-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmRppOoACgkQiiy9cAdy
T1GXBAv9FP5orZJKZ2yR+k/xAccodIPUlAx9ZcfBw9rV8dihny0RzOhafRm4FUln
EuXoS+nWAxNiaOfLZDQ6PezzeVtYbNvlx5EOZ3tZt2I4tb65hdgdiP9axgo6KtfY
dXMH+Ml2wNxgey9HOfDzDnxdGpBXiNaKlIMbBf0BdtTzvo+BNQulP21P/8SLJg11
mbHj9XBouae5D7yakJlefq09wKgzolK5ZYqQyLSF2gpVPzQHB+m0zNXBaaHFQbdC
7xHr+wPBLERyNnEW6F9WBZ9d5ayqdt+UE6HjxeQtnXzkQgrWHKMqJfdEcwjitYCN
CNTpGdJGxoi7JjbJczPcG3bglJPpOPwbOdu7MTMvom/o4DhR8jrxjtv69k8Kt8ZH
WSHsS/740psJFnRf9nY82DHEY1Hy27V/5xtLOjvV2C2nR/Z0KUDIR6/lWnpuWUyU
is/pTbTFGOqQ6xtxnfIFgSx6aYRgbR1chljBzalPKtzuNLipyAKNePRBELYo9hko
y+M7HtAQ
=ZNmq
-----END PGP SIGNATURE-----
Merge tag '6.4-rc2-ksmbd-server-fixes' of git://git.samba.org/ksmbd
Pull ksmbd server fixes from Steve French:
- two fixes for incorrect SMB3 message validation (one for client which
uses 8 byte padding, and one for empty bcc)
- two fixes for out of bounds bugs: one for username offset checks (in
session setup) and the other for create context name length checks in
open requests
* tag '6.4-rc2-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: smb2: Allow messages padded to 8byte boundary
ksmbd: allocate one more byte for implied bcc[0]
ksmbd: fix wrong UserName check in session_user
ksmbd: fix global-out-of-bounds in smb2_find_context_vals
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmRpn+4ACgkQiiy9cAdy
T1F07gv/dvtE23DaAsTtOsXMzc2fQ9jyQiexgUUMWjYWeWJS06r2o3QMWsSV86QT
z645h6jYgUBeuWVFPF/h0WYjGn/C35Fy08SRuNSReNNahYbNh0A5fe+ic8AoA+f1
LWQYOqRkAaZdcfuOP2Cg2OiNDswxLln4L0eTlJu7Hrdi/xUM5qa66VmFfvfVsu3/
nUlV9KGV6lVoEJbD2Oy+9pfB/2ltgmauQqofXAh35BHSah8Q5U2E2QHHhyMwRBBc
qSINxSoNDDyoW5sCXxzgBPH23lzlMNo0tHVRSqPMtLypzoehzwHmkFJVuGv2F82n
Mj+pMD7As4d7/82IpmCMkhkOcUCRLa/d3gHqZMZVCFSXJ8tpTbRTBiiervJ3/94M
IYfZiBuKy6z2mYdE8sW0zXCXzYE9+iAgySER5Ey2IXlbCSN7N81lV2KE8E4jjKhM
Qoe5DL/AGSjDW0RFSOC7PPRpOqpc//PV2JpPmoYodV1i1nWq5dC1DhQcbXjg/r7c
0fABdS0y
=hi0y
-----END PGP SIGNATURE-----
Merge tag '6.4-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs client fixes from Steve French:
"Two smb3 client fixes, both related to deferred close, and also for
stable:
- send close for deferred handles before not after lease break
response to avoid possible sharing violations
- check all opens on an inode (looking for deferred handles) when
lease break is returned not just the handle the lease break came in
on"
* tag '6.4-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
SMB3: drop reference to cfile before sending oplock break
SMB3: Close all deferred handles of inode in case of handle lease break
Add MSR_IA32_TSX_CTRL into msrs_to_save[] to explicitly tell userspace to
save/restore the register value during migration. Missing this may cause
userspace that relies on KVM ioctl(KVM_GET_MSR_INDEX_LIST) fail to port the
value to the target VM.
In addition, there is no need to add MSR_IA32_TSX_CTRL when
ARCH_CAP_TSX_CTRL_MSR is not supported in kvm_get_arch_capabilities(). So
add the checking in kvm_probe_msr_to_save().
Fixes: c11f83e062 ("KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality")
Reported-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Mingwei Zhang <mizhang@google.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Message-Id: <20230509032348.1153070-1-mizhang@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Drop KVM's manipulation of guest's CPUID.0x12.1 ECX and EDX, i.e. the
allowed XFRM of SGX enclaves, now that KVM explicitly checks the guest's
allowed XCR0 when emulating ECREATE.
Note, this could theoretically break a setup where userspace advertises
a "bad" XFRM and relies on KVM to provide a sane CPUID model, but QEMU
is the only known user of KVM SGX, and QEMU explicitly sets the SGX CPUID
XFRM subleaf based on the guest's XCR0.
Reviewed-by: Kai Huang <kai.huang@intel.com>
Tested-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230503160838.3412617-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Explicitly check the vCPU's supported XCR0 when determining whether or not
the XFRM for ECREATE is valid. Checking CPUID works because KVM updates
guest CPUID.0x12.1 to restrict the leaf to a subset of the guest's allowed
XCR0, but that is rather subtle and KVM should not modify guest CPUID
except for modeling true runtime behavior (allowed XFRM is most definitely
not "runtime" behavior).
Reviewed-by: Kai Huang <kai.huang@intel.com>
Tested-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230503160838.3412617-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 1e8fed873e ("powerpc: drop ranges for definition of
ARCH_FORCE_MAX_ORDER") removed the limits on the possible values for
ARCH_FORCE_MAX_ORDER.
However removing the ranges entirely causes some common work flows to
break. For example building a defconfig (which uses 64K pages), changing
the page size to 4K, and rebuilding used to work, because
ARCH_FORCE_MAX_ORDER would be clamped to 12 by the ranges.
With the ranges removed it creates a kernel that builds but crashes at
boot:
kernel BUG at mm/huge_memory.c:470!
Oops: Exception in kernel mode, sig: 5 [#1]
...
NIP hugepage_init+0x9c/0x278
LR do_one_initcall+0x80/0x320
Call Trace:
do_one_initcall+0x80/0x320
kernel_init_freeable+0x304/0x3ac
kernel_init+0x30/0x1a0
ret_from_kernel_user_thread+0x14/0x1c
The reasoning for removing the ranges was that some of the values were
too large. So take that into account and limit the maximums to 10 which
is the default max, except for the 4K case which uses 12.
Fixes: 1e8fed873e ("powerpc: drop ranges for definition of ARCH_FORCE_MAX_ORDER")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230519113806.370635-1-mpe@ellerman.id.au
Use the newly introduced usb_control_msg_send() instead of usb_control_msg()
when selecting the channel.
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Helge Deller <deller@gmx.de>
Here are some small tty and serial driver fixes for 6.4-rc3 to resolve
some reported problems, and add some new device ids. These include:
- termios documentation updates
- vc_screen use-after-free fix
- memory leak fix in arc_uart driver
- new 8250 driver ids
- other small serial driver fixes
All of these have been in linux-next for a while with no reported
problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZGj81w8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymjHACfSNJWXivuDTI5KEAkUPLfi1zg5xUAn0x1Demd
NYV1GFn76O0Ijfs6JLll
=0YxQ
-----END PGP SIGNATURE-----
Merge tag 'tty-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty / serial fixes from Greg KH:
"Here are some small tty and serial driver fixes for 6.4-rc3 to resolve
some reported problems, and add some new device ids. These include:
- termios documentation updates
- vc_screen use-after-free fix
- memory leak fix in arc_uart driver
- new 8250 driver ids
- other small serial driver fixes
All of these have been in linux-next for a while with no reported
problems"
* tag 'tty-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
serial: qcom-geni: fix enabling deactivated interrupt
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
serial: 8250_bcm7271: balance clk_enable calls
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
serial: 8250: Document termios parameter of serial8250_em485_config()
serial: Add support for Advantech PCI-1611U card
serial: 8250_exar: Add support for USR298x PCI Modems
Here are some USB fixes for 6.4-rc3, as well as a driver core fix that
resolves a memory leak that shows up in USB devices easier than other
subsystems.
Included in here are:
- driver core memory leak as reported and tested by syzbot and
developers
- dwc3 driver fixes for reported problems
- xhci driver fixes for reported problems
- USB gadget driver reverts to resolve regressions
- usbtmc driver fix for syzbot reported problem
- thunderbolt driver fixes for reported issues
- other small USB fixes
All of these, except for the driver core fix, have been in linux-next
with no reported problems. The driver core fix was tested and verified
to solve the issue by syzbot and the original reporter.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZGj97Q8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynhBQCgmc/r5Kx4qBWrf32w6LbGzLC1KDUAoI79Ix7g
7SEM1fqaTWgnCC3gl/cB
=6AOH
-----END PGP SIGNATURE-----
Merge tag 'usb-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB / Thunderbolt fixes from Greg KH:
"Here are some USB fixes for 6.4-rc3, as well as a driver core fix that
resolves a memory leak that shows up in USB devices easier than other
subsystems.
Included in here are:
- driver core memory leak as reported and tested by syzbot and
developers
- dwc3 driver fixes for reported problems
- xhci driver fixes for reported problems
- USB gadget driver reverts to resolve regressions
- usbtmc driver fix for syzbot reported problem
- thunderbolt driver fixes for reported issues
- other small USB fixes
All of these, except for the driver core fix, have been in linux-next
with no reported problems. The driver core fix was tested and verified
to solve the issue by syzbot and the original reporter"
* tag 'usb-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
driver core: class: properly reference count class_dev_iter()
xhci: Fix incorrect tracking of free space on transfer rings
xhci-pci: Only run d3cold avoidance quirk for s2idle
usb-storage: fix deadlock when a scsi command timeouts more than once
usb: dwc3: fix a test for error in dwc3_core_init()
usb: typec: tps6598x: Fix fault at module removal
usb: gadget: u_ether: Fix host MAC address case
usb: typec: altmodes/displayport: fix pin_assignment_show
Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"
Revert "usb: gadget: udc: core: Prevent redundant calls to pullup"
usb: gadget: drop superfluous ':' in doc string
usb: dwc3: debugfs: Resume dwc3 before accessing registers
USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
usb: dwc3: fix gadget mode suspend interrupt handler issue
usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()
USB: usbtmc: Fix direction for 0-length ioctl control messages
thunderbolt: Clear registers properly when auto clear isn't in use
[ cmllamas: clean forward port from commit 015ac18be7 ("binder: fix
UAF of alloc->vma in race with munmap()") in 5.10 stable. It is needed
in mainline after the revert of commit a43cfc87ca ("android: binder:
stop saving a pointer to the VMA") as pointed out by Liam. The commit
log and tags have been tweaked to reflect this. ]
In commit 720c241924 ("ANDROID: binder: change down_write to
down_read") binder assumed the mmap read lock is sufficient to protect
alloc->vma inside binder_update_page_range(). This used to be accurate
until commit dd2283f260 ("mm: mmap: zap pages with read mmap_sem in
munmap"), which now downgrades the mmap_lock after detaching the vma
from the rbtree in munmap(). Then it proceeds to teardown and free the
vma with only the read lock held.
This means that accesses to alloc->vma in binder_update_page_range() now
will race with vm_area_free() in munmap() and can cause a UAF as shown
in the following KASAN trace:
==================================================================
BUG: KASAN: use-after-free in vm_insert_page+0x7c/0x1f0
Read of size 8 at addr ffff16204ad00600 by task server/558
CPU: 3 PID: 558 Comm: server Not tainted 5.10.150-00001-gdc8dcf942daa #1
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x2a0
show_stack+0x18/0x2c
dump_stack+0xf8/0x164
print_address_description.constprop.0+0x9c/0x538
kasan_report+0x120/0x200
__asan_load8+0xa0/0xc4
vm_insert_page+0x7c/0x1f0
binder_update_page_range+0x278/0x50c
binder_alloc_new_buf+0x3f0/0xba0
binder_transaction+0x64c/0x3040
binder_thread_write+0x924/0x2020
binder_ioctl+0x1610/0x2e5c
__arm64_sys_ioctl+0xd4/0x120
el0_svc_common.constprop.0+0xac/0x270
do_el0_svc+0x38/0xa0
el0_svc+0x1c/0x2c
el0_sync_handler+0xe8/0x114
el0_sync+0x180/0x1c0
Allocated by task 559:
kasan_save_stack+0x38/0x6c
__kasan_kmalloc.constprop.0+0xe4/0xf0
kasan_slab_alloc+0x18/0x2c
kmem_cache_alloc+0x1b0/0x2d0
vm_area_alloc+0x28/0x94
mmap_region+0x378/0x920
do_mmap+0x3f0/0x600
vm_mmap_pgoff+0x150/0x17c
ksys_mmap_pgoff+0x284/0x2dc
__arm64_sys_mmap+0x84/0xa4
el0_svc_common.constprop.0+0xac/0x270
do_el0_svc+0x38/0xa0
el0_svc+0x1c/0x2c
el0_sync_handler+0xe8/0x114
el0_sync+0x180/0x1c0
Freed by task 560:
kasan_save_stack+0x38/0x6c
kasan_set_track+0x28/0x40
kasan_set_free_info+0x24/0x4c
__kasan_slab_free+0x100/0x164
kasan_slab_free+0x14/0x20
kmem_cache_free+0xc4/0x34c
vm_area_free+0x1c/0x2c
remove_vma+0x7c/0x94
__do_munmap+0x358/0x710
__vm_munmap+0xbc/0x130
__arm64_sys_munmap+0x4c/0x64
el0_svc_common.constprop.0+0xac/0x270
do_el0_svc+0x38/0xa0
el0_svc+0x1c/0x2c
el0_sync_handler+0xe8/0x114
el0_sync+0x180/0x1c0
[...]
==================================================================
To prevent the race above, revert back to taking the mmap write lock
inside binder_update_page_range(). One might expect an increase of mmap
lock contention. However, binder already serializes these calls via top
level alloc->mutex. Also, there was no performance impact shown when
running the binder benchmark tests.
Fixes: c0fd210178 ("Revert "android: binder: stop saving a pointer to the VMA"")
Fixes: dd2283f260 ("mm: mmap: zap pages with read mmap_sem in munmap")
Reported-by: Jann Horn <jannh@google.com>
Closes: https://lore.kernel.org/all/20230518144052.xkj6vmddccq4v66b@revolver
Cc: <stable@vger.kernel.org>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Yang Shi <yang.shi@linux.alibaba.com>
Cc: Liam Howlett <liam.howlett@oracle.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20230519195950.1775656-1-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The NFL4_UFLG_MASK define slipped in in commit 9208d41497
("block: add a ->get_unique_id method") and should never have been
added, as NFSD as the only user of it already has it's copy.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20230520090010.527046-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
- Fix compiler warnings on btnxpuart
- Fix potential double free on hci_conn_unlink
- Fix UAF on hci_conn_hash_flush
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE7E6oRXp8w05ovYr/9JCA4xAyCykFAmRoBgIZHGx1aXoudm9u
LmRlbnR6QGludGVsLmNvbQAKCRD0kIDjEDILKc9RD/47PfJj6p/dn6WTthegoZ7K
BK0cC4j2H2LBbt4UzGA7BWdGxiJnguahsap09jq3t1hB/9ggXPMbA/4674A58+RM
iYt6u5/uZCPmVyp5P6YVyFIHv4xM/ruQ3wr8/32AscW066Jp/M8TJ0qTOLQpc+qp
jkg2xdKMNj1sYzA3reR/oWiWXQR2qJVlHLMq5namZr04B4mj6+2HyaS8+hjVIwku
VW9g/8fi9FfikdyRfYPNzHuV9C97sP6zvPqKbrxlEk5f1TLfbY9lFqRUgvAL7bco
fT3ddDqpw/3cMP7b8MKbDB0aS+rt4fT6g83Qtfyeps1cauCMoCeHFIqAfmGQtNTx
qO7q/fG7sOSFlfyiwbwHTYxYV8z4ABavrRF4lbvIqt9kh7Xuow87rcgrTBmX7nXE
TUMzeCv/SSQP8k1+O4XNwzUf8XiL6XsbMYmgGRLB8IO+S8QXEDLUelhcCrahq9Pd
FQ3v4Op1vY6YiTP12iaxzYb82OqdU8Th6PpOGjdjPw/7UQiJaItaX8YKDfw8h/d0
XDxHbXvWIORegvMHGuXvjUYDVTTTmAvvuPs5nde9rXgMxTmvzN9e7Srbpb6I0nv4
R5nKiZjnugVaZ9lFimLlj8Bh9/KavpT/41MnF9Oe/XzCfcTVnxthWYJ6kN5Zscof
o8bd8Q4c1F3x6rW7DFMLTQ==
=v45m
-----END PGP SIGNATURE-----
Merge tag 'for-net-2023-05-19' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Luiz Augusto von Dentz says:
====================
bluetooth pull request for net:
- Fix compiler warnings on btnxpuart
- Fix potential double free on hci_conn_unlink
- Fix UAF on hci_conn_hash_flush
* tag 'for-net-2023-05-19' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
Bluetooth: btnxpuart: Fix compiler warnings
Bluetooth: Unlink CISes when LE disconnects in hci_conn_del
Bluetooth: Fix UAF in hci_conn_hash_flush again
Bluetooth: Refcnt drop must be placed last in hci_conn_unlink
Bluetooth: Fix potential double free caused by hci_conn_unlink
====================
Link: https://lore.kernel.org/r/20230519233056.2024340-1-luiz.dentz@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
When the virtual interface's feature is updated, it synchronizes the
updated feature for its own lower interface.
This propagation logic should be worked as the iteration, not recursively.
But it works recursively due to the netdev notification unexpectedly.
This problem occurs when it disables LRO only for the team and bonding
interface type.
team0
|
+------+------+-----+-----+
| | | | |
team1 team2 team3 ... team200
If team0's LRO feature is updated, it generates the NETDEV_FEAT_CHANGE
event to its own lower interfaces(team1 ~ team200).
It is worked by netdev_sync_lower_features().
So, the NETDEV_FEAT_CHANGE notification logic of each lower interface
work iteratively.
But generated NETDEV_FEAT_CHANGE event is also sent to the upper
interface too.
upper interface(team0) generates the NETDEV_FEAT_CHANGE event for its own
lower interfaces again.
lower and upper interfaces receive this event and generate this
event again and again.
So, the stack overflow occurs.
But it is not the infinite loop issue.
Because the netdev_sync_lower_features() updates features before
generating the NETDEV_FEAT_CHANGE event.
Already synchronized lower interfaces skip notification logic.
So, it is just the problem that iteration logic is changed to the
recursive unexpectedly due to the notification mechanism.
Reproducer:
ip link add team0 type team
ethtool -K team0 lro on
for i in {1..200}
do
ip link add team$i master team0 type team
ethtool -K team$i lro on
done
ethtool -K team0 lro off
In order to fix it, the notifier_ctx member of bonding/team is introduced.
Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
Fixes: fd867d51f8 ("net/core: generic support for disabling netdev features down stack")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20230517143010.3596250-1-ap420073@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The syzbot fuzzer detected a problem in the udlfb driver, caused by an
endpoint not having the expected type:
usb 1-1: Read EDID byte 0 failed: -71
usb 1-1: Unable to get valid EDID from device/display
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880
drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted
6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
04/28/2023
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
<TASK>
dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980
dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315
dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111
dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743
The current approach for this issue failed to catch the problem
because it only checks for the existence of a bulk-OUT endpoint; it
doesn't check whether this endpoint is the one that the driver will
actually use.
We can fix the problem by instead checking that the endpoint used by
the driver does exist and is bulk-OUT.
Reported-and-tested-by: syzbot+0e22d63dcebb802b9bc8@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Pavel Skripkin <paskripkin@gmail.com>
Fixes: aaf7dbe073 ("video: fbdev: udlfb: properly check endpoint type")
Signed-off-by: Helge Deller <deller@gmx.de>
Just below the removed lines par->clk_wr_offset is hard coded to 3 so
there is no use in determining a different clock just to then ignore it
anyway. This also removes the only I/O port use remaining in the driver
allowing it to be built without CONFIG_HAS_IOPORT.
Link: https://lore.kernel.org/all/ZBx5aLo5h546BzBt@intel.com/
Suggested-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Building with W=1 shows that a header needs to be included to
make the prototypes visible:
drivers/video/fbdev/i810/i810_dvt.c:194:6: error: no previous prototype for 'round_off_xres' [-Werror=missing-prototypes]
drivers/video/fbdev/i810/i810_dvt.c:233:6: error: no previous prototype for 'i810fb_encode_registers' [-Werror=missing-prototypes]
drivers/video/fbdev/i810/i810_dvt.c:245:6: error: no previous prototype for 'i810fb_fill_var_timings' [-Werror=missing-prototypes]
drivers/video/fbdev/i810/i810_dvt.c:279:5: error: no previous prototype for 'i810_get_watermark' [-Werror=missing-prototypes]
Adding the header leads to another warning from a mismatched
prototype, so fix this as well:
drivers/video/fbdev/i810/i810_dvt.c:280:5: error: conflicting types for 'i810_get_watermark'; have 'u32(struct fb_var_screeninfo *,
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Helge Deller <deller@gmx.de>
There is a global function with this name on sparc, but no
global declaration:
drivers/video/fbdev/core/fbmem.c:1469:15: error: no previous prototype for 'get_fb_unmapped_area'
Make the generic definition static to avoid this warning. On
sparc, this is never seen.
Edit by Helge:
Update Kconfig text as suggested by Geert Uytterhoeven.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Helge Deller <deller@gmx.de>
User should not be able to write block device if it is read-only at
block level (e.g force_ro attribute). This is ensured in the regular
fops write operation (blkdev_write_iter) but not when writing via
user mapping (mmap), allowing user to actually write a read-only
block device via a PROT_WRITE mapping.
Example: This can lead to integrity issue of eMMC boot partition
(e.g mmcblk0boot0) which is read-only by default.
To fix this issue, simply deny shared writable mapping if the block
is readonly.
Note: Block remains writable if switch to read-only is performed
after the initial mapping, but this is expected behavior according
to commit a32e236eb9 ("Partially revert "block: fail op_is_write()
requests to read-only partitions"")'.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20230510074223.991297-1-loic.poulain@linaro.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
amdgpu:
- update gfx11 clock counter logic
- Fix a race when disabling gfxoff on gfx10/11 for profiling
- Raven/Raven2/PCO clock counter fix
- Add missing get_vbios_fb_size for GMC 11
- Fix a spurious irq warning in the device remove case
- Fix possible power mode mismatch between driver and PMFW
- USB4 fix
exynos:
- fix build warning
i915:
- fix missing NULL check in HDCP code
msm:
- display:
- msm8998: fix fetch and qos to align with downstream
- msm8998: fix LM pairs to align with downstream
- remove unused INTF0 interrupt mask on some chipsets
- remove TE2 block from relevant chipsets
- relocate non-MDP_TOP offset to different header
- fix some indentation
- fix register offets/masks for dither blocks
- make ping-ping block length 0
- remove duplicated defines
- fix log mask for writeback block
- unregister the hdmi codec for dp during unbind
- fix yaml warnings
- gpu:
- fix submit error path leak
- arm-smmu-qcom fix for regression that broke per-process page tables
- fix no-iommu crash
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmRoHNwACgkQDHTzWXnE
hr6HyBAAgNbzBLtkRbpirwH3oB5qK7geR+CiKGEHVieopD5y+DGvnCQgpuDSfxtG
qJv4OXTwavRh3/w5OhzOMPHqfpyCcHtgFofqeGSiXhnVhlz3WCNLkbJOPgT4x1Pu
zyNfgn/Cy6Rp36ZMT+f+3IVvBcctXYADiwJ2wIqEppdGn3K6KrZZTRcHWHe+hWW2
znWShx9Zl8knx2JEmhXrW6sLAE+7ra2DBCPMfKSTg+RnULl7LqSdUlriSMPwpAvH
pvruU5+xEAhrGnJp/YZ3IHeCiM9mXMCBLu9l8l/Cr0568py4vn30CwYBTr7jK9Ls
shqBUqtefmmitLQZ0iVW1HathVMHOf8u06sq6qQ25oi6JcSYbv6BnsTQyyzj4fmV
WJL4NKKu8PhhrlvK5yXzp5kVOPdjhmyE2myb9b5bDDPJgeLoBlNujWYrDJsEC5sP
fysgdriFJG224Sv6LJornAORBIkSW5WIZEFO5PlaVAZNHJGAAkvI9XvEI/Gx2OPN
Y2PavFxp0MIfjzn4AOBlFJqRq7s9Og42q5k5+xeiSs27X/jAYs0MJqXHQIoSj856
/CE0Bh1i75VdjpEZJ6ZOiDntUwwUWIX7Uba3IXWpUW4pUYynSdbnji4Sn/8P6e/H
GfAhQahObw8CsQPXW07N0LW7rCxe8DK6Dw9GR1gS5PmAw0bIB9I=
=gMUV
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2023-05-20' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Regular fixes pull, amdgpu and msm make up most of these, nothing too
serious, also one i915 and one exynos.
I didn't get a misc fixes pull this week (one of the maintainers is
off, so have to engage the backup) so I think there are a few
outstanding patches that will show up next week,
amdgpu:
- update gfx11 clock counter logic
- Fix a race when disabling gfxoff on gfx10/11 for profiling
- Raven/Raven2/PCO clock counter fix
- Add missing get_vbios_fb_size for GMC 11
- Fix a spurious irq warning in the device remove case
- Fix possible power mode mismatch between driver and PMFW
- USB4 fix
exynos:
- fix build warning
i915:
- fix missing NULL check in HDCP code
msm:
- display:
- msm8998: fix fetch and qos to align with downstream
- msm8998: fix LM pairs to align with downstream
- remove unused INTF0 interrupt mask on some chipsets
- remove TE2 block from relevant chipsets
- relocate non-MDP_TOP offset to different header
- fix some indentation
- fix register offets/masks for dither blocks
- make ping-ping block length 0
- remove duplicated defines
- fix log mask for writeback block
- unregister the hdmi codec for dp during unbind
- fix yaml warnings
- gpu:
- fix submit error path leak
- arm-smmu-qcom fix for regression that broke per-process page
tables
- fix no-iommu crash"
* tag 'drm-fixes-2023-05-20' of git://anongit.freedesktop.org/drm/drm: (29 commits)
drm/amd/display: enable dpia validate
drm/amd/pm: fix possible power mode mismatch between driver and PMFW
drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
drm/amdgpu/gmc11: implement get_vbios_fb_size()
drm/amdgpu: Differentiate between Raven2 and Raven/Picasso according to revision id
drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well
drm/amdgpu/gfx10: Disable gfxoff before disabling powergating.
drm/amdgpu/gfx11: update gpu_clock_counter logic
drm/msm: Be more shouty if per-process pgtables aren't working
iommu/arm-smmu-qcom: Fix missing adreno_smmu's
drm/i915/hdcp: Check if media_gt exists
drm/exynos: fix g2d_open/close helper function definitions
drm/msm: Fix submit error-path leaks
drm/msm/iommu: Fix null pointer dereference in no-IOMMU case
dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and qcom, sync-dual-dsi
drm/msm/dpu: Remove duplicate register defines from INTF
drm/msm/dpu: Set PINGPONG block length to zero for DPU >= 7.0.0
drm/msm/dpu: Use V2 DITHER PINGPONG sub-block in SM8[34]50/SC8280XP
drm/msm/dpu: Fix PP_BLK_DIPHER -> DITHER typo
drm/msm/dpu: Reindent REV_7xxx interrupt masks with tabs
...
Formatting a thin-provisioned (ESE) device that is part of a PPRC copy
relation might fail with the following error:
dasd-eckd 0.0.f500: An error occurred in the DASD device driver, reason=09
[...]
24 Byte: 0 MSG 4, no MSGb to SYSOP
During format of an ESE disk the Release Allocated Space command is used.
A bit in the payload of the command is set that is not allowed to be set
for devices in a copy relation. This bit is set to allow the partial
release of an extent.
Check for the existence of a copy relation before setting the respective
bit.
Fixes: 91dc4a1975 ("s390/dasd: Add new ioctl to release space")
Cc: stable@kernel.org # 5.3+
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230519102340.3854819-2-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
In devm_cxl_add_port() the port creation may fail and its associated
pointer does not contain a valid address. During error message
generation this invalid port address is used. Fix that wrong address
access.
Fixes: f3cd264c4e ("cxl: Unify debug messages when calling devm_cxl_add_port()")
Signed-off-by: Robert Richter <rrichter@amd.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/20230519215436.3394532-1-rrichter@amd.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Six small fixes. Four in drivers and the two core changes should be
read together as a correction to a prior iorequest_cnt fix that
exposed us to a potential use after free.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCZGfmkyYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishfE1AQDpZPzr
nE9y8n9yALulFS0XLDgPElY+tPspbq7W6VhKjQEAoeXWFX/9ar0Qeg3OOev1B6vn
sVXkWgmCWfq+M5v9qog=
=3/aP
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Six small fixes.
Four in drivers and the two core changes should be read together as a
correction to a prior iorequest_cnt fix that exposed us to a potential
use after free"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"
scsi: storvsc: Don't pass unused PFNs to Hyper-V host
scsi: ufs: core: Fix MCQ nr_hw_queues
scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc()
scsi: ufs: core: Fix MCQ tag calculation
This fixes the follwing compiler warning reported by kernel test robot:
drivers/bluetooth/btnxpuart.c:1332:34: warning: unused variable
'nxpuart_of_match_table' [-Wunused-const-variable]
Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202305161345.eClvTYQ9-lkp@intel.com/
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Currently, hci_conn_del calls hci_conn_unlink for BR/EDR, (e)SCO, and
CIS connections, i.e., everything except LE connections. However, if
(e)SCO connections are unlinked when BR/EDR disconnects, CIS connections
should also be unlinked when LE disconnects.
In terms of disconnection behavior, CIS and (e)SCO connections are not
too different. One peculiarity of CIS is that when CIS connections are
disconnected, the CIS handle isn't deleted, as per [BLUETOOTH CORE
SPECIFICATION Version 5.4 | Vol 4, Part E] 7.1.6 Disconnect command:
All SCO, eSCO, and CIS connections on a physical link should be
disconnected before the ACL connection on the same physical
connection is disconnected. If it does not, they will be
implicitly disconnected as part of the ACL disconnection.
...
Note: As specified in Section 7.7.5, on the Central, the handle
for a CIS remains valid even after disconnection and, therefore,
the Host can recreate a disconnected CIS at a later point in
time using the same connection handle.
Since hci_conn_link invokes both hci_conn_get and hci_conn_hold,
hci_conn_unlink should perform both hci_conn_put and hci_conn_drop as
well. However, currently it performs only hci_conn_put.
This patch makes hci_conn_unlink call hci_conn_drop as well, which
simplifies the logic in hci_conn_del a bit and may benefit future users
of hci_conn_unlink. But it is noted that this change additionally
implies that hci_conn_unlink can queue disc_work on conn itself, with
the following call stack:
hci_conn_unlink(conn) [conn->parent == NULL]
-> hci_conn_unlink(child) [child->parent == conn]
-> hci_conn_drop(child->parent)
-> queue_delayed_work(&conn->disc_work)
Queued disc_work after hci_conn_del can be spurious, so during the
process of hci_conn_del, it is necessary to make the call to
cancel_delayed_work(&conn->disc_work) after invoking hci_conn_unlink.
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Co-developed-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Commit 06149746e7 ("Bluetooth: hci_conn: Add support for linking
multiple hcon") reintroduced a previously fixed bug [1] ("KASAN:
slab-use-after-free Read in hci_conn_hash_flush"). This bug was
originally fixed by commit 5dc7d23e16 ("Bluetooth: hci_conn: Fix
possible UAF").
The hci_conn_unlink function was added to avoid invalidating the link
traversal caused by successive hci_conn_del operations releasing extra
connections. However, currently hci_conn_unlink itself also releases
extra connections, resulted in the reintroduced bug.
This patch follows a more robust solution for cleaning up all
connections, by repeatedly removing the first connection until there are
none left. This approach does not rely on the inner workings of
hci_conn_del and ensures proper cleanup of all connections.
Meanwhile, we need to make sure that hci_conn_del never fails. Indeed it
doesn't, as it now always returns zero. To make this a bit clearer, this
patch also changes its return type to void.
Reported-by: syzbot+8bb72f86fc823817bc5d@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-bluetooth/000000000000aa920505f60d25ad@google.com/
Fixes: 06149746e7 ("Bluetooth: hci_conn: Add support for linking multiple hcon")
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Co-developed-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
If hci_conn_put(conn->parent) reduces conn->parent's reference count to
zero, it can immediately deallocate conn->parent. At the same time,
conn->link->list has its head in conn->parent, causing use-after-free
problems in the latter list_del_rcu(&conn->link->list).
This problem can be easily solved by reordering the two operations,
i.e., first performing the list removal with list_del_rcu and then
decreasing the refcnt with hci_conn_put.
Reported-by: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Closes: https://lore.kernel.org/linux-bluetooth/CABBYNZ+1kce8_RJrLNOXd_8=Mdpb=2bx4Nto-hFORk=qiOkoCg@mail.gmail.com/
Fixes: 06149746e7 ("Bluetooth: hci_conn: Add support for linking multiple hcon")
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
kfree()-ing the scratch page isn't enough, we also need to set the pointer
back to NULL to avoid a double-free in the case of a resend.
Fixes: fbd2a05f29 (NFSv4.2: Rework scratch handling for READ_PLUS)
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Some calls to rpc_exit_task() may deliberately change the value of
task->tk_status, for instance because it gets checked by the RPC call's
rpc_release() callback. That makes it wrong to reset the value to
task->tk_rpc_status.
In particular this causes a bug where the rpc_call_done() callback tries
to fail over a set of pNFS/flexfiles writes to a different IP address,
but the reset of task->tk_status causes nfs_commit_release_pages() to
immediately mark the file as having a fatal error.
Fixes: 39494194f9 ("SUNRPC: Fix races with rpc_killall_tasks()")
Cc: stable@vger.kernel.org # 6.1.x
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
kmap_atomic() is deprecated in favor of kmap_local_{folio,page}().
Therefore, replace kmap_atomic() with kmap_local_folio() in
nfs_readdir_folio_array_append().
kmap_atomic() disables page-faults and preemption (the latter only for
!PREEMPT_RT kernels), However, the code within the mapping/un-mapping in
nfs_readdir_folio_array_append() does not depend on the above-mentioned
side effects.
Therefore, a mere replacement of the old API with the new one is all that
is required (i.e., there is no need to explicitly add any calls to
pagefault_disable() and/or preempt_disable()).
Tested with (x)fstests in a QEMU/KVM x86_32 VM, 6GB RAM, booting a kernel
with HIGHMEM64GB enabled.
Cc: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Fixes: ec108d3cc7 ("NFS: Convert readdir page array functions to use a folio")
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
goes back to 2017 (marked for stable) and a fixup to quieten a static
checker.
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmRnnmQTHGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzi+UGB/9b2jo9bvRJXm3Z9baTyCYGCLmpOMYB
gUDAHY9iTZBWdxbk+YppCWyh20oXz1082DV6vMn2FBhFgv4um/7GXesoVMGin73n
5w3YB8nBW0LeFsuuLMp+tnWnsIbYxEdVmNSe5lNZX16UVRW+GUBJeLPeiJrB2YCE
NuCWw4SUxRDKU1cCHWIBjIz0qJmvbW+8U7f0OwPqk1e5QmoE9Fs44sfJ9aBX4ap7
nlPWsoNX0fRixKNcsueBHLr4xEqYG0qqyvCiZnz3r59Zlcs2HwcfixBfNnJPjDeu
3ijPm+mYjAT8Vg2mVwf2fCXAtdXlzX9+ULHZDp2VoD/0LB+E5ep08HAO
=Vixp
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-6.4-rc3' of https://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"A workaround for a just discovered bug in MClientSnap encoding which
goes back to 2017 (marked for stable) and a fixup to quieten a static
checker"
* tag 'ceph-for-6.4-rc3' of https://github.com/ceph/ceph-client:
ceph: force updating the msg pointer in non-split case
ceph: silence smatch warning in reconnect_caps_cb()
- Get rid of a warning message printed by the ACPI cpufreq driver
after recent changes in it when anohter CPU performance scaling
driver is registered already when it starts (Petr Pavlu).
- Make cpupower read TSC on each CPU right before reading MPERF so as
to reduce the potential time difference between the TSC and MPERF
accesses and improve the C0 percentage calculation (Wyes Karny).
- Fix a possible file handle leak and clean up the code in the
sysfs_get_enabled() function in cpupower (Hao Zeng).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmRnlBgSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxKNkP/0/DbVoou1NtLnGY1zIfz0fHPXcmOmmZ
1WZM9djlk/Yhw66EXpm6iAmtDhaXIGK4n6roCxYXKkSWlkWsnGKH105wQ3+4Z+Bh
un88fh5pgDT6XVxHMbhN6T4fHHTJ2Sg/ba6dW8pbNNsS0UivD3Qe1eBdyJTP5b48
VEiP6hjgaIvoze/NJYChtOzJiVj7hpwwV/O4Mf6qL0FKR4uOixvePFugxzX6Tatm
wcGiNio9spEUt4Nv1ROGaJIRIv8Cx5bIleTRpOMqxKEaCuwPJ9Fq4j/06PaR3JSd
0zZ7kC/l639+Rk5DDvf8gxRzmN0FsaM+beDxKbysDC1gfFNK+P9SelXAV4C2jFNk
j+s5VvecsNRBgPbSxuFNkY5u2mzYFhFew69ZKVcTddNf3aMYjbiDGYkpH1lY5zLe
yKsGZToXdGOG3+48E2zOiQxEiITbfq1SQLIZog6i/y6Na9DLyTAiTnbCBQGBObS/
200mbzLq63wBekssi7ocbpSzK+mrDY5YfKtF9lWeSnxnwTOsuDYG4HGa8OtdsDhV
YJN2wTV24yz5IALs1jwNggpQ7S3p+QdO5f2KAfKdg9lLRePz42Y2zUZ0EI7c7mK9
eddCPU/FfgECq5+EipQ9HTZJf9I350Cz2CBscoUXxwhWa7Ig28f6Hr8+peC461hE
6Oi7dIlrsyns
=w8ox
-----END PGP SIGNATURE-----
Merge tag 'pm-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix two issues in the cpupower utility and get rid of a spurious
warning message printed to the kernel log by the ACPI cpufreq driver
after recent changes.
Specifics:
- Get rid of a warning message printed by the ACPI cpufreq driver
after recent changes in it when anohter CPU performance scaling
driver is registered already when it starts (Petr Pavlu)
- Make cpupower read TSC on each CPU right before reading MPERF so as
to reduce the potential time difference between the TSC and MPERF
accesses and improve the C0 percentage calculation (Wyes Karny)
- Fix a possible file handle leak and clean up the code in the
sysfs_get_enabled() function in cpupower (Hao Zeng)"
* tag 'pm-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: ACPI: Prevent a warning when another frequency driver is loaded
cpupower: Make TSC read per CPU for Mperf monitor
cpupower:Fix resource leaks in sysfs_get_enabled()
Add an ACPI IRQ override quirk for LG UltraPC 17U70P so as to
make the internal keyboard work on that machine (Rubén Gómez).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmRnk7ASHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxeFgP/j7kmwSC0Peyk6xLhxmAJ1G/rUHAf+dB
9uC+txDbyOXjSsPvm6UeGF1eKYDPzFWdDxl6emzuz4X9GPgIUznbh3xgmom3A4jh
XyQdYFzVTuGf9HTJ72QmNKj52z6feG2j5fYkD83c5tFMbjAdnvnzJw1yQGj6vxoj
2Jvx5sBpQEPqBYPvgZ6BysKlDJpraQ2E/pKFNVqhpYTXjjxg5wTTDSL8YkdUJ8JO
wDWfboIUMij37CmDazl50qCjbzjC8r1k0knCwH0uSdua5RIup57ctfe87uUcs/0S
wvBzY7Di1j7fsKoxwR779MbI61/H4Lb1FSXpyNswHWWv2gMNk2wbsuB6qNn4xb3k
aQjTyDffGgJKpJ5fEm9FpWzMc67EVyy2BPVrK/ZbXtya+Jh1HhGVSsTcSckfdwcW
y75/jDtYeh0rizO9uHXN7cxLEUwuPrva72/K3aYxC1VubY1RXsC8tPjKiZjBzkPa
3OVWKmTIgZGw4kR86KT/KKZ8/vr0KbUM19TAu7MMR8mQK01hnK8V4Xvb9VYOr7KZ
lGqVRty6vp6Sf+yZ95eotYB8vwLQeK6txTLa+wDu/0flRYdGUoDaU6oU3SBGcx5a
Vqhybi7mXUiEHQcVJAZNh/vn2ACjKpx46Y5EyQamaX9fS0nIBQK7b8S3CZHZ9qmj
kYNXfo7yW7rp
=y8h3
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Add an ACPI IRQ override quirk for LG UltraPC 17U70P so as to make the
internal keyboard work on that machine (Rubén Gómez)"
* tag 'acpi-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
-----BEGIN PGP SIGNATURE-----
iQFCBAABCAAtFiEEIw+MvkEiF49krdp9F0NaE2wMflgFAmRnhlAPHGNvcmJldEBs
d24ubmV0AAoJEBdDWhNsDH5YGBkH+Od05zp058WjofcWmBWJUuTFc4nUMt/Atqeq
f06Y2WdiEFTyEgo9O/6hQFfuOYZBp5VcPlgBGGNPSU4JKmcWayf+ZWiVcEO1CmqN
deahkKun84ZscFj1m65r6v6o5yqgPALlFK7QCjLv5sqF8lS06QbTr0EYasjHf0Zk
9wwrCZadATv0zH5MLQoNSKBBjOznzp75IRvN0x8UYAkR413tX6lA0mCalURK7S+j
lMmb5HVY9+Gl9z4gY01ICIfAHNX39TOHzcltn7MxHcac8vCujbjhp/GJ1ZY83aRv
smleLpFi/L8pUdE4vYybATCifcuLVu0w7rxPoOVkCgt6EHkBcw==
=XC85
-----END PGP SIGNATURE-----
Merge tag 'docs-6.4-fixes' of git://git.lwn.net/linux
Pull documentation fixes from Jonathan Corbet:
"Four straightforward documentation fixes"
* tag 'docs-6.4-fixes' of git://git.lwn.net/linux:
Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
Documentation/filesystems: sharedsubtree: add section headings
docs: quickly-build-trimmed-linux: various small fixes and improvements
Documentation: use capitalization for chapters and acronyms
- Add check whether the required facilities are installed
before using the s390-specific ChaCha20 implementation.
- Key blobs for s390 protected key interface IOCTLs commands
PKEY_VERIFYKEY2 and PKEY_VERIFYKEY3 may contain clear key
material. Zeroize copies of these keys in kernel memory
after creating protected keys.
- Set CONFIG_INIT_STACK_NONE=y in defconfigs to avoid extra
overhead of initializing all stack variables by default.
- Make sure that when a new channel-path is enabled all
subchannels are evaluated: with and without any devices
connected on it.
- When SMT thread CPUs are added to CPU topology masks the
nr_cpu_ids limit is not checked and could be exceeded.
Respect the nr_cpu_ids limit and avoid a warning when
CONFIG_DEBUG_PER_CPU_MAPS is set.
- The pointer to IPL Parameter Information Block is stored
in the absolute lowcore as a virtual address. Save it as
the physical address for later use by dump tools.
- Fix a Queued Direct I/O (QDIO) problem on z/VM guests using
QIOASSIST with dedicated (pass through) QDIO-based devices
such as FCP, real OSA or HiperSockets.
- s390's struct statfs and struct statfs64 contain padding,
which field-by-field copying does not set. Initialize the
respective structures with zeros before filling them and
copying to userspace.
- Grow s390 compat_statfs64, statfs and statfs64 structures
f_spare array member to cover padding and simplify things.
- Remove obsolete SCHED_BOOK and SCHED_DRAWER configs.
- Remove unneeded S390_CCW_IOMMU and S390_AP_IOM configs.
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCZGd5BRccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8OqMAQCsdBG7eR3dp3mY8ao34dqlWt98
rDQD8oiMgCkFyn77jQEAoo3HhqWY8oTu88fl82dkF0OpGW+7zgoNHUYhH8Z0gAY=
=wtTO
-----END PGP SIGNATURE-----
Merge tag 's390-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Alexander Gordeev:
- Add check whether the required facilities are installed before using
the s390-specific ChaCha20 implementation
- Key blobs for s390 protected key interface IOCTLs commands
PKEY_VERIFYKEY2 and PKEY_VERIFYKEY3 may contain clear key material.
Zeroize copies of these keys in kernel memory after creating
protected keys
- Set CONFIG_INIT_STACK_NONE=y in defconfigs to avoid extra overhead of
initializing all stack variables by default
- Make sure that when a new channel-path is enabled all subchannels are
evaluated: with and without any devices connected on it
- When SMT thread CPUs are added to CPU topology masks the nr_cpu_ids
limit is not checked and could be exceeded. Respect the nr_cpu_ids
limit and avoid a warning when CONFIG_DEBUG_PER_CPU_MAPS is set
- The pointer to IPL Parameter Information Block is stored in the
absolute lowcore as a virtual address. Save it as the physical
address for later use by dump tools
- Fix a Queued Direct I/O (QDIO) problem on z/VM guests using QIOASSIST
with dedicated (pass through) QDIO-based devices such as FCP, real
OSA or HiperSockets
- s390's struct statfs and struct statfs64 contain padding, which
field-by-field copying does not set. Initialize the respective
structures with zeros before filling them and copying to userspace
- Grow s390 compat_statfs64, statfs and statfs64 structures f_spare
array member to cover padding and simplify things
- Remove obsolete SCHED_BOOK and SCHED_DRAWER configs
- Remove unneeded S390_CCW_IOMMU and S390_AP_IOM configs
* tag 's390-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/iommu: get rid of S390_CCW_IOMMU and S390_AP_IOMMU
s390/Kconfig: remove obsolete configs SCHED_{BOOK,DRAWER}
s390/uapi: cover statfs padding by growing f_spare
statfs: enforce statfs[64] structure initialization
s390/qdio: fix do_sqbs() inline assembly constraint
s390/ipl: fix IPIB virtual vs physical address confusion
s390/topology: honour nr_cpu_ids when adding CPUs
s390/cio: include subchannels without devices also for evaluation
s390/defconfigs: set CONFIG_INIT_STACK_NONE=y
s390/pkey: zeroize key blobs
s390/crypto: use vector instructions only if available for ChaCha20
- Avoid erroneously marking untagged pages with PG_mte_tagged
- Always reset KASAN tags for destination page in copy_page()
- Mark PMU header functions 'static inline'
- Fix some sparse warnings due to missing casts
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmRnVj4QHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNJdMB/94LS7O5EVgx0qVg7g7D0LDs6f++eJ8Ya0V
32QSPal1KRFIBvHdyyQWdce0j+hs0mefsJ8fUTA16Jl8UrZ5U2XKzV3czvxZHjeX
AcBhw2nNVTH3vG1lXJzQLMGtgsVGXAw/DNwCgztNnlNCvyS+dpb7Gzrwv1safxni
eXs8nvyAlowzfvCWk4bNAE8ZLB4ckAAuPrzactzVJ6I397kk5i/PPUSWzG6syx3G
qPXE3XSYtlqQ/ZmGnoE/PWTGPNcieWfeQcHlIT+00tdH/FWd+rJdIb5VW0JKDtLo
Rqtpq0SfZTqg6+GdzQUbLVfOcAte3TiD7qOcA1xnT2z4IjEQGIav
=eZEU
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"A mixture of compiler/static checker resolutions and a couple of MTE
fixes:
- Avoid erroneously marking untagged pages with PG_mte_tagged
- Always reset KASAN tags for destination page in copy_page()
- Mark PMU header functions 'static inline'
- Fix some sparse warnings due to missing casts"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: mte: Do not set PG_mte_tagged if tags were not initialized
arm64: Also reset KASAN tag if page is not PG_mte_tagged
arm64: perf: Mark all accessor functions inline
ARM: perf: Mark all accessor functions inline
arm64: vdso: Pass (void *) to virt_to_page()
arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
In kvm_vm_ioctl_create_vcpu(), add vcpu to vcpu_array iff it's safe to
access vcpu via kvm_get_vcpu() and kvm_for_each_vcpu(), i.e. when there's
no failure path requiring vcpu removal and destruction. Such order is
important because vcpu_array accessors may end up referencing vcpu at
vcpu_array[0] even before online_vcpus is set to 1.
When online_vcpus=0, any call to kvm_get_vcpu() goes through
array_index_nospec() and ends with an attempt to xa_load(vcpu_array, 0):
int num_vcpus = atomic_read(&kvm->online_vcpus);
i = array_index_nospec(i, num_vcpus);
return xa_load(&kvm->vcpu_array, i);
Similarly, when online_vcpus=0, a kvm_for_each_vcpu() does not iterate over
an "empty" range, but actually [0, ULONG_MAX]:
xa_for_each_range(&kvm->vcpu_array, idx, vcpup, 0, \
(atomic_read(&kvm->online_vcpus) - 1))
In both cases, such online_vcpus=0 edge case, even if leading to
unnecessary calls to XArray API, should not be an issue; requesting
unpopulated indexes/ranges is handled by xa_load() and xa_for_each_range().
However, this means that when the first vCPU is created and inserted in
vcpu_array *and* before online_vcpus is incremented, code calling
kvm_get_vcpu()/kvm_for_each_vcpu() already has access to that first vCPU.
This should not pose a problem assuming that once a vcpu is stored in
vcpu_array, it will remain there, but that's not the case:
kvm_vm_ioctl_create_vcpu() first inserts to vcpu_array, then requests a
file descriptor. If create_vcpu_fd() fails, newly inserted vcpu is removed
from the vcpu_array, then destroyed:
vcpu->vcpu_idx = atomic_read(&kvm->online_vcpus);
r = xa_insert(&kvm->vcpu_array, vcpu->vcpu_idx, vcpu, GFP_KERNEL_ACCOUNT);
kvm_get_kvm(kvm);
r = create_vcpu_fd(vcpu);
if (r < 0) {
xa_erase(&kvm->vcpu_array, vcpu->vcpu_idx);
kvm_put_kvm_no_destroy(kvm);
goto unlock_vcpu_destroy;
}
atomic_inc(&kvm->online_vcpus);
This results in a possible race condition when a reference to a vcpu is
acquired (via kvm_get_vcpu() or kvm_for_each_vcpu()) moments before said
vcpu is destroyed.
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Message-Id: <20230510140410.1093987-2-mhal@rbox.co>
Cc: stable@vger.kernel.org
Fixes: c5b0775491 ("KVM: Convert the kvm->vcpus array to a xarray", 2021-12-08)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Include a definition of WARN_ON_ONCE() before using it.
Fixes: bb1fcc70d9 ("KVM: nVMX: Allow L1 to use 5-level page walks for nested EPT")
Cc: Sean Christopherson <seanjc@google.com>
Signed-off-by: Jacob Xu <jacobhxu@google.com>
[reworded commit message; changed <asm/bug.h> to <linux/bug.h>]
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220225012959.1554168-1-jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reject hardware enabling, i.e. VM creation, if a restart/shutdown has
been initiated to avoid re-enabling hardware between kvm_reboot() and
machine_{halt,power_off,restart}(). The restart case is especially
problematic (for x86) as enabling VMX (or clearing GIF in KVM_RUN on
SVM) blocks INIT, which results in the restart/reboot hanging as BIOS
is unable to wake and rendezvous with APs.
Note, this bug, and the original issue that motivated the addition of
kvm_reboot(), is effectively limited to a forced reboot, e.g. `reboot -f`.
In a "normal" reboot, userspace will gracefully teardown userspace before
triggering the kernel reboot (modulo bugs, errors, etc), i.e. any process
that might do ioctl(KVM_CREATE_VM) is long gone.
Fixes: 8e1c18157d ("KVM: VMX: Disable VMX when system shutdown")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Message-Id: <20230512233127.804012-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use syscore_ops.shutdown to disable hardware virtualization during a
reboot instead of using the dedicated reboot_notifier so that KVM disables
virtualization _after_ system_state has been updated. This will allow
fixing a race in KVM's handling of a forced reboot where KVM can end up
enabling hardware virtualization between kernel_restart_prepare() and
machine_restart().
Rename KVM's hook to match the syscore op to avoid any possible confusion
from wiring up a "reboot" helper to a "shutdown" hook (neither "shutdown
nor "reboot" is completely accurate as the hook handles both).
Opportunistically rewrite kvm_shutdown()'s comment to make it less VMX
specific, and to explain why kvm_rebooting exists.
Cc: Marc Zyngier <maz@kernel.org>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: James Morse <james.morse@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Zenghui Yu <yuzenghui@huawei.com>
Cc: kvmarm@lists.linux.dev
Cc: Huacai Chen <chenhuacai@kernel.org>
Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Cc: Anup Patel <anup@brainfault.org>
Cc: Atish Patra <atishp@atishpatra.org>
Cc: kvm-riscv@lists.infradead.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Message-Id: <20230512233127.804012-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A collection of small fixes that have been gathered since rc1:
- Lots of small ASoC SOF Intel fixes
- A couple of UAF and NULL-dereference fixes
- Quirks and updates for HD-audio, USB-audio and ASoC AMD
- A few minor build / sparse warning fixes
- MAINTAINERS and DT updates
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmRnL6AOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9DAg//YU96xe71JZoi8TJML6rfUeOw38KIiAIEmv+s
KBg+lFjNacFkZSbohDY9SMViGdVkukRxw/UTtMrTyf1sW1eTyfTxak/vw0sTnO92
S02hngTioaqUQKCXb/90bN+zTyLnIVmpdWs6CInTtnAl5YS73GcqGwq96/TnBWKj
dOVcRxSC6Grh/duZkYjA7DdoCPiQTQa+hoMJSsfrazgcmQKbEO21NZNSmk1XU/DW
fE0y+G8LDEQAdefyw+pVfjLEpPHr1j0Pu6k6tHq6B2yNVnyopwiQTY5FQF+XQ6Yb
3ma5bMfK1myD3CeXjP/9ws7xAhw5yzgwiHBcNuKHolXQnjEKzaP0PMEdSXMzQXPz
+3iGkN2kA3NqS9zOSCMdSfQC7zVjfmHEoTewuL4xVl6jEPlWS/Ubrufsj6cKyFvh
+MxT/FL3rcqEYXgCPxxtt77iVKwVhy91aZaYMMhFanL9kluGDryTumgriA2DSoQo
XXD2K487+PHI9YjSAXjyU7WHjaqi84iisP0T3COdJarmTStoi+zf2DYSQZRITBTJ
uDEqXV9vPleuoWEZIjPpd2Gv3/5xhRabS+PykNwbPFbv3vDP6olxIRRdHP+ohxaI
LUC2rz1fM+Qe/QpuVrp8qLpj8NMJ5u9PGDgjDyHNx5qFCW1em7lm/IJO1ponnZ2O
0OCMJGQ=
=3Pft
-----END PGP SIGNATURE-----
Merge tag 'sound-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes that have been gathered since rc1:
- Lots of small ASoC SOF Intel fixes
- A couple of UAF and NULL-dereference fixes
- Quirks and updates for HD-audio, USB-audio and ASoC AMD
- A few minor build / sparse warning fixes
- MAINTAINERS and DT updates"
* tag 'sound-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (38 commits)
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: oss: avoid missing-prototype warnings
ALSA: cs46xx: mark snd_cs46xx_download_image as static
ALSA: hda: Fix Oops by 9.1 surround channel names
ASoC: SOF: topology: Fix tuples array allocation
ASoC: SOF: Separate the tokens for input and output pin index
MAINTAINERS: Remove self from Cirrus Codec drivers
ASoC: cs35l56: Prevent unbalanced pm_runtime in dsp_work() on SoundWire
ASoC: SOF: topology: Fix logic for copying tuples
ASoC: SOF: pm: save io region state in case of errors in resume
ASoC: MAINTAINERS: drop Krzysztof Kozlowski from Samsung audio
ASoC: mediatek: mt8186: Fix use-after-free in driver remove path
ASoC: SOF: ipc3-topology: Make sure that only one cmd is sent in dai_config
ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
ASoC: SOF: Intel: hda-mlink: add helper to program SoundWire PCMSyCM registers
ASoC: SOF: Intel: hda-mlink: initialize instance_offset member
ASoC: SOF: Intel: hda-mlink: use 'ml_addr' parameter consistently
ASoC: SOF: Intel: hda-mlink: fix base_ptr computation
...
A narrow load from a 64-bit context field results in a 64-bit load
followed potentially by a 64-bit right-shift and then a bitwise AND
operation to extract the relevant data.
In the case of a 32-bit access, an immediate mask of 0xffffffff is used
to construct a 64-bit BPP_AND operation which then sign-extends the mask
value and effectively acts as a glorified no-op. For example:
0: 61 10 00 00 00 00 00 00 r0 = *(u32 *)(r1 + 0)
results in the following code generation for a 64-bit field:
ldr x7, [x7] // 64-bit load
mov x10, #0xffffffffffffffff
and x7, x7, x10
Fix the mask generation so that narrow loads always perform a 32-bit AND
operation:
ldr x7, [x7] // 64-bit load
mov w10, #0xffffffff
and w7, w7, w10
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: Krzesimir Nowak <krzesimir@kinvolk.io>
Cc: Andrey Ignatov <rdna@fb.com>
Acked-by: Yonghong Song <yhs@fb.com>
Fixes: 31fd85816d ("bpf: permits narrower load from bpf program context fields")
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20230518102528.1341-1-will@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
The __NR_execve definition for i386 was deleted by mistake
in the commit ece7f7c050 ("perf bench syscall: Add fork
syscall benchmark"), add it to fix the build error on i386.
Fixes: ece7f7c050 ("perf bench syscall: Add fork syscall benchmark")
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
Cc: loongson-kernel@lists.loongnix.cn
Closes: https://lore.kernel.org/all/CA+G9fYvgBR1iB0CorM8OC4AM_w_tFzyQKHc+rF6qPzJL=TbfDQ@mail.gmail.com/
Link: https://lore.kernel.org/r/1684480657-2375-1-git-send-email-yangtiezhu@loongson.cn
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Merge cpupower utility fixes for 6.4-rc3:
- Read TSC on each CPU right before reading MPERF so as to reduce the
potential time difference between the TSC and MPERF accesses and
improve the C0 percentage calculation (Wyes Karny).
- Fix a possible file handle leak and clean up the code in
sysfs_get_enabled() (Hao Zeng).
* pm-tools:
cpupower: Make TSC read per CPU for Mperf monitor
cpupower:Fix resource leaks in sysfs_get_enabled()
This cpupower fixes update for Linux 67.4-rc3 consists of:
- a resource leak fix
- fix drift in C0 percentage calculation due to System-wide TSC read.
To lower this drift read TSC per CPU and also just after mperf read.
This technique improves C0 percentage calculation in Mperf monitor
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAmRlGnYACgkQCwJExA0N
Qxx80A//RtYobNoT+VANs3ZWoioGF1r0l4abxRXgGOTIPe+CsPtYF1OT3eUyj1as
2VoOdt6UT4X46RkGmgcyAYJon9tVaINVVm0ssk2zyXBsbf5NyNOECuO1HAiH8f3W
T15HYB+ilGpj2yH969+Ggw/sFzhPwEJQCCJvOk1/ESiL/XCp24eEsMRxYtwjMXC2
rdOCUOP1+4vXywytiraYNee4eNIae66x1Mg7+mCortQyyvXtt1VaOmlZHwk1gdgs
P5kZjVwYzczNlxeQCkjaPtgOT13iqwo4+GUq1ezjSKtTXAZB4HgWYAaHKjqzOxRp
STGaNwFyzF/+LkPLHwe9cgm1STGgX/LvyH/SI8hziqtJzkgTTOTxbDWh+GCtVJsR
HRJdrLe2k5bEW0ygV/01ACDiOJLY3tikUhZi1wrjQ1THAbUsIGIBRCooL7/q8iUQ
UsLCsOLBUI82oy3M/r0ZkLAZ3gC2aOmxPyp7AcGL17V90+2k90uZL99Ir8HJMtob
FdEXztPh8x1lYhZoj1DJd1YXA/sxNG0n9CqhLJGcXkwf6L4V+uyoQlDoQrKjky9C
Dvtd0cGrPaOEGoLj1ABvwFagmU1oDqkd4OeHx2bxZnpipBGLxQTAKwaBjp6+FFEk
lOMPAzEU8hXVo5Bj/nNmxZmwraEzcV0WwFiLCLvOUUt5dFhZIns=
=eD91
-----END PGP SIGNATURE-----
Merge tag 'linux-cpupower-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux
Pull cpupower utility fixes for 6.4-rc3 from Shuah Khan:
"This cpupower fixes update for Linux 67.4-rc3 consists of:
- a resource leak fix
- fix drift in C0 percentage calculation due to System-wide TSC read.
To lower this drift read TSC per CPU and also just after mperf read.
This technique improves C0 percentage calculation in Mperf monitor"
* tag 'linux-cpupower-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux:
cpupower: Make TSC read per CPU for Mperf monitor
cpupower:Fix resource leaks in sysfs_get_enabled()
This was using the wrong variable, "r", instead of "ddata->vcc_reg", so
it returned success instead of a negative error code.
Fixes: 0d3dbeb814 ("video: fbdev: omapfb: panel-tpo-td043mtea1: Make use of the helper function dev_err_probe()")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
The rq pointer points inside the drm_gpu_scheduler structure. Thus
it can't be NULL.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: c61cdbdbff ("drm/scheduler: Fix hang when sched_entity released")
Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru>
Link: https://lore.kernel.org/r/20230517125247.434103-1-VEfanov@ispras.ru
Reviewed-by: Luben Tuikov <luben.tuikov@amd.com>
Signed-off-by: Luben Tuikov <luben.tuikov@amd.com>
Address the warning:
```
tests/attr.py:155: DeprecationWarning: The SafeConfigParser class has
been renamed to ConfigParser in Python 3.2. This alias will be
removed in Python 3.12. Use ConfigParser directly instead.
parser = configparser.SafeConfigParser()
```
by removing the word 'Safe'.
Reviewed-by: James Clark <james.clark@arm.com>
Signed-off-by: Ian Rogers <irogers@google.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Link: https://lore.kernel.org/r/20230517225707.2682235-2-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
