Commit Graph

1311261 Commits

Author SHA1 Message Date
Paul Aurich
128630e1db smb: cached directories can be more than root file handle
Update this log message since cached fids may represent things other
than the root of a mount.

Fixes: e4029e0726 ("cifs: find and use the dentry for cached non-root directories also")
Signed-off-by: Paul Aurich <paul@darkrain42.org>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-11-21 10:41:35 -06:00
Paulo Alcantara
343d7fe6df smb: client: fix use-after-free of signing key
Customers have reported use-after-free in @ses->auth_key.response with
SMB2.1 + sign mounts which occurs due to following race:

task A                         task B
cifs_mount()
 dfs_mount_share()
  get_session()
   cifs_mount_get_session()    cifs_send_recv()
    cifs_get_smb_ses()          compound_send_recv()
     cifs_setup_session()        smb2_setup_request()
      kfree_sensitive()           smb2_calc_signature()
                                   crypto_shash_setkey() *UAF*

Fix this by ensuring that we have a valid @ses->auth_key.response by
checking whether @ses->ses_status is SES_GOOD or SES_EXITING with
@ses->ses_lock held.  After commit 24a9799aa8 ("smb: client: fix UAF
in smb2_reconnect_server()"), we made sure to call ->logoff() only
when @ses was known to be good (e.g. valid ->auth_key.response), so
it's safe to access signing key when @ses->ses_status == SES_EXITING.

Cc: stable@vger.kernel.org
Reported-by: Jay Shin <jaeshin@redhat.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-11-17 22:20:54 -06:00
Thorsten Blum
7460bf4416 smb: client: Use str_yes_no() helper function
Remove hard-coded strings by using the str_yes_no() helper function.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-11-17 22:20:54 -06:00
Kees Cook
f69b0187f8 smb: client: memcpy() with surrounding object base address
Like commit f1f047bd7c ("smb: client: Fix -Wstringop-overflow issues"),
adjust the memcpy() destination address to be based off the surrounding
object rather than based off the 4-byte "Protocol" member. This avoids a
build-time warning when compiling under CONFIG_FORTIFY_SOURCE with GCC 15:

In function 'fortify_memcpy_chk',
    inlined from 'CIFSSMBSetPathInfo' at ../fs/smb/client/cifssmb.c:5358:2:
../include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
  571 |                         __write_overflow_field(p_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Kees Cook <kees@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-11-17 22:20:54 -06:00
Dr. David Alan Gilbert
6c9903c330 cifs: Remove pre-historic unused CIFSSMBCopy
CIFSSMBCopy() is unused, remove it.

It seems to have been that way pre-git; looking in a historic
archive, I think it landed around May 2004 in Linus'
BKrev: 40ab7591J_OgkpHW-qhzZukvAUAw9g
and was unused back then.

Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Acked-by: Tom Talpey <tom@talpey.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-11-17 22:20:54 -06:00
Linus Torvalds
adc218676e Linux 6.12 2024-11-17 14:15:08 -08:00
Linus Torvalds
f66d6acccb - Make sure a kdump kernel with CONFIG_IMA_KEXEC enabled and booted on an AMD
SME enabled hardware properly decrypts the ima_kexec buffer information
   passed to it from the previous kernel
 
 - Fix building the kernel with Clang where a non-TLS definition of the stack
   protector guard cookie leads to bogus code generation
 
 - Clear a wrongly advertised virtualized VMLOAD/VMSAVE feature flag on some
   Zen4 client systems as those insns are not supported on client
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmc54zkACgkQEsHwGGHe
 VUplzw//d1ysRrT+YNFwQrvGUc6mjP3dtOo2NCBxKhgvC2OKzDlj8ZIx20Yn97At
 pboOPbewV+cCSd7PXo9ymNsJMjFD0NAyKasRaHhUEGU6/AvQ2EwwN7d6q444HFso
 eIFLak17zha1VhSyu0ozZJSWjUbebwBcI2I3Re5VzJXGzBybw2nLM/PPQn94tsAQ
 w6ag0Ol+VbIPd/EdMOcRI1VXeFl44V5kiAYNvCunBvpTae9i/pC/k7iHW6tWDJUu
 Ud0hpIsq/Rn9Bj2oG/ovz1CvlcEryhL23HpQFyj/C1Gwl3fjpSqWUDm8U366VIVV
 I0EFSpYpH7CD9ArL37R6ziaCH1yojMcrXZSu1kjtc9rPFoqmcxOBkW0dVidWwKv4
 3hFVrWMkFm/qMW+SPss7ZX48z87bnAwplQpgF/sFBeHJSXr909ne3nOdPAS8Hp4t
 5VMGQkXWQCWGgRNxAqpU8pZaPKsvuFvJIJg6B6JcDe/qSv3i78geg64lT2WNhs2m
 AGH/E+ERF3X5jaPn/2oRXc6o9Kfmoy0+QLE4UvLVGunhE8ZNK0Zg3097Dn7N1flR
 ayhAt6otgeksiRpskfCtnxlfZoWIwnS0ueVkb0qJDS+1PWlMkk48cvxwpikEn6rD
 ebCllm8dBysnxgyf+Mf2rKsDbsnrICT7olPr1MTuEUHwf6Uqs5Q=
 =5i7R
 -----END PGP SIGNATURE-----

Merge tag 'x86_urgent_for_v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

 - Make sure a kdump kernel with CONFIG_IMA_KEXEC enabled and booted on
   an AMD SME enabled hardware properly decrypts the ima_kexec buffer
   information passed to it from the previous kernel

 - Fix building the kernel with Clang where a non-TLS definition of the
   stack protector guard cookie leads to bogus code generation

 - Clear a wrongly advertised virtualized VMLOAD/VMSAVE feature flag on
   some Zen4 client systems as those insns are not supported on client

* tag 'x86_urgent_for_v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
  x86/stackprotector: Work around strict Clang TLS symbol requirements
  x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
2024-11-17 09:35:51 -08:00
Linus Torvalds
4a5df37964 10 hotfixes, 7 of which are cc:stable. All singletons, please see the
changelogs for details.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZzkr6AAKCRDdBJ7gKXxA
 jsb2AP9HCOI4w9rQTmBdnaefXytS7fiiPq+LVNpjJ0NGXX2FSgD/e1NM0wi8KevQ
 npcvlqTcXtRSJvYNF904aTNyDn+Kuw0=
 =KFGY
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2024-11-16-15-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull hotfixes from Andrew Morton:
 "10 hotfixes, 7 of which are cc:stable. All singletons, please see the
  changelogs for details"

* tag 'mm-hotfixes-stable-2024-11-16-15-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  mm: revert "mm: shmem: fix data-race in shmem_getattr()"
  ocfs2: uncache inode which has failed entering the group
  mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
  mm, doc: update read_ahead_kb for MADV_HUGEPAGE
  fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()
  sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
  crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32
  mm/mremap: fix address wraparound in move_page_tables()
  tools/mm: fix compile error
  mm, swap: fix allocation and scanning race with swapoff
2024-11-16 16:00:38 -08:00
Andrew Morton
d1aa0c0429 mm: revert "mm: shmem: fix data-race in shmem_getattr()"
Revert d949d1d14f ("mm: shmem: fix data-race in shmem_getattr()") as
suggested by Chuck [1].  It is causing deadlocks when accessing tmpfs over
NFS.

As Hugh commented, "added just to silence a syzbot sanitizer splat: added
where there has never been any practical problem".

Link: https://lkml.kernel.org/r/ZzdxKF39VEmXSSyN@tissot.1015granger.net [1]
Fixes: d949d1d14f ("mm: shmem: fix data-race in shmem_getattr()")
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Jeongjun Park <aha310510@gmail.com>
Cc: Yu Zhao <yuzhao@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-16 15:30:32 -08:00
Linus Torvalds
b84eeed05a ARM fixes for v6.12
- Fix kernel mapping for XIP kernels
 - Fix SMP support for XIP kernels
 - Fix complication corner case with CFI
 - Fix a typo in nommu code
 - Fix cacheflush syscall when PAN is enabled on LPAE platforms
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuNNh8scc2k/wOAE+9OeQG+StrGQFAmc5F/UACgkQ9OeQG+St
 rGQBRg/+P9YMx0MZTV8y5B92yAzOk28QW303f8PWzoTXMiQ1nhMFUhk/TFMaeSxs
 6CJfQ+W5S+N9X1hG8XAlBPZruX5GWKXScS1By4J/sBwTXmIomnkeL6SwQRULF63v
 C/dcFWd9avKo2XnZIhQ8mduczR17MoagXxq6kpLvgaLJ6C/b6XJQ+SwqtuGXuJtz
 NpPrU0hSLOZdfGHQC6jyIhWObgNEX+Li8EZorynOAYiy90sYUgpffAsL/qWUV+cM
 VF/cK+BYkvShxChj6rvcv7vlbGBUaV2DhRIdXe4AxD2hkX3cUmLG+10YQ7pq/gb0
 722w7ZsBRXXFnlKle3vPzf4upWdMJEQ1SM3z6nYcZ8JTK9rGIxvAlt4PhFc6iw/v
 2AF3WSXhbdRg1+6kK5Q/fsga40BtXbL/3pS/5Q57MZfrmF/0PYVdFRvKJQuRVvxC
 +FiWTDKuR7yTSK9/5hx+2W6WDjuDvoFeMBo4n9GyqdajIpi13dUminE/KdCTuz57
 OefDS7SGfUlnWj6JAUbF+hg0/Loij5KldZbmQDWLeU2/LTx3UMUMNZ6RLATQ33tT
 +aMnrxwEd2qPXNhlC/hAz/PR5tt14w2jlEK+1x4S5siW6vi4+8F6KfcycZFzkVHI
 gqRNhG//mmpnCzK7FU5q0Od0GrM1zpYhhnAXm92QPP4zJp1R0s8=
 =yhjm
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux

Pull ARM fixes from Russell King:

 - Fix kernel mapping for XIP kernels

 - Fix SMP support for XIP kernels

 - Fix complication corner case with CFI

 - Fix a typo in nommu code

 - Fix cacheflush syscall when PAN is enabled on LPAE platforms

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux:
  ARM: fix cacheflush with PAN
  ARM: 9435/1: ARM/nommu: Fix typo "absence"
  ARM: 9434/1: cfi: Fix compilation corner case
  ARM: 9420/1: smp: Fix SMP for xip kernels
  ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels
2024-11-16 15:14:39 -08:00
Linus Torvalds
e06bc45bef drm/amdgpu regression fix for 6.12-rc8
amdgpu:
 - revert patch to fix swsmu regression
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmc5GYcACgkQDHTzWXnE
 hr4YmQ//elGWAiHa8X126Mx74bALJMcAApzfLclVguyqSuNGvTiGqMnc0eM2c/JA
 InhVUzH+OZfrVA0/XJCrrsVa6urRGW9vDGUZlWwwSdWagJ0bKtYRMX0++ptIplwJ
 eDWMludS1vwfDlwFNpt4egkLAc69hJRUWIejL1bQP5SN9BfluCAlRz8Pe4L9ROER
 uzQzPr02cgR2jbGHbZ6Z5A+1Jz01Q3CVcn6HFqIOUbEkH9rZotIlyIH9OnX3w0DL
 JEckIFIs9nTRCvfyJpLtPkCZW0MEFFO0xxIB1saSTpHcZjPdZ7EUxAvVcBo+mg+5
 ezteYl/LWh1nWJYvScGn4fQ7P7Otv910oucChU5f0XjzzgJIhYdS8qTuFiByUgKs
 8r+EqSUtF/zqzy/pvYDIxeBzkQYITRji4UtTx1TGD3rUH5gYMWvOpjzpt0IneXIv
 m0Diq5+2ZLQGXT4wsvbB4swqNY9lmAktD66dGTPNKG5UrMKXzWMaehpdA5lrF13e
 2MXpFNhxi6LZK5+urdAQn8OTjmmxijI7B73nfPQwpHpIC8ObMi0IqMNM8sr1LLBr
 opu6692z9C3zIfxvJDJsAbe/O89i+DOVVr1TCRxPGucqxs2UwGlBMp0LzrJ13kBi
 gqMdRS0lQW17w0ntuBqH224QiXfAayLstMTY1o76tzV2aaTVDuo=
 =gFiR
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2024-11-17' of https://gitlab.freedesktop.org/drm/kernel

Pull drm fix from Dave Airlie:
 "Alex sent on a last minute revert for a amdgpu/swsmu regression:

   - revert patch to fix swsmu regression"

* tag 'drm-fixes-2024-11-17' of https://gitlab.freedesktop.org/drm/kernel:
  Revert "drm/amd/pm: correct the workload setting"
2024-11-16 15:09:14 -08:00
Dave Airlie
f48ab0a39f amd-drm-fixes-6.12-2024-11-16:
amdgpu:
 - Revert a swsmu patch to fix a regression
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZzivywAKCRC93/aFa7yZ
 2DjYAQD507C9yHfjLWMrpqQIQsnMK5XRobiq8Fdqcu6iDkS8aQEAjM6a7pCIkjpE
 Q3vlFgcJcEGUrynDL7T+jVOIXLn8FAM=
 =bM6j
 -----END PGP SIGNATURE-----

Merge tag 'amd-drm-fixes-6.12-2024-11-16' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-6.12-2024-11-16:

amdgpu:
- Revert a swsmu patch to fix a regression

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241116145320.2507156-1-alexander.deucher@amd.com
2024-11-17 08:12:48 +10:00
Linus Torvalds
b5a24181e4 Ring buffer fixes for 6.12:
- Revert: "ring-buffer: Do not have boot mapped buffers hook to CPU hotplug"
 
   A crash that happened on cpu hotplug was actually caused by the incorrect
   ref counting that was fixed by commit 2cf9733891 ("ring-buffer: Fix
   refcount setting of boot mapped buffers"). The removal of calling cpu
   hotplug callbacks on memory mapped buffers was not an issue even though
   the tests at the time pointed toward it. But in fact, there's a check in
   that code that tests to see if the buffers are already allocated or not,
   and will not allocate them again if they are. Not calling the cpu hotplug
   callbacks ended up not initializing the non boot CPU buffers.
 
   Simply remove that change.
 
 - Clear all CPU buffers when starting tracing in a boot mapped buffer
 
   To properly process events from a previous boot, the address space needs to
   be accounted for due to KASLR and the events in the buffer are updated
   accordingly when read. This also requires that when the buffer has tracing
   enabled again in the current boot that the buffers are reset so that events
   from the previous boot do not interact with the events of the current boot
   and cause confusing due to not having the proper meta data.
 
   It was found that if a CPU is taken offline, that its per CPU buffer is not
   reset when tracing starts. This allows for events to be from both the
   previous boot and the current boot to be in the buffer at the same time.
   Clear all CPU buffers when tracing is started in a boot mapped buffer.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZzdr5hQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qq3gAQDsqNNld3D3wW72VMJ52d9zdBXFUdrV
 hbszve+PSj/wuAD/TeCp0BcI8Az+G7/enMXnlEugLo3XKLr/YvPQ3nlb8QA=
 =VR4z
 -----END PGP SIGNATURE-----

Merge tag 'trace-ringbuffer-v6.12-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull ring buffer fixes from Steven Rostedt:

 - Revert: "ring-buffer: Do not have boot mapped buffers hook to CPU
   hotplug"

   A crash that happened on cpu hotplug was actually caused by the
   incorrect ref counting that was fixed by commit 2cf9733891
   ("ring-buffer: Fix refcount setting of boot mapped buffers"). The
   removal of calling cpu hotplug callbacks on memory mapped buffers was
   not an issue even though the tests at the time pointed toward it. But
   in fact, there's a check in that code that tests to see if the
   buffers are already allocated or not, and will not allocate them
   again if they are. Not calling the cpu hotplug callbacks ended up not
   initializing the non boot CPU buffers.

   Simply remove that change.

 - Clear all CPU buffers when starting tracing in a boot mapped buffer

   To properly process events from a previous boot, the address space
   needs to be accounted for due to KASLR and the events in the buffer
   are updated accordingly when read. This also requires that when the
   buffer has tracing enabled again in the current boot that the buffers
   are reset so that events from the previous boot do not interact with
   the events of the current boot and cause confusing due to not having
   the proper meta data.

   It was found that if a CPU is taken offline, that its per CPU buffer
   is not reset when tracing starts. This allows for events to be from
   both the previous boot and the current boot to be in the buffer at
   the same time. Clear all CPU buffers when tracing is started in a
   boot mapped buffer.

* tag 'trace-ringbuffer-v6.12-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  tracing/ring-buffer: Clear all memory mapped CPU ring buffers on first recording
  Revert: "ring-buffer: Do not have boot mapped buffers hook to CPU hotplug"
2024-11-16 08:12:43 -08:00
Alex Deucher
44f392fbf6 Revert "drm/amd/pm: correct the workload setting"
This reverts commit 74e1006430.

This causes a regression in the workload selection.
A more extensive fix is being worked on.
For now, revert.

Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3618
Fixes: 74e1006430 ("drm/amd/pm: correct the workload setting")
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2024-11-16 09:41:11 -05:00
Linus Torvalds
e8bdb3c8be A Single RISC-V Fix for 6.12-rc8
* A fix for the CPU perf driver that avoids leaking CPU ID references on
   systems without snapshot support.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmc3avsTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiZUOD/44STXrS9mFLeBsizeEB8pX7GKoJ2FT
 Tcctcm4Or2sFeS22WNljtxHH8ozMPrhd++GogAJ91yO46WUzmjJ01skIKZFHkB+S
 VNFqwzJ+rm5l2NNCyhzO+xLxVrwWPWqY3E1rK5ta3UpaEqkBOOgW8zNHvvppOA9d
 tU/7yFVF/O8wZ8cXakGQCMNe4bZc8ZOM+rUTpBZLb3fne+BvUr+uanNkB9Py8Nl5
 PBD1OhFCg9M4wZ5MCw3yFS2/D2LCSGHVOYI8H71wcZvcqOA0qGll+LSVugMh4ZWN
 HX81lx8XY+nC8xz3OvwjnPZvQwyW/HU8jq+EaJEycH3axAscdZmXsi8pWGn8H0Ho
 WKeJbbNnmm9pfxJvhqdic0ghmAaX3uHWQLd+MriQjMbsOcA0+5XMHuEfaZuLDZ2o
 dZa9uvqdXIchHr1vg/gxrZvJueMfaChCuWMt+sEmQ4C+YlWBo1TMXKxHzVzb27nJ
 EdsAsxKRzzzUkaOdXL5LNTjlO5Xtt7BzF4k5g2GuwyYACPqbQZpzQUJLfPf+0ZgR
 s34eQSWeyuxxZMzK224hZDemQcX5bSXBR7nRo+aLsyJq75SJ5NBd4BsW2Ei6GN/P
 WItbkly3uAa/MrDv7X/Jj+ZVZVTRzk7y3mmZZLkORoAtJab8/0tNaLULk/p8X6qH
 zGyh6UY8C0DHZg==
 =nXVF
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fix from Palmer Dabbelt:

 - A fix for the CPU perf driver that avoids leaking CPU ID references
   on systems without snapshot support.

* tag 'riscv-for-linus-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  drivers: perf: Fix wrong put_cpu() placement
2024-11-15 11:44:32 -08:00
Linus Torvalds
f868cd2517 drm fixes for 6.12-rc8
amdgpu:
 - PSR fix
 - Panel replay fixes
 - DML fix
 - vblank power fix
 - Fix video caps
 - SMU 14.0 fix
 - GPUVM fix
 - MES 12 fix
 - APU carve out fix
 - DC vbios fix
 - NBIO fix
 
 i915:
 - Don't load GSC on ARL-H and ARL-U if too old FW
 - Avoid potential OOPS in enabling/disabling TV output
 
 xe:
 - Fix unlock on exec ioctl error path
 - Fix hibernation on LNL due to ggtt getting lost
 - Fix missing runtime PM in OA release
 
 bridge:
 - tc358768: Fix DSI command tx
 
 nouveau:
 - Fix GSP AUX error handling
 - dp: Handle retires for AUX CH transfers with GSP
 - fw: Sync DMA after setup
 
 panthor:
 - Fix partial BO mappings to GPU
 
 rockchip:
 - vop: Avoid null-ptr deref in plane-state check
 
 vmwgfx:
 - Avoid null-ptr deref in surface creation
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmc3lU8ACgkQDHTzWXnE
 hr4u+Q/9GalCWjR6gCAgM2Rbm3h4M0FdkU0rDoVs1O5lFd6EPlTCAUFskVhmmgR7
 oRYu04Q5MO/nT9CWx3mpGAh28FRTJEI6sVZG2fOcCuEyyZ7GSa6MKvDSq/IrVRU/
 j05M4pFOHGH0z7sa8tDhYcgfP24W5cT+j5COjb9OW2ULd+I+Hf6sPA+h1ziDbZZA
 NsD+VENemt1KVRzCiNe330IImG/LaGjz304T8G991i5oJLFsOpFRuaMJo7mKOEHg
 BJAH/F8PZA6uzWtr3WIF4x8jZGTWftr0aHtfzIM716cTaMQfkKnr/15iQDkAEstI
 E4U6IZspPZ8+OPe7BBTPznd+JHhZi+V33kZt1cQWaM3bcTeQwEtEngYzNKEpDrjB
 gajl7rZZcaE1bLtDxkxT6E6HMNCSaaUlQ+kxoBJnlaGp2CsceuWPPyb6SXimn2Kh
 99bXI5tXLP/VYTN3rX6nctElyJbGF1wxlp8SPoVBL2+TS2DDZm4JEjJsljS7p2YX
 x+lxhcDp8xNd0IYyuWjxht5qAJdUdinX5E2X27gGdac3051vYw6VE4Xd/fzTqV1h
 kK0qbrhZjMWQU/2vngFaXReb3h8H0qct9hUM69012EKIlgLQR2NYfEuSkdSaQi7V
 aMh+9D45puhsUAhWZQa07tnB+Z59KytRNInmP4i7U2PF3CLZSlw=
 =6Ltb
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2024-11-16' of https://gitlab.freedesktop.org/drm/kernel

Pull drm fixes from Dave Airlie:
 "Final week of fixes, lots of small amdgpu fixes, some i915 and xe
  fixes, the nouveau changes fix a recent regression and some laptop
  panel black screens, then a couple of other misc ones.

  It's probably a little busier than I'd like, but each fix seems fine.

  amdgpu:
   - PSR fix
   - Panel replay fixes
   - DML fix
   - vblank power fix
   - Fix video caps
   - SMU 14.0 fix
   - GPUVM fix
   - MES 12 fix
   - APU carve out fix
   - DC vbios fix
   - NBIO fix

  i915:
   - Don't load GSC on ARL-H and ARL-U if too old FW
   - Avoid potential OOPS in enabling/disabling TV output

  xe:
   - Fix unlock on exec ioctl error path
   - Fix hibernation on LNL due to ggtt getting lost
   - Fix missing runtime PM in OA release

  bridge:
   - tc358768: Fix DSI command tx

  nouveau:
   - Fix GSP AUX error handling
   - dp: Handle retires for AUX CH transfers with GSP
   - fw: Sync DMA after setup

  panthor:
   - Fix partial BO mappings to GPU

  rockchip:
   - vop: Avoid null-ptr deref in plane-state check

  vmwgfx:
   - Avoid null-ptr deref in surface creation"

* tag 'drm-fixes-2024-11-16' of https://gitlab.freedesktop.org/drm/kernel: (27 commits)
  drm/bridge: tc358768: Fix DSI command tx
  drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
  nouveau/dp: handle retries for AUX CH transfers with GSP.
  nouveau: handle EBUSY and EAGAIN for GSP aux errors.
  nouveau: fw: sync dma after setup is called.
  drm/xe/oa: Fix "Missing outer runtime PM protection" warning
  drm/xe: handle flat ccs during hibernation on igpu
  drm/xe: improve hibernation on igpu
  drm/xe: Restore system memory GGTT mappings
  drm/xe: Ensure all locks released in exec IOCTL
  drm/panthor: Fix handling of partial GPU mapping of BOs
  drm/amd: Fix initialization mistake for NBIO 7.7.0
  Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
  drm/amd/display: Fix failure to read vram info due to static BP_RESULT
  drm/amdgpu: enable GTT fallback handling for dGPUs only
  drm/i915: Grab intel_display from the encoder to avoid potential oopsies
  drm/i915/gsc: ARL-H and ARL-U need a newer GSC FW.
  drm/amdgpu/mes12: correct kiq unmap latency
  drm/amdgpu: fix check in gmc_v9_0_get_vm_pte()
  drm/amd/pm: print pp_dpm_mclk in ascending order on SMU v14.0.0
  ...
2024-11-15 10:53:42 -08:00
Linus Torvalds
f539573284 RDMA v6.12 third rc pull
- Revert a change to the VLAN logic, this broke previously work ROCE
   configurations
 
 - Fix a memory leak on error unwinding in bnxt_re
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCZzdj8AAKCRCFwuHvBreF
 YcsYAQCEv9kx5iw+Z0hoAyUw4a8nXZN75FMQZuQqJNfQAdhexgD+MorBq4RgZgD8
 EIHxQPMyK0S9dlS12J55yVDu72dZ8gg=
 =H/X8
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:

 - Revert a change to the VLAN logic, this broke previously working ROCE
   configurations

 - Fix a memory leak on error unwinding in bnxt_re

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan"
  RDMA/bnxt_re: Remove some dead code
  RDMA/bnxt_re: Fix some error handling paths in bnxt_re_probe()
2024-11-15 10:48:28 -08:00
Dave Airlie
21c1c6c7d7 Driver Changes:
- Fix unlock on exec ioctl error path (Matthew Brost)
 - Fix hibernation on LNL due to ggtt getting lost
   (Matthew Brost / Matthew Auld)
 - Fix missing runtime PM in OA release (Ashutosh)
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE6rM8lpABPHM5FqyDm6KlpjDL6lMFAmc2jg4ZHGx1Y2FzLmRl
 bWFyY2hpQGludGVsLmNvbQAKCRCboqWmMMvqU/gxD/4xKW6qHJe3S9UwfIR7CPtw
 myrcxfwHG5ryzZsmGh6mwaFxYdGQ4ibdWAKZGF0NrZUsKig+8ADRRE7PoOyyZDV9
 0uZ8lOIMPfMPZ8tHvQHbu7l/8LGXcV/R27ts7Rr9vGr2Ox8/5NTGtzykhUDb2xiO
 qZS4BPF/uuis9MLJRwoAiI2vwrUfFg16To+1NX3rmtBvzbH4DdY9l7QQV5B+22Rc
 UDQVRAUTXl3ER7TtwwVsHzuctsWJb/5H+1vM6QNIltWWTXPBA8qVC9092SwIWOoF
 7c4Ap440V8AHyjjnzSM0N2rO86L6Mo5QY04gv4y7dywKHT+JW95QNWKPizJJeIHd
 to62AQdlVDCLQqc4jEpIPEorF5wP/qw8Polwa4eTlsGpGMoUkcRVEXO8JA8Rd7Rt
 EtHWb+ZFproBYtAvrCUyUMlmaviLK+eMsEaNlt+uQqQP3ZAfPvcItcxtSXn3Jsfw
 47v/jvP3OddZgOmPHqo1jfZBqACfKt1trqSg2YYOwfGLaZ+KhgZz7rw8n5WKSmyK
 XEa5y9stffM/3g9PIvroVQc/INAhS++WhXnGRZ/fcxQrFrKQ7sFMXFUs1OUbgv7j
 GUVZ4V/BGJy/o58bblSla/NSwiX2bHB4d8grS5rtKMMNe9PxgG3ldn8YG4cFADmP
 NnR/YsBOf1mjvfdiUUMmxQ==
 =VWVg
 -----END PGP SIGNATURE-----

Merge tag 'drm-xe-fixes-2024-11-14' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes

Driver Changes:
- Fix unlock on exec ioctl error path (Matthew Brost)
- Fix hibernation on LNL due to ggtt getting lost
  (Matthew Brost / Matthew Auld)
- Fix missing runtime PM in OA release (Ashutosh)

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/5ntcf2ssmmvo5dsf2mdcee4guwwmpbm3xrlufgt2pdfmznzjo3@62ygo3bxkock
2024-11-16 04:31:54 +10:00
Linus Torvalds
1b597e1cf0 pmdomain core:
- Add GENPD_FLAG_DEV_NAME_FW flag to generate unique names
 
 pmdomain providers:
  - arm: Use FLAG_DEV_NAME_FW to ensure unique names
  - imx93-blk-ctrl: Fix the remove path
 
 arm_scmi/qcom-cpucp:
  - Report duplicate OPPs as firmware bugs for arm_scmi
  - Skip OPP duplicates for arm_scmi
  - Mark the qcom-cpucp mailbox irq with IRQF_NO_SUSPEND flag
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmc3I+wXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCmsYw/+PphbBhA6Tu1SjSwpkxx0QNBr
 isc0DSwRG+iVfnwpeBB9lS5yLNwltbe8goZAVZYcFUdrCPs+OX5HZimFklAAufFh
 X/S5Ge3MyXwiRjwwyz04wMl8SF2W4P90cLC9w8hB85dJ0/lhgTLCbi//eHXHQKkq
 hzsVpusO4t+wa2HoTjdq6rqlSKW2NdUyZxrCWLDWaXrbqnBL0yJRs1rn2034w/qi
 RannE36bm8YUTBgyiayViEGWC73VUtxB07oSn8Qq9dYzwjIUqVpqoBBQiJL4VCFR
 /147/40rcq7T7B8qp9/3S82EV9vX26VAa/gUDDosb/RoB9XbBtx04QPBaHPiVitf
 6kjqn6vD+F+jap+u7i0Q4PMvdfmSUfVeqbEx5ED3rpAbzfBazgyO4e3JAGFZOvqj
 M6YP8i6mSmTOUZbkuF1dwmD9DtuoySaWzTrwUFluu8VMykTo/F8GqkeZXPIKg9CO
 H+OXq81+btVOwXZ/HFRQPNVXY8Q7gQIQAsLoAW8QqXxzFJ8ovYHs0voT4KPXeWzu
 56dWATJ6uh6P+zjIbWDDsg9m/tXhH5CGoRpn33OkhIBYnsSnoTDF6h4mVGr4K6Zn
 W+uPS+Xg6nbXxaZHomJG3dDSpRWUA1FNVwiLZbnbvEBi5aU7FwdZNc8MCV6h5DOw
 zaOeRa1zHz8F2K4l8z0=
 =pPcz
 -----END PGP SIGNATURE-----

Merge tag 'pmdomain-v6.12-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm

Pull pmdomain fixes from Ulf Hansson:
 "pmdomain core:
   - Add GENPD_FLAG_DEV_NAME_FW flag to generate unique names

  pmdomain providers:
   - arm: Use FLAG_DEV_NAME_FW to ensure unique names
   - imx93-blk-ctrl: Fix the remove path

  arm_scmi/qcom-cpucp:
   - Report duplicate OPPs as firmware bugs for arm_scmi
   - Skip OPP duplicates for arm_scmi
   - Mark the qcom-cpucp mailbox irq with IRQF_NO_SUSPEND flag"

* tag 'pmdomain-v6.12-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
  mailbox: qcom-cpucp: Mark the irq with IRQF_NO_SUSPEND flag
  firmware: arm_scmi: Report duplicate opps as firmware bugs
  firmware: arm_scmi: Skip opp duplicates
  pmdomain: imx93-blk-ctrl: correct remove path
  pmdomain: arm: Use FLAG_DEV_NAME_FW to ensure unique names
  pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag
2024-11-15 10:20:17 -08:00
Linus Torvalds
aa35f5446f MMC host:
- dw_mmc: Revert fix for IDMAC operation with pages bigger than 4K
  - sunxi-mmc: Fix A100 compatible description
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmc3GvwXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCknhw/6ArBr62dUObrZ0NgDcqm56hwa
 NgS0iwinhDZ3h8hM2xgumQ+IDcTAFNxMbcxgmjXPZ38vP9WRy1Una0iRUQrpH8g5
 vxFvA0oThQ+2jH54CFvyIcb6QCvKfNGfVsgkmDZKc/uIZc3TfLHdZzbwLT8EXsSv
 6lLyFXaQVJD2rFYfGXHqDGOwsSLrRea4Vi6g+lqg/SVoxUQsaH0/h5oKHHcUn3ud
 asuCB34loeLuXiLmduFEBjeCaIABq/ISzTS4IP5lf7hhzEeaMA1QF2YWQMun/LrU
 XnfGXjU2jTYY85b4hrFBr5+dBlyAmUuKVhYY0/HBhTKtRLJunxzNto28JZgmYX9z
 DaEBOkobP13fPoUOKje09pnE3V8sRgAVkanz/fIS+rNe1RR2UI2OdDJWCRn1Ee0O
 3ougZrqNvW1RokszqHlCKdAZiZNnEuS3IFlDpNK4Qg3eLSULQjRJie7eFBhqxe/n
 odsoAyPrg/qaN4QNMa4ta7qdqrw9Fma5R6ijuCGnY2CGF/9XyMYx1mpTZX5ZZlFN
 mMdTvr+EQQuj9FimA16Zo4JefHviDE9/aSuSsxsUxwGrMRVi+hOlswvU3/gjxFzl
 A265luWomDfmeRUf5rfbjTEMr6m2a4VP+zghA0OkaXwro3/r3HT/R9EMRPIDM+wD
 jw2IWfOqZcHpOWdK2D4=
 =bXBC
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v6.12-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC host fixes from Ulf Hansson:

 - dw_mmc: Revert fix for IDMAC operation with pages bigger than 4K

 - sunxi-mmc: Fix A100 compatible description

* tag 'mmc-v6.12-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
  mmc: sunxi-mmc: Fix A100 compatible description
2024-11-15 10:16:12 -08:00
Linus Torvalds
eeae5ef6bf sound fixes for 6.12
A few last-minute fixes.  All changes are device-specific small
 fixes that should be pretty safe to apply.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmc2IUEOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE/vqhAA0m5OhLPRJU3O4t8LVlaJKzRm8mS39jJ7bnpP
 I116NxZTtyS840CJbb5/731XCrS8IRz1RlqY6Ex9Y7kAnCK05h9R+vEw6RSH13rJ
 XZgaAzK4qssx0x9Y/kd62x+/cRTLKPQHFtpJYzc2GYAZqrEovH4VHZxXfwtOd9HY
 fVCXt2Bv7tzT3ZP9/3rq8QMEM4c+al3voB9EnIsL/4YMBLSkO17hFi8NlLjGiBCz
 6shh1y/3JeBqVq/pj4E6xvy5ba+GUJI5h/oxxqaEF0u7AwaZbg+p6GF+yZJSybP2
 Ry3y6lpU8gN51ZN5B6HVdgDkTLJoWTqFPgAu4purywmpJ0NAF/T7cE/uizNOdX3F
 4l3PTwll+4MFMmKTA1MElVYTlVj/ogOm1DbeZfovtwJoQEs0xP3DJS0TVFdZtKGr
 nISdQHyZ23mV/8UHq6eHKQjM4sK3BFJQJptCT9vYp3H7k6bPdntCG8dJLGTnZTCW
 nPmDRfvh8hh95kYXHfPdtP52btoG/Kd5L5104ta9tfqRgsbze0mawxFph3qUyHEn
 cpjq/XOgzt2prFlaZGBHMw46/62XlQ1lEZ8hSrdi9bRIZiSibeGr4FncRqBJBlTI
 iahMBlxPEEt1D8wglc3YAQIFPR0dvfEjpm6uSCtu2Il+DS1V6J1SjfFhsL2At3PT
 Ee5ero8=
 =Erlm
 -----END PGP SIGNATURE-----

Merge tag 'sound-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A few last-minute fixes. All changes are device-specific small fixes
  that should be pretty safe to apply"

* tag 'sound-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318
  ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10
  ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
  ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
  ASoC: max9768: Fix event generation for playback mute
  ASoC: intel: sof_sdw: add quirk for Dell SKU
  ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
2024-11-15 10:09:38 -08:00
Linus Torvalds
842c7e5834 This push fixes a regression in the MIPS CRC32C code.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmccju4ACgkQxycdCkmx
 i6db/BAAyqJ3joT62295GBRcgFMn+nZe/1Tq4jkFAj7saoCzFRn70SWu0nq3Zaed
 xaQNl5BePD57ySUtsGm80qTISxOSE3zJ3c1S2vSisO6pjryMGuUFI1nPynD5sFz8
 O+GMQB85qtZMOQZUtNQ6kt3gugGdoIvdgM0D/mG4qhRa5H6EeagV7rL+h89AAQ1M
 c+ggOxpX2RKFFNsw+7xBjlIEMnYtl+Qq5ifgp5wUGetbQwUhWBF9lwBm7OV06Dp5
 pnwQt2ctw2D12ZFyG25ncHHjf3ZzEuNU75SWyJQT+MuAO+4eSAplAr+MwvOytwqc
 bxeWz5T4qfV3RqFCVJMpTzYrBG6jgUZrvUA1s4NNCXi07YhakZIlKcCql0tGAlkN
 xg2MQxlwp0vmlayzq6PcT0zem8/pr0hvEUGl6FOTq1yCuRnUpre/kAIJY5QdQ/P7
 TJ1KczyOJL56VEYwFEWmIFWKdz/XDmJxehiQVvFHOBA89zxsNv3/+oH6knMXEFXl
 nmRwCDIjtZTv0QORL3h/odULwSxa6cN56+MrooIlrsDBDAajCXAj8lwBatgmI1QT
 sCo1z2GMWQZ2j9R5nfyZRdrwIn8LXMozzRd/cfBkVi7hn7Mp8bz3xDOtK8TFik7l
 iYmekMXH7itafm8yhDstLbk2dmymmk3+Gk41qr83vrAVZXk3YjY=
 =GphV
 -----END PGP SIGNATURE-----

Merge tag 'v6.12-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fix from Herbert Xu:
 "Fix a regression in the MIPS CRC32C code"

* tag 'v6.12-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: mips/crc32 - fix the CRC32C implementation
2024-11-15 10:04:39 -08:00
Linus Torvalds
d79944b094 sched_ext: One more fix for v6.12-rc7
ops.cpu_acquire() was being invoked with the wrong kfunc mask allowing the
 operation to call kfuncs which shouldn't be allowed. Fix it by using
 SCX_KF_REST instead, which is trivial and low risk.
 -----BEGIN PGP SIGNATURE-----
 
 iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCZzamXw4cdGpAa2VybmVs
 Lm9yZwAKCRCxYfJx3gVYGRReAP4/JQ1mKkJv+9nTZkW9OcFFHGVVhrprOUEEFk5j
 pmHwPAD8DTBMMS/BCQOoXDdiB9uU7ut6M8VdsIj1jmJkMja+eQI=
 =942J
 -----END PGP SIGNATURE-----

Merge tag 'sched_ext-for-6.12-rc7-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext

Pull sched_ext fix from Tejun Heo:
 "One more fix for v6.12-rc7

  ops.cpu_acquire() was being invoked with the wrong kfunc mask allowing
  the operation to call kfuncs which shouldn't be allowed. Fix it by
  using SCX_KF_REST instead, which is trivial and low risk"

* tag 'sched_ext-for-6.12-rc7-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext:
  sched_ext: ops.cpu_acquire() should be called with SCX_KF_REST
2024-11-15 09:59:51 -08:00
Linus Torvalds
c9dd4571ad for-6.12-rc7-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmc2aGIACgkQxWXV+ddt
 WDu0AQ/9FLfC/e3X2GjZ0auna/7A/rF8MPoATUdAyHn75Md6Hc8PXpi1YvMph+ba
 pvoufOqrU66/g0UNeacgsp6rF4rKJHg0q9Id+7wueLnDr41g9paXjsLYItq4j26w
 GusDiZvUDwuDmb70vlTXrgAfnjooIdSwqJTlIzJxvl4wrNzOiUlUJtTMzmUrwn/9
 Lf/iByWlGcPKKBc+1ZzFz4HlVOZZSt9YePeJw2/Aul2OMtuI3RTTAL/NtjaFIlYc
 pb+NHVqFrrfgC+xo68hLBmnsBfS41EGR58rYRjEuQo0+hARa8WbxL3DNA/E/Vi5X
 dsq/wQVlD7IVIWCoF9J94/iyDdwlDOGFMoL6FUrJwDtPGN/v/xxtA6ruvuC7k5zy
 bHCR8ZVrJWVaxE7u0Gtl+hFPpDTwNTR7SfvK69gxPfci1cN0m2wCNK02SEUJwV09
 N82N2ENGGwyWS+nOl/ERB+7A0QxViMr3JpUrPzSYqsmn8bwDvovSjK2fFouJoSey
 bpAzbFWj+OS0O9nnRqabTJDM/Tk9O0s0Ye76aUS+Vfk9d5EuVfAg6pHiOBcFDhsK
 UEG9QbPltfh6LPDHCdV93HOOsC0uNxCTCSpbQ9LFGKBICQsPIX/vZeV45fNFJDLX
 j5kEtHFVU3snU+jA97nvYXPRANDnnNx/EzXv7zo0Ye8L+plecBs=
 =ssYj
 -----END PGP SIGNATURE-----

Merge tag 'for-6.12-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fix from David Sterba:
 "One more fix that seems urgent and good to have in 6.12 final.

  It could potentially lead to unexpected transaction aborts, due to
  wrong comparison and order of processing of delayed refs"

* tag 'for-6.12-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix incorrect comparison for delayed refs
2024-11-15 09:45:32 -08:00
Dmitry Antipov
737f341378 ocfs2: uncache inode which has failed entering the group
Syzbot has reported the following BUG:

kernel BUG at fs/ocfs2/uptodate.c:509!
...
Call Trace:
 <TASK>
 ? __die_body+0x5f/0xb0
 ? die+0x9e/0xc0
 ? do_trap+0x15a/0x3a0
 ? ocfs2_set_new_buffer_uptodate+0x145/0x160
 ? do_error_trap+0x1dc/0x2c0
 ? ocfs2_set_new_buffer_uptodate+0x145/0x160
 ? __pfx_do_error_trap+0x10/0x10
 ? handle_invalid_op+0x34/0x40
 ? ocfs2_set_new_buffer_uptodate+0x145/0x160
 ? exc_invalid_op+0x38/0x50
 ? asm_exc_invalid_op+0x1a/0x20
 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160
 ? ocfs2_set_new_buffer_uptodate+0x144/0x160
 ? ocfs2_set_new_buffer_uptodate+0x145/0x160
 ocfs2_group_add+0x39f/0x15a0
 ? __pfx_ocfs2_group_add+0x10/0x10
 ? __pfx_lock_acquire+0x10/0x10
 ? mnt_get_write_access+0x68/0x2b0
 ? __pfx_lock_release+0x10/0x10
 ? rcu_read_lock_any_held+0xb7/0x160
 ? __pfx_rcu_read_lock_any_held+0x10/0x10
 ? smack_log+0x123/0x540
 ? mnt_get_write_access+0x68/0x2b0
 ? mnt_get_write_access+0x68/0x2b0
 ? mnt_get_write_access+0x226/0x2b0
 ocfs2_ioctl+0x65e/0x7d0
 ? __pfx_ocfs2_ioctl+0x10/0x10
 ? smack_file_ioctl+0x29e/0x3a0
 ? __pfx_smack_file_ioctl+0x10/0x10
 ? lockdep_hardirqs_on_prepare+0x43d/0x780
 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
 ? __pfx_ocfs2_ioctl+0x10/0x10
 __se_sys_ioctl+0xfb/0x170
 do_syscall_64+0xf3/0x230
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
...
 </TASK>

When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular
inode in 'ocfs2_verify_group_and_input()', corresponding buffer head
remains cached and subsequent call to the same 'ioctl()' for the same
inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying
to cache the same buffer head of that inode). Fix this by uncaching
the buffer head with 'ocfs2_remove_from_cache()' on error path in
'ocfs2_group_add()'.

Link: https://lkml.kernel.org/r/20241114043844.111847-1-dmantipov@yandex.ru
Fixes: 7909f2bf83 ("[PATCH 2/2] ocfs2: Implement group add for online resize")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reported-by: syzbot+453873f1588c2d75b447@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=453873f1588c2d75b447
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Jinjiang Tu
8ce41b0f9d mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in
alloc_pages_bulk_noprof() when the task is migrated between cpusets.

When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be
&current->mems_allowed.  when first_zones_zonelist() is called to find
preferred_zoneref, the ac->nodemask may be modified concurrently if the
task is migrated between different cpusets.  Assuming we have 2 NUMA Node,
when traversing Node1 in ac->zonelist, the nodemask is 2, and when
traversing Node2 in ac->zonelist, the nodemask is 1.  As a result, the
ac->preferred_zoneref points to NULL zone.

In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a
allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading
to NULL pointer dereference.

__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit
ea57485af8 ("mm, page_alloc: fix check for NULL preferred_zone") and
commit df76cee6bb ("mm, page_alloc: remove redundant checks from alloc
fastpath").

To fix it, check NULL pointer for preferred_zoneref->zone.

Link: https://lkml.kernel.org/r/20241113083235.166798-1-tujinjiang@huawei.com
Fixes: 387ba26fb1 ("mm/page_alloc: add a bulk page allocator")
Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Alexander Lobakin <alobakin@pm.me>
Cc: David Hildenbrand <david@redhat.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Nanyong Sun <sunnanyong@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Yafang Shao
0740e54304 mm, doc: update read_ahead_kb for MADV_HUGEPAGE
MADV_HUGEPAGE is a new addition to readahead with behavior distinct from
normal pages.  To prevent confusion, we should update the documentation
accordingly.

Link: https://lkml.kernel.org/r/20241113150711.1685-1-laoar.shao@gmail.com
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Dan Carpenter
669b0cb81e fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()
The "arg->vec_len" variable is a u64 that comes from the user at the start
of the function.  The "arg->vec_len * sizeof(struct page_region))"
multiplication can lead to integer wrapping.  Use size_mul() to avoid
that.

Also the size_add/mul() functions work on unsigned long so for 32bit
systems we need to ensure that "arg->vec_len" fits in an unsigned long.

Link: https://lkml.kernel.org/r/39d41335-dd4d-48ed-8a7f-402c57d8ea84@stanley.mountain
Fixes: 52526ca7fd ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Andrei Vagin <avagin@google.com>
Cc: Andrii Nakryiko <andrii@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: David Hildenbrand <david@redhat.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Peter Xu <peterx@redhat.com>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Qun-Wei Lin
fd7b4f9f46 sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the
object_is_on_stack() function may produce incorrect results due to the
presence of tags in the obj pointer, while the stack pointer does not have
tags.  This discrepancy can lead to incorrect stack object detection and
subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled.

Example of the warning:

ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364
Modules linked in:
CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4
Hardware name: linux,dummy-virt (DT)
pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __debug_object_init+0x330/0x364
lr : __debug_object_init+0x330/0x364
sp : ffff800082ea7b40
x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534
x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0
x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418
x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000
x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e
x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e
x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800
x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4
x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050
Call trace:
 __debug_object_init+0x330/0x364
 debug_object_init_on_stack+0x30/0x3c
 schedule_hrtimeout_range_clock+0xac/0x26c
 schedule_hrtimeout+0x1c/0x30
 wait_task_inactive+0x1d4/0x25c
 kthread_bind_mask+0x28/0x98
 init_rescuer+0x1e8/0x280
 workqueue_init+0x1a0/0x3cc
 kernel_init_freeable+0x118/0x200
 kernel_init+0x28/0x1f0
 ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.
------------[ cut here ]------------

Link: https://lkml.kernel.org/r/20241113042544.19095-1-qun-wei.lin@mediatek.com
Signed-off-by: Qun-Wei Lin <qun-wei.lin@mediatek.com>
Cc: Andrew Yang <andrew.yang@mediatek.com>
Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Cc: Casper Li <casper.li@mediatek.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Chinwen Chang <chinwen.chang@mediatek.com>
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Shakeel Butt <shakeel.butt@linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Dave Vasilevsky
31daa34315 crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32
Fixes boot failures on 6.9 on PPC_BOOK3S_32 machines using Open Firmware. 
On these machines, the kernel refuses to boot from non-zero
PHYSICAL_START, which occurs when CRASH_DUMP is on.

Since most PPC_BOOK3S_32 machines boot via Open Firmware, it should
default to off for them.  Users booting via some other mechanism can still
turn it on explicitly.

Does not change the default on any other architectures for the
time being.

Link: https://lkml.kernel.org/r/20240917163720.1644584-1-dave@vasilevsky.ca
Fixes: 75bc255a74 ("crash: clean up kdump related config items")
Signed-off-by: Dave Vasilevsky <dave@vasilevsky.ca>
Reported-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Closes: https://lists.debian.org/debian-powerpc/2024/07/msg00001.html
Acked-by: Michael Ellerman <mpe@ellerman.id.au>	[powerpc]
Acked-by: Baoquan He <bhe@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Jann Horn
a4a282daf1 mm/mremap: fix address wraparound in move_page_tables()
On 32-bit platforms, it is possible for the expression `len + old_addr <
old_end` to be false-positive if `len + old_addr` wraps around. 
`old_addr` is the cursor in the old range up to which page table entries
have been moved; so if the operation succeeded, `old_addr` is the *end* of
the old region, and adding `len` to it can wrap.

The overflow causes mremap() to mistakenly believe that PTEs have been
copied; the consequence is that mremap() bails out, but doesn't move the
PTEs back before the new VMA is unmapped, causing anonymous pages in the
region to be lost.  So basically if userspace tries to mremap() a
private-anon region and hits this bug, mremap() will return an error and
the private-anon region's contents appear to have been zeroed.

The idea of this check is that `old_end - len` is the original start
address, and writing the check that way also makes it easier to read; so
fix the check by rearranging the comparison accordingly.

(An alternate fix would be to refactor this function by introducing an
"orig_old_start" variable or such.)


Tested in a VM with a 32-bit X86 kernel; without the patch:

```
user@horn:~/big_mremap$ cat test.c
#define _GNU_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <err.h>
#include <sys/mman.h>

#define ADDR1 ((void*)0x60000000)
#define ADDR2 ((void*)0x10000000)
#define SIZE          0x50000000uL

int main(void) {
  unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE,
      MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0);
  if (p1 == MAP_FAILED)
    err(1, "mmap 1");
  unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE,
      MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0);
  if (p2 == MAP_FAILED)
    err(1, "mmap 2");
  *p1 = 0x41;
  printf("first char is 0x%02hhx\n", *p1);
  unsigned char *p3 = mremap(p1, SIZE, SIZE,
      MREMAP_MAYMOVE|MREMAP_FIXED, p2);
  if (p3 == MAP_FAILED) {
    printf("mremap() failed; first char is 0x%02hhx\n", *p1);
  } else {
    printf("mremap() succeeded; first char is 0x%02hhx\n", *p3);
  }
}
user@horn:~/big_mremap$ gcc -static -o test test.c
user@horn:~/big_mremap$ setarch -R ./test
first char is 0x41
mremap() failed; first char is 0x00
```

With the patch:

```
user@horn:~/big_mremap$ setarch -R ./test
first char is 0x41
mremap() succeeded; first char is 0x41
```

Link: https://lkml.kernel.org/r/20241111-fix-mremap-32bit-wrap-v1-1-61d6be73b722@google.com
Fixes: af8ca1c149 ("mm/mremap: optimize the start addresses in move_page_tables()")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Acked-by: Qi Zheng <zhengqi.arch@bytedance.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Motiejus JakÅ`tys
a39326767c tools/mm: fix compile error
Add a missing semicolon.

Link: https://lkml.kernel.org/r/20241112171655.1662670-1-motiejus@jakstys.lt
Fixes: ece5897e5a ("tools/mm: -Werror fixes in page-types/slabinfo")
Signed-off-by: Motiejus JakÅ`tys <motiejus@jakstys.lt>
Closes: https://github.com/NixOS/nixpkgs/issues/355369
Reviewed-by: SeongJae Park <sj@kernel.org>
Reviewed-by: Vishal Moola (Oracle) <vishal.moola@gmail.com>
Acked-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Cc: Wladislav Wiebe <wladislav.kw@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 22:43:48 -08:00
Kairui Song
0ec8bc9e88 mm, swap: fix allocation and scanning race with swapoff
There are two flags used to synchronize allocation and scanning with
swapoff: SWP_WRITEOK and SWP_SCANNING.

SWP_WRITEOK: Swapoff will first unset this flag, at this point any further
swap allocation or scanning on this device should just abort so no more
new entries will be referencing this device.  Swapoff will then unuse all
existing swap entries.

SWP_SCANNING: This flag is set when device is being scanned.  Swapoff will
wait for all scanner to stop before the final release of the swap device
structures to avoid UAF.  Note this flag is the highest used bit of
si->flags so it could be added up arithmetically, if there are multiple
scanner.

commit 5f843a9a3a ("mm: swap: separate SSD allocation from
scan_swap_map_slots()") ignored SWP_SCANNING and SWP_WRITEOK flags while
separating cluster allocation path from the old allocation path.  Add the
flags back to fix swapoff race.  The race is hard to trigger as si->lock
prevents most parallel operations, but si->lock could be dropped for
reclaim or discard.  This issue is found during code review.

This commit fixes this problem.  For SWP_SCANNING, Just like before, set
the flag before scan and remove it afterwards.

For SWP_WRITEOK, there are several places where si->lock could be dropped,
it will be error-prone and make the code hard to follow if we try to cover
these places one by one.  So just do one check before the real allocation,
which is also very similar like before.  With new cluster allocator it may
waste a bit of time iterating the clusters but won't take long, and
swapoff is not performance sensitive.

Link: https://lkml.kernel.org/r/20241112083414.78174-1-ryncsn@gmail.com
Fixes: 5f843a9a3a ("mm: swap: separate SSD allocation from scan_swap_map_slots()")
Reported-by: "Huang, Ying" <ying.huang@intel.com>
Closes: https://lore.kernel.org/linux-mm/87a5es3f1f.fsf@yhuang6-desk2.ccr.corp.intel.com/
Signed-off-by: Kairui Song <kasong@tencent.com>
Cc: Barry Song <v-songbaohua@oppo.com>
Cc: Chris Li <chrisl@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Kalesh Singh <kaleshsingh@google.com>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-11-14 15:25:07 -08:00
Dave Airlie
1eb0de899b amd-drm-fixes-6.12-2024-11-14:
amdgpu:
 - PSR fix
 - Panel replay fixes
 - DML fix
 - vblank power fix
 - Fix video caps
 - SMU 14.0 fix
 - GPUVM fix
 - MES 12 fix
 - APU carve out fix
 - DC vbios fix
 - NBIO fix
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZzYIpwAKCRC93/aFa7yZ
 2NVgAQDz3MsCT5vRhIkjBQ8VJqi/k23vvzoHRvBWE7JrfejmuQD+IvDPKmXvneQK
 M+3vSqDIbpmfwXEghHBdWXTMJqPZNg8=
 =UkPM
 -----END PGP SIGNATURE-----

Merge tag 'amd-drm-fixes-6.12-2024-11-14' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-6.12-2024-11-14:

amdgpu:
- PSR fix
- Panel replay fixes
- DML fix
- vblank power fix
- Fix video caps
- SMU 14.0 fix
- GPUVM fix
- MES 12 fix
- APU carve out fix
- DC vbios fix
- NBIO fix

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241114143401.448210-1-alexander.deucher@amd.com
2024-11-15 06:48:57 +10:00
Dave Airlie
99d051c4b3 Short summary of fixes pull:
bridge:
 - tc358768: Fix DSI command tx
 
 nouveau:
 - Fix GSP AUX error handling
 - dp: Handle retires for AUX CH transfers with GSP
 - fw: Sync DMA after setup
 
 panthor:
 - Fix partial BO mappings to GPU
 
 rockchip:
 - vop: Avoid null-ptr deref in plane-state check
 
 vmwgfx:
 - Avoid null-ptr deref in surface creation
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEchf7rIzpz2NEoWjlaA3BHVMLeiMFAmc2B4cACgkQaA3BHVML
 eiOr8AgAkOl/ck2X5Q3f5Fvwbj8sQikNqHUPCBGYf2UUwSstxpbvAxtqBKUV5CyT
 0yjaamvFattTTOopzBbEnOpl3cHbwDubmEuaRap1UGdLFE0hFeMA4ycmshKppn14
 GbL7x3FSL3GaU3AHNzWowLtLE99OaZM7YLJ/BL3auHDyezg0TXD++OLvjezZhG3x
 oiO4kNDImOKGSF5nFmTfZkQARHCcm6xv3I+E248RZGeL6HToeZc2lLbENuTCS6la
 RQBH+OYnLXQDRznoq2Qj5SN2H4jl1nlnJdZZ8Ph592jCpieg3OjO3eGTNsT7SF5L
 tYZZFIcTSf76YgpkfBPbPWPlRS1KzQ==
 =qfvW
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2024-11-14' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes

Short summary of fixes pull:

bridge:
- tc358768: Fix DSI command tx

nouveau:
- Fix GSP AUX error handling
- dp: Handle retires for AUX CH transfers with GSP
- fw: Sync DMA after setup

panthor:
- Fix partial BO mappings to GPU

rockchip:
- vop: Avoid null-ptr deref in plane-state check

vmwgfx:
- Avoid null-ptr deref in surface creation

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20241114142256.GA86810@2a02-2454-fd5e-fd00-4ce-489-4b34-bd1a.dyn6.pyur.net
2024-11-15 06:40:39 +10:00
Dave Airlie
6b76bf8f3b Merge tag 'drm-intel-fixes-2024-11-14' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes
- Don't load GSC on ARL-H and ARL-U if too old FW
- Avoid potential OOPS in enabling/disabling TV output

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/ZzWksU6CMGLPfjkT@jlahtine-mobl.ger.corp.intel.com
2024-11-15 06:18:35 +10:00
Tejun Heo
a4af89cc50 sched_ext: ops.cpu_acquire() should be called with SCX_KF_REST
ops.cpu_acquire() is currently called with 0 kf_maks which is interpreted as
SCX_KF_UNLOCKED which allows all unlocked kfuncs, but ops.cpu_acquire() is
called from balance_one() under the rq lock and should only be allowed call
kfuncs that are safe under the rq lock. Update it to use SCX_KF_REST.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: David Vernet <void@manifault.com>
Cc: Zhao Mengmeng <zhaomzhao@126.com>
Link: http://lkml.kernel.org/r/ZzYvf2L3rlmjuKzh@slm.duckdns.org
Fixes: 245254f708 ("sched_ext: Implement sched_ext_ops.cpu_acquire/release()")
2024-11-14 08:50:58 -10:00
Linus Torvalds
cfaaa7d010 Including fixes from bluetooth.
Quite calm week. No new regression under investigation.
 
 Current release - regressions:
 
   - eth: revert "igb: Disable threaded IRQ for igb_msix_other"
 
 Current release - new code bugs:
 
   - bluetooth: btintel: direct exception event to bluetooth stack
 
 Previous releases - regressions:
 
   - core: fix data-races around sk->sk_forward_alloc
 
   - netlink: terminate outstanding dump on socket close
 
   - mptcp: error out earlier on disconnect
 
   - vsock: fix accept_queue memory leak
 
   - phylink: ensure PHY momentary link-fails are handled
 
   - eth: mlx5:
     - fix null-ptr-deref in add rule err flow
     - lock FTE when checking if active
 
   - eth: dwmac-mediatek: fix inverted handling of mediatek,mac-wol
 
 Previous releases - always broken:
 
   - sched: fix u32's systematic failure to free IDR entries for hnodes.
 
   - sctp: fix possible UAF in sctp_v6_available()
 
   - eth: bonding: add ns target multicast address to slave device
 
   - eth: mlx5: fix msix vectors to respect platform limit
 
   - eth: icssg-prueth: fix 1 PPS sync
 
 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmc174YSHHBhYmVuaUBy
 ZWRoYXQuY29tAAoJECkkeY3MjxOkgKIP/3Lk1byZ0dKvxsvyBBDeF7yBOsKRsjLt
 XfrkcxkS/nloDkh8hM8gLiXjzHuHSo8p7YQ8eaZ215FAozkQbTHnyVUiokDY4vqz
 VwCqcHZBTCVZNntOK//lP20wE/FDPrLrRIAflshXHuJv+GBZDKUrjBiyiWhyXltv
 slcj7pW9mQyk/AaRW2n3jF985mBxgSXzNI1agDonq/+yP2R35GMO+jIqJHZ9CLH3
 GZakZs6ZVWqKbk3/U9qhH9nZsVwBt18eqwkaFYszOc8eMlSp0j9yLmdPfbYcLjbe
 tIu/wTF70iHlgw/fbPMWA6dsaf/vN9U96qG3YRH+zwvWUGFYcq/gRSeXceI6/N5u
 EAn8Y1IKXiCdCLd1iRyYZqRhHhnpCkbnx9TURdsCclbFW9bf+BU0MjEP3xfq84sD
 gbO0RXg4ZS2uUFC4EdNkKIMyqLkMcwQMkioGlUM14oXpU0mQDh3BQrS6yrOvH3d6
 YewK7viNYpUlRt54ISTSFSVDff0AAHIWSlNOdH5xLD6YosA+aCJk6icTlmINlx1a
 +ccPDY+dH0Dzwx9n0L6hPodVZeax1elnYLlhkgEFgh8v9Tz8TDjCAN2iI/R1A+QJ
 r80OZG5qXY89BsCvBXz35svDnFucDkIMupVW88kbfgWeRZrzlFn44CFnLT3n08iT
 KMNrKktGlXCg
 =2o5W
 -----END PGP SIGNATURE-----

Merge tag 'net-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Paolo Abeni:
 "Including fixes from bluetooth.

  Quite calm week. No new regression under investigation.

  Current release - regressions:

   - eth: revert "igb: Disable threaded IRQ for igb_msix_other"

  Current release - new code bugs:

   - bluetooth: btintel: direct exception event to bluetooth stack

  Previous releases - regressions:

   - core: fix data-races around sk->sk_forward_alloc

   - netlink: terminate outstanding dump on socket close

   - mptcp: error out earlier on disconnect

   - vsock: fix accept_queue memory leak

   - phylink: ensure PHY momentary link-fails are handled

   - eth: mlx5:
      - fix null-ptr-deref in add rule err flow
      - lock FTE when checking if active

   - eth: dwmac-mediatek: fix inverted handling of mediatek,mac-wol

  Previous releases - always broken:

   - sched: fix u32's systematic failure to free IDR entries for hnodes.

   - sctp: fix possible UAF in sctp_v6_available()

   - eth: bonding: add ns target multicast address to slave device

   - eth: mlx5: fix msix vectors to respect platform limit

   - eth: icssg-prueth: fix 1 PPS sync"

* tag 'net-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (38 commits)
  net: sched: u32: Add test case for systematic hnode IDR leaks
  selftests: bonding: add ns multicast group testing
  bonding: add ns target multicast address to slave device
  net: ti: icssg-prueth: Fix 1 PPS sync
  stmmac: dwmac-intel-plat: fix call balance of tx_clk handling routines
  net: Make copy_safe_from_sockptr() match documentation
  net: stmmac: dwmac-mediatek: Fix inverted handling of mediatek,mac-wol
  ipmr: Fix access to mfc_cache_list without lock held
  samples: pktgen: correct dev to DEV
  net: phylink: ensure PHY momentary link-fails are handled
  mptcp: pm: use _rcu variant under rcu_read_lock
  mptcp: hold pm lock when deleting entry
  mptcp: update local address flags when setting it
  net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes.
  MAINTAINERS: Re-add cancelled Renesas driver sections
  Revert "igb: Disable threaded IRQ for igb_msix_other"
  Bluetooth: btintel: Direct exception event to bluetooth stack
  Bluetooth: hci_core: Fix calling mgmt_device_connected
  virtio/vsock: Improve MSG_ZEROCOPY error handling
  vsock: Fix sk_error_queue memory leak
  ...
2024-11-14 10:05:33 -08:00
Linus Torvalds
4abcd80f23 bcachefs fixes for 6.12
- Assorted tiny syzbot fixes
 - Shutdown path fix: "bch2_btree_write_buffer_flush_going_ro()"
 
   The shutdown path wasn't flushing the btree write buffer, leading to
   shutting down while we still had operations in flight. This fixes a
   whole slew of syzbot bugs, and undoubtedly other strange heisenbugs.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEKnAFLkS8Qha+jvQrE6szbY3KbnYFAmc1ceQACgkQE6szbY3K
 bna56w//V4On/z8q8r4vyj44NXfFNXL87QNB7e5BAP8lmow8S1KnqpHlpUq+MaJm
 /LI1OPPaDJITokrQ4eUKyfRLQaH9PlDk7WafgzixnYmaXKVIraqGzWfISSbNhLdC
 Hw/EjYdqmuQMAxTgj1upyx2UijvBRaT0dvjeaTX2OgQiqIlBUWGdUDFHWzc1sRgO
 8PrJf9CYscdS+P+XrDBKLLCiKGn73Z93lSsFTwVzDictfrqUT8X5J5/a+ofCwp8W
 sEiL/13bp05ABb3YjVrBupApyY6szC6YrKNwJ8RoHxBGo0zl5L/gd9FnBJX0T1wc
 10dDMv4gZWf9mF2KePDH5EYBBV62N8qEwRAHrjkGu/87mNBRf6sUZ3fbTiMMmVds
 nSTJUHH6t6uiwtezPPzDKtPYQBcGsP95DBdvL4un97jTlUtszHLU8OqVErojTYzZ
 sZLilUUMz+CK/qfoJjUcSJwslevHeiri5Hto4jOvf8M7uH0Xx29LvmwqWLdZP2uT
 RNjslFLvqzZoWGsbJEfe2YihJwJd9kkiE/0xQK60169bzoNEI6oWNmOK2Ts1Dr0X
 tEkdHmWqNI65+nbjomGOa3u1wysrACuaRwu6fq0562+IvlDtVXLUWbmlS58+bqz2
 KwUmZp4Y2OibeKFT+y0iqxpw9WBPQb7dwj9xwpwk3xgph1uVwbY=
 =L6kv
 -----END PGP SIGNATURE-----

Merge tag 'bcachefs-2024-11-13' of git://evilpiepirate.org/bcachefs

Pull bcachefs fixes from Kent Overstreet:
 "This fixes one minor regression from the btree cache fixes (in the
  scan_for_btree_nodes repair path) - and the shutdown path fix is the
  big one here, in terms of bugs closed:

   - Assorted tiny syzbot fixes

   - Shutdown path fix: "bch2_btree_write_buffer_flush_going_ro()"

     The shutdown path wasn't flushing the btree write buffer, leading
     to shutting down while we still had operations in flight. This
     fixes a whole slew of syzbot bugs, and undoubtedly other strange
     heisenbugs.

* tag 'bcachefs-2024-11-13' of git://evilpiepirate.org/bcachefs:
  bcachefs: Fix assertion pop in bch2_ptr_swab()
  bcachefs: Fix journal_entry_dev_usage_to_text() overrun
  bcachefs: Allow for unknown key types in backpointers fsck
  bcachefs: Fix assertion pop in topology repair
  bcachefs: Fix hidden btree errors when reading roots
  bcachefs: Fix validate_bset() repair path
  bcachefs: Fix missing validation for bch_backpointer.level
  bcachefs: Fix bch_member.btree_bitmap_shift validation
  bcachefs: bch2_btree_write_buffer_flush_going_ro()
2024-11-14 10:00:23 -08:00
Steven Rostedt
09663753bb tracing/ring-buffer: Clear all memory mapped CPU ring buffers on first recording
The events of a memory mapped ring buffer from the previous boot should
not be mixed in with events from the current boot. There's meta data that
is used to handle KASLR so that function names can be shown properly.

Also, since the timestamps of the previous boot have no meaning to the
timestamps of the current boot, having them intermingled in a buffer can
also cause confusion because there could possibly be events in the future.

When a trace is activated the meta data is reset so that the pointers of
are now processed for the new address space. The trace buffers are reset
when tracing starts for the first time. The problem here is that the reset
only happens on online CPUs. If a CPU is offline, it does not get reset.

To demonstrate the issue, a previous boot had tracing enabled in the boot
mapped ring buffer on reboot. On the following boot, tracing has not been
started yet so the function trace from the previous boot is still visible.

 # trace-cmd show -B boot_mapped -c 3 | tail
          <idle>-0       [003] d.h2.   156.462395: __rcu_read_lock <-cpu_emergency_disable_virtualization
          <idle>-0       [003] d.h2.   156.462396: vmx_emergency_disable_virtualization_cpu <-cpu_emergency_disable_virtualization
          <idle>-0       [003] d.h2.   156.462396: __rcu_read_unlock <-__sysvec_reboot
          <idle>-0       [003] d.h2.   156.462397: stop_this_cpu <-__sysvec_reboot
          <idle>-0       [003] d.h2.   156.462397: set_cpu_online <-stop_this_cpu
          <idle>-0       [003] d.h2.   156.462397: disable_local_APIC <-stop_this_cpu
          <idle>-0       [003] d.h2.   156.462398: clear_local_APIC <-disable_local_APIC
          <idle>-0       [003] d.h2.   156.462574: mcheck_cpu_clear <-stop_this_cpu
          <idle>-0       [003] d.h2.   156.462575: mce_intel_feature_clear <-stop_this_cpu
          <idle>-0       [003] d.h2.   156.462575: lmce_supported <-mce_intel_feature_clear

Now, if CPU 3 is taken offline, and tracing is started on the memory
mapped ring buffer, the events from the previous boot in the CPU 3 ring
buffer is not reset. Now those events are using the meta data from the
current boot and produces just hex values.

 # echo 0 > /sys/devices/system/cpu/cpu3/online
 # trace-cmd start -B boot_mapped -p function
 # trace-cmd show -B boot_mapped -c 3 | tail
          <idle>-0       [003] d.h2.   156.462395: 0xffffffff9a1e3194 <-0xffffffff9a0f655e
          <idle>-0       [003] d.h2.   156.462396: 0xffffffff9a0a1d24 <-0xffffffff9a0f656f
          <idle>-0       [003] d.h2.   156.462396: 0xffffffff9a1e6bc4 <-0xffffffff9a0f7323
          <idle>-0       [003] d.h2.   156.462397: 0xffffffff9a0d12b4 <-0xffffffff9a0f732a
          <idle>-0       [003] d.h2.   156.462397: 0xffffffff9a1458d4 <-0xffffffff9a0d12e2
          <idle>-0       [003] d.h2.   156.462397: 0xffffffff9a0faed4 <-0xffffffff9a0d12e7
          <idle>-0       [003] d.h2.   156.462398: 0xffffffff9a0faaf4 <-0xffffffff9a0faef2
          <idle>-0       [003] d.h2.   156.462574: 0xffffffff9a0e3444 <-0xffffffff9a0d12ef
          <idle>-0       [003] d.h2.   156.462575: 0xffffffff9a0e4964 <-0xffffffff9a0d12ef
          <idle>-0       [003] d.h2.   156.462575: 0xffffffff9a0e3fb0 <-0xffffffff9a0e496f

Reset all CPUs when starting a boot mapped ring buffer for the first time,
and not just the online CPUs.

Fixes: 7a1d1e4b96 ("tracing/ring-buffer: Add last_boot_info file to boot instance")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2024-11-14 11:54:34 -05:00
Takashi Iwai
5ec23a1b53 ASoC: Fixes for v6.12
Some last updates for v6.12, one quirk plus a couple of fixes.  One is a
 minor fix for a relatively obscure driver and the other is a relatively
 important fix for boot hangs with some audio graph based cards.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmc1/0UACgkQJNaLcl1U
 h9BFWwf8DVjYujeDc/qCC1k4mbgc1m4GSvUhowUbm7S+crHYrc1YD2q4Fu+HGWr9
 ADj3qRWsFu66RjbXA+0Dg3yEkDp2xDAhfZ+hThlwf+0CyOY42YsnlPF0/Y87uLOS
 2w/qFaSeYFrSgCJ9UjMtCVtBKJKkFmILm8sS8NrAYUsMmAl5L+HquskqBapT0tNM
 Beicvth+V0sbo1aq7pdxEGu35DeJmwvXu60hmdIrwKvf5roNXV2Tn/xr4TFyo1uY
 B1oyTRrhaLNrR/l0hjq20B0mkkYwH/wblp81q5Bm2mb/MmDPBDH0vYYG2rB4Y97j
 lvmYCgoYEAqCPd+8hHrmOq9jhegZqg==
 =kQ4k
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v6.12-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v6.12

Some last updates for v6.12, one quirk plus a couple of fixes.  One is a
minor fix for a relatively obscure driver and the other is a relatively
important fix for boot hangs with some audio graph based cards.
2024-11-14 16:40:15 +01:00
Josef Bacik
7d493a5ecc btrfs: fix incorrect comparison for delayed refs
When I reworked delayed ref comparison in cf4f04325b ("btrfs: move
->parent and ->ref_root into btrfs_delayed_ref_node"), I made a mistake
and returned -1 for the case where ref1->ref_root was > than
ref2->ref_root.  This is a subtle bug that can result in improper
delayed ref running order, which can result in transaction aborts.

Fixes: cf4f04325b ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node")
CC: stable@vger.kernel.org # 6.10+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2024-11-14 16:11:02 +01:00
Steven Rostedt
580bb355bc Revert: "ring-buffer: Do not have boot mapped buffers hook to CPU hotplug"
A crash happened when testing cpu hotplug with respect to the memory
mapped ring buffers. It was assumed that the hot plug code was adding a
per CPU buffer that was already created that caused the crash. The real
problem was due to ref counting and was fixed by commit 2cf9733891
("ring-buffer: Fix refcount setting of boot mapped buffers").

When a per CPU buffer is created, it will not be created again even with
CPU hotplug, so the fix to not use CPU hotplug was a red herring. In fact,
it caused only the boot CPU buffer to be created, leaving the other CPU
per CPU buffers disabled.

Revert that change as it was not the culprit of the fix it was intended to
be.

Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241113230839.6c03640f@gandalf.local.home
Fixes: 912da2c384 ("ring-buffer: Do not have boot mapped buffers hook to CPU hotplug")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2024-11-14 10:01:00 -05:00
Alexandre Ferrieux
ca34aceb32 net: sched: u32: Add test case for systematic hnode IDR leaks
Add a tdc test case to exercise the just-fixed systematic leak of
IDR entries in u32 hnode disposal. Given the IDR in question is
confined to the range [1..0x7FF], it is sufficient to create/delete
the same filter 2048 times to fill it up and get a nonzero exit
status from "tc filter add".

Signed-off-by: Alexandre Ferrieux <alexandre.ferrieux@orange.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Link: https://patch.msgid.link/20241113100428.360460-1-alexandre.ferrieux@orange.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-11-14 11:39:17 +01:00
Francesco Dolcini
32c4514455 drm/bridge: tc358768: Fix DSI command tx
Wait for the command transmission to be completed in the DSI transfer
function polling for the dc_start bit to go back to idle state after the
transmission is started.

This is documented in the datasheet and failures to do so lead to
commands corruption.

Fixes: ff1ca6397b ("drm/bridge: Add tc358768 driver")
Cc: stable@vger.kernel.org
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20240926141246.48282-1-francesco@dolcini.it
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240926141246.48282-1-francesco@dolcini.it
2024-11-14 11:29:42 +01:00
Paolo Abeni
f8d670b1ae Merge branch 'bonding-fix-ns-targets-not-work-on-hardware-nic'
Hangbin Liu says:

====================
bonding: fix ns targets not work on hardware NIC

The first patch fixed ns targets not work on hardware NIC when bonding
set arp_validate.

The second patch add a related selftest for bonding.

v4: Thanks Nikolay for the comments:
    use bond_slave_ns_maddrs_{add/del} with clear name
    fix comments typos
    remove _slave_set_ns_maddrs underscore directly
    update bond_option_arp_validate_set() change logic
v3: use ndisc_mc_map to convert the mcast mac address (Jay Vosburgh)
v2: only add/del mcast group on backup slaves when arp_validate is set (Jay Vosburgh)
    arp_validate doesn't support 3ad, tlb, alb. So let's only do it on ab mode.
====================

Link: https://patch.msgid.link/20241111101650.27685-1-liuhangbin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-11-14 11:16:30 +01:00
Hangbin Liu
86fb6173d1 selftests: bonding: add ns multicast group testing
Add a test to make sure the backup slaves join correct multicast group
when arp_validate enabled and ns_ip6_target is set. Here is the result:

TEST: arp_validate (active-backup ns_ip6_target arp_validate 0)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]
TEST: arp_validate (active-backup ns_ip6_target arp_validate 1)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]
TEST: arp_validate (active-backup ns_ip6_target arp_validate 2)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]
TEST: arp_validate (active-backup ns_ip6_target arp_validate 3)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]
TEST: arp_validate (active-backup ns_ip6_target arp_validate 4)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]
TEST: arp_validate (active-backup ns_ip6_target arp_validate 5)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]
TEST: arp_validate (active-backup ns_ip6_target arp_validate 6)     [ OK ]
TEST: arp_validate (join mcast group)                               [ OK ]

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-11-14 11:16:28 +01:00
Hangbin Liu
8eb36164d1 bonding: add ns target multicast address to slave device
Commit 4598380f9c ("bonding: fix ns validation on backup slaves")
tried to resolve the issue where backup slaves couldn't be brought up when
receiving IPv6 Neighbor Solicitation (NS) messages. However, this fix only
worked for drivers that receive all multicast messages, such as the veth
interface.

For standard drivers, the NS multicast message is silently dropped because
the slave device is not a member of the NS target multicast group.

To address this, we need to make the slave device join the NS target
multicast group, ensuring it can receive these IPv6 NS messages to validate
the slave’s status properly.

There are three policies before joining the multicast group:
1. All settings must be under active-backup mode (alb and tlb do not support
   arp_validate), with backup slaves and slaves supporting multicast.
2. We can add or remove multicast groups when arp_validate changes.
3. Other operations, such as enslaving, releasing, or setting NS targets,
   need to be guarded by arp_validate.

Fixes: 4e24be018e ("bonding: add new parameter ns_targets")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-11-14 11:16:28 +01:00
Meghana Malladi
dc065076ee net: ti: icssg-prueth: Fix 1 PPS sync
The first PPS latch time needs to be calculated by the driver
(in rounded off seconds) and configured as the start time
offset for the cycle. After synchronizing two PTP clocks
running as master/slave, missing this would cause master
and slave to start immediately with some milliseconds
drift which causes the PPS signal to never synchronize with
the PTP master.

Fixes: 186734c158 ("net: ti: icssg-prueth: add packet timestamping and ptp support")
Signed-off-by: Meghana Malladi <m-malladi@ti.com>
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Reviewed-by: MD Danish Anwar <danishanwar@ti.com>
Link: https://patch.msgid.link/20241111095842.478833-1-m-malladi@ti.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-11-14 10:34:56 +01:00
Chen Ridong
93d1f41a82 drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
The 'vmw_user_object_buffer' function may return NULL with incorrect
inputs. To avoid possible null pointer dereference, add a check whether
the 'bo' is NULL in the vmw_framebuffer_surface_create_handle.

Fixes: d6667f0ddf ("drm/vmwgfx: Fix handling of dumb buffers")
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241029083429.1185479-1-chenridong@huaweicloud.com
2024-11-14 02:13:22 -05:00