter.h | 22 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 drivers/net/ethernet/intel/ice/ice_common.c | 51 + drivers/net/ethernet/intel/ice/ice_common.h | 1 drivers/net/ethernet/intel/ice/ice_main.c | 6 drivers/net/ethernet/intel/ice/ice_ptp.c | 165 +++-- drivers/net/ethernet/intel/ice/ice_ptp.h | 9 drivers/net/ethernet/intel/ice/ice_ptp_consts.h | 2 drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 285 +++++----- drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 5 drivers/net/ethernet/intel/ice/ice_type.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 22 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 12 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 11 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 4 drivers/net/ethernet/mellanox/mlx5/core/sf/devlink.c | 1 drivers/net/ethernet/mellanox/mlx5/core/wc.c | 24 drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 drivers/net/ethernet/renesas/ravb_main.c | 1 drivers/net/ethernet/ti/cpsw_ale.c | 14 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/gtp.c | 26 drivers/net/pfcp.c | 15 drivers/nvme/target/io-cmd-bdev.c | 2 drivers/platform/x86/dell/dell-uart-backlight.c | 5 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/platform/x86/intel/tpmi_power_domains.c | 1 drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 5 drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 2 drivers/reset/reset-rzg2l-usbphy-ctrl.c | 1 drivers/ufs/core/ufshcd.c | 9 fs/afs/addr_prefs.c | 6 fs/btrfs/volumes.c | 4 fs/cachefiles/daemon.c | 14 fs/cachefiles/internal.h | 3 fs/cachefiles/security.c | 6 fs/file.c | 1 fs/hfs/super.c | 4 fs/iomap/buffered-io.c | 2 fs/netfs/read_collect.c | 9 fs/proc/vmcore.c | 2 fs/qnx6/inode.c | 11 fs/smb/client/connect.c | 3 include/linux/hrtimer.h | 1 include/linux/poll.h | 10 include/linux/pruss_driver.h | 12 include/linux/userfaultfd_k.h | 12 include/net/page_pool/helpers.h | 2 include/trace/events/mmflags.h | 63 ++ kernel/cpu.c | 2 kernel/gen_kheaders.sh | 1 kernel/sched/ext.c | 11 kernel/sched/fair.c | 6 kernel/time/hrtimer.c | 11 kernel/time/timer_migration.c | 43 + mm/filemap.c | 2 mm/huge_memory.c | 12 mm/hugetlb.c | 14 mm/kmemleak.c | 2 mm/mremap.c | 32 + mm/vmscan.c | 3 net/core/filter.c | 30 - net/core/netdev-genl-gen.c | 14 net/core/pktgen.c | 6 net/mac802154/iface.c | 4 net/mptcp/options.c | 6 net/mptcp/protocol.h | 9 net/ncsi/internal.h | 2 net/ncsi/ncsi-manage.c | 16 net/ncsi/ncsi-rsp.c | 19 net/openvswitch/actions.c | 4 net/vmw_vsock/af_vsock.c | 18 net/vmw_vsock/virtio_transport_common.c | 36 - net/vmw_vsock/vsock_bpf.c | 9 security/apparmor/policy.c | 1 sound/pci/hda/patch_realtek.c | 3 tools/net/ynl/ynl-gen-c.py | 16 tools/testing/selftests/mm/cow.c | 8 tools/testing/selftests/net/mptcp/mptcp_connect.c | 43 + tools/testing/selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 tools/testing/selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 7 tools/testing/selftests/sched_ext/dsp_local_on.c | 5 tools/testing/selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 tools/testing/selftests/sched_ext/exit.bpf.c | 4 tools/testing/selftests/sched_ext/maximal.bpf.c | 8 tools/testing/selftests/sched_ext/select_cpu_dfl.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 tools/testing/selftests/sched_ext/select_cpu_vtime.bpf.c | 8 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json | 4 tools/testing/shared/linux/maple_tree.h | 2 tools/testing/vma/linux/atomic.h | 2 157 files changed, 1324 insertions(+), 636 deletions(-) Alex Deucher (1): drm/amdgpu/smu13: update powersave optimizations Ard Biesheuvel (1): efi/zboot: Limit compression options to GZIP and ZSTD Artem Chernyshev (1): pktgen: Avoid out-of-bounds access in get_imix_entries Ashutosh Dixit (1): drm/xe/oa: Add missing VISACTL mux registers Brahmajit Das (1): fs/qnx6: Fix building with GCC 15 Chenyuan Yang (2): platform/x86: dell-uart-backlight: fix serdev race platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race Chris Mi (1): net/mlx5: SF, Fix add port error handling Christian König (1): drm/amdgpu: always sync the GFX pipe on ctx switch Claudiu Beznea (1): reset: rzg2l-usbphy-ctrl: Assign proper of node to the allocated device Dan Carpenter (1): nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Dave Airlie (1): nouveau/fence: handle cross device fences properly David Howells (2): kheaders: Ignore silly-rename files netfs: Fix non-contiguous donation between completed reads David Lechner (2): hwmon: (tmp513) Fix division of negative numbers hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST David Vernet (1): scx: Fix maximal BPF selftest prog Donet Tom (1): mm: vmscan : pgdemote vmstat is not getting updated when MGLRU is enabled. Frederic Weisbecker (2): timers/migration: Fix another race between hotplug and idle entry/exit timers/migration: Enforce group initialization visibility to tree walkers Greg Kroah-Hartman (1): Linux 6.12.11 Gui Chengming (1): drm/amdgpu: fix fw attestation for MP0_14_0_{2/3} Guo Weikang (1): mm/kmemleak: fix percpu memory leak detection failure Hans de Goede (1): ACPI: resource: acpi_dev_irq_override(): Check DMI match last Heiner Kallweit (1): net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Henry Huang (1): sched_ext: keep running prev when prev->scx.slice != 0 Hongguang Gao (1): RDMA/bnxt_re: Fix to export port num to ib_query_qp Ian Forbes (2): drm/vmwgfx: Unreserve BO on error drm/vmwgfx: Add new keep_resv BO param Ihor Solodrai (1): selftests/sched_ext: fix build after renames in sched_ext API Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier Jakub Kicinski (3): eth: bnxt: always recalculate features after XDP clearing, fix null-deref netdev: avoid CFI problems with sock priv helpers selftests: tc-testing: reduce rshift value Joe Hattori (2): i2c: core: fix reference leak in i2c_register_adapter() irqchip: Plug a OF node reference leak in platform_irqchip_probe() Juergen Gross (1): x86/asm: Make serialize() always_inline Kairui Song (1): zram: fix potential UAF of zram table Karol Kolacinski (4): ice: Fix E825 initialization ice: Fix quad registers read on E825 ice: Fix ETH56G FC-FEC Rx offset value ice: Add correct PHY lane assignment Kenneth Feng (1): drm/amdgpu: disable gfxoff with the compute workload on gfx12 Kevin Groeneveld (1): net: fec: handle page_pool_dev_alloc_pages error Koichiro Den (3): gpio: virtuser: lock up configfs that an instantiated device depends on gpio: sim: lock up configfs that an instantiated device depends on hrtimers: Handle CPU state correctly on hotplug Kuniyuki Iwashima (3): gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). gtp: Destroy device along with udp socket's netns dismantle. pfcp: Destroy device along with udp socket's netns dismantle. Leo Li (2): drm/amd/display: Do not elevate mem_type change to full update drm/amd/display: Do not wait for PSR disable on vbl enable Leo Stone (1): hfs: Sanity check the root record Leon Romanovsky (3): net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel net/mlx5e: Rely on reqid in IPsec tunnel mode net/mlx5e: Always start IPsec sequence number from 1 Lizhi Xu (2): mac802154: check local interfaces before deleting sdata list afs: Fix merge preference rule failure condition Luis Chamberlain (1): nvmet: propagate npwg topology Luke D. Jones (2): ALSA: hda/realtek: fixup ASUS GA605W ALSA: hda/realtek: fixup ASUS H7606W MD Danish Anwar (1): soc: ti: pruss: Fix pruss APIs Manivannan Sadhasivam (1): scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers Marco Nelissen (2): iomap: avoid avoid truncating 64-bit offset to 32 bits filemap: avoid truncating 64-bit offset to 32 bits Mark Zhang (1): net/mlx5: Clear port select structure when fail to create Matthew Brost (1): drm/xe: Mark ComputeCS read mode as UC on iGPU Max Kellermann (1): cachefiles: Parse the "secctx" immediately Maíra Canal (1): drm/v3d: Ensure job pointer is set to NULL after job completion Michal Luczaj (1): bpf: Fix bpf_sk_select_reuseport() memory leak Nicholas Susanto (1): Revert "drm/amd/display: Enable urgent latency adjustments for DCN35" Oleg Nesterov (1): poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Paolo Abeni (3): mptcp: be sure to send ack when mptcp-level window re-opens mptcp: fix spurious wake-up on under memory pressure selftests: mptcp: avoid spurious errors on disconnect Patrisious Haddad (1): net/mlx5: Fix RDMA TX steering prio Paul Barker (1): net: ravb: Fix max TX frame size for RZ/V2M Paul Fertser (1): net/ncsi: fix locking in Get MAC Address handling Paulo Alcantara (1): smb: client: fix double free of TCP_Server_Info::hostname Pavel Begunkov (1): net: make page_pool_ref_netmem work with net iovs Peter Zijlstra (1): sched/fair: Fix update_cfs_group() vs DELAY_DEQUEUE Pratyush Yadav (1): Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Qu Wenruo (1): btrfs: add the missing error handling inside get_canonical_dev_path Rafael J. Wysocki (1): cpuidle: teo: Update documentation after previous changes Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore (part 2) Ryan Lee (1): apparmor: allocate xmatch for nullpdb inside aa_alloc_null Ryan Roberts (2): selftests/mm: set allocated memory to non-zero content in cow test mm: clear uffd-wp PTE/PMD state on mremap() Sean Anderson (2): net: xilinx: axienet: Fix IRQ coalescing packet count overflow gpio: xilinx: Convert gpio_lock to raw spinlock Sergey Temerkhanov (3): ice: Introduce ice_get_phy_model() wrapper ice: Add ice_get_ctrl_ptp() wrapper to simplify the code ice: Use ice_adapter for PTP shared data instead of auxdev Srinivas Pandruvada (2): platform/x86/intel: power-domains: Add Clearwater Forest support platform/x86: ISST: Add Clearwater Forest to support list Stefan Binding (1): ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA Stefano Garzarella (5): vsock/bpf: return early if transport is not assigned vsock/virtio: discard packets if the transport changes vsock/virtio: cancel close work in the destructor vsock: reset socket state when de-assigning the transport vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Steven Rostedt (1): tracing: gfp: Fix the GFP enum values shown for user space tracing tools Sudheer Kumar Doredla (1): net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Suren Baghdasaryan (1): tools: fix atomic_set() definition to set the value correctly Takashi Iwai (1): drm/nouveau/disp: Fix missing backlight control on Macbook 5,1 Tejun Heo (1): sched_ext: Fix dsq_local_on selftest Tom Chung (2): drm/amd/display: Fix PSR-SU not support but still call the amdgpu_dm_psr_enable drm/amd/display: Disable replay and psr while VRR is enabled Tomas Krcka (1): irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() Tomi Valkeinen (1): i2c: atr: Fix client detach Ville Syrjälä (1): drm/i915/fb: Relax clear color alignment to 64 bytes Viresh Kumar (1): cpufreq: Move endif to the end of Kconfig file Wayne Lin (1): drm/amd/display: Validate mdoe under MST LCT=1 case as well Wolfram Sang (3): i2c: mux: demux-pinctrl: check initial mux selection, too i2c: rcar: fix NACK handling when being a target i2c: testunit: on errors, repeat NACK until STOP Xiaolei Wang (1): pmdomain: imx8mp-blk-ctrl: add missing loop break condition Xin Li (Intel) (1): x86/fred: Fix the FRED RSP0 MSR out of sync with its per-CPU cache Yishai Hadas (1): net/mlx5: Fix a lockdep warning as part of the write combining test Yogesh Lal (1): irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Yu-Chun Lin (1): drm/tests: helpers: Fix compiler warning Zhang Kunbo (1): fs: fix missing declaration of init_files

10 hours, 21 minutes

1
1
0 0

Linux 6.6.74

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.74 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/include/asm/special_insns.h | 2 arch/x86/xen/xen-asm.S | 2 block/blk-sysfs.c | 6 - block/genhd.c | 9 - drivers/acpi/resource.c | 6 - drivers/block/zram/zram_drv.c | 1 drivers/gpio/gpio-xilinx.c | 32 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 45 --------- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 4 drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 drivers/gpu/drm/i915/display/intel_fb.c | 2 drivers/gpu/drm/nouveau/nouveau_fence.c | 6 - drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 3 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 - drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 7 - drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 5 - drivers/hwmon/tmp513.c | 7 - drivers/i2c/busses/i2c-rcar.c | 20 +++- drivers/i2c/i2c-atr.c | 2 drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 11 ++ drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 drivers/infiniband/hw/bnxt_re/ib_verbs.h | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 1 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 1 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/irqchip/irqchip.c | 4 drivers/mtd/spi-nor/core.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 --- drivers/net/ethernet/freescale/fec_main.c | 19 ++- drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 22 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 4 drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 drivers/net/ethernet/ti/cpsw_ale.c | 14 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 + drivers/net/gtp.c | 42 +++++--- drivers/nvme/target/io-cmd-bdev.c | 2 drivers/pci/controller/pci-host-common.c | 4 drivers/pci/probe.c | 20 ++-- drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 2 drivers/ufs/core/ufshcd.c | 9 + fs/cachefiles/daemon.c | 14 +- fs/cachefiles/internal.h | 3 fs/cachefiles/security.c | 6 - fs/file.c | 1 fs/hfs/super.c | 4 fs/iomap/buffered-io.c | 2 fs/nfsd/filecache.c | 18 ++- fs/nfsd/filecache.h | 1 fs/notify/fdinfo.c | 4 fs/ocfs2/extent_map.c | 8 + fs/overlayfs/copy_up.c | 16 +-- fs/overlayfs/export.c | 49 +++++----- fs/overlayfs/namei.c | 4 fs/overlayfs/overlayfs.h | 2 fs/proc/vmcore.c | 2 fs/smb/client/connect.c | 3 include/linux/hrtimer.h | 1 include/linux/poll.h | 10 +- include/linux/pruss_driver.h | 12 +- include/net/net_namespace.h | 3 kernel/cpu.c | 2 kernel/gen_kheaders.sh | 1 kernel/time/hrtimer.c | 11 ++ mm/filemap.c | 2 net/core/filter.c | 30 +++--- net/core/net_namespace.c | 31 ++++++ net/core/pktgen.c | 6 - net/dccp/ipv6.c | 2 net/ipv6/tcp_ipv6.c | 4 net/mac802154/iface.c | 4 net/mptcp/options.c | 6 - net/mptcp/protocol.h | 9 + net/openvswitch/actions.c | 4 net/vmw_vsock/af_vsock.c | 18 +++ net/vmw_vsock/virtio_transport_common.c | 36 +++++-- net/vmw_vsock/vsock_bpf.c | 9 + sound/pci/hda/patch_realtek.c | 1 tools/testing/selftests/net/mptcp/mptcp_connect.c | 43 ++++++-- tools/testing/selftests/tc-testing/tc-tests/filters/flow.json | 4 90 files changed, 477 insertions(+), 313 deletions(-) Amir Goldstein (3): ovl: pass realinode to ovl_encode_real_fh() instead of realdentry ovl: support encoding fid from inode with no alias fs: relax assertions on failure to encode file handles Artem Chernyshev (1): pktgen: Avoid out-of-bounds access in get_imix_entries Christian König (1): drm/amdgpu: always sync the GFX pipe on ctx switch Dan Carpenter (1): nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Dave Airlie (1): nouveau/fence: handle cross device fences properly David Howells (1): kheaders: Ignore silly-rename files David Lechner (1): hwmon: (tmp513) Fix division of negative numbers Eric Dumazet (2): net: add exit_batch_rtnl() method gtp: use exit_batch_rtnl() method Greg Kroah-Hartman (2): Revert "drm/amdgpu: rework resume handling for display (v2)" Linux 6.6.74 Hans de Goede (1): ACPI: resource: acpi_dev_irq_override(): Check DMI match last Heiner Kallweit (1): net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Hongguang Gao (1): RDMA/bnxt_re: Fix to export port num to ib_query_qp Ian Forbes (1): drm/vmwgfx: Add new keep_resv BO param Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier Jakub Kicinski (1): selftests: tc-testing: reduce rshift value Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: fix spi burst write not supported Joe Hattori (1): irqchip: Plug a OF node reference leak in platform_irqchip_probe() Juergen Gross (2): x86/asm: Make serialize() always_inline x86/xen: fix SLS mitigation in xen_hypercall_iret() Kairui Song (1): zram: fix potential UAF of zram table Kevin Groeneveld (1): net: fec: handle page_pool_dev_alloc_pages error Koichiro Den (1): hrtimers: Handle CPU state correctly on hotplug Kuniyuki Iwashima (2): gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). gtp: Destroy device along with udp socket's netns dismantle. Leo Stone (1): hfs: Sanity check the root record Leon Romanovsky (3): net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel net/mlx5e: Rely on reqid in IPsec tunnel mode net/mlx5e: Always start IPsec sequence number from 1 Lizhi Xu (1): mac802154: check local interfaces before deleting sdata list Luis Chamberlain (1): nvmet: propagate npwg topology MD Danish Anwar (1): soc: ti: pruss: Fix pruss APIs Manivannan Sadhasivam (1): scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers Marco Nelissen (2): iomap: avoid avoid truncating 64-bit offset to 32 bits filemap: avoid truncating 64-bit offset to 32 bits Mark Zhang (1): net/mlx5: Clear port select structure when fail to create Max Kellermann (1): cachefiles: Parse the "secctx" immediately Maíra Canal (1): drm/v3d: Ensure job pointer is set to NULL after job completion Michal Luczaj (1): bpf: Fix bpf_sk_select_reuseport() memory leak Mohammed Anees (1): ocfs2: fix deadlock in ocfs2_get_system_file_inode Oleg Nesterov (1): poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Paolo Abeni (3): mptcp: be sure to send ack when mptcp-level window re-opens mptcp: fix spurious wake-up on under memory pressure selftests: mptcp: avoid spurious errors on disconnect Patrisious Haddad (1): net/mlx5: Fix RDMA TX steering prio Paulo Alcantara (1): smb: client: fix double free of TCP_Server_Info::hostname Pratyush Yadav (1): Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore (part 2) Sean Anderson (2): net: xilinx: axienet: Fix IRQ coalescing packet count overflow gpio: xilinx: Convert gpio_lock to raw spinlock Srinivasan Shanmugam (1): drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Stefan Binding (1): ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA Stefano Garzarella (5): vsock/bpf: return early if transport is not assigned vsock/virtio: discard packets if the transport changes vsock/virtio: cancel close work in the destructor vsock: reset socket state when de-assigning the transport vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Sudheer Kumar Doredla (1): net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Terry Tritton (1): Revert "PCI: Use preserve_config in place of pci_flags" Tomas Krcka (1): irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() Tomi Valkeinen (1): i2c: atr: Fix client detach Ville Syrjälä (1): drm/i915/fb: Relax clear color alignment to 64 bytes Wang Liang (1): net: fix data-races around sk->sk_forward_alloc Wolfram Sang (2): i2c: mux: demux-pinctrl: check initial mux selection, too i2c: rcar: fix NACK handling when being a target Xiaolei Wang (1): pmdomain: imx8mp-blk-ctrl: add missing loop break condition Yogesh Lal (1): irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Youzhong Yang (1): nfsd: add list_head nf_gc to struct nfsd_file Yu Kuai (1): block: fix uaf for flush rq while iterating tags Zhang Kunbo (1): fs: fix missing declaration of init_files

10 hours, 21 minutes

1
1
0 0

Linux 6.1.127

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.127 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/include/asm/special_insns.h | 2 arch/x86/xen/xen-asm.S | 2 block/blk-sysfs.c | 6 block/genhd.c | 9 drivers/acpi/resource.c | 6 drivers/base/regmap/regmap.c | 12 drivers/block/zram/zram_drv.c | 1 drivers/gpio/gpiolib-cdev.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 47 --- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 drivers/gpu/drm/i915/display/intel_fb.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/hwmon/tmp513.c | 7 drivers/i2c/busses/i2c-rcar.c | 20 + drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 drivers/iio/adc/rockchip_saradc.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 18 + drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 drivers/infiniband/sw/rxe/rxe_req.c | 6 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/irqchip/irqchip.c | 4 drivers/mtd/spi-nor/core.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 - drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 4 drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 drivers/net/ethernet/ti/cpsw_ale.c | 14 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/gtp.c | 42 +- drivers/net/wireless/ath/ath10k/sdio.c | 4 drivers/nvme/target/io-cmd-bdev.c | 2 drivers/pci/controller/pci-host-common.c | 4 drivers/pci/probe.c | 20 - drivers/scsi/sg.c | 2 drivers/soc/imx/imx8mp-blk-ctrl.c | 2 drivers/ufs/core/ufshcd.c | 9 fs/cachefiles/daemon.c | 14 fs/cachefiles/internal.h | 3 fs/cachefiles/security.c | 6 fs/erofs/erofs_fs.h | 145 ++++------ fs/erofs/zmap.c | 133 ++++----- fs/file.c | 1 fs/hfs/super.c | 4 fs/iomap/buffered-io.c | 2 fs/nfsd/filecache.c | 18 - fs/nfsd/filecache.h | 1 fs/proc/vmcore.c | 2 include/linux/hrtimer.h | 1 include/linux/poll.h | 10 include/net/net_namespace.h | 3 kernel/cpu.c | 2 kernel/gen_kheaders.sh | 1 kernel/time/hrtimer.c | 11 mm/filemap.c | 2 net/core/filter.c | 30 +- net/core/net_namespace.c | 31 ++ net/core/pktgen.c | 6 net/dccp/ipv6.c | 2 net/ipv6/tcp_ipv6.c | 4 net/mac802154/iface.c | 4 net/mptcp/options.c | 6 net/openvswitch/actions.c | 4 net/vmw_vsock/af_vsock.c | 18 + net/vmw_vsock/virtio_transport_common.c | 36 +- sound/pci/hda/patch_realtek.c | 1 tools/testing/selftests/net/mptcp/mptcp_connect.c | 43 ++ tools/testing/selftests/tc-testing/tc-tests/filters/flow.json | 4 71 files changed, 476 insertions(+), 378 deletions(-) Artem Chernyshev (1): pktgen: Avoid out-of-bounds access in get_imix_entries Dan Carpenter (1): nfp: bpf: prevent integer overflow in nfp_bpf_event_output() David Howells (1): kheaders: Ignore silly-rename files David Lechner (1): hwmon: (tmp513) Fix division of negative numbers Eric Dumazet (2): net: add exit_batch_rtnl() method gtp: use exit_batch_rtnl() method Gao Xiang (2): erofs: tidy up EROFS on-disk naming erofs: handle NONHEAD !delta[1] lclusters gracefully Greg Kroah-Hartman (3): Revert "drm/amdgpu: rework resume handling for display (v2)" Revert "regmap: detach regmap from dev on regmap_exit" Linux 6.1.127 Hans de Goede (1): ACPI: resource: acpi_dev_irq_override(): Check DMI match last Heiner Kallweit (1): net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier Jakub Kicinski (1): selftests: tc-testing: reduce rshift value Javier Carrasco (1): iio: adc: rockchip_saradc: fix information leak in triggered buffer Jean-Baptiste Maneyrol (2): iio: imu: inv_icm42600: fix spi burst write not supported iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Joe Hattori (1): irqchip: Plug a OF node reference leak in platform_irqchip_probe() Juergen Gross (2): x86/asm: Make serialize() always_inline x86/xen: fix SLS mitigation in xen_hypercall_iret() Kairui Song (1): zram: fix potential UAF of zram table Kang Yang (1): wifi: ath10k: avoid NULL pointer error during sdio remove Koichiro Den (1): hrtimers: Handle CPU state correctly on hotplug Kuniyuki Iwashima (2): gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). gtp: Destroy device along with udp socket's netns dismantle. Leo Stone (1): hfs: Sanity check the root record Lizhi Xu (1): mac802154: check local interfaces before deleting sdata list Luis Chamberlain (1): nvmet: propagate npwg topology Manivannan Sadhasivam (1): scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers Marco Nelissen (2): iomap: avoid avoid truncating 64-bit offset to 32 bits filemap: avoid truncating 64-bit offset to 32 bits Mark Zhang (1): net/mlx5: Clear port select structure when fail to create Max Kellermann (1): cachefiles: Parse the "secctx" immediately Maíra Canal (1): drm/v3d: Ensure job pointer is set to NULL after job completion Michal Luczaj (1): bpf: Fix bpf_sk_select_reuseport() memory leak Oleg Nesterov (1): poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Paolo Abeni (2): mptcp: be sure to send ack when mptcp-level window re-opens selftests: mptcp: avoid spurious errors on disconnect Patrisious Haddad (1): net/mlx5: Fix RDMA TX steering prio Pratyush Yadav (1): Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore (part 2) Sean Anderson (1): net: xilinx: axienet: Fix IRQ coalescing packet count overflow Srinivasan Shanmugam (1): drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Stefan Binding (1): ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA Stefano Garzarella (4): vsock/virtio: discard packets if the transport changes vsock/virtio: cancel close work in the destructor vsock: reset socket state when de-assigning the transport vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Sudheer Kumar Doredla (1): net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Suraj Sonawane (1): scsi: sg: Fix slab-use-after-free read in sg_release() Terry Tritton (1): Revert "PCI: Use preserve_config in place of pci_flags" Tomas Krcka (1): irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() Ville Syrjälä (1): drm/i915/fb: Relax clear color alignment to 64 bytes Vitaly Prosyak (1): drm/amdgpu: fix usage slab after free Wang Liang (1): net: fix data-races around sk->sk_forward_alloc Wolfram Sang (2): i2c: mux: demux-pinctrl: check initial mux selection, too i2c: rcar: fix NACK handling when being a target Xiaolei Wang (1): pmdomain: imx8mp-blk-ctrl: add missing loop break condition Yogesh Lal (1): irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Youzhong Yang (1): nfsd: add list_head nf_gc to struct nfsd_file Yu Kuai (1): block: fix uaf for flush rq while iterating tags Zhang Kunbo (1): fs: fix missing declaration of init_files Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify Zhu Yanjun (1): RDMA/rxe: Fix the qp flush warnings in req

10 hours, 23 minutes

1
1
0 0

Linux 5.15.177

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.177 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 1 arch/riscv/kernel/traps.c | 6 - arch/x86/include/asm/special_insns.h | 2 arch/x86/xen/xen-asm.S | 2 block/bfq-iosched.c | 12 +- drivers/acpi/resource.c | 24 +++- drivers/base/regmap/regmap.c | 12 -- drivers/base/topology.c | 24 +++- drivers/gpio/gpiolib-cdev.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 45 ------- drivers/gpu/drm/amd/display/dc/dc.h | 2 drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h | 8 + drivers/gpu/drm/i915/display/intel_fb.c | 2 drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 12 +- drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/hwmon/tmp513.c | 7 - drivers/i2c/busses/i2c-rcar.c | 20 ++- drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 drivers/iio/adc/ad7124.c | 3 drivers/iio/adc/at91_adc.c | 2 drivers/iio/adc/rockchip_saradc.c | 2 drivers/iio/adc/ti-ads124s08.c | 4 drivers/iio/adc/ti-ads8688.c | 2 drivers/iio/dummy/iio_simple_dummy_buffer.c | 2 drivers/iio/gyro/fxas21002c_core.c | 9 + drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 18 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 drivers/iio/imu/kmx61.c | 2 drivers/iio/inkern.c | 2 drivers/iio/light/vcnl4035.c | 2 drivers/iio/pressure/zpa2326.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/md/dm-ebs-target.c | 2 drivers/md/dm-thin.c | 5 drivers/md/persistent-data/dm-array.c | 19 ++- drivers/md/raid5.c | 14 +- drivers/mtd/spi-nor/core.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 --- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 3 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 95 +++++++++++++--- drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 drivers/net/ethernet/ti/cpsw_ale.c | 14 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 + drivers/net/gtp.c | 42 ++++--- drivers/net/ieee802154/ca8210.c | 6 - drivers/nvme/target/io-cmd-bdev.c | 2 drivers/of/address.c | 76 +++++++++---- drivers/of/unittest-data/tests-address.dtsi | 9 + drivers/of/unittest.c | 109 +++++++++++++++++++ drivers/pci/controller/pci-host-common.c | 4 drivers/pci/probe.c | 20 +-- drivers/phy/broadcom/phy-brcm-usb-init-synopsys.c | 53 +++++++-- drivers/phy/broadcom/phy-brcm-usb-init.h | 1 drivers/phy/broadcom/phy-brcm-usb.c | 8 - drivers/scsi/sg.c | 2 drivers/staging/iio/frequency/ad9832.c | 2 drivers/staging/iio/frequency/ad9834.c | 2 drivers/usb/class/usblp.c | 7 - drivers/usb/core/hub.c | 6 - drivers/usb/core/port.c | 7 - drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 4 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/gadget/function/f_uac2.c | 1 drivers/usb/gadget/function/u_serial.c | 8 - drivers/usb/host/xhci-pci.c | 4 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/option.c | 4 drivers/usb/storage/unusual_devs.h | 7 + fs/afs/afs.h | 2 fs/afs/afs_vl.h | 1 fs/afs/vl_alias.c | 8 + fs/afs/vlclient.c | 2 fs/ceph/mds_client.c | 9 - fs/exfat/dir.c | 3 fs/exfat/fatent.c | 10 + fs/file.c | 1 fs/hfs/super.c | 4 fs/jbd2/commit.c | 4 fs/ksmbd/smb2pdu.c | 3 fs/nfsd/filecache.c | 18 +-- fs/nfsd/filecache.h | 1 fs/ocfs2/quota_global.c | 2 fs/ocfs2/quota_local.c | 10 - fs/proc/vmcore.c | 2 include/linux/blk-cgroup.h | 6 - include/linux/hrtimer.h | 1 include/linux/mlx5/device.h | 2 include/linux/mlx5/fs.h | 2 include/linux/poll.h | 10 + include/linux/usb.h | 3 include/linux/usb/hcd.h | 2 include/net/inet_connection_sock.h | 2 include/net/net_namespace.h | 3 kernel/cpu.c | 2 kernel/gen_kheaders.sh | 1 kernel/time/hrtimer.c | 11 + mm/filemap.c | 2 net/802/psnap.c | 4 net/core/filter.c | 30 +++-- net/core/net_namespace.c | 31 +++++ net/core/pktgen.c | 6 - net/dccp/ipv6.c | 2 net/ipv6/route.c | 2 net/ipv6/tcp_ipv6.c | 4 net/mac802154/iface.c | 4 net/mptcp/options.c | 12 +- net/mptcp/pm.c | 7 - net/mptcp/protocol.h | 2 net/netfilter/nf_conntrack_core.c | 5 net/netfilter/nf_tables_api.c | 15 +- net/sched/cls_flow.c | 3 net/sctp/sysctl.c | 14 +- net/tls/tls_sw.c | 2 net/vmw_vsock/af_vsock.c | 18 +++ net/vmw_vsock/virtio_transport_common.c | 36 ++++-- scripts/sorttable.h | 6 - sound/soc/mediatek/common/mtk-afe-platform-driver.c | 4 121 files changed, 819 insertions(+), 337 deletions(-) Aharon Landau (1): net/mlx5: Add priorities for counters in RDMA namespaces Akash M (1): usb: gadget: f_fs: Remove WARN_ON in functionfs_bind Al Cooper (1): phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers Andrea della Porta (1): of: address: Preserve the flags portion on 1:1 dma-ranges mapping André Draszik (1): usb: dwc3: gadget: fix writing NYET threshold Antonio Pastor (1): net: 802: LLC+SNAP OID:PID lookup on start of skb data Anumula Murali Mohan Reddy (1): cxgb4: Avoid removal of uninserted tid Arnd Bergmann (1): xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals Artem Chernyshev (1): pktgen: Avoid out-of-bounds access in get_imix_entries Benjamin Coddington (1): tls: Fix tls_sw_sendmsg error handling Carlos Song (1): iio: gyro: fxas21002c: Fix missing data update in trigger handler Chen-Yu Tsai (1): ASoC: mediatek: disable buffer pre-allocation Chukun Pan (1): USB: serial: option: add MeiG Smart SRM815 Dan Carpenter (1): nfp: bpf: prevent integer overflow in nfp_bpf_event_output() David Howells (2): afs: Fix the maximum cell name length kheaders: Ignore silly-rename files David Lechner (1): hwmon: (tmp513) Fix division of negative numbers Dennis Lam (1): ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv Eric Dumazet (4): net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute net: add exit_batch_rtnl() method gtp: use exit_batch_rtnl() method ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Fabio Estevam (1): iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() Geliang Tang (1): mptcp: drop port parameter of mptcp_pm_add_addr_signal Greg Kroah-Hartman (3): Revert "drm/amdgpu: rework resume handling for display (v2)" Revert "regmap: detach regmap from dev on regmap_exit" Linux 5.15.177 Gui-Dong Han (1): md/raid5: fix atomicity violation in raid5_cache_count Hans de Goede (3): ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] ACPI: resource: acpi_dev_irq_override(): Check DMI match last Heiner Kallweit (1): net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Herve Codina (2): of: address: Fix address translation when address-size is greater than 2 of: address: Remove duplicated functions Jason Xing (1): tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog Jason-JH.Lin (1): drm/mediatek: Add support for 180-degree rotation in the display driver Javier Carrasco (6): iio: pressure: zpa2326: fix information leak in triggered buffer iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer iio: light: vcnl4035: fix information leak in triggered buffer iio: imu: kmx61: fix information leak in triggered buffer iio: adc: ti-ads8688: fix information leak in triggered buffer iio: adc: rockchip_saradc: fix information leak in triggered buffer Jean-Baptiste Maneyrol (2): iio: imu: inv_icm42600: fix spi burst write not supported iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Joe Hattori (2): iio: adc: at91: call input_free_device() on allocated iio_dev iio: inkern: call iio_device_put() only on mapped devices Johan Hovold (1): USB: serial: cp210x: add Phoenix Contact UPS Device Joseph Qi (1): ocfs2: correct return value of ocfs2_local_free_info() Juergen Gross (2): x86/asm: Make serialize() always_inline x86/xen: fix SLS mitigation in xen_hypercall_iret() Jun Yan (1): USB: usblp: return error when setting unsupported protocol Justin Chen (3): phy: usb: Toggle the PHY power during init phy: usb: Use slow clock for wake enabled suspend phy: usb: Fix clock imbalance for suspend/resume Kai-Heng Feng (1): USB: core: Disable LPM only for non-suspended ports Kalesh AP (1): bnxt_en: Fix possible memory leak when hwrm_req_replace fails Keisuke Nishimura (1): ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() Koichiro Den (1): hrtimers: Handle CPU state correctly on hotplug Krister Johansen (1): dm thin: make get_first_thin use rcu-safe list first function Kuan-Wei Chiu (1): scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity Kuniyuki Iwashima (2): gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). gtp: Destroy device along with udp socket's netns dismantle. Leo Stone (1): hfs: Sanity check the root record Li Huafei (1): topology: Keep the cpumask unchanged when printing cpumap Lianqin Hu (1): usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Lizhi Xu (1): mac802154: check local interfaces before deleting sdata list Lubomir Rintel (1): usb-storage: Add max sectors quirk for Nokia 208 Luis Chamberlain (1): nvmet: propagate npwg topology Ma Ke (1): usb: fix reference leak in usb_new_device() Maor Gottlieb (1): net/mlx5: Refactor mlx5_get_flow_namespace Marco Nelissen (1): filemap: avoid truncating 64-bit offset to 32 bits Matthieu Baerts (NGI0) (5): sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy sctp: sysctl: rto_min/max: avoid using current->nsproxy sctp: sysctl: auth_enable: avoid using current->nsproxy sctp: sysctl: udp_port: avoid using current->nsproxy sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy Max Kellermann (1): ceph: give up on paths longer than PATH_MAX Maíra Canal (1): drm/v3d: Ensure job pointer is set to NULL after job completion Melissa Wen (1): drm/amd/display: increase MAX_SURFACES to the value supported by hw Michal Hrusecky (1): USB: serial: option: add Neoway N723-EA support Michal Luczaj (1): bpf: Fix bpf_sk_select_reuseport() memory leak Mikulas Patocka (1): dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY Ming-Hung Tsai (3): dm array: fix releasing a faulty array block twice in dm_array_cursor_end dm array: fix unreleased btree blocks on closing a faulty array cursor dm array: fix cursor index when skipping across block boundaries Nam Cao (1): riscv: Fix sleeping in invalid context in die() Oleg Nesterov (1): poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Pablo Neira Ayuso (2): netfilter: nf_tables: imbalance in flowtable binding netfilter: conntrack: clamp maximum hashtable size to INT_MAX Paolo Abeni (1): mptcp: fix TCP options overflow. Patrisious Haddad (1): net/mlx5: Fix RDMA TX steering prio Peter Geis (1): arm64: dts: rockchip: add hevc power domain clock to rk3328 Prashanth K (1): usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints Pratyush Yadav (1): Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore (part 2) Rob Herring (3): of: unittest: Add bus address range parsing tests of/address: Add support for 3 address cell bus of: address: Store number of bus flag cells rather than bool Roman Li (1): drm/amd/display: Add check for granularity in dml ceil/floor helpers Ron Economos (1): Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals Sean Anderson (1): net: xilinx: axienet: Fix IRQ coalescing packet count overflow Stefano Garzarella (4): vsock/virtio: cancel close work in the destructor vsock: reset socket state when de-assigning the transport vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] vsock/virtio: discard packets if the transport changes Sudheer Kumar Doredla (1): net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Suraj Sonawane (1): scsi: sg: Fix slab-use-after-free read in sg_release() Tejun Heo (1): blk-cgroup: Fix UAF in blkcg_unpin_online() Terry Tritton (1): Revert "PCI: Use preserve_config in place of pci_flags" Uwe Kleine-König (1): iio: adc: ad7124: Disable all channels at probe time Ville Syrjälä (1): drm/i915/fb: Relax clear color alignment to 64 bytes Wang Liang (1): net: fix data-races around sk->sk_forward_alloc Wentao Liang (1): ksmbd: fix a missing return value check bug Wolfram Sang (2): i2c: mux: demux-pinctrl: check initial mux selection, too i2c: rcar: fix NACK handling when being a target Yogesh Lal (1): irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Youzhong Yang (1): nfsd: add list_head nf_gc to struct nfsd_file Yu Kuai (1): block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Yuezhang Mo (2): exfat: fix the infinite loop in exfat_readdir() exfat: fix the infinite loop in __exfat_free_cluster() Zhang Kunbo (1): fs: fix missing declaration of init_files Zhang Yi (1): jbd2: flush filesystem device before updating tail sequence Zhongqiu Duan (1): tcp/dccp: allow a connection when sk_max_ack_backlog is zero Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify Zicheng Qu (2): staging: iio: ad9834: Correct phase range check staging: iio: ad9832: Correct phase range check

10 hours, 24 minutes

1
1
0 0

[PATCH 1/2] drm/xe/devcoredump: Move exec queue snapshot to Contexts section

by Lucas De Marchi

Having the exec queue snapshot inside a "GuC CT" section was always wrong. Commit c28fd6c358db ("drm/xe/devcoredump: Improve section headings and add tile info") tried to fix that bug, but with that also broke the mesa tool that parses the devcoredump, hence it was reverted in commit 70fb86a85dc9 ("drm/xe: Revert some changes that break a mesa debug tool"). With the mesa tool also fixed, this can propagate as a fix on both kernel and userspace side to avoid unnecessary headache for a debug feature. Cc: John Harrison <John.C.Harrison(a)Intel.com> Cc: Julia Filipchuk <julia.filipchuk(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 70fb86a85dc9 ("drm/xe: Revert some changes that break a mesa debug tool") Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> --- drivers/gpu/drm/xe/xe_devcoredump.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_devcoredump.c b/drivers/gpu/drm/xe/xe_devcoredump.c index 81dc7795c0651..a7946a76777e7 100644 --- a/drivers/gpu/drm/xe/xe_devcoredump.c +++ b/drivers/gpu/drm/xe/xe_devcoredump.c @@ -119,11 +119,7 @@ static ssize_t __xe_devcoredump_read(char *buffer, size_t count, drm_puts(&p, "\n**** GuC CT ****\n"); xe_guc_ct_snapshot_print(ss->guc.ct, &p); - /* - * Don't add a new section header here because the mesa debug decoder - * tool expects the context information to be in the 'GuC CT' section. - */ - /* drm_puts(&p, "\n**** Contexts ****\n"); */ + drm_puts(&p, "\n**** Contexts ****\n"); xe_guc_exec_queue_snapshot_print(ss->ge, &p); drm_puts(&p, "\n**** Job ****\n"); -- 2.48.0

10 hours, 29 minutes

2
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror