- Linux-stable-mirror - lists.linaro.org

[PATCH] x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

by Florent Revest

Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditonally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. I get the following splat: UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y index 512 is out of range for type 'unsigned long[512]' [...] Call Trace: dump_stack+0xdb/0x143 __ubsan_handle_out_of_bounds+0xf5/0x120 load_microcode_amd+0x58f/0x6b0 request_microcode_amd+0x17c/0x250 reload_store+0x174/0x2b0 kernfs_fop_write_iter+0x227/0x2d0 vfs_write+0x322/0x510 ksys_write+0xb5/0x160 do_syscall_64+0x6b/0xa0 entry_SYSCALL_64_after_hwframe+0x67/0xd1 This patch checks that a NUMA node has CPUs before attempting to update its first CPU's microcode. Fixes: 7ff6edf4fef3 ("x86/microcode/AMD: Fix mixed steppings support") Signed-off-by: Florent Revest <revest(a)chromium.org> Cc: stable(a)vger.kernel.org --- arch/x86/kernel/cpu/microcode/amd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 95ac1c6a84fbe..7c06425edc1b5 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -1059,6 +1059,7 @@ static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t si static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size) { + const struct cpumask *mask; struct cpuinfo_x86 *c; unsigned int nid, cpu; struct ucode_patch *p; @@ -1069,7 +1070,11 @@ static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t siz return ret; for_each_node(nid) { - cpu = cpumask_first(cpumask_of_node(nid)); + mask = cpumask_of_node(nid); + if (cpumask_empty(mask)) + continue; + + cpu = cpumask_first(mask); c = &cpu_data(cpu); p = find_patch(cpu); -- 2.49.0.rc0.332.g42c0ae87b1-goog

4 months, 1 week

5
7
0 0

Apply 0c5928deada1 for 6.12.y and 6.13.y

by Miguel Ojeda

Hi Greg, Sasha, Please consider applying the following commits for 6.12.y and 6.13.y: 0c5928deada1 ("rust: block: fix formatting in GenDisk doc") It is trivial, and should apply cleanly. This avoids a Clippy warning in the upcoming Rust 1.86.0 release (to be released in a few weeks). Thanks! Cheers, Miguel

4 months, 1 week

2
1
0 0

Linux 6.12.18

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.18 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/include/asm/kvm_host.h | 2 arch/arm64/kvm/arm.c | 22 arch/arm64/kvm/vmid.c | 11 arch/arm64/mm/init.c | 7 arch/riscv/include/asm/futex.h | 2 arch/riscv/kernel/cacheinfo.c | 12 arch/riscv/kernel/cpufeature.c | 2 arch/riscv/kernel/setup.c | 2 arch/riscv/kernel/signal.c | 6 arch/riscv/kvm/vcpu_sbi_hsm.c | 11 arch/riscv/kvm/vcpu_sbi_replace.c | 15 arch/x86/Kconfig | 1 arch/x86/events/core.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 283 +++++-- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 ++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 block/blk-zoned.c | 76 +- drivers/firmware/cirrus/cs_dsp.c | 24 drivers/firmware/efi/mokvar-table.c | 42 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 drivers/gpu/drm/xe/xe_oa.c | 657 ++++++++++-------- drivers/gpu/drm/xe/xe_oa_types.h | 6 drivers/gpu/drm/xe/xe_vm.c | 40 - drivers/i2c/busses/i2c-ls2x.c | 16 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/idle/intel_idle.c | 4 drivers/infiniband/hw/bnxt_re/bnxt_re.h | 18 drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 46 - drivers/infiniband/hw/bnxt_re/main.c | 153 ++-- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 + drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/ah.c | 3 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/mr.c | 16 drivers/infiniband/hw/mlx5/odp.c | 1 drivers/infiniband/hw/mlx5/qp.c | 10 drivers/infiniband/hw/mlx5/qp.h | 1 drivers/infiniband/hw/mlx5/umr.c | 83 +- drivers/iommu/intel/dmar.c | 1 drivers/iommu/intel/iommu.c | 10 drivers/md/dm-integrity.c | 8 drivers/md/dm-vdo/dedupe.c | 1 drivers/net/dsa/realtek/Kconfig | 6 drivers/net/dsa/realtek/Makefile | 3 drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 ------- drivers/net/dsa/realtek/rtl8366rb.h | 107 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 103 ++ drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 7 drivers/net/ethernet/intel/ice/ice.h | 1 drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 3 drivers/net/ethernet/intel/ice/ice_lib.c | 3 drivers/net/ethernet/intel/ice/ice_main.c | 24 drivers/net/ethernet/intel/ice/ice_sriov.c | 4 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 drivers/net/ethernet/intel/ice/ice_vf_lib_private.h | 1 drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 drivers/net/ethernet/ti/Kconfig | 1 drivers/net/ethernet/ti/icssg/icss_iep.c | 21 drivers/net/ipvlan/ipvlan_core.c | 22 drivers/net/loopback.c | 14 drivers/net/phy/qcom/qca807x.c | 2 drivers/net/usb/gl620a.c | 4 drivers/phy/rockchip/Kconfig | 1 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/scsi/scsi_lib.c | 14 drivers/thermal/gov_bang_bang.c | 11 drivers/thermal/gov_fair_share.c | 16 drivers/thermal/gov_power_allocator.c | 71 + drivers/thermal/gov_step_wise.c | 16 drivers/thermal/thermal_core.c | 33 drivers/thermal/thermal_core.h | 5 drivers/thermal/thermal_helpers.c | 5 drivers/thermal/thermal_of.c | 53 - drivers/ufs/core/ufs_bsg.c | 6 drivers/ufs/core/ufshcd.c | 38 - fs/afs/server.c | 3 fs/afs/server_list.c | 4 fs/nfs/delegation.c | 37 + fs/nfs/delegation.h | 1 fs/nfs/direct.c | 23 fs/nfs/nfs4proc.c | 3 fs/overlayfs/copy_up.c | 2 include/asm-generic/vmlinux.lds.h | 2 include/linux/blkdev.h | 7 include/linux/compiler-gcc.h | 12 include/linux/compiler.h | 39 - include/linux/rcuref.h | 9 include/linux/socket.h | 2 include/linux/sunrpc/sched.h | 3 include/net/ip.h | 5 include/net/route.h | 5 include/sound/cs35l56.h | 31 include/trace/events/afs.h | 2 include/trace/events/sunrpc.h | 3 io_uring/net.c | 4 kernel/events/core.c | 31 kernel/events/uprobes.c | 5 kernel/sched/core.c | 2 kernel/sched/ext.c | 11 kernel/trace/ftrace.c | 27 kernel/trace/trace_events_hist.c | 30 lib/rcuref.c | 5 net/bluetooth/l2cap_core.c | 9 net/bridge/br_netfilter_hooks.c | 8 net/core/gro.c | 1 net/core/scm.c | 10 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 3 net/ipv4/icmp.c | 19 net/ipv4/ip_options.c | 3 net/ipv4/tcp.c | 26 net/ipv4/tcp_minisocks.c | 10 net/ipv6/ip6_tunnel.c | 4 net/ipv6/rpl_iptunnel.c | 14 net/ipv6/seg6_iptunnel.c | 14 net/mptcp/pm_netlink.c | 5 net/mptcp/subflow.c | 15 net/rxrpc/rxperf.c | 12 net/sunrpc/cache.c | 10 net/sunrpc/sched.c | 2 net/sunrpc/xprtsock.c | 10 security/integrity/ima/ima.h | 3 security/integrity/ima/ima_main.c | 7 security/landlock/net.c | 3 sound/pci/hda/cs35l56_hda_spi.c | 3 sound/pci/hda/patch_realtek.c | 2 sound/soc/codecs/cs35l56-shared.c | 80 ++ sound/soc/codecs/cs35l56-spi.c | 3 sound/soc/codecs/es8328.c | 15 sound/soc/fsl/fsl_sai.c | 6 sound/soc/fsl/imx-audmix.c | 4 sound/usb/midi.c | 2 sound/usb/quirks.c | 1 tools/objtool/check.c | 50 - tools/objtool/include/objtool/special.h | 2 tools/testing/selftests/drivers/net/queues.py | 7 tools/testing/selftests/landlock/common.h | 1 tools/testing/selftests/landlock/config | 2 tools/testing/selftests/landlock/net_test.c | 124 +++ tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 tools/testing/selftests/rseq/rseq-riscv.h | 2 173 files changed, 2929 insertions(+), 1406 deletions(-) Adrien Vergé (1): ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Andreas Schwab (1): riscv/futex: sign extend compare value in atomic cmpxchg Andrew Jones (4): riscv: KVM: Fix hart suspend status check riscv: KVM: Fix hart suspend_type use riscv: KVM: Fix SBI IPI error generation riscv: KVM: Fix SBI TIME error generation André Draszik (1): phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Ard Biesheuvel (2): objtool: Fix C jump table annotations for Clang vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnd Bergmann (2): sunrpc: suppress warnings for unused procfs functions phy: rockchip: fix Kconfig dependency more Arthur Simchaev (1): scsi: ufs: core: bsg: Fix crash when arpmb command fails Ashutosh Dixit (4): drm/xe/oa: Signal output fences drm/xe/oa: Move functions up so they can be reused for config ioctl drm/xe/oa: Add syncs support to OA config ioctl drm/xe/oa: Allow only certain property changes from config BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Bart Van Assche (1): scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Benjamin Coddington (1): SUNRPC: Handle -ETIMEDOUT return from tlshd Binbin Zhou (1): i2c: ls2x: Fix frequency division register access Borislav Petkov (AMD) (7): x86/microcode/AMD: Have __apply_microcode_amd() return bool x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations x86/microcode/AMD: Merge early_apply_microcode() into its single callsite x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration x86/microcode/AMD: Add get_patch_level() x86/microcode/AMD: Load only SHA256-checksummed patches Breno Leitao (1): perf/core: Add RCU read lock protection to perf_iterate_ctx() Chancel Liu (1): ASoC: fsl: Rename stream name of SAI DAI driver Chukun Pan (1): phy: rockchip: naneng-combphy: compatible reset with old DT Clément Léger (1): riscv: cpufeature: use bitmap_equal() instead of memcmp() Damien Le Moal (1): block: Remove zone write plugs when handling native zone append writes David Howells (3): rxrpc: rxperf: Fix missing decoding of terminal magic cookie afs: Fix the server_list to unuse a displaced server rather than putting it afs: Give an afs_server object a ref on the afs_cell object it points to David Yat Sin (1): drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Eric Dumazet (2): ipvlan: ensure network headers are in skb linear part idpf: fix checksums set in idpf_rx_rsc() George Moussalem (1): net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Greg Kroah-Hartman (1): Linux 6.12.18 Guillaume Nault (3): ipv4: Convert icmp_route_lookup() to dscp_t. ipv4: Convert ip_route_input() to dscp_t. ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Jerry Snitselaar (1): iommu/vt-d: Remove device comparison in context_setup_pass_through_cb Jiri Slaby (SUSE) (1): net: set the minimum for net_hotdata.netdev_budget_usecs Joe Damato (1): selftests: drv-net: Check if combined-count exists Junxian Huang (1): RDMA/hns: Fix mbox timing out by adding retry mechanism Justin Iurman (2): net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: fix dst ref loop on input in rpl lwt Kalesh AP (5): RDMA/bnxt_re: Fail probe early when not enough MSI-x vectors are reserved RDMA/bnxt_re: Refactor NQ allocation RDMA/bnxt_re: Cache MSIx info to a local structure RDMA/bnxt_re: Add sanity checks on rdev validity RDMA/bnxt_re: Allocate dev_attr information dynamically Kan Liang (2): perf/x86: Fix low freqency setting issue perf/core: Fix low freq setting via IOC_PERIOD Kashyap Desai (1): RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Ken Raeburn (1): dm vdo: add missing spin_lock_init Konstantin Taranov (1): RDMA/mana_ib: Allocate PAGE aligned doorbell index Krzysztof Kozlowski (1): thermal: of: Simplify thermal_of_should_bind with scoped for each OF child Linus Walleij (1): net: dsa: rtl8366rb: Fix compilation problem Lu Baolu (1): iommu/vt-d: Fix suspicious RCU usage Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Gengkun (1): perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Manivannan Sadhasivam (1): scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Marcin Szycik (2): ice: Fix deinitializing VF in error path ice: Avoid setting default Rx VSI twice in switchdev setup Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Matthew Auld (2): drm/xe/userptr: restore invalidation list on error drm/xe/userptr: fix EFAULT handling Matthieu Baerts (NGI0) (1): mptcp: reset when MPTCP opts are dropped after join Meghana Malladi (1): net: ti: icss-iep: Reject perout generation request Mikhail Ivanov (3): landlock: Fix non-TCP sockets restriction selftests/landlock: Test that MPTCP actions are not restricted selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Milan Broz (1): dm-integrity: Avoid divide by zero in table status in Inline mode Mingcong Bai (1): drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Mohammad Heib (1): net: Clear old fragment checksum value in napi_reuse_skb Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (1): usbnet: gl620a: fix endpoint checking in genelink_bind() Nikolay Borisov (1): x86/microcode/AMD: Return bool from find_blobs_in_containers() Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Oliver Upton (1): KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Paolo Abeni (1): mptcp: always handle address removal under msk socket lock Patrisious Haddad (2): RDMA/mlx5: Fix AH static rate parsing RDMA/mlx5: Fix bind QP error cleanup flow Paul Greenwalt (1): ice: add E830 HW VF mailbox message limit support Pavel Begunkov (1): io_uring/net: save msg_control for compat Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Peter Zijlstra (2): unreachable: Unify objtool: Remove annotate_{,un}reachable() Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Qunqin Zhao (1): net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Rafael J. Wysocki (3): thermal/of: Fix cdev lookup in thermal_of_should_bind() thermal: core: Move lists of thermal instances to trip descriptors thermal: gov_power_allocator: Add missing NULL pointer check Richard Fitzgerald (2): firmware: cs_dsp: Remove async regmap writes ASoC: cs35l56: Prevent races when soft-resetting using SPI control Rob Herring (1): riscv: cacheinfo: Use of_property_present() for non-boolean properties Roberto Sassu (1): ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Roman Li (1): drm/amd/display: Fix HPD after gpu reset Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryan Roberts (1): arm64/mm: Fix Boot panic on Ampere Altra Sascha Hauer (1): net: ethernet: ti: am65-cpsw: select PAGE_POOL Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Selvin Xavier (1): RDMA/bnxt_re: Fix the statistics for Gen P7 VF Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Stafford Horne (1): rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Stanislav Fomichev (1): tcp: devmem: don't write truncated dmabuf CMSGs to userspace Steven Rostedt (1): tracing: Fix bad hist from corrupting named_triggers list Takashi Iwai (2): ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Tejun Heo (1): sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner (3): intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly rcuref: Plug slowpath race in rcuref_put() sched/core: Prevent rescheduling when interrupts are disabled Tom Chung (1): drm/amd/display: Disable PSR-SU on eDP panels Tong Tiangen (1): uprobes: Reject the shared zeropage in uprobe_write_opcode() Trond Myklebust (4): NFS: O_DIRECT writes must check and adjust the file length NFS: Adjust delegated timestamps for O_DIRECT reads and writes SUNRPC: Prevent looping due to rpc_signal_task() races NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Umesh Nerlige Ramappa (1): drm/xe/oa: Allow oa_exponent value of 0 Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Wang Hai (1): tcp: Defer ts_recent changes until req is owned Wei Fang (6): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Ye Bin (1): scsi: core: Clear driver private data when retrying request Yilin Chen (1): drm/amd/display: add a quirk to enable eDP0 on DP1 Yishai Hadas (4): RDMA/mlx5: Fix the recovery flow of the UMR QP RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error RDMA/mlx5: Fix a WARN during dereg_mr for DM type RDMA/mlx5: Fix implicit ODP hang on parent deregistration Yong-Xuan Wang (2): riscv: signal: fix signal frame size riscv: signal: fix signal_minsigstksz Yu-Che Cheng (2): thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() thermal: gov_power_allocator: Update total_weight on bind and cdev updates chr[] (1): amdgpu/pm/legacy: fix suspend/resume issues

4 months, 1 week

3
3
0 0

[PATCH] jffs2: check that raw node were preallocated before writing summary

by Artem Sadovnikov

Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn't check return value of jffs2_prealloc_raw_node_refs and simply lets any error propagate into jffs2_sum_write_data, which eventually calls jffs2_link_node_ref in order to link the summary to an expectedly allocated node. kernel BUG at fs/jffs2/nodelist.c:592! invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592 Call Trace: <TASK> jffs2_sum_write_data fs/jffs2/summary.c:841 [inline] jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874 jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388 jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197 jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362 jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301 generic_perform_write+0x314/0x5d0 mm/filemap.c:3856 __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973 generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005 call_write_iter include/linux/fs.h:2265 [inline] do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735 do_iter_write+0x186/0x710 fs/read_write.c:861 vfs_iter_write+0x70/0xa0 fs/read_write.c:902 iter_file_splice_write+0x73b/0xc90 fs/splice.c:685 do_splice_from fs/splice.c:763 [inline] direct_splice_actor+0x10c/0x170 fs/splice.c:950 splice_direct_to_actor+0x337/0xa10 fs/splice.c:896 do_splice_direct+0x1a9/0x280 fs/splice.c:1002 do_sendfile+0xb13/0x12c0 fs/read_write.c:1255 __do_sys_sendfile64 fs/read_write.c:1323 [inline] __se_sys_sendfile64 fs/read_write.c:1309 [inline] __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Fix this issue by checking return value of jffs2_prealloc_raw_node_refs before calling jffs2_sum_write_data. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 2f785402f39b ("[JFFS2] Reduce visibility of raw_node_ref to upper layers of JFFS2 code.") Signed-off-by: Artem Sadovnikov <a.sadovnikov(a)ispras.ru> --- fs/jffs2/summary.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/jffs2/summary.c b/fs/jffs2/summary.c index 4fe64519870f1..d83372d3e1a07 100644 --- a/fs/jffs2/summary.c +++ b/fs/jffs2/summary.c @@ -858,7 +858,10 @@ int jffs2_sum_write_sumnode(struct jffs2_sb_info *c) spin_unlock(&c->erase_completion_lock); jeb = c->nextblock; - jffs2_prealloc_raw_node_refs(c, jeb, 1); + ret = jffs2_prealloc_raw_node_refs(c, jeb, 1); + + if (ret) + goto out; if (!c->summary->sum_num || !c->summary->sum_list_head) { JFFS2_WARNING("Empty summary info!!!\n"); @@ -872,6 +875,8 @@ int jffs2_sum_write_sumnode(struct jffs2_sb_info *c) datasize += padsize; ret = jffs2_sum_write_data(c, jeb, infosize, datasize, padsize); + +out: spin_lock(&c->erase_completion_lock); return ret; } -- 2.43.0

4 months, 1 week

2
1
0 0

[PATCH net v2] netmem: prevent TX of unreadable skbs

by Mina Almasry

Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it. Fix this by preventing the xmit of unreadable skbs. Tested by configuring tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs. After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs. Fixes: 65249feb6b3d ("net: add support for skbs with unreadable frags") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Mina Almasry <almasrymina(a)google.com> --- v2: https://lore.kernel.org/netdev/20250305191153.6d899a00@kernel.org/ - Put unreadable check at the top (Jakub) --- net/core/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 30da277c5a6f..2f7f5fd9ffec 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3872,6 +3872,9 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device { netdev_features_t features; + if (!skb_frags_readable(skb)) + goto out_kfree_skb; + features = netif_skb_features(skb); skb = validate_xmit_vlan(skb, features); if (unlikely(!skb)) base-commit: f315296c92fd4b7716bdea17f727ab431891dc3b -- 2.49.0.rc0.332.g42c0ae87b1-goog

4 months, 1 week

2
1
0 0

[PATCH v3] mm/migrate: fix shmem xarray update during migration

by Zi Yan

A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. Fixes: fc346d0a70a1 ("mm: migrate high-order folios in swap cache correctly") Reported-by: Liu Shixin <liushixin2(a)huawei.com> Closes: https://lore.kernel.org/all/28546fb4-5210-bf75-16d6-43e1f8646080@huawei.com/ Suggested-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Zi Yan <ziy(a)nvidia.com> Cc: stable(a)vger.kernel.org --- mm/migrate.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index fb4afd31baf0..c0adea67cd62 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -518,15 +518,13 @@ static int __folio_migrate_mapping(struct address_space *mapping, if (folio_test_anon(folio) && folio_test_large(folio)) mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON, 1); folio_ref_add(newfolio, nr); /* add cache reference */ - if (folio_test_swapbacked(folio)) { + if (folio_test_swapbacked(folio)) __folio_set_swapbacked(newfolio); - if (folio_test_swapcache(folio)) { - folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); - } + if (folio_test_swapcache(folio)) { + folio_set_swapcache(newfolio); + newfolio->private = folio_get_private(folio); entries = nr; } else { - VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); entries = 1; } -- 2.47.2

4 months, 1 week

4
3
0 0

[PATCH 6.1 000/161] 6.1.130-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.130 release. There are 161 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.130-rc2 Fullway Wang <fullwaywang(a)outlook.com> media: mtk-vcodec: potential null pointer deference in SCP Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() David Howells <dhowells(a)redhat.com> mm: Don't pin ZERO_PAGE in pin_user_pages() Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server Colin Ian King <colin.i.king(a)gmail.com> afs: remove variable nr_servers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Xin Long <lucien.xin(a)gmail.com> netfilter: allow exp not to be removed in nf_ct_find_expectation Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Fix wrong register value written to MR Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Paolo Valente <paolo.valente(a)linaro.org> block, bfq: split sync bfq_queues on a per-actuator basis Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Add simple K2G manual reset Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Introduce send sub-crq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Return error code on TX scrq flush fail Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Roy Luo <royluo(a)google.com> USB: gadget: core: create sysfs link between udc and gadget Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Yang Yingliang <yangyingliang(a)huawei.com> media: Switch to use dev_err_probe() helper Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Eddie James <eajames(a)linux.ibm.com> tpm: Use managed allocation for bios event log Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: trim addresses to 8 digits Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Handle depopulation and restoration in progress Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Add dummy clock ops Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Yang Yingliang <yangyingliang(a)huawei.com> spi: atmel-quadspi: switch to use modern name Tudor Ambarus <tudor.ambarus(a)microchip.com> spi: atmel-quadspi: Add support for configuring CS timing Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: add 'sync_size' into struct md_bitmap_stats Yu Kuai <yukuai3(a)huawei.com> md/md-cluster: fix spares warnings for __le64 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/core-api/pin_user_pages.rst | 6 + Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 --- arch/powerpc/lib/code-patching.c | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/x86/Kconfig | 3 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 20 ++- arch/x86/kernel/cpu/cyrix.c | 4 +- block/bfq-cgroup.c | 97 +++++----- block/bfq-iosched.c | 195 ++++++++++++++------- block/bfq-iosched.h | 51 ++++-- drivers/bluetooth/btqca.c | 110 +++++++++--- drivers/char/tpm/eventlog/acpi.c | 16 +- drivers/char/tpm/eventlog/efi.c | 13 +- drivers/char/tpm/eventlog/of.c | 3 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mediatek/clk-mtk.c | 16 ++ drivers/clk/mediatek/clk-mtk.h | 19 ++ drivers/edac/qcom_edac.c | 4 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 ++- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 ++- drivers/gpu/drm/i915/display/intel_display.c | 18 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 2 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/tidss/tidss_dispc.c | 22 ++- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/md/md-bitmap.c | 34 ++-- drivers/md/md-bitmap.h | 9 +- drivers/md/md-cluster.c | 34 ++-- drivers/md/md.c | 33 +++- drivers/media/cec/platform/stm32/stm32-cec.c | 9 +- drivers/media/i2c/ad5820.c | 18 +- drivers/media/i2c/imx274.c | 5 +- drivers/media/i2c/tc358743.c | 9 +- drivers/media/platform/mediatek/mdp/mtk_mdp_comp.c | 5 +- .../platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 + .../mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 +- .../media/platform/samsung/exynos4-is/media-dev.c | 4 +- drivers/media/platform/st/stm32/stm32-dcmi.c | 27 +-- drivers/media/platform/ti/omap3isp/isp.c | 3 +- drivers/media/platform/xilinx/xilinx-csi2rxss.c | 8 +- drivers/media/rc/gpio-ir-recv.c | 10 +- drivers/media/rc/gpio-ir-tx.c | 9 +- drivers/media/rc/ir-rx51.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 99 +++++++++-- drivers/media/usb/uvc/uvc_driver.c | 35 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +++-- drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++++++++--- drivers/net/ethernet/ibm/ibmvnic.c | 85 +++++++-- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/ipvlan/ipvlan_core.c | 24 ++- drivers/net/loopback.c | 14 ++ drivers/net/usb/gl620a.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 ++ drivers/power/supply/da9150-fg.c | 4 +- drivers/scsi/scsi_lib.c | 22 ++- drivers/scsi/sd.c | 4 + drivers/soc/mediatek/mtk-devapc.c | 36 ++-- drivers/spi/atmel-quadspi.c | 172 +++++++++++++----- drivers/tee/optee/supp.c | 35 +--- drivers/usb/gadget/function/f_midi.c | 2 +- drivers/usb/gadget/udc/core.c | 11 +- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 ++- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 ++++++++++-- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 40 +++-- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 4 + fs/squashfs/inode.c | 5 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/mm.h | 26 ++- include/linux/netdevice.h | 2 + include/linux/ptrace.h | 4 + include/linux/skmsg.h | 2 + include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/route.h | 5 +- include/net/strparser.h | 2 + include/net/tcp.h | 22 +++ include/trace/events/icmp.h | 67 +++++++ include/trace/events/oom.h | 36 +++- include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/acct.c | 134 ++++++++------ kernel/bpf/syscall.c | 18 +- kernel/events/core.c | 17 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 30 ++-- kernel/trace/trace_events_hist.c | 34 ++-- kernel/trace/trace_functions.c | 6 +- mm/gup.c | 31 +++- mm/madvise.c | 11 +- mm/memcontrol.c | 7 +- mm/memory.c | 4 +- mm/oom_kill.c | 14 +- net/bluetooth/l2cap_core.c | 9 +- net/bpf/test_run.c | 5 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/dev.c | 37 +++- net/core/drop_monitor.c | 39 ++--- net/core/flow_dissector.c | 49 +++--- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/skmsg.c | 7 + net/core/sysctl_net_core.c | 3 +- net/ipv4/arp.c | 2 +- net/ipv4/icmp.c | 24 +-- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 29 ++- net/ipv4/tcp_bpf.c | 36 ++++ net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 8 +- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +++--- net/ipv6/seg6_iptunnel.c | 97 ++++++---- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_expect.c | 4 +- net/netfilter/nft_ct.c | 2 + net/sched/sch_fifo.c | 3 + net/strparser/strparser.c | 11 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 ++- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 2 + sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + 179 files changed, 2160 insertions(+), 955 deletions(-)

4 months, 1 week

8
7
0 0

[PATCH locking 10/11] rust: lockdep: Remove support for dynamically allocated LockClassKeys

by Boqun Feng

From: Mitchell Levy <levymitchell0(a)gmail.com> Currently, dynamically allocated LockCLassKeys can be used from the Rust side without having them registered. This is a soundness issue, so remove them. Suggested-by: Alice Ryhl <aliceryhl(a)google.com> Link: https://lore.kernel.org/rust-for-linux/20240815074519.2684107-3-nmi@metaspa… Cc: stable(a)vger.kernel.org Fixes: 6ea5aa08857a ("rust: sync: introduce `LockClassKey`") Reviewed-by: Benno Lossin <benno.lossin(a)proton.me> Signed-off-by: Mitchell Levy <levymitchell0(a)gmail.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Link: https://lore.kernel.org/r/20250207-rust-lockdep-v4-1-7a50a7e88656@gmail.com --- rust/kernel/sync.rs | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs index 3498fb344dc9..16eab9138b2b 100644 --- a/rust/kernel/sync.rs +++ b/rust/kernel/sync.rs @@ -30,28 +30,20 @@ unsafe impl Sync for LockClassKey {} impl LockClassKey { - /// Creates a new lock class key. - pub const fn new() -> Self { - Self(Opaque::uninit()) - } - pub(crate) fn as_ptr(&self) -> *mut bindings::lock_class_key { self.0.get() } } -impl Default for LockClassKey { - fn default() -> Self { - Self::new() - } -} - /// Defines a new static lock class and returns a pointer to it. #[doc(hidden)] #[macro_export] macro_rules! static_lock_class { () => {{ - static CLASS: $crate::sync::LockClassKey = $crate::sync::LockClassKey::new(); + static CLASS: $crate::sync::LockClassKey = + // SAFETY: lockdep expects uninitialized memory when it's handed a statically allocated + // lock_class_key + unsafe { ::core::mem::MaybeUninit::uninit().assume_init() }; &CLASS }}; } -- 2.47.1

4 months, 1 week

2
1
0 0

[PATCH v6 4/8] crypto: ccp: Fix uapi definitions of PSP errors

by Dionna Glaze

From: Alexey Kardashevskiy <aik(a)amd.com> Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY = 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE = 0x0019, + SEV_RET_INVALID_PAGE_STATE = 0x001A, + SEV_RET_INVALID_MDATA_ENTRY = 0x001B, + SEV_RET_INVALID_PAGE_OWNER = 0x001C, + SEV_RET_AEAD_OFLOW = 0x001D, + SEV_RET_EXIT_RING_BUFFER = 0x001F, + SEV_RET_RMP_INIT_REQUIRED = 0x0020, + SEV_RET_BAD_SVN = 0x0021, + SEV_RET_BAD_VERSION = 0x0022, + SEV_RET_SHUTDOWN_REQUIRED = 0x0023, + SEV_RET_UPDATE_FAILED = 0x0024, + SEV_RET_RESTORE_REQUIRED = 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026, + SEV_RET_INVALID_KEY = 0x0027, SEV_RET_MAX, } sev_ret_code; -- 2.47.0.277.g8800431eea-goog

4 months, 1 week

4
6
0 0

[PATCH v2] iommufd: Fail replace if device has not been attached

by Yi Liu

The current implementation of iommufd_device_do_replace() implicitly assumes that the input device has already been attached. However, there is no explicit check to verify this assumption. If another device within the same group has been attached, the replace operation might succeed, but the input device itself may not have been attached yet. As a result, the input device might not be tracked in the igroup->device_list, and its reserved IOVA might not be added. Despite this, the caller might incorrectly assume that the device has been successfully replaced, which could lead to unexpected behavior or errors. To address this issue, add a check to ensure that the input device has been attached before proceeding with the replace operation. This check will help maintain the integrity of the device tracking system and prevent potential issues arising from incorrect assumptions about the device's attachment status. Fixes: e88d4ec154a8 ("iommufd: Add iommufd_device_replace()") Cc: stable(a)vger.kernel.org Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Yi Liu <yi.l.liu(a)intel.com> --- Change log: v2: - Add r-b tag (Kevin) - Minor tweaks. I swarpped the order of is_attach check with the if (igroup->hwpt == NULL) check, hence no need to add WARN_ON. v1: https://lore.kernel.org/linux-iommu/20250304120754.12450-1-yi.l.liu@intel.c… --- drivers/iommu/iommufd/device.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c index b2f0cb909e6d..bd50146e2ad0 100644 --- a/drivers/iommu/iommufd/device.c +++ b/drivers/iommu/iommufd/device.c @@ -471,6 +471,17 @@ iommufd_device_attach_reserved_iova(struct iommufd_device *idev, /* The device attach/detach/replace helpers for attach_handle */ +/* Check if idev is attached to igroup->hwpt */ +static bool iommufd_device_is_attached(struct iommufd_device *idev) +{ + struct iommufd_device *cur; + + list_for_each_entry(cur, &idev->igroup->device_list, group_item) + if (cur == idev) + return true; + return false; +} + static int iommufd_hwpt_attach_device(struct iommufd_hw_pagetable *hwpt, struct iommufd_device *idev) { @@ -710,6 +721,11 @@ iommufd_device_do_replace(struct iommufd_device *idev, goto err_unlock; } + if (!iommufd_device_is_attached(idev)) { + rc = -EINVAL; + goto err_unlock; + } + if (hwpt == igroup->hwpt) { mutex_unlock(&idev->igroup->lock); return NULL; -- 2.34.1

4 months, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror