Commit Graph

1296726 Commits

Author SHA1 Message Date
Tiezhu Yang
b8468bd92a LoongArch: Enable objtool for Clang
For now, it can enable objtool for Clang, just remove !CC_IS_CLANG for
HAVE_OBJTOOL in arch/loongarch/Kconfig.

Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2024-09-17 22:23:09 +08:00
Tiezhu Yang
da5b2ad1c2 objtool: Handle frame pointer related instructions
After commit a0f7085f6a ("LoongArch: Add RANDOMIZE_KSTACK_OFFSET
support"), there are three new instructions "addi.d $fp, $sp, 32",
"sub.d $sp, $sp, $t0" and "addi.d $sp, $fp, -32" for the secondary
stack in do_syscall(), then there is a objtool warning "return with
modified stack frame" and no handle_syscall() which is the previous
frame of do_syscall() in the call trace when executing the command
"echo l > /proc/sysrq-trigger".

objdump shows something like this:

0000000000000000 <do_syscall>:
   0:   02ff8063        addi.d          $sp, $sp, -32
   4:   29c04076        st.d            $fp, $sp, 16
   8:   29c02077        st.d            $s0, $sp, 8
   c:   29c06061        st.d            $ra, $sp, 24
  10:   02c08076        addi.d          $fp, $sp, 32
  ...
  74:   0011b063        sub.d           $sp, $sp, $t0
  ...
  a8:   4c000181        jirl            $ra, $t0, 0
  ...
  dc:   02ff82c3        addi.d          $sp, $fp, -32
  e0:   28c06061        ld.d            $ra, $sp, 24
  e4:   28c04076        ld.d            $fp, $sp, 16
  e8:   28c02077        ld.d            $s0, $sp, 8
  ec:   02c08063        addi.d          $sp, $sp, 32
  f0:   4c000020        jirl            $zero, $ra, 0

The instruction "sub.d $sp, $sp, $t0" changes the stack bottom and the
new stack size is a random value, in order to find the return address of
do_syscall() which is stored in the original stack frame after executing
"jirl $ra, $t0, 0", it should use fp which points to the original stack
top.

At the beginning, the thought is tended to decode the secondary stack
instruction "sub.d $sp, $sp, $t0" and set it as a label, then check this
label for the two frame pointer instructions to change the cfa base and
cfa offset during the period of secondary stack in update_cfi_state().
This is valid for GCC but invalid for Clang due to there are different
secondary stack instructions for ClangBuiltLinux on LoongArch, something
like this:

0000000000000000 <do_syscall>:
  ...
  88:   00119064        sub.d           $a0, $sp, $a0
  8c:   00150083        or              $sp, $a0, $zero
  ...

Actually, it equals to a single instruction "sub.d $sp, $sp, $a0", but
there is no proper condition to check it as a label like GCC, and so the
beginning thought is not a good way.

Essentially, there are two special frame pointer instructions which are
"addi.d $fp, $sp, imm" and "addi.d $sp, $fp, imm", the first one points
fp to the original stack top and the second one restores the original
stack bottom from fp.

Based on the above analysis, in order to avoid adding an arch-specific
update_cfi_state(), we just add a member "frame_pointer" in the "struct
symbol" as a label to avoid affecting the current normal case, then set
it as true only if there is "addi.d $sp, $fp, imm". The last is to check
this label for the two frame pointer instructions to change the cfa base
and cfa offset in update_cfi_state().

Tested with the following two configs:
(1) CONFIG_RANDOMIZE_KSTACK_OFFSET=y &&
    CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=n
(2) CONFIG_RANDOMIZE_KSTACK_OFFSET=y &&
    CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y

By the way, there is no effect for x86 with this patch, tested on the
x86 machine with Fedora 40 system.

Cc: stable@vger.kernel.org # 6.9+
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2024-09-17 22:23:09 +08:00
Huacai Chen
987cbafe62 Merge tag 'irq-core-2024-09-16' into loongarch-next
LoongArch architecture changes for 6.12 depend on the irq core
changes about AVEC irqchip to avoid confliction, so merge them
to create a base.
2024-09-17 22:20:12 +08:00
Linus Torvalds
98f7e32f20 Linux 6.11 2024-09-15 16:57:56 +02:00
Linus Torvalds
d42f7708e2 Do not always honor guest PAT on CPUs that support self-snoop.
This triggers an issue in the bochsdrm driver, which used ioremap()
 instead of ioremap_wc() to map the video RAM.  The revert lets video
 RAM use the WB memory type instead of the slower UC memory type.
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmbmhVcUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroPC8gf9GT8ynM3/+csYTKKvJ3acvhvFoIl0
 xzptkWh9tal7H1jPG+BFq44o8DbAcb9u5pxPng9ng5ojmPwticBRWt6dpWyKurTm
 WKT2JRCV/6/sPDu8WrMLli9c/9P85ETFAyAPyr4CO4/rPg173qtLT5zxWjsLi0xz
 ZtVdAdHj041skYH8REYyRm2zolq/PIj7TWWAYZVRWgX2AkQeRq//g51MpBgLfbYt
 BNL7TLqpaD3ZSNHXsTZDn3c1jh9VnPGFPa+QSq2a6JgPPqCuJzs7RpPwMzTRlkoT
 agdRf8Wj082u1kqMGCHLXHGQybevauLs+yQYRkojpxj774PPNzH3kEGOEA==
 =9Eo3
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-6.11' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fix from Paolo Bonzini:
 "Do not always honor guest PAT on CPUs that support self-snoop.

  This triggers an issue in the bochsdrm driver, which used ioremap()
  instead of ioremap_wc() to map the video RAM.

  The revert lets video RAM use the WB memory type instead of the slower
  UC memory type"

* tag 'for-linus-6.11' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  Revert "KVM: VMX: Always honor guest PAT on CPUs that support self-snoop"
2024-09-15 09:35:50 +02:00
Paolo Bonzini
9d70f3fec1 Revert "KVM: VMX: Always honor guest PAT on CPUs that support self-snoop"
This reverts commit 377b2f359d.

This caused a regression with the bochsdrm driver, which used ioremap()
instead of ioremap_wc() to map the video RAM.  After the commit, the
WB memory type is used without the IGNORE_PAT, resulting in the slower
UC memory type.  In fact, UC is slow enough to basically cause guests
to not boot... but only on new processors such as Sapphire Rapids and
Cascade Lake.  Coffee Lake for example works properly, though that might
also be an effect of being on a larger, more NUMA system.

The driver has been fixed but that does not help older guests.  Until we
figure out whether Cascade Lake and newer processors are working as
intended, revert the commit.  Long term we might add a quirk, but the
details depend on whether the processors are working as intended: for
example if they are, the quirk might reference bochs-compatible devices,
e.g. in the name and documentation, so that userspace can disable the
quirk by default and only leave it enabled if such a device is being
exposed to the guest.

If instead this is actually a bug in CLX+, then the actions we need to
take are different and depend on the actual cause of the bug.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-09-15 02:49:33 -04:00
Linus Torvalds
0babf68378 Pin control fixes for the v6.11 series:
- One Intel patch that I mistakedly merged into for-next
   despite it belongs in fixes: add Arrow Lake-H/U ACPI
   ID so this Arrow Lake chip probes.
 
 - One fix making the CY895x0 reg cache work, which is
   good because it makes the device work too.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmblfkEACgkQQRCzN7AZ
 XXPItw/+MeHzTyU2FPuiqspNiBlkBDpClAMcoBLiFDJdPGkbw8pZUVMSRrxOy5pe
 tR8hNDtrLFZkCTIikXfMjOGhQ6uRc/BbRg/+AFCSXZyNfLQqjmTrk7kx89mqIy+R
 +Wdj+TDTrXCQHVKzvdo6iB9fw5Gg02/MMMIMdFpx9M+OQXILsyyQCPaHn3RWZaCR
 7TLVnPrqLuA1KZQXLDXj/Bk0yFpiQWD8KxlHNLcrHqoLxtfmDyva7J0zJRUQeLcK
 aaPsVc4IlUgO4JIX42a+8hrQX+QaYAbY5ekOsVpGogQQ/yepseNmpFNhN96j+GGQ
 6e541DnY0oaM2GmxbllsevIa8MY7Zlue5ehSEvSGoaYOrqvaruZedyURFQHRaceq
 Jz86yQxDMMxbZ3S4Mn+ED1L8eXQlJAI6ylWcYDx/LWDcyblNWQCID1cNgIMoohFm
 12qC7X4joP4eLWBGCNBQab0ZPOcAsrLUgCBFD/3/LCL4tfA9Cvudp6j5TyQXmTNC
 LUPhw9mFk1Eywt9aiHEqOK9V1JZW7ovXdUUuVHNCn6LslZ1vtdNKlIxScPDp9Js5
 iILAlt4EQ34uXsDi4s6LyKF/9W+imRM8mVEdMa5cNIizk8Xn/VDo7tM6J6Zz0CIu
 tUBKZBhbmqoZldcaWco+aBQ1nwYGBSgu4W7JQZrtdXlFh5lQ2dU=
 =USa2
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v6.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:

 - One Intel patch that I mistakenly merged into for-next despite it
   belonging in fixes: add Arrow Lake-H/U ACPI ID so this Arrow Lake
   chip probes.

 - One fix making the CY895x0 reg cache work, which is good because it
   makes the device work too.

* tag 'pinctrl-v6.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: pinctrl-cy8c95x0: Fix regcache
  pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
2024-09-14 16:58:02 +02:00
Linus Torvalds
57719771a2 sound fixes for 6.11
A few last-minute ASoC fixes and MAINTAINERS update.
 All look small, obvious and nice-to-have fixes for 6.11-final.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmblRZoOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE96zQ/+J77zhEva91kC80LasGa2GlggPIac4hRwBktp
 Xchn4TzeJ5ij/o2IHJnV0GnsUttac2n5INq/eYEbqZpvm0mDESLm3+5qsPOdGYeO
 bQcouXl9+Ju+9y7HymN0lnMSc7UX/NP7Yjjtx97io56Il+Obj2sYjgOhXeDHqq5J
 iZtZl21c0OTD4NPJ1atjtztm3fpgpCv3qP3H5R/+KU4VE3JyXjL9fB7SWfqfamwS
 /L9wERhyaOSi3Tut0olQblQcgIwpLdnf9bvK31uLrwzxMtxw92sOfBuOhoCUXb+2
 rk2l93eW/hLeFbSTLgU+jePN8/YphnFKAr7qysL3SwEw/H6h1al8Rl74h9AFuNxW
 zRjmGaCOQwSLp2UHf2Qwo5F1yynApOhAKYHm0djUKjZfUTswPAGqRYcQaW2tL4DR
 71LjWvwnLGi1uupG+bNWP5L1p0YGQE4rk/QNbv/gYLXPwBI3bMheQjrNhv0Pqk/r
 3FflZTJcjt1KJ3yNw9CkGAhGRnA7YIoZ9DcuGaqi63wl04K2fDH6NWLZ6CbGqlyO
 yBs8eJK4ehZJDm9Knn3zFC9CEM9z6VA0i5aIo13v7G3I1yISxhdAp8NOCqJkl+yQ
 utCsfCyvK0tvVy0u0zOE3w6JZ5Z2u7Q6TGe/LkTKjsF6Na21hueU6wLlUhCtFhu2
 y9jFImk=
 =GUM8
 -----END PGP SIGNATURE-----

Merge tag 'sound-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A few last-minute ASoC fixes and MAINTAINERS update.

  All look small, obvious and nice-to-have fixes for 6.11-final"

* tag 'sound-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ASoC: meson: axg-card: fix 'use-after-free'
  ASoC: codecs: avoid possible garbage value in peb2466_reg_read()
  MAINTAINERS: update Pierre Bossart's email and role
  ASoC: tas2781: fix to save the dsp bin file name into the correct array in case name_prefix is not NULL
  ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item
  ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item
2024-09-14 11:54:24 +02:00
Linus Torvalds
d9bc226584 fix for packet signing of write
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmbk8HsACgkQiiy9cAdy
 T1Fklgv/ejyQXCCLVWCQoYFxjMtOEGQkITsq2XYjjbyFv8hQGmvFDPbm+/NmZ+SL
 9hER3CjrcDHPaidTWI/1mKCR5+vcjOLqmSC2GF/nsd9x2OdsxpIXazihKPt3nRh4
 4RSeAyNbmRAxi5auBQmW+gfBEquwkqdJbBkZyTbKmfcpWNyJWDZp6LpdKyTTLK6Z
 448QqFWLGNmO5cZDuYSl7R+J2DsCNmpe7vDKUX4dO/aU+fg0+OcCgRWxgYfEPk7b
 Mtizf1soBxVE72yDgRpr6ARr7YIBHRhtC2e5xLb62yvslqk8y5qrqL1u5WU7F1d/
 h0PYE/5YMSvjJxXRMSrfPFyq0yPwsGZJK4epkKxtLV0WC4hNnSWLrg0JNOPZVF5k
 OsofXUOSbtUQkwT/T3epp54Z83bzRUxgdbD80OfFM2SmglZY2zjTAcCUzxEwp56T
 q7ehhmZrl23FzrkFBkQcZbBP3PCKBJ4iPevTLnNt2xsLVjnAVQE9Ss5EIqCYh/Ge
 D3NsmmhS
 =ygm/
 -----END PGP SIGNATURE-----

Merge tag '6.11-rc7-SMB3-client-fix' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fix from Steve French:
 "Fix for packet signing of write"

* tag '6.11-rc7-SMB3-client-fix' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Fix signature miscalculation
2024-09-14 11:43:24 +02:00
Takashi Iwai
134536c212 ASoC: Fixes for v6.11
A few last minute fixes, plus an update for Pierre's contact details and
 status.  It'd be good to get these into v6.11 (especially the
 MAINTAINERS update) but it wouldn't be the end of the world if they
 waited for the merge window, none of them are super remarkable and it's
 just a question of timing that they're last minute.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmbkhH0ACgkQJNaLcl1U
 h9BoIQf+JXnJ0ue9/Jk/jMrXm9IsbXFV0ejhRX1+QYNVsucMymoqPl3mlK0gklFi
 j16V7P6aNUnm0Z8eOct24T/5INKiwBIWQH3FdnzHbMhf7xswIHBittMk9A0T5twH
 l+RWeYRjCE6YCuGnnWGC33j+0itN5cQLI0lP4bStJxiWV+uxUOk7QK12legYoWNG
 rvboiJIxBAJ04xogCIXNeTQmaxOU6GTvuoD/yz+e4G0+UDET1nijRpfTcJLs1Vam
 ngebgCrkBG2nOk9z5p1FEt85ullp34H6SNQ9b+tChsrKH/RPEcqk3iWrOHUApYON
 82tj9pCZq9mbeqZJSseWnvyhPm7uOw==
 =BJvu
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v6.11-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v6.11

A few last minute fixes, plus an update for Pierre's contact details and
status.  It'd be good to get these into v6.11 (especially the
MAINTAINERS update) but it wouldn't be the end of the world if they
waited for the merge window, none of them are super remarkable and it's
just a question of timing that they're last minute.
2024-09-14 09:09:11 +02:00
Linus Torvalds
b7718454f9 pci-v6.11-fixes-4
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmbknjoUHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vz5GRAAtaSwzbY1pI6kBQbTgnI5V0fSw/uK
 Elo5Hq8gp5fosAwLKMefOpdiF4h73H4fEpkYwP5pQIaTK1EhUtQVVx97+rMAyAIR
 AWA9300Ae2fZD9lmOUwZoPrljCo1ld7X5hwxFi5+r1Xxlg8RuObdn2Nb2Jrqy2Xn
 y3uTEuarzNwaleHN9k2jrmuERgLZ4ZxHF/613vi44RE9WWcy3OM29BcF2v8mJfif
 zgUVFjxRzsfL+mLyTiOBf5+MGXc0LiG2FVbSof1wWzJnyAox//b6aGankZscFFX3
 o9p9htH/DHi7LhX+G4OyHjEhSTDP6nSZ3UWD1F++tQVMc3Fx/AlO1iI/jB5KaPov
 ON38AVhvEAeSb0SNXPBkDqZNlJqI/1reUWR/2ApP6/A3B9wbeCa9zrM5McpncYSv
 HfFPN8pVwpGUSA0/vnAkDmm0yH1XGxVcEgITXNySZguhVmkqqQPFjXcOv1wNAEPW
 RwiagjAX4DPbIYb9W2AVygu412CIIWFxsjyyLPTIkW/80InmMyFKS87Y5klmdt3t
 7ENmdxeI8O99l2LvalXNKfLRWVdMh3VxP1CXWE5qzpISLAYeIO/Qiqi+vmiek7sL
 +Eihmaa3/cGYUzVcbqSGbYpAq8VWQ0DLCgabYpnqB5PKvk70Xe5PKFM41xDnTOC/
 5EcQ5wBGcJbaD54=
 =i+4X
 -----END PGP SIGNATURE-----

Merge tag 'pci-v6.11-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci

Pull pci fix from Bjorn Helgaas:

 - Prevent a possible deadlock (reported by lockdep) when a driver
   relinquishes a pci_dev, another driver claims it, and one uses
   managed pcim_enable_device() and the other doesn't (Philipp Stanner)

* tag 'pci-v6.11-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
  PCI: Fix potential deadlock in pcim_intx()
2024-09-13 14:10:17 -07:00
Linus Torvalds
e936e7d4a8 spi: Fixes for v6.11
A few last minute fixes for v6.11, they're all individually unremarkable
 and only last minute due to when they came in.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmbkhAUACgkQJNaLcl1U
 h9BpZwf+KiV2aTGSouHZsIM2hNcZr8Nm+DH8aJgRWzeddqZ2JD6Hwi1YaUckd1sC
 rbXz6jMvjeG4EbVAokLyb3NudKa5GSoWmMKKeod620bX0Q9PAv+HpRiPK5/i5IFH
 HFHlpjRScpchc/vISgPk0ELgc5eq0jdRZHS5vUWw2tdkc6dmwjb5nPNO4lHxpbYx
 /ETQup7iPW9kfe5fUwWFhvD1MxHIwe1CGUtQLLZQPJdVaHWRD9AIZMTPu7DX0C6V
 PLckCBwzZN+fWUX3xnxfveYG++pdNWaVFFjuRZdKVbNT7SgF7VawTaIK7BxCuqeV
 fNuwheKH/lfzmdXlYGFVLjvyfVfSww==
 =W3IJ
 -----END PGP SIGNATURE-----

Merge tag 'spi-fix-v6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

Pull spi fixes from Mark Brown:
 "A few last minute fixes for v6.11, they're all individually
  unremarkable and only last minute due to when they came in"

* tag 'spi-fix-v6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: nxp-fspi: fix the KASAN report out-of-bounds bug
  spi: geni-qcom: Fix incorrect free_irq() sequence
  spi: geni-qcom: Undo runtime PM changes at driver exit time
2024-09-13 11:46:05 -07:00
Linus Torvalds
1136ced48b soundwire final fixes for 6.11
- Revert of earlier fix sent for non-continuous port map programming
   which caused regression on Intel platforms
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmbkIiMACgkQfBQHDyUj
 g0cfsA/8Cb3T7obP8Fw/wDpSf6SfeUt6oFJsgKGFmWG5Jq6mrv6jVS0n+LIWa0um
 TtKmXVL81fGXV0Jz2br22/3iQDNNIetlzNZfGFGlkwmz3faWj3ugggNmKKcjINdj
 u2iYdJk01l+5i44IZqJgRqtXlUCaLWK89UZGrqxtFRJm4v1s/N4VPjAa3WXCcNFX
 blJtZS2e1Ox5tuj4PN7CFJczNa7hr5sVgq/bciBxhGy940zPLSJfGEHdBjhumOx+
 RBLMV6yyfbiGdON7MtZtzA0PpLGV8JLXKa80A/PvP8ITLo0IS+wRbEmIkp69jMLZ
 Zg8tPvBJ5I7Uw069J2HKLhIE+Tt/C6MgY/rfxSKkBXcbiZ6EZgs2qKaJF0ct0AHF
 cHhQM1K8LGkQhSnPVZBkxWmwlLrBHTv7FfAZOOGW7R+aWiEPHYTh/qLFxDEChm3W
 6JOx/3eJj6n/6i4kCWx74p2A9SEERZNxQHY9vZabVF1iK6cKuMYEgRQIz8OGK/dx
 d6qmk6OJG3e0XycWPeAB6lJlNK3dx508wXcz6LcQ2ywrQ9PC4k449RSrfeGUqhrk
 1Iz3KIYtXoEj4sbWemShKtTJRqMe3pM1IFb/AvsKCGPqOR+7yM3ahyKIsUenHR2o
 ZpmWpdkdax4PjvHp6IHtVsbpJbQTeSS2dKHa3ndmuh+KgWWFRh4=
 =jVK0
 -----END PGP SIGNATURE-----

Merge tag 'soundwire-6.11-fixes_2' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire

Pull soundwire fix from Vinod Koul:

 - Revert of earlier fix sent for non-continuous port map programming
   which caused regression on Intel platforms

* tag 'soundwire-6.11-fixes_2' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire:
  soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps"
2024-09-13 11:23:58 -07:00
Linus Torvalds
46040ea8a6 drm fixes for 6.11-rc8
dma-buf/heaps:
 - fix off by one in CMA heap fault handler
 
 syncobj:
 - fix syncobj leak in drm_syncobj_eventfd_ioctl
 
 amdgpu:
 - Avoid races between set_drr() functions and dc_state_destruct()
 - Fix regerssion related to zpos
 - Fix regression related to overlay cursor
 - SMU 14.x updates
 - JPEG fixes
 - Silence an UBSAN warning
 
 amdkfd:
 - Fetch cacheline size from IP discovery
 
 i915:
 - Prevent a possible int overflow in wq offsets
 
 xe:
 - Remove a double include
 - Fix null checks and UAF
 - Fix access_ok check in user_fence_create
 - Fix compat IS_DISPLAY_STEP() range
 - OA fix
 - Fixes in show_meminfo
 
 nouveau:
 - fix GP10x regression on boot
 
 stm:
 - add COMMON_CLK dep
 
 rockchip:
 - iommu api change
 
 tegra:
 - iommu api change
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmbj3jUACgkQDHTzWXnE
 hr5WBxAAg2WeN5VUFR5Cv05hBGTSF1A+fRVzB0cID6rs+/nTYNc91FZFH5xtV/kP
 Wkn/mNjCLVIAciwi0jkME68xhSlWdttmrfZwRhBczfn2FLC/b0yB2eXUFd+2fQQQ
 dj8Ff+w+EB2KL8mkWiD/o5CjXd9UueL2TlWLU4bOw2pW90hFWnWeCmvD/mL0Ii4T
 PeLPBRmRXDQsynctN+WA1mLgHCS9U5lKhKsREU+SIU2jLSZLVvBZ8Fhrk+EDz/Cb
 djVdnOlKPRA7Hh4TJAPzm8O51uPYUiRAWe6Ayo0wygdB8BnBUMZHXrzg1bDiz7TU
 NySLAddEYr6ASqb9RLFgJxSt3znAEmbtqsNBto4oPX8N30nLJsVJPlOP63Ef2jpn
 OUSczrMEFNwG0ZZ75IkHu2EqILt5+Q5+VyNszfl4f8uIT3ApAUzK2Rz7s2R9Qc9f
 2YT68P79ojEgcKwFFsNgCgAM3NYd05gttr4J16GRIyLA8WD+yDL0eCaj+ZwQH1EP
 yMZrm0go5fANf0WTz5u+9SyG1sELExKdmHl71bpzybt9/YCfkRpx/snZp01ow6fz
 ci9xkqPn5RH1zFFgiSpJpsoIcDLo7tUGxyrmh5+41/4C0CbcxjCsIfcKKMDDIw4S
 FW18o8umh9neB8X8L4IYzD0/XfUZAlVBLyuCl+RHMjxe0eVHYdc=
 =YpZO
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2024-09-13' of https://gitlab.freedesktop.org/drm/kernel

Pull drm fixes from Dave Airlie:
 "Regular fixes pull, the amdgpu JPEG engine fixes are probably the
  biggest, they look to block some register accessing, otherwise there
  are just minor fixes and regression fixes all over.

  nouveau had a regression report going back a few kernels that finally
  got fixed, Not entirely happy with so many changes so late, but they
  all seem quite benign apart from the jpeg one.

  dma-buf/heaps:
   - fix off by one in CMA heap fault handler

  syncobj:
   - fix syncobj leak in drm_syncobj_eventfd_ioctl

  amdgpu:
   - Avoid races between set_drr() functions and dc_state_destruct()
   - Fix regerssion related to zpos
   - Fix regression related to overlay cursor
   - SMU 14.x updates
   - JPEG fixes
   - Silence an UBSAN warning

  amdkfd:
   - Fetch cacheline size from IP discovery

  i915:
   - Prevent a possible int overflow in wq offsets

  xe:
   - Remove a double include
   - Fix null checks and UAF
   - Fix access_ok check in user_fence_create
   - Fix compat IS_DISPLAY_STEP() range
   - OA fix
   - Fixes in show_meminfo

  nouveau:
   - fix GP10x regression on boot

  stm:
   - add COMMON_CLK dep

  rockchip:
   - iommu api change

  tegra:
   - iommu api change"

* tag 'drm-fixes-2024-09-13' of https://gitlab.freedesktop.org/drm/kernel: (25 commits)
  drm/xe/client: add missing bo locking in show_meminfo()
  drm/xe/client: fix deadlock in show_meminfo()
  drm/xe/oa: Enable Xe2+ PES disaggregation
  drm/xe/display: fix compat IS_DISPLAY_STEP() range end
  drm/xe: Fix access_ok check in user_fence_create
  drm/xe: Fix possible UAF in guc_exec_queue_process_msg
  drm/xe: Remove fence check from send_tlb_invalidation
  drm/xe/gt: Remove double include
  drm/amd/display: Add all planes on CRTC to state for overlay cursor
  drm/amdgpu/atomfirmware: Silence UBSAN warning
  drm/amd/amdgpu: apply command submission parser for JPEG v1
  drm/amd/amdgpu: apply command submission parser for JPEG v2+
  drm/amd/pm: fix the pp_dpm_pcie issue on smu v14.0.2/3
  drm/amd/pm: update the features set on smu v14.0.2/3
  drm/amd/display: Do not reset planes based on crtc zpos_changed
  drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
  drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
  drm/amdkfd: Add cache line size info
  drm/tegra: Use iommu_paging_domain_alloc()
  drm/rockchip: Use iommu_paging_domain_alloc()
  ...
2024-09-13 10:55:59 -07:00
Patrick Rudolph
71e4001a04 pinctrl: pinctrl-cy8c95x0: Fix regcache
The size of the mux stride was off by one, which could result in
invalid pin configuration on the device side or invalid state
readings on the software side.

While on it also update the code and:
- Increase the mux stride size to 16
- Align the virtual muxed regmap range to 16
- Start the regmap window at the selector
- Mark reserved registers as not-readable

Fixes: 8670de9fae ("pinctrl: cy8c95x0: Use regmap ranges")
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reported-by: Andy Shevchenko <andy@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/20240902072859.583490-1-patrick.rudolph@9elements.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2024-09-13 13:14:18 +02:00
Linus Walleij
d7c9ec3b07 intel-pinctrl for v6.11-1
This includes a new ACPI ID that is added to the Intel Meteor Lake
 driver to support recent Intel Arrow Lake hardware.
 -----BEGIN PGP SIGNATURE-----
 
 iQJUBAABCgA+FiEEVTdhRGBbNzLrSUBaAP2fSd+ZWKAFAmaxzMwgHG1pa2Eud2Vz
 dGVyYmVyZ0BsaW51eC5pbnRlbC5jb20ACgkQAP2fSd+ZWKBHKxAAka3ovlC1kW5X
 dQK9wX10cv7zTe46ZZCaQ6IKZwkFSqpE3OWa1Nu1OdLMHYLgESSUERbt1YdiXfdT
 BH2UV8Vvca9ioFqCJFusf7zZvewuuCb9gJ7dgsSbgE65EFbV8gFHh8XT0TnbtoCd
 88sBINYyW5a7yN3N/qvBF+Zb0t23c+bKTwYkINOKOUO+EzOubpMK3L67CSkdMk+i
 1KMCGbgwX/TMCewBCGR+pDADVoDKAR8vkwm0qnb4iU1BSHxo+3AuR4T+h/S7NBad
 WqypmcOCw87URri+U+Y7swNEPrPqs7mfvsFRGL3oSqyTH0S/bGofU8pqKs156IHQ
 RmUXQXFdodkMZ4V85hck0JFsPk5ieIXlzpIyNWdl8tCPuTjfDOWL4XRaCjejcO+J
 7CQIpAEIV7sZ4dp0qV7dK1IAqYs/q16uKQZuKoVsqPIdHY5/k7k8aS2d/9PExXjm
 4EoEAaQQu39+dpF6EpJIYr12V1wO8IAN4vQ8dn4bG7jhsqM6XcuIZ9ANYBpAdJNM
 7wohIcepwI+sZLwHSXIvfbzzYEdG1UnWl5FfOEJfyayKzuzNSGlG7mSjHvIsQM46
 krJG93aj81qqt1BSATcXbmp3jnFXvd3+9YNdogtSZa0l3m1W2XpRulemaXWxqwXN
 KeiSIpWktVFaegiTMXE/uicloYGdfbU=
 =Mbpf
 -----END PGP SIGNATURE-----

Merge tag 'intel-pinctrl-v6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pinctrl/intel into fixes

intel-pinctrl for v6.11-1

This includes a new ACPI ID that is added to the Intel Meteor Lake
driver to support recent Intel Arrow Lake hardware.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2024-09-13 13:09:05 +02:00
Dave Airlie
135be1dc46 - Remove a double include (Lucas)
- Fix null checks and UAF (Brost)
 - Fix access_ok check in user_fence_create (Nirmoy)
 - Fix compat IS_DISPLAY_STEP() range (Jani)
 - OA fix (Ashutosh)
 - Fixes in show_meminfo (Auld)
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmbi/gkACgkQ+mJfZA7r
 E8pUvAf7Bk9XRNp4yXGPQB6xXohH6Z3KiuOTtkApGgbhpUvi24ZQqyoNqghY+rRf
 vcUUudufkwNv7GRhoQ9xLdM8+5wuK6BfhBjpSA58lz1CdwcmpYZKKwMUdoEXroY/
 G7d1BVAV3T0i1L3KtBudanPdtp0jBTS1KmELwv1D9yM2eBQNdAmU4m/KaR84zFBa
 IJe+eQjAm6o7gk5XFJfb+FrnN5ForlC8KJfWksy5d4jiVrbi5RFZOZCdeCwDTPTe
 gIORBRnKtFF7jyABjNoMU6b30/iFyUU3gxF+RQcrxbk6vNDuI0oixGuE/z8n6vFT
 +i3jG4sJ4d+HC/9LXZKvrIlA5q0rVg==
 =1RYw
 -----END PGP SIGNATURE-----

Merge tag 'drm-xe-fixes-2024-09-12' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes

- Remove a double include (Lucas)
- Fix null checks and UAF (Brost)
- Fix access_ok check in user_fence_create (Nirmoy)
- Fix compat IS_DISPLAY_STEP() range (Jani)
- OA fix (Ashutosh)
- Fixes in show_meminfo (Auld)

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/ZuL-sORu54zfz1Lf@intel.com
2024-09-13 15:18:18 +10:00
Dave Airlie
690e516e98 An off-by-one fix for the CMA DMA-buf heap, An init fix for nouveau, a
config dependency fix for stm, a syncobj leak fix, and two iommu fixes
 for tegra and rockchip.
 -----BEGIN PGP SIGNATURE-----
 
 iJUEABMJAB0WIQTkHFbLp4ejekA/qfgnX84Zoj2+dgUCZuKq/QAKCRAnX84Zoj2+
 djX/AX9yH6TTbCOGSJ2BF6No8RXE0kNOi/AaS0dr+WuUetXsMcjQ2g4ttbMVKh/o
 RefF0n8BgN5BWitAA+rkqRWjCPxUPGb6kjPamPp/YEFTcEv/8nvnr344ZPEV6jXe
 7dv+h319Dg==
 =Qvnm
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2024-09-12' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes

An off-by-one fix for the CMA DMA-buf heap, An init fix for nouveau, a
config dependency fix for stm, a syncobj leak fix, and two iommu fixes
for tegra and rockchip.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maxime Ripard <mripard@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240912-phenomenal-upbeat-grouse-a26781@houat
2024-09-13 14:48:03 +10:00
Dave Airlie
bb7e19bd6c Merge tag 'drm-intel-fixes-2024-09-12' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes
- Prevent a possible int overflow in wq offsets [guc] (Nikita Zhandarovich)

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Tvrtko Ursulin <tursulin@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/ZuKTN2XngNhBB3z3@linux
2024-09-13 12:18:12 +10:00
Dave Airlie
f5d6c413b1 amd-drm-fixes-6.11-2024-09-11:
amdgpu:
 - Avoid races between set_drr() functions and dc_state_destruct()
 - Fix regerssion related to zpos
 - Fix regression related to overlay cursor
 - SMU 14.x updates
 - JPEG fixes
 - Silence an UBSAN warning
 
 amdkfd:
 - Fetch cacheline size from IP discovery
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZuHMpgAKCRC93/aFa7yZ
 2Kl/AP4vMdYnJTzPr9jB92B9KMltpHdb04VRCiE4WdojXDSSiAEA+US1YwgH0v1O
 ATgtwgy0c9gVTOII6mVWjUS71D12LgE=
 =k1hP
 -----END PGP SIGNATURE-----

Merge tag 'amd-drm-fixes-6.11-2024-09-11' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-6.11-2024-09-11:

amdgpu:
- Avoid races between set_drr() functions and dc_state_destruct()
- Fix regerssion related to zpos
- Fix regression related to overlay cursor
- SMU 14.x updates
- JPEG fixes
- Silence an UBSAN warning

amdkfd:
- Fetch cacheline size from IP discovery

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240911170528.838655-1-alexander.deucher@amd.com
2024-09-13 11:33:47 +10:00
David Howells
5a20b7cb0d cifs: Fix signature miscalculation
Fix the calculation of packet signatures by adding the offset into a page
in the read or write data payload when hashing the pages from it.

Fixes: 39bc58203f ("cifs: Add a function to Hash the contents of an iterator")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Tom Talpey <tom@talpey.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: Rohith Surabattula <rohiths.msft@gmail.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-09-12 19:28:48 -05:00
Linus Torvalds
196145c606 One build fix for 32-bit arches using the Qualcomm PLL driver. It's
cheaper to use a comparison here instead of a division so we just do
 that to fix the build.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAmbjdk4RHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSUNjA/8CYfF/DgogiFcxG2QsG5jDIgFL027PFSN
 FuUZ1kwf0vIMeLT5Oq1baURltaEk4/PbAJEQvF8i5DTXy5sfFKiZzWc6yLFpVsB3
 2FynvH9CBYnSsdFYNn5lD3HNXPNmNuBA528jhTF/AGrES6cBE41kXtxIy0HsptRV
 Zdnh+aD6igygeLcTE3BHaalfHVC13nHm/YABKYGf9kWyCIYy3CxAnT+ODkG5f4R6
 kFWj+dJ3bGs7k2CroOvsVO6bpAaEnrQWu0uvPEL9cZRt8x/daH0ZbtvPHLlbr28H
 0vswkTfhTuj0jCgMY9P0VKkipT53ETVWCzTV8dz/aDuBqfsPMBtZH7I9T/JSlOG9
 ycUGnDfdpHM8yYNpDVXnoY4dgVj/S74eH2rVPpouTnkj3wW7d5OWQAGAObO/uazt
 204vLnXA1uJUbO1HyqloYZId/FF3+Blw7tP9IiMNDv3LFefMhxbURXrevG6RloUg
 BC4O9abauUazh2wJYtoRqpLdui0OAgjkEcdwn/NEzeo7Gchd+c3hNMfBLxYArwnT
 BYPdHXI4vNzqTKAkw6V6J3S3IpcYZWeS+psMxQesUmSqmzFUKt6A81ZXpgJAg6O1
 v7v8EO2iBTM64+Fcw5JAJP7LiHNw6iyNcMrB+grKsLEZMIhWod6Q/kTXnby3P9qz
 mCh2OcXsFjc=
 =ln0u
 -----END PGP SIGNATURE-----

Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fix from Stephen Boyd:
 "One build fix for 32-bit arches using the Qualcomm PLL driver. It's
  cheaper to use a comparison here instead of a division so we just do
  that to fix the build"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: qcom: clk-alpha-pll: Simplify the zonda_pll_adjust_l_val()
2024-09-12 16:32:32 -07:00
Linus Torvalds
b8e7cd09ae block-6.11-20240912
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmbjbd0QHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpqCIEACJZbjdtXxLf1eiJsWw+aTxZ5n2oZH9LtN+
 xToo7Y20/3G7uf92e1BIJY5i3f8HruE8LgAjwbMwzQ7WAq0XSMhn9ir3Z+2q5uoi
 CvKqK27u3AsyeACimPC6k0nAuacl0z2etlc0RjTXsIfl49AJx9AoMf9THDT1GyGw
 svIXDy7Alxa/uImcpPmcVpy/Z6ajCFVonbENeUXMml7XlnCBeN0ejl+86NiRobo/
 opfY+YhUYlaKq4ZVDvjnsb4gwEjrO4QLY85Mc0pHUllK6OpTb1bVpx49IrU2EKqu
 5MzqvnuM/t+gWn2InOFl7zE2fE5hhuilGpUUogcbuE2Xv9s3zk0SSOkbrsnuWEka
 xfMWoI0n3uWH42DUyezPJOUPPTivbxmIKK+W9dFrYMw6ZKwnWSXz/oG7Q8r2rA+1
 SB0i6gYyZhXMyyIgmymyK6erA5QW3ylD4yzK0kltm6X8MSWVTuhrwlocTV1s8K/U
 RN0Nscgyo94JZU8uFp2gJ+gOF2/W46LZSxtYg3Zq6BOaxNZyu+gAryB0rINDw2vq
 wuuei92QOtZghlRisESQ28LhkEAFNuL8g52La49KFD3QJQ6dXSTKM3CZDYl15jvR
 wrRziMTOeLVZYo7zRPgN48csxo0zjYfoDSEDoO3GXzSTWI9o5K2VPZfDIEXMu4dh
 62H+bFKrhw==
 =KRFV
 -----END PGP SIGNATURE-----

Merge tag 'block-6.11-20240912' of git://git.kernel.dk/linux

Pull block fix from Jens Axboe:
 "Just a single fix for a deadlock issue that can happen if someone
  attempts to change the root disk IO scheduler with a module that
  requires loading from disk.

  Changing the scheduler freezes the queue while that operation is
  happening, hence causing a deadlock"

* tag 'block-6.11-20240912' of git://git.kernel.dk/linux:
  block: Prevent deadlocks when switching elevators
2024-09-12 16:02:57 -07:00
Linus Torvalds
fdf042df04 hwmon fixes for v6.11-rc8/v6.11
- Fix clearing status register bits for chips supporting older
   PMBus versions
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEiHPvMQj9QTOCiqgVyx8mb86fmYEFAmbjIKIACgkQyx8mb86f
 mYHbtw/9H9OqgP0ITdt4VCcJoGPvBsTdNGaltJ4b+eBAebNRruG5UAI8bFKMiGpE
 WUIT87RSYs4MQlmvmkZzRNTpVlLqAOTJDaSOLPF4eft9yvXa9FnovtN/XsFoNeDp
 KJYYmo9+hBH7wmQkOinUeQCK8NRGbb5FmG5t0HLyLavHOcMUCbbvuptiSY5lYasy
 hTAeBBHI3INK8kDahXqJsm7TNlfyuxWbAazlmpFZA0Rh3CNcEiluw0b912u9JCer
 4xJbMKyo2KPcjCjZyA57AuqbQZedqawYzwIpZ/c2WbvpEobS7a7sykxF3loh8QVK
 njjjcJczeMkHY8TI2SzR5NcS9MEa8ycECfDidhNK2YbULtyXZypv4q+vNed7Rln7
 f5X9WcmRVPuIzg+Sy2O8p3REtTZzpNHLg4i3myXv+EWkHyTbPQLqOMVXQfJYu0D5
 mpk5hil80UDZs56KRsSvawuKd/s0xtonOmc+eP41o+oUqB2DGKTlzJFCYUyh8Sjr
 ukIwC/7dGlf3UvBLVTkLwuvzhxedKIy7RDRP50AvmPkzqVbzYRB7kUBrOPlXdPK1
 n59tuJlvU6klqJdxmyzn0YOXtqcfeEXINITBNLRwedWp0jnEmWGi96tLcX3VPQXK
 lAsdURYPcDw3s8ZqIgMZKBfZ6HzVaceV1SNErJU2YudeDJ39Pp4=
 =gEd7
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-v6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fix from Guenter Roeck:

 - Fix clearing status register bits for chips supporting older
   PMBus versions

* tag 'hwmon-for-v6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2
2024-09-12 14:27:47 -07:00
Linus Torvalds
5da028864f workqueue: Fixes for v6.11-rc7
Contains the fix for a NULL worker->pool deref bug which can be triggered
 when a worker is created and then destroyed immediately.
 -----BEGIN PGP SIGNATURE-----
 
 iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCZuM5ew4cdGpAa2VybmVs
 Lm9yZwAKCRCxYfJx3gVYGU5RAQCJ13myAx5ZhznE2fkCv8IrMP1y8BhO5eoPI6+o
 0QPgWgD/TMu7hMMZkz0vVHn0euNpwTWB0lOsz1299ukC1wO/tAw=
 =nJ2F
 -----END PGP SIGNATURE-----

Merge tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq

Pull workqueue fix from Tejun Heo:
 "A fix for a NULL worker->pool deref bug which can be triggered when a
  worker is created and then destroyed immediately"

* tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: Clear worker->pool in the worker thread context
2024-09-12 13:11:10 -07:00
Linus Torvalds
8581ae1ea0 RISC-V Fixes for 6.11-rc8
* Two fixes for smp_processor_id() calls in preemptible sections: one if
   the perf driver, and one in the fence.i prctl.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmbjDTkTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiRsKD/428yAcDT6JKjG+jzYnMARDxl+OS0hJ
 KKwfeglvpPXWqZoZlyhPgJMJ/fNalrH/dVwl01a3Aobjy8/JV6W6L2Cc/lwRBNXv
 O+nfCzzJoZs+v7D0MR2Ad101vfToafDaiZ9Q6jH4/9yi/m5zAaIHdEnjYQQW5rLc
 FMnfGDHXo40WkrnjEjefeh7n88d5dtyD3szwS8khSnJulGFRHHWW0XL54wVeY3wE
 NvLKdD5PDR7kzOE6BvofPQ1tIJxpWnE+jqSgHmS1eYKlwwzb1kvtGXiktUl/gcwb
 /+jFgK49gqWMpx1ji+utw4R357uIZY0DPIiMvY7K5PjeY+TXtltTBgfyvjklpLWm
 YrZ1snpMiMl/VTxFYVFMCvowK/DvylvSQ737zwMaxTq/DGwvr8GPuRO1Pnwc/3QZ
 wCLy3rsK56LE46+9IrYeauYNiOl1bd6znuASzrPhr8Ecexm2DW+JZqRRZCMl3UTK
 p9hrr3CxUT4hi0bksjkSOBks7cLNp3Rqa/fEBtM6YKKzSU6NlEoNpuiH7sjh7ETE
 Zk4qUjRPiRcje0XL2NTKfpKSGuxK/xP4188aYA5jZ1QxO/zditk8BrS5WRfgEoPr
 gjNapO25nrnJbgi9PaClMdeYNV//Fi/0vjpDjw6pYfJaZSE0sWMqp5/bWt5Bsy2A
 e/OyJ+U4TPY4vQ==
 =pEDD
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - Two fixes for smp_processor_id() calls in preemptible sections: one
   if the perf driver, and one in the fence.i prctl.

* tag 'riscv-for-linus-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: Disable preemption while handling PR_RISCV_CTX_SW_FENCEI_OFF
  drivers: perf: Fix smp_processor_id() use in preemptible code
2024-09-12 13:03:45 -07:00
Linus Torvalds
5abfdfd402 There is a recently notified BT regression with no fix yet. I
*think* such fix will not land in the next week.
 
 Including fixes from netfilter.
 
 Current release - regressions:
 
   - core: tighten bad gso csum offset check in virtio_net_hdr
 
   - netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
 
   - eth: ice: stop calling pci_disable_device() as we use pcim
 
   - eth: fou: fix null-ptr-deref in GRO.
 
 Current release - new code bugs:
 
   - hsr: prevent NULL pointer dereference in hsr_proxy_announce()
 
 Previous releases - regressions:
 
   - hsr: remove seqnr_lock
 
   - netfilter: nft_socket: fix sk refcount leaks
 
   - mptcp: pm: fix uaf in __timer_delete_sync
 
   - phy: dp83822: fix NULL pointer dereference on DP83825 devices
 
   - eth: revert "virtio_net: rx enable premapped mode by default"
 
   - eth: octeontx2-af: Modify SMQ flush sequence to drop packets
 
 Previous releases - always broken:
 
   - eth: mlx5: fix bridge mode operations when there are no VFs
 
   - eth: igb: Always call igb_xdp_ring_update_tail() under Tx lock
 
 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmbi8isSHHBhYmVuaUBy
 ZWRoYXQuY29tAAoJECkkeY3MjxOkzNsQALiaGTGqOcFwVwchlWOfAuheiDeKtxM6
 LihsxBFFi+s7p5p75yL+ko3mpxz8ZxO3joPNevh+wBy7cOXgEuikPbeNokUsHjeG
 ofmz2B9+CHpf8PL0PgE+oyAi8kTZyn81oDrVLereBJqT50hKXjWbbip/s8niTJaY
 tXsYiJPZgvTFdkkJjV6INrHRWAse/tXP1o+KqIkbuEw8aerlxjOaZ1dubtuzcj3C
 rAwXNU9r6ojqmQLovfUx3Gw/RsMwAGxra0Ni9AdUxiKtqKD7r0dnfNvjUI76HWcf
 S62zMwjKS+DZ/cqiTnsqTIK7HN4gQ/R+W+C7RWlVFhu5CQoX7zL+4pkpbJn3ULEM
 mjFKnBBPoU0ET5hMOXY79iAkGIDiQSpMz5fNi85S0drPLG6ooJxIBBLgFdDspG2f
 7TASuV5Dne3Toh9YMm4mZtgWZTCR85yF8Dzy8kA6/bTNtvVQmMMQh7RYW10SrB1I
 ntDYGQcoxzPVzU42gWaDwa5ubDz6XTxLM6vsweK9mbjm9U1R1GEd6cx2cGvt88oD
 gIgLcrP7szImDzdASb0Ce3kEdKc/g0xMften10MOjPFHJGcehvawwgvRJK8Oz720
 g6Xa+WBwfGF5QrljWVk7V9sGiSK1ssAut81VBO+lBCEFwI8iMzjbjTC9kzCvO6nj
 ZECYg5JZa0XR
 =tbcX
 -----END PGP SIGNATURE-----

Merge tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Paolo Abeni:
 "Including fixes from netfilter.

  There is a recently notified BT regression with no fix yet. I do not
  think a fix will land in the next week.

  Current release - regressions:

   - core: tighten bad gso csum offset check in virtio_net_hdr

   - netfilter: move nf flowtable bpf initialization in
     nf_flow_table_module_init()

   - eth: ice: stop calling pci_disable_device() as we use pcim

   - eth: fou: fix null-ptr-deref in GRO.

  Current release - new code bugs:

   - hsr: prevent NULL pointer dereference in hsr_proxy_announce()

  Previous releases - regressions:

   - hsr: remove seqnr_lock

   - netfilter: nft_socket: fix sk refcount leaks

   - mptcp: pm: fix uaf in __timer_delete_sync

   - phy: dp83822: fix NULL pointer dereference on DP83825 devices

   - eth: revert "virtio_net: rx enable premapped mode by default"

   - eth: octeontx2-af: Modify SMQ flush sequence to drop packets

  Previous releases - always broken:

   - eth: mlx5: fix bridge mode operations when there are no VFs

   - eth: igb: Always call igb_xdp_ring_update_tail() under Tx lock"

* tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (36 commits)
  net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
  net: tighten bad gso csum offset check in virtio_net_hdr
  netlink: specs: mptcp: fix port endianness
  net: dpaa: Pad packets to ETH_ZLEN
  mptcp: pm: Fix uaf in __timer_delete_sync
  net: libwx: fix number of Rx and Tx descriptors
  net: dsa: felix: ignore pending status of TAS module when it's disabled
  net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
  selftests: mptcp: include net_helper.sh file
  selftests: mptcp: include lib.sh file
  selftests: mptcp: join: restrict fullmesh endp on 1st sf
  netfilter: nft_socket: make cgroupsv2 matching work with namespaces
  netfilter: nft_socket: fix sk refcount leaks
  MAINTAINERS: Add ethtool pse-pd to PSE NETWORK DRIVER
  dt-bindings: net: tja11xx: fix the broken binding
  selftests: net: csum: Fix checksums for packets with non-zero padding
  net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
  virtio_net: disable premapped mode by default
  Revert "virtio_net: big mode skip the unmap check"
  Revert "virtio_net: rx remove premapped failover code"
  ...
2024-09-12 12:45:24 -07:00
Linus Torvalds
42c5b51949 platform-drivers-x86 for v6.11-7
Fixes:
 - asus-wmi: Disable OOBE that interferes with backlight control
 - panasonic-laptop: Two fixes to SINF array handling
 
 The following is an automated shortlog grouped by driver:
 
 asus-wmi:
  -  Disable OOBE experience on Zenbook S 16
 
 panasonic-laptop:
  -  Allocate 1 entry extra in the sinf array
  -  Fix SINF array out of bounds accesses
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCZuKxBgAKCRBZrE9hU+XO
 MZWtAP9CFIg02ZzY8ZadQMhV3CmOfojLp9S8mYN9BS91iO9eYwD/deECQ1hG+UHp
 wRjs+8BA9jUtWT3iLyFcA2ZnAdZPCwA=
 =rCeo
 -----END PGP SIGNATURE-----

Merge tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform driver fixes from Ilpo Järvinen:

 - asus-wmi: Disable OOBE that interferes with backlight control

 - panasonic-laptop: Two fixes to SINF array handling

* tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
  platform/x86: asus-wmi: Disable OOBE experience on Zenbook S 16
  platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
  platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
2024-09-12 12:34:39 -07:00
Linus Torvalds
79a61cc3fc mm: avoid leaving partial pfn mappings around in error case
As Jann points out, PFN mappings are special, because unlike normal
memory mappings, there is no lifetime information associated with the
mapping - it is just a raw mapping of PFNs with no reference counting of
a 'struct page'.

That's all very much intentional, but it does mean that it's easy to
mess up the cleanup in case of errors.  Yes, a failed mmap() will always
eventually clean up any partial mappings, but without any explicit
lifetime in the page table mapping itself, it's very easy to do the
error handling in the wrong order.

In particular, it's easy to mistakenly free the physical backing store
before the page tables are actually cleaned up and (temporarily) have
stale dangling PTE entries.

To make this situation less error-prone, just make sure that any partial
pfn mapping is torn down early, before any other error handling.

Reported-and-tested-by: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Simona Vetter <simona.vetter@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-09-12 12:10:00 -07:00
Matthew Auld
94c4aa2661
drm/xe/client: add missing bo locking in show_meminfo()
bo_meminfo() wants to inspect bo state like tt and the ttm resource,
however this state can change at any point leading to stuff like NPD and
UAF, if the bo lock is not held. Grab the bo lock when calling
bo_meminfo(), ensuring we drop any spinlocks first. In the case of
object_idr we now also need to hold a ref.

v2 (MattB)
  - Also add xe_bo_assert_held()

Fixes: 0845233388 ("drm/xe: Implement fdinfo memory stats printing")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Cc: Tejas Upadhyay <tejas.upadhyay@intel.com>
Cc: "Thomas Hellström" <thomas.hellstrom@linux.intel.com>
Cc: <stable@vger.kernel.org> # v6.8+
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Tejas Upadhyay <tejas.upadhyay@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240911155527.178910-6-matthew.auld@intel.com
(cherry picked from commit 4f63d712fa)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:07:22 -04:00
Matthew Auld
9bd7ff293f
drm/xe/client: fix deadlock in show_meminfo()
There is a real deadlock as well as sleeping in atomic() bug in here, if
the bo put happens to be the last ref, since bo destruction wants to
grab the same spinlock and sleeping locks.  Fix that by dropping the ref
using xe_bo_put_deferred(), and moving the final commit outside of the
lock. Dropping the lock around the put is tricky since the bo can go
out of scope and delete itself from the list, making it difficult to
navigate to the next list entry.

Fixes: 0845233388 ("drm/xe: Implement fdinfo memory stats printing")
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2727
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Cc: Tejas Upadhyay <tejas.upadhyay@intel.com>
Cc: "Thomas Hellström" <thomas.hellstrom@linux.intel.com>
Cc: <stable@vger.kernel.org> # v6.8+
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Tejas Upadhyay <tejas.upadhyay@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240911155527.178910-5-matthew.auld@intel.com
(cherry picked from commit 0083b8e6f1)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:07:18 -04:00
Ashutosh Dixit
a262cc8d55
drm/xe/oa: Enable Xe2+ PES disaggregation
Enable Xe2+ PES disaggregation (for OAG) to retrieve disaggregated metrics
when disaggregated data is needed. Userspace can select whether to receive
aggregated or disaggregated metrics via the particular OA configuration it
uses (programmed via DRM_XE_OBSERVATION_OP_ADD_CONFIG).

Bspec: 61101
Fixes: e936f885f1 ("drm/xe/oa/uapi: Expose OA stream fd")
Signed-off-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240909165933.2638765-1-ashutosh.dixit@intel.com
Cc: stable@vger.kernel.org
(cherry picked from commit fb2551a0e9)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:07:15 -04:00
Jani Nikula
dd10595c32
drm/xe/display: fix compat IS_DISPLAY_STEP() range end
It's supposed to be an open range at the end like in i915. Fingers
crossed that nobody relies on this definition.

Fixes: 44e694958b ("drm/xe/display: Implement display support")
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Reviewed-by: Matt Roper <matthew.d.roper@intel.com>
Acked-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/fe8743770694e429f6902491cdb306c97bdf701a.1724180287.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
(cherry picked from commit 453afb1a43)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:06:55 -04:00
Nirmoy Das
062d59eb96
drm/xe: Fix access_ok check in user_fence_create
Check size of the data not size of the pointer.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202407300421.IBkAja96-lkp@intel.com/
Fixes: ddeb7989a9 ("drm/xe: Validate user fence during creation")
Cc: Matthew Auld <matthew.auld@intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Reviewed-by: Tejas Upadhyay <tejas.upadhyay@intel.com>
Reviewed-by: Apoorva Singh <apoorva.singh@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240806110722.28661-1-nirmoy.das@intel.com
Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
(cherry picked from commit e102b5ed6e)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:06:30 -04:00
Matthew Brost
5e2d1d4dc1
drm/xe: Fix possible UAF in guc_exec_queue_process_msg
Store xe_device ahead of processing message as message can be free'd in
some cases.

v2:
 - Including missing local changes
v3:
 - Resend for CI

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202407231445.rpisd1vA-lkp@intel.com/
Fixes: 55ea73aacf ("drm/xe: Build PM into GuC CT layer")
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240724164341.1848954-1-matthew.brost@intel.com
(cherry picked from commit 1a394b4f50)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:06:22 -04:00
Matthew Brost
572239f7f1
drm/xe: Remove fence check from send_tlb_invalidation
'fence' argument in send_tlb_invalidation cannot be NULL, remove
non-NULL check from send_tlb_invalidation.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202407231049.esig0Fkb-lkp@intel.com/
Fixes: 58bfe66744 ("drm/xe: Drop xe_gt_tlb_invalidation_wait")
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Nirmoy Das <nirmoy.das@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240723190714.1744653-1-matthew.brost@intel.com
Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
(cherry picked from commit 6482253e6e)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:06:16 -04:00
Lucas De Marchi
a2655358cb
drm/xe/gt: Remove double include
The header generated/xe_wa_oob.h is included twice. Remove one.

Fixes: 27cb2b7fec ("drm/xe/bmg: implement Wa_16023588340")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/r/202407052122.AzuWSPuo-lkp@intel.com/
Reviewed-by: Michal Wajdeczko <michal.wajdeczko@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240708173301.1543871-1-lucas.demarchi@intel.com
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
(cherry picked from commit 3d122660dc)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2024-09-12 10:06:02 -04:00
Lorenzo Bianconi
3e705251d9 net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
Move nf flowtable bpf initialization in nf_flow_table module load
routine since nf_flow_table_bpf is part of nf_flow_table module and not
nf_flow_table_inet one. This patch allows to avoid the following kernel
warning running the reproducer below:

$modprobe nf_flow_table_inet
$rmmod nf_flow_table_inet
$modprobe nf_flow_table_inet
modprobe: ERROR: could not insert 'nf_flow_table_inet': Invalid argument

[  184.081501] ------------[ cut here ]------------
[  184.081527] WARNING: CPU: 0 PID: 1362 at kernel/bpf/btf.c:8206 btf_populate_kfunc_set+0x23c/0x330
[  184.081550] CPU: 0 UID: 0 PID: 1362 Comm: modprobe Kdump: loaded Not tainted 6.11.0-0.rc5.22.el10.x86_64 #1
[  184.081553] Hardware name: Red Hat OpenStack Compute, BIOS 1.14.0-1.module+el8.4.0+8855+a9e237a9 04/01/2014
[  184.081554] RIP: 0010:btf_populate_kfunc_set+0x23c/0x330
[  184.081558] RSP: 0018:ff22cfb38071fc90 EFLAGS: 00010202
[  184.081559] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000000
[  184.081560] RDX: 000000000000006e RSI: ffffffff95c00000 RDI: ff13805543436350
[  184.081561] RBP: ffffffffc0e22180 R08: ff13805543410808 R09: 000000000001ec00
[  184.081562] R10: ff13805541c8113c R11: 0000000000000010 R12: ff13805541b83c00
[  184.081563] R13: ff13805543410800 R14: 0000000000000001 R15: ffffffffc0e2259a
[  184.081564] FS:  00007fa436c46740(0000) GS:ff1380557ba00000(0000) knlGS:0000000000000000
[  184.081569] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.081570] CR2: 000055e7b3187000 CR3: 0000000100c48003 CR4: 0000000000771ef0
[  184.081571] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  184.081572] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  184.081572] PKRU: 55555554
[  184.081574] Call Trace:
[  184.081575]  <TASK>
[  184.081578]  ? show_trace_log_lvl+0x1b0/0x2f0
[  184.081580]  ? show_trace_log_lvl+0x1b0/0x2f0
[  184.081582]  ? __register_btf_kfunc_id_set+0x199/0x200
[  184.081585]  ? btf_populate_kfunc_set+0x23c/0x330
[  184.081586]  ? __warn.cold+0x93/0xed
[  184.081590]  ? btf_populate_kfunc_set+0x23c/0x330
[  184.081592]  ? report_bug+0xff/0x140
[  184.081594]  ? handle_bug+0x3a/0x70
[  184.081596]  ? exc_invalid_op+0x17/0x70
[  184.081597]  ? asm_exc_invalid_op+0x1a/0x20
[  184.081601]  ? btf_populate_kfunc_set+0x23c/0x330
[  184.081602]  __register_btf_kfunc_id_set+0x199/0x200
[  184.081605]  ? __pfx_nf_flow_inet_module_init+0x10/0x10 [nf_flow_table_inet]
[  184.081607]  do_one_initcall+0x58/0x300
[  184.081611]  do_init_module+0x60/0x230
[  184.081614]  __do_sys_init_module+0x17a/0x1b0
[  184.081617]  do_syscall_64+0x7d/0x160
[  184.081620]  ? __count_memcg_events+0x58/0xf0
[  184.081623]  ? handle_mm_fault+0x234/0x350
[  184.081626]  ? do_user_addr_fault+0x347/0x640
[  184.081630]  ? clear_bhb_loop+0x25/0x80
[  184.081633]  ? clear_bhb_loop+0x25/0x80
[  184.081634]  ? clear_bhb_loop+0x25/0x80
[  184.081637]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  184.081639] RIP: 0033:0x7fa43652e4ce
[  184.081647] RSP: 002b:00007ffe8213be18 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
[  184.081649] RAX: ffffffffffffffda RBX: 000055e7b3176c20 RCX: 00007fa43652e4ce
[  184.081650] RDX: 000055e7737fde79 RSI: 0000000000003990 RDI: 000055e7b3185380
[  184.081651] RBP: 000055e7737fde79 R08: 0000000000000007 R09: 000055e7b3179bd0
[  184.081651] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000040000
[  184.081652] R13: 000055e7b3176fa0 R14: 0000000000000000 R15: 000055e7b3179b80

Fixes: 391bb6594f ("netfilter: Add bpf_xdp_flow_lookup kfunc")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Acked-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://patch.msgid.link/20240911-nf-flowtable-bpf-modprob-fix-v1-1-f9fc075aafc3@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-09-12 15:41:03 +02:00
Paolo Abeni
8700970971 netfilter pull request 24-09-12
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmbiF/oACgkQ1V2XiooU
 IOQRQBAAoeOp8RlVU4XTm2++A+jwZODeeKoDcnyrdXWFZFUmORHLuUmIzVUDMJyB
 rp9/Jnw/J8aS5pT4Bx79cWuPlZ9UylSsPr8lt7oJ3NNxRwzbdQjX97wKhONAYUGZ
 j4Jnd1ObWj5uDHvI4hbMoqZlqzk64Cgdw6tMgYDxmjTnUuJbJztNL6QkUWvZz4mR
 0gY3SluDadKc3dLqoFDefi7ZLidn5Fc3W99JZu295y40pe3qzWNhFPhQPC1s+1T6
 9svzC95cIN1JncEqnuplcZQJEylRikOH2W6sH1SFflvI4QhiUXnOqluwjVGiDuxm
 nPsoXZx3/uqlWwNKEMn/WwjTg9bqUnTzaT8M6RlZKimwmo+FKIgOQb6QjCgaBMWm
 kbp2XWM/rmsDhjM58asCVgw7Bcftw6mrh8qt5fq2gxGnyE6G+3M9WDR8F9VmhxME
 AtjgNqogrFYJkMSjVBvrqIr6CSzad3GgG+upWCbArAAyIZvAJdX54DSvXxgiv7bS
 CV5J03/zIMohiLAwiGZC5q0IPNaHN4hUnBSTRhWSsQpnjg00dUeplYLlOfIRvgJO
 uPKhzpYBzo+E4CzZLWeeNC+ArWT7iIO4NOYLxxuD1Olm71LNNHMlt2XFCJWV9oJl
 UsB9QKWDh3MwFmbgyzxf/0QalGawGL/MVWa8MGmRKcUsxM9uXuU=
 =Oc51
 -----END PGP SIGNATURE-----

Merge tag 'nf-24-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following batch contains two fixes from Florian Westphal:

Patch #1 fixes a sk refcount leak in nft_socket on mismatch.

Patch #2 fixes cgroupsv2 matching from containers due to incorrect
	 level in subtree.

netfilter pull request 24-09-12

* tag 'nf-24-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nft_socket: make cgroupsv2 matching work with namespaces
  netfilter: nft_socket: fix sk refcount leaks
====================

Link: https://patch.msgid.link/20240911222520.3606-1-pablo@netfilter.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-09-12 15:26:19 +02:00
Philipp Stanner
fc8c818e75 PCI: Fix potential deadlock in pcim_intx()
25216afc9d ("PCI: Add managed pcim_intx()") moved the allocation step for
pci_intx()'s device resource from pcim_enable_device() to pcim_intx(). As
before, pcim_enable_device() sets pci_dev.is_managed to true; and it is
never set to false again.

Due to the lifecycle of a struct pci_dev, it can happen that a second
driver obtains the same pci_dev after a first driver ran.  If one driver
uses pcim_enable_device() and the other doesn't, this causes the other
driver to run into managed pcim_intx(), which will try to allocate when
called for the first time.

Allocations might sleep, so calling pci_intx() while holding spinlocks
becomes then invalid, which causes lockdep warnings and could cause
deadlocks:

  ========================================================
  WARNING: possible irq lock inversion dependency detected
  6.11.0-rc6+ #59 Tainted: G        W
  --------------------------------------------------------
  CPU 0/KVM/1537 just changed the state of lock:
  ffffa0f0cff965f0 (&vdev->irqlock){-...}-{2:2}, at:
  vfio_intx_handler+0x21/0xd0 [vfio_pci_core] but this lock took another,
  HARDIRQ-unsafe lock in the past: (fs_reclaim){+.+.}-{0:0}

and interrupts could create inverse lock ordering between them.

other info that might help us debug this:

  Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(fs_reclaim);
			       local_irq_disable();
			       lock(&vdev->irqlock);
			       lock(fs_reclaim);
  <Interrupt>
    lock(&vdev->irqlock);

  *** DEADLOCK ***

Have pcim_enable_device()'s release function, pcim_disable_device(), set
pci_dev.is_managed to false so that subsequent drivers using the same
struct pci_dev do not implicitly run into managed code.

Link: https://lore.kernel.org/r/20240905072556.11375-2-pstanner@redhat.com
Fixes: 25216afc9d ("PCI: Add managed pcim_intx()")
Reported-by: Alex Williamson <alex.williamson@redhat.com>
Closes: https://lore.kernel.org/all/20240903094431.63551744.alex.williamson@redhat.com/
Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
2024-09-12 07:52:50 -05:00
Lai Jiangshan
73613840a8 workqueue: Clear worker->pool in the worker thread context
Marc Hartmayer reported:
        [   23.133876] Unable to handle kernel pointer dereference in virtual kernel address space
        [   23.133950] Failing address: 0000000000000000 TEID: 0000000000000483
        [   23.133954] Fault in home space mode while using kernel ASCE.
        [   23.133957] AS:000000001b8f0007 R3:0000000056cf4007 S:0000000056cf3800 P:000000000000003d
        [   23.134207] Oops: 0004 ilc:2 [#1] SMP
	(snip)
        [   23.134516] Call Trace:
        [   23.134520]  [<0000024e326caf28>] worker_thread+0x48/0x430
        [   23.134525] ([<0000024e326caf18>] worker_thread+0x38/0x430)
        [   23.134528]  [<0000024e326d3a3e>] kthread+0x11e/0x130
        [   23.134533]  [<0000024e3264b0dc>] __ret_from_fork+0x3c/0x60
        [   23.134536]  [<0000024e333fb37a>] ret_from_fork+0xa/0x38
        [   23.134552] Last Breaking-Event-Address:
        [   23.134553]  [<0000024e333f4c04>] mutex_unlock+0x24/0x30
        [   23.134562] Kernel panic - not syncing: Fatal exception: panic_on_oops

With debuging and analysis, worker_thread() accesses to the nullified
worker->pool when the newly created worker is destroyed before being
waken-up, in which case worker_thread() can see the result detach_worker()
reseting worker->pool to NULL at the begining.

Move the code "worker->pool = NULL;" out from detach_worker() to fix the
problem.

worker->pool had been designed to be constant for regular workers and
changeable for rescuer. To share attaching/detaching code for regular
and rescuer workers and to avoid worker->pool being accessed inadvertently
when the worker has been detached, worker->pool is reset to NULL when
detached no matter the worker is rescuer or not.

To maintain worker->pool being reset after detached, move the code
"worker->pool = NULL;" in the worker thread context after detached.

It is either be in the regular worker thread context after PF_WQ_WORKER
is cleared or in rescuer worker thread context with wq_pool_attach_mutex
held. So it is safe to do so.

Cc: Marc Hartmayer <mhartmay@linux.ibm.com>
Link: https://lore.kernel.org/lkml/87wmjj971b.fsf@linux.ibm.com/
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Fixes: f4b7b53c94 ("workqueue: Detach workers directly in idle_cull_fn()")
Cc: stable@vger.kernel.org # v6.11+
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2024-09-11 19:58:20 -10:00
Willem de Bruijn
6513eb3d31 net: tighten bad gso csum offset check in virtio_net_hdr
The referenced commit drops bad input, but has false positives.
Tighten the check to avoid these.

The check detects illegal checksum offload requests, which produce
csum_start/csum_off beyond end of packet after segmentation.

But it is based on two incorrect assumptions:

1. virtio_net_hdr_to_skb with VIRTIO_NET_HDR_GSO_TCP[46] implies GSO.
True in callers that inject into the tx path, such as tap.
But false in callers that inject into rx, like virtio-net.
Here, the flags indicate GRO, and CHECKSUM_UNNECESSARY or
CHECKSUM_NONE without VIRTIO_NET_HDR_F_NEEDS_CSUM is normal.

2. TSO requires checksum offload, i.e., ip_summed == CHECKSUM_PARTIAL.
False, as tcp[46]_gso_segment will fix up csum_start and offset for
all other ip_summed by calling __tcp_v4_send_check.

Because of 2, we can limit the scope of the fix to virtio_net_hdr
that do try to set these fields, with a bogus value.

Link: https://lore.kernel.org/netdev/20240909094527.GA3048202@port70.net/
Fixes: 89add40066 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20240910213553.839926-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 20:43:07 -07:00
Asbjørn Sloth Tønnesen
09a45a5553 netlink: specs: mptcp: fix port endianness
The MPTCP port attribute is in host endianness, but was documented
as big-endian in the ynl specification.

Below are two examples from net/mptcp/pm_netlink.c showing that the
attribute is converted to/from host endianness for use with netlink.

Import from netlink:
  addr->port = htons(nla_get_u16(tb[MPTCP_PM_ADDR_ATTR_PORT]))

Export to netlink:
  nla_put_u16(skb, MPTCP_PM_ADDR_ATTR_PORT, ntohs(addr->port))

Where addr->port is defined as __be16.

No functional change intended.

Fixes: bc8aeb2045 ("Documentation: netlink: add a YAML spec for mptcp")
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
Reviewed-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20240911091003.1112179-1-ast@fiberby.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 20:42:47 -07:00
Sean Anderson
cbd7ec0834 net: dpaa: Pad packets to ETH_ZLEN
When sending packets under 60 bytes, up to three bytes of the buffer
following the data may be leaked. Avoid this by extending all packets to
ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
reproduced by running

	$ ping -s 11 destination

Fixes: 9ad1a37493 ("dpaa_eth: add support for DPAA Ethernet")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20240910143144.1439910-1-sean.anderson@linux.dev
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 16:01:25 -07:00
Edward Adam Davis
b4cd80b033 mptcp: pm: Fix uaf in __timer_delete_sync
There are two paths to access mptcp_pm_del_add_timer, result in a race
condition:

     CPU1				CPU2
     ====                               ====
     net_rx_action
     napi_poll                          netlink_sendmsg
     __napi_poll                        netlink_unicast
     process_backlog                    netlink_unicast_kernel
     __netif_receive_skb                genl_rcv
     __netif_receive_skb_one_core       netlink_rcv_skb
     NF_HOOK                            genl_rcv_msg
     ip_local_deliver_finish            genl_family_rcv_msg
     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit
     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit
     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list
     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows
     tcp_data_queue                     remove_anno_list_by_saddr
     mptcp_incoming_options             mptcp_pm_del_add_timer
     mptcp_pm_del_add_timer             kfree(entry)

In remove_anno_list_by_saddr(running on CPU2), after leaving the critical
zone protected by "pm.lock", the entry will be released, which leads to the
occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).

Keeping a reference to add_timer inside the lock, and calling
sk_stop_timer_sync() with this reference, instead of "entry->add_timer".

Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,
do not directly access any members of the entry outside the pm lock, which
can avoid similar "entry->x" uaf.

Fixes: 00cfd77b90 ("mptcp: retransmit ADD_ADDR when timeout")
Cc: stable@vger.kernel.org
Reported-and-tested-by: syzbot+f3a31fb909db9b2a5c4d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f3a31fb909db9b2a5c4d
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://patch.msgid.link/tencent_7142963A37944B4A74EF76CD66EA3C253609@qq.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 16:00:11 -07:00
Jiawen Wu
077ee7e6b1 net: libwx: fix number of Rx and Tx descriptors
The number of transmit and receive descriptors must be a multiple of 128
due to the hardware limitation. If it is set to a multiple of 8 instead of
a multiple 128, the queues will easily be hung.

Cc: stable@vger.kernel.org
Fixes: 883b5984a5 ("net: wangxun: add ethtool_ops for ring parameters")
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20240910095629.570674-1-jiawenwu@trustnetic.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 15:59:43 -07:00
Xiaoliang Yang
70654f4c21 net: dsa: felix: ignore pending status of TAS module when it's disabled
The TAS module could not be configured when it's running in pending
status. We need disable the module and configure it again. However, the
pending status is not cleared after the module disabled. TC taprio set
will always return busy even it's disabled.

For example, a user uses tc-taprio to configure Qbv and a future
basetime. The TAS module will run in a pending status. There is no way
to reconfigure Qbv, it always returns busy.

Actually the TAS module can be reconfigured when it's disabled. So it
doesn't need to check the pending status if the TAS module is disabled.

After the patch, user can delete the tc taprio configuration to disable
Qbv and reconfigure it again.

Fixes: de143c0e27 ("net: dsa: felix: Configure Time-Aware Scheduler via taprio offload")
Signed-off-by: Xiaoliang Yang <xiaoliang.yang_1@nxp.com>
Link: https://patch.msgid.link/20240906093550.29985-1-xiaoliang.yang_1@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 15:54:51 -07:00
Jeongjun Park
a7789fd4ca net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
In the function hsr_proxy_annouance() added in the previous commit
5f703ce5c9 ("net: hsr: Send supervisory frames to HSR network
with ProxyNodeTable data"), the return value of the hsr_port_get_hsr()
function is not checked to be a NULL pointer, which causes a NULL
pointer dereference.

To solve this, we need to add code to check whether the return value
of hsr_port_get_hsr() is NULL.

Reported-by: syzbot+02a42d9b1bd395cbcab4@syzkaller.appspotmail.com
Fixes: 5f703ce5c9 ("net: hsr: Send supervisory frames to HSR network with ProxyNodeTable data")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Acked-by: Lukasz Majewski <lukma@denx.de>
Link: https://patch.msgid.link/20240907190341.162289-1-aha310510@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 15:49:41 -07:00
Jakub Kicinski
6254031777 Merge branch 'selftests-mptcp-misc-small-fixes'
Matthieu Baerts says:

====================
selftests: mptcp: misc. small fixes

Here are some various fixes for the MPTCP selftests.

Patch 1 fixes a recently modified test to continue to work as expected
on older kernels. This is a fix for a recent fix that can be backported
up to v5.15.

Patch 2 and 3 include dependences when exporting or installing the
tests. Two fixes for v6.11-rc1.
====================

Link: https://patch.msgid.link/20240910-net-selftests-mptcp-fix-install-v1-0-8f124aa9156d@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 15:18:23 -07:00
Matthieu Baerts (NGI0)
c66c08e51b selftests: mptcp: include net_helper.sh file
Similar to the previous commit, the net_helper.sh file from the parent
directory is used by the MPTCP selftests and it needs to be present when
running the tests.

This file then needs to be listed in the Makefile to be included when
exporting or installing the tests, e.g. with:

  make -C tools/testing/selftests \
          TARGETS=net/mptcp \
          install INSTALL_PATH=$KSFT_INSTALL_PATH

  cd $KSFT_INSTALL_PATH
  ./run_kselftest.sh -c net/mptcp

Fixes: 1af3bc912e ("selftests: mptcp: lib: use wait_local_port_listen helper")
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20240910-net-selftests-mptcp-fix-install-v1-3-8f124aa9156d@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-11 15:18:20 -07:00