For now, it can enable objtool for Clang, just remove !CC_IS_CLANG for
HAVE_OBJTOOL in arch/loongarch/Kconfig.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
After commit a0f7085f6a ("LoongArch: Add RANDOMIZE_KSTACK_OFFSET
support"), there are three new instructions "addi.d $fp, $sp, 32",
"sub.d $sp, $sp, $t0" and "addi.d $sp, $fp, -32" for the secondary
stack in do_syscall(), then there is a objtool warning "return with
modified stack frame" and no handle_syscall() which is the previous
frame of do_syscall() in the call trace when executing the command
"echo l > /proc/sysrq-trigger".
objdump shows something like this:
0000000000000000 <do_syscall>:
0: 02ff8063 addi.d $sp, $sp, -32
4: 29c04076 st.d $fp, $sp, 16
8: 29c02077 st.d $s0, $sp, 8
c: 29c06061 st.d $ra, $sp, 24
10: 02c08076 addi.d $fp, $sp, 32
...
74: 0011b063 sub.d $sp, $sp, $t0
...
a8: 4c000181 jirl $ra, $t0, 0
...
dc: 02ff82c3 addi.d $sp, $fp, -32
e0: 28c06061 ld.d $ra, $sp, 24
e4: 28c04076 ld.d $fp, $sp, 16
e8: 28c02077 ld.d $s0, $sp, 8
ec: 02c08063 addi.d $sp, $sp, 32
f0: 4c000020 jirl $zero, $ra, 0
The instruction "sub.d $sp, $sp, $t0" changes the stack bottom and the
new stack size is a random value, in order to find the return address of
do_syscall() which is stored in the original stack frame after executing
"jirl $ra, $t0, 0", it should use fp which points to the original stack
top.
At the beginning, the thought is tended to decode the secondary stack
instruction "sub.d $sp, $sp, $t0" and set it as a label, then check this
label for the two frame pointer instructions to change the cfa base and
cfa offset during the period of secondary stack in update_cfi_state().
This is valid for GCC but invalid for Clang due to there are different
secondary stack instructions for ClangBuiltLinux on LoongArch, something
like this:
0000000000000000 <do_syscall>:
...
88: 00119064 sub.d $a0, $sp, $a0
8c: 00150083 or $sp, $a0, $zero
...
Actually, it equals to a single instruction "sub.d $sp, $sp, $a0", but
there is no proper condition to check it as a label like GCC, and so the
beginning thought is not a good way.
Essentially, there are two special frame pointer instructions which are
"addi.d $fp, $sp, imm" and "addi.d $sp, $fp, imm", the first one points
fp to the original stack top and the second one restores the original
stack bottom from fp.
Based on the above analysis, in order to avoid adding an arch-specific
update_cfi_state(), we just add a member "frame_pointer" in the "struct
symbol" as a label to avoid affecting the current normal case, then set
it as true only if there is "addi.d $sp, $fp, imm". The last is to check
this label for the two frame pointer instructions to change the cfa base
and cfa offset in update_cfi_state().
Tested with the following two configs:
(1) CONFIG_RANDOMIZE_KSTACK_OFFSET=y &&
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=n
(2) CONFIG_RANDOMIZE_KSTACK_OFFSET=y &&
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
By the way, there is no effect for x86 with this patch, tested on the
x86 machine with Fedora 40 system.
Cc: stable@vger.kernel.org # 6.9+
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
This triggers an issue in the bochsdrm driver, which used ioremap()
instead of ioremap_wc() to map the video RAM. The revert lets video
RAM use the WB memory type instead of the slower UC memory type.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmbmhVcUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroPC8gf9GT8ynM3/+csYTKKvJ3acvhvFoIl0
xzptkWh9tal7H1jPG+BFq44o8DbAcb9u5pxPng9ng5ojmPwticBRWt6dpWyKurTm
WKT2JRCV/6/sPDu8WrMLli9c/9P85ETFAyAPyr4CO4/rPg173qtLT5zxWjsLi0xz
ZtVdAdHj041skYH8REYyRm2zolq/PIj7TWWAYZVRWgX2AkQeRq//g51MpBgLfbYt
BNL7TLqpaD3ZSNHXsTZDn3c1jh9VnPGFPa+QSq2a6JgPPqCuJzs7RpPwMzTRlkoT
agdRf8Wj082u1kqMGCHLXHGQybevauLs+yQYRkojpxj774PPNzH3kEGOEA==
=9Eo3
-----END PGP SIGNATURE-----
Merge tag 'for-linus-6.11' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fix from Paolo Bonzini:
"Do not always honor guest PAT on CPUs that support self-snoop.
This triggers an issue in the bochsdrm driver, which used ioremap()
instead of ioremap_wc() to map the video RAM.
The revert lets video RAM use the WB memory type instead of the slower
UC memory type"
* tag 'for-linus-6.11' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
Revert "KVM: VMX: Always honor guest PAT on CPUs that support self-snoop"
This reverts commit 377b2f359d.
This caused a regression with the bochsdrm driver, which used ioremap()
instead of ioremap_wc() to map the video RAM. After the commit, the
WB memory type is used without the IGNORE_PAT, resulting in the slower
UC memory type. In fact, UC is slow enough to basically cause guests
to not boot... but only on new processors such as Sapphire Rapids and
Cascade Lake. Coffee Lake for example works properly, though that might
also be an effect of being on a larger, more NUMA system.
The driver has been fixed but that does not help older guests. Until we
figure out whether Cascade Lake and newer processors are working as
intended, revert the commit. Long term we might add a quirk, but the
details depend on whether the processors are working as intended: for
example if they are, the quirk might reference bochs-compatible devices,
e.g. in the name and documentation, so that userspace can disable the
quirk by default and only leave it enabled if such a device is being
exposed to the guest.
If instead this is actually a bug in CLX+, then the actions we need to
take are different and depend on the actual cause of the bug.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
- One Intel patch that I mistakedly merged into for-next
despite it belongs in fixes: add Arrow Lake-H/U ACPI
ID so this Arrow Lake chip probes.
- One fix making the CY895x0 reg cache work, which is
good because it makes the device work too.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmblfkEACgkQQRCzN7AZ
XXPItw/+MeHzTyU2FPuiqspNiBlkBDpClAMcoBLiFDJdPGkbw8pZUVMSRrxOy5pe
tR8hNDtrLFZkCTIikXfMjOGhQ6uRc/BbRg/+AFCSXZyNfLQqjmTrk7kx89mqIy+R
+Wdj+TDTrXCQHVKzvdo6iB9fw5Gg02/MMMIMdFpx9M+OQXILsyyQCPaHn3RWZaCR
7TLVnPrqLuA1KZQXLDXj/Bk0yFpiQWD8KxlHNLcrHqoLxtfmDyva7J0zJRUQeLcK
aaPsVc4IlUgO4JIX42a+8hrQX+QaYAbY5ekOsVpGogQQ/yepseNmpFNhN96j+GGQ
6e541DnY0oaM2GmxbllsevIa8MY7Zlue5ehSEvSGoaYOrqvaruZedyURFQHRaceq
Jz86yQxDMMxbZ3S4Mn+ED1L8eXQlJAI6ylWcYDx/LWDcyblNWQCID1cNgIMoohFm
12qC7X4joP4eLWBGCNBQab0ZPOcAsrLUgCBFD/3/LCL4tfA9Cvudp6j5TyQXmTNC
LUPhw9mFk1Eywt9aiHEqOK9V1JZW7ovXdUUuVHNCn6LslZ1vtdNKlIxScPDp9Js5
iILAlt4EQ34uXsDi4s6LyKF/9W+imRM8mVEdMa5cNIizk8Xn/VDo7tM6J6Zz0CIu
tUBKZBhbmqoZldcaWco+aBQ1nwYGBSgu4W7JQZrtdXlFh5lQ2dU=
=USa2
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v6.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
- One Intel patch that I mistakenly merged into for-next despite it
belonging in fixes: add Arrow Lake-H/U ACPI ID so this Arrow Lake
chip probes.
- One fix making the CY895x0 reg cache work, which is good because it
makes the device work too.
* tag 'pinctrl-v6.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: pinctrl-cy8c95x0: Fix regcache
pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
A few last-minute ASoC fixes and MAINTAINERS update.
All look small, obvious and nice-to-have fixes for 6.11-final.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmblRZoOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE96zQ/+J77zhEva91kC80LasGa2GlggPIac4hRwBktp
Xchn4TzeJ5ij/o2IHJnV0GnsUttac2n5INq/eYEbqZpvm0mDESLm3+5qsPOdGYeO
bQcouXl9+Ju+9y7HymN0lnMSc7UX/NP7Yjjtx97io56Il+Obj2sYjgOhXeDHqq5J
iZtZl21c0OTD4NPJ1atjtztm3fpgpCv3qP3H5R/+KU4VE3JyXjL9fB7SWfqfamwS
/L9wERhyaOSi3Tut0olQblQcgIwpLdnf9bvK31uLrwzxMtxw92sOfBuOhoCUXb+2
rk2l93eW/hLeFbSTLgU+jePN8/YphnFKAr7qysL3SwEw/H6h1al8Rl74h9AFuNxW
zRjmGaCOQwSLp2UHf2Qwo5F1yynApOhAKYHm0djUKjZfUTswPAGqRYcQaW2tL4DR
71LjWvwnLGi1uupG+bNWP5L1p0YGQE4rk/QNbv/gYLXPwBI3bMheQjrNhv0Pqk/r
3FflZTJcjt1KJ3yNw9CkGAhGRnA7YIoZ9DcuGaqi63wl04K2fDH6NWLZ6CbGqlyO
yBs8eJK4ehZJDm9Knn3zFC9CEM9z6VA0i5aIo13v7G3I1yISxhdAp8NOCqJkl+yQ
utCsfCyvK0tvVy0u0zOE3w6JZ5Z2u7Q6TGe/LkTKjsF6Na21hueU6wLlUhCtFhu2
y9jFImk=
=GUM8
-----END PGP SIGNATURE-----
Merge tag 'sound-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A few last-minute ASoC fixes and MAINTAINERS update.
All look small, obvious and nice-to-have fixes for 6.11-final"
* tag 'sound-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: meson: axg-card: fix 'use-after-free'
ASoC: codecs: avoid possible garbage value in peb2466_reg_read()
MAINTAINERS: update Pierre Bossart's email and role
ASoC: tas2781: fix to save the dsp bin file name into the correct array in case name_prefix is not NULL
ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item
ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item
A few last minute fixes, plus an update for Pierre's contact details and
status. It'd be good to get these into v6.11 (especially the
MAINTAINERS update) but it wouldn't be the end of the world if they
waited for the merge window, none of them are super remarkable and it's
just a question of timing that they're last minute.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmbkhH0ACgkQJNaLcl1U
h9BoIQf+JXnJ0ue9/Jk/jMrXm9IsbXFV0ejhRX1+QYNVsucMymoqPl3mlK0gklFi
j16V7P6aNUnm0Z8eOct24T/5INKiwBIWQH3FdnzHbMhf7xswIHBittMk9A0T5twH
l+RWeYRjCE6YCuGnnWGC33j+0itN5cQLI0lP4bStJxiWV+uxUOk7QK12legYoWNG
rvboiJIxBAJ04xogCIXNeTQmaxOU6GTvuoD/yz+e4G0+UDET1nijRpfTcJLs1Vam
ngebgCrkBG2nOk9z5p1FEt85ullp34H6SNQ9b+tChsrKH/RPEcqk3iWrOHUApYON
82tj9pCZq9mbeqZJSseWnvyhPm7uOw==
=BJvu
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v6.11-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.11
A few last minute fixes, plus an update for Pierre's contact details and
status. It'd be good to get these into v6.11 (especially the
MAINTAINERS update) but it wouldn't be the end of the world if they
waited for the merge window, none of them are super remarkable and it's
just a question of timing that they're last minute.
-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmbknjoUHGJoZWxnYWFz
QGdvb2dsZS5jb20ACgkQWYigwDrT+vz5GRAAtaSwzbY1pI6kBQbTgnI5V0fSw/uK
Elo5Hq8gp5fosAwLKMefOpdiF4h73H4fEpkYwP5pQIaTK1EhUtQVVx97+rMAyAIR
AWA9300Ae2fZD9lmOUwZoPrljCo1ld7X5hwxFi5+r1Xxlg8RuObdn2Nb2Jrqy2Xn
y3uTEuarzNwaleHN9k2jrmuERgLZ4ZxHF/613vi44RE9WWcy3OM29BcF2v8mJfif
zgUVFjxRzsfL+mLyTiOBf5+MGXc0LiG2FVbSof1wWzJnyAox//b6aGankZscFFX3
o9p9htH/DHi7LhX+G4OyHjEhSTDP6nSZ3UWD1F++tQVMc3Fx/AlO1iI/jB5KaPov
ON38AVhvEAeSb0SNXPBkDqZNlJqI/1reUWR/2ApP6/A3B9wbeCa9zrM5McpncYSv
HfFPN8pVwpGUSA0/vnAkDmm0yH1XGxVcEgITXNySZguhVmkqqQPFjXcOv1wNAEPW
RwiagjAX4DPbIYb9W2AVygu412CIIWFxsjyyLPTIkW/80InmMyFKS87Y5klmdt3t
7ENmdxeI8O99l2LvalXNKfLRWVdMh3VxP1CXWE5qzpISLAYeIO/Qiqi+vmiek7sL
+Eihmaa3/cGYUzVcbqSGbYpAq8VWQ0DLCgabYpnqB5PKvk70Xe5PKFM41xDnTOC/
5EcQ5wBGcJbaD54=
=i+4X
-----END PGP SIGNATURE-----
Merge tag 'pci-v6.11-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
Pull pci fix from Bjorn Helgaas:
- Prevent a possible deadlock (reported by lockdep) when a driver
relinquishes a pci_dev, another driver claims it, and one uses
managed pcim_enable_device() and the other doesn't (Philipp Stanner)
* tag 'pci-v6.11-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
PCI: Fix potential deadlock in pcim_intx()
A few last minute fixes for v6.11, they're all individually unremarkable
and only last minute due to when they came in.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmbkhAUACgkQJNaLcl1U
h9BpZwf+KiV2aTGSouHZsIM2hNcZr8Nm+DH8aJgRWzeddqZ2JD6Hwi1YaUckd1sC
rbXz6jMvjeG4EbVAokLyb3NudKa5GSoWmMKKeod620bX0Q9PAv+HpRiPK5/i5IFH
HFHlpjRScpchc/vISgPk0ELgc5eq0jdRZHS5vUWw2tdkc6dmwjb5nPNO4lHxpbYx
/ETQup7iPW9kfe5fUwWFhvD1MxHIwe1CGUtQLLZQPJdVaHWRD9AIZMTPu7DX0C6V
PLckCBwzZN+fWUX3xnxfveYG++pdNWaVFFjuRZdKVbNT7SgF7VawTaIK7BxCuqeV
fNuwheKH/lfzmdXlYGFVLjvyfVfSww==
=W3IJ
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A few last minute fixes for v6.11, they're all individually
unremarkable and only last minute due to when they came in"
* tag 'spi-fix-v6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: nxp-fspi: fix the KASAN report out-of-bounds bug
spi: geni-qcom: Fix incorrect free_irq() sequence
spi: geni-qcom: Undo runtime PM changes at driver exit time
- Revert of earlier fix sent for non-continuous port map programming
which caused regression on Intel platforms
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmbkIiMACgkQfBQHDyUj
g0cfsA/8Cb3T7obP8Fw/wDpSf6SfeUt6oFJsgKGFmWG5Jq6mrv6jVS0n+LIWa0um
TtKmXVL81fGXV0Jz2br22/3iQDNNIetlzNZfGFGlkwmz3faWj3ugggNmKKcjINdj
u2iYdJk01l+5i44IZqJgRqtXlUCaLWK89UZGrqxtFRJm4v1s/N4VPjAa3WXCcNFX
blJtZS2e1Ox5tuj4PN7CFJczNa7hr5sVgq/bciBxhGy940zPLSJfGEHdBjhumOx+
RBLMV6yyfbiGdON7MtZtzA0PpLGV8JLXKa80A/PvP8ITLo0IS+wRbEmIkp69jMLZ
Zg8tPvBJ5I7Uw069J2HKLhIE+Tt/C6MgY/rfxSKkBXcbiZ6EZgs2qKaJF0ct0AHF
cHhQM1K8LGkQhSnPVZBkxWmwlLrBHTv7FfAZOOGW7R+aWiEPHYTh/qLFxDEChm3W
6JOx/3eJj6n/6i4kCWx74p2A9SEERZNxQHY9vZabVF1iK6cKuMYEgRQIz8OGK/dx
d6qmk6OJG3e0XycWPeAB6lJlNK3dx508wXcz6LcQ2ywrQ9PC4k449RSrfeGUqhrk
1Iz3KIYtXoEj4sbWemShKtTJRqMe3pM1IFb/AvsKCGPqOR+7yM3ahyKIsUenHR2o
ZpmWpdkdax4PjvHp6IHtVsbpJbQTeSS2dKHa3ndmuh+KgWWFRh4=
=jVK0
-----END PGP SIGNATURE-----
Merge tag 'soundwire-6.11-fixes_2' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire
Pull soundwire fix from Vinod Koul:
- Revert of earlier fix sent for non-continuous port map programming
which caused regression on Intel platforms
* tag 'soundwire-6.11-fixes_2' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire:
soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps"
dma-buf/heaps:
- fix off by one in CMA heap fault handler
syncobj:
- fix syncobj leak in drm_syncobj_eventfd_ioctl
amdgpu:
- Avoid races between set_drr() functions and dc_state_destruct()
- Fix regerssion related to zpos
- Fix regression related to overlay cursor
- SMU 14.x updates
- JPEG fixes
- Silence an UBSAN warning
amdkfd:
- Fetch cacheline size from IP discovery
i915:
- Prevent a possible int overflow in wq offsets
xe:
- Remove a double include
- Fix null checks and UAF
- Fix access_ok check in user_fence_create
- Fix compat IS_DISPLAY_STEP() range
- OA fix
- Fixes in show_meminfo
nouveau:
- fix GP10x regression on boot
stm:
- add COMMON_CLK dep
rockchip:
- iommu api change
tegra:
- iommu api change
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmbj3jUACgkQDHTzWXnE
hr5WBxAAg2WeN5VUFR5Cv05hBGTSF1A+fRVzB0cID6rs+/nTYNc91FZFH5xtV/kP
Wkn/mNjCLVIAciwi0jkME68xhSlWdttmrfZwRhBczfn2FLC/b0yB2eXUFd+2fQQQ
dj8Ff+w+EB2KL8mkWiD/o5CjXd9UueL2TlWLU4bOw2pW90hFWnWeCmvD/mL0Ii4T
PeLPBRmRXDQsynctN+WA1mLgHCS9U5lKhKsREU+SIU2jLSZLVvBZ8Fhrk+EDz/Cb
djVdnOlKPRA7Hh4TJAPzm8O51uPYUiRAWe6Ayo0wygdB8BnBUMZHXrzg1bDiz7TU
NySLAddEYr6ASqb9RLFgJxSt3znAEmbtqsNBto4oPX8N30nLJsVJPlOP63Ef2jpn
OUSczrMEFNwG0ZZ75IkHu2EqILt5+Q5+VyNszfl4f8uIT3ApAUzK2Rz7s2R9Qc9f
2YT68P79ojEgcKwFFsNgCgAM3NYd05gttr4J16GRIyLA8WD+yDL0eCaj+ZwQH1EP
yMZrm0go5fANf0WTz5u+9SyG1sELExKdmHl71bpzybt9/YCfkRpx/snZp01ow6fz
ci9xkqPn5RH1zFFgiSpJpsoIcDLo7tUGxyrmh5+41/4C0CbcxjCsIfcKKMDDIw4S
FW18o8umh9neB8X8L4IYzD0/XfUZAlVBLyuCl+RHMjxe0eVHYdc=
=YpZO
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2024-09-13' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Regular fixes pull, the amdgpu JPEG engine fixes are probably the
biggest, they look to block some register accessing, otherwise there
are just minor fixes and regression fixes all over.
nouveau had a regression report going back a few kernels that finally
got fixed, Not entirely happy with so many changes so late, but they
all seem quite benign apart from the jpeg one.
dma-buf/heaps:
- fix off by one in CMA heap fault handler
syncobj:
- fix syncobj leak in drm_syncobj_eventfd_ioctl
amdgpu:
- Avoid races between set_drr() functions and dc_state_destruct()
- Fix regerssion related to zpos
- Fix regression related to overlay cursor
- SMU 14.x updates
- JPEG fixes
- Silence an UBSAN warning
amdkfd:
- Fetch cacheline size from IP discovery
i915:
- Prevent a possible int overflow in wq offsets
xe:
- Remove a double include
- Fix null checks and UAF
- Fix access_ok check in user_fence_create
- Fix compat IS_DISPLAY_STEP() range
- OA fix
- Fixes in show_meminfo
nouveau:
- fix GP10x regression on boot
stm:
- add COMMON_CLK dep
rockchip:
- iommu api change
tegra:
- iommu api change"
* tag 'drm-fixes-2024-09-13' of https://gitlab.freedesktop.org/drm/kernel: (25 commits)
drm/xe/client: add missing bo locking in show_meminfo()
drm/xe/client: fix deadlock in show_meminfo()
drm/xe/oa: Enable Xe2+ PES disaggregation
drm/xe/display: fix compat IS_DISPLAY_STEP() range end
drm/xe: Fix access_ok check in user_fence_create
drm/xe: Fix possible UAF in guc_exec_queue_process_msg
drm/xe: Remove fence check from send_tlb_invalidation
drm/xe/gt: Remove double include
drm/amd/display: Add all planes on CRTC to state for overlay cursor
drm/amdgpu/atomfirmware: Silence UBSAN warning
drm/amd/amdgpu: apply command submission parser for JPEG v1
drm/amd/amdgpu: apply command submission parser for JPEG v2+
drm/amd/pm: fix the pp_dpm_pcie issue on smu v14.0.2/3
drm/amd/pm: update the features set on smu v14.0.2/3
drm/amd/display: Do not reset planes based on crtc zpos_changed
drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
drm/amdkfd: Add cache line size info
drm/tegra: Use iommu_paging_domain_alloc()
drm/rockchip: Use iommu_paging_domain_alloc()
...
The size of the mux stride was off by one, which could result in
invalid pin configuration on the device side or invalid state
readings on the software side.
While on it also update the code and:
- Increase the mux stride size to 16
- Align the virtual muxed regmap range to 16
- Start the regmap window at the selector
- Mark reserved registers as not-readable
Fixes: 8670de9fae ("pinctrl: cy8c95x0: Use regmap ranges")
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reported-by: Andy Shevchenko <andy@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/20240902072859.583490-1-patrick.rudolph@9elements.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This includes a new ACPI ID that is added to the Intel Meteor Lake
driver to support recent Intel Arrow Lake hardware.
-----BEGIN PGP SIGNATURE-----
iQJUBAABCgA+FiEEVTdhRGBbNzLrSUBaAP2fSd+ZWKAFAmaxzMwgHG1pa2Eud2Vz
dGVyYmVyZ0BsaW51eC5pbnRlbC5jb20ACgkQAP2fSd+ZWKBHKxAAka3ovlC1kW5X
dQK9wX10cv7zTe46ZZCaQ6IKZwkFSqpE3OWa1Nu1OdLMHYLgESSUERbt1YdiXfdT
BH2UV8Vvca9ioFqCJFusf7zZvewuuCb9gJ7dgsSbgE65EFbV8gFHh8XT0TnbtoCd
88sBINYyW5a7yN3N/qvBF+Zb0t23c+bKTwYkINOKOUO+EzOubpMK3L67CSkdMk+i
1KMCGbgwX/TMCewBCGR+pDADVoDKAR8vkwm0qnb4iU1BSHxo+3AuR4T+h/S7NBad
WqypmcOCw87URri+U+Y7swNEPrPqs7mfvsFRGL3oSqyTH0S/bGofU8pqKs156IHQ
RmUXQXFdodkMZ4V85hck0JFsPk5ieIXlzpIyNWdl8tCPuTjfDOWL4XRaCjejcO+J
7CQIpAEIV7sZ4dp0qV7dK1IAqYs/q16uKQZuKoVsqPIdHY5/k7k8aS2d/9PExXjm
4EoEAaQQu39+dpF6EpJIYr12V1wO8IAN4vQ8dn4bG7jhsqM6XcuIZ9ANYBpAdJNM
7wohIcepwI+sZLwHSXIvfbzzYEdG1UnWl5FfOEJfyayKzuzNSGlG7mSjHvIsQM46
krJG93aj81qqt1BSATcXbmp3jnFXvd3+9YNdogtSZa0l3m1W2XpRulemaXWxqwXN
KeiSIpWktVFaegiTMXE/uicloYGdfbU=
=Mbpf
-----END PGP SIGNATURE-----
Merge tag 'intel-pinctrl-v6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pinctrl/intel into fixes
intel-pinctrl for v6.11-1
This includes a new ACPI ID that is added to the Intel Meteor Lake
driver to support recent Intel Arrow Lake hardware.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
config dependency fix for stm, a syncobj leak fix, and two iommu fixes
for tegra and rockchip.
-----BEGIN PGP SIGNATURE-----
iJUEABMJAB0WIQTkHFbLp4ejekA/qfgnX84Zoj2+dgUCZuKq/QAKCRAnX84Zoj2+
djX/AX9yH6TTbCOGSJ2BF6No8RXE0kNOi/AaS0dr+WuUetXsMcjQ2g4ttbMVKh/o
RefF0n8BgN5BWitAA+rkqRWjCPxUPGb6kjPamPp/YEFTcEv/8nvnr344ZPEV6jXe
7dv+h319Dg==
=Qvnm
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2024-09-12' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes
An off-by-one fix for the CMA DMA-buf heap, An init fix for nouveau, a
config dependency fix for stm, a syncobj leak fix, and two iommu fixes
for tegra and rockchip.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <mripard@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240912-phenomenal-upbeat-grouse-a26781@houat
amdgpu:
- Avoid races between set_drr() functions and dc_state_destruct()
- Fix regerssion related to zpos
- Fix regression related to overlay cursor
- SMU 14.x updates
- JPEG fixes
- Silence an UBSAN warning
amdkfd:
- Fetch cacheline size from IP discovery
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZuHMpgAKCRC93/aFa7yZ
2Kl/AP4vMdYnJTzPr9jB92B9KMltpHdb04VRCiE4WdojXDSSiAEA+US1YwgH0v1O
ATgtwgy0c9gVTOII6mVWjUS71D12LgE=
=k1hP
-----END PGP SIGNATURE-----
Merge tag 'amd-drm-fixes-6.11-2024-09-11' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
amd-drm-fixes-6.11-2024-09-11:
amdgpu:
- Avoid races between set_drr() functions and dc_state_destruct()
- Fix regerssion related to zpos
- Fix regression related to overlay cursor
- SMU 14.x updates
- JPEG fixes
- Silence an UBSAN warning
amdkfd:
- Fetch cacheline size from IP discovery
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240911170528.838655-1-alexander.deucher@amd.com
Fix the calculation of packet signatures by adding the offset into a page
in the read or write data payload when hashing the pages from it.
Fixes: 39bc58203f ("cifs: Add a function to Hash the contents of an iterator")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Tom Talpey <tom@talpey.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: Rohith Surabattula <rohiths.msft@gmail.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
cheaper to use a comparison here instead of a division so we just do
that to fix the build.
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAmbjdk4RHHNib3lkQGtl
cm5lbC5vcmcACgkQrQKIl8bklSUNjA/8CYfF/DgogiFcxG2QsG5jDIgFL027PFSN
FuUZ1kwf0vIMeLT5Oq1baURltaEk4/PbAJEQvF8i5DTXy5sfFKiZzWc6yLFpVsB3
2FynvH9CBYnSsdFYNn5lD3HNXPNmNuBA528jhTF/AGrES6cBE41kXtxIy0HsptRV
Zdnh+aD6igygeLcTE3BHaalfHVC13nHm/YABKYGf9kWyCIYy3CxAnT+ODkG5f4R6
kFWj+dJ3bGs7k2CroOvsVO6bpAaEnrQWu0uvPEL9cZRt8x/daH0ZbtvPHLlbr28H
0vswkTfhTuj0jCgMY9P0VKkipT53ETVWCzTV8dz/aDuBqfsPMBtZH7I9T/JSlOG9
ycUGnDfdpHM8yYNpDVXnoY4dgVj/S74eH2rVPpouTnkj3wW7d5OWQAGAObO/uazt
204vLnXA1uJUbO1HyqloYZId/FF3+Blw7tP9IiMNDv3LFefMhxbURXrevG6RloUg
BC4O9abauUazh2wJYtoRqpLdui0OAgjkEcdwn/NEzeo7Gchd+c3hNMfBLxYArwnT
BYPdHXI4vNzqTKAkw6V6J3S3IpcYZWeS+psMxQesUmSqmzFUKt6A81ZXpgJAg6O1
v7v8EO2iBTM64+Fcw5JAJP7LiHNw6iyNcMrB+grKsLEZMIhWod6Q/kTXnby3P9qz
mCh2OcXsFjc=
=ln0u
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fix from Stephen Boyd:
"One build fix for 32-bit arches using the Qualcomm PLL driver. It's
cheaper to use a comparison here instead of a division so we just do
that to fix the build"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: qcom: clk-alpha-pll: Simplify the zonda_pll_adjust_l_val()
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmbjbd0QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpqCIEACJZbjdtXxLf1eiJsWw+aTxZ5n2oZH9LtN+
xToo7Y20/3G7uf92e1BIJY5i3f8HruE8LgAjwbMwzQ7WAq0XSMhn9ir3Z+2q5uoi
CvKqK27u3AsyeACimPC6k0nAuacl0z2etlc0RjTXsIfl49AJx9AoMf9THDT1GyGw
svIXDy7Alxa/uImcpPmcVpy/Z6ajCFVonbENeUXMml7XlnCBeN0ejl+86NiRobo/
opfY+YhUYlaKq4ZVDvjnsb4gwEjrO4QLY85Mc0pHUllK6OpTb1bVpx49IrU2EKqu
5MzqvnuM/t+gWn2InOFl7zE2fE5hhuilGpUUogcbuE2Xv9s3zk0SSOkbrsnuWEka
xfMWoI0n3uWH42DUyezPJOUPPTivbxmIKK+W9dFrYMw6ZKwnWSXz/oG7Q8r2rA+1
SB0i6gYyZhXMyyIgmymyK6erA5QW3ylD4yzK0kltm6X8MSWVTuhrwlocTV1s8K/U
RN0Nscgyo94JZU8uFp2gJ+gOF2/W46LZSxtYg3Zq6BOaxNZyu+gAryB0rINDw2vq
wuuei92QOtZghlRisESQ28LhkEAFNuL8g52La49KFD3QJQ6dXSTKM3CZDYl15jvR
wrRziMTOeLVZYo7zRPgN48csxo0zjYfoDSEDoO3GXzSTWI9o5K2VPZfDIEXMu4dh
62H+bFKrhw==
=KRFV
-----END PGP SIGNATURE-----
Merge tag 'block-6.11-20240912' of git://git.kernel.dk/linux
Pull block fix from Jens Axboe:
"Just a single fix for a deadlock issue that can happen if someone
attempts to change the root disk IO scheduler with a module that
requires loading from disk.
Changing the scheduler freezes the queue while that operation is
happening, hence causing a deadlock"
* tag 'block-6.11-20240912' of git://git.kernel.dk/linux:
block: Prevent deadlocks when switching elevators
Contains the fix for a NULL worker->pool deref bug which can be triggered
when a worker is created and then destroyed immediately.
-----BEGIN PGP SIGNATURE-----
iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCZuM5ew4cdGpAa2VybmVs
Lm9yZwAKCRCxYfJx3gVYGU5RAQCJ13myAx5ZhznE2fkCv8IrMP1y8BhO5eoPI6+o
0QPgWgD/TMu7hMMZkz0vVHn0euNpwTWB0lOsz1299ukC1wO/tAw=
=nJ2F
-----END PGP SIGNATURE-----
Merge tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Pull workqueue fix from Tejun Heo:
"A fix for a NULL worker->pool deref bug which can be triggered when a
worker is created and then destroyed immediately"
* tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: Clear worker->pool in the worker thread context
* Two fixes for smp_processor_id() calls in preemptible sections: one if
the perf driver, and one in the fence.i prctl.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmbjDTkTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYiRsKD/428yAcDT6JKjG+jzYnMARDxl+OS0hJ
KKwfeglvpPXWqZoZlyhPgJMJ/fNalrH/dVwl01a3Aobjy8/JV6W6L2Cc/lwRBNXv
O+nfCzzJoZs+v7D0MR2Ad101vfToafDaiZ9Q6jH4/9yi/m5zAaIHdEnjYQQW5rLc
FMnfGDHXo40WkrnjEjefeh7n88d5dtyD3szwS8khSnJulGFRHHWW0XL54wVeY3wE
NvLKdD5PDR7kzOE6BvofPQ1tIJxpWnE+jqSgHmS1eYKlwwzb1kvtGXiktUl/gcwb
/+jFgK49gqWMpx1ji+utw4R357uIZY0DPIiMvY7K5PjeY+TXtltTBgfyvjklpLWm
YrZ1snpMiMl/VTxFYVFMCvowK/DvylvSQ737zwMaxTq/DGwvr8GPuRO1Pnwc/3QZ
wCLy3rsK56LE46+9IrYeauYNiOl1bd6znuASzrPhr8Ecexm2DW+JZqRRZCMl3UTK
p9hrr3CxUT4hi0bksjkSOBks7cLNp3Rqa/fEBtM6YKKzSU6NlEoNpuiH7sjh7ETE
Zk4qUjRPiRcje0XL2NTKfpKSGuxK/xP4188aYA5jZ1QxO/zditk8BrS5WRfgEoPr
gjNapO25nrnJbgi9PaClMdeYNV//Fi/0vjpDjw6pYfJaZSE0sWMqp5/bWt5Bsy2A
e/OyJ+U4TPY4vQ==
=pEDD
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- Two fixes for smp_processor_id() calls in preemptible sections: one
if the perf driver, and one in the fence.i prctl.
* tag 'riscv-for-linus-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: Disable preemption while handling PR_RISCV_CTX_SW_FENCEI_OFF
drivers: perf: Fix smp_processor_id() use in preemptible code
*think* such fix will not land in the next week.
Including fixes from netfilter.
Current release - regressions:
- core: tighten bad gso csum offset check in virtio_net_hdr
- netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
- eth: ice: stop calling pci_disable_device() as we use pcim
- eth: fou: fix null-ptr-deref in GRO.
Current release - new code bugs:
- hsr: prevent NULL pointer dereference in hsr_proxy_announce()
Previous releases - regressions:
- hsr: remove seqnr_lock
- netfilter: nft_socket: fix sk refcount leaks
- mptcp: pm: fix uaf in __timer_delete_sync
- phy: dp83822: fix NULL pointer dereference on DP83825 devices
- eth: revert "virtio_net: rx enable premapped mode by default"
- eth: octeontx2-af: Modify SMQ flush sequence to drop packets
Previous releases - always broken:
- eth: mlx5: fix bridge mode operations when there are no VFs
- eth: igb: Always call igb_xdp_ring_update_tail() under Tx lock
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmbi8isSHHBhYmVuaUBy
ZWRoYXQuY29tAAoJECkkeY3MjxOkzNsQALiaGTGqOcFwVwchlWOfAuheiDeKtxM6
LihsxBFFi+s7p5p75yL+ko3mpxz8ZxO3joPNevh+wBy7cOXgEuikPbeNokUsHjeG
ofmz2B9+CHpf8PL0PgE+oyAi8kTZyn81oDrVLereBJqT50hKXjWbbip/s8niTJaY
tXsYiJPZgvTFdkkJjV6INrHRWAse/tXP1o+KqIkbuEw8aerlxjOaZ1dubtuzcj3C
rAwXNU9r6ojqmQLovfUx3Gw/RsMwAGxra0Ni9AdUxiKtqKD7r0dnfNvjUI76HWcf
S62zMwjKS+DZ/cqiTnsqTIK7HN4gQ/R+W+C7RWlVFhu5CQoX7zL+4pkpbJn3ULEM
mjFKnBBPoU0ET5hMOXY79iAkGIDiQSpMz5fNi85S0drPLG6ooJxIBBLgFdDspG2f
7TASuV5Dne3Toh9YMm4mZtgWZTCR85yF8Dzy8kA6/bTNtvVQmMMQh7RYW10SrB1I
ntDYGQcoxzPVzU42gWaDwa5ubDz6XTxLM6vsweK9mbjm9U1R1GEd6cx2cGvt88oD
gIgLcrP7szImDzdASb0Ce3kEdKc/g0xMften10MOjPFHJGcehvawwgvRJK8Oz720
g6Xa+WBwfGF5QrljWVk7V9sGiSK1ssAut81VBO+lBCEFwI8iMzjbjTC9kzCvO6nj
ZECYg5JZa0XR
=tbcX
-----END PGP SIGNATURE-----
Merge tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from netfilter.
There is a recently notified BT regression with no fix yet. I do not
think a fix will land in the next week.
Current release - regressions:
- core: tighten bad gso csum offset check in virtio_net_hdr
- netfilter: move nf flowtable bpf initialization in
nf_flow_table_module_init()
- eth: ice: stop calling pci_disable_device() as we use pcim
- eth: fou: fix null-ptr-deref in GRO.
Current release - new code bugs:
- hsr: prevent NULL pointer dereference in hsr_proxy_announce()
Previous releases - regressions:
- hsr: remove seqnr_lock
- netfilter: nft_socket: fix sk refcount leaks
- mptcp: pm: fix uaf in __timer_delete_sync
- phy: dp83822: fix NULL pointer dereference on DP83825 devices
- eth: revert "virtio_net: rx enable premapped mode by default"
- eth: octeontx2-af: Modify SMQ flush sequence to drop packets
Previous releases - always broken:
- eth: mlx5: fix bridge mode operations when there are no VFs
- eth: igb: Always call igb_xdp_ring_update_tail() under Tx lock"
* tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (36 commits)
net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
net: tighten bad gso csum offset check in virtio_net_hdr
netlink: specs: mptcp: fix port endianness
net: dpaa: Pad packets to ETH_ZLEN
mptcp: pm: Fix uaf in __timer_delete_sync
net: libwx: fix number of Rx and Tx descriptors
net: dsa: felix: ignore pending status of TAS module when it's disabled
net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
selftests: mptcp: include net_helper.sh file
selftests: mptcp: include lib.sh file
selftests: mptcp: join: restrict fullmesh endp on 1st sf
netfilter: nft_socket: make cgroupsv2 matching work with namespaces
netfilter: nft_socket: fix sk refcount leaks
MAINTAINERS: Add ethtool pse-pd to PSE NETWORK DRIVER
dt-bindings: net: tja11xx: fix the broken binding
selftests: net: csum: Fix checksums for packets with non-zero padding
net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
virtio_net: disable premapped mode by default
Revert "virtio_net: big mode skip the unmap check"
Revert "virtio_net: rx remove premapped failover code"
...
Fixes:
- asus-wmi: Disable OOBE that interferes with backlight control
- panasonic-laptop: Two fixes to SINF array handling
The following is an automated shortlog grouped by driver:
asus-wmi:
- Disable OOBE experience on Zenbook S 16
panasonic-laptop:
- Allocate 1 entry extra in the sinf array
- Fix SINF array out of bounds accesses
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCZuKxBgAKCRBZrE9hU+XO
MZWtAP9CFIg02ZzY8ZadQMhV3CmOfojLp9S8mYN9BS91iO9eYwD/deECQ1hG+UHp
wRjs+8BA9jUtWT3iLyFcA2ZnAdZPCwA=
=rCeo
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver fixes from Ilpo Järvinen:
- asus-wmi: Disable OOBE that interferes with backlight control
- panasonic-laptop: Two fixes to SINF array handling
* tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
platform/x86: asus-wmi: Disable OOBE experience on Zenbook S 16
platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
As Jann points out, PFN mappings are special, because unlike normal
memory mappings, there is no lifetime information associated with the
mapping - it is just a raw mapping of PFNs with no reference counting of
a 'struct page'.
That's all very much intentional, but it does mean that it's easy to
mess up the cleanup in case of errors. Yes, a failed mmap() will always
eventually clean up any partial mappings, but without any explicit
lifetime in the page table mapping itself, it's very easy to do the
error handling in the wrong order.
In particular, it's easy to mistakenly free the physical backing store
before the page tables are actually cleaned up and (temporarily) have
stale dangling PTE entries.
To make this situation less error-prone, just make sure that any partial
pfn mapping is torn down early, before any other error handling.
Reported-and-tested-by: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Simona Vetter <simona.vetter@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
bo_meminfo() wants to inspect bo state like tt and the ttm resource,
however this state can change at any point leading to stuff like NPD and
UAF, if the bo lock is not held. Grab the bo lock when calling
bo_meminfo(), ensuring we drop any spinlocks first. In the case of
object_idr we now also need to hold a ref.
v2 (MattB)
- Also add xe_bo_assert_held()
Fixes: 0845233388 ("drm/xe: Implement fdinfo memory stats printing")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Cc: Tejas Upadhyay <tejas.upadhyay@intel.com>
Cc: "Thomas Hellström" <thomas.hellstrom@linux.intel.com>
Cc: <stable@vger.kernel.org> # v6.8+
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Tejas Upadhyay <tejas.upadhyay@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240911155527.178910-6-matthew.auld@intel.com
(cherry picked from commit 4f63d712fa)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
There is a real deadlock as well as sleeping in atomic() bug in here, if
the bo put happens to be the last ref, since bo destruction wants to
grab the same spinlock and sleeping locks. Fix that by dropping the ref
using xe_bo_put_deferred(), and moving the final commit outside of the
lock. Dropping the lock around the put is tricky since the bo can go
out of scope and delete itself from the list, making it difficult to
navigate to the next list entry.
Fixes: 0845233388 ("drm/xe: Implement fdinfo memory stats printing")
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2727
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Cc: Tejas Upadhyay <tejas.upadhyay@intel.com>
Cc: "Thomas Hellström" <thomas.hellstrom@linux.intel.com>
Cc: <stable@vger.kernel.org> # v6.8+
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Tejas Upadhyay <tejas.upadhyay@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240911155527.178910-5-matthew.auld@intel.com
(cherry picked from commit 0083b8e6f1)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Enable Xe2+ PES disaggregation (for OAG) to retrieve disaggregated metrics
when disaggregated data is needed. Userspace can select whether to receive
aggregated or disaggregated metrics via the particular OA configuration it
uses (programmed via DRM_XE_OBSERVATION_OP_ADD_CONFIG).
Bspec: 61101
Fixes: e936f885f1 ("drm/xe/oa/uapi: Expose OA stream fd")
Signed-off-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240909165933.2638765-1-ashutosh.dixit@intel.com
Cc: stable@vger.kernel.org
(cherry picked from commit fb2551a0e9)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
It's supposed to be an open range at the end like in i915. Fingers
crossed that nobody relies on this definition.
Fixes: 44e694958b ("drm/xe/display: Implement display support")
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Reviewed-by: Matt Roper <matthew.d.roper@intel.com>
Acked-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/fe8743770694e429f6902491cdb306c97bdf701a.1724180287.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
(cherry picked from commit 453afb1a43)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmbiF/oACgkQ1V2XiooU
IOQRQBAAoeOp8RlVU4XTm2++A+jwZODeeKoDcnyrdXWFZFUmORHLuUmIzVUDMJyB
rp9/Jnw/J8aS5pT4Bx79cWuPlZ9UylSsPr8lt7oJ3NNxRwzbdQjX97wKhONAYUGZ
j4Jnd1ObWj5uDHvI4hbMoqZlqzk64Cgdw6tMgYDxmjTnUuJbJztNL6QkUWvZz4mR
0gY3SluDadKc3dLqoFDefi7ZLidn5Fc3W99JZu295y40pe3qzWNhFPhQPC1s+1T6
9svzC95cIN1JncEqnuplcZQJEylRikOH2W6sH1SFflvI4QhiUXnOqluwjVGiDuxm
nPsoXZx3/uqlWwNKEMn/WwjTg9bqUnTzaT8M6RlZKimwmo+FKIgOQb6QjCgaBMWm
kbp2XWM/rmsDhjM58asCVgw7Bcftw6mrh8qt5fq2gxGnyE6G+3M9WDR8F9VmhxME
AtjgNqogrFYJkMSjVBvrqIr6CSzad3GgG+upWCbArAAyIZvAJdX54DSvXxgiv7bS
CV5J03/zIMohiLAwiGZC5q0IPNaHN4hUnBSTRhWSsQpnjg00dUeplYLlOfIRvgJO
uPKhzpYBzo+E4CzZLWeeNC+ArWT7iIO4NOYLxxuD1Olm71LNNHMlt2XFCJWV9oJl
UsB9QKWDh3MwFmbgyzxf/0QalGawGL/MVWa8MGmRKcUsxM9uXuU=
=Oc51
-----END PGP SIGNATURE-----
Merge tag 'nf-24-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following batch contains two fixes from Florian Westphal:
Patch #1 fixes a sk refcount leak in nft_socket on mismatch.
Patch #2 fixes cgroupsv2 matching from containers due to incorrect
level in subtree.
netfilter pull request 24-09-12
* tag 'nf-24-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: nft_socket: make cgroupsv2 matching work with namespaces
netfilter: nft_socket: fix sk refcount leaks
====================
Link: https://patch.msgid.link/20240911222520.3606-1-pablo@netfilter.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
25216afc9d ("PCI: Add managed pcim_intx()") moved the allocation step for
pci_intx()'s device resource from pcim_enable_device() to pcim_intx(). As
before, pcim_enable_device() sets pci_dev.is_managed to true; and it is
never set to false again.
Due to the lifecycle of a struct pci_dev, it can happen that a second
driver obtains the same pci_dev after a first driver ran. If one driver
uses pcim_enable_device() and the other doesn't, this causes the other
driver to run into managed pcim_intx(), which will try to allocate when
called for the first time.
Allocations might sleep, so calling pci_intx() while holding spinlocks
becomes then invalid, which causes lockdep warnings and could cause
deadlocks:
========================================================
WARNING: possible irq lock inversion dependency detected
6.11.0-rc6+ #59 Tainted: G W
--------------------------------------------------------
CPU 0/KVM/1537 just changed the state of lock:
ffffa0f0cff965f0 (&vdev->irqlock){-...}-{2:2}, at:
vfio_intx_handler+0x21/0xd0 [vfio_pci_core] but this lock took another,
HARDIRQ-unsafe lock in the past: (fs_reclaim){+.+.}-{0:0}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
local_irq_disable();
lock(&vdev->irqlock);
lock(fs_reclaim);
<Interrupt>
lock(&vdev->irqlock);
*** DEADLOCK ***
Have pcim_enable_device()'s release function, pcim_disable_device(), set
pci_dev.is_managed to false so that subsequent drivers using the same
struct pci_dev do not implicitly run into managed code.
Link: https://lore.kernel.org/r/20240905072556.11375-2-pstanner@redhat.com
Fixes: 25216afc9d ("PCI: Add managed pcim_intx()")
Reported-by: Alex Williamson <alex.williamson@redhat.com>
Closes: https://lore.kernel.org/all/20240903094431.63551744.alex.williamson@redhat.com/
Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Marc Hartmayer reported:
[ 23.133876] Unable to handle kernel pointer dereference in virtual kernel address space
[ 23.133950] Failing address: 0000000000000000 TEID: 0000000000000483
[ 23.133954] Fault in home space mode while using kernel ASCE.
[ 23.133957] AS:000000001b8f0007 R3:0000000056cf4007 S:0000000056cf3800 P:000000000000003d
[ 23.134207] Oops: 0004 ilc:2 [#1] SMP
(snip)
[ 23.134516] Call Trace:
[ 23.134520] [<0000024e326caf28>] worker_thread+0x48/0x430
[ 23.134525] ([<0000024e326caf18>] worker_thread+0x38/0x430)
[ 23.134528] [<0000024e326d3a3e>] kthread+0x11e/0x130
[ 23.134533] [<0000024e3264b0dc>] __ret_from_fork+0x3c/0x60
[ 23.134536] [<0000024e333fb37a>] ret_from_fork+0xa/0x38
[ 23.134552] Last Breaking-Event-Address:
[ 23.134553] [<0000024e333f4c04>] mutex_unlock+0x24/0x30
[ 23.134562] Kernel panic - not syncing: Fatal exception: panic_on_oops
With debuging and analysis, worker_thread() accesses to the nullified
worker->pool when the newly created worker is destroyed before being
waken-up, in which case worker_thread() can see the result detach_worker()
reseting worker->pool to NULL at the begining.
Move the code "worker->pool = NULL;" out from detach_worker() to fix the
problem.
worker->pool had been designed to be constant for regular workers and
changeable for rescuer. To share attaching/detaching code for regular
and rescuer workers and to avoid worker->pool being accessed inadvertently
when the worker has been detached, worker->pool is reset to NULL when
detached no matter the worker is rescuer or not.
To maintain worker->pool being reset after detached, move the code
"worker->pool = NULL;" in the worker thread context after detached.
It is either be in the regular worker thread context after PF_WQ_WORKER
is cleared or in rescuer worker thread context with wq_pool_attach_mutex
held. So it is safe to do so.
Cc: Marc Hartmayer <mhartmay@linux.ibm.com>
Link: https://lore.kernel.org/lkml/87wmjj971b.fsf@linux.ibm.com/
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Fixes: f4b7b53c94 ("workqueue: Detach workers directly in idle_cull_fn()")
Cc: stable@vger.kernel.org # v6.11+
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
The referenced commit drops bad input, but has false positives.
Tighten the check to avoid these.
The check detects illegal checksum offload requests, which produce
csum_start/csum_off beyond end of packet after segmentation.
But it is based on two incorrect assumptions:
1. virtio_net_hdr_to_skb with VIRTIO_NET_HDR_GSO_TCP[46] implies GSO.
True in callers that inject into the tx path, such as tap.
But false in callers that inject into rx, like virtio-net.
Here, the flags indicate GRO, and CHECKSUM_UNNECESSARY or
CHECKSUM_NONE without VIRTIO_NET_HDR_F_NEEDS_CSUM is normal.
2. TSO requires checksum offload, i.e., ip_summed == CHECKSUM_PARTIAL.
False, as tcp[46]_gso_segment will fix up csum_start and offset for
all other ip_summed by calling __tcp_v4_send_check.
Because of 2, we can limit the scope of the fix to virtio_net_hdr
that do try to set these fields, with a bogus value.
Link: https://lore.kernel.org/netdev/20240909094527.GA3048202@port70.net/
Fixes: 89add40066 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20240910213553.839926-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The MPTCP port attribute is in host endianness, but was documented
as big-endian in the ynl specification.
Below are two examples from net/mptcp/pm_netlink.c showing that the
attribute is converted to/from host endianness for use with netlink.
Import from netlink:
addr->port = htons(nla_get_u16(tb[MPTCP_PM_ADDR_ATTR_PORT]))
Export to netlink:
nla_put_u16(skb, MPTCP_PM_ADDR_ATTR_PORT, ntohs(addr->port))
Where addr->port is defined as __be16.
No functional change intended.
Fixes: bc8aeb2045 ("Documentation: netlink: add a YAML spec for mptcp")
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
Reviewed-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20240911091003.1112179-1-ast@fiberby.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
When sending packets under 60 bytes, up to three bytes of the buffer
following the data may be leaked. Avoid this by extending all packets to
ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
reproduced by running
$ ping -s 11 destination
Fixes: 9ad1a37493 ("dpaa_eth: add support for DPAA Ethernet")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20240910143144.1439910-1-sean.anderson@linux.dev
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
There are two paths to access mptcp_pm_del_add_timer, result in a race
condition:
CPU1 CPU2
==== ====
net_rx_action
napi_poll netlink_sendmsg
__napi_poll netlink_unicast
process_backlog netlink_unicast_kernel
__netif_receive_skb genl_rcv
__netif_receive_skb_one_core netlink_rcv_skb
NF_HOOK genl_rcv_msg
ip_local_deliver_finish genl_family_rcv_msg
ip_protocol_deliver_rcu genl_family_rcv_msg_doit
tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit
tcp_v4_do_rcv mptcp_nl_remove_addrs_list
tcp_rcv_established mptcp_pm_remove_addrs_and_subflows
tcp_data_queue remove_anno_list_by_saddr
mptcp_incoming_options mptcp_pm_del_add_timer
mptcp_pm_del_add_timer kfree(entry)
In remove_anno_list_by_saddr(running on CPU2), after leaving the critical
zone protected by "pm.lock", the entry will be released, which leads to the
occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).
Keeping a reference to add_timer inside the lock, and calling
sk_stop_timer_sync() with this reference, instead of "entry->add_timer".
Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,
do not directly access any members of the entry outside the pm lock, which
can avoid similar "entry->x" uaf.
Fixes: 00cfd77b90 ("mptcp: retransmit ADD_ADDR when timeout")
Cc: stable@vger.kernel.org
Reported-and-tested-by: syzbot+f3a31fb909db9b2a5c4d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f3a31fb909db9b2a5c4d
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://patch.msgid.link/tencent_7142963A37944B4A74EF76CD66EA3C253609@qq.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The number of transmit and receive descriptors must be a multiple of 128
due to the hardware limitation. If it is set to a multiple of 8 instead of
a multiple 128, the queues will easily be hung.
Cc: stable@vger.kernel.org
Fixes: 883b5984a5 ("net: wangxun: add ethtool_ops for ring parameters")
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20240910095629.570674-1-jiawenwu@trustnetic.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The TAS module could not be configured when it's running in pending
status. We need disable the module and configure it again. However, the
pending status is not cleared after the module disabled. TC taprio set
will always return busy even it's disabled.
For example, a user uses tc-taprio to configure Qbv and a future
basetime. The TAS module will run in a pending status. There is no way
to reconfigure Qbv, it always returns busy.
Actually the TAS module can be reconfigured when it's disabled. So it
doesn't need to check the pending status if the TAS module is disabled.
After the patch, user can delete the tc taprio configuration to disable
Qbv and reconfigure it again.
Fixes: de143c0e27 ("net: dsa: felix: Configure Time-Aware Scheduler via taprio offload")
Signed-off-by: Xiaoliang Yang <xiaoliang.yang_1@nxp.com>
Link: https://patch.msgid.link/20240906093550.29985-1-xiaoliang.yang_1@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
In the function hsr_proxy_annouance() added in the previous commit
5f703ce5c9 ("net: hsr: Send supervisory frames to HSR network
with ProxyNodeTable data"), the return value of the hsr_port_get_hsr()
function is not checked to be a NULL pointer, which causes a NULL
pointer dereference.
To solve this, we need to add code to check whether the return value
of hsr_port_get_hsr() is NULL.
Reported-by: syzbot+02a42d9b1bd395cbcab4@syzkaller.appspotmail.com
Fixes: 5f703ce5c9 ("net: hsr: Send supervisory frames to HSR network with ProxyNodeTable data")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Acked-by: Lukasz Majewski <lukma@denx.de>
Link: https://patch.msgid.link/20240907190341.162289-1-aha310510@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Matthieu Baerts says:
====================
selftests: mptcp: misc. small fixes
Here are some various fixes for the MPTCP selftests.
Patch 1 fixes a recently modified test to continue to work as expected
on older kernels. This is a fix for a recent fix that can be backported
up to v5.15.
Patch 2 and 3 include dependences when exporting or installing the
tests. Two fixes for v6.11-rc1.
====================
Link: https://patch.msgid.link/20240910-net-selftests-mptcp-fix-install-v1-0-8f124aa9156d@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Similar to the previous commit, the net_helper.sh file from the parent
directory is used by the MPTCP selftests and it needs to be present when
running the tests.
This file then needs to be listed in the Makefile to be included when
exporting or installing the tests, e.g. with:
make -C tools/testing/selftests \
TARGETS=net/mptcp \
install INSTALL_PATH=$KSFT_INSTALL_PATH
cd $KSFT_INSTALL_PATH
./run_kselftest.sh -c net/mptcp
Fixes: 1af3bc912e ("selftests: mptcp: lib: use wait_local_port_listen helper")
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20240910-net-selftests-mptcp-fix-install-v1-3-8f124aa9156d@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>