Linus Torvalds [Sun, 24 Sep 2023 20:55:34 +0000 (13:55 -0700)]
Merge tag 'trace-v6.6-rc2' of git://git./linux/kernel/git/trace/linux-trace
Pull tracing fixes from Steven Rostedt:
- Fix the "bytes" output of the per_cpu stat file
The tracefs/per_cpu/cpu*/stats "bytes" was giving bogus values as the
accounting was not accurate. It is suppose to show how many used
bytes are still in the ring buffer, but even when the ring buffer was
empty it would still show there were bytes used.
- Fix a bug in eventfs where reading a dynamic event directory (open)
and then creating a dynamic event that goes into that diretory screws
up the accounting.
On close, the newly created event dentry will get a "dput" without
ever having a "dget" done for it. The fix is to allocate an array on
dir open to save what dentries were actually "dget" on, and what ones
to "dput" on close.
* tag 'trace-v6.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
eventfs: Remember what dentries were created on dir open
ring-buffer: Fix bytes info in per_cpu buffer stats
Linus Torvalds [Sun, 24 Sep 2023 20:50:28 +0000 (13:50 -0700)]
Merge tag 'cxl-fixes-6.6-rc3' of git://git./linux/kernel/git/cxl/cxl
Pull cxl fixes from Dan Williams:
"A collection of regression fixes, bug fixes, and some small cleanups
to the Compute Express Link code.
The regressions arrived in the v6.5 dev cycle and missed the v6.6
merge window due to my personal absences this cycle. The most
important fixes are for scenarios where the CXL subsystem fails to
parse valid region configurations established by platform firmware.
This is important because agreement between OS and BIOS on the CXL
configuration is fundamental to implementing "OS native" error
handling, i.e. address translation and component failure
identification.
Other important fixes are a driver load error when the BIOS lets the
Linux PCI core handle AER events, but not CXL memory errors.
The other fixex might have end user impact, but for now are only known
to trigger in our test/emulation environment.
Summary:
- Fix multiple scenarios where platform firmware defined regions fail
to be assembled by the CXL core.
- Fix a spurious driver-load failure on platforms that enable OS
native AER, but not OS native CXL error handling.
- Fix a regression detecting "poison" commands when "security"
commands are also defined.
- Fix a cxl_test regression with the move to centralize CXL port
register enumeration in the CXL core.
- Miscellaneous small fixes and cleanups"
* tag 'cxl-fixes-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
cxl/acpi: Annotate struct cxl_cxims_data with __counted_by
cxl/port: Fix cxl_test register enumeration regression
cxl/region: Refactor granularity select in cxl_port_setup_targets()
cxl/region: Match auto-discovered region decoders by HPA range
cxl/mbox: Fix CEL logic for poison and security commands
cxl/pci: Replace host_bridge->native_aer with pcie_aer_is_native()
PCI/AER: Export pcie_aer_is_native()
cxl/pci: Fix appropriate checking for _OSC while handling CXL RAS registers
Linus Torvalds [Sat, 23 Sep 2023 18:56:57 +0000 (11:56 -0700)]
Merge tag 'gpio-fixes-for-v6.6-rc3' of git://git./linux/kernel/git/brgl/linux
Pull gpio fixes from Bartosz Golaszewski:
- fix an invalid usage of __free(kfree) leading to kfreeing an
ERR_PTR()
- fix an irq domain leak in gpio-tb10x
- MAINTAINERS update
* tag 'gpio-fixes-for-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpio: sim: fix an invalid __free() usage
gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
MAINTAINERS: gpio-regmap: make myself a maintainer of it
Linus Torvalds [Sat, 23 Sep 2023 18:51:16 +0000 (11:51 -0700)]
Merge tag 'mm-hotfixes-stable-2023-09-23-10-31' of git://git./linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"13 hotfixes, 10 of which pertain to post-6.5 issues. The other three
are cc:stable"
* tag 'mm-hotfixes-stable-2023-09-23-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
proc: nommu: fix empty /proc/<pid>/maps
filemap: add filemap_map_order0_folio() to handle order0 folio
proc: nommu: /proc/<pid>/maps: release mmap read lock
mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement
pidfd: prevent a kernel-doc warning
argv_split: fix kernel-doc warnings
scatterlist: add missing function params to kernel-doc
selftests/proc: fixup proc-empty-vm test after KSM changes
revert "scripts/gdb/symbols: add specific ko module load command"
selftests: link libasan statically for tests with -fsanitize=address
task_work: add kerneldoc annotation for 'data' argument
mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
sh: mm: re-add lost __ref to ioremap_prot() to fix modpost warning
Linus Torvalds [Sat, 23 Sep 2023 18:34:48 +0000 (11:34 -0700)]
Merge tag '6.6-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb client fixes from Steve French:
"Six smb3 client fixes, including three for stable, from the SMB
plugfest (testing event) this week:
- Reparse point handling fix (found when investigating dir
enumeration when fifo in dir)
- Fix excessive thread creation for dir lease cleanup
- UAF fix in negotiate path
- remove duplicate error message mapping and fix confusing warning
message
- add dynamic trace point to improve debugging RDMA connection
attempts"
* tag '6.6-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb3: fix confusing debug message
smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED
smb3: remove duplicate error mapping
cifs: Fix UAF in cifs_demultiplex_thread()
smb3: do not start laundromat thread when dir leases disabled
smb3: Add dynamic trace points for RDMA (smbdirect) reconnect
Linus Torvalds [Sat, 23 Sep 2023 18:20:24 +0000 (11:20 -0700)]
Merge tag 'i2c-for-6.6-rc3' of git://git./linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"A set of I2C driver fixes. Mostly fixing resource leaks or sanity
checks"
* tag 'i2c-for-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: xiic: Correct return value check for xiic_reinit()
i2c: mux: gpio: Add missing fwnode_handle_put()
i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low
i2c: i801: unregister tco_pdev in i801_probe() error path
Charles Keepax [Tue, 19 Sep 2023 11:03:20 +0000 (13:03 +0200)]
mfd: cs42l43: Use correct macro for new-style PM runtime ops
The code was accidentally mixing new and old style macros, update the
macros used to remove an unused function warning whilst building with
no PM enabled in the config.
Fixes:
ace6d1448138 ("mfd: cs42l43: Add support for cs42l43 core driver")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/all/20230822114914.340359-1-ckeepax@opensource.cirrus.com/
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Lee Jones <lee@kernel.org>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 23 Sep 2023 17:57:03 +0000 (10:57 -0700)]
Merge tag 'loongarch-fixes-6.6-1' of git://git./linux/kernel/git/chenhuacai/linux-loongson
Pull LoongArch fixes from Huacai Chen:
"Fix lockdep, fix a boot failure, fix some build warnings, fix document
links, and some cleanups"
* tag 'loongarch-fixes-6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
docs/zh_CN/LoongArch: Update the links of ABI
docs/LoongArch: Update the links of ABI
LoongArch: Don't inline kasan_mem_to_shadow()/kasan_shadow_to_mem()
kasan: Cleanup the __HAVE_ARCH_SHADOW_MAP usage
LoongArch: Set all reserved memblocks on Node#0 at initialization
LoongArch: Remove dead code in relocate_new_kernel
LoongArch: Use _UL() and _ULL()
LoongArch: Fix some build warnings with W=1
LoongArch: Fix lockdep static memory detection
Linus Torvalds [Sat, 23 Sep 2023 17:50:37 +0000 (10:50 -0700)]
Merge tag 's390-6.6-3' of git://git./linux/kernel/git/s390/linux
Pull s390 fixes from Vasily Gorbik:
- Fix potential string buffer overflow in hypervisor user-defined
certificates handling
- Update defconfigs
* tag 's390-6.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/cert_store: fix string length handling
s390: update defconfigs
Linus Torvalds [Sat, 23 Sep 2023 16:56:40 +0000 (09:56 -0700)]
Merge tag 'iomap-6.6-fixes-2' of git://git./fs/xfs/xfs-linux
Pull iomap fixes from Darrick Wong:
- Return EIO on bad inputs to iomap_to_bh instead of BUGging, to deal
less poorly with block device io racing with block device resizing
- Fix a stale page data exposure bug introduced in 6.6-rc1 when
unsharing a file range that is not in the page cache
* tag 'iomap-6.6-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
iomap: convert iomap_unshare_iter to use large folios
iomap: don't skip reading in !uptodate folios when unsharing a range
iomap: handle error conditions more gracefully in iomap_to_bh
Linus Torvalds [Fri, 22 Sep 2023 23:46:55 +0000 (16:46 -0700)]
Merge tag 'hardening-v6.6-rc3' of git://git./linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook:
- Fix UAPI stddef.h to avoid C++-ism (Alexey Dobriyan)
- Fix harmless UAPI stddef.h header guard endif (Alexey Dobriyan)
* tag 'hardening-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
uapi: stddef.h: Fix header guard location
Linus Torvalds [Fri, 22 Sep 2023 23:32:19 +0000 (16:32 -0700)]
Merge tag 'xfs-6.6-fixes-1' of git://git./fs/xfs/xfs-linux
Pull xfs fixes from Chandan Babu:
- Fix an integer overflow bug when processing an fsmap call
- Fix crash due to CPU hot remove event racing with filesystem mount
operation
- During read-only mount, XFS does not allow the contents of the log to
be recovered when there are one or more unrecognized rcompat features
in the primary superblock, since the log might have intent items
which the kernel does not know how to process
- During recovery of log intent items, XFS now reserves log space
sufficient for one cycle of a permanent transaction to execute.
Otherwise, this could lead to livelocks due to non-availability of
log space
- On an fs which has an ondisk unlinked inode list, trying to delete a
file or allocating an O_TMPFILE file can cause the fs to the shutdown
if the first inode in the ondisk inode list is not present in the
inode cache. The bug is solved by explicitly loading the first inode
in the ondisk unlinked inode list into the inode cache if it is not
already cached
A similar problem arises when the uncached inode is present in the
middle of the ondisk unlinked inode list. This second bug is
triggered when executing operations like quotacheck and bulkstat. In
this case, XFS now reads in the entire ondisk unlinked inode list
- Enable LARP mode only on recent v5 filesystems
- Fix a out of bounds memory access in scrub
- Fix a performance bug when locating the tail of the log during
mounting a filesystem
* tag 'xfs-6.6-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail
xfs: only call xchk_stats_merge after validating scrub inputs
xfs: require a relatively recent V5 filesystem for LARP mode
xfs: make inode unlinked bucket recovery work with quotacheck
xfs: load uncached unlinked inodes into memory on demand
xfs: reserve less log space when recovering log intent items
xfs: fix log recovery when unknown rocompat bits are set
xfs: reload entire unlinked bucket lists
xfs: allow inode inactivation during a ro mount log recovery
xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list
xfs: remove CPU hotplug infrastructure
xfs: remove the all-mounts list
xfs: use per-mount cpumask to track nonempty percpu inodegc lists
xfs: fix an agbno overflow in __xfs_getfsmap_datadev
xfs: fix per-cpu CIL structure aggregation racing with dying cpus
xfs: fix select in config XFS_ONLINE_SCRUB_STATS
Kees Cook [Fri, 22 Sep 2023 17:53:19 +0000 (10:53 -0700)]
cxl/acpi: Annotate struct cxl_cxims_data with __counted_by
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cxl_cxims_data.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: linux-cxl@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/20230922175319.work.096-kees@kernel.org
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Fri, 15 Sep 2023 08:07:30 +0000 (01:07 -0700)]
cxl/port: Fix cxl_test register enumeration regression
The cxl_test unit test environment models a CXL topology for
sysfs/user-ABI regression testing. It uses interface mocking via the
"--wrap=" linker option to redirect cxl_core routines that parse
hardware registers with versions that just publish objects, like
devm_cxl_enumerate_decoders().
Starting with:
Commit
19ab69a60e3b ("cxl/port: Store the port's Component Register mappings in struct cxl_port")
...port register enumeration is moved into devm_cxl_add_port(). This
conflicts with the "cxl_test avoids emulating registers stance" so
either the port code needs to be refactored (too violent), or modified
so that register enumeration is skipped on "fake" cxl_test ports
(annoying, but straightforward).
This conflict has happened previously and the "check for platform
device" workaround to avoid instrusive refactoring was deployed in those
scenarios. In general, refactoring should only benefit production code,
test code needs to remain minimally instrusive to the greatest extent
possible.
This was missed previously because it may sometimes just cause warning
messages to be emitted, but it can also cause test failures. The
backport to -stable is only nice to have for clean cxl_test runs.
Fixes:
19ab69a60e3b ("cxl/port: Store the port's Component Register mappings in struct cxl_port")
Cc: stable@vger.kernel.org
Reported-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Tested-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/169476525052.1013896.6235102957693675187.stgit@dwillia2-xfh.jf.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Steven Rostedt (Google) [Fri, 22 Sep 2023 20:34:46 +0000 (16:34 -0400)]
eventfs: Remember what dentries were created on dir open
Using the following code with libtracefs:
int dfd;
// create the directory events/kprobes/kp1
tracefs_kprobe_raw(NULL, "kp1", "schedule_timeout", "time=$arg1");
// Open the kprobes directory
dfd = tracefs_instance_file_open(NULL, "events/kprobes", O_RDONLY);
// Do a lookup of the kprobes/kp1 directory (by looking at enable)
tracefs_file_exists(NULL, "events/kprobes/kp1/enable");
// Now create a new entry in the kprobes directory
tracefs_kprobe_raw(NULL, "kp2", "schedule_hrtimeout", "expires=$arg1");
// Do another lookup to create the dentries
tracefs_file_exists(NULL, "events/kprobes/kp2/enable"))
// Close the directory
close(dfd);
What happened above, the first open (dfd) will call
dcache_dir_open_wrapper() that will create the dentries and up their ref
counts.
Now the creation of "kp2" will add another dentry within the kprobes
directory.
Upon the close of dfd, eventfs_release() will now do a dput for all the
entries in kprobes. But this is where the problem lies. The open only
upped the dentry of kp1 and not kp2. Now the close is decrementing both
kp1 and kp2, which causes kp2 to get a negative count.
Doing a "trace-cmd reset" which deletes all the kprobes cause the kernel
to crash! (due to the messed up accounting of the ref counts).
To solve this, save all the dentries that are opened in the
dcache_dir_open_wrapper() into an array, and use this array to know what
dentries to do a dput on in eventfs_release().
Since the dcache_dir_open_wrapper() calls dcache_dir_open() which uses the
file->private_data, we need to also add a wrapper around dcache_readdir()
that uses the cursor assigned to the file->private_data. This is because
the dentries need to also be saved in the file->private_data. To do this
create the structure:
struct dentry_list {
void *cursor;
struct dentry **dentries;
};
Which will hold both the cursor and the dentries. Some shuffling around is
needed to make sure that dcache_dir_open() and dcache_readdir() only see
the cursor.
Link: https://lore.kernel.org/linux-trace-kernel/20230919211804.230edf1e@gandalf.local.home/
Link: https://lore.kernel.org/linux-trace-kernel/20230922163446.1431d4fa@gandalf.local.home
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Ajay Kaher <akaher@vmware.com>
Fixes:
63940449555e7 ("eventfs: Implement eventfs lookup, read, open functions")
Reported-by: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Zheng Yejian [Thu, 21 Sep 2023 12:54:25 +0000 (20:54 +0800)]
ring-buffer: Fix bytes info in per_cpu buffer stats
The 'bytes' info in file 'per_cpu/cpu<X>/stats' means the number of
bytes in cpu buffer that have not been consumed. However, currently
after consuming data by reading file 'trace_pipe', the 'bytes' info
was not changed as expected.
# cat per_cpu/cpu0/stats
entries: 0
overrun: 0
commit overrun: 0
bytes: 568 <--- 'bytes' is problematical !!!
oldest event ts: 8651.371479
now ts: 8653.912224
dropped events: 0
read events: 8
The root cause is incorrect stat on cpu_buffer->read_bytes. To fix it:
1. When stat 'read_bytes', account consumed event in rb_advance_reader();
2. When stat 'entries_bytes', exclude the discarded padding event which
is smaller than minimum size because it is invisible to reader. Then
use rb_page_commit() instead of BUF_PAGE_SIZE at where accounting for
page-based read/remove/overrun.
Also correct the comments of ring_buffer_bytes_cpu() in this patch.
Link: https://lore.kernel.org/linux-trace-kernel/20230921125425.1708423-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Fixes:
c64e148a3be3 ("trace: Add ring buffer stats to measure rate of events")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Linus Torvalds [Fri, 22 Sep 2023 20:25:13 +0000 (13:25 -0700)]
Merge tag 'thermal-6.6-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull thermal control fix from Rafael Wysocki:
"Unbreak the trip point update sysfs interface that has been broken
since the 6.3 cycle (Rafael Wysocki)"
* tag 'thermal-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
thermal: sysfs: Fix trip_point_hyst_store()
Linus Torvalds [Fri, 22 Sep 2023 20:19:04 +0000 (13:19 -0700)]
Merge tag 'acpi-6.6-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These fix a general ACPI processor driver regression and an ia64 build
issue, both introduced recently.
Specifics:
- Fix recently introduced uninitialized memory access issue in the
ACPI processor driver (Michal Wilczynski)
- Fix ia64 build inadvertently broken by recent ACPI processor driver
changes, which is prudent to do for 6.6 even though ia64 support is
slated for removal in 6.7 (Ard Biesheuvel)"
* tag 'acpi-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: processor: Fix uninitialized access of buf in acpi_set_pdc_bits()
acpi: Provide ia64 dummy implementation of acpi_proc_quirk_mwait_check()
Linus Torvalds [Fri, 22 Sep 2023 19:41:43 +0000 (12:41 -0700)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Small crop of relatively boring arm64 fixes for -rc3.
That's not to say we don't have any juicy bugs, however, it's just
that fixes for those are likely to come via -mm and -tip for a hugetlb
and an atomics issue respectively. I get left with the
documentation...
- Fix detection of "ClearBHB" and "Hinted Conditional Branch" features
- Fix broken wildcarding for Arm PMU MAINTAINERS entry
- Add missing documentation for userspace-visible ID register fields"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Document missing userspace visible fields in ID_AA64ISAR2_EL1
arm64/hbc: Document HWCAP2_HBC
arm64/sme: Include ID_AA64PFR1_EL1.SME in cpu-feature-registers.rst
arm64: cpufeature: Fix CLRBHB and BC detection
MAINTAINERS: Use wildcard pattern for ARM PMU headers
Linus Torvalds [Fri, 22 Sep 2023 19:35:56 +0000 (12:35 -0700)]
Merge tag 'x86_urgent_for_v6.6-rc3' of git://git./linux/kernel/git/tip/tip
Pull x86 rethunk fixes from Borislav Petkov:
"Fix the patching ordering between static calls and return thunks"
* tag 'x86_urgent_for_v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86,static_call: Fix static-call vs return-thunk
x86/alternatives: Remove faulty optimization
Linus Torvalds [Fri, 22 Sep 2023 19:26:42 +0000 (12:26 -0700)]
Merge tag 'x86-urgent-2023-09-22' of git://git./linux/kernel/git/tip/tip
Pull misc x86 fixes from Ingo Molnar:
- Fix a kexec bug
- Fix an UML build bug
- Fix a handful of SRSO related bugs
- Fix a shadow stacks handling bug & robustify related code
* tag 'x86-urgent-2023-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/shstk: Add warning for shadow stack double unmap
x86/shstk: Remove useless clone error handling
x86/shstk: Handle vfork clone failure correctly
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
x86/srso: Don't probe microcode in a guest
x86/srso: Set CPUID feature bits independently of bug or mitigation status
x86/srso: Fix srso_show_state() side effect
x86/asm: Fix build of UML with KASAN
x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
Linus Torvalds [Fri, 22 Sep 2023 19:16:46 +0000 (12:16 -0700)]
Merge tag 'sched-urgent-2023-09-22' of git://git./linux/kernel/git/tip/tip
Pull scheduler fix from Ingo Molnar:
"Fix a PF_IDLE initialization bug that generated warnings on tiny-RCU"
* tag 'sched-urgent-2023-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
kernel/sched: Modify initial boot task idle setup
Linus Torvalds [Fri, 22 Sep 2023 19:02:30 +0000 (12:02 -0700)]
Merge tag 'locking-urgent-2023-09-22' of git://git./linux/kernel/git/tip/tip
Pull locking fixes from Ingo Molnar:
"Fix a include/linux/atomic/atomic-arch-fallback.h breakage that
generated incorrect code, and fix a lockdep reporting race that may
result in lockups"
* tag 'locking-urgent-2023-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested()
locking/atomic: scripts: fix fallback ifdeffery
Peter Zijlstra [Fri, 22 Sep 2023 10:12:25 +0000 (10:12 +0000)]
x86,static_call: Fix static-call vs return-thunk
Commit
7825451fa4dc ("static_call: Add call depth tracking support")
failed to realize the problem fixed there is not specific to call depth
tracking but applies to all return-thunk uses.
Move the fix to the appropriate place and condition.
Fixes:
ee88d363d156 ("x86,static_call: Use alternative RET encoding")
Reported-by: David Kaplan <David.Kaplan@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Josh Poimboeuf [Tue, 5 Sep 2023 05:04:54 +0000 (22:04 -0700)]
x86/alternatives: Remove faulty optimization
The following commit
095b8303f383 ("x86/alternative: Make custom return thunk unconditional")
made '__x86_return_thunk' a placeholder value. All code setting
X86_FEATURE_RETHUNK also changes the value of 'x86_return_thunk'. So
the optimization at the beginning of apply_returns() is dead code.
Also, before the above-mentioned commit, the optimization actually had a
bug It bypassed __static_call_fixup(), causing some raw returns to
remain unpatched in static call trampolines. Thus the 'Fixes' tag.
Fixes:
d2408e043e72 ("x86/alternative: Optimize returns patching")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/16d19d2249d4485d8380fb215ffaae81e6b8119e.1693889988.git.jpoimboe@kernel.org
Rafael J. Wysocki [Fri, 22 Sep 2023 16:34:34 +0000 (18:34 +0200)]
Merge branch 'acpi-processor'
Merge a fix for recently introduced uninitialized memory access in the
ACPI processor driver from Michal Wilczynski.
* acpi-processor:
ACPI: processor: Fix uninitialized access of buf in acpi_set_pdc_bits()
Linus Torvalds [Fri, 22 Sep 2023 16:25:26 +0000 (09:25 -0700)]
Merge tag 'efi-fixes-for-v6.6-2' of git://git./linux/kernel/git/efi/efi
Pull EFI fix from Ard Biesheuvel:
"Follow-up fix for the unaccepted memory fix merged last week as part
of the first EFI fixes batch.
The unaccepted memory table needs to be accessible very early, even in
cases (such as crashkernels) where the direct map does not cover all
of DRAM, and so it is added to memblock explicitly, and subsequently
memblock_reserve()'d as before"
* tag 'efi-fixes-for-v6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
efi/unaccepted: Make sure unaccepted table is mapped
Linus Torvalds [Fri, 22 Sep 2023 16:18:51 +0000 (09:18 -0700)]
Merge tag 'drm-fixes-2023-09-22-2' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Ben Skeggs is stepping away from nouveau and Red Hat for personal
reasons, he'll be missed and we intend to fill the gaps in the
upcoming time with Danilo and Lyude stepping in for now.
Otherwise i915, nouveau, amdgpu with a few each and some misc spread
around.
MAINTAINERS:
- drop Ben as he retired from nouveau
core:
- drm_mm test fixes
fbdev:
- Kconfig fixes
ivpu:
- IRQ-handling fixes
meson:
- Fix memory leak in HDMI EDID code
nouveau:
- Correct type casting
- Fix memory leak in scheduler
- u_memcpya() fixes
i915:
- Prevent error pointer dereference
- Fix PMU busyness values when using GuC mode
amdgpu:
- MST fix
- Vbios part number reporting fix
- Fix a possible memory leak in an error case in the RAS code
- Fix low resolution modes on eDP
amdkfd:
- Fix GPU address for user queue wptr when GART is not at 0"
* tag 'drm-fixes-2023-09-22-2' of git://anongit.freedesktop.org/drm/drm:
MAINTAINERS: remove myself as nouveau maintainer
fbdev/sh7760fb: Depend on FB=y
drm/amdkfd: Use gpu_offset for user queue's wptr
drm/amd/display: fix the ability to use lower resolution modes on eDP
drm/amdgpu: fix a memory leak in amdgpu_ras_feature_enable
Revert "drm/amdgpu: Report vbios version instead of PN"
drm/amd/display: Fix MST recognizes connected displays as one
drm/virtio: clean out_fence on complete_submit
i915/pmu: Move execlist stats initialization to execlist specific setup
drm/i915/gt: Prevent error pointer dereference
drm/meson: fix memory leak on ->hpd_notify callback
accel/ivpu/40xx: Fix buttress interrupt handling
nouveau/u_memcpya: fix NULL vs error pointer bug
nouveau/u_memcpya: use vmemdup_user
drm/nouveau: sched: fix leaking memory of timedout job
drm/nouveau: fence: fix type cast warning in nouveau_fence_emit()
drm: fix up fbdev Kconfig defaults
drm/tests: Fix incorrect argument in drm_test_mm_insert_range
Linus Torvalds [Fri, 22 Sep 2023 16:15:37 +0000 (09:15 -0700)]
Merge tag 'v6.6-p3' of git://git./linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"This fixes a regression in sm2"
* tag 'v6.6-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: sm2 - Fix crash caused by uninitialized context
Linus Torvalds [Fri, 22 Sep 2023 16:11:35 +0000 (09:11 -0700)]
Merge tag 'platform-drivers-x86-v6.6-3' of git://git./linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver fixes from Hans de Goede:
"The most noteworthy change in here is the addition of Ilpo Järvinen as
co-maintainer of platform-drivers-x86. Ilpo will be helping me with
platform-drivers-x86 maintenance going forward and you can expect
pull-requests from Ilpo in the future.
Other then that there is a set of Intel SCU IPC fixes and a
thinkpad_acpi locking fix"
* tag 'platform-drivers-x86-v6.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
MAINTAINERS: Add x86 platform drivers patchwork
MAINTAINERS: Add myself into x86 platform driver maintainers
platform/x86: thinkpad_acpi: Take mutex in hotkey_resume
platform/x86: intel_scu_ipc: Fail IPC send if still busy
platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command()
platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt()
platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
Daniel Scally [Wed, 20 Sep 2023 13:41:09 +0000 (14:41 +0100)]
i2c: xiic: Correct return value check for xiic_reinit()
The error paths for xiic_reinit() return negative values on failure
and 0 on success - this error message therefore is triggered on
_success_ rather than failure. Correct the condition so it's only
shown on failure as intended.
Fixes:
8fa9c9388053 ("i2c: xiic: return value of xiic_reinit")
Signed-off-by: Daniel Scally <dan.scally@ideasonboard.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Bartosz Golaszewski [Wed, 20 Sep 2023 07:32:53 +0000 (09:32 +0200)]
gpio: sim: fix an invalid __free() usage
gpio_sim_make_line_names() returns NULL or ERR_PTR() so we must not use
__free(kfree) on the returned address. Split this function into two, one
that determines the size of the "gpio-line-names" array to allocate and
one that actually sets the names at correct offsets. The allocation and
assignment of the managed pointer happens in between.
Fixes:
3faf89f27aab ("gpio: sim: simplify code with cleanup helpers")
Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Closes: https://lore.kernel.org/all/
07c32bf1-6c1a-49d9-b97d-
f0ae4a2b42ab@p183/
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Ben Skeggs [Mon, 18 Sep 2023 22:22:25 +0000 (08:22 +1000)]
MAINTAINERS: remove myself as nouveau maintainer
I have resigned, and will no longer be taking as active a role in
nouveau development.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230918222225.8629-1-skeggsb@gmail.com
Dave Airlie [Fri, 22 Sep 2023 05:38:33 +0000 (15:38 +1000)]
Merge tag 'amd-drm-fixes-6.6-2023-09-20' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
amd-drm-fixes-6.6-2023-09-20:
amdgpu:
- MST fix
- Vbios part number reporting fix
- Fix a possible memory leak in an error case in the RAS code
- Fix low resolution modes on eDP
amdkfd:
- Fix GPU address for user queue wptr when GART is not at 0
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230920222915.7789-1-alexander.deucher@amd.com
Dave Airlie [Fri, 22 Sep 2023 05:32:04 +0000 (15:32 +1000)]
Merge tag 'drm-intel-fixes-2023-09-21' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Prevent error pointer dereference (Dan Carpenter)
- Fix PMU busyness values when using GuC mode (Umesh)
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/ZQxf267jxc7tiIlZ@intel.com
Dave Airlie [Fri, 22 Sep 2023 04:38:21 +0000 (14:38 +1000)]
Merge tag 'drm-misc-fixes-2023-09-21' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Short summary of fixes pull:
* DRM MM-test fixes
* Fbdev Kconfig fixes
* ivpu:
* IRQ-handling fixes
* meson:
* Fix memory leak in HDMI EDID code
* nouveau:
* Correct type casting
* Fix memory leak in scheduler
* u_memcpya() fixes
* virtio:
* Fence cleanups
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20230921153712.GA14059@linux-uq9g
Rafael J. Wysocki [Thu, 21 Sep 2023 19:39:23 +0000 (21:39 +0200)]
Merge tag 'fix-ia64-build-for-v6.6' of ssh://gitolite./linux/kernel/git/ardb/linux
Merge an ia64 ACPI build fix for v6.6 from Ard Biesheuvel:
"Build fix for Itanium/ia64:
- provide dummy implementation of acpi_proc_quirk_mwait_check() which
was moved out of generic code into arch/x86, breaking the ia64 build"
* tag 'fix-ia64-build-for-v6.6' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/ardb/linux:
acpi: Provide ia64 dummy implementation of acpi_proc_quirk_mwait_check()
Linus Torvalds [Thu, 21 Sep 2023 18:28:16 +0000 (11:28 -0700)]
Merge tag 'net-6.6-rc3' of git://git./linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from netfilter and bpf.
Current release - regressions:
- bpf: adjust size_index according to the value of KMALLOC_MIN_SIZE
- netfilter: fix entries val in rule reset audit log
- eth: stmmac: fix incorrect rxq|txq_stats reference
Previous releases - regressions:
- ipv4: fix null-deref in ipv4_link_failure
- netfilter:
- fix several GC related issues
- fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
- eth: team: fix null-ptr-deref when team device type is changed
- eth: i40e: fix VF VLAN offloading when port VLAN is configured
- eth: ionic: fix 16bit math issue when PAGE_SIZE >= 64KB
Previous releases - always broken:
- core: fix ETH_P_1588 flow dissector
- mptcp: fix several connection hang-up conditions
- bpf:
- avoid deadlock when using queue and stack maps from NMI
- add override check to kprobe multi link attach
- hsr: properly parse HSRv1 supervisor frames.
- eth: igc: fix infinite initialization loop with early XDP redirect
- eth: octeon_ep: fix tx dma unmap len values in SG
- eth: hns3: fix GRE checksum offload issue"
* tag 'net-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (87 commits)
sfc: handle error pointers returned by rhashtable_lookup_get_insert_fast()
igc: Expose tx-usecs coalesce setting to user
octeontx2-pf: Do xdp_do_flush() after redirects.
bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
net: ena: Flush XDP packets on error.
net/handshake: Fix memory leak in __sock_create() and sock_alloc_file()
net: hinic: Fix warning-hinic_set_vlan_fliter() warn: variable dereferenced before check 'hwdev'
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
netfilter: nf_tables: fix memleak when more than 255 elements expired
netfilter: nf_tables: disable toggling dormant table state more than once
vxlan: Add missing entries to vxlan_get_size()
net: rds: Fix possible NULL-pointer dereference
team: fix null-ptr-deref when team device type is changed
net: bridge: use DEV_STATS_INC()
net: hns3: add 5ms delay before clear firmware reset irq source
net: hns3: fix fail to delete tc flower rules during reset issue
net: hns3: only enable unicast promisc when mac table full
net: hns3: fix GRE checksum offload issue
net: hns3: add cmdq check for vf periodic service task
net: stmmac: fix incorrect rxq|txq_stats reference
...
Linus Torvalds [Thu, 21 Sep 2023 17:15:26 +0000 (10:15 -0700)]
Merge tag 'v6.6-rc3.vfs.ctime.revert' of git://git./linux/kernel/git/vfs/vfs
Pull finegrained timestamp reverts from Christian Brauner:
"Earlier this week we sent a few minor fixes for the multi-grained
timestamp work in [1]. While we were polishing those up after Linus
realized that there might be a nicer way to fix them we received a
regression report in [2] that fine grained timestamps break gnulib
tests and thus possibly other tools.
The kernel will elide fine-grain timestamp updates when no one is
actively querying for them to avoid performance impacts. So a sequence
like write(f1) stat(f2) write(f2) stat(f2) write(f1) stat(f1) may
result in timestamp f1 to be older than the final f2 timestamp even
though f1 was last written too but the second write didn't update the
timestamp.
Such plotholes can lead to subtle bugs when programs compare
timestamps. For example, the nap() function in [2] will estimate that
it needs to wait one ns on a fine-grain timestamp enabled filesytem
between subsequent calls to observe a timestamp change. But in general
we don't update timestamps with more than one jiffie if we think that
no one is actively querying for fine-grain timestamps to avoid
performance impacts.
While discussing various fixes the decision was to go back to the
drawing board and ultimately to explore a solution that involves only
exposing such fine-grained timestamps to nfs internally and never to
userspace.
As there are multiple solutions discussed the honest thing to do here
is not to fix this up or disable it but to cleanly revert. The general
infrastructure will probably come back but there is no reason to keep
this code in mainline.
The general changes to timestamp handling are valid and a good cleanup
that will stay. The revert is fully bisectable"
Link: https://lore.kernel.org/all/20230918-hirte-neuzugang-4c2324e7bae3@brauner
Link: https://lore.kernel.org/all/bf0524debb976627693e12ad23690094e4514303.camel@linuxfromscratch.org
* tag 'v6.6-rc3.vfs.ctime.revert' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
Revert "fs: add infrastructure for multigrain timestamps"
Revert "btrfs: convert to multigrain timestamps"
Revert "ext4: switch to multigrain timestamps"
Revert "xfs: switch to multigrain timestamps"
Revert "tmpfs: add support for multigrain timestamps"
Ilpo Järvinen [Tue, 19 Sep 2023 12:39:48 +0000 (15:39 +0300)]
MAINTAINERS: Add x86 platform drivers patchwork
Add x86 platform drivers patchwork which has been missing from
MAINTAINERS.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20230919123948.1583-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Linus Torvalds [Thu, 21 Sep 2023 15:39:24 +0000 (08:39 -0700)]
Merge tag 'powerpc-6.6-2' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
- A fix for breakpoint handling which was using get_user() while atomic
- Fix the Power10 HASHCHK handler which was using get_user() while
atomic
- A few build fixes for issues caused by recent changes
Thanks to Benjamin Gray, Christophe Leroy, Kajol Jain, and Naveen N Rao.
* tag 'powerpc-6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/dexcr: Move HASHCHK trap handler
powerpc/82xx: Select FSL_SOC
powerpc: Fix build issue with LD_DEAD_CODE_DATA_ELIMINATION and FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY
powerpc/watchpoints: Annotate atomic context in more places
powerpc/watchpoint: Disable pagefaults when getting user instruction
powerpc/watchpoints: Disable preemption in thread_change_pc()
powerpc/perf/hv-24x7: Update domain value check
Linus Torvalds [Thu, 21 Sep 2023 15:27:42 +0000 (08:27 -0700)]
Merge tag 'for-linus-6.6a-rc3-tag' of git://git./linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
- remove some unused functions in the Xen event channel handling
- fix a regression (introduced during the merge window) when booting as
Xen PV guest
- small cleanup removing another strncpy() instance
* tag 'for-linus-6.6a-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/efi: refactor deprecated strncpy
x86/xen: allow nesting of same lazy mode
x86/xen: move paravirt lazy code
arm/xen: remove lazy mode related definitions
xen: simplify evtchn_do_upcall() call maze
Linus Torvalds [Thu, 21 Sep 2023 15:21:23 +0000 (08:21 -0700)]
Merge tag 'fixes-2023-09-21' of git://git./linux/kernel/git/rppt/memblock
Pull memblock test fixes from Mike Rapoport:
"Fix several compilation errors and warnings in memblock tests"
* tag 'fixes-2023-09-21' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
memblock tests: fix warning ‘struct seq_file’ declared inside parameter list
memblock tests: fix warning: "__ALIGN_KERNEL" redefined
memblock tests: Fix compilation errors.
Linus Torvalds [Thu, 21 Sep 2023 15:13:15 +0000 (08:13 -0700)]
Merge tag 'sound-6.6-rc3' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A large collection of fixes around this time.
All small and mostly trivial fixes.
- Lots of fixes for the new -Wformat-truncation warnings
- A fix in ALSA rawmidi core regression and UMP handling
- Series of Cirrus codec fixes
- ASoC Intel and Realtek codec fixes
- Usual HD- and USB-audio quirks and AMD ASoC quirks"
* tag 'sound-6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (64 commits)
ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support
ALSA: hda: cs35l56: Use the new RUNTIME_PM_OPS() macro
ALSA: usb-audio: scarlett_gen2: Fix another -Wformat-truncation warning
ALSA: rawmidi: Fix NULL dereference at proc read
ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful
ASoC: SOF: Intel: MTL: Reduce the DSP init timeout
ASoC: cs42l43: Add shared IRQ flag for shutters
ASoC: imx-audmix: Fix return error with devm_clk_get()
ASoC: hdaudio.c: Add missing check for devm_kstrdup
ALSA: riptide: Fix -Wformat-truncation warning for longname string
ALSA: cs4231: Fix -Wformat-truncation warning for longname string
ALSA: ad1848: Fix -Wformat-truncation warning for longname string
ALSA: hda: generic: Check potential mixer name string truncation
ALSA: cmipci: Fix -Wformat-truncation warning
ALSA: firewire: Fix -Wformat-truncation warning for MIDI stream names
ALSA: firewire: Fix -Wformat-truncation warning for longname string
ALSA: xen: Fix -Wformat-truncation warning
ALSA: opti9x: Fix -Wformat-truncation warning
ALSA: es1688: Fix -Wformat-truncation warning
ALSA: cs4236: Fix -Wformat-truncation warning
...
Linus Torvalds [Thu, 21 Sep 2023 15:10:47 +0000 (08:10 -0700)]
Merge tag 'hwmon-for-v6.6-rc3' of git://git./linux/kernel/git/groeck/linux-staging
Pull hwmon fix from Guenter Roeck:
"One patch to drop a non-existent alarm attribute in the nct6775 driver"
* tag 'hwmon-for-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (nct6775) Fix non-existent ALARM warning
Paolo Abeni [Thu, 21 Sep 2023 09:09:44 +0000 (11:09 +0200)]
Merge tag 'nf-23-09-20' of https://git./linux/kernel/git/netfilter/nf
Florian Westphal says:
====================
netfilter updates for net
The following three patches fix regressions in the netfilter subsystem:
1. Reject attempts to repeatedly toggle the 'dormant' flag in a single
transaction. Doing so makes nf_tables lose track of the real state
vs. the desired state. This ends with an attempt to unregister hooks
that were never registered in the first place, which yields a splat.
2. Fix element counting in the new nftables garbage collection infra
that came with 6.5: More than 255 expired elements wraps a counter
which results in memory leak.
3. Since 6.4 ipset can BUG when a set is renamed while a CREATE command
is in progress, fix from Jozsef Kadlecsik.
* tag 'nf-23-09-20' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
netfilter: nf_tables: fix memleak when more than 255 elements expired
netfilter: nf_tables: disable toggling dormant table state more than once
====================
Link: https://lore.kernel.org/r/20230920084156.4192-1-fw@strlen.de
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Liang He [Wed, 22 Mar 2023 04:29:51 +0000 (12:29 +0800)]
i2c: mux: gpio: Add missing fwnode_handle_put()
In i2c_mux_gpio_probe_fw(), we should add fwnode_handle_put()
when break out of the iteration device_for_each_child_node()
as it will automatically increase and decrease the refcounter.
Fixes:
98b2b712bc85 ("i2c: i2c-mux-gpio: Enable this driver in ACPI land")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Edward Cree [Tue, 19 Sep 2023 18:39:49 +0000 (19:39 +0100)]
sfc: handle error pointers returned by rhashtable_lookup_get_insert_fast()
Several places in TC offload code assumed that the return from
rhashtable_lookup_get_insert_fast() was always either NULL or a valid
pointer to an existing entry, but in fact that function can return an
error pointer. In that case, perform the usual cleanup of the newly
created entry, then pass up the error, rather than attempting to take a
reference on the old entry.
Fixes:
d902e1a737d4 ("sfc: bare bones TC offload on EF100")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Edward Cree <ecree.xilinx@gmail.com>
Link: https://lore.kernel.org/r/20230919183949.59392-1-edward.cree@amd.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Thomas Zimmermann [Mon, 18 Sep 2023 09:03:49 +0000 (11:03 +0200)]
fbdev/sh7760fb: Depend on FB=y
Fix linker error if FB=m about missing fb_io_read and fb_io_write. The
linker's error message suggests that this config setting has already
been broken for other symbols.
All errors (new ones prefixed by >>):
sh4-linux-ld: drivers/video/fbdev/sh7760fb.o: in function `sh7760fb_probe':
sh7760fb.c:(.text+0x374): undefined reference to `framebuffer_alloc'
sh4-linux-ld: sh7760fb.c:(.text+0x394): undefined reference to `fb_videomode_to_var'
sh4-linux-ld: sh7760fb.c:(.text+0x39c): undefined reference to `fb_alloc_cmap'
sh4-linux-ld: sh7760fb.c:(.text+0x3a4): undefined reference to `register_framebuffer'
sh4-linux-ld: sh7760fb.c:(.text+0x3ac): undefined reference to `fb_dealloc_cmap'
sh4-linux-ld: sh7760fb.c:(.text+0x434): undefined reference to `framebuffer_release'
sh4-linux-ld: drivers/video/fbdev/sh7760fb.o: in function `sh7760fb_remove':
sh7760fb.c:(.text+0x800): undefined reference to `unregister_framebuffer'
sh4-linux-ld: sh7760fb.c:(.text+0x804): undefined reference to `fb_dealloc_cmap'
sh4-linux-ld: sh7760fb.c:(.text+0x814): undefined reference to `framebuffer_release'
>> sh4-linux-ld: drivers/video/fbdev/sh7760fb.o:(.rodata+0xc): undefined reference to `fb_io_read'
>> sh4-linux-ld: drivers/video/fbdev/sh7760fb.o:(.rodata+0x10): undefined reference to `fb_io_write'
sh4-linux-ld: drivers/video/fbdev/sh7760fb.o:(.rodata+0x2c): undefined reference to `cfb_fillrect'
sh4-linux-ld: drivers/video/fbdev/sh7760fb.o:(.rodata+0x30): undefined reference to `cfb_copyarea'
sh4-linux-ld: drivers/video/fbdev/sh7760fb.o:(.rodata+0x34): undefined reference to `cfb_imageblit'
Suggested-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/
202309130632.LS04CPWu-lkp@intel.com/
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Acked-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20230918090400.13264-1-tzimmermann@suse.de
Muhammad Husaini Zulkifli [Tue, 19 Sep 2023 17:03:31 +0000 (10:03 -0700)]
igc: Expose tx-usecs coalesce setting to user
When users attempt to obtain the coalesce setting using the
ethtool command, current code always returns 0 for tx-usecs.
This is because I225/6 always uses a queue pair setting, hence
tx_coalesce_usecs does not return a value during the
igc_ethtool_get_coalesce() callback process. The pair queue
condition checking in igc_ethtool_get_coalesce() is removed by
this patch so that the user gets information of the value of tx-usecs.
Even if i225/6 is using queue pair setting, there is no harm in
notifying the user of the tx-usecs. The implementation of the current
code may have previously been a copy of the legacy code i210.
Since I225 has the queue pair setting enabled, tx-usecs will always adhere
to the user-set rx-usecs value. An error message will appear when the user
attempts to set the tx-usecs value for the input parameters because,
by default, they should only set the rx-usecs value.
This patch also adds the helper function to get the
previous rx coalesce value similar to tx coalesce.
How to test:
User can get the coalesce value using ethtool command.
Example command:
Get: ethtool -c <interface>
Previous output:
rx-usecs: 3
rx-frames: n/a
rx-usecs-irq: n/a
rx-frames-irq: n/a
tx-usecs: 0
tx-frames: n/a
tx-usecs-irq: n/a
tx-frames-irq: n/a
New output:
rx-usecs: 3
rx-frames: n/a
rx-usecs-irq: n/a
rx-frames-irq: n/a
tx-usecs: 3
tx-frames: n/a
tx-usecs-irq: n/a
tx-frames-irq: n/a
Fixes:
8c5ad0dae93c ("igc: Add ethtool support")
Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20230919170331.1581031-1-anthony.l.nguyen@intel.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Paolo Abeni [Thu, 21 Sep 2023 07:01:44 +0000 (09:01 +0200)]
Merge branch 'add-missing-xdp_do_flush-invocations'
Sebastian Andrzej Siewior says:
====================
Add missing xdp_do_flush() invocations.
I've been looking at the drivers/ XDP users and noticed that some
XDP_REDIRECT user don't invoke xdp_do_flush() at the end.
====================
Link: https://lore.kernel.org/r/20230918153611.165722-1-bigeasy@linutronix.de
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Sebastian Andrzej Siewior [Mon, 18 Sep 2023 15:36:11 +0000 (17:36 +0200)]
octeontx2-pf: Do xdp_do_flush() after redirects.
xdp_do_flush() should be invoked before leaving the NAPI poll function
if XDP-redirect has been performed.
Invoke xdp_do_flush() before leaving NAPI.
Cc: Geetha sowjanya <gakula@marvell.com>
Cc: Subbaraya Sundeep <sbhatta@marvell.com>
Cc: Sunil Goutham <sgoutham@marvell.com>
Cc: hariprasad <hkelam@marvell.com>
Fixes:
06059a1a9a4a5 ("octeontx2-pf: Add XDP support to netdev PF")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Geethasowjanya Akula <gakula@marvell.com>
Acked-by: Jesper Dangaard Brouer <hawk@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Sebastian Andrzej Siewior [Mon, 18 Sep 2023 15:36:10 +0000 (17:36 +0200)]
bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
bnxt_poll_nitroa0() invokes bnxt_rx_pkt() which can run a XDP program
which in turn can return XDP_REDIRECT. bnxt_rx_pkt() is also used by
__bnxt_poll_work() which flushes (xdp_do_flush()) the packets after each
round. bnxt_poll_nitroa0() lacks this feature.
xdp_do_flush() should be invoked before leaving the NAPI callback.
Invoke xdp_do_flush() after a redirect in bnxt_poll_nitroa0() NAPI.
Cc: Michael Chan <michael.chan@broadcom.com>
Fixes:
f18c2b77b2e4e ("bnxt_en: optimized XDP_REDIRECT support")
Reviewed-by: Andy Gospodarek <gospo@broadcom.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Acked-by: Jesper Dangaard Brouer <hawk@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Sebastian Andrzej Siewior [Mon, 18 Sep 2023 15:36:09 +0000 (17:36 +0200)]
net: ena: Flush XDP packets on error.
xdp_do_flush() should be invoked before leaving the NAPI poll function
after a XDP-redirect. This is not the case if the driver leaves via
the error path (after having a redirect in one of its previous
iterations).
Invoke xdp_do_flush() also in the error path.
Cc: Arthur Kiyanovski <akiyano@amazon.com>
Cc: David Arinzon <darinzon@amazon.com>
Cc: Noam Dagan <ndagan@amazon.com>
Cc: Saeed Bishara <saeedb@amazon.com>
Cc: Shay Agroskin <shayagr@amazon.com>
Fixes:
a318c70ad152b ("net: ena: introduce XDP redirect implementation")
Acked-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Jesper Dangaard Brouer <hawk@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Sebastian Andrzej Siewior [Wed, 20 Sep 2023 10:46:27 +0000 (12:46 +0200)]
locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested()
It was brought up by Tetsuo that the following sequence:
write_seqlock_irqsave()
printk_deferred_enter()
could lead to a deadlock if the lockdep annotation within
write_seqlock_irqsave() triggers.
The problem is that the sequence counter is incremented before the lockdep
annotation is performed. The lockdep splat would then attempt to invoke
printk() but the reader side, of the same seqcount, could have a
tty_port::lock acquired waiting for the sequence number to become even again.
The other lockdep annotations come before the actual locking because "we
want to see the locking error before it happens". There is no reason why
seqcount should be different here.
Do the lockdep annotation first then perform the locking operation (the
sequence increment).
Fixes:
1ca7d67cf5d5a ("seqcount: Add lockdep functionality to seqcount/seqlock structures")
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20230920104627._DTHgPyA@linutronix.de
Closes: https://lore.kernel.org/
20230621130641.-5iueY1I@linutronix.de
Steve French [Thu, 21 Sep 2023 00:50:05 +0000 (19:50 -0500)]
smb3: fix confusing debug message
The message said it was an invalid mode, when it was intentionally
not set. Fix confusing message logged to dmesg.
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
YuBiao Wang [Fri, 15 Sep 2023 02:47:50 +0000 (10:47 +0800)]
drm/amdkfd: Use gpu_offset for user queue's wptr
Directly use tbo's start address will miss the domain start offset. Need
to use gpu_offset instead.
Signed-off-by: YuBiao Wang <YuBiao.Wang@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Hamza Mahfooz [Wed, 13 Sep 2023 18:48:08 +0000 (14:48 -0400)]
drm/amd/display: fix the ability to use lower resolution modes on eDP
On eDP we can receive invalid modes from dm_update_crtc_state() for
entirely new streams for which drm_mode_set_crtcinfo() shouldn't be
called on. So, instead of calling drm_mode_set_crtcinfo() from within
create_stream_for_sink() we can instead call it from
amdgpu_dm_connector_mode_valid(). Since, we are guaranteed to only call
drm_mode_set_crtcinfo() for valid modes from that function (invalid
modes are rejected by that callback) and that is the only user
of create_validate_stream_for_sink() that we need to call
drm_mode_set_crtcinfo() for (as before commit
cb841d27b876
("drm/amd/display: Always pass connector_state to stream validation"),
that is the only place where create_validate_stream_for_sink()'s
dm_state was NULL).
Cc: stable@vger.kernel.org
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2693
Fixes:
cb841d27b876 ("drm/amd/display: Always pass connector_state to stream validation")
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cong Liu [Thu, 14 Sep 2023 09:45:33 +0000 (17:45 +0800)]
drm/amdgpu: fix a memory leak in amdgpu_ras_feature_enable
This patch fixes a memory leak in the amdgpu_ras_feature_enable() function.
The leak occurs when the function sends a command to the firmware to enable
or disable a RAS feature for a GFX block. If the command fails, the kfree()
function is not called to free the info memory.
Fixes:
9f051d6ff13f ("drm/amdgpu: Free ras cmd input buffer properly")
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Cong Liu <liucong2@kylinos.cn>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Xiaoke Wang [Thu, 3 Mar 2022 12:39:14 +0000 (20:39 +0800)]
i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
devm_kstrdup() returns pointer to allocated string on success,
NULL on failure. So it is better to check the return value of it.
Fixes:
e35478eac030 ("i2c: mux: demux-pinctrl: run properly with multiple instances")
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Lijo Lazar [Thu, 14 Sep 2023 06:16:08 +0000 (11:46 +0530)]
Revert "drm/amdgpu: Report vbios version instead of PN"
This reverts commit
7748ce5b69581325cae40c2134088820f0957902.
vbios_version sysfs node is used to identify Part Number also. Revert to
the same so that it doesn't break scripts/software which parse this.
Signed-off-by: Lijo Lazar <lijo.lazar@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Muhammad Ahmed [Wed, 23 Aug 2023 23:25:25 +0000 (19:25 -0400)]
drm/amd/display: Fix MST recognizes connected displays as one
[What]
MST now recognizes both connected displays
Fixes:
927e784c180c ("drm/amd/display: Add symclk enable/disable during stream enable/disable")
Reviewed-by: Charlene Liu <charlene.liu@amd.com>
Acked-by: Stylon Wang <stylon.wang@amd.com>
Signed-off-by: Muhammad Ahmed <ahmed.ahmed@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Paulo Alcantara [Wed, 20 Sep 2023 20:42:11 +0000 (17:42 -0300)]
smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED
Fix missing set of cifs_open_info_data::reparse_point when SMB2_CREATE
request fails with STATUS_IO_REPARSE_TAG_NOT_HANDLED.
Fixes:
5f71ebc41294 ("smb: client: parse reparse point flag in create response")
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
José Pekkarinen [Tue, 12 Sep 2023 06:08:24 +0000 (09:08 +0300)]
drm/virtio: clean out_fence on complete_submit
The removed line prevents the following cleanup function
to execute a dma_fence_put on the out_fence to free its
memory, producing the following output in kmemleak:
unreferenced object 0xffff888126d8ee00 (size 128):
comm "kwin_wayland", pid 981, jiffies
4295380296 (age 390.060s)
hex dump (first 32 bytes):
c8 a1 c2 27 81 88 ff ff e0 14 a9 c0 ff ff ff ff ...'............
30 1a e1 2e a6 00 00 00 28 fc 5b 17 81 88 ff ff 0.......(.[.....
backtrace:
[<
0000000011655661>] kmalloc_trace+0x26/0xa0
[<
0000000055f15b82>] virtio_gpu_fence_alloc+0x47/0xc0 [virtio_gpu]
[<
00000000fa6d96f9>] virtio_gpu_execbuffer_ioctl+0x1a8/0x800 [virtio_gpu]
[<
00000000e6cb5105>] drm_ioctl_kernel+0x169/0x240 [drm]
[<
000000005ad33e27>] drm_ioctl+0x399/0x6b0 [drm]
[<
00000000a19dbf65>] __x64_sys_ioctl+0xc5/0x100
[<
0000000011fa801e>] do_syscall_64+0x5b/0xc0
[<
0000000065c76d8a>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
unreferenced object 0xffff888121930500 (size 128):
comm "kwin_wayland", pid 981, jiffies
4295380313 (age 390.096s)
hex dump (first 32 bytes):
c8 a1 c2 27 81 88 ff ff e0 14 a9 c0 ff ff ff ff ...'............
f9 ec d7 2f a6 00 00 00 28 fc 5b 17 81 88 ff ff .../....(.[.....
backtrace:
[<
0000000011655661>] kmalloc_trace+0x26/0xa0
[<
0000000055f15b82>] virtio_gpu_fence_alloc+0x47/0xc0 [virtio_gpu]
[<
00000000fa6d96f9>] virtio_gpu_execbuffer_ioctl+0x1a8/0x800 [virtio_gpu]
[<
00000000e6cb5105>] drm_ioctl_kernel+0x169/0x240 [drm]
[<
000000005ad33e27>] drm_ioctl+0x399/0x6b0 [drm]
[<
00000000a19dbf65>] __x64_sys_ioctl+0xc5/0x100
[<
0000000011fa801e>] do_syscall_64+0x5b/0xc0
[<
0000000065c76d8a>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[...]
This memleak will grow quickly, being possible to see the
following line in dmesg after few minutes of life in the
virtual machine:
[ 706.217388] kmemleak: 10731 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
The patch will remove the line to allow the cleanup
function do its job.
Signed-off-by: José Pekkarinen <jose.pekkarinen@foxhound.fi>
Fixes:
e4812ab8e6b1 ("drm/virtio: Refactor and optimize job submission code path")
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230912060824.5210-1-jose.pekkarinen@foxhound.fi
Steve French [Wed, 20 Sep 2023 21:04:51 +0000 (16:04 -0500)]
smb3: remove duplicate error mapping
In status_to_posix_error STATUS_IO_REPARSE_TAG_NOT_HANDLED was mapped
to both -EOPNOTSUPP and also to -EIO but the later one (-EIO) is
ignored. Remove the duplicate.
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Linus Torvalds [Wed, 20 Sep 2023 19:09:23 +0000 (12:09 -0700)]
Merge tag 'media/v6.6-2' of git://git./linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
- driver fixes due to incorrect fwnode_handle_put() call
- bt8xx: bttv_risc_packed(): remove field checks
- vb2: frame_vector.c: replace WARN_ONCE with a comment
- imx219: a couple typo fixes and perform a full mode set
unconditionally
- uvcvideo: Fix OOB read
- some dependency fixes
* tag 'media/v6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
media: imx-mipi-csis: Remove an incorrect fwnode_handle_put() call
media: vb2: frame_vector.c: replace WARN_ONCE with a comment
media: uvcvideo: Fix OOB read
media: bt8xx: bttv_risc_packed(): remove field checks
media: i2c: rdacm21: Remove an incorrect fwnode_handle_put() call
media: i2c: imx219: Perform a full mode set unconditionally
media: i2c: imx219: Fix crop rectangle setting when changing format
media: i2c: imx219: Fix a typo referring to a wrong variable
media: i2c: max9286: Remove an incorrect fwnode_handle_put() call
media: ivsc: Depend on VIDEO_DEV
media: via: Use correct dependency for camera sensor drivers
media: v4l: Use correct dependency for camera sensor drivers
media: pci: ivsc: Select build dependencies
Linus Torvalds [Wed, 20 Sep 2023 18:03:45 +0000 (11:03 -0700)]
Merge tag 'for-6.6-rc2-tag' of git://git./linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
"A few more followup fixes to the directory listing.
People have noticed different behaviour compared to other filesystems
after changes in 6.5. This is now unified to more "logical" and
expected behaviour while still within POSIX. And a few more fixes for
stable.
- change behaviour of readdir()/rewinddir() when new directory
entries are created after opendir(), properly tracking the last
entry
- fix race in readdir when multiple threads can set the last entry
index for a directory
Additionally:
- use exclusive lock when direct io might need to drop privs and call
notify_change()
- don't clear uptodate bit on page after an error, this may lead to a
deadlock in subpage mode
- fix waiting pattern when multiple readers block on Merkle tree
data, switch to folios"
* tag 'for-6.6-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: fix race between reading a directory and adding entries to it
btrfs: refresh dir last index during a rewinddir(3) call
btrfs: set last dir index to the current last index when opening dir
btrfs: don't clear uptodate on write errors
btrfs: file_remove_privs needs an exclusive lock in direct io write
btrfs: convert btrfs_read_merkle_tree_page() to use a folio
Linus Torvalds [Wed, 20 Sep 2023 16:28:22 +0000 (09:28 -0700)]
Merge tag 'spi-fix-v6.6-rc2' of git://git./linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A small collection of fixes, plus a new device ID for Intel Granite
Rapids systems.
The fix for the i.MX driver is fairly urgent, it's fixing a data
corruption issue when bits per word isn't 8.
There's also one fix which was queued but not sent for v6.4 due to
being minor and arriving at the end of the release"
* tag 'spi-fix-v6.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: imx: Take in account bits per word instead of assuming 8-bits
spi: intel-pci: Add support for Granite Rapids SPI serial flash
spi: stm32: add a delay before SPI disable
spi: nxp-fspi: reset the FLSHxCR1 registers
spi: zynqmp-gqspi: fix clock imbalance on probe failure
Linus Torvalds [Wed, 20 Sep 2023 16:26:42 +0000 (09:26 -0700)]
Merge tag 'regulator-fix-v6.6-rc2' of git://git./linux/kernel/git/broonie/regulator
Pull regulator fix from Mark Brown:
"One fix for the tps6287x driver which was incorrectly specifying the
field for voltage range selection leading to incorrect voltages being
set"
* tag 'regulator-fix-v6.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: Fix voltage range selection
Christian Brauner [Wed, 20 Sep 2023 14:40:13 +0000 (16:40 +0200)]
Revert "fs: add infrastructure for multigrain timestamps"
This reverts commit
ffb6cf19e06334062744b7e3493f71e500964f8e.
Users reported regressions due to enabling multi-grained timestamps
unconditionally. As no clear consensus on a solution has come up and the
discussion has gone back to the drawing board revert the infrastructure
changes for. If it isn't code that's here to stay, make it go away.
Message-ID: <
20230920-keine-eile-
c9755b5825db@brauner>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Christian Brauner [Wed, 20 Sep 2023 14:41:47 +0000 (16:41 +0200)]
Revert "btrfs: convert to multigrain timestamps"
This reverts commit
50e9ceef1d4f644ee0049e82e360058a64ec284c.
Users reported regressions due to enabling multi-grained timestamps
unconditionally. As no clear consensus on a solution has come up and the
discussion has gone back to the drawing board revert the infrastructure
changes for. If it isn't code that's here to stay, make it go away.
Message-ID: <
20230920-keine-eile-
c9755b5825db@brauner>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Christian Brauner [Wed, 20 Sep 2023 14:41:45 +0000 (16:41 +0200)]
Revert "ext4: switch to multigrain timestamps"
This reverts commit
0269b585868e59b6a2ecc6ea685d39310e4fc18b.
Users reported regressions due to enabling multi-grained timestamps
unconditionally. As no clear consensus on a solution has come up and the
discussion has gone back to the drawing board revert the infrastructure
changes for. If it isn't code that's here to stay, make it go away.
Message-ID: <
20230920-keine-eile-
c9755b5825db@brauner>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Christian Brauner [Wed, 20 Sep 2023 14:41:18 +0000 (16:41 +0200)]
Revert "xfs: switch to multigrain timestamps"
This reverts commit
e44df2664746aed8b6dd5245eb711a0ce33c5cf5.
Users reported regressions due to enabling multi-grained timestamps
unconditionally. As no clear consensus on a solution has come up and the
discussion has gone back to the drawing board revert the infrastructure
changes for. If it isn't code that's here to stay, make it go away.
Message-ID: <
20230920-keine-eile-
c9755b5825db@brauner>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Christian Brauner [Wed, 20 Sep 2023 14:40:22 +0000 (16:40 +0200)]
Revert "tmpfs: add support for multigrain timestamps"
This reverts commit
d48c3397291690c3576d6c983b0a86ecbc203cac.
Users reported regressions due to enabling multi-grained timestamps
unconditionally. As no clear consensus on a solution has come up and the
discussion has gone back to the drawing board revert the infrastructure
changes for. If it isn't code that's here to stay, make it go away.
Message-ID: <
20230920-keine-eile-
c9755b5825db@brauner>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Umesh Nerlige Ramappa [Tue, 12 Sep 2023 21:22:47 +0000 (14:22 -0700)]
i915/pmu: Move execlist stats initialization to execlist specific setup
engine->stats is a union of execlist and guc stat objects. When execlist
specific fields are initialized, the initial state of guc stats is
affected. This results in bad busyness values when using GuC mode. Move
the execlist initialization from common code to execlist specific code.
Fixes:
77cdd054dd2c ("drm/i915/pmu: Connect engine busyness stats from GuC to pmu")
Signed-off-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
Reviewed-by: Alan Previn <alan.previn.teres.alexis@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230912212247.1828681-1-umesh.nerlige.ramappa@intel.com
(cherry picked from commit
4485bd519f5d6d620a29d0547ff3c982bdeeb468)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Dan Carpenter [Wed, 13 Sep 2023 08:17:41 +0000 (11:17 +0300)]
drm/i915/gt: Prevent error pointer dereference
Move the check for "if (IS_ERR(obj))" in front of the call to
i915_gem_object_set_cache_coherency() which dereferences "obj".
Otherwise it will lead to a crash.
Fixes:
43aa755eae2c ("drm/i915/mtl: Update cache coherency setting for context structure")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/455b2279-2e08-4d00-9784-be56d8ee42e3@moroto.mountain
(cherry picked from commit
c92ec50822fb84306d951520d81919328421acbd)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Jani Nikula [Thu, 14 Sep 2023 13:10:15 +0000 (16:10 +0300)]
drm/meson: fix memory leak on ->hpd_notify callback
The EDID returned by drm_bridge_get_edid() needs to be freed.
Fixes:
0af5e0b41110 ("drm/meson: encoder_hdmi: switch to bridge DRM_BRIDGE_ATTACH_NO_CONNECTOR")
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Cc: Neil Armstrong <neil.armstrong@linaro.org>
Cc: Kevin Hilman <khilman@baylibre.com>
Cc: Jerome Brunet <jbrunet@baylibre.com>
Cc: dri-devel@lists.freedesktop.org
Cc: linux-amlogic@lists.infradead.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: stable@vger.kernel.org # v5.17+
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230914131015.2472029-1-jani.nikula@intel.com
Takashi Iwai [Wed, 20 Sep 2023 13:02:16 +0000 (15:02 +0200)]
Merge tag 'asoc-fix-v6.6-rc2' of https://git./linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.6
Quite a large collection of fixes, with numbers boosted by multiple
vendors sending multi-patch serieses. Nothing super major, and also one
device quirk.
Karol Wachowski [Tue, 22 Aug 2023 09:52:38 +0000 (11:52 +0200)]
accel/ivpu/40xx: Fix buttress interrupt handling
Buttress spec requires that the interrupt status is cleared at
the source first (before clearing MTL_BUTTRESS_INTERRUPT_STAT),
that implies that we have to mask out the global interrupt while
handling buttress interrupts.
Fixes:
79cdc56c4a54 ("accel/ivpu: Add initial support for VPU 4")
Signed-off-by: Karol Wachowski <karol.wachowski@linux.intel.com>
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230822095238.3722815-1-stanislaw.gruszka@linux.intel.com
Jinjie Ruan [Tue, 19 Sep 2023 10:44:06 +0000 (18:44 +0800)]
net/handshake: Fix memory leak in __sock_create() and sock_alloc_file()
When making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y,
modprobe handshake-test and then rmmmod handshake-test, the below memory
leak is detected.
The struct socket_alloc which is allocated by alloc_inode_sb() in
__sock_create() is not freed. And the struct dentry which is allocated
by __d_alloc() in sock_alloc_file() is not freed.
Since fput() will call file->f_op->release() which is sock_close() here and
it will call __sock_release(). and fput() will call dput(dentry) to free
the struct dentry. So replace sock_release() with fput() to fix the
below memory leak. After applying this patch, the following memory leak is
never detected.
unreferenced object 0xffff888109165840 (size 768):
comm "kunit_try_catch", pid 1852, jiffies
4294685807 (age 976.262s)
hex dump (first 32 bytes):
01 00 00 00 01 00 5a 5a 20 00 00 00 00 00 00 00 ......ZZ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff8397993f>] sock_alloc_inode+0x1f/0x1b0
[<
ffffffff81a2cb5b>] alloc_inode+0x5b/0x1a0
[<
ffffffff81a32bed>] new_inode_pseudo+0xd/0x70
[<
ffffffff8397889c>] sock_alloc+0x3c/0x260
[<
ffffffff83979b46>] __sock_create+0x66/0x3d0
[<
ffffffffa0209ba2>] 0xffffffffa0209ba2
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810f472008 (size 192):
comm "kunit_try_catch", pid 1852, jiffies
4294685808 (age 976.261s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 08 20 47 0f 81 88 ff ff ......... G.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0209bbb>] 0xffffffffa0209bbb
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810958e580 (size 224):
comm "kunit_try_catch", pid 1852, jiffies
4294685808 (age 976.261s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0209bbb>] 0xffffffffa0209bbb
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810926dc88 (size 192):
comm "kunit_try_catch", pid 1854, jiffies
4294685809 (age 976.271s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 88 dc 26 09 81 88 ff ff ..........&.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0208fdc>] 0xffffffffa0208fdc
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810a241380 (size 224):
comm "kunit_try_catch", pid 1854, jiffies
4294685809 (age 976.271s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0208fdc>] 0xffffffffa0208fdc
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888109165040 (size 768):
comm "kunit_try_catch", pid 1856, jiffies
4294685811 (age 976.269s)
hex dump (first 32 bytes):
01 00 00 00 01 00 5a 5a 20 00 00 00 00 00 00 00 ......ZZ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff8397993f>] sock_alloc_inode+0x1f/0x1b0
[<
ffffffff81a2cb5b>] alloc_inode+0x5b/0x1a0
[<
ffffffff81a32bed>] new_inode_pseudo+0xd/0x70
[<
ffffffff8397889c>] sock_alloc+0x3c/0x260
[<
ffffffff83979b46>] __sock_create+0x66/0x3d0
[<
ffffffffa0208860>] 0xffffffffa0208860
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810926d568 (size 192):
comm "kunit_try_catch", pid 1856, jiffies
4294685811 (age 976.269s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 68 d5 26 09 81 88 ff ff ........h.&.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0208879>] 0xffffffffa0208879
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810a240580 (size 224):
comm "kunit_try_catch", pid 1856, jiffies
4294685811 (age 976.347s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0208879>] 0xffffffffa0208879
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888109164c40 (size 768):
comm "kunit_try_catch", pid 1858, jiffies
4294685816 (age 976.342s)
hex dump (first 32 bytes):
01 00 00 00 01 00 5a 5a 20 00 00 00 00 00 00 00 ......ZZ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff8397993f>] sock_alloc_inode+0x1f/0x1b0
[<
ffffffff81a2cb5b>] alloc_inode+0x5b/0x1a0
[<
ffffffff81a32bed>] new_inode_pseudo+0xd/0x70
[<
ffffffff8397889c>] sock_alloc+0x3c/0x260
[<
ffffffff83979b46>] __sock_create+0x66/0x3d0
[<
ffffffffa0208541>] 0xffffffffa0208541
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810926cd18 (size 192):
comm "kunit_try_catch", pid 1858, jiffies
4294685816 (age 976.342s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 18 cd 26 09 81 88 ff ff ..........&.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa020855a>] 0xffffffffa020855a
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810a240200 (size 224):
comm "kunit_try_catch", pid 1858, jiffies
4294685816 (age 976.342s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa020855a>] 0xffffffffa020855a
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888109164840 (size 768):
comm "kunit_try_catch", pid 1860, jiffies
4294685817 (age 976.416s)
hex dump (first 32 bytes):
01 00 00 00 01 00 5a 5a 20 00 00 00 00 00 00 00 ......ZZ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff8397993f>] sock_alloc_inode+0x1f/0x1b0
[<
ffffffff81a2cb5b>] alloc_inode+0x5b/0x1a0
[<
ffffffff81a32bed>] new_inode_pseudo+0xd/0x70
[<
ffffffff8397889c>] sock_alloc+0x3c/0x260
[<
ffffffff83979b46>] __sock_create+0x66/0x3d0
[<
ffffffffa02093e2>] 0xffffffffa02093e2
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810926cab8 (size 192):
comm "kunit_try_catch", pid 1860, jiffies
4294685817 (age 976.416s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 b8 ca 26 09 81 88 ff ff ..........&.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa02093fb>] 0xffffffffa02093fb
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810a240040 (size 224):
comm "kunit_try_catch", pid 1860, jiffies
4294685817 (age 976.416s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa02093fb>] 0xffffffffa02093fb
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888109166440 (size 768):
comm "kunit_try_catch", pid 1862, jiffies
4294685819 (age 976.489s)
hex dump (first 32 bytes):
01 00 00 00 01 00 5a 5a 20 00 00 00 00 00 00 00 ......ZZ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff8397993f>] sock_alloc_inode+0x1f/0x1b0
[<
ffffffff81a2cb5b>] alloc_inode+0x5b/0x1a0
[<
ffffffff81a32bed>] new_inode_pseudo+0xd/0x70
[<
ffffffff8397889c>] sock_alloc+0x3c/0x260
[<
ffffffff83979b46>] __sock_create+0x66/0x3d0
[<
ffffffffa02097c1>] 0xffffffffa02097c1
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810926c398 (size 192):
comm "kunit_try_catch", pid 1862, jiffies
4294685819 (age 976.489s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 98 c3 26 09 81 88 ff ff ..........&.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa02097da>] 0xffffffffa02097da
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888107e0b8c0 (size 224):
comm "kunit_try_catch", pid 1862, jiffies
4294685819 (age 976.489s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa02097da>] 0xffffffffa02097da
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888109164440 (size 768):
comm "kunit_try_catch", pid 1864, jiffies
4294685821 (age 976.487s)
hex dump (first 32 bytes):
01 00 00 00 01 00 5a 5a 20 00 00 00 00 00 00 00 ......ZZ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff8397993f>] sock_alloc_inode+0x1f/0x1b0
[<
ffffffff81a2cb5b>] alloc_inode+0x5b/0x1a0
[<
ffffffff81a32bed>] new_inode_pseudo+0xd/0x70
[<
ffffffff8397889c>] sock_alloc+0x3c/0x260
[<
ffffffff83979b46>] __sock_create+0x66/0x3d0
[<
ffffffffa020824e>] 0xffffffffa020824e
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810f4cf698 (size 192):
comm "kunit_try_catch", pid 1864, jiffies
4294685821 (age 976.501s)
hex dump (first 32 bytes):
00 00 50 40 02 00 00 00 00 00 00 00 00 00 00 00 ..P@............
00 00 00 00 00 00 00 00 98 f6 4c 0f 81 88 ff ff ..........L.....
backtrace:
[<
ffffffff81a1ff11>] __d_alloc+0x31/0x8a0
[<
ffffffff81a2910e>] d_alloc_pseudo+0xe/0x50
[<
ffffffff819d549e>] alloc_file_pseudo+0xce/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0208267>] 0xffffffffa0208267
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888107e0b000 (size 224):
comm "kunit_try_catch", pid 1864, jiffies
4294685821 (age 976.501s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 03 00 2e 08 01 00 00 00 00 00 00 00 ................
backtrace:
[<
ffffffff819d4b90>] alloc_empty_file+0x50/0x160
[<
ffffffff819d4cf9>] alloc_file+0x59/0x730
[<
ffffffff819d5524>] alloc_file_pseudo+0x154/0x210
[<
ffffffff83978582>] sock_alloc_file+0x42/0x1b0
[<
ffffffffa0208267>] 0xffffffffa0208267
[<
ffffffff829cf03a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
[<
ffffffff81236fc6>] kthread+0x2b6/0x380
[<
ffffffff81096afd>] ret_from_fork+0x2d/0x70
[<
ffffffff81003511>] ret_from_fork_asm+0x11/0x20
Fixes:
88232ec1ec5e ("net/handshake: Add Kunit tests for the handshake consumer API")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cai Huoqing [Tue, 19 Sep 2023 02:27:15 +0000 (10:27 +0800)]
net: hinic: Fix warning-hinic_set_vlan_fliter() warn: variable dereferenced before check 'hwdev'
'hwdev' is checked too late and hwdev will not be NULL, so remove the check
Fixes:
2acf960e3be6 ("net: hinic: Add support for configuration of rx-vlan-filter by ethtool")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/
202309112354.pikZCmyk-lkp@intel.com/
Signed-off-by: Cai Huoqing <cai.huoqing@linux.dev>
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Signed-off-by: David S. Miller <davem@davemloft.net>
Christophe JAILLET [Sun, 3 Sep 2023 06:13:21 +0000 (08:13 +0200)]
gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
If an error occurs after a successful irq_domain_add_linear() call, it
should be undone by a corresponding irq_domain_remove(), as already done
in the remove function.
Fixes:
c6ce2b6bffe5 ("gpio: add TB10x GPIO driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Jozsef Kadlecsik [Tue, 19 Sep 2023 18:04:45 +0000 (20:04 +0200)]
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
Kyle Zeng reported that there is a race between IPSET_CMD_ADD and IPSET_CMD_SWAP
in netfilter/ip_set, which can lead to the invocation of `__ip_set_put` on a
wrong `set`, triggering the `BUG_ON(set->ref == 0);` check in it.
The race is caused by using the wrong reference counter, i.e. the ref counter instead
of ref_netlink.
Fixes:
24e227896bbf ("netfilter: ipset: Add schedule point in call_ad().")
Reported-by: Kyle Zeng <zengyhkyle@gmail.com>
Closes: https://lore.kernel.org/netfilter-devel/ZPZqetxOmH+w%2Fmyc@westworld/#r
Tested-by: Kyle Zeng <zengyhkyle@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Florian Westphal [Tue, 19 Sep 2023 13:36:13 +0000 (15:36 +0200)]
netfilter: nf_tables: fix memleak when more than 255 elements expired
When more than 255 elements expired we're supposed to switch to a new gc
container structure.
This never happens: u8 type will wrap before reaching the boundary
and nft_trans_gc_space() always returns true.
This means we recycle the initial gc container structure and
lose track of the elements that came before.
While at it, don't deref 'gc' after we've passed it to call_rcu.
Fixes:
5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Florian Westphal [Fri, 15 Sep 2023 13:18:11 +0000 (15:18 +0200)]
netfilter: nf_tables: disable toggling dormant table state more than once
nft -f -<<EOF
add table ip t
add table ip t { flags dormant; }
add chain ip t c { type filter hook input priority 0; }
add table ip t
EOF
Triggers a splat from nf core on next table delete because we lose
track of right hook register state:
WARNING: CPU: 2 PID: 1597 at net/netfilter/core.c:501 __nf_unregister_net_hook
RIP: 0010:__nf_unregister_net_hook+0x41b/0x570
nf_unregister_net_hook+0xb4/0xf0
__nf_tables_unregister_hook+0x160/0x1d0
[..]
The above should have table in *active* state, but in fact no
hooks were registered.
Reject on/off/on games rather than attempting to fix this.
Fixes:
179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
Reported-by: "Lee, Cherie-Anne" <cherie.lee@starlabs.sg>
Cc: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Cc: info@starlabs.sg
Signed-off-by: Florian Westphal <fw@strlen.de>
Benjamin Poirier [Mon, 18 Sep 2023 15:40:15 +0000 (11:40 -0400)]
vxlan: Add missing entries to vxlan_get_size()
There are some attributes added by vxlan_fill_info() which are not
accounted for in vxlan_get_size(). Add them.
I didn't find a way to trigger an actual problem from this miscalculation
since there is usually extra space in netlink size calculations like
if_nlmsg_size(); but maybe I just didn't search long enough.
Fixes:
3511494ce2f3 ("vxlan: Group Policy extension")
Fixes:
e1e5314de08b ("vxlan: implement GPE")
Fixes:
0ace2ca89cbd ("vxlan: Use checksum partial with remote checksum offload")
Fixes:
f9c4bb0b245c ("vxlan: vni filtering support on collect metadata device")
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Artem Chernyshev [Mon, 18 Sep 2023 13:56:23 +0000 (16:56 +0300)]
net: rds: Fix possible NULL-pointer dereference
In rds_rdma_cm_event_handler_cmn() check, if conn pointer exists
before dereferencing it as rdma_set_service_type() argument
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes:
fd261ce6a30e ("rds: rdma: update rdma transport for tos")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mark Rutland [Tue, 19 Sep 2023 17:14:29 +0000 (18:14 +0100)]
locking/atomic: scripts: fix fallback ifdeffery
Since commit:
9257959a6e5b4fca ("locking/atomic: scripts: restructure fallback ifdeffery")
The ordering fallbacks for atomic*_read_acquire() and
atomic*_set_release() erroneously fall back to the implictly relaxed
atomic*_read() and atomic*_set() variants respectively, without any
additional barriers. This loses the ACQUIRE and RELEASE ordering
semantics, which can result in a wide variety of problems, even on
strongly-ordered architectures where the implementation of
atomic*_read() and/or atomic*_set() allows the compiler to reorder those
relative to other accesses.
In practice this has been observed to break bit spinlocks on arm64,
resulting in dentry cache corruption.
The fallback logic was intended to allow ACQUIRE/RELEASE/RELAXED ops to
be defined in terms of FULL ops, but where an op had RELAXED ordering by
default, this unintentionally permitted the ACQUIRE/RELEASE ops to be
defined in terms of the implicitly RELAXED default.
This patch corrects the logic to avoid falling back to implicitly
RELAXED ops, resulting in the same behaviour as prior to commit
9257959a6e5b4fca.
I've verified the resulting assembly on arm64 by generating outlined
wrappers of the atomics. Prior to this patch the compiler generates
sequences using relaxed load (LDR) and store (STR) instructions, e.g.
| <outlined_atomic64_read_acquire>:
| ldr x0, [x0]
| ret
|
| <outlined_atomic64_set_release>:
| str x1, [x0]
| ret
With this patch applied the compiler generates sequences using the
intended load-acquire (LDAR) and store-release (STLR) instructions, e.g.
| <outlined_atomic64_read_acquire>:
| ldar x0, [x0]
| ret
|
| <outlined_atomic64_set_release>:
| stlr x1, [x0]
| ret
To make sure that there were no other victims of the ifdeffery rewrite,
I generated outlined copies of all of the {atomic,atomic64,atomic_long}
atomic operations before and after commit
9257959a6e5b4fca. A diff of
the generated assembly on arm64 shows that only the read_acquire() and
set_release() operations were changed, and only lost their intended
ordering:
| [mark@lakrids:~/src/linux]% diff -u \
| <(aarch64-linux-gnu-objdump -d before-
9257959a6e5b4fca.o)
| <(aarch64-linux-gnu-objdump -d after-
9257959a6e5b4fca.o)
| --- /proc/self/fd/11 2023-09-19 16:51:51.
114779415 +0100
| +++ /proc/self/fd/16 2023-09-19 16:51:51.
114779415 +0100
| @@ -1,5 +1,5 @@
|
| -before-
9257959a6e5b4fca.o: file format elf64-littleaarch64
| +after-
9257959a6e5b4fca.o: file format elf64-littleaarch64
|
|
| Disassembly of section .text:
| @@ -9,7 +9,7 @@
| 4:
d65f03c0 ret
|
|
0000000000000008 <outlined_atomic_read_acquire>:
| - 8:
88dffc00 ldar w0, [x0]
| + 8:
b9400000 ldr w0, [x0]
| c:
d65f03c0 ret
|
|
0000000000000010 <outlined_atomic_set>:
| @@ -17,7 +17,7 @@
| 14:
d65f03c0 ret
|
|
0000000000000018 <outlined_atomic_set_release>:
| - 18:
889ffc01 stlr w1, [x0]
| + 18:
b9000001 str w1, [x0]
| 1c:
d65f03c0 ret
|
|
0000000000000020 <outlined_atomic_add>:
| @@ -1230,7 +1230,7 @@
| 1070:
d65f03c0 ret
|
|
0000000000001074 <outlined_atomic64_read_acquire>:
| - 1074:
c8dffc00 ldar x0, [x0]
| + 1074:
f9400000 ldr x0, [x0]
| 1078:
d65f03c0 ret
|
|
000000000000107c <outlined_atomic64_set>:
| @@ -1238,7 +1238,7 @@
| 1080:
d65f03c0 ret
|
|
0000000000001084 <outlined_atomic64_set_release>:
| - 1084:
c89ffc01 stlr x1, [x0]
| + 1084:
f9000001 str x1, [x0]
| 1088:
d65f03c0 ret
|
|
000000000000108c <outlined_atomic64_add>:
| @@ -2427,7 +2427,7 @@
| 207c:
d65f03c0 ret
|
|
0000000000002080 <outlined_atomic_long_read_acquire>:
| - 2080:
c8dffc00 ldar x0, [x0]
| + 2080:
f9400000 ldr x0, [x0]
| 2084:
d65f03c0 ret
|
|
0000000000002088 <outlined_atomic_long_set>:
| @@ -2435,7 +2435,7 @@
| 208c:
d65f03c0 ret
|
|
0000000000002090 <outlined_atomic_long_set_release>:
| - 2090:
c89ffc01 stlr x1, [x0]
| + 2090:
f9000001 str x1, [x0]
| 2094:
d65f03c0 ret
|
|
0000000000002098 <outlined_atomic_long_add>:
I've build tested this with a variety of configs for alpha, arm, arm64,
csky, i386, m68k, microblaze, mips, nios2, openrisc, powerpc, riscv,
s390, sh, sparc, x86_64, and xtensa, for which I've seen no issues. I
was unable to build test for ia64 and parisc due to existing build
breakage in v6.6-rc2.
Fixes:
9257959a6e5b4fca ("locking/atomic: scripts: restructure fallback ifdeffery")
Reported-by: Ming Lei <ming.lei@redhat.com>
Reported-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Baokun Li <libaokun1@huawei.com>
Link: https://lkml.kernel.org/r/20230919171430.2697727-1-mark.rutland@arm.com
Tiezhu Yang [Wed, 20 Sep 2023 06:26:38 +0000 (14:26 +0800)]
docs/zh_CN/LoongArch: Update the links of ABI
The current links of ABI can not be found for some time, let us fix
the broken links.
By the way, the latest and official ABI documentation releases are
available at https://github.com/loongson/la-abi-specs, but there are
no Chinese and pdf versions for now, so just do the minimal changes
to update the links so that they can be found, hope there are stable
links in the future.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Tiezhu Yang [Wed, 20 Sep 2023 06:26:29 +0000 (14:26 +0800)]
docs/LoongArch: Update the links of ABI
The current links of ABI can not be found for some time, let us fix
the broken links.
By the way, the latest and official ABI documentation releases are
available at https://github.com/loongson/la-abi-specs, but there are
no Chinese and pdf versions for now, so just do the minimal changes
to update the links so that they can be found, hope there are stable
links in the future.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Huacai Chen [Wed, 20 Sep 2023 06:26:29 +0000 (14:26 +0800)]
LoongArch: Don't inline kasan_mem_to_shadow()/kasan_shadow_to_mem()
As Linus suggested, kasan_mem_to_shadow()/kasan_shadow_to_mem() are not
performance-critical and too big to inline. This is simply wrong so just
define them out-of-line.
If they really need to be inlined in future, such as the objtool / SMAP
issue for X86, we should mark them __always_inline.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Huacai Chen [Wed, 20 Sep 2023 06:26:29 +0000 (14:26 +0800)]
kasan: Cleanup the __HAVE_ARCH_SHADOW_MAP usage
As Linus suggested, __HAVE_ARCH_XYZ is "stupid" and "having historical
uses of it doesn't make it good". So migrate __HAVE_ARCH_SHADOW_MAP to
separate macros named after the respective functions.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: WANG Xuerui <git@xen0n.name>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Huacai Chen [Wed, 20 Sep 2023 06:26:29 +0000 (14:26 +0800)]
LoongArch: Set all reserved memblocks on Node#0 at initialization
After commit
61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()")
we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled:
[ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address
0000000000002b82, era ==
90000000040e3f28, ra ==
90000000040e3f18
[ 0.000000] Oops[#1]:
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0+ #733
[ 0.000000] pc
90000000040e3f28 ra
90000000040e3f18 tp
90000000046f4000 sp
90000000046f7c90
[ 0.000000] a0
0000000000000001 a1
0000000000200000 a2
0000000000000040 a3
90000000046f7ca0
[ 0.000000] a4
90000000046f7ca4 a5
0000000000000000 a6
90000000046f7c38 a7
0000000000000000
[ 0.000000] t0
0000000000000002 t1
9000000004b00ac8 t2
90000000040e3f18 t3
90000000040f0800
[ 0.000000] t4
00000000000f0000 t5
80000000ffffe07e t6
0000000000000003 t7
900000047fff5e20
[ 0.000000] t8
aaaaaaaaaaaaaaab u0
0000000000000018 s9
0000000000000000 s0
fffffefffe000000
[ 0.000000] s1
0000000000000000 s2
0000000000000080 s3
0000000000000040 s4
0000000000000000
[ 0.000000] s5
0000000000000000 s6
fffffefffe000000 s7
900000000470b740 s8
9000000004ad4000
[ 0.000000] ra:
90000000040e3f18 reserve_bootmem_region+0xec/0x21c
[ 0.000000] ERA:
90000000040e3f28 reserve_bootmem_region+0xfc/0x21c
[ 0.000000] CRMD:
000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
[ 0.000000] PRMD:
00000000 (PPLV0 -PIE -PWE)
[ 0.000000] EUEN:
00000000 (-FPE -SXE -ASXE -BTE)
[ 0.000000] ECFG:
00070800 (LIE=11 VS=7)
[ 0.000000] ESTAT:
00010800 [PIL] (IS=11 ECode=1 EsubCode=0)
[ 0.000000] BADV:
0000000000002b82
[ 0.000000] PRID:
0014d000 (Loongson-64bit, Loongson-3A6000)
[ 0.000000] Modules linked in:
[ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))
[ 0.000000] Stack :
0000000000000000 9000000002eb5430 0000003a00000020 90000000045ccd00
[ 0.000000]
900000000470e000 90000000002c1918 0000000000000000 9000000004110780
[ 0.000000]
00000000fe6c0000 0000000480000000 9000000004b4e368 9000000004110748
[ 0.000000]
0000000000000000 900000000421ca84 9000000004620000 9000000004564970
[ 0.000000]
90000000046f7d78 9000000002cc9f70 90000000002c1918 900000000470e000
[ 0.000000]
9000000004564970 90000000040bc0e0 90000000046f7d78 0000000000000000
[ 0.000000]
0000000000004000 90000000045ccd00 0000000000000000 90000000002c1918
[ 0.000000]
90000000002c1900 900000000470b700 9000000004b4df78 9000000004620000
[ 0.000000]
90000000046200a8 90000000046200a8 0000000000000000 9000000004218b2c
[ 0.000000]
9000000004270008 0000000000000001 0000000000000000 90000000045ccd00
[ 0.000000] ...
[ 0.000000] Call Trace:
[ 0.000000] [<
90000000040e3f28>] reserve_bootmem_region+0xfc/0x21c
[ 0.000000] [<
900000000421ca84>] memblock_free_all+0x114/0x350
[ 0.000000] [<
9000000004218b2c>] mm_core_init+0x138/0x3cc
[ 0.000000] [<
9000000004200e38>] start_kernel+0x488/0x7a4
[ 0.000000] [<
90000000040df0d8>] kernel_entry+0xd8/0xdc
[ 0.000000]
[ 0.000000] Code:
02eb21ad 00410f4c 380c31ac <
262b818d>
6800b70d 02c1c196 0015001c 57fe4bb1 260002cd
The reason is early memblock_reserve() in memblock_init() set node id to
MAX_NUMNODES, making NODE_DATA(nid) a NULL dereference in the call chain
reserve_bootmem_region() -> init_reserved_page(). After memblock_init(),
those late calls of memblock_reserve() operate on subregions of memblock
.memory regions. As a result, these reserved regions will be set to the
correct node at the first iteration of memmap_init_reserved_pages().
So set all reserved memblocks on Node#0 at initialization can avoid this
panic.
Reported-by: WANG Xuerui <git@xen0n.name>
Tested-by: WANG Xuerui <git@xen0n.name>
Reviewed-by: WANG Xuerui <git@xen0n.name> # with nits addressed
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Tiezhu Yang [Wed, 20 Sep 2023 06:26:29 +0000 (14:26 +0800)]
LoongArch: Remove dead code in relocate_new_kernel
The initial aim is to silence the following objtool warning:
arch/loongarch/kernel/relocate_kernel.o: warning: objtool: relocate_new_kernel+0x74: unreachable instruction
There are two adjacent "b" instructions, the second one is unreachable,
it is dead code, just remove it.
Co-developed-by: Jinyang He <hejinyang@loongson.cn>
Signed-off-by: Jinyang He <hejinyang@loongson.cn>
Co-developed-by: Youling Tang <tangyouling@loongson.cn>
Signed-off-by: Youling Tang <tangyouling@loongson.cn>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Andy Shevchenko [Wed, 20 Sep 2023 06:26:29 +0000 (14:26 +0800)]
LoongArch: Use _UL() and _ULL()
Use _UL() and _ULL() that are provided by const.h.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Bibo Mao [Wed, 20 Sep 2023 06:26:28 +0000 (14:26 +0800)]
LoongArch: Fix some build warnings with W=1
There are some building warnings when building LoongArch kernel with W=1
as following, this patch fixes them.
arch/loongarch/kernel/acpi.c:284:13: warning: no previous prototype for ‘acpi_numa_arch_fixup’ [-Wmissing-prototypes]
284 | void __init acpi_numa_arch_fixup(void) {}
| ^~~~~~~~~~~~~~~~~~~~
arch/loongarch/kernel/time.c:32:13: warning: no previous prototype for ‘constant_timer_interrupt’ [-Wmissing-prototypes]
32 | irqreturn_t constant_timer_interrupt(int irq, void *data)
| ^~~~~~~~~~~~~~~~~~~~~~~~
arch/loongarch/kernel/traps.c:496:25: warning: no previous prototype for 'do_fpe' [-Wmissing-prototypes]
496 | asmlinkage void noinstr do_fpe(struct pt_regs *regs
| ^~~~~~
arch/loongarch/kernel/traps.c:813:22: warning: variable ‘opcode’ set but not used [-Wunused-but-set-variable]
813 | unsigned int opcode;
| ^~~~~~
arch/loongarch/kernel/signal.c:895:14: warning: no previous prototype for ‘get_sigframe’ [-Wmissing-prototypes]
895 | void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
| ^~~~~~~~~~~~
arch/loongarch/kernel/syscall.c:21:40: warning: initialized field overwritten [-Woverride-init]
21 | #define __SYSCALL(nr, call) [nr] = (call),
| ^
arch/loongarch/kernel/syscall.c:40:14: warning: no previous prototype for ‘do_syscall’ [-Wmissing-prototypes]
40 | void noinstr do_syscall(struct pt_regs *regs)
| ^~~~~~~~~~
arch/loongarch/kernel/smp.c:502:17: warning: no previous prototype for ‘start_secondary’ [-Wmissing-prototypes]
502 | asmlinkage void start_secondary(void)
| ^~~~~~~~~~~~~~~
arch/loongarch/kernel/process.c:309:15: warning: no previous prototype for ‘arch_align_stack’ [-Wmissing-prototypes]
309 | unsigned long arch_align_stack(unsigned long sp)
| ^~~~~~~~~~~~~~~~
arch/loongarch/kernel/topology.c:13:5: warning: no previous prototype for ‘arch_register_cpu’ [-Wmissing-prototypes]
13 | int arch_register_cpu(int cpu)
| ^~~~~~~~~~~~~~~~~
arch/loongarch/kernel/topology.c:27:6: warning: no previous prototype for ‘arch_unregister_cpu’ [-Wmissing-prototypes]
27 | void arch_unregister_cpu(int cpu)
| ^~~~~~~~~~~~~~~~~~~
arch/loongarch/kernel/module-sections.c:103:5: warning: no previous prototype for ‘module_frob_arch_sections’ [-Wmissing-prototypes]
103 | int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
arch/loongarch/mm/hugetlbpage.c:56:5: warning: no previous prototype for ‘is_aligned_hugepage_range’ [-Wmissing-prototypes]
56 | int is_aligned_hugepage_range(unsigned long addr, unsigned long len)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Helge Deller [Wed, 20 Sep 2023 06:26:28 +0000 (14:26 +0800)]
LoongArch: Fix lockdep static memory detection
Since commit
0a6b58c5cd0d ("lockdep: fix static memory detection even
more") the lockdep code uses is_kernel_core_data(), is_kernel_rodata()
and init_section_contains() to verify if a lock is located inside a
kernel static data section.
This change triggers a failure on LoongArch, for which the vmlinux.lds.S
script misses to put the locks (as part of in the .data.rel symbols)
into the Linux data section.
This patch fixes the lockdep problem by moving *(.data.rel*) symbols
into the kernel data section (from _sdata to _edata).
Additionally, move other wrongly assigned symbols too:
- altinstructions into the _initdata section,
- PLT symbols behind the read-only section, and
- *(.la_abs) into the data section.
Cc: stable <stable@kernel.org> # v6.4+
Fixes:
0a6b58c5cd0d ("lockdep: fix static memory detection even more")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Tianjia Zhang [Mon, 18 Sep 2023 08:38:50 +0000 (16:38 +0800)]
crypto: sm2 - Fix crash caused by uninitialized context
In sm2_compute_z_digest() function, the newly allocated structure
mpi_ec_ctx is used, but forget to initialize it, which will cause
a crash when performing subsequent operations.
Fixes:
e5221fa6a355 ("KEYS: asymmetric: Move sm2 code into x509_public_key")
Cc: stable@vger.kernel.org # v6.5
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Zhang Xiaoxu [Tue, 19 Sep 2023 18:38:04 +0000 (13:38 -0500)]
cifs: Fix UAF in cifs_demultiplex_thread()
There is a UAF when xfstests on cifs:
BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160
Read of size 4 at addr
ffff88810103fc08 by task cifsd/923
CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45
...
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_report+0x171/0x472
kasan_report+0xad/0x130
kasan_check_range+0x145/0x1a0
smb2_is_network_name_deleted+0x27/0x160
cifs_demultiplex_thread.cold+0x172/0x5a4
kthread+0x165/0x1a0
ret_from_fork+0x1f/0x30
</TASK>
Allocated by task 923:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_slab_alloc+0x54/0x60
kmem_cache_alloc+0x147/0x320
mempool_alloc+0xe1/0x260
cifs_small_buf_get+0x24/0x60
allocate_buffers+0xa1/0x1c0
cifs_demultiplex_thread+0x199/0x10d0
kthread+0x165/0x1a0
ret_from_fork+0x1f/0x30
Freed by task 921:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x40
____kasan_slab_free+0x143/0x1b0
kmem_cache_free+0xe3/0x4d0
cifs_small_buf_release+0x29/0x90
SMB2_negotiate+0x8b7/0x1c60
smb2_negotiate+0x51/0x70
cifs_negotiate_protocol+0xf0/0x160
cifs_get_smb_ses+0x5fa/0x13c0
mount_get_conns+0x7a/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
The UAF is because:
mount(pid: 921) | cifsd(pid: 923)
-------------------------------|-------------------------------
| cifs_demultiplex_thread
SMB2_negotiate |
cifs_send_recv |
compound_send_recv |
smb_send_rqst |
wait_for_response |
wait_event_state [1] |
| standard_receive3
| cifs_handle_standard
| handle_mid
| mid->resp_buf = buf; [2]
| dequeue_mid [3]
KILL the process [4] |
resp_iov[i].iov_base = buf |
free_rsp_buf [5] |
| is_network_name_deleted [6]
| callback
1. After send request to server, wait the response until
mid->mid_state != SUBMITTED;
2. Receive response from server, and set it to mid;
3. Set the mid state to RECEIVED;
4. Kill the process, the mid state already RECEIVED, get 0;
5. Handle and release the negotiate response;
6. UAF.
It can be easily reproduce with add some delay in [3] - [6].
Only sync call has the problem since async call's callback is
executed in cifsd process.
Add an extra state to mark the mid state to READY before wakeup the
waitter, then it can get the resp safely.
Fixes:
ec637e3ffb6b ("[CIFS] Avoid extra large buffer allocation (and memcpy) in cifs_readpages")
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Dan Carpenter [Fri, 15 Sep 2023 12:59:21 +0000 (15:59 +0300)]
nouveau/u_memcpya: fix NULL vs error pointer bug
The u_memcpya() function is supposed to return error pointers on
error. Returning NULL will lead to an Oops.
Fixes:
e3885f712134 ("nouveau/u_memcpya: use vmemdup_user")
Reviewed-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Danilo Krummrich <dakr@redhat.com>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Danilo Krummrich <dakr@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/10fd258b-466f-4c5b-9d48-fe61a3f21424@moroto.mountain