- Linux-stable-mirror - lists.linaro.org

by CLJ Pharmaceuticals

[Greetings] I'm Dr. Breiner, a research consultant with one of the leading laboratories in the United Kingdom. Our company is one of the most respected indigenous multi-million pharma companies, manufacturing hundreds of lifesaving biopharmaceutical products and medical consumables. Our range includes anti-diabetic, anti-inflammatory, and analgesic drugs, vaccines, antimalarial drugs, and other essential medical consumables. I have a business proposal that will be of interest to you. I'll explain it in detail if you let me know if you'd like to hear more. Please keep in mind that you can decide not to move forward with me at any point during or after my detailed explanation. But please be sure to trust me; you will not experience any regret whatsoever. I look forward to hearing back from you. If you have any questions, please do not hesitate to contact me. Best regards [Dr. Breiner]

2 years, 9 months

1
0
0 0

[PATCH v3] s390/signal: fix endless loop in do_signal

by Sumanth Korikkar

No upstream commit exists: the problem addressed here is that 'commit 75309018a24d ("s390: add support for TIF_NOTIFY_SIGNAL")' was backported to 5.10. This commit is broken, but nobody noticed upstream, since shortly after s390 converted to generic entry with 'commit 56e62a737028 ("s390: convert to generic entry")', which implicitly fixed the problem outlined below. Thread flag is set to TIF_NOTIFY_SIGNAL for io_uring work. The io work user or syscall calls do_signal when either one of the TIF_SIGPENDING or TIF_NOTIFY_SIGNAL flag is set. However, do_signal does consider only TIF_SIGPENDING signal and ignores TIF_NOTIFY_SIGNAL condition. This means get_signal is never invoked for TIF_NOTIFY_SIGNAL and hence the flag is not cleared, which results in an endless do_signal loop. Reference: 'commit 788d0824269b ("io_uring: import 5.15-stable io_uring")' Fixes: 75309018a24d ("s390: add support for TIF_NOTIFY_SIGNAL") Cc: stable(a)vger.kernel.org # 5.10.162 Acked-by: Heiko Carstens <hca(a)linux.ibm.com> Acked-by: Sven Schnelle <svens(a)linux.ibm.com> Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> --- v2->v3: Correct changelog. v1->v2: Add the changelog. arch/s390/kernel/signal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/kernel/signal.c b/arch/s390/kernel/signal.c index b27b6c1f058d..9e900a8977bd 100644 --- a/arch/s390/kernel/signal.c +++ b/arch/s390/kernel/signal.c @@ -472,7 +472,7 @@ void do_signal(struct pt_regs *regs) current->thread.system_call = test_pt_regs_flag(regs, PIF_SYSCALL) ? regs->int_code : 0; - if (test_thread_flag(TIF_SIGPENDING) && get_signal(&ksig)) { + if (get_signal(&ksig)) { /* Whee! Actually deliver the signal. */ if (current->thread.system_call) { regs->int_code = current->thread.system_call; -- 2.37.2

2 years, 9 months

1
0
0 0

[PATCH 0/1] s390: fix endless loop in do_signal

by Sumanth Korikkar

Hi, This patch fixes the issue for s390 stable kernel starting 5.10.162. The issue was specifically seen after stable version 5.10.162: Following commits can trigger it: 1. stable commit id - 788d0824269b ("io_uring: import 5.15-stable io_uring") can trigger this problem. 2. upstream commit id - 75309018a24d ("s390: add support for TIF_NOTIFY_SIGNAL") Problem: qemu and user processes could stall when TIF_NOTIFY_SIGNAL is set from io_uring work. Affected users: The issue was first raised by the debian team, where the s390 bullseye build systems are affected. Upstream commit Id: * The attached patch has no upstream commit. However, the stable kernel 5.10.162+ uses upstream commit id - 75309018a24d ("s390: add support for TIF_NOTIFY_SIGNAL"), which would need this fix * Starting from v5.12, there are s390 generic entry commits 56e62a737028 ("s390: convert to generic entry") and its relevant fixes, which are recommended and should address these problems. Kernel version to be applied: stable kernel 5.10.162+ Thanks. Sumanth Sumanth Korikkar (1): s390/signal: fix endless loop in do_signal arch/s390/kernel/signal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.37.2

2 years, 9 months

3
5
0 0

[PATCH v4] sched/psi: fix use-after-free in ep_remove_wait_queue()

by Munehisa Kamata

If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the following path. do_rmdir cgroup_rmdir kernfs_drain_open_files cgroup_file_release cgroup_pressure_release psi_trigger_destroy However, the polling thread still has a reference to the pressure file and will access the freed waitqueue when the file is closed or upon exit. fput ep_eventpoll_release ep_free ep_remove_wait_queue remove_wait_queue This results in use-after-free as pasted below. The fundamental problem here is that cgroup_file_release() (and consequently waitqueue's lifetime) is not tied to the file's real lifetime. Using wake_up_pollfree() here might be less than ideal, but it is in line with the comment at commit 42288cb44c4b ("wait: add wake_up_pollfree()") since the waitqueue's lifetime is not tied to file's one and can be considered as another special case. While this would be fixable by somehow making cgroup_file_release() be tied to the fput(), it would require sizable refactoring at cgroups or higher layer which might be more justifiable if we identify more cases like this. BUG: KASAN: use-after-free in _raw_spin_lock_irqsave+0x60/0xc0 Write of size 4 at addr ffff88810e625328 by task a.out/4404 CPU: 19 PID: 4404 Comm: a.out Not tainted 6.2.0-rc6 #38 Hardware name: Amazon EC2 c5a.8xlarge/, BIOS 1.0 10/16/2017 Call Trace: <TASK> dump_stack_lvl+0x73/0xa0 print_report+0x16c/0x4e0 ? _printk+0x59/0x80 ? __virt_addr_valid+0xb8/0x130 ? _raw_spin_lock_irqsave+0x60/0xc0 kasan_report+0xc3/0xf0 ? _raw_spin_lock_irqsave+0x60/0xc0 kasan_check_range+0x2d2/0x310 _raw_spin_lock_irqsave+0x60/0xc0 remove_wait_queue+0x1a/0xa0 ep_free+0x12c/0x170 ep_eventpoll_release+0x26/0x30 __fput+0x202/0x400 task_work_run+0x11d/0x170 do_exit+0x495/0x1130 ? update_cfs_rq_load_avg+0x2c2/0x2e0 do_group_exit+0x100/0x100 get_signal+0xd67/0xde0 ? finish_task_switch+0x15f/0x3a0 arch_do_signal_or_restart+0x2a/0x2b0 exit_to_user_mode_prepare+0x94/0x100 syscall_exit_to_user_mode+0x20/0x40 do_syscall_64+0x52/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f8e392bfb91 Code: Unable to access opcode bytes at 0x7f8e392bfb67. RSP: 002b:00007fff261e08d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000022 RAX: fffffffffffffdfe RBX: 0000000000000000 RCX: 00007f8e392bfb91 RDX: 0000000000000001 RSI: 00007fff261e08e8 RDI: 0000000000000004 RBP: 00007fff261e0920 R08: 0000000000400780 R09: 00007f8e3960f240 R10: 00000000000003df R11: 0000000000000246 R12: 00000000004005a0 R13: 00007fff261e0a00 R14: 0000000000000000 R15: 0000000000000000 </TASK> Allocated by task 4404: kasan_set_track+0x3d/0x60 __kasan_kmalloc+0x85/0x90 psi_trigger_create+0x113/0x3e0 pressure_write+0x146/0x2e0 cgroup_file_write+0x11c/0x250 kernfs_fop_write_iter+0x186/0x220 vfs_write+0x3d8/0x5c0 ksys_write+0x90/0x110 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 4407: kasan_set_track+0x3d/0x60 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x11d/0x170 slab_free_freelist_hook+0x87/0x150 __kmem_cache_free+0xcb/0x180 psi_trigger_destroy+0x2e8/0x310 cgroup_file_release+0x4f/0xb0 kernfs_drain_open_files+0x165/0x1f0 kernfs_drain+0x162/0x1a0 __kernfs_remove+0x1fb/0x310 kernfs_remove_by_name_ns+0x95/0xe0 cgroup_addrm_files+0x67f/0x700 cgroup_destroy_locked+0x283/0x3c0 cgroup_rmdir+0x29/0x100 kernfs_iop_rmdir+0xd1/0x140 vfs_rmdir+0xfe/0x240 do_rmdir+0x13d/0x280 __x64_sys_rmdir+0x2c/0x30 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd v4: updated commit message v3: updated commit message and the comment in the code v2: updated commit message Link: https://lore.kernel.org/lkml/20230106224859.4123476-1-kamatam@amazon.com/ Fixes: 0e94682b73bf ("psi: introduce psi monitor") Cc: stable(a)vger.kernel.org Signed-off-by: Munehisa Kamata <kamatam(a)amazon.com> Signed-off-by: Mengchi Cheng <mengcc(a)amazon.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> --- kernel/sched/psi.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 8ac8b81bfee6..02e011cabe91 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -1343,10 +1343,11 @@ void psi_trigger_destroy(struct psi_trigger *t) group = t->group; /* - * Wakeup waiters to stop polling. Can happen if cgroup is deleted - * from under a polling process. + * Wakeup waiters to stop polling and clear the queue to prevent it from + * being accessed later. Can happen if cgroup is deleted from under a + * polling process. */ - wake_up_interruptible(&t->event_wait); + wake_up_pollfree(&t->event_wait); mutex_lock(&group->trigger_lock); -- 2.38.1

2 years, 9 months

2
1
0 0

Re: [Android 5.10] kernel BUG in ext4_free_blocks (2)

by syzbot

This bug is marked as fixed by commit: ext4: block range must be validated before use in ext4_mb_clear_bb() But I can't find it in the tested trees[1] for more than 90 days. Is it a correct commit? Please update it by replying: #syz fix: exact-commit-title Until then the bug is still considered open and new crashes with the same signature are ignored. Kernel: Android 5.10 Dashboard link: https://syzkaller.appspot.com/bug?extid=15cd994e273307bf5cfa --- [1] I expect the commit to be present in: 1. android12-5.10-lts branch of https://android.googlesource.com/kernel/common

2 years, 9 months

1
0
0 0

Re: [PATCH 5.10 88/91] arm64/kexec: Test page size support with new TGRAN range values

by heyuqiang

There is an error tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git master head: c911f03f8d444e623724fddd82b07a7e1af42338 commit: d5924531dd8ad012ad13eb4d6a5e120c3dadfc05 arm64/kexec: Test page size support with new TGRAN range values # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… When I compile the ko file, I add [-Werror=type-limits] compilation options, an error is reported during compilation. The log is as follows: ./arch/arm64/include/asm/cpufeature.h: In function ‘system_supports_4kb_granule’: ./arch/arm64/include/asm/cpufeature.h:653:14: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits] return (val >= ID_AA64MMFR0_TGRAN4_SUPPORTED_MIN) && ^~ ./arch/arm64/include/asm/cpufeature.h: In function ‘system_supports_64kb_granule’: ./arch/arm64/include/asm/cpufeature.h:666:14: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits] return (val >= ID_AA64MMFR0_TGRAN64_SUPPORTED_MIN) && ^~ "val" variable type is "u32" "#define ID_AA64MMFR0_TGRAN4_SUPPORTED_MIN 0x0" "#define ID_AA64MMFR0_TGRAN64_SUPPORTED_MIN 0x0" comparison of val >= 0 is always true. If you fix the issue, kindly add following tag where applicable Reported-by: heyuqiang <heyuqiang1(a)huawei.com> Thanks

2 years, 9 months

2
1
0 0

[PATCH wireless v5] wifi: cfg80211: Set SSID if it is not already set

by Marc Bornand

When a connection was established without going through NL80211_CMD_CONNECT, the ssid was never set in the wireless_dev struct. Now we set it in __cfg80211_connect_result() when it is not already set. When using a userspace configuration that does not call cfg80211_connect() (can be checked with breakpoints in the kernel), this patch should allow `networkctl status device_name` to output the SSID instead of null. Reported-by: Yohan Prod'homme <kernel(a)zoddo.fr> Fixes: 7b0a0e3c3a88 (wifi: cfg80211: do some rework towards MLO link APIs) CC: Kalle Valo <kvalo(a)kernel.org> Cc: Denis Kirjanov <dkirjanov(a)suse.de> Cc: linux-wireless(a)vger.kernel.org Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=216711 Signed-off-by: Marc Bornand <dev.mbornand(a)systemb.ch> --- changes since v4: - style: use xmas tree - better fixes tag - fix typo in commit message - explain how to test the patch - fix fixes tag - move change log - changing the title to something better changes since v3: - add missing NULL check - add missing break changes since v2: - The code was tottaly rewritten based on the disscution of the v2 patch. - the ssid is set in __cfg80211_connect_result() and only if the ssid is not already set. - Do not add an other ssid reset path since it is already done in __cfg80211_disconnected() --- net/wireless/sme.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 4b5b6ee0fe01..032464a38787 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -724,6 +724,7 @@ void __cfg80211_connect_result(struct net_device *dev, { struct wireless_dev *wdev = dev->ieee80211_ptr; const struct element *country_elem = NULL; + const struct element *ssid; const u8 *country_data; u8 country_datalen; #ifdef CONFIG_CFG80211_WEXT @@ -883,6 +884,22 @@ void __cfg80211_connect_result(struct net_device *dev, country_data, country_datalen); kfree(country_data); + if (wdev->u.client.ssid_len == 0) { + rcu_read_lock(); + for_each_valid_link(cr, link) { + ssid = ieee80211_bss_get_elem(cr->links[link].bss, + WLAN_EID_SSID); + + if (!ssid || ssid->datalen == 0) + continue; + + memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); + wdev->u.client.ssid_len = ssid->datalen; + break; + } + rcu_read_unlock(); + } + return; out: for_each_valid_link(cr, link) -- 2.39.2

2 years, 9 months

1
0
0 0

[PATCH v4] Set ssid when authenticating

by Marc Bornand

changes since v3: - add missing NULL check - add missing break changes since v2: - The code was tottaly rewritten based on the disscution of the v2 patch. - the ssid is set in __cfg80211_connect_result() and only if the ssid is not already set. - Do not add an other ssid reset path since it is already done in __cfg80211_disconnected() When a connexion was established without going through NL80211_CMD_CONNECT, the ssid was never set in the wireless_dev struct. Now we set it in __cfg80211_connect_result() when it is not already set. Reported-by: Yohan Prod'homme <kernel(a)zoddo.fr> Fixes: 7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 Cc: linux-wireless(a)vger.kernel.org Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=216711 Signed-off-by: Marc Bornand <dev.mbornand(a)systemb.ch> --- net/wireless/sme.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 4b5b6ee0fe01..b552d6c20a26 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -723,6 +723,7 @@ void __cfg80211_connect_result(struct net_device *dev, bool wextev) { struct wireless_dev *wdev = dev->ieee80211_ptr; + const struct element *ssid; const struct element *country_elem = NULL; const u8 *country_data; u8 country_datalen; @@ -883,6 +884,22 @@ void __cfg80211_connect_result(struct net_device *dev, country_data, country_datalen); kfree(country_data); + if (wdev->u.client.ssid_len == 0) { + rcu_read_lock(); + for_each_valid_link(cr, link) { + ssid = ieee80211_bss_get_elem(cr->links[link].bss, + WLAN_EID_SSID); + + if (!ssid || ssid->datalen == 0) + continue; + + memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); + wdev->u.client.ssid_len = ssid->datalen; + break; + } + rcu_read_unlock(); + } + return; out: for_each_valid_link(cr, link) -- 2.39.1

2 years, 9 months

4
6
0 0

[PATCH 5.10 000/139] 5.10.168-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.168 release. There are 139 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 15 Feb 2023 14:46:51 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.168-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.168-rc1 Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> nvmem: core: fix return value David Chen <david.chen(a)nutanix.com> Fix page corruption caused by racy check in __free_pages Heiner Kallweit <hkallweit1(a)gmail.com> arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive Heiner Kallweit <hkallweit1(a)gmail.com> arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive Heiner Kallweit <hkallweit1(a)gmail.com> arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive Guo Ren <guoren(a)linux.alibaba.com> riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte Xiubo Li <xiubli(a)redhat.com> ceph: flush cap releases when the session is flushed Prashant Malani <pmalani(a)chromium.org> usb: typec: altmodes/displayport: Fix probe pin assign check Mark Pearson <mpearson-lenovo(a)squebb.ca> usb: core: add quirk for Alcor Link AK9563 smartcard reader Anand Jain <anand.jain(a)oracle.com> btrfs: free device in btrfs_close_devices for a single device filesystem Alan Stern <stern(a)rowland.harvard.edu> net: USB: Fix wrong-direction WARNING in plusb.c ZhaoLong Wang <wangzhaolong1(a)huawei.com> cifs: Fix use-after-free in rdata->read_into_pages() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Restore the pins that used to be in Direct IRQ mode Serge Semin <Sergey.Semin(a)baikalelectronics.ru> spi: dw: Fix wrong FIFO level setting for long xfers Maxim Korotkov <korotkov.maxim.s(a)gmail.com> pinctrl: single: fix potential NULL dereference Joel Stanley <joel(a)jms.id.au> pinctrl: aspeed: Fix confusing types in return value Dan Carpenter <error27(a)gmail.com> ALSA: pci: lx6464es: fix a debug loop Hangbin Liu <liuhangbin(a)gmail.com> selftests: forwarding: lib: quote the sysctl values Pietro Borrello <borrello(a)diag.uniroma1.it> rds: rds_rm_zerocopy_callback() use list_first_entry() Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Zero consumer index when reloading the tracer Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: IPoIB, Show unknown speed instead of error Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol 802.1Q" Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Do not use WQ_MEM_RECLAIM flag for workqueue Herton R. Krzesinski <herton(a)redhat.com> uapi: add missing ip/ipv6 header dependencies for linux/stddef.h Neel Patel <neel.patel(a)amd.com> ionic: clean interrupt before enabling queue to avoid credit race Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY Qi Zheng <zhengqi.arch(a)bytedance.com> bonding: fix error checking in bond_debug_reregister() Christian Hopps <chopps(a)chopps.org> xfrm: fix bug with DSCP copy to v6 from v4 tunnel Yang Yingliang <yangyingliang(a)huawei.com> RDMA/usnic: use iommu_map_atomic() under spin_lock() Dragos Tatulea <dtatulea(a)nvidia.com> IB/IPoIB: Fix legacy IPoIB due to wrong number of queues Eric Dumazet <edumazet(a)google.com> xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() Dean Luick <dean.luick(a)cornelisnetworks.com> IB/hfi1: Restore allocated resources on failed copyout Anastasia Belova <abelova(a)astralinux.ru> xfrm: compat: change expression for switch in xfrm_xlate64 Devid Antonio Filoni <devid.filoni(a)egluetechnologies.com> can: j1939: do not wait 250 ms if the same addr was already claimed Mark Brown <broonie(a)kernel.org> of/address: Return an error when no valid dma-ranges are found Shiju Jose <shiju.jose(a)huawei.com> tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw Guillaume Pinot <texitoi(a)texitoi.eu> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 Artemii Karasev <karasev(a)ispras.ru> ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Add Positivo N14KP6-TG Alexander Potapenko <glider(a)google.com> btrfs: zlib: zero-initialize zlib workspace Josef Bacik <josef(a)toxicpanda.com> btrfs: limit device extents to the device size Mike Kravetz <mike.kravetz(a)oracle.com> migrate: hugetlb: check for hugetlb shared PMD in node migration Miaohe Lin <linmiaohe(a)huawei.com> mm/migration: return errno when isolate_huge_page failed Andreas Kemnade <andreas(a)kemnade.info> iio:adc:twl6030: Enable measurement of VAC Martin KaFai Lau <kafai(a)fb.com> bpf: Do not reject when the stack read size is different from the tracked scalar size Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> nvmem: core: fix registration vs use race Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> nvmem: core: fix cleanup after dev_set_name() Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> nvmem: core: remove nvmem_config wp_gpio Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmem: core: add error handling for dev_set_name Christophe Kerello <christophe.kerello(a)foss.st.com> nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on i_extra_isize in is_alive() Dongliang Mu <dzm91(a)hust.edu.cn> fbdev: smscufx: fix error handling code in ufx_usb_probe Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_dma: Fix DMA Rx rearm race Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_dma: Fix DMA Rx completion race Michael Walle <michael(a)walle.cc> nvmem: core: fix cell removal on error Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> nvmem: core: initialise nvmem->id early Rob Clark <robdclark(a)chromium.org> drm/i915: Fix potential bit_17 double-free Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix handling and sanity checking of xattr_ids count Longlong Xia <xialonglong1(a)huawei.com> mm/swapfile: add cond_resched() in get_swap_pages() Zheng Yongjun <zhengyongjun3(a)huawei.com> fpga: stratix10-soc: Fix return value check in s10_ops_write_init() Joerg Roedel <jroedel(a)suse.de> x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses Mike Kravetz <mike.kravetz(a)oracle.com> mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps Andreas Schwab <schwab(a)suse.de> riscv: disable generation of unwind tables Helge Deller <deller(a)gmx.de> parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case Helge Deller <deller(a)gmx.de> parisc: Fix return code of pdc_iodc_print() Johan Hovold <johan+linaro(a)kernel.org> nvmem: qcom-spmi-sdam: fix module autoloading Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix MAGN sensor scale and unit Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix failed initialization ODR mode assignment Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix incorrect ODR mode readback Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix map label of channel type to MAGN sensor Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix IMU data bits returned to user space Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback Carlos Song <carlos.song(a)nxp.com> iio: imu: fxos8700: fix ACCEL measurement range selection Andreas Kemnade <andreas(a)kemnade.info> iio:adc:twl6030: Enable measurements of VUSB, VBAT and others Xiongfeng Wang <wangxiongfeng2(a)huawei.com> iio: adc: berlin2-adc: Add missing of_node_put() in error path Dmitry Perchanov <dmitry.perchanov(a)intel.com> iio: hid: fix the retval in accel_3d_capture_sample Ard Biesheuvel <ardb(a)kernel.org> efi: Accept version 2 of memory attributes table Victor Shyba <victor1984(a)riseup.net> ALSA: hda/realtek: Add Acer Predator PH315-54 Alexander Egorenkov <egorenar(a)linux.ibm.com> watchdog: diag288_wdt: fix __diag288() inline assembly Alexander Egorenkov <egorenar(a)linux.ibm.com> watchdog: diag288_wdt: do not use stack buffers for hardware data Natalia Petrova <n.petrova(a)fintech.ru> net: qrtr: free memory on error path in radix_tree_insert() Samuel Thibault <samuel.thibault(a)ens-lyon.org> fbcon: Check font dimension limits Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add Clevo PCX0DX to i8042 quirk table Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO devices to i8042 quirk tables Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - merge quirk tables Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - move __initconst to fix code styling warning George Kennedy <george.kennedy(a)oracle.com> vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF Udipto Goswami <quic_ugoswami(a)quicinc.com> usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait Neil Armstrong <neil.armstrong(a)linaro.org> usb: dwc3: qcom: enable vbus override when in OTG dr-mode Wesley Cheng <wcheng(a)codeaurora.org> usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API Olivier Moysan <olivier.moysan(a)foss.st.com> iio: adc: stm32-dfsdm: fill module aliases Hyunwoo Kim <v4bel(a)theori.io> net/x25: Fix to not accept on connected socket Koba Ko <koba.ko(a)canonical.com> platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table Randy Dunlap <rdunlap(a)infradead.org> i2c: rk3x: fix a bunch of kernel-doc warnings Mike Christie <michael.christie(a)oracle.com> scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Fix warning on RT kernels Stefan Wahren <stefan.wahren(a)i2se.com> i2c: mxs: suppress probe-deferral error message Magnus Karlsson <magnus.karlsson(a)intel.com> qede: execute xdp_do_flush() before napi_complete_done() Bhaskar Upadhaya <bupadhaya(a)marvell.com> qede: add netpoll support for qede driver Anton Gusev <aagusev(a)ispras.ru> efi: fix potential NULL deref in efi_mem_reserve_persistent Fedor Pchelkin <pchelkin(a)ispras.ru> net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Parav Pandit <parav(a)nvidia.com> virtio-net: Keep stop() to follow mirror sequence of open() Andrei Gherzan <andrei.gherzan(a)canonical.com> selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking Andrei Gherzan <andrei.gherzan(a)canonical.com> selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs Andrei Gherzan <andrei.gherzan(a)canonical.com> selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided Andrei Gherzan <andrei.gherzan(a)canonical.com> selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning Damien Le Moal <damien.lemoal(a)opensource.wdc.com> ata: libata: Fix sata_down_spd_limit() when no link speed is reported Ziyang Xuan <william.xuanziyang(a)huawei.com> can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate Tom Rix <trix(a)redhat.com> igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() Chris Healy <healych(a)amazon.com> net: phy: meson-gxl: Add generic dummy stubs for MMD register access Fedor Pchelkin <pchelkin(a)ispras.ru> squashfs: harden sanity check in squashfs_read_xattr_id_table Florian Westphal <fw(a)strlen.de> netfilter: br_netfilter: disable sabotage_in hook after first suppression Hyunwoo Kim <v4bel(a)theori.io> netrom: Fix use-after-free caused by accept on already connected socket Andre Kalb <andre.kalb(a)sma.de> net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices Íñigo Huguet <ihuguet(a)redhat.com> sfc: correctly advertise tunneled IPv6 segmentation Magnus Karlsson <magnus.karlsson(a)intel.com> virtio-net: execute xdp_do_flush() before napi_complete_done() Al Viro <viro(a)zeniv.linux.org.uk> fix "direction" argument of iov_iter_kvec() Al Viro <viro(a)zeniv.linux.org.uk> fix iov_iter_bvec() "direction" argument Al Viro <viro(a)zeniv.linux.org.uk> READ is "data destination", not source... Al Viro <viro(a)zeniv.linux.org.uk> WRITE is "data source", not destination... Eric Auger <eric.auger(a)redhat.com> vhost/net: Clear the pending messages when the backend is removed Martin K. Petersen <martin.petersen(a)oracle.com> scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drm/vc4: hdmi: make CEC adapter name unique Pierluigi Passaro <pierluigi.p(a)variscite.com> arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener Eduard Zingerman <eddyz87(a)gmail.com> bpf: Fix to preserve reg parent/live fields when copying range info Martin KaFai Lau <kafai(a)fb.com> bpf: Support <8-byte scalar spill and refill Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/bpf: Move common helpers into bpf_jit.h Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/bpf: Change register numbering for bpf_set/is_seen_register() Artemii Karasev <karasev(a)ispras.ru> ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() Yonghong Song <yhs(a)fb.com> bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers Michael Ellerman <mpe(a)ellerman.id.au> powerpc/imc-pmu: Revert nest_init_lock to being a mutex Paul Chaignon <paul(a)isovalent.com> bpf: Fix incorrect state pruning for <8B spill/fill Yuan Can <yuancan(a)huawei.com> bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 6 +- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 6 +- arch/arm64/boot/dts/freescale/imx8mm-pinfunc.h | 2 +- arch/parisc/kernel/firmware.c | 5 +- arch/parisc/kernel/ptrace.c | 15 +- arch/powerpc/net/bpf_jit.h | 35 + arch/powerpc/net/bpf_jit64.h | 19 - arch/powerpc/net/bpf_jit_comp64.c | 28 +- arch/powerpc/perf/imc-pmu.c | 14 +- arch/riscv/Makefile | 3 + arch/riscv/mm/cacheflush.c | 4 +- arch/x86/include/asm/debugreg.h | 26 +- drivers/ata/libata-core.c | 2 +- drivers/bus/sunxi-rsb.c | 8 +- drivers/firewire/core-cdev.c | 4 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/memattr.c | 2 +- drivers/fpga/stratix10-soc.c | 4 +- drivers/fsi/fsi-sbefifo.c | 6 +- drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 9 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 3 +- drivers/i2c/busses/i2c-mxs.c | 4 +- drivers/i2c/busses/i2c-rk3x.c | 44 +- drivers/iio/accel/hid-sensor-accel-3d.c | 1 + drivers/iio/adc/berlin2-adc.c | 4 +- drivers/iio/adc/stm32-dfsdm-adc.c | 1 + drivers/iio/adc/twl6030-gpadc.c | 32 + drivers/iio/imu/fxos8700_core.c | 111 +- drivers/infiniband/hw/hfi1/file_ops.c | 7 +- drivers/infiniband/hw/usnic/usnic_uiom.c | 8 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 8 + drivers/infiniband/ulp/rtrs/rtrs-clt.c | 2 +- drivers/input/serio/i8042-x86ia64io.h | 1188 ++++++++++++-------- drivers/net/bonding/bond_debugfs.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 +- drivers/net/ethernet/intel/igc/igc_ptp.c | 14 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 3 +- .../ethernet/mellanox/mlx5/core/ipoib/ethtool.c | 13 +- drivers/net/ethernet/mscc/ocelot_flower.c | 24 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 15 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 10 +- drivers/net/ethernet/sfc/efx.c | 5 +- drivers/net/phy/dp83822.c | 6 +- drivers/net/phy/meson-gxl.c | 4 + drivers/net/usb/plusb.c | 4 +- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 17 + drivers/nvmem/core.c | 45 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 21 +- drivers/pinctrl/aspeed/pinctrl-aspeed.c | 2 +- drivers/pinctrl/intel/pinctrl-intel.c | 16 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/platform/x86/dell-wmi.c | 3 + drivers/scsi/iscsi_tcp.c | 9 +- drivers/scsi/scsi_scan.c | 7 +- drivers/spi/spi-dw-core.c | 2 +- drivers/target/target_core_file.c | 4 +- drivers/target/target_core_tmr.c | 4 +- drivers/tty/serial/8250/8250_dma.c | 26 +- drivers/tty/vt/vc_screen.c | 9 +- drivers/usb/core/quirks.c | 3 + drivers/usb/dwc3/dwc3-qcom.c | 10 +- drivers/usb/gadget/function/f_fs.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 8 +- drivers/vhost/net.c | 3 + drivers/vhost/vhost.c | 3 +- drivers/vhost/vhost.h | 1 + drivers/video/fbdev/core/fbcon.c | 7 +- drivers/video/fbdev/smscufx.c | 46 +- drivers/watchdog/diag288_wdt.c | 15 +- drivers/xen/pvcalls-back.c | 8 +- fs/btrfs/volumes.c | 22 +- fs/btrfs/zlib.c | 2 +- fs/ceph/mds_client.c | 6 + fs/cifs/file.c | 4 +- fs/f2fs/gc.c | 18 +- fs/proc/task_mmu.c | 4 +- fs/squashfs/squashfs_fs.h | 2 +- fs/squashfs/squashfs_fs_sb.h | 2 +- fs/squashfs/xattr.h | 4 +- fs/squashfs/xattr_id.c | 4 +- include/linux/hugetlb.h | 19 +- include/linux/nvmem-provider.h | 4 +- include/linux/util_macros.h | 12 + include/uapi/linux/ip.h | 1 + include/uapi/linux/ipv6.h | 1 + kernel/bpf/verifier.c | 102 +- kernel/trace/bpf_trace.c | 3 +- kernel/trace/trace.c | 3 - mm/gup.c | 2 +- mm/hugetlb.c | 6 +- mm/memory-failure.c | 2 +- mm/memory_hotplug.c | 2 +- mm/mempolicy.c | 5 +- mm/migrate.c | 7 +- mm/page_alloc.c | 5 +- mm/swapfile.c | 1 + net/bridge/br_netfilter_hooks.c | 1 + net/can/j1939/address-claim.c | 40 + net/can/j1939/transport.c | 4 - net/ipv4/tcp_bpf.c | 4 +- net/netrom/af_netrom.c | 5 + net/openvswitch/datapath.c | 12 +- net/qrtr/ns.c | 5 +- net/rds/message.c | 6 +- net/x25/af_x25.c | 6 + net/xfrm/xfrm_compat.c | 4 +- net/xfrm/xfrm_input.c | 3 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/hda/patch_via.c | 3 + sound/pci/lx6464es/lx_core.c | 11 +- sound/synth/emux/emux_nrpn.c | 3 + tools/testing/selftests/net/forwarding/lib.sh | 4 +- tools/testing/selftests/net/udpgso_bench.sh | 24 +- tools/testing/selftests/net/udpgso_bench_rx.c | 4 +- tools/testing/selftests/net/udpgso_bench_tx.c | 36 +- 119 files changed, 1573 insertions(+), 855 deletions(-)

2 years, 9 months

12
164
0 0

[PATCH 1/2] thunderbolt: Read DROM directly from NVM before trying bit banging

by Mario Limonciello

Some TBT3 devices have a hard time reliably responding to bit banging requests correctly when connected to AMD USB4 hosts running Linux. These problems are not reported in any other CM, and comparing the implementations the Linux CM is the only one that utilizes bit banging to access the DROM. Other CM implementations access the DROM directly from the NVM instead of bit banging. Adjust the flow to try this on TBT3 devices before resorting to bit banging. Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/thunderbolt/eeprom.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/thunderbolt/eeprom.c b/drivers/thunderbolt/eeprom.c index c90d22f56d4e1..d9d9567bb938b 100644 --- a/drivers/thunderbolt/eeprom.c +++ b/drivers/thunderbolt/eeprom.c @@ -640,6 +640,10 @@ int tb_drom_read(struct tb_switch *sw) return 0; } + /* TBT3 devices have the DROM as part of NVM */ + if (tb_drom_copy_nvm(sw, &size) == 0) + goto parse; + res = tb_drom_read_n(sw, 14, (u8 *) &size, 2); if (res) return res; -- 2.25.1

2 years, 9 months

2
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror