mirror of
https://github.com/torvalds/linux.git
synced 2024-12-03 17:41:22 +00:00
1872df8dcd
1266768 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
David Howells
|
6a30653b60 |
Fix a potential infinite loop in extract_user_to_sg()
Fix extract_user_to_sg() so that it will break out of the loop if iov_iter_extract_pages() returns 0 rather than looping around forever. [Note that I've included two fixes lines as the function got moved to a different file and renamed] Fixes: |
||
Linus Torvalds
|
3022bf37da |
gpio fixes for v6.9-rc6
- fix a regression in pin access control in gpio-tegra186 - make data pointer dereference robust in Intel Tangier driver -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmYr5rEACgkQEacuoBRx 13INpxAAin4FChYUBmGscEP0NBDwbKRCdq2BDPbU6OnECg1pv9wEUkVnK/qiG9VZ uvLyFbQi7Zr1v95m0wMHVgkqGwv9GcicKrqwmZyy7UWlx59dF2u07uXkLoR3Dywv 95/xjzEmUV3kkMk6gDiJJDcYstmJO4XUg7jKvfiIH1OHVEBQ/YTP84pFY1OLXJF1 Vhzn5QJnKMrmB4/F/ALcg6m7WC7T6IJ2SXzY5WR42cmP7Z8kRfbglEOM/J02juKe tflH1fGdM+n3kzNTpxF6l8Aufmweqrl3KUewFsUhcG/Q8Lb+e6feKmcAD4YhgYkz +tdwMN9Ng8v7PolIo/6vTsdRpy/EvbV6nOTPasrNdGBh5p+QNMjfn1TosYq/zPOK PmDx2t22zYMJ6e+e7FP7IUzjSBPlXIWrvpOzvUmTqeMl73+4j6o31k5gLFdNysf/ 7JMLLkAc9eEI4RYbDRBQaJqjqvaf626QqoTjQ0AEqgdpxcH2bo7alRN9Oa6iet5b mGQa+KZ/igx9ZadiljEYPhqc1S3YHOPTl19yXKppwAC+BxNLMtEsIOQTUFHSWEUq q3NtxYbfR2yd/+iNLbEd2Pl2aNp7gTyuMMPTCk+M7oqrF1uCqmT79kNEGYM+arR8 OMpJ/fLk/hdL9jasHIhlYc7XwZ8HFNyzpCpwAbGmmqigVsw8E2s= =9Udp -----END PGP SIGNATURE----- Merge tag 'gpio-fixes-for-v6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux Pull gpio fixes from Bartosz Golaszewski: - fix a regression in pin access control in gpio-tegra186 - make data pointer dereference robust in Intel Tangier driver * tag 'gpio-fixes-for-v6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: gpio: tegra186: Fix tegra186_gpio_is_accessible() check gpio: tangier: Use correct type for the IRQ chip data |
||
|
Linus Torvalds
|
5b43efa158 |
cxl fixes for v6.9-rc6
- Fix potential payload size confusion in cxl_mem_get_poison() -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE5DAy15EJMCV1R6v9YGjFFmlTOEoFAmYr45UACgkQYGjFFmlT OEoVOQ/8D+JeKjmkBjbM8zh83cmsoFTVniinsaGoy+HmiF2GDiUEuYrTWFtELBS0 Ypf9boJ5L7OUdXs3rxwvdIs1TVW1UVyuBdpE+LzNWrHafi1mCflwXViUeHChkz0p 6cMpceDur3AYt/YGunq5Qn3xCi8L4FU1eT2hkIPeq6hlmz4K2gof0CKgEANQAOyw 9JTyyfJLDSxor+Fxc4QmZz5j6ZfQPO+MDdRlC3SoJMhyYp8mhw99+E4t93XLhmJv BchhrxHZiKYESS4pTn3BAbSrwbz0lPCONne5tzLPERzdQg8NW/LMa0Ca/iU/IOXl 1R9eNfCK8F2oDZUs0m2562gCDw/ajGVWyb6tiM4y+qMee+YBq4W59afXQRHW3AJz Rxpz2Pe1lHsqqX8NeFh2/mg3U65w5x8mUSDT6iqdINqyxzVqHMRU5wGgOZy76TZi D7k0ZgPjUAAsHdYHbBiczN+nVNBZdi49pAnUlyQ4zl30B2Rmv8nLen2pHUcdF3OA mzZzUr8sjxMHCy3tV2nAkH75nYxS6h1KS17yjv8ex6G+oAK0CJL25IOInJIuocOr rZPJ8zxn4TtUVuwZ4pTL+Yr3oWQ9pNQq4MN1fBUuZnHxuHoSqDvD0fXS7B1tcwDC izQViTKQSiWMcskH71qU9P202Isrqqz6r5TjePU9ayxESALMujc= =NcKp -----END PGP SIGNATURE----- Merge tag 'cxl-fixes-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl Pull cxl fix from Dave Jiang: - Fix potential payload size confusion in cxl_mem_get_poison() * tag 'cxl-fixes-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl: cxl/core: Fix potential payload size confusion in cxl_mem_get_poison() |
||
|
Linus Torvalds
|
08f0677dfc |
- Fix 6.9 regression so that DM device removal is performed
synchronously by default. Asynchronous removal has always been possible but it isn't the default. It is important that synchronous removal be preserved, otherwise it is an interface change that breaks lvm2. - Remove errant semicolon in drivers/md/dm-vdo/murmurhash3.c -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEJfWUX4UqZ4x1O2wixSPxCi2dA1oFAmYr08wACgkQxSPxCi2d A1qSXAgAsmfo5nV8/tNsrG3aBYN/rbGyEQaKl+m3eGK3T874WyrbW/On5qfGzEO1 09O5jNEMhkEHBQq6tKu/Gp87xLVJroIOMLTYpmCg6nnlwVIifFy1uuaBFA1xgM9U xf7myg6fRj66Yjwv0y1WmTaQTX30s9alJ7f/PZQT1MJFhGIuHPIns3bsyZ43RcOl pNkS9jjdHkDpXK/cWseb9mz6TAISa8Fn2NYkDPvq6r/J/aIxhRiHlhlzFuQnnfkH Rg5GVg2R/yCZiGQpuA6IqfEX6eqc4HlZa5Ty2zj9BjUhmj+YbuLEKj+uMEB6wMPd uK7uWfkxZYvsBAdaFfSpU8XyTumaAA== =zK77 -----END PGP SIGNATURE----- Merge tag 'for-6.9/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Fix 6.9 regression so that DM device removal is performed synchronously by default. Asynchronous removal has always been possible but it isn't the default. It is important that synchronous removal be preserved, otherwise it is an interface change that breaks lvm2. - Remove errant semicolon in drivers/md/dm-vdo/murmurhash3.c * tag 'for-6.9/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm: restore synchronous close of device mapper block device dm vdo murmurhash: remove unneeded semicolon |
||
|
Linus Torvalds
|
52034cae02 |
vfs-6.9-rc6.fixes
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZiulnAAKCRCRxhvAZXjc
ogO+AP9z3+WAvgGmJkWOjT1aOrcQWVe+ZEdEUdK26ufkHhM5vAD/RXmdUBVHcYWk
3oE1hG8bONOASUc6dUIATPHBDjvqFg8=
=LtmL
-----END PGP SIGNATURE-----
Merge tag 'vfs-6.9-rc6.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
Pull vfs fixes from Christian Brauner:
"This contains a few small fixes for this merge window and the attempt
to handle the ntfs removal regression that was reported a little while
ago:
- After the removal of the legacy ntfs driver we received reports
about regressions for some people that do mount "ntfs" explicitly
and expect the driver to be available. Since ntfs3 is a drop-in for
legacy ntfs we alias legacy ntfs to ntfs3 just like ext3 is aliased
to ext4.
We also enforce legacy ntfs is always mounted read-only and give it
custom file operations to ensure that ioctl()'s can't be abused to
perform write operations.
- Fix an unbalanced module_get() in bdev_open().
- Two smaller fixes for the netfs work done earlier in this cycle.
- Fix the errno returned from the new FS_IOC_GETUUID and
FS_IOC_GETFSSYSFSPATH ioctls. Both commands just pull information
out of the superblock so there's no need to call into the actual
ioctl handlers.
So instead of returning ENOIOCTLCMD to indicate to fallback we just
return ENOTTY directly avoiding that indirection"
* tag 'vfs-6.9-rc6.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
netfs: Fix the pre-flush when appending to a file in writethrough mode
netfs: Fix writethrough-mode error handling
ntfs3: add legacy ntfs file operations
ntfs3: enforce read-only when used as legacy ntfs driver
ntfs3: serve as alias for the legacy ntfs driver
block: fix module reference leakage from bdev_open_by_dev error path
fs: Return ENOTTY directly if FS_IOC_GETUUID or FS_IOC_GETFSSYSFSPATH fail
|
||
|
Linus Torvalds
|
09ef295717 |
LoongArch fixes for v6.9-rc6
-----BEGIN PGP SIGNATURE----- iQJKBAABCAA0FiEEzOlt8mkP+tbeiYy5AoYrw/LiJnoFAmYrWxAWHGNoZW5odWFj YWlAa2VybmVsLm9yZwAKCRAChivD8uImeufHEACHmzoVFm0aYhxCII1KYYAbybqR za4Zr0/TrqgwYslVW6OEcbv5g3Mqcv/Lx5eCCpN5nfKYxK33RJJsLzowesujmLtX P0Kbj1vhJycXi0dwgam8wQLKblQ3IQJf9vwWR6PpLQro6GM79W3XfZB0aqNdsmg2 Oi8oR0uXa5kfq3eLa6QQwwzkW515rgn2rH0hHHP9menIVQZ/Vblp1fTUkhYf3S+j AXC3jOyrjIewCnxFVu+7vqIIkOYqp99ZW6B31MMt3DktVvOGt8rckQ9Ytq7JhAFk uB5Gj96HVgzg+YZHz69tZ1xR3mv6DoCzeeNz0uKHYa3CpRoz570jO8uZkkG0JNf7 TefAhJyB+pRR2qUJ+8eW+24iKxDfjMt9XOwCnyebC4T8DvsDwUWYRjI7/qXMWy/3 MsUfYQaWpEZWKTFHBUuIOHhgu6y5qfyiFoDz5/e11hnKpM4xwmA1MN/ZfU04p+dv vtAS3JjPorSHiLktbgcY0pOsCMZadwUkWXD/chIYXxp1Sz72N5ixd4gGwH2RtF8R +opGPMFB49knYwLoSddNdSfwOEsLh3eWzizh0M2cfitdacU09XTVUc60CAYNWTUH yERhg/DsAyW1XnjlGzMsIMvuImYJ7rAUO9PF35fIjD82ZiUZyxn0wDd761+zKDNd Bfb3tu8zFYk+0zlLqg== =3eqZ -----END PGP SIGNATURE----- Merge tag 'loongarch-fixes-6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson Pull LoongArch fixes from Huacai Chen: "Fix some build errors and some trivial runtime bugs" * tag 'loongarch-fixes-6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson: LoongArch: Lately init pmu after smp is online LoongArch: Fix callchain parse error with kernel tracepoint events LoongArch: Fix access error when read fault on a write-only VMA LoongArch: Fix a build error due to __tlb_remove_tlb_entry() LoongArch: Fix Kconfig item and left code related to CRASH_CORE |
||
|
Linus Torvalds
|
084c473cf7 |
pwm: Update Uwe's maintainer entries
This is just an update to my maintainer entries as I will switch jobs soon. Getting a contact email address into the MAINTAINERS file that will work also after my switch will hopefully reduce people mailing to the then non-existing address. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEP4GsaTp6HlmJrf7Tj4D7WH0S/k4FAmYrSMIACgkQj4D7WH0S /k6xhwgArEfgAsKp96Svk5c8dXCNzO3652J6K9ldfUgJzByhKNiXmWE7APd/QD6c VvdzBskD1X8TmmjOtXtL4xhSFyt0Tr2jk/b9pbcvl7/O7n81Lyrzhq1R4yFFSI4E 0Hqnbj+UQxKBv+DAylyeR5LYsciCQxPNlXSLtc7uHKlfceE6bve7d0COrKUNoD0o XV+98JUXU6PSbByIMj05K+3Sn7a3vqR4GOZ7f+sbOrOVRujX3sMSCpCGPqVtqZuo bWwMw/wyub6AVbARL3l5dvOjXjVltDC+s0TRA5iwNkSnrDKQg8Ho6mISRtwgQmTl Kyzg6tU+ohuIrMGGWE/tbm2CXI5TbA== =13ml -----END PGP SIGNATURE----- Merge tag 'pwm/for-6.9-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux Pull maintainer entry update from Uwe Kleine-König: "This is just an update to my maintainer entries as I will switch jobs soon. Getting a contact email address into the MAINTAINERS file that will work also after my switch will hopefully reduce people mailing to the then non-existing address. I also drop my co-maintenance for SIOX, but that continues to be in good hands" * tag 'pwm/for-6.9-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux: MAINTAINERS: Update Uwe's email address, drop SIOX maintenance |
||
|
Linus Torvalds
|
61ef6208e0 |
drm fixes for 6.9-rc6
atomic-helpers: - Fix memory leak in drm_format_conv_state_copy() fbdev: - fbdefio: Fix address calculation amdgpu: - Suspend/resume fix - Don't expose gpu_od directory if it's empty - SDMA 4.4.2 fix - VPE fix - BO eviction fix - UMSCH fix - SMU 13.0.6 reset fixes - GPUVM flush accounting fix - SDMA 5.2 fix - Fix possible UAF in mes code amdkfd: - Eviction fence handling fix - Fix memory leak when GPU memory allocation fails - Fix dma-buf validation - Fix rescheduling of restore worker - SVM fix gma500: - Fix crash during boot etnaviv: - fix GC7000 TX clock gating - revert NPU UAPI changes xe: - Fix error paths on managed allocations - Fix PF/VF relay messages -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmYrGwAACgkQDHTzWXnE hr7WGBAAkJnPo6KEjLMNbuCOGM+X0+cFfGbwKtDEXDeXqHSpBBqPKHKpq/Phchzc 7YV+HXcyKA5gStmb5+4sR203+jf2Gn5fUQ3vdsjXmOAJOE25RpLOtCYBKisyT3uQ OGo95PPEmB3pVyS0JFr5mKahJbdqTungpAw3/0WRgxVtkeI1rdRxv7IGnvhTyE85 sliDSQECDBp73xCiW51fkvIezj0fteZfJ8G1qgfyk569zZzcGy8mmGfETHGbjx6x p0L7JP4vyApiRMyJtWNXllVA9vcgxLbez1PlJpkLeCGr86yrNaY1GDDW57Yfee65 KnrvV1HTjzLGXrdP6n1JkkCHqMlWfZWhM/jVbbsLCRcDkJ5G6VQBlqSC/i/1EU7/ 9bqbn5mcWjh8nwa0VpmfF2mXXcj1sIAUGM1Gnahoep7K+Lch3rA+xU24n3d5Exvb 5LNtT0wYOdRLddmEuNDsMfaP1icAp5VGFbO5VebDkgPK9iFv+Dlps0MN7HFF9SY0 hQgFe7O3y/X1MJYIeAFAa229V52mtS8sSIAb9dd/ND+8smt2i+2TvGqdsWnyCN1X tQHKa3can04P+TzdnNEraERtNJSAxtHuJxy4PIOLiuIkpnuFhwVk85XYoAiMiO36 iA3NrJz5LkeQfpC7uQN6cfYA/KUnFP9X14uUwkjTQjW3ZE6znWM= =H82n -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2024-04-26' of https://gitlab.freedesktop.org/drm/kernel Pull drm fixes from Dave Airlie: "Regular weekly merge request, mostly amdgpu and misc bits in xe/etnaviv/gma500 and some core changes. Nothing too outlandish, seems to be about normal for this time of release. atomic-helpers: - Fix memory leak in drm_format_conv_state_copy() fbdev: - fbdefio: Fix address calculation amdgpu: - Suspend/resume fix - Don't expose gpu_od directory if it's empty - SDMA 4.4.2 fix - VPE fix - BO eviction fix - UMSCH fix - SMU 13.0.6 reset fixes - GPUVM flush accounting fix - SDMA 5.2 fix - Fix possible UAF in mes code amdkfd: - Eviction fence handling fix - Fix memory leak when GPU memory allocation fails - Fix dma-buf validation - Fix rescheduling of restore worker - SVM fix gma500: - Fix crash during boot etnaviv: - fix GC7000 TX clock gating - revert NPU UAPI changes xe: - Fix error paths on managed allocations - Fix PF/VF relay messages" * tag 'drm-fixes-2024-04-26' of https://gitlab.freedesktop.org/drm/kernel: (23 commits) Revert "drm/etnaviv: Expose a few more chipspecs to userspace" drm/etnaviv: fix tx clock gating on some GC7000 variants drm/xe/guc: Fix arguments passed to relay G2H handlers drm/xe: call free_gsc_pkt only once on action add failure drm/xe: Remove sysfs only once on action add failure fbdev: fix incorrect address computation in deferred IO drm/amdgpu/mes: fix use-after-free issue drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 drm/amdgpu: Fix the ring buffer size for queue VM flush drm/amdkfd: Add VRAM accounting for SVM migration drm/amd/pm: Restore config space after reset drm/amdgpu/umsch: don't execute umsch test when GPU is in reset/suspend drm/amdkfd: Fix rescheduling of restore worker drm/amdgpu: Update BO eviction priorities drm/amdgpu/vpe: fix vpe dpm setup failed drm/amdgpu: Assign correct bits for SDMA HDP flush drm/amdgpu/pm: Remove gpu_od if it's an empty directory drm/amdkfd: make sure VM is ready for updating operations drm/amdgpu: Fix leak when GPU memory allocation fails drm/amdkfd: Fix eviction fence handling ... |
||
Arnd Bergmann
|
9f26bc71b1 |
MediaTek driver fixes for v6.9
This fixes the MediaTek SVS driver to look for the right thermal zone names, and adds a missing Kconfig dependency for mtk-socinfo. -----BEGIN PGP SIGNATURE----- iJ4EABYKAEYWIQQn3Xxr56ypAcSHzXSaNgTPrZeEeAUCZieJWigcYW5nZWxvZ2lv YWNjaGluby5kZWxyZWdub0Bjb2xsYWJvcmEuY29tAAoJEJo2BM+tl4R43lIBANyL 3BRdXzIgPtg/EOU///UpTwR/5caUuPAKx4ZoumytAP0RGmRgKSV5BUmKDt3EGNNd YA0fCXS1cxCtx0fPXh70Dg== =PD2N -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmYr6CcACgkQYKtH/8kJ UifaSA/9E510l+7gVO547cNnd0fisJc6TEo9BvztsIgj4NDlnYAv/VP+93NSjAit NqNcWXQMWbbAvPkw9yquM3fPT+ssR5bWKds8ZBVv4FLcRMNOkPjM0P97tZPhIUp2 M5qH/nReWf8VZe24rmE2fjI4QVXu+t8AfqWL6ESk4VW+9QI+49nhLGuGYkbPqIca uEbxHRmDOfRHDnMyK0x6MNuOgaxOecwaodRopa1PETVL/Roaf+XWUXM8Bt/vu3nL nRt/EigH6fSQeA/94PgnaB+UQC3svb9+ss5VIgik3B3GzHe1dgzr4mKdi58LHDTA 7Lzf/MuqEClt9V45RdOsaa41PinDNiTnDk5YdP+Eu9X81FImeeGemg/5zwwm1pyr CFJ0GDhMWv3vWd7EbL8ImYzHbLUzAcLCophupjQhMY9pEbBKTiJyOuk11ZYKa47z u8srGrq/MeaIRIbKtTvPY1hozA85dV0BPTpiu3Qcexy8FvZYOMQCaXZDIthWbfyO FfwKdVZyyT/zA3urhl9jLEqfZP8kb0CwaCmRC/KRMLgxUGAWt1cIIdvSSQFfF2Mm MUkQk/W6rk95iKfSyigccqpIzVHTdpi+M7aMH1YNZPDiGPHxywBJwmoFVjzAUTp+ KcLFrfXjvibZdGjKMDgF/PXTkg9j0ugQbyIYlzKtIvr69Jqd1lo= =dBIl -----END PGP SIGNATURE----- Merge tag 'mtk-soc-fixes-for-v6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mediatek/linux into for-next MediaTek driver fixes for v6.9 This fixes the MediaTek SVS driver to look for the right thermal zone names, and adds a missing Kconfig dependency for mtk-socinfo. Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
Palmer Dabbelt
|
6beb6bc5a8
|
Merge patch series "RISC-V: Test th.sxstatus.MAEE bit before enabling MAEE"
Christoph Müllner <christoph.muellner@vrull.eu> says: Currently, the Linux kernel suffers from a boot regression when running on the c906 QEMU emulation. Details have been reported here by Björn Töpel: https://lists.gnu.org/archive/html/qemu-devel/2024-01/msg04766.html The main issue is, that Linux enables XTheadMae for CPUs that have a T-Head mvendorid but QEMU maintainers don't want to emulate a CPU that uses reserved bits in PTEs. See also the following discussion for more context: https://lists.gnu.org/archive/html/qemu-devel/2024-02/msg00775.html This series renames "T-Head PBMT" to "MAE"/"XTheadMae" and only enables it if the th.sxstatus.MAEE bit is set. The th.sxstatus CSR is documented here: https://github.com/T-head-Semi/thead-extension-spec/blob/master/xtheadsxstatus.adoc XTheadMae is documented here: https://github.com/T-head-Semi/thead-extension-spec/blob/master/xtheadmae.adoc The QEMU patch to emulate th.sxstatus with the MAEE bit not set is here: https://lore.kernel.org/all/20240329120427.684677-1-christoph.muellner@vrull.eu/ After applying the referenced QEMU patch, this patchset allows to successfully boot a C906 QEMU system emulation ("-cpu thead-c906"). * b4-shazam-lts: riscv: T-Head: Test availability bit before enabling MAE errata riscv: thead: Rename T-Head PBMT to MAE Link: https://lore.kernel.org/r/20240407213236.2121592-1-christoph.muellner@vrull.eu Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> |
||
Andrew Jones
|
49408400d6
|
RISC-V: selftests: cbo: Ensure asm operands match constraints, take 2
Commit |
||
Ben Zong-You Xie
|
9c49085d69
|
perf riscv: Fix the warning due to the incompatible type
In the 32-bit platform, the second argument of getline is expectd to be 'size_t *'(aka 'unsigned int *'), but line_sz is of type 'unsigned long *'. Therefore, declare line_sz as size_t. Signed-off-by: Ben Zong-You Xie <ben717@andestech.com> Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com> Link: https://lore.kernel.org/r/20240305120501.1785084-3-ben717@andestech.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> |
||
Alexei Starovoitov
|
a86538a2ef |
Merge branch 'bpf-prevent-userspace-memory-access'
Puranjay Mohan says: ==================== bpf: prevent userspace memory access V5: https://lore.kernel.org/bpf/20240324185356.59111-1-puranjay12@gmail.com/ Changes in V6: - Disable the verifier's instrumentation in x86-64 and update the JIT to take care of vsyscall page in addition to userspace addresses. - Update bpf_testmod to test for vsyscall addresses. V4: https://lore.kernel.org/bpf/20240321124640.8870-1-puranjay12@gmail.com/ Changes in V5: - Use TASK_SIZE_MAX + PAGE_SIZE, VSYSCALL_ADDR as userspace boundary in x86-64 JIT. - Added Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> V3: https://lore.kernel.org/bpf/20240321120842.78983-1-puranjay12@gmail.com/ Changes in V4: - Disable this feature on architectures that don't define CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE. - By doing the above, we don't need anything explicitly for s390x. V2: https://lore.kernel.org/bpf/20240321101058.68530-1-puranjay12@gmail.com/ Changes in V3: - Return 0 from bpf_arch_uaddress_limit() in disabled case because it returns u64. - Modify the check in verifier to no do instrumentation when uaddress_limit is 0. V1: https://lore.kernel.org/bpf/20240320105436.4781-1-puranjay12@gmail.com/ Changes in V2: - Disable this feature on s390x. With BPF_PROBE_MEM, BPF allows de-referencing an untrusted pointer. To thwart invalid memory accesses, the JITs add an exception table entry for all such accesses. But in case the src_reg + offset is a userspace address, the BPF program might read that memory if the user has mapped it. x86-64 JIT already instruments the BPF_PROBE_MEM based loads with checks to skip loads from userspace addresses, but is doesn't check for vsyscall page because it falls in the kernel address space but is considered a userspace page. The second patch in this series fixes the x86-64 JIT to also skip loads from the vsyscall page. The last patch updates the bpf_testmod so this address can be checked as part of the selftests. Other architectures don't have the complexity of the vsyscall address and just need to skip loads from the userspace. To make this more scalable and robust, the verifier is updated in the first patch to instrument BPF_PROBE_MEM to skip loads from the userspace addresses. ==================== Link: https://lore.kernel.org/r/20240424100210.11982-1-puranjay@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
Puranjay Mohan
|
7cd6750d9a |
selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64
The vsyscall is a legacy API for fast execution of system calls. It maps a page at address VSYSCALL_ADDR into the userspace program. This address is in the top 10MB of the address space: ffffffffff600000 - ffffffffff600fff | 4 kB | legacy vsyscall ABI The last commit fixes the x86-64 BPF JIT to skip accessing addresses in this memory region. Add this address to bpf_testmod_return_ptr() so we can make sure that it is fixed. After this change and without the previous commit, subprogs_extable selftest will crash the kernel. Signed-off-by: Puranjay Mohan <puranjay@kernel.org> Link: https://lore.kernel.org/r/20240424100210.11982-4-puranjay@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Puranjay Mohan
|
b599d7d26d |
bpf, x86: Fix PROBE_MEM runtime load check
When a load is marked PROBE_MEM - e.g. due to PTR_UNTRUSTED access - the
address being loaded from is not necessarily valid. The BPF jit sets up
exception handlers for each such load which catch page faults and 0 out
the destination register.
If the address for the load is outside kernel address space, the load
will escape the exception handling and crash the kernel. To prevent this
from happening, the emits some instruction to verify that addr is > end
of userspace addresses.
x86 has a legacy vsyscall ABI where a page at address 0xffffffffff600000
is mapped with user accessible permissions. The addresses in this page
are considered userspace addresses by the fault handler. Therefore, a
BPF program accessing this page will crash the kernel.
This patch fixes the runtime checks to also check that the PROBE_MEM
address is below VSYSCALL_ADDR.
Example BPF program:
SEC("fentry/tcp_v4_connect")
int BPF_PROG(fentry_tcp_v4_connect, struct sock *sk)
{
*(volatile unsigned long *)&sk->sk_tsq_flags;
return 0;
}
BPF Assembly:
0: (79) r1 = *(u64 *)(r1 +0)
1: (79) r1 = *(u64 *)(r1 +344)
2: (b7) r0 = 0
3: (95) exit
x86-64 JIT
==========
BEFORE AFTER
------ -----
0: nopl 0x0(%rax,%rax,1) 0: nopl 0x0(%rax,%rax,1)
5: xchg %ax,%ax 5: xchg %ax,%ax
7: push %rbp 7: push %rbp
8: mov %rsp,%rbp 8: mov %rsp,%rbp
b: mov 0x0(%rdi),%rdi b: mov 0x0(%rdi),%rdi
-------------------------------------------------------------------------------
f: movabs $0x100000000000000,%r11 f: movabs $0xffffffffff600000,%r10
19: add $0x2a0,%rdi 19: mov %rdi,%r11
20: cmp %r11,%rdi 1c: add $0x2a0,%r11
23: jae 0x0000000000000029 23: sub %r10,%r11
25: xor %edi,%edi 26: movabs $0x100000000a00000,%r10
27: jmp 0x000000000000002d 30: cmp %r10,%r11
29: mov 0x0(%rdi),%rdi 33: ja 0x0000000000000039
--------------------------------\ 35: xor %edi,%edi
2d: xor %eax,%eax \ 37: jmp 0x0000000000000040
2f: leave \ 39: mov 0x2a0(%rdi),%rdi
30: ret \--------------------------------------------
40: xor %eax,%eax
42: leave
43: ret
Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
Link: https://lore.kernel.org/r/20240424100210.11982-3-puranjay@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
||
Puranjay Mohan
|
66e13b615a |
bpf: verifier: prevent userspace memory access
With BPF_PROBE_MEM, BPF allows de-referencing an untrusted pointer. To
thwart invalid memory accesses, the JITs add an exception table entry
for all such accesses. But in case the src_reg + offset is a userspace
address, the BPF program might read that memory if the user has
mapped it.
Make the verifier add guard instructions around such memory accesses and
skip the load if the address falls into the userspace region.
The JITs need to implement bpf_arch_uaddress_limit() to define where
the userspace addresses end for that architecture or TASK_SIZE is taken
as default.
The implementation is as follows:
REG_AX = SRC_REG
if(offset)
REG_AX += offset;
REG_AX >>= 32;
if (REG_AX <= (uaddress_limit >> 32))
DST_REG = 0;
else
DST_REG = *(size *)(SRC_REG + offset);
Comparing just the upper 32 bits of the load address with the upper
32 bits of uaddress_limit implies that the values are being aligned down
to a 4GB boundary before comparison.
The above means that all loads with address <= uaddress_limit + 4GB are
skipped. This is acceptable because there is a large hole (much larger
than 4GB) between userspace and kernel space memory, therefore a
correctly functioning BPF program should not access this 4GB memory
above the userspace.
Let's analyze what this patch does to the following fentry program
dereferencing an untrusted pointer:
SEC("fentry/tcp_v4_connect")
int BPF_PROG(fentry_tcp_v4_connect, struct sock *sk)
{
*(volatile long *)sk;
return 0;
}
BPF Program before | BPF Program after
------------------ | -----------------
0: (79) r1 = *(u64 *)(r1 +0) 0: (79) r1 = *(u64 *)(r1 +0)
-----------------------------------------------------------------------
1: (79) r1 = *(u64 *)(r1 +0) --\ 1: (bf) r11 = r1
----------------------------\ \ 2: (77) r11 >>= 32
2: (b7) r0 = 0 \ \ 3: (b5) if r11 <= 0x8000 goto pc+2
3: (95) exit \ \-> 4: (79) r1 = *(u64 *)(r1 +0)
\ 5: (05) goto pc+1
\ 6: (b7) r1 = 0
\--------------------------------------
7: (b7) r0 = 0
8: (95) exit
As you can see from above, in the best case (off=0), 5 extra instructions
are emitted.
Now, we analyze the same program after it has gone through the JITs of
ARM64 and RISC-V architectures. We follow the single load instruction
that has the untrusted pointer and see what instrumentation has been
added around it.
x86-64 JIT
==========
JIT's Instrumentation
(upstream)
---------------------
0: nopl 0x0(%rax,%rax,1)
5: xchg %ax,%ax
7: push %rbp
8: mov %rsp,%rbp
b: mov 0x0(%rdi),%rdi
---------------------------------
f: movabs $0x800000000000,%r11
19: cmp %r11,%rdi
1c: jb 0x000000000000002a
1e: mov %rdi,%r11
21: add $0x0,%r11
28: jae 0x000000000000002e
2a: xor %edi,%edi
2c: jmp 0x0000000000000032
2e: mov 0x0(%rdi),%rdi
---------------------------------
32: xor %eax,%eax
34: leave
35: ret
The x86-64 JIT already emits some instructions to protect against user
memory access. This patch doesn't make any changes for the x86-64 JIT.
ARM64 JIT
=========
No Intrumentation Verifier's Instrumentation
(upstream) (This patch)
----------------- --------------------------
0: add x9, x30, #0x0 0: add x9, x30, #0x0
4: nop 4: nop
8: paciasp 8: paciasp
c: stp x29, x30, [sp, #-16]! c: stp x29, x30, [sp, #-16]!
10: mov x29, sp 10: mov x29, sp
14: stp x19, x20, [sp, #-16]! 14: stp x19, x20, [sp, #-16]!
18: stp x21, x22, [sp, #-16]! 18: stp x21, x22, [sp, #-16]!
1c: stp x25, x26, [sp, #-16]! 1c: stp x25, x26, [sp, #-16]!
20: stp x27, x28, [sp, #-16]! 20: stp x27, x28, [sp, #-16]!
24: mov x25, sp 24: mov x25, sp
28: mov x26, #0x0 28: mov x26, #0x0
2c: sub x27, x25, #0x0 2c: sub x27, x25, #0x0
30: sub sp, sp, #0x0 30: sub sp, sp, #0x0
34: ldr x0, [x0] 34: ldr x0, [x0]
--------------------------------------------------------------------------------
38: ldr x0, [x0] ----------\ 38: add x9, x0, #0x0
-----------------------------------\\ 3c: lsr x9, x9, #32
3c: mov x7, #0x0 \\ 40: cmp x9, #0x10, lsl #12
40: mov sp, sp \\ 44: b.ls 0x0000000000000050
44: ldp x27, x28, [sp], #16 \\--> 48: ldr x0, [x0]
48: ldp x25, x26, [sp], #16 \ 4c: b 0x0000000000000054
4c: ldp x21, x22, [sp], #16 \ 50: mov x0, #0x0
50: ldp x19, x20, [sp], #16 \---------------------------------------
54: ldp x29, x30, [sp], #16 54: mov x7, #0x0
58: add x0, x7, #0x0 58: mov sp, sp
5c: autiasp 5c: ldp x27, x28, [sp], #16
60: ret 60: ldp x25, x26, [sp], #16
64: nop 64: ldp x21, x22, [sp], #16
68: ldr x10, 0x0000000000000070 68: ldp x19, x20, [sp], #16
6c: br x10 6c: ldp x29, x30, [sp], #16
70: add x0, x7, #0x0
74: autiasp
78: ret
7c: nop
80: ldr x10, 0x0000000000000088
84: br x10
There are 6 extra instructions added in ARM64 in the best case. This will
become 7 in the worst case (off != 0).
RISC-V JIT (RISCV_ISA_C Disabled)
==========
No Intrumentation Verifier's Instrumentation
(upstream) (This patch)
----------------- --------------------------
0: nop 0: nop
4: nop 4: nop
8: li a6, 33 8: li a6, 33
c: addi sp, sp, -16 c: addi sp, sp, -16
10: sd s0, 8(sp) 10: sd s0, 8(sp)
14: addi s0, sp, 16 14: addi s0, sp, 16
18: ld a0, 0(a0) 18: ld a0, 0(a0)
---------------------------------------------------------------
1c: ld a0, 0(a0) --\ 1c: mv t0, a0
--------------------------\ \ 20: srli t0, t0, 32
20: li a5, 0 \ \ 24: lui t1, 4096
24: ld s0, 8(sp) \ \ 28: sext.w t1, t1
28: addi sp, sp, 16 \ \ 2c: bgeu t1, t0, 12
2c: sext.w a0, a5 \ \--> 30: ld a0, 0(a0)
30: ret \ 34: j 8
\ 38: li a0, 0
\------------------------------
3c: li a5, 0
40: ld s0, 8(sp)
44: addi sp, sp, 16
48: sext.w a0, a5
4c: ret
There are 7 extra instructions added in RISC-V.
Fixes:
|
||
|
Arnd Bergmann
|
14672a9b3e |
Qualcomm driver fix for v6.9
This reworks the memory layout of the argument buffers passed to trusted applications in QSEECOM, to avoid failures and system crashes. -----BEGIN PGP SIGNATURE----- iQJJBAABCAAzFiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAmYj70UVHGFuZGVyc3Nv bkBrZXJuZWwub3JnAAoJEAsfOT8Nma3FWZ4P/iIoFAByAvTcbJsycasT/YampnJs jVhhCdBGLinvjBK73r70w3vUFiOw5XhT5EcEgdvgTvXK/+6H5qy6pySSOTDYtADK QJdutijCx67aXU9AoLD2p4MrlJgLC3il+57+XgCP2iy+PH4mowpySacsnjIT6/QG 187xG0fm9YIKxbG/WX+9Qy+vnKPg68f5rKPp2/cBv2lQLac302nvLdcNF6XeomEN d8U1RxDOnrNUZtSJIYjT8sr6bSMCl03zZkyEirj1SarXvU9foQC1+Z6OVZivx6fA befkc+k1mmoprTbZLGGo+HGgV8zKMcUG9o3XD3KN9n4JEFFFC+As0wSmb3Yr3bCo MUVSmXp8GtaPYZEs9fmPvBAfARe4D7BvEkKbWUWIfv4A9iaTLruLwh5gQk6gaXci ZVtTsr3x3B8DA4Geae/omljvQG4Kwmtu+QYMoqefT2ERAbUo7vaLPjp8fSmxJH9J L/bTVvNyb89XRV1Sgh8nzhf2989gaxAVmXXQLr/9IpHlFaFkXqdYOG0roxZuqjY3 3FsGkPmiIrH9ixH80nD7e3fM5lGpNsaXsdTLvSpSEPKdnyB3GHxUVL24sG64mu/z qlysUzciqE/bEXdIai/QExqTeEaJzl4xY7o/m8F5nbPHUTJOue3rXaPq2y5gTaZJ u77CJB9V1Kkzb8F9 =a4z1 -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmYr0WMACgkQYKtH/8kJ UidETw//a9OxcLjkj0W7ttpdHiLzC5dslhCq7TF4KbjuhplhdtnysJi3274oAWrE eu6DnA4lIVlA6NuPtpZy5u+ltg6VQT5OogPK+s3LpQ0AXXjX+ij1lKXeez2tayAz RdxmljDJheWEyPvJ3IMdnelpK+MXAcDbHDIoFDl9AHcJlrwYBrw9zT9IBVeg8tRc 3DXi9g6NThGX28/kPWolOt/HFwfNxIOCYBNFNKuimPzoyhyfzPQmS1XHjYkRQb00 eli5tLZg6SLKbjAWBLH1GF+nIbX4P9JO6vBayfemlQIkHHI81vy3gkZyC2MYIrxv O/f6xcrkuE9XKLwrYATOyDWTU/p9xKOPgdVwc0at5AzjVZStY8O+O1ocKPhE8h+9 PAf9pyUjz5Y3ih5jX+q9K8VdKxealZe9yaPim0U/S38TPTAnzBUrfPGuZnoicGhO ixhCwnVfdO7pKcqrqbWZ3uzZcEG3//+hOSNrUbkQfk2ylIWkiFO40ws9dXRmoydP KMZmZdIWaoQDvSOzdppVe1q+NwcIhnJriJckkveGXvHaa0ZJM8r2S7Ziwx45WjEv 4srgekqi/SvyLxzFoWcd71MoOE8AI7psZF5XUPZnDpFL1lLi4rULfozcKJr6GTqC 5nd9GkkpnLZkqv458K2QvWKCMRgj74JqRX57AXFFIbKVpHhkTAM= =IZFk -----END PGP SIGNATURE----- Merge tag 'qcom-drivers-fixes-for-6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into for-next Qualcomm driver fix for v6.9 This reworks the memory layout of the argument buffers passed to trusted applications in QSEECOM, to avoid failures and system crashes. * tag 'qcom-drivers-fixes-for-6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes Link: https://lore.kernel.org/r/20240420163816.1133528-1-andersson@kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
|
Arnd Bergmann
|
7e68538346 |
i.MX fixes for 6.9, round 2:
- Fix i.MX8MP the second CSI2 assigned-clock property which got wrong by commit |
||
|
Arnd Bergmann
|
9e0794aeac |
MediaTek ARM64 DTS fixes for v6.9
This fixes some dts validation issues against bindings for multiple SoCs, GPU voltage constraints for Chromebook devices, missing gce-client-reg on various nodes (performance issues) on MT8183/92/95, and also fixes boot issues on MT8195 when SPMI is built as module. -----BEGIN PGP SIGNATURE----- iJ4EABYKAEYWIQQn3Xxr56ypAcSHzXSaNgTPrZeEeAUCZieKGigcYW5nZWxvZ2lv YWNjaGluby5kZWxyZWdub0Bjb2xsYWJvcmEuY29tAAoJEJo2BM+tl4R4/BkA/0im 1rIf+T0cT+yl20lQpkH7CXxFWy7OMlbJhzVH64r9AP479XqrDdHogP+3AtVZ0WUv X3EPgJuSQQecXuw6sJdgAA== =7a1z -----END PGP SIGNATURE----- Merge tag 'mtk-dts64-fixes-for-v6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mediatek/linux into for-next MediaTek ARM64 DTS fixes for v6.9 This fixes some dts validation issues against bindings for multiple SoCs, GPU voltage constraints for Chromebook devices, missing gce-client-reg on various nodes (performance issues) on MT8183/92/95, and also fixes boot issues on MT8195 when SPMI is built as module. * tag 'mtk-dts64-fixes-for-v6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mediatek/linux: arm64: dts: mediatek: mt2712: fix validation errors arm64: dts: mediatek: mt7986: prefix BPI-R3 cooling maps with "map-" arm64: dts: mediatek: mt7986: drop invalid thermal block clock arm64: dts: mediatek: mt7986: drop "#reset-cells" from Ethernet controller arm64: dts: mediatek: mt7986: drop invalid properties from ethsys arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt8186-corsola: Update min voltage constraint for Vgpu arm64: dts: mediatek: mt8183-kukui: Use default min voltage for MT6358 arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 arm64: dts: mediatek: cherry: Describe CPU supplies arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex1 arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg |
||
|
Arnd Bergmann
|
fdabd4b2fb |
AT91 fixes for 6.9
It contains: - fixes for regulator nodes on SAMA7G5 based boards: proper DT property is used to setup regulators suspend voltage. -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTsZ8eserC1pmhwqDmejrg/N2X7/QUCZiUH3gAKCRCejrg/N2X7 /QsEAP40eTCcZeg+9LFjNAUh4b68vTrl5vJC4iggljPsP7mbFwEA/R4r5J4PBE8f pWvfIOEVToP3zSmnlIW8r8PhpgUlTQ0= =p0wV -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmYrz/YACgkQYKtH/8kJ Uic2gg//dEq62I5Um9/KQtktf18aCxuzogBNgTmsGZ4TCon8wk61jNj3h3p048Wp AzXj58wL/1Ou2xxOu3PD+P/V1Nd3YkTM2MmUu53stuhqTgMk3OtRglGBmyI69JSV k49kt+p4qcmJhpQM+K/2yPfzPWZ7d7w507moKPWty2HvTFZQzgAww/vZO3GcHUjD M3zVA8Q5JXRC8JL+kIi6Nlg+r+0nbumbpd/VRTM+JOri5oQ+VxFb46BlPikHM6Pu lAer3njLzlAeR6xe2FZQaeXt8rtk1/ziL7O+QQ4qqMs9H/MfiJ6X2YTVYjiLUetr pEMjokkD24Ub4duH5V44vmORqWJ2Q64zv/mTSD8dXzbBwbVb4EMo2ymNSulcYA3H DlRqnXfc7kK6iBzIDmz1994Q/TTnfuO9x0NLSHQqcUb4+v9tMeBortIfKhXW8m3U p4I1j5fB8Z6j9hGiyxJxSXmeTHsWCChAfGob3ksoeRHccYVoRlxSD2la4R7XkjY0 656iZj1o4N25j2wMAKHmVStbE87/41OPnQS6DX/+xqxE/c7lkpbqRN+j1Q5Hityw dq1TSFPAdto68vhjvTlxC6eTgdy72WKh+p/MQEzLQAEYujlBfgSGz2LKwN0QWV61 scvbk5q+0uTy0dtgG7/dRZUGvHa7W0FuGkKo0uAmDQ9opcD384o= =I6Nj -----END PGP SIGNATURE----- Merge tag 'at91-fixes-6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/at91/linux into for-next AT91 fixes for 6.9 It contains: - fixes for regulator nodes on SAMA7G5 based boards: proper DT property is used to setup regulators suspend voltage. * tag 'at91-fixes-6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/at91/linux: ARM: dts: microchip: at91-sama7g54_curiosity: Replace regulator-suspend-voltage with the valid property ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Link: https://lore.kernel.org/r/20240421124824.960096-1-claudiu.beznea@tuxon.dev Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
|
Arnd Bergmann
|
14e9d449e9 |
Qualcomm Arm64 DeviceTree fixes for v6.9
This corrects the watchdog IRQ flags for a number of remoteproc instances, which otherwise prevents the driver from probe in the face of a probe deferral. Improvements in other areas, such as USB, have made it possible for CX rail voltage on SC8280XP to be lowered, no longer meeting requirements of active PCIe controllers. Necessary votes are added to these controllers. The MSI definitions for PCIe controllers in SM8450, SM8550, and SM8650 was incorrect, due to a bug in the driver. As this has now been fixed the definition needs to be corrected. Lastly, the SuperSpeed PHY irq of the second USB controller in SC8180x, and the compatible string for X1 Elite domain idle states are corrected. -----BEGIN PGP SIGNATURE----- iQJJBAABCAAzFiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAmYj6KYVHGFuZGVyc3Nv bkBrZXJuZWwub3JnAAoJEAsfOT8Nma3FMG8P/3K3zB6s54ep/LPuQ0JUriMP0eRc J3Sq2F/fdvMHRMdiYVPph2qT5jp3Ope3mR2nbJxND8Ew+WJRTuXjbAwdP37ZtF5g WuyaZMWIUEZQeIEptDz/0nWYMD1Q3hs2hJy90TsOEty/JC7Ov8+qR3ZGgFhIknIu vB26FaLxFZ4hBb8coLufo+exHK4SNyTeucyzNnB3f0xsYmGsg3b1WeTq3FkdwNMG 9utkIjcjuoCyFxcxj+9XFp7eDLzE8RaplCIPSYZmb3vN3apvRKF/xgRmhoojiv0b iyUuv7WMIoP1FZPOrrtN4xp3zWvGPgrCjf51lsLbdlvcu4nMayyi4+VTvwhBGxPE wOLhDwamK60kgpM1FLHAxbcYjSrKYPA1dWfGbDQ3CalLLo+d/zSMw3A+oVet/4C6 xqDycQFhM9ZndgdD8hS7V48lbGDna4fH4qe8yi6xNqAh6D0LfMvUfGaiAEqN8sNG R27b2ukobIq5NerBzkKp4Oo86kW9wANutPivY1MyqHZpT/Q30lM+wiA9ezugPBal 3RLwaw/M7WpU7whP7tIjsdIqIx4ln+1MK0oAqQ2Gd79lK8pEAJkNG4APYF8erEss sdILLr3ZfUJy9jp+hnuMTlZe+MvksMM6HRqEa9N5yVX6mcF+eICtgDSFD7WxMAhx WyJmgo+UVU0wUkic =DKVX -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmYrz8kACgkQYKtH/8kJ Uie6Xw//Zfj2NXnWCFegrjyLMknqd7GgpInpKbAWDelBj6LioKYlOmzZ47c36RcB 1rw+Sj6YD9df3C4SE/iTrwJNlnHthU5nPncbZGZSZXpJ6pJHNm+otXti/8aGa2yi vw5ef0Hgfo+8yy4tdiy+xtDg6D60mYh99RIhFNC0/jRMMVDLGZHKcZFFgz7drUee /rmJJlGf56a/uil0uH+xfdzShCdWTQP22KDgKgTPaYoaBEtB0CXK9DCPcroA+rfc lL1UaX9VY5SFuO/vtF0dPK8I+ff413W7k44IkyDZ79vljpBax1ZhfPG5FtHrg9D1 r8Wa9UgJrEclQ/W+ZmkSqOnlg+nuq2laQU4MqRKtHbhQpA4eyT6f8wyXmAsWlW6H jUuLF6nkIBkbpRhLXLpNhhaS5+q/f49vgIla+Ljz4YamdszG5B2Kb21xlt5qGCZh sisQXygpotEDItk/IQLb+FtmVaSeXh7CSmR7GuZL5v8JByjQ1t5o6NjP+E8C5HPc 8mxbWSzx/VzMS8Zyfh0530IT9iGX8Wyk3x681XfZXnQI8kQAfszwoPo0IstFnhq0 KmiDjN96gqckadh1kvkFqwVSNR2QLA0SrQEL8Tc0C7N4cNxSxfdxyVCU4+ANJFRk j/DbL6AvQA2bZZfIbR9oy+imKfpvMhvTHy/hXCVPlmsS+h6BbYs= =M9KC -----END PGP SIGNATURE----- Merge tag 'qcom-arm64-fixes-for-6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into for-next Qualcomm Arm64 DeviceTree fixes for v6.9 This corrects the watchdog IRQ flags for a number of remoteproc instances, which otherwise prevents the driver from probe in the face of a probe deferral. Improvements in other areas, such as USB, have made it possible for CX rail voltage on SC8280XP to be lowered, no longer meeting requirements of active PCIe controllers. Necessary votes are added to these controllers. The MSI definitions for PCIe controllers in SM8450, SM8550, and SM8650 was incorrect, due to a bug in the driver. As this has now been fixed the definition needs to be corrected. Lastly, the SuperSpeed PHY irq of the second USB controller in SC8180x, and the compatible string for X1 Elite domain idle states are corrected. * tag 'qcom-arm64-fixes-for-6.9' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux: arm64: dts: qcom: sc8180x: Fix ss_phy_irq for secondary USB controller arm64: dts: qcom: sm8650: Fix the msi-map entries arm64: dts: qcom: sm8550: Fix the msi-map entries arm64: dts: qcom: sm8450: Fix the msi-map entries arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP arm64: dts: qcom: x1e80100: Fix the compatible for cluster idle states arm64: dts: qcom: Fix type of "wdog" IRQs for remoteprocs Link: https://lore.kernel.org/r/20240420161002.1132240-1-andersson@kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
|
Arnd Bergmann
|
32a1eaa986
|
Merge branch 'v6.9-armsoc/dtsfixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into for-next
* 'v6.9-armsoc/dtsfixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip: arm64: dts: rockchip: Fix USB interface compatible string on kobol-helios64 arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node arm64: dts: rockchip: drop redundant disable-gpios in Lubancat 2 arm64: dts: rockchip: drop redundant disable-gpios in Lubancat 1 arm64: dts: rockchip: drop redundant pcie-reset-suspend in Scarlet Dumo arm64: dts: rockchip: mark system power controller and fix typo on orangepi-5-plus arm64: dts: rockchip: Designate the system power controller on QuartzPro64 arm64: dts: rockchip: drop panel port unit address in GRU Scarlet arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi CM5 arm64: dts: rockchip: add regulators for PCIe on RK3399 Puma Haikou arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Link: https://lore.kernel.org/r/3413596.CbtlEUcBR6@phil Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
Jens Remus
|
b961ec10b9 |
s390/vdso: Add CFI for RA register to asm macro vdso_func
The return-address (RA) register r14 is specified as volatile in the
s390x ELF ABI [1]. Nevertheless proper CFI directives must be provided
for an unwinder to restore the return address, if the RA register
value is changed from its value at function entry, as it is the case.
[1]: s390x ELF ABI, https://github.com/IBM/s390x-abi/releases
Fixes:
|
||
Sven Schnelle
|
5e1a99cf22 |
s390/3270: Fix buffer assignment
Since commit |
||
Rafael J. Wysocki
|
d351eb0ab0 |
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
Since thermal_debug_cdev_remove() does not run under cdev->lock, it can
run in parallel with thermal_debug_cdev_state_update() and it may free
the struct thermal_debugfs object used by the latter after it has been
checked against NULL.
If that happens, thermal_debug_cdev_state_update() will access memory
that has been freed already causing the kernel to crash.
Address this by using cdev->lock in thermal_debug_cdev_remove() around
the cdev->debugfs value check (in case the same cdev is removed at the
same time in two different threads) and its reset to NULL.
Fixes:
|
||
|
David Howells
|
c97f59e276
|
netfs: Fix the pre-flush when appending to a file in writethrough mode
In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH
or O_*SYNC or RWF_*SYNC was specified, write-through caching is performed
on a buffered file. When setting up for write-through, we flush any
conflicting writes in the region and wait for the write to complete,
failing if there's a write error to return.
The issue arises if we're writing at or above the EOF position because we
skip the flush and - more importantly - the wait. This becomes a problem
if there's a partial folio at the end of the file that is being written out
and we want to make a write to it too. Both the already-running write and
the write we start both want to clear the writeback mark, but whoever is
second causes a warning looking something like:
------------[ cut here ]------------
R=00000012: folio 11 is not under writeback
WARNING: CPU: 34 PID: 654 at fs/netfs/write_collect.c:105
...
CPU: 34 PID: 654 Comm: kworker/u386:27 Tainted: G S ...
...
Workqueue: events_unbound netfs_write_collection_worker
...
RIP: 0010:netfs_writeback_lookup_folio
Fix this by making the flush-and-wait unconditional. It will do nothing if
there are no folios in the pagecache and will return quickly if there are
no folios in the region specified.
Further, move the WBC attachment above the flush call as the flush is going
to attach a WBC and detach it again if it is not present - and since we
need one anyway we might as well share it.
Fixes:
|
||
David Bauer
|
42f853b428 |
net l2tp: drop flow hash on forward
Drop the flow-hash of the skb when forwarding to the L2TP netdev.
This avoids the L2TP qdisc from using the flow-hash from the outer
packet, which is identical for every flow within the tunnel.
This does not affect every platform but is specific for the ethernet
driver. It depends on the platform including L4 information in the
flow-hash.
One such example is the Mediatek Filogic MT798x family of networking
processors.
Fixes:
|
||
Kuniyuki Iwashima
|
4b911a9690 |
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
syzbot triggered various splats (see [0] and links) by a crafted GSO
packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:
ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP
NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner
protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls
skb_mac_gso_segment() to invoke inner protocol GSO handlers.
nsh_gso_segment() does the following for the original skb before
calling skb_mac_gso_segment()
1. reset skb->network_header
2. save the original skb->{mac_heaeder,mac_len} in a local variable
3. pull the NSH header
4. resets skb->mac_header
5. set up skb->mac_len and skb->protocol for the inner protocol.
and does the following for the segmented skb
6. set ntohs(ETH_P_NSH) to skb->protocol
7. push the NSH header
8. restore skb->mac_header
9. set skb->mac_header + mac_len to skb->network_header
10. restore skb->mac_len
There are two problems in 6-7 and 8-9.
(a)
After 6 & 7, skb->data points to the NSH header, so the outer header
(ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.
Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),
skb_pull() in the first nsh_gso_segment() will make skb->data point
to the middle of the outer NSH or Ethernet header because the Ethernet
header is not pulled by the second nsh_gso_segment().
(b)
While restoring skb->{mac_header,network_header} in 8 & 9,
nsh_gso_segment() does not assume that the data in the linear
buffer is shifted.
However, udp6_ufo_fragment() could shift the data and change
skb->mac_header accordingly as demonstrated by syzbot.
If this happens, even the restored skb->mac_header points to
the middle of the outer header.
It seems nsh_gso_segment() has never worked with outer headers so far.
At the end of nsh_gso_segment(), the outer header must be restored for
the segmented skb, instead of the NSH header.
To do that, let's calculate the outer header position relatively from
the inner header and set skb->{data,mac_header,protocol} properly.
[0]:
BUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
BUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
BUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222
__netdev_start_xmit include/linux/netdevice.h:4989 [inline]
netdev_start_xmit include/linux/netdevice.h:5003 [inline]
xmit_one net/core/dev.c:3547 [inline]
dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563
__dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
__do_kmalloc_node mm/slub.c:3980 [inline]
__kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001
kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
__alloc_skb+0x352/0x790 net/core/skbuff.c:651
skb_segment+0x20aa/0x7080 net/core/skbuff.c:4647
udp6_ufo_fragment+0xcab/0x1150 net/ipv6/udp_offload.c:109
ipv6_gso_segment+0x14be/0x2ca0 net/ipv6/ip6_offload.c:152
skb_mac_gso_segment+0x3e8/0x760 net/core/gso.c:53
nsh_gso_segment+0x6f4/0xf70 net/nsh/nsh.c:108
skb_mac_gso_segment+0x3e8/0x760 net/core/gso.c:53
__skb_gso_segment+0x4b0/0x730 net/core/gso.c:124
skb_gso_segment include/net/gso.h:83 [inline]
validate_xmit_skb+0x107f/0x1930 net/core/dev.c:3628
__dev_queue_xmit+0x1f28/0x51c0 net/core/dev.c:4343
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 1 PID: 5101 Comm: syz-executor421 Not tainted 6.8.0-rc5-syzkaller-00297-gf2e367d6ad3b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Fixes:
|
||
|
Rafael J. Wysocki
|
c7f7c37271 |
thermal/debugfs: Fix two locking issues with thermal zone debug
With the current thermal zone locking arrangement in the debugfs code,
user space can open the "mitigations" file for a thermal zone before
the zone's debugfs pointer is set which will result in a NULL pointer
dereference in tze_seq_start().
Moreover, thermal_debug_tz_remove() is not called under the thermal
zone lock, so it can run in parallel with the other functions accessing
the thermal zone's struct thermal_debugfs object. Then, it may clear
tz->debugfs after one of those functions has checked it and the
struct thermal_debugfs object may be freed prematurely.
To address the first problem, pass a pointer to the thermal zone's
struct thermal_debugfs object to debugfs_create_file() in
thermal_debug_tz_add() and make tze_seq_start(), tze_seq_next(),
tze_seq_stop(), and tze_seq_show() retrieve it from s->private
instead of a pointer to the thermal zone object. This will ensure
that tz_debugfs will be valid across the "mitigations" file accesses
until thermal_debugfs_remove_id() called by thermal_debug_tz_remove()
removes that file.
To address the second problem, use tz->lock in thermal_debug_tz_remove()
around the tz->debugfs value check (in case the same thermal zone is
removed at the same time in two different threads) and its reset to NULL.
Fixes:
|
||
|
Rafael J. Wysocki
|
72c1afffa4 |
thermal/debugfs: Free all thermal zone debug memory on zone removal
Because thermal_debug_tz_remove() does not free all memory allocated for
thermal zone diagnostics, some of that memory becomes unreachable after
freeing the thermal zone's struct thermal_debugfs object.
Address this by making thermal_debug_tz_remove() free all of the memory
in question.
Fixes:
|
||
Uwe Kleine-König
|
190f1f46ed |
MAINTAINERS: Update Uwe's email address, drop SIOX maintenance
In the context of changing my career path, my Pengutronix email address will soon stop to be available to me. Update the PWM maintainer entry to my kernel.org identity. I drop my co-maintenance of SIOX. Thorsten will continue to care for it with the support of the Pengutronix kernel team. Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org> Acked-by: Thorsten Scherer <t.scherer@eckelmann.de> Link: https://lore.kernel.org/r/20240424212626.603631-2-ukleinek@kernel.org Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> |
||
Guenter Roeck
|
1d422e44e1 |
MAINTAINERS: Drop entry for PCA9541 bus master selector
I no longer have access to PCA9541 hardware, and I am no longer involved in related development. Listing me as PCA9541 maintainer does not make sense anymore. Remove PCA9541 from MAINTAINERS to let its support default to the generic I2C multiplexer entry. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Peter Rosin <peda@axentia.se> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> |
||
Wolfram Sang
|
58cd9e03cf |
at24 fixes for v6.9-rc6
- move the nvmem registration after the test one-byte read to improve the situation with a race condition in nvmem - fix the DT schema for ST M24C64-D -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmYqQ9kACgkQEacuoBRx 13J5qg//Tuk1M25oSbs7eMV18YjCWh1ZrLn9bXoVJ12q/GfjQ9PPbMWktTIivcsD Lpd78BFc16AojHqI2XqwUUuM81RgkbtOkvPervKl0uIp74WQEljplo3oHSQb21vS 47mIRSxLj1SReO/+9WITK6PzaM23sXrjIfXR7nSb5SH/bIy4pgi10iP4pW3+d3f0 mRE8nFgtBU5zG0LZf6Oxq/z6GcxlUML7P4vyvA0YEb/wZFPcWXp8/rUhlOPMZxgW mOz9jWbTLRn8xETFWUIItRlVbdoPiYRJBXWficT3oQVt1fhR9TT6IC6py49orkaw vE2VwvtLnay3eEZY2Omm51/JW4yy+fHPgCZhJvLmp3qHcMrX77HMZpma+bDZVHGr uXhCBCNDZjpU8jZesN/NbjmaksgZ09zk/mE+BXnBceK7tC0Rlxn2Mrk5/SnvL9bS IvwfxUXG0DfdeyCnIdzZL/Vv94D16zoIlYi3vd3IhZ0TOScCylgTc6TmQ4EYDpRw JbdSrJbDwSgnbwpwtBFoKmHaR1/0uChyIUdolEhKSxz1+bbrIPitvZgGPmeMLFIL 24RKAcKAmVYj7fQmK8LZT8Xr25yGyfjhe9558sJvgEcN0YL5wM866CgfUTWalgxA QtFsXkWgP+mWnRa84gZCs4yWVQZIYi2C+ZEN57tq7MRsYnfT16o= =OVCJ -----END PGP SIGNATURE----- Merge tag 'at24-fixes-for-v6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux into i2c/for-current at24 fixes for v6.9-rc6 - move the nvmem registration after the test one-byte read to improve the situation with a race condition in nvmem - fix the DT schema for ST M24C64-D |
||
Peter Colberg
|
bb1dbeceb1
|
fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
Add PCI subdevice ID for the Intel D5005 Stratix 10 FPGA card as used with the Open FPGA Stack (OFS) FPGA Interface Manager (FIM). Unlike the Intel D5005 PAC FIM which exposed a separate PCI device ID, the OFS FIM reuses the same device ID for all DFL-based FPGA cards and differentiates on the subdevice ID. The subdevice ID values were chosen as the numeric part of the FPGA card names in hexadecimal. Signed-off-by: Peter Colberg <peter.colberg@intel.com> Reviewed-by: Matthew Gerlach <matthew.gerlach@linux.intel.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Link: https://lore.kernel.org/r/20240422230257.1959-1-peter.colberg@intel.com Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com> |
||
Dave Airlie
|
3a8534035c |
- Fix error paths on managed allocations
- Fix PF/VF relay messages -----BEGIN PGP SIGNATURE----- iQJNBAABCAA3FiEE6rM8lpABPHM5FqyDm6KlpjDL6lMFAmYqwToZHGx1Y2FzLmRl bWFyY2hpQGludGVsLmNvbQAKCRCboqWmMMvqU+dVD/9OLOui9aWfriFVzDNB1MIl 1EItOsi4W/VpTxIO5s5MrUiWQRDl2xO2jVZHrAwrgSjG2vCHFLlnMZJoOAOo5O14 cvAlKASTknwjK6ulU9/uhRKGwv7Wbjowg1ITbnFX9VRfYC5uF/pnMe+OqdxtllT8 F3ZGQrRobHi29EKMWaADcZhByqPwNsHYQB/T5Yg9hOIzf7h4JoXxB02/q1iGlOTt T2L3/zP/DIeHVLQ9i7umJ3sCj7EHPKQwBEj3oQpoGp0nphdCXnu46KrPx25j/NV2 WgGVd7tSh1n876W05FnWRlBOBbY4qVvj3i4RTOuCISgL9lV+EyrFVLqifAXYrpFE FjNznH+/BSS/RbfN/wyY+DSta/o4rJuv/eN6Jy4Ert316/SGS8lrOo8rP/xvhg1c 4DoiomLyIP7kO/AhJ5nGYnisAWMg3cLOarrRNYQ3vddWdaUcIR32vymlKKVaDMNs RFNukXN/BGZVtl+RVrtye9+FchhBsZztDfuVvo8iScuqE7TuVVTL1f8ppfDHnsL3 Jo6afUOHmOhDLMraDJ4tMWu3Td2Z+bRIpJn9zyAbYSfejTVYR9j/WYVHw9l1mHyR CoqvJG3EnZC1lyYsYVroYSbb6S4VOwemoq00oileQDac3QndSuqPBb+0gLViFZ4N Cd8Inq08stZqJLdHbB1icw== =e6VC -----END PGP SIGNATURE----- Merge tag 'drm-xe-fixes-2024-04-25' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes - Fix error paths on managed allocations - Fix PF/VF relay messages Signed-off-by: Dave Airlie <airlied@redhat.com> From: Lucas De Marchi <lucas.demarchi@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/gxaxtvxeoax7mnddxbl3tfn2hfnm5e4ngnl3wpi4p5tvn7il4s@fwsvpntse7bh |
||
|
Dave Airlie
|
ca382d6aa5 |
- fix GC7000 TX clock gating
- revert NPU UAPI changes -----BEGIN PGP SIGNATURE----- iQFLBAABCAA1FiEEz9DmVLy+XdLQMNIiz8wpfG0KEgsFAmYqgnwXHGwuc3RhY2hA cGVuZ3V0cm9uaXguZGUACgkQz8wpfG0KEgt63gf+O+d7WAM6XovVkGdWF07HJ+o3 3pN+axXtRORo3cMzfGOQuqbk34cNaY5U+O1qoh8sfcHx+79yx+A2PpE3dCGdWLZi dWkQ+0miYFFh/sSkfTIiMVlFN1LdDKcatNFBoZJX7QYGoUd1CxVktdyttR8o1+I7 khT41VmR4owFTgjmy/ypOJdWFX2jLUS3T8vdxAI1DW8ActVTpODJxxFjH6MUnhej 3N9aY3Lh55Z4RY6pBrUSwguzrt+VXdUOBzZ5zGVk2wwE1h1TToglQznFEgNo1zJp FoUd1YMqBIfvtyysm/KY8d9udIpjW0wknSnEpREs7hqdo4y9i9klgNRUrRgmaw== =t59K -----END PGP SIGNATURE----- Merge tag 'drm-etnaviv-fixes-2024-04-25' of https://git.pengutronix.de/git/lst/linux into drm-fixes - fix GC7000 TX clock gating - revert NPU UAPI changes Signed-off-by: Dave Airlie <airlied@redhat.com> From: Lucas Stach <l.stach@pengutronix.de> Link: https://patchwork.freedesktop.org/patch/msgid/c24457dc18ba9eab3ff919b398a25b1af9f1124e.camel@pengutronix.de |
||
|
Dave Airlie
|
86ab998521 |
Short summary of fixes pull:
atomic-helpers: - Fix memory leak in drm_format_conv_state_copy() fbdev: - fbdefio: Fix address calculation gma500: - Fix crash during boot -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEchf7rIzpz2NEoWjlaA3BHVMLeiMFAmYqLwwACgkQaA3BHVML eiOFAgf+OKUK3CJmWnxHrJjID6j1huZmowRJ5oriSgkb8wQjYxVKviDfG+YUvR5F Tpiv78x/nY/mwCrBMz9cagC/tu7vR2G3lPoA7yLZt+ZbZ2Sa99aqjeY5mTaYX4AZ 1cYlemZGJ5LR8eNG9nX+6FvWNqi+5MrKMrENyr2eexFVqglE2rzZYvFK4Y60A+Dk ks0pt2LtLYZRsQP1xayviLJfX1VWFj/RiQvHloSUs40Xj+zxt6xKgUZ39n6ctS5X RQ3qiJjlHCOOG+Gd71BkiJI00b0ZcHezhHk8uDX5onlZyyJOpHS5yiW3ONDK0T62 LA48Hfssj1M/OLQo8sHldRgdShzD3Q== =icd0 -----END PGP SIGNATURE----- Merge tag 'drm-misc-fixes-2024-04-25' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes Short summary of fixes pull: atomic-helpers: - Fix memory leak in drm_format_conv_state_copy() fbdev: - fbdefio: Fix address calculation gma500: - Fix crash during boot Signed-off-by: Dave Airlie <airlied@redhat.com> From: Thomas Zimmermann <tzimmermann@suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/20240425102413.GA6301@localhost.localdomain |
||
|
Dave Airlie
|
26da9bfdb8 |
amd-drm-fixes-6.9-2024-04-24:
amdgpu: - Suspend/resume fix - Don't expose gpu_od directory if it's empty - SDMA 4.4.2 fix - VPE fix - BO eviction fix - UMSCH fix - SMU 13.0.6 reset fixes - GPUVM flush accounting fix - SDMA 5.2 fix - Fix possible UAF in mes code amdkfd: - Eviction fence handling fix - Fix memory leak when GPU memory allocation fails - Fix dma-buf validation - Fix rescheduling of restore worker - SVM fix -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZilpfgAKCRC93/aFa7yZ 2AaRAP9OptPS/1JwNDHWD3pTGhXYbowVl6tVAWrMKT1JDotixAD/T4+jAQTcghTD tKmhqX1ULNqijmYZPXBIsGpDM45Fgw4= =Pnrb -----END PGP SIGNATURE----- Merge tag 'amd-drm-fixes-6.9-2024-04-24' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-6.9-2024-04-24: amdgpu: - Suspend/resume fix - Don't expose gpu_od directory if it's empty - SDMA 4.4.2 fix - VPE fix - BO eviction fix - UMSCH fix - SMU 13.0.6 reset fixes - GPUVM flush accounting fix - SDMA 5.2 fix - Fix possible UAF in mes code amdkfd: - Eviction fence handling fix - Fix memory leak when GPU memory allocation fails - Fix dma-buf validation - Fix rescheduling of restore worker - SVM fix Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240424202408.1973661-1-alexander.deucher@amd.com |
||
Jakub Kicinski
|
a5b1051ad5 |
Merge branch 'ensure-the-copied-buf-is-nul-terminated'
Bui Quang Minh says: ==================== Ensure the copied buf is NUL terminated (part) I found that some drivers contains an out-of-bound read pattern like this kern_buf = memdup_user(user_buf, count); ... sscanf(kern_buf, ...); The sscanf can be replaced by some other string-related functions. This pattern can lead to out-of-bound read of kern_buf in string-related functions. This series fix the above issue by replacing memdup_user with memdup_user_nul. v1: https://lore.kernel.org/r/20240422-fix-oob-read-v1-0-e02854c30174@gmail.com ==================== Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
Bui Quang Minh
|
f299ee709f |
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.
Fixes:
|
||
|
Bui Quang Minh
|
8c34096c7f |
bna: ensure the copied buf is NUL terminated
Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
userspace to that buffer. Later, we use sscanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using sscanf. Fix this issue by using memdup_user_nul
instead of memdup_user.
Fixes:
|
||
|
Bui Quang Minh
|
666854ea9c |
ice: ensure the copied buf is NUL terminated
Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. Fixes: |
||
Zack Rusin
|
27906e5d78 |
drm/ttm: Print the memory decryption status just once
Stop printing the TT memory decryption status info each time tt is created
and instead print it just once.
Reduces the spam in the system logs when running guests with SEV enabled.
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Fixes:
|
||
Ian Forbes
|
782e5e7925 |
drm/vmwgfx: Fix Legacy Display Unit
Legacy DU was broken by the referenced fixes commit because the placement and the busy_placement no longer pointed to the same object. This was later fixed indirectly by commit |
||
|
Linus Torvalds
|
c942a0cd36 |
virtio: bugfix
enum renames for vdpa uapi - we better do this now before the names have been in any releases. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> -----BEGIN PGP SIGNATURE----- iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmYq0j0PHG1zdEByZWRo YXQuY29tAAoJECgfDbjSjVRpkIIIAIvMXuyXRfbKJLO6R5sig8C4wAkRno8T1EWp BLzG6TNzduUODso00YucBCnZUteYNqo+IIlbPl/q/NmeUkUFEbiy8xwGqf13SEDU xRSL6CZDI9v75BZwWvtCijnRIRjXykNe5bpCkOVRy37JyAYhGaLadAyWGOXNYmV7 1GwNXJa1KtQaBOZb0x/WecYvsHWEgJtygcrDJwAqR5ngEHRyYpqvK9t0jLxuYIKE 27oY6OWqVNE007zIUx6lI17Ope0OvhBDmlz11zrkQfBsX4mBZok12TVo34wd+Cxn rNsb5HrSkQi5rNgW6mz3wR7MLLQK5Msh54KVPRHZQU9OVkio02o= =DWUe -----END PGP SIGNATURE----- Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio fix from Michael Tsirkin: "enum renames for vdpa uapi - we better do this now before the names have been exposed in any releases" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vDPA: code clean for vhost_vdpa uapi |
||
|
Linus Torvalds
|
dda89e2fbc |
fs/9p: fixes for 6.9-rc6
Contains a single mitigation to help deal with an apparent race condition between client and server having to deal with inode number collisions. Signed-off-by: Eric Van Hensbergen <ericvh@kernel.org> -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEElpbw0ZalkJikytFRiP/V+0pf/5gFAmYqu2QACgkQiP/V+0pf /5h6FhAAjYxXb3zSeQouR7Nr+n4Hc1pIG2hwfwDg0ruZfXnKDCnDvCtMmKJZVQWc PtR51+wlKLsrCcVArD4zUI9dezJCAzHrG2W+MMn0tka4rQYIGA8TAVXWC0dpVs+e 0UxG/CFjwcHcwRIyCcgmzSetO+rR2kVaK9Nmsd+DkCixRFsJdmG1xZqMEsUg339b rAnA82fncR5cHvoaTNhFK3TIzIZ78v/xOTORjCSsXYgLBC1Sq7gwPxt11Ms9qZBK 2ttkU6PB/AIL2gXm7VfAQ82HZY5AWRlwH1EFHcgge1vylXoFJuqadhIaj+l6QC4N fgQGA6q+288vrjr5z5WXlBUCqHO2MXxPhJxEyViif+TIyJ/eCW+G777J4wPKHMiZ LHx3/4XpbzCMgAZs29Y5l7e53xE13OfnrIngC18iX3AP/fUPKi5fYkiDX59id++k PPjKlZJI7zW29hXXgBoqQtGG/h2H3d5y4B6dummDv4teGjnY5jPhA+KaL8Z9MUkV NzSozmsL+zFVK9El+FRI+4REltrg/UwdznknMHe7MJeqigdCMWUSpn7TWh9rxWft 0yLzf3QXZuYG06o3YP6RAwBTdeRay5THU8X09nusPnmoJf9oXYB/lxlqa1k/4msa kBrZzAHGOmVTpJQYTrspgWp57NyFsAbQqkzYCg6zrBj6P0mdCfs= =IrQ9 -----END PGP SIGNATURE----- Merge tag '9p-for-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs Pull 9p fix from Eric Van Hensbergen: "This contains a single mitigation to help deal with an apparent race condition between client and server having to deal with inode number collisions" * tag '9p-for-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs: fs/9p: mitigate inode collisions |
||
Chuck Lever
|
18180a4550 |
NFSD: Fix nfsd4_encode_fattr4() crasher
Ensure that args.acl is initialized early. It is used in an
unconditional call to kfree() on the way out of
nfsd4_encode_fattr4().
Reported-by: Scott Mayhew <smayhew@redhat.com>
Fixes:
|
||
|
Linus Torvalds
|
a93289b830 |
ACPI fixes for 6.9-rc6
- Allow two overlapping Low-Power S0 Idle _DSM function sets to be used
at the same time (Rafael Wysocki).
- Fix bit offset computation in MASK_VAL() macro used for applying
a bitmask to a new CPPC register value (Jarred White).
- Fix access width field usage for PCC registers in CPPC (Vanshidhar
Konda).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmYqlVUSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxuuIP/10TXZwAyUtYmHT6P9f+mcuUKs57E7zi
IIfbubObVXHIOFa9CJWhfySm9qtbSQFZ/OjjTVZJKh511phVyCwWx+CJJqn4C1pH
HVymTU7Vb1JFiW2rpUvwhqTPf+LmHF2U9+KS7OxBHTKrJMBYlQw6lPfhVFyWhFT2
zVJT8GQNjSCAMUiPpPXSsL+rraaQo0mI0XVe8W6oE1zbaIYxVFLI2RmmR33A9Qpx
2bO3XzO0QeXzaUiIdbyc/aH2yGL1f9NVuwdP9sudl6/tPz06WALzHpiCus5pO9Iv
SRuWDUS5FOdqOJ0CTEsxtab1qQGsFcGe4HwI1sW8v4+HiqrMRTMPV0izhU2Oulpn
n9x2QZj69W6iXVzY7l7bsI6ZvBjJIIzBZoEreKA9k2x+KIT0CseDQkGL+Ug7XKRt
8mdhP4HkCbnHhqBQ6wZQpmZJi06Hle5ylvN9U3pSUsCyu/0wx47d56Q0sSKGRmUu
NGgp4FKyUupcMouAYwZF4AR1oAdo+dCX/i2hKTg07vNolH4jSICKETSIDADbGS90
AQxFKP66Xv2u/0akn3gXZQtlhFZppQjzpplYr5NPuhIQ9Uk2e2ItUXxd8DbXdD+v
IMEh4yQ0NWTY/DaITPFvz6Yy2AZu4MDd5yOElk5pyL6Ca8j/4XcSBCG46unwNJJ3
ahlFckAkqZ/D
=r5Uu
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These fix three recent regressions, one introduced while enabling a
new platform firmware feature for power management, and two introduced
by a recent CPPC library update.
Specifics:
- Allow two overlapping Low-Power S0 Idle _DSM function sets to be
used at the same time (Rafael Wysocki)
- Fix bit offset computation in MASK_VAL() macro used for applying a
bitmask to a new CPPC register value (Jarred White)
- Fix access width field usage for PCC registers in CPPC (Vanshidhar
Konda)"
* tag 'acpi-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: PM: s2idle: Evaluate all Low-Power S0 Idle _DSM functions
ACPI: CPPC: Fix access width used for PCC registers
ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
|
||
|
Linus Torvalds
|
52afb15e9d |
Including fixes from netfilter, wireless and bluetooth.
Nothing major, regression fixes are mostly in drivers, two more
of those are flowing towards us thru various trees. I wish some of
the changes went into -rc5, we'll try to keep an eye on frequency
of PRs from sub-trees.
Also disproportional number of fixes for bugs added in v6.4,
strange coincidence.
Current release - regressions:
- igc: fix LED-related deadlock on driver unbind
- wifi: mac80211: small fixes to recent clean up of the connection
process
- Revert "wifi: iwlwifi: bump FW API to 90 for BZ/SC devices",
kernel doesn't have all the code to deal with that version, yet
- Bluetooth:
- set power_ctrl_enabled on NULL returned by gpiod_get_optional()
- qca: fix invalid device address check, again
- eth: ravb: fix registered interrupt names
Current release - new code bugs:
- wifi: mac80211: check EHT/TTLM action frame length
Previous releases - regressions:
- fix sk_memory_allocated_{add|sub} for architectures where
__this_cpu_{add|sub}* are not IRQ-safe
- dsa: mv88e6xx: fix link setup for 88E6250
Previous releases - always broken:
- ip: validate dev returned from __in_dev_get_rcu(), prevent possible
null-derefs in a few places
- switch number of for_each_rcu() loops using call_rcu() on the iterator
to for_each_safe()
- macsec: fix isolation of broadcast traffic in presence of offload
- vxlan: drop packets from invalid source address
- eth: mlxsw: trap and ACL programming fixes
- eth: bnxt: PCIe error recovery fixes, fix counting dropped packets
- Bluetooth:
- lots of fixes for the command submission rework from v6.4
- qca: fix NULL-deref on non-serdev suspend
Misc:
- tools: ynl: don't ignore errors in NLMSG_DONE messages
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmYqjvgACgkQMUZtbf5S
IrvxBA/9HdiiBU/qWdlZ5BorvVFj5XmOiGGD0UagKD2VZCxdLX8S/yfmY3KMoohy
Dls5c3WxQbJbGsoIMEU6ztE0Iv1YYl1wamTfbyUDwv2ZMKR/vN5uzacB4CS9/FJ0
vOQO1Y/VWx+uoA1gXRsY8Ffmh2ZMKdwoiKdpdRf/ADgPB8hNQYx78PqTBvKusqBa
go1mahZbtsYIxLn/oL0xKQRKRZUY1T5T8zQ02i+8MvWBJDyRWCCaOICQus7FBdtz
JAy5IyztzH0cYXgC0aRTPJkbwqXdpXjSoeOwNElRtUpD98zprDm16jqpSGrwhJoP
AaWo5+1o908aOd+chhoCqfrEGbraMSRgvCTNMemPxL8cNF4JJfdp1A+v0+cZKlMy
yjGTKoFZX6GPbOFYPC+rF8Zm6WzDsLcit/r01RTvf1JLf+Jdft72QwQec0rQykEV
ATrYAQAW/B6zcfOmIXngFuCkO7KM9Yp2BSQNAtYOQR2GKijmALO74suIbNujP3hU
kn25jnw0Fwzv5RIWluFK+V2AcW8cd1JZMbq8NQzhOXmrHbP4OmaYQrk0vkk8f9b9
q5BK4C4/JcjCdEBGe38BlPFUx3Jr6xKOcF/DoAnhehwwEpCi5El9S5l7a4+HNBSh
e1c/1vvcO54m4onXYJ+CH5clQLGs5NU71aqtBeleF5YoDLvwD8g=
=EQyI
-----END PGP SIGNATURE-----
Merge tag 'net-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from netfilter, wireless and bluetooth.
Nothing major, regression fixes are mostly in drivers, two more of
those are flowing towards us thru various trees. I wish some of the
changes went into -rc5, we'll try to keep an eye on frequency of PRs
from sub-trees.
Also disproportional number of fixes for bugs added in v6.4, strange
coincidence.
Current release - regressions:
- igc: fix LED-related deadlock on driver unbind
- wifi: mac80211: small fixes to recent clean up of the connection
process
- Revert "wifi: iwlwifi: bump FW API to 90 for BZ/SC devices", kernel
doesn't have all the code to deal with that version, yet
- Bluetooth:
- set power_ctrl_enabled on NULL returned by gpiod_get_optional()
- qca: fix invalid device address check, again
- eth: ravb: fix registered interrupt names
Current release - new code bugs:
- wifi: mac80211: check EHT/TTLM action frame length
Previous releases - regressions:
- fix sk_memory_allocated_{add|sub} for architectures where
__this_cpu_{add|sub}* are not IRQ-safe
- dsa: mv88e6xx: fix link setup for 88E6250
Previous releases - always broken:
- ip: validate dev returned from __in_dev_get_rcu(), prevent possible
null-derefs in a few places
- switch number of for_each_rcu() loops using call_rcu() on the
iterator to for_each_safe()
- macsec: fix isolation of broadcast traffic in presence of offload
- vxlan: drop packets from invalid source address
- eth: mlxsw: trap and ACL programming fixes
- eth: bnxt: PCIe error recovery fixes, fix counting dropped packets
- Bluetooth:
- lots of fixes for the command submission rework from v6.4
- qca: fix NULL-deref on non-serdev suspend
Misc:
- tools: ynl: don't ignore errors in NLMSG_DONE messages"
* tag 'net-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (88 commits)
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
net: b44: set pause params only when interface is up
tls: fix lockless read of strp->msg_ready in ->poll
dpll: fix dpll_pin_on_pin_register() for multiple parent pins
net: ravb: Fix registered interrupt names
octeontx2-af: fix the double free in rvu_npc_freemem()
net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
ice: fix LAG and VF lock dependency in ice_reset_vf()
iavf: Fix TC config comparison with existing adapter TC config
i40e: Report MFS in decimal base instead of hex
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
net: ti: icssg-prueth: Fix signedness bug in prueth_init_rx_chns()
net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec
macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst
ethernet: Add helper for assigning packet type when dest address does not match device address
macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads
net: phy: dp83869: Fix MII mode failure
netfilter: nf_tables: honor table dormant flag from netdev release event path
eth: bnxt: fix counting packets discarded due to OOM and netpoll
igc: Fix LED-related deadlock on driver unbind
...
|
||
Steve French
|
8861fd5180 |
smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
Coverity spotted that the cifs_sync_mid_result function could deadlock
"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires
lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"
Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")
Cc: stable@vger.kernel.org
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
|