We already upcall to resolve hostnames during reconnect by calling
reconn_set_ipaddr_from_hostname(), so there is no point in having a
worker to periodically call it.
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Reviewed-by <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
If the MR allocate failed, the MR recovery work not initialized
and list not cleared. Then will be warning and UAF when release
the MR:
WARNING: CPU: 4 PID: 824 at kernel/workqueue.c:3066 __flush_work.isra.0+0xf7/0x110
CPU: 4 PID: 824 Comm: mount.cifs Not tainted 6.1.0-rc5+ #82
RIP: 0010:__flush_work.isra.0+0xf7/0x110
Call Trace:
<TASK>
__cancel_work_timer+0x2ba/0x2e0
smbd_destroy+0x4e1/0x990
_smbd_get_connection+0x1cbd/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
BUG: KASAN: use-after-free in smbd_destroy+0x4fc/0x990
Read of size 8 at addr ffff88810b156a08 by task mount.cifs/824
CPU: 4 PID: 824 Comm: mount.cifs Tainted: G W 6.1.0-rc5+ #82
Call Trace:
dump_stack_lvl+0x34/0x44
print_report+0x171/0x472
kasan_report+0xad/0x130
smbd_destroy+0x4fc/0x990
_smbd_get_connection+0x1cbd/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Allocated by task 824:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x7a/0x90
_smbd_get_connection+0x1b6f/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Freed by task 824:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x40
____kasan_slab_free+0x143/0x1b0
__kmem_cache_free+0xc8/0x330
_smbd_get_connection+0x1c6a/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Let's initialize the MR recovery work before MR allocate to prevent
the warning, remove the MRs from the list to prevent the UAF.
Fixes: c7398583340a ("CIFS: SMBD: Implement RDMA memory registration")
Acked-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Tom Talpey <tom@talpey.com>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
If the MR allocate failed, the smb direct connection info is NULL,
then smbd_destroy() will directly return, then the connection info
will be leaked.
Let's set the smb direct connection info to the server before call
smbd_destroy().
Fixes: c7398583340a ("CIFS: SMBD: Implement RDMA memory registration")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Acked-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: David Howells <dhowells@redhat.com>
Reviewed-by: Tom Talpey <tom@talpey.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
If we did not get a lease we can still return a single use cfid to the caller.
The cfid will not have has_lease set and will thus not be shared with any
other concurrent users and will be freed immediately when the caller
drops the handle.
This avoids extra roundtrips for servers that do not support directory leases
where they would first fail to get a cfid with a lease and then fallback
to try a normal SMB2_open()
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Some servers may return that we got a lease in rsp->OplockLevel
but then in the lease context contradict this and say we got no lease
at all. Thus we need to check the context if we have a lease.
Additionally, If we do not get a lease we need to make sure we close
the handle before we return an error to the caller.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
The kernel is globally removing the ambiguous 0-length and 1-element
arrays in favor of flexible arrays, so that we can gain both compile-time
and run-time array bounds checking[1].
Replace the trailing 1-element array with a flexible array in the
following structures:
struct cifs_spnego_msg
struct cifs_quota_data
struct get_dfs_referral_rsp
struct file_alt_name_info
NEGOTIATE_RSP
SESSION_SETUP_ANDX
TCONX_REQ
TCONX_RSP
TCONX_RSP_EXT
ECHO_REQ
ECHO_RSP
OPEN_REQ
OPENX_REQ
LOCK_REQ
RENAME_REQ
COPY_REQ
COPY_RSP
NT_RENAME_REQ
DELETE_FILE_REQ
DELETE_DIRECTORY_REQ
CREATE_DIRECTORY_REQ
QUERY_INFORMATION_REQ
SETATTR_REQ
TRANSACT_IOCTL_REQ
TRANSACT_CHANGE_NOTIFY_REQ
TRANSACTION2_QPI_REQ
TRANSACTION2_SPI_REQ
TRANSACTION2_FFIRST_REQ
TRANSACTION2_GET_DFS_REFER_REQ
FILE_UNIX_LINK_INFO
FILE_DIRECTORY_INFO
FILE_FULL_DIRECTORY_INFO
SEARCH_ID_FULL_DIR_INFO
FILE_BOTH_DIRECTORY_INFO
FIND_FILE_STANDARD_INFO
Replace the trailing 1-element array with a flexible array, but leave
the existing structure padding:
FILE_ALL_INFO
FILE_UNIX_INFO
Remove unused structures:
struct gea
struct gealist
Adjust all related size calculations to match the changes to sizeof().
No machine code output differences are produced after these changes.
[1] For lots of details, see both:
https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrayshttps://people.kernel.org/kees/bounded-flexible-arrays-in-c
Cc: Steve French <sfrench@samba.org>
Cc: Paulo Alcantara <pc@cjr.nz>
Cc: Ronnie Sahlberg <lsahlber@redhat.com>
Cc: Shyam Prasad N <sprasad@microsoft.com>
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
The kernel is globally removing the ambiguous 0-length and 1-element
arrays in favor of flexible arrays, so that we can gain both compile-time
and run-time array bounds checking[1].
While struct fealist is defined as a "fake" flexible array (via a
1-element array), it is only used for examination of the first array
element. Walking the list is performed separately, so there is no reason
to treat the "list" member of struct fealist as anything other than a
single entry. Adjust the struct and code to match.
Additionally, struct fea uses the "name" member either as a dynamic
string, or is manually calculated from the start of the struct. Redefine
the member as a flexible array.
No machine code output differences are produced after these changes.
[1] For lots of details, see both:
https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrayshttps://people.kernel.org/kees/bounded-flexible-arrays-in-c
Cc: Steve French <sfrench@samba.org>
Cc: Paulo Alcantara <pc@cjr.nz>
Cc: Ronnie Sahlberg <lsahlber@redhat.com>
Cc: Shyam Prasad N <sprasad@microsoft.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
The client was sending rfc1002 session request packet with a wrong
length field set, therefore failing to mount shares against old SMB
servers over port 139.
Fix this by calculating the correct length as specified in rfc1002.
Fixes: d7173623bf0b ("cifs: use ALIGN() and round_up() macros")
Cc: stable@vger.kernel.org
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Use a struct assignment with implicit member initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Due to the 2bytes of padding from the smb2 tree connect request,
there is an unneeded difference between the rfc1002 length and the actual
frame length. In the case of windows client, it is sent by matching it
exactly.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
There are no more callers; remove this function before any more appear.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Avoids many calls to compound_head() and removes calls to various
compat functions.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
oparms was not fully initialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
The aim of using encryption on a connection is to keep
the data confidential, so we must not use plaintext rdma offload
for that data!
It seems that current windows servers and ksmbd would allow
this, but that's no reason to expose the users data in plaintext!
And servers hopefully reject this in future.
Note modern windows servers support signed or encrypted offload,
see MS-SMB2 2.2.3.1.6 SMB2_RDMA_TRANSFORM_CAPABILITIES, but we don't
support that yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Long Li <longli@microsoft.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
We should have the logic to decide if we want rdma offload
in a single spot in order to advance it in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Long Li <longli@microsoft.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
This will simplify the following changes and makes it easy to get
in passed in from the caller in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Long Li <longli@microsoft.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Just have @skip set to 0 after first iterations of the two nested
loops.
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Make sure to get an up-to-date TCP_Server_Info::nr_targets value prior
to waiting the server to be reconnected in smb2_reconnect(). It is
set in cifs_tcp_ses_needs_reconnect() and protected by
TCP_Server_Info::srv_lock.
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
The options that are displayed for the smb3.1.1/cifs client
in "make menuconfig" are confusing because some of them are
not indented making them not appear to be related to cifs.ko
Fix that by adding an if/endif (similar to what ceph and 9pm did)
if fs/cifs/Kconfig
Suggested-by: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
There were various outdated or missing things in fs/cifs/Kconfig
e.g. mention of support for insecure NTLM which has been removed,
and lack of mention of some important features. This also shortens
it slightly, and fixes some confusing text (e.g. the SMB1 POSIX
extensions option).
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Acked-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
In the smb2_get_aead_req() the skip variable is used only for
the very first iteration of the two nested loops, which means
it's basically in invariant to those loops. Hence, instead of
using conditional on each iteration, unconditionally assign
the 'skip' variable before the loops and at the end of the
inner loop.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
We store the last updated time for interface list while
parsing the interfaces. This change is to just print that
info in DebugData.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
strtobool() is the same as kstrtobool().
However, the latter is more used within the kernel.
In order to remove strtobool() and slightly simplify kstrtox.h, switch to
the other function name.
While at it, include the corresponding header file (<linux/kstrtox.h>)
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Paulo Alcantara <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Revert the recent change to the MTRR code which aimed to support
SEV-SNP guests on Hyper-V. It cuased a regression on XEN Dom0
kernels.
The underlying issue of MTTR (mis)handling in the x86 code needs some
deeper investigation and is definitely not 6.2 material.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmPxYccTHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYoRESEACXnTGYtTw5JTXBcztuwXFsGuEvKcp4
yj1TF2l/OVjWh4MurjJRch0CSzkVZYOn4ymqR4H9ivjuwQkKxzvsO03+AwuJr8Rf
aDqbDzwf0i6E1NmbSU30GkQYGPFNY5fyEn46ptuzu8Humc4FfHt6IrJ5xgNt2nnr
xzRB0kJrB+EITe07Oh+3mj2YeTHNF7Uk0wQFhhXeLK8Xr2W3w/mmTAEddU42fgTE
GCboRec6a8eTOA+4l3gAINJcERxOBnwKEIWo2NWDWdMrrSfcq1Ig1vvHH10rIXxe
cPIHZY19kIBEvALfKlkzZk13cl6XDhHUnyK5mc9KBi/jZWBK8DF/8reyelW2ymyJ
GneU8HESPlVAv8UvyOc/1jFcolgASfScO3aG/S9twv0RGFUbRHVvk0yhyPJ61rPM
ibva+7PQG70AQc+kmsRBtZnR7zHNtoOYz3ufkKfl+InknkAMByR0DmT7Iw4HouAZ
oZ1WDAgrvg/ld+bIVjyjDnEmPyg50d3COjsGlzMTXeogJTERbIAUwTiC3iRmJksB
evTqKEYYiBbeex9LI8FOHvmLVew1SEvCScXdXX2+SjXdtJoAKO9uoUScju9MWeq5
/bdfudRekNG4z1fQ8Qhs/nBkVsIguT2xoMREqy6D3LRbEXgnCKiy5V1P1XEjlwwJ
ecBpXlRM+lIaBQ==
=nNAW
-----END PGP SIGNATURE-----
Merge tag 'x86-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fix from Thomas Gleixner:
"A single fix for x86.
Revert the recent change to the MTRR code which aimed to support
SEV-SNP guests on Hyper-V. It caused a regression on XEN Dom0 kernels.
The underlying issue of MTTR (mis)handling in the x86 code needs some
deeper investigation and is definitely not 6.2 material"
* tag 'x86-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/mtrr: Revert 90b926e68f50 ("x86/pat: Fix pat_x_mtrr_type() for MTRR disabled case")
Posix-timers armed with a short interval with an ignored signal result
in an unpriviledged DoS. Due to the ignored signal the timer switches
into self rearm mode. This issue had been "fixed" before but a rework of
the alarmtimer code 5 years ago lost that workaround.
There is no real good solution for this issue, which is also worked around
in the core posix-timer code in the same way, but it certainly moved way
up on the ever growing todo list.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmPxYIwTHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYocQ5D/45vfKxvXsF0mCHPpF+Dgx96T3rzpXY
aN/OeKWJ50A7IB5QKdxR3/VdDSuD6/HroFTfKTQIUVzkzAq47r7Ref7a0bgDsNbT
SLTX8oBUA1ALKVew3wGo5qkY317xyGb2WPiSCzfjAZk07MplOzDRC4YYgEfnYAWW
DzmzmkZQaAhKg3JONEB+kOas/E/T1MwTSs2NNJiY0hM6ATFK2+q2b706wjDHWspk
QwjCfUCbrFKSxol+hSQgvQpzV18FmS328xU4Ht4pioflch0dv1/HDrml9OGrCCzs
8hEmCcjxFwM2FXTPIix8/Jn4S8ppZwYQCi10bBjjF+0N9s897s/4dom88EbfwjfB
4YpE62SI8VZIyK0JauSuRcCAfnN7BwfgL9UpS3MEgHq4K+fnydZOItBYI3Rg4JY/
hAKizX5VzBSAq/iUFC9+DFKjonOz3cCvY5xoPLPfCXukykbYfOCz1BiBqrTP7n1z
/qWgDm+YvEyYNmoEqPjD5kktpHAvwGiMl6dmJJOUxaV6KNXWremykvI491oZK7fI
P3eWMPhJwJV7ukjUF6Wc5ylwupsakf+x802MF03rgmajXtzxnnFATotb/21g9SSD
/FYfdjS85CRArvYKuN59Yty8iMbjX4T1tRBaKgLYjpOdqgA6H6T3vmI+ShKS/FAM
T92uQTZMpVm7+w==
=s5VW
-----END PGP SIGNATURE-----
Merge tag 'timers-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Thomas Gleixner:
"A fix for a long standing issue in the alarmtimer code.
Posix-timers armed with a short interval with an ignored signal result
in an unpriviledged DoS. Due to the ignored signal the timer switches
into self rearm mode. This issue had been "fixed" before but a rework
of the alarmtimer code 5 years ago lost that workaround.
There is no real good solution for this issue, which is also worked
around in the core posix-timer code in the same way, but it certainly
moved way up on the ever growing todo list"
* tag 'timers-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
alarmtimer: Prevent starvation by small intervals and SIG_IGN
The addition of the new alloc/free interfaces in this cycle forgot to
add stub functions for pci_msix_alloc_irq_at() and pci_msix_free_irq()
for the CONFIG_PCI_MSI=n case
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmPxXRETHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYoWlnEADHqkzKsDVO0kW89dgfRzUYvvkQ3RX3
sebtAIOUg3Fay1e60ZiqJmmRrWwmRANNig62RwQczvBd/I95fMJd+pAS+SUS8ppS
HVJvd75UEcAzsKspJAIEPz2mTbV0XUooA1+/XWY/G2/tKhQ5RMvSpW/Z4Esaf9pO
9r2qO1QlldVHCMxToW2l8PiGxPfBTDjQswyRiEkYH6HNgSgev/FCNRARCTBDuVN7
61+xBWD7zxCmN4BhZTWvXgkis9If16YXZ7LkYMHlQ4qNIMWIeV9qyvJFFeFJClJC
LY3AAeq3TtZ1ok7bFabJGzQRpwKjXAkpcDNp+p/prydtkV0Sh9GA15D/WD7LXk37
XvtrxJFET4X1qJ9aNfM+KPZdwdLqYaYYyc0YHKcNSWH82q0BTuNS8zEGziVIfWGi
G/0W5/1n2nQcJv+Qn/M5eEzvlJWthCVYJdfZF9QQU/zs1oZhlAo82FR6Ie6A+SHi
ibPotuCcieOYLPnkDsXXznO8UNPknuPhAJqcCpoogGzgWNvX1Ory9SEdURlUXgEZ
bDI2rnllJw8SUH9BdnjIq+Wr5zGVfydIpmWsSaFXjck5lfiDUkSIJSxcgOKLaoQX
MfvWuSNifAQr4cvZs4eoi5N4Vi4lINSKGO1yR8/DrVvuZ4BEgdk1CL4E0+2aXkxI
1WRB1d1fcMnXjA==
=YGgx
-----END PGP SIGNATURE-----
Merge tag 'irq-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fix from Thomas Gleixner:
"A single build fix for the PCI/MSI infrastructure.
The addition of the new alloc/free interfaces in this cycle forgot to
add stub functions for pci_msix_alloc_irq_at() and pci_msix_free_irq()
for the CONFIG_PCI_MSI=n case"
* tag 'irq-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
PCI/MSI: Provide missing stubs for CONFIG_PCI_MSI=n
* zero all padding for KVM_GET_DEBUGREGS
* fix rST warning
* disable vPMU support on hybrid CPUs
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmPw5PsUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroNqaAf6A0zjrdY1KjSyvrcHr0NV6lUfU+Ye
lc5xrtAJDuO7kERgnqFGPeg3a72tA4a9tlFrTdqqQIrAxnvVn4JNP5gtD7UxfpOn
PELO7JUbG3/CV2oErTugH02n3lKN/pLSISAClFkO7uAL5sJEM2pXH+ws1CZ7F7kN
FbPdnmvzi7tnTpv3oJ+gVl2l0HZYTnH4DydFGo68O3lP+oFgRXznkF5rpMxAe6oK
93fvSWGabVCft278sSVq5XpYfKQSJb5j8KjB8L4qqAlRh0ZJA5haDZWQyaaJvNY0
oefFj9XYPpA08l8VqZ2ti5vE4b6e+o2/oTg3Nwf/5DrQxJiYOGTHKoA/NA==
=H68L
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm/x86 fixes from Paolo Bonzini:
- zero all padding for KVM_GET_DEBUGREGS
- fix rST warning
- disable vPMU support on hybrid CPUs
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
perf/x86: Refuse to export capabilities for hybrid PMUs
KVM: x86/pmu: Disable vPMU support on hybrid CPUs (host PMUs)
Documentation/hw-vuln: Fix rST warning
- Fix 'perf' regression for non-standard CPU PMU hardware (i.e. Apple M1)
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmPvVyAQHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNEwzCACuxJI7xVvcjLktrcmdajkNH+j8Owvrpfq+
8Uja4ykbNJr9BIsZFcI9b7Y2vH7k4+noYDozPKvBgKlSYJVyUUsK2QoJNLzPflc2
RJDPjaM8KrBBE5OTgR5Pvbda+QJ2x5GQGmI1IZv//KVnRUoLTOAje9th4Yza+/oV
5y4THZjHlCeHpsfaVWNiVPqoodQw7Su++kXLABgBZrnRuBwg1lHUQp60cLdTx3lE
M4xgvB9MD1+QDFOgtP97AzegT7F251QFnr3JuBj9gtARX8qv2v/REBG/DRsgcPAm
piJ8pXaVuNf1rkznRlhiCtI5hhP+OIyySugDxzisBDUXfZ8AJOsv
=4A3e
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 regression fix from Will Deacon:
"Apologies for the _extremely_ late pull request here, but we had a
'perf' (i.e. CPU PMU) regression on the Apple M1 reported on Wednesday
[1] which was introduced by bd2756811766 ("perf: Rewrite core context
handling") during the merge window.
Mark and I looked into this and noticed an additional problem caused
by the same patch, where the 'CHAIN' event (used to combine two
adjacent 32-bit counters into a single 64-bit counter) was not being
filtered correctly. Mark posted a series on Thursday [2] which
addresses both of these regressions and I queued it the same day.
The changes are small, self-contained and have been confirmed to fix
the original regression.
Summary:
- Fix 'perf' regression for non-standard CPU PMU hardware (i.e. Apple
M1)"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: perf: reject CHAIN events at creation time
arm_pmu: fix event CPU filtering
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPv7+wQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpgkvD/95SElddH7D5GhwNlAjl+HiNjBg1Oaa+BiC
6QMXz7x0/r+JG5xhzEC/w8Cxaghi841YyPDKHe+oE3Sy8yeA2bfFlJpHl7kwIcJZ
WhHa5IutOftXdeY+DMiJGwKZOGuBDla4ca9fpK4SOF7NdTrLFQL46mvawNq/WGTE
qQlXH3e9d7htfUq0AR5ZnnZ/nl2mBE1jRCajhTk29PT3Nje2Bo9lL6Kga2CysX4g
Zflc5aXX3KsyfxAx0kEkrjkZJ8ukqKyR7yh+bp+fu2pgpbwI9STFVvopv7r4MH1f
Y+2W1bCiwK/KneKNObbpzLGVRMfG5qv8z+pR6fpW4FRu0E5ZYDBE8JCG1dqg00K3
dfGydR27FFtt9YWMmiHaIWD6rZnCwHDoZnV0LLiAJ/i+kvJkGvT8fL7435+kiEVX
7u4lfce7GPuG2JErB7BnE+sG7J2dr+CuG/o7y7hTh+eKjWk+yTP6vn7QHka1Uj7X
LesTUEh2Y2tic4hXh//jKM4KCJk5xMJ1TDJadg1RNmD3sGvNnu5IItzyQ3rV1ZyJ
jqdppWxVUb+kRSRQEu/icN/rq4/f4jvPSV4DWb9NrzwCex3uzrMKW1j0oP9cMvQ0
KYhq0i6iWjzbCSSkJckHFiPt6hgicEuQlIl0zxYxoYpVWJmjmqG8QrPDbLQtz8P8
GViQGoiJ8w==
=/7xW
-----END PGP SIGNATURE-----
Merge tag 'block-6.2-2023-02-17' of git://git.kernel.dk/linux
Pull block fix from Jens Axboe:
"I guess this is what can happen when you prep things early for going
away, something else comes in last minute. This one fixes another
regression in 6.2 for NVMe, from this release, and hence we should
probably get it submitted for 6.2.
Still waiting for the original reporter (see bugzilla linked in the
commit) to test this, but Keith managed to setup and recreate the
issue and tested the patch that way"
* tag 'block-6.2-2023-02-17' of git://git.kernel.dk/linux:
nvme-pci: refresh visible attrs for cmb attributes
MAINTAINERS update.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY/AK0AAKCRDdBJ7gKXxA
jg4SAQCw/Udkt+UgtFzQ+oXg8FAw3ivrniGnOwaMfDDbiVz3KgD+Mkvnw6nb7PMT
G9iFA5ZRBISCv0ahXxnNrxbtmcFcewQ=
=fFg9
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2023-02-17-15-16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"Six hotfixes. Five are cc:stable: four for MM, one for nilfs2.
Also a MAINTAINERS update"
* tag 'mm-hotfixes-stable-2023-02-17-15-16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
nilfs2: fix underflow in second superblock position calculations
hugetlb: check for undefined shift on 32 bit architectures
mm/migrate: fix wrongly apply write bit after mkdirty on sparc64
MAINTAINERS: update FPU EMULATOR web page
mm/MADV_COLLAPSE: set EAGAIN on unexpected page refcount
mm/filemap: fix page end in filemap_get_read_batch
Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the second
superblock, underflows when the argument device size is less than 4096
bytes. Therefore, when using this macro, it is necessary to check in
advance that the device size is not less than a lower limit, or at least
that underflow does not occur.
The current nilfs2 implementation lacks this check, causing out-of-bound
block access when mounting devices smaller than 4096 bytes:
I/O error, dev loop0, sector 36028797018963960 op 0x0:(READ) flags 0x0
phys_seg 1 prio class 2
NILFS (loop0): unable to read secondary superblock (blocksize = 1024)
In addition, when trying to resize the filesystem to a size below 4096
bytes, this underflow occurs in nilfs_resize_fs(), passing a huge number
of segments to nilfs_sufile_resize(), corrupting parameters such as the
number of segments in superblocks. This causes excessive loop iterations
in nilfs_sufile_resize() during a subsequent resize ioctl, causing
semaphore ns_segctor_sem to block for a long time and hang the writer
thread:
INFO: task segctord:5067 blocked for more than 143 seconds.
Not tainted 6.2.0-rc8-syzkaller-00015-gf6feea56f66d #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:segctord state:D stack:23456 pid:5067 ppid:2
flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5293 [inline]
__schedule+0x1409/0x43f0 kernel/sched/core.c:6606
schedule+0xc3/0x190 kernel/sched/core.c:6682
rwsem_down_write_slowpath+0xfcf/0x14a0 kernel/locking/rwsem.c:1190
nilfs_transaction_lock+0x25c/0x4f0 fs/nilfs2/segment.c:357
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2486 [inline]
nilfs_segctor_thread+0x52f/0x1140 fs/nilfs2/segment.c:2570
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
...
Call Trace:
<TASK>
folio_mark_accessed+0x51c/0xf00 mm/swap.c:515
__nilfs_get_page_block fs/nilfs2/page.c:42 [inline]
nilfs_grab_buffer+0x3d3/0x540 fs/nilfs2/page.c:61
nilfs_mdt_submit_block+0xd7/0x8f0 fs/nilfs2/mdt.c:121
nilfs_mdt_read_block+0xeb/0x430 fs/nilfs2/mdt.c:176
nilfs_mdt_get_block+0x12d/0xbb0 fs/nilfs2/mdt.c:251
nilfs_sufile_get_segment_usage_block fs/nilfs2/sufile.c:92 [inline]
nilfs_sufile_truncate_range fs/nilfs2/sufile.c:679 [inline]
nilfs_sufile_resize+0x7a3/0x12b0 fs/nilfs2/sufile.c:777
nilfs_resize_fs+0x20c/0xed0 fs/nilfs2/super.c:422
nilfs_ioctl_resize fs/nilfs2/ioctl.c:1033 [inline]
nilfs_ioctl+0x137c/0x2440 fs/nilfs2/ioctl.c:1301
...
This fixes these issues by inserting appropriate minimum device size
checks or anti-underflow checks, depending on where the macro is used.
Link: https://lkml.kernel.org/r/0000000000004e1dfa05f4a48e6b@google.com
Link: https://lkml.kernel.org/r/20230214224043.24141-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: <syzbot+f0c4082ce5ebebdac63b@syzkaller.appspotmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Users can specify the hugetlb page size in the mmap, shmget and
memfd_create system calls. This is done by using 6 bits within the flags
argument to encode the base-2 logarithm of the desired page size. The
routine hstate_sizelog() uses the log2 value to find the corresponding
hugetlb hstate structure. Converting the log2 value (page_size_log) to
potential hugetlb page size is the simple statement:
1UL << page_size_log
Because only 6 bits are used for page_size_log, the left shift can not be
greater than 63. This is fine on 64 bit architectures where a long is 64
bits. However, if a value greater than 31 is passed on a 32 bit
architecture (where long is 32 bits) the shift will result in undefined
behavior. This was generally not an issue as the result of the undefined
shift had to exactly match hugetlb page size to proceed.
Recent improvements in runtime checking have resulted in this undefined
behavior throwing errors such as reported below.
Fix by comparing page_size_log to BITS_PER_LONG before doing shift.
Link: https://lkml.kernel.org/r/20230216013542.138708-1-mike.kravetz@oracle.com
Link: https://lore.kernel.org/lkml/CA+G9fYuei_Tr-vN9GS7SfFyU1y9hNysnf=PB7kT0=yv4MiPgVg@mail.gmail.com/
Fixes: 42d7395feb56 ("mm: support more pagesizes for MAP_HUGETLB/SHM_HUGETLB")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reviewed-by: Jesper Juhl <jesperjuhl76@gmail.com>
Acked-by: Muchun Song <songmuchun@bytedance.com>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: Anders Roxell <anders.roxell@linaro.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Sasha Levin <sashal@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Nick Bowler reported another sparc64 breakage after the young/dirty
persistent work for page migration (per "Link:" below). That's after a
similar report [2].
It turns out page migration was overlooked, and it wasn't failing before
because page migration was not enabled in the initial report test
environment.
David proposed another way [2] to fix this from sparc64 side, but that
patch didn't land somehow. Neither did I check whether there's any other
arch that has similar issues.
Let's fix it for now as simple as moving the write bit handling to be
after dirty, like what we did before.
Note: this is based on mm-unstable, because the breakage was since 6.1 and
we're at a very late stage of 6.2 (-rc8), so I assume for this specific
case we should target this at 6.3.
[1] https://lore.kernel.org/all/20221021160603.GA23307@u164.east.ru/
[2] https://lore.kernel.org/all/20221212130213.136267-1-david@redhat.com/
Link: https://lkml.kernel.org/r/20230216153059.256739-1-peterx@redhat.com
Fixes: 2e3468778dbe ("mm: remember young/dirty bit for page migrations")
Link: https://lore.kernel.org/all/CADyTPExpEqaJiMGoV+Z6xVgL50ZoMJg49B10LcZ=8eg19u34BA@mail.gmail.com/
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: Nick Bowler <nbowler@draconx.ca>
Acked-by: David Hildenbrand <david@redhat.com>
Tested-by: Nick Bowler <nbowler@draconx.ca>
Cc: <regressions@lists.linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
- Prevent fallthrough to hash TLB flush when using radix.
Thanks to: Benjamin Gray, "Erhard F.".
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmPv/QYTHG1wZUBlbGxl
cm1hbi5pZC5hdQAKCRBR6+o8yOGlgDbsEACu3yb1hmIwSxYsJxZMRv2Fnq99Iq/G
Mo8AbnIeWNsVD1ecNIRPfORUDZLh4n6qZ7TpPyPdAMzjBydircZnXbyrExwbrL4O
6io+3rbEGIp91rqORELHVaQtk/md+0v3jL91qd+8icVljvKp2iAbBTtc/vfmPH4m
9sSV2H4dhCXTOyxxvzAMkK41danWMymg57HmynskX7ZL41tuGTK0ILObxkBB2dOi
/NtJUJOUSX/sJRNEvZiy68N37U8u+3vKvwZxoeo/GZEmDkFZ2NSVtB7uHXulvIp1
DYVXllQb6WqejjyilqkKiZRkBkqhPjsJ40BzwnE6D5LYd3w5rE6kgqnOM4VKcrxZ
KFHjnkOHCt+2rj3XqyjpVp8hvOHer3Mq5R1IpDPNkKYUVP95HA7lGuG/O6uZfaAe
Z8sT+kAYkabrcgNkclsmzTI94RCP8TFOp8zZJj1qWgdyF7nH9oHkS+5pWG6P/CNZ
sUf523lQdE+jwoiM8R/iY6mxdmw0ZaQ0SCKNfgupU+63QUuAJVg0i/caVXsvl7Ra
qEaaZoZiddqFAwY6LYBvbFRZFZhH7irFnpIS3V3A5ZDmopAbO0HIw3Huue84NTrZ
CaycTrL+Cqbf7IGjHooiQcv6g1yUhVBQIRyYWFSr04DOm0L279Pe1Z+JJ7ZR5tcD
p20ZU0/HDsv6rQ==
=RpCo
-----END PGP SIGNATURE-----
Merge tag 'powerpc-6.2-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fix from Michael Ellerman:
- Prevent fallthrough to hash TLB flush when using radix
Thanks to Benjamin Gray and Erhard Furtner.
* tag 'powerpc-6.2-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/64s: Prevent fallthrough to hash TLB flush when using radix
Bugfix:
- Revert "NFSv4.2: Change the default KConfig value for READ_PLUS"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAmPvincACgkQZwvnipYK
APLiRQ//a3o1piP65mXrxrNHmom9UcafiLPuxaJeP2hFCLXjxhiXDPoRq+ot06dr
r26p4bpcABwCy5R3Kx4KHXC5eFUeKOLiJrSM3oFgTcCIZ3etOBsoKuu5JB9SdOpH
AB/vjDEXyqvG55q+HJRW780m1hufzj06lyatG1RBllsYDXhEOeo2eDqfVRUrgX8u
iWJZDDalIMZWlQWJiT3BRm/UGmyA/b6xueusiZotBLmWzaVvVvdiFaM6KKfur6+E
8lA67g4tFGZr2kfvMLt7CXVnldQysNIH25+wur5XcfDCk4346DhSVgDq9bd2x+8O
vmYaOdZ/29dN5mQ0T94jGiTui+r4OUee7gL8XJ1ESpwPSagh2xMvgA7JA/Scx7oh
D8H+VoW4UBm7PNUX22iysZfYfQds3Cm3lohr3d6X0a0ZLewYifdUuITE9RoUO4Ne
D3pmI0uFgvZK4V/Flg8hV8Ns7CApSjHUqcWb4uTGqG76IgWMtGuQGtVYU0XEYDVy
qxJMw+d0RGie0kzyFabZML9iKq/iwj4cYcjr2Ky8xJ0VeRDYL7cx/4dGYjrwEZh7
SEYVs2WjqSjEfnvwMjS5zVt30m7dzMMIp0YoYHv7GJ8P/hqMnaNIZo483JinqHGh
gj7pfsFyt5gF56iiXOqsJZR3soPQfWnonb4IddOVDv5z82//Ea4=
=9nSH
-----END PGP SIGNATURE-----
Merge tag 'nfs-for-6.2-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client fix from Trond Myklebust:
"Unfortunately, we found another bug in the NFSv4.2 READ_PLUS code.
Since it has not been possible to fix the bug in time for the 6.2
release, let's just revert the Kconfig change that enables it:
- Revert 'NFSv4.2: Change the default KConfig value for READ_PLUS'"
* tag 'nfs-for-6.2-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
Revert "NFSv4.2: Change the default KConfig value for READ_PLUS"
A few last-minute fixes. The significant ones are two ASoC SOF
regression fixes while the rest are trivial HD-audio quirks.
All are small / one-liners and should be pretty safe to take.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmPvPD0OHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/Fng/9FvLr3xCkoT8RP5HujOaDUXA22aOA+x1MBert
AWf11XFT7bp9QwLNq2J/QnZxQHVwyLoJhXCEM/9zqvQvObs7cYkVQmAFA3wwdmFg
trdjjhc9jjGZhz8n0bNlEF2D6lnXRGnpsC+CmjRL7+qLNE2k9wfhRfAMC2lO2DmO
hWJtlbz4Ojzas3SrJlnthELdHFoOhW8VeRbm7LI03qjf/bVUy/95bfcVQ9M7odFy
HOey4HcMHbbo2FK6GDH86EF6jV+HCjZlJmYXzByX3Z9q4INd6oLR80f0+FbUsn5f
2BA4IoxBswxkXwK7puvdHjfg/IrOYSpAx1s1hlcX2HsGbwOvSbXncziTsJ8fwUDK
Yu+UcvVPO0tmykVu82XbQ0FTGNKf0d8d6dPtjiG5y+jXDDp61Obb8uJOLTFQ641q
VlxbRFT3bL0ex7V2KShbQktY7AUycUmx0/BT24rm2RXeGb9ITXUegLr3Vkza0rEQ
8AUjEBeZeBOjg8q54TI3VgXUKfQoDB1qn60V9zYC+F+UPhe57tPo28hsuNfDKUqA
+UwxfOV4uTZzmx0ZcdEJ3t53bAsWQvetZeAel/u/dHpzHGrYMcEjfPCp0griaHsa
7bMV1AefozNlbZCyapRlqsncalK+KmYUdw6nyFkgwq285SSScdzFe5/ZDkhRuwqV
kdWGCvU=
=paSd
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A few last-minute fixes. The significant ones are two ASoC SOF
regression fixes while the rest are trivial HD-audio quirks.
All are small / one-liners and should be pretty safe to take"
* tag 'sound-fix-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops
ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform.
ALSA: hda/realtek - fixed wrong gpio assigned
ALSA: hda: Fix codec device field initializan
ALSA: hda/conexant: add a new hda codec SN6180
ASoC: SOF: ops: refine parameters order in function snd_sof_dsp_update8
- fix a memory leak in gpio-sim
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmPvcCoACgkQEacuoBRx
13L7wxAApoDFqkv7nCfjiJXiwrWCFRSEKMIUHlmlDY26SximPgrJX3lPyp5S0l8Q
Q658t3WryWJVO2xg9ZDwm1Kg5wHeDIIifrSZVGkeZBpBJuYZg85zI8FkfqwImK/i
h+EoB/EXPVYmEB3xY8/0sivpcsRoaPx3GyaD5jgT7yRbl89lx9+hXaeyafdJZsOj
Iw4PzSigiWkwUjh5LsN94wpTlV9XtWwc38q5nJRVXtDD1HP9dPdgADcYeVk3ZlL+
vaanN7dAf8lytBBEVCDLD1iw9MBmdbTmnIN/rkNjs+XfO84hQu0LYmUf4FMp1CU5
9++RRUEELJTviqX8P93hMCP1w+1NOh15ROSgJTqpYurYspuayRHTGPTd2OsBjE6U
sdmmjMgpVxn28jevnK9MsDWd3iRLfD1EqNGCrd1SNsHPUDJVPfuK85KophopypZW
9uD0S0ZPaBY4r05ZojUxsUIp8XML9gWYfmWXKpVcQhiH8GjhCtcv+bxoal+KR8Rc
T5Afe4tiFL77m2q6K/MRufnsjPrxFepYNnuT/vV6/eH+dVm/98SF0BIY1Z1nnYB3
lPoCQnGq3N1ENfjvD+a89mgrjNmVS86X7liU4+/6lUiSfbCxaklc8H3gLW9zhK+f
4K+sx1ho+Munj4BgtmGBC7wsfcLA7fBua9F1hyk3Z8zM/O2zrdE=
=Wdym
-----END PGP SIGNATURE-----
Merge tag 'gpio-fixes-for-v6.2-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fix from Bartosz Golaszewski:
- fix a memory leak in gpio-sim that was triggered every time libgpiod
tests are run in user-space
* tag 'gpio-fixes-for-v6.2-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpio: sim: fix a memory leak
Three small fixes for 6.2 final:
* Disable READ LOG DMA EXT for Samsung MZ7LH drives as these drives
choke on that command, from Patrick.
* Add Intel Tiger Lake UP{3,4} to the list of supported AHCI
controllers (this is not technically a bug fix, but it is trivial
enough that I add it here), from SImon.
* Fix code comments in the pata_octeon_cf driver as incorrect
formatting was causing warnings from kernel-doc, from Randy.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY+9ZvwAKCRDdoc3SxdoY
dtNIAQCTDJCUVZViAEIf/ntjAJSyjCw7SCkinOKHPpC40QpQ8wD/eRsuq4LfZY6H
rrFfRxuO7hgviGUTFuAbP7mNMMI05gw=
=lvfh
-----END PGP SIGNATURE-----
Merge tag 'ata-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ata fixes from Damien Le Moal:
"Three small fixes for 6.2 final:
- Disable READ LOG DMA EXT for Samsung MZ7LH drives as these drives
choke on that command, from Patrick.
- Add Intel Tiger Lake UP{3,4} to the list of supported AHCI
controllers (this is not technically a bug fix, but it is trivial
enough that I add it here), from Simon.
- Fix code comments in the pata_octeon_cf driver as incorrect
formatting was causing warnings from kernel-doc, from Randy"
* tag 'ata-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
ata: pata_octeon_cf: drop kernel-doc notation
ata: ahci: Add Tiger Lake UP{3,4} AHCI controller
ata: libata-core: Disable READ LOG DMA EXT for Samsung MZ7LH
- Fix potential resource leaks in SDIO card detection error path
MMC host:
- jz4740: Decrease maximum clock rate to workaround bug on JZ4760(B)
- meson-gx: Fix SDIO support to get some WiFi modules to work again
- mmc_spi: Fix error handling in ->probe()
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmPvV6gXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCm4lRAAjfO/NyxKKOOsrPpmupYu6tBb
gmRXF7Sl83L/b54d+V0aEdpUJP9iSiqW1VtOpzIiSgKvZkh3xpBzaJAwd0mdnpkW
YqMC3lZ9iOCNu8X3wAsiIqp2fuW0btNTDQWSljtLY2atvU9nfYRFWuOQoR8AIjSR
rCG235JggR93bfrEhb8mF+7EBIQa8awBBX4u20RA9LS5DyneD2qfExIOsG7Fz+T/
sjSdodwDBePMjrn1sXFVgzA/cCv5p2Xet5Mt2Qnl9Vl7GT0RwAKEXjwkn/7JDg3i
9SPknokyKZio3KJFa+bF3gS5S6bOABz1GUclZ5lGSKTR3lgpi4eZQ/I+r8uDRKaj
sAdm2ICCIdTgqTg983+zhBrQ2Zn1gV2gvDPSaQFs2fpi709tNZXOmIL4j2FcD3do
2kRLN3aJHGNPRcHGi3mu5BHjL9Bxq/6Z0CFyGgf+RserkZ3otOa8avV3Gpn/ovix
lU7sw1cZKBBDN0UXELI/7YKtNGMPpxJRkRGykCWDKyLPp/FyxL7E44HnRphxgWOV
gWU7TS773RcXEr3Porx+lPC1wDm31srszuZrAzIBGJIUUSqnJpdt3y89yVsDhzZW
05mvVCdWGOG2XSSQId4Aj1RiRemCu8oTd6+l/+k179mA8ezBUaXb9Mt6anvqvrop
oucJVLZGeDi4YnbNw3E=
=hNCw
-----END PGP SIGNATURE-----
Merge tag 'mmc-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
"MMC core:
- Fix potential resource leaks in SDIO card detection error path
MMC host:
- jz4740: Decrease maximum clock rate to workaround bug on JZ4760(B)
- meson-gx: Fix SDIO support to get some WiFi modules to work again
- mmc_spi: Fix error handling in ->probe()"
* tag 'mmc-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: jz4740: Work around bug on JZ4760(B)
mmc: mmc_spi: fix error handling in mmc_spi_probe()
mmc: sdio: fix possible resource leaks in some error paths
mmc: meson-gx: fix SDIO mode if cap_sdio_irq isn't set
This reverts commit 7fd461c47c6cfab4ca4d003790ec276209e52978.
Unfortunately, it has come to our attention that there is still a bug
somewhere in the READ_PLUS code that can result in nfsroot systems on
ARM to crash during boot.
Let's do the right thing and revert this change so we don't break
people's nfsroot setups.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO
hog structures never being freed.
Fixes: cb8c474e79be ("gpio: sim: new testing module")
Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
One more fix from Peter which he'd very much like to get into
v6.2.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmPu3mMACgkQJNaLcl1U
h9Dcjwf/bTYPzsIoWJEdVXLHww5l6Jt6hLb5uhWfjw8+dnN+MwQ5iPsZ6b+jSdfD
q3mPI+t06wH5WIN6EfDeznHHH9xpOOKQKttHQpFxjlCW++sbfZ1W7HGA8COe2ye9
Sulu9uRkxQfAGrzD21JyZ4RHdfRzceYb30Fzv/0YJmutqwy/NSSBE5IeSDd6M2nu
Tz/GwXMnDj3QXhUxiQYGvjiMqWQ+5x3FpKX5G0yxMElVLho6XOkDB5Evq8W0vJPL
GRXh83z4+8izHZ32FMtPMDLkUccB5zggOKLNdv/jtttj02vEcLcIHE0RhXseTB9g
JBwExuMuWfFAQtKPyai2sS5q3OhAWA==
=Wxr1
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v6.2-rc8-2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: One more fix for v6.2
One more fix from Peter which he'd very much like to get into
v6.2.
The sysfs group containing the cmb attributes is registered before the
driver knows if they need to be visible or not. Update the group when
cmb attributes are known to exist so the visibility setting is correct.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217037
Fixes: 86adbf0cdb9ec65 ("nvme: simplify transport specific device attribute handling")
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
drm:
- dynamic debug disable for now
fbdev:
- deferred i/o device close fix
amdgpu:
- Fix GC11.x suspend warning
- Fix display warning
vc4:
- YUV planes fix
- hdmi display fix
- crtc reduced blanking fix
ast:
- fix start address computation
vmwgfx:
- fix bo/handle races
i915:
- gen11 WA fix
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmPu4vMACgkQDHTzWXnE
hr5+eg/+LcMV6Mkc2pAWc/M9vjuViXgP6GlkUgqa5qD8oiB54ifyCYHjNYXt3LdQ
/s6xxfmD+9UitHAoCmt+j5LL0UYdLh3JGUP8y8FWEsPCigx3gPIInlrU92Y53hs7
9NsO7hGl7/5WJZngt7GO2fr4DG+Di0nZ5PUMYihk2EFl3OpeuhKmoz1Gw6HRDGvj
Alydm40SYFfVA0/RqdqybNJg9fFqLO/7NaK42KaFXpgL6uAnL6lHcmxgMXfHNeQD
0QCp6dxQSF1xbrrEgnS63QxObWDcBk8FeMGjLijQR0eoCg5FJrYXcQ7Vk7zgma/c
iCQyhd9xx7tdWd3rIf6kuBDKfKl7xFSNflgvjjWc4TwD9WfQuZXNkozO1GuZAPms
vsmF4Yj+GIsaKAyvUEr5u9S/zcPJ9s50Bn2QRTLyeKkYUoE7StukMvVqgAxqlJO5
ljrUbzl/EbRFMj/oGFQXi5hpemj2jyzsi5W9vsOgWMTw/gv2QIKIqjDjUVnhZ9Rf
14THVTILfQ6fTPUp5bq+yR5N9QIjr/qrmN/1BZHNTx9ZGMo0cMf7r4EmtPvy0gLi
EvdY2MrVPOVyFTWoE7ivY1RXHuh54LObw18uCsEaXRWWVxEEV0RfcpNvK3ukC1az
WhaXa2B5gTLWYBHSViexaRuKbQScAgLPDidj8KZhKsPpLTN1cKE=
=Dii1
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2023-02-17' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Just a final collection of misc fixes, the biggest disables the
recently added dynamic debugging support, it has a regression that
needs some bigger fixes.
Otherwise a bunch of fixes across the board, vc4, amdgpu and vmwgfx
mostly, with some smaller i915 and ast fixes.
drm:
- dynamic debug disable for now
fbdev:
- deferred i/o device close fix
amdgpu:
- Fix GC11.x suspend warning
- Fix display warning
vc4:
- YUV planes fix
- hdmi display fix
- crtc reduced blanking fix
ast:
- fix start address computation
vmwgfx:
- fix bo/handle races
i915:
- gen11 WA fix"
* tag 'drm-fixes-2023-02-17' of git://anongit.freedesktop.org/drm/drm:
drm/amd/display: Fail atomic_check early on normalize_zpos error
drm/amd/amdgpu: fix warning during suspend
drm/vmwgfx: Do not drop the reference to the handle too soon
drm/vmwgfx: Stop accessing buffer objects which failed init
drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
drm: Disable dynamic debug as broken
drm/ast: Fix start address computation
fbdev: Fix invalid page access after closing deferred I/O devices
drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking
drm/vc4: hdmi: Always enable GCP with AVMUTE cleared
drm/vc4: Fix YUV plane handling when planes are in different buffers
The web page entry for the FPU EMULATOR no longer works. I notified Bill
of this and he asked me to update it to this new entry.
Link: https://lkml.kernel.org/r/20230214170208.17287-1-rdunlap@infradead.org
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Bill Metzenthen <billm@melbpc.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
During collapse, in a few places we check to see if a given small page has
any unaccounted references. If the refcount on the page doesn't match our
expectations, it must be there is an unknown user concurrently interested
in the page, and so it's not safe to move the contents elsewhere.
However, the unaccounted pins are likely an ephemeral state.
In this situation, MADV_COLLAPSE returns -EINVAL when it should return
-EAGAIN. This could cause userspace to conclude that the syscall
failed, when it in fact could succeed by retrying.
Link: https://lkml.kernel.org/r/20230125015738.912924-1-zokeefe@google.com
Fixes: 7d8faaf15545 ("mm/madvise: introduce MADV_COLLAPSE sync hugepage collapse")
Signed-off-by: Zach O'Keefe <zokeefe@google.com>
Reported-by: Hugh Dickins <hughd@google.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
