Commit Graph

1250751 Commits

Author SHA1 Message Date
Robert Richter
c6c3187d66 lib/firmware_table: Provide buffer length argument to cdat_table_parse()
There exist card implementations with a CDAT table using a fixed size
buffer, but with entries filled in that do not fill the whole table
length size. Then, the last entry in the CDAT table may not mark the
end of the CDAT table buffer specified by the length field in the CDAT
header. It can be shorter with trailing unused (zero'ed) data. The
actual table length is determined while reading all CDAT entries of
the table with DOE.

If the table is greater than expected (containing zero'ed trailing
data), the CDAT parser fails with:

 [   48.691717] Malformed DSMAS table length: (24:0)
 [   48.702084] [CDAT:0x00] Invalid zero length
 [   48.711460] cxl_port endpoint1: Failed to parse CDAT: -22

In addition, a check of the table buffer length is missing to prevent
an out-of-bound access then parsing the CDAT table.

Hardening code against device returning borked table. Fix that by
providing an optional buffer length argument to
acpi_parse_entries_array() that can be used by cdat_table_parse() to
propagate the buffer size down to its users to check the buffer
length. This also prevents a possible out-of-bound access mentioned.

Add a check to warn about a malformed CDAT table length.

Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Len Brown <lenb@kernel.org>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Robert Richter <rrichter@amd.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/ZdEnopFO0Tl3t2O1@rric.localdomain
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2024-03-13 00:03:21 -07:00
Robert Richter
e0c818e004 cxl/pci: Get rid of pointer arithmetic reading CDAT table
Reading the CDAT table using DOE requires a Table Access Response
Header in addition to the CDAT entry. In current implementation this
has caused offsets with sizeof(__le32) to the actual buffers. This led
to hardly readable code and even bugs. E.g., see fix of devm_kfree()
in read_cdat_data():

 commit c65efe3685 ("cxl/cdat: Free correct buffer on checksum error")

Rework code to avoid calculations with sizeof(__le32). Introduce
struct cdat_doe_rsp for this which contains the Table Access Response
Header and a variable payload size for various data structures
afterwards to access the CDAT table and its CDAT Data Structures
without recalculating buffer offsets.

Cc: Lukas Wunner <lukas@wunner.de>
Cc: Fan Ni <nifan.cxl@gmail.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Robert Richter <rrichter@amd.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/20240216155844.406996-3-rrichter@amd.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2024-03-12 23:52:29 -07:00
Robert Richter
ec8ffff3a9 cxl/pci: Rename DOE mailbox handle to doe_mb
Trivial variable rename for the DOE mailbox handle from cdat_doe to
doe_mb. The variable name cdat_doe is too ambiguous, use doe_mb that
is commonly used for the mailbox.

Signed-off-by: Robert Richter <rrichter@amd.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/20240216155844.406996-2-rrichter@amd.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2024-03-12 23:52:29 -07:00
Linus Torvalds
d206a76d7d Linux 6.8-rc6 2024-02-25 15:46:06 -08:00
Linus Torvalds
e231dbd452 bcachefs fixes for 6.8-rc6
Some more mostly boring fixes, but some not
 
 User reported ones:
  - the BTREE_ITER_FILTER_SNAPSHOTS one fixes a really nasty performance
    bug; user reported an unter initially taking 2 seconds and then ~2
    minutes
 
  - kill a __GFP_NOFAIL in the buffered read path; this was a leftover
    from the trickier fix to kill __GFP_NOFAIL in readahead, where we
    can't return errors (and have to silently truncate the read
    ourselves).
 
    bcachefs can't use GFP_NOFAIL for folio state unlike iomap based
    filesystems because our folio state is just barely too big, 2MB
    hugepages cause us to exceed the 2 page threshhold for GFP_NOFAIL.
 
    additionally, the flags argument was just buggy, we weren't supplying
    GFP_KERNEL previously (!).
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEKnAFLkS8Qha+jvQrE6szbY3KbnYFAmXbqqMACgkQE6szbY3K
 bnYjnhAApY0vT6eVIYrZ7JGR6tw++xw02xRkcNW4zFE8INAvxQor5TXMEKkJs9Ui
 owh8WZjydXe0FJPE+pROcHMfxkkup4yP2SafgzR8DGERBwZbV9x7hvUbdG90EngY
 V/MevV+vr6UaV7133sY70K8BqUA/yAlCmmtOQVFgGRprEtEPS4Ur3vYR5+IzA0N7
 OhNXu6LxzkYbrNp9qroCN2UEVgRDJ/Mtda6uHfIUrqOQMUhiq2og9kvzJXzIrW9l
 URxm4eFQtJe0Yz09Ppypve+FutJIbtuDEYbcMJNT9Ig7BosD5vDjy9nhp8A5Q1Uk
 oDWBbCJhDdSYSVC/EQY8bv0AaCkyCa7vshSoKq0fDCFJ8k+nQ1YMF5wNhfgJhtU9
 Tl2Qytphp9/dxkvpIsR/5iNhLply9xTka1Wkp3G+3QJk0c17Dftpvz0/WhKI0P2B
 d6y4mz/hfCtWoSQOJbJl3fM/ZVpjH54VHDmb7sGyb5f+bTUkX6OUoJ4os8MNKGcS
 GdpEoWt/IAQj69c7w8aama5TXJ4kYe0XtXwbHTRE4j1PIQJA5SPvVt+32spRtb6i
 1gIa94uWKYMuG2U0XGxookHfZZZaMQkl79oXJOYRiC589YVyZC1Lp5iqr027jHEQ
 1HacrWPekPfmrhchyIzpH1mHOgaS+FKoD7eKrkvj0QSxpwfwpbI=
 =KNWR
 -----END PGP SIGNATURE-----

Merge tag 'bcachefs-2024-02-25' of https://evilpiepirate.org/git/bcachefs

Pull bcachefs fixes from Kent Overstreet:
 "Some more mostly boring fixes, but some not

  User reported ones:

   - the BTREE_ITER_FILTER_SNAPSHOTS one fixes a really nasty
     performance bug; user reported an untar initially taking two
     seconds and then ~2 minutes

   - kill a __GFP_NOFAIL in the buffered read path; this was a leftover
     from the trickier fix to kill __GFP_NOFAIL in readahead, where we
     can't return errors (and have to silently truncate the read
     ourselves).

     bcachefs can't use GFP_NOFAIL for folio state unlike iomap based
     filesystems because our folio state is just barely too big, 2MB
     hugepages cause us to exceed the 2 page threshhold for GFP_NOFAIL.

     additionally, the flags argument was just buggy, we weren't
     supplying GFP_KERNEL previously (!)"

* tag 'bcachefs-2024-02-25' of https://evilpiepirate.org/git/bcachefs:
  bcachefs: fix bch2_save_backtrace()
  bcachefs: Fix check_snapshot() memcpy
  bcachefs: Fix bch2_journal_flush_device_pins()
  bcachefs: fix iov_iter count underflow on sub-block dio read
  bcachefs: Fix BTREE_ITER_FILTER_SNAPSHOTS on inodes btree
  bcachefs: Kill __GFP_NOFAIL in buffered read path
  bcachefs: fix backpointer_to_text() when dev does not exist
2024-02-25 15:31:57 -08:00
Kent Overstreet
5197728f81 bcachefs: fix bch2_save_backtrace()
Missed a call in the previous fix.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-25 15:45:36 -05:00
Linus Torvalds
70ff1fe626 Two documentation build fixes:
- The XFS online fsck documentation uses incredibly deeply nested
   subsection and list nesting; that broke the PDF docs build.  Tweak a
   parameter to tell LaTeX to allow the deeper nesting.
 
 - Fix a 6.8 PDF-build regression
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEIw+MvkEiF49krdp9F0NaE2wMflgFAmXbi5QPHGNvcmJldEBs
 d24ubmV0AAoJEBdDWhNsDH5YZSMH/RIZh48S/Jh5mhjzqnKhGf1sFn6lSk8sFY3I
 uJqML/LPo6GYzX8WvYKlfyP9+UvrLiDcQF0Er6MeIhK6mhKE1Lp7w1YvRgeXcgFR
 H9DtxA4fJSGWlAaMqZBwsXjF2EFwjyxHtHUeNyaJ+YocHfrT6L9Cp9uBEvdT3Iye
 F191VpjWLrFD0DJEh64CcmNd3rggN5jeD/n24dbNOmnem1cak2brIIUeltdkUmQG
 48Hr27xqYF1QyVckfoRtnT/C3AyaCKbxRbTxeAjwUDjU+7nCsHf1MKltiFAZHnFs
 7ZLsOboLhmR+y9xiZUg7OlpRaVj1C+7JSYC+WSaNjwRkkIfJUu4=
 =MEzm
 -----END PGP SIGNATURE-----

Merge tag 'docs-6.8-fixes3' of git://git.lwn.net/linux

Pull two documentation build fixes from Jonathan Corbet:

 - The XFS online fsck documentation uses incredibly deeply nested
   subsection and list nesting; that broke the PDF docs build. Tweak a
   parameter to tell LaTeX to allow the deeper nesting.

 - Fix a 6.8 PDF-build regression

* tag 'docs-6.8-fixes3' of git://git.lwn.net/linux:
  docs: translations: use attribute to store current language
  docs: Instruct LaTeX to cope with deeper nesting
2024-02-25 10:58:12 -08:00
Linus Torvalds
c46ac50ebe USB fixes for 6.8-rc6
Here are some small USB fixes for 6.8-rc6 to resolve some reported
 problems.  These include:
   - regression fixes with typec tpcm code as reported by many
   - cdnsp and cdns3 driver fixes
   - usb role setting code bugfixes
   - build fix for uhci driver
   - ncm gadget driver bugfix
   - MAINTAINERS entry update
 
 All of these have been in linux-next all week with no reported issues
 and there is at least one fix in here that is in Thorsten's regression
 list that is being tracked.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZdtGEA8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymzsgCg2IsWqIR72XUGsa5rrbRnskOP/G4An24BmUb6
 t34d0VjiHagZTFlfRx6g
 =eOL1
 -----END PGP SIGNATURE-----

Merge tag 'usb-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some small USB fixes for 6.8-rc6 to resolve some reported
  problems. These include:

   - regression fixes with typec tpcm code as reported by many

   - cdnsp and cdns3 driver fixes

   - usb role setting code bugfixes

   - build fix for uhci driver

   - ncm gadget driver bugfix

   - MAINTAINERS entry update

  All of these have been in linux-next all week with no reported issues
  and there is at least one fix in here that is in Thorsten's regression
  list that is being tracked"

* tag 'usb-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: typec: tpcm: Fix issues with power being removed during reset
  MAINTAINERS: Drop myself as maintainer of TYPEC port controller drivers
  usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
  Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role"
  usb: gadget: omap_udc: fix USB gadget regression on Palm TE
  usb: dwc3: gadget: Don't disconnect if not started
  usb: cdns3: fix memory double free when handle zero packet
  usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
  usb: roles: don't get/set_role() when usb_role_switch is unregistered
  usb: roles: fix NULL pointer issue when put module's reference
  usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers
  usb: cdnsp: blocked some cdns3 specific code
  usb: uhci-grlib: Explicitly include linux/platform_device.h
2024-02-25 10:41:57 -08:00
Linus Torvalds
1e592e9536 TTY/Serial driver fixes for 6.8-rc6
Here are 3 small serial/tty driver fixes for 6.8-rc6 that resolve the
 following reported errors:
   - riscv hvc console driver fix that was reported by many
   - amba-pl011 serial driver fix for RS485 mode
   - stm32 serial driver fix for RS485 mode
 
 All of these have been in linux-next all week with no reported problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZdtGnA8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymrqwCfSIsUj9GLazXJTTTgMz1I94HXLrQAnjq9QOtg
 EFt6xmUGcF4zFhnfSLal
 =/k5+
 -----END PGP SIGNATURE-----

Merge tag 'tty-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial driver fixes from Greg KH:
 "Here are three small serial/tty driver fixes for 6.8-rc6 that resolve
  the following reported errors:

   - riscv hvc console driver fix that was reported by many

   - amba-pl011 serial driver fix for RS485 mode

   - stm32 serial driver fix for RS485 mode

  All of these have been in linux-next all week with no reported
  problems"

* tag 'tty-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: amba-pl011: Fix DMA transmission in RS485 mode
  serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled
  tty: hvc: Don't enable the RISC-V SBI console by default
2024-02-25 10:35:41 -08:00
Linus Torvalds
1eee4ef38c - Make sure clearing CPU buffers using VERW happens at the latest possible
point in the return-to-userspace path, otherwise memory accesses after
   the VERW execution could cause data to land in CPU buffers again
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmXbG7IACgkQEsHwGGHe
 VUoEEg//d1qt/PEWCC23wMO6gLMl4J/e4ZQAuGOKGed/jUmOaQKpHJmpDMRc0li5
 llRYDdfE0ikmtQT3t9vQDs3xbWfT5bLMsijliRimb193FaS1HGlHMMS1nxhfjyfv
 MecbWfkwzX2JnrxJpsbfue+7kks3HyIXYsXV7kSFiHavk4F3GFQXYLO11pKbNQwN
 9UfjJDeVsrcWPGCHhoPKF5NHUnQKIA8ZC6g8yBq894AtdWOhFY7ePKBZefUWQQ1n
 myc5GJ3dKFICMCZvkMABtHYCmHU/W3y/6tPtnrz3kT8GdCIAHG+K9VRUfY1ml94H
 x327GoM3sEzHLsPizKy00/Uao+j6FOtv631LoDLsO2MF3sHoTZDaSgg5y2D/ZC7t
 IZdK3mUGtdINRhGiWWpdxyaMfkQ62cdZk8FkeYkRAewYS6WYSdMX3cPqFNy4Ss5u
 r3reMOD3JcxAatcqhHMXjARMfY+N08gQBpxBul3ejgH8t8aY7xJx6Vggty5kBlHZ
 7urV9jIRxSXfbBmOcYu6HP1ucFLWNSUQCBn7Imrh+5zbE1XVv7NaAWvT4Nmgb0/X
 57fHoYYSVwaJ0k3zWWM7QYEdcuJ7IZnVgTCQYx26Ec2AOQRxE9ose+awTLYtTbp1
 T+XaOlItHKMRzx9K46D7xHwmC5qiokFki3exp5vfGZxGyT3+t/c=
 =n5us
 -----END PGP SIGNATURE-----

Merge tag 'x86_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

 - Make sure clearing CPU buffers using VERW happens at the latest
   possible point in the return-to-userspace path, otherwise memory
   accesses after the VERW execution could cause data to land in CPU
   buffers again

* tag 'x86_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  KVM/VMX: Move VERW closer to VMentry for MDS mitigation
  KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
  x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
  x86/entry_32: Add VERW just before userspace transition
  x86/entry_64: Add VERW just before userspace transition
  x86/bugs: Add asm helpers for executing VERW
2024-02-25 10:22:21 -08:00
Linus Torvalds
8c46ed3740 - Make sure GICv4 always gets initialized to prevent a kexec-ed kernel
from silently failing to set it up
 
 - Do not call bus_get_dev_root() for the mbigen irqchip as it always
   returns NULL - use NULL directly
 
 - Fix hardware interrupt number truncation when assigning MSI interrupts
 
 - Correct sending end-of-interrupt messages to disabled interrupts lines on
   RISC-V PLIC
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmXbGgcACgkQEsHwGGHe
 VUqrig//ay2UcLEi8CwxobHXIpuUq+pMt1pLhdDtyehTKx+T44GCwMFXGML8H27A
 8CszKTEJsRxXuUP1iXquECfYqYqGmOZHcIMCX0vDodezRriJXq3m549zdoVY6LIy
 m7x5mN4rfc8xaK/krSz0IKgCn7TZ7Nugw8zHE9PEJ7hj/exIA6EH2f1p0dbDc2z8
 PRWsexi39mVLEstOl7yf5+hys6RN07a+9+PFJrEWCC0bO5We9Z+m7gnpu3zUrwcO
 LlDAU6UwWhVc+xFipW9SFYEhCqtprdfUftf1OW2BLe1TM7pHxdvA3OwlT5ZxxN90
 h4wmQ084v08hcn8YpUkaK5fWEtT+1isD3/8dVUMSRQQ4jcjLiEAVdVOvKOmJNEeJ
 +MYqAktCoyay9ZYCrpZRRIVYfC4/FLMEPExPwILFM6nfMMVEBfkDqFyjGyw3uls7
 QT7eHSo121kQsZc5V/8SuU30f64w/vJbtaZIYOjSR9+hQMQ+i+8cMuV0RSvmDIa2
 1vGdhOLvG5Rk7Wy9xd9ITXbeq+z9KD/tH8BadyfARosvQTrg6aMhhqQRHWJtS6Pf
 Vg50yS6D8ETzNNZSPFABrjBKiqQmEo3ILlUpMbR8jGBaLggqZhTs8eBRj3+XIXp8
 UxgB2b47qKmZI9eaFzne9scnOGmQSRuZ7x8IrwworFGzChSzwpU=
 =cMur
 -----END PGP SIGNATURE-----

Merge tag 'irq_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull irq fixes from Borislav Petkov:

 - Make sure GICv4 always gets initialized to prevent a kexec-ed kernel
   from silently failing to set it up

 - Do not call bus_get_dev_root() for the mbigen irqchip as it always
   returns NULL - use NULL directly

 - Fix hardware interrupt number truncation when assigning MSI
   interrupts

 - Correct sending end-of-interrupt messages to disabled interrupts
   lines on RISC-V PLIC

* tag 'irq_urgent_for_v6.8_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/gic-v3-its: Do not assume vPE tables are preallocated
  irqchip/mbigen: Don't use bus_get_dev_root() to find the parent
  PCI/MSI: Prevent MSI hardware interrupt number truncation
  irqchip/sifive-plic: Enable interrupt if needed before EOI
2024-02-25 10:14:12 -08:00
Linus Torvalds
4ca0d9894f Change since last update:
- Fix page refcount leak when looking up specific inodes
    introduced by metabuf reworking.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCgAvFiEEQ0A6bDUS9Y+83NPFUXZn5Zlu5qoFAmXbQekRHHhpYW5nQGtl
 cm5lbC5vcmcACgkQUXZn5Zlu5qpkyg//cjKnuzI2gHL3ff1o0jiTMD11Y/EmwzQS
 C+JgE8WDMjUlVQpbwYnFWo/6se8qvk/fwTXPcRc45piF8YNZVchwsagxO626Kab7
 0xTX7ZUgjuth6ahrkAJZkJNMgO4mYf928uYB6EVWaTb4iF0iT6glEOsSVAR/cssL
 wYKbtgv3OP9t6fQcN/XL31hRkqr2MPk0y5Q27KyT4zo4lrx3xyah7Ndo3aEK/RcM
 +6FUwqRiDsgDF/Ga65ylDvEp9eA03OFNHBn4DrORe3B9KV75NkmSJf/8QVEceNV/
 9D072Hvt7/iyOq53AxWH3Jvp7aro/i0rvAHPbXZX4RVyqcJxaLYCQyrBFvQL0/Ie
 B+793Iua8zbkQCbZ85LpTGrxAb5WydlSJp10AuHTr2MO+wS8bBqf96Jp9x1MuS9D
 vqq7jbjwuZfnFUjpzu49GF6htG+WRVgY5TDzU6IAr3izXuqVxmz+zw5zExbGMmKm
 2S5lb+q68DOBP4YaelAQHh97k0pYDW3eQ6GhDD2FA4P/DOr8p3vszZFBeaqaL70v
 WS8z1wzOgEaleTRN4iRFlMCTvRLjOtDEaUNquohcHqJLe7w/DF7gzCU+0//8dVjD
 cZieFX8uZDtzzcjrlYWeTo8oHd0q2WYixbCN8P92/YXUFIVpfdl85ugyr9KvkZxd
 jKzpAy2LbSw=
 =/Bfj
 -----END PGP SIGNATURE-----

Merge tag 'erofs-for-6.8-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs

Pull erofs fix from Gao Xiang:

 - Fix page refcount leak when looking up specific inodes
   introduced by metabuf reworking

* tag 'erofs-for-6.8-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
  erofs: fix refcount on the metabuf used for inode lookup
2024-02-25 09:53:13 -08:00
Linus Torvalds
66a97c2ec9 We still have some races in filesystem methods when exposed to RCU
pathwalk.  This series is a result of code audit (the second round
 of it) and it should deal with most of that stuff.  Exceptions: ntfs3
 ->d_hash()/->d_compare() and ceph_d_revalidate().  Up to maintainers (a
 note for NTFS folks - when documentation says that a method may not block,
 it *does* imply that blocking allocations are to be avoided.  Really).
 
 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQQqUNBr3gm4hGXdBJlZ7Krx/gZQ6wUCZdroDAAKCRBZ7Krx/gZQ
 60dKAQCzp6rYr3ye4nylho9Rzu8LEpH04TuNf3C6JuyUaNHxHwEAvNLatZsyFnmV
 Ksp2Rg/IlKPNtQgYJ8xPxv9DFmNe8gI=
 =47Un
 -----END PGP SIGNATURE-----

Merge tag 'pull-fixes.pathwalk-rcu-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull RCU pathwalk fixes from Al Viro:
 "We still have some races in filesystem methods when exposed to RCU
  pathwalk. This series is a result of code audit (the second round of
  it) and it should deal with most of that stuff.

  Still pending: ntfs3 ->d_hash()/->d_compare() and ceph_d_revalidate().
  Up to maintainers (a note for NTFS folks - when documentation says
  that a method may not block, it *does* imply that blocking allocations
  are to be avoided. Really)"

[ More explanations for people who aren't familiar with the vagaries of
  RCU path walking: most of it is hidden from filesystems, but if a
  filesystem actively participates in the low-level path walking it
  needs to make sure the fields involved in that walk are RCU-safe.

  That "actively participate in low-level path walking" includes things
  like having its own ->d_hash()/->d_compare() routines, or by having
  its own directory permission function that doesn't just use the common
  helpers.  Having a ->d_revalidate() function will also have this issue.

  Note that instead of making everything RCU safe you can also choose to
  abort the RCU pathwalk if your operation cannot be done safely under
  RCU, but that obviously comes with a performance penalty. One common
  pattern is to allow the simple cases under RCU, and abort only if you
  need to do something more complicated.

  So not everything needs to be RCU-safe, and things like the inode etc
  that the VFS itself maintains obviously already are. But these fixes
  tend to be about properly RCU-delaying things like ->s_fs_info that
  are maintained by the filesystem and that got potentially released too
  early.   - Linus ]

* tag 'pull-fixes.pathwalk-rcu-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  ext4_get_link(): fix breakage in RCU mode
  cifs_get_link(): bail out in unsafe case
  fuse: fix UAF in rcu pathwalks
  procfs: make freeing proc_fs_info rcu-delayed
  procfs: move dropping pde and pid from ->evict_inode() to ->free_inode()
  nfs: fix UAF on pathwalk running into umount
  nfs: make nfs_set_verifier() safe for use in RCU pathwalk
  afs: fix __afs_break_callback() / afs_drop_open_mmap() race
  hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info
  exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper
  affs: free affs_sb_info with kfree_rcu()
  rcu pathwalk: prevent bogus hard errors from may_lookup()
  fs/super.c: don't drop ->s_user_ns until we free struct super_block itself
2024-02-25 09:29:05 -08:00
Linus Torvalds
9b24349279 A couple of fixes - revert of regression from this cycle
and a fix for erofs failure exit breakage (had been there since
 way back).
 
 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQQqUNBr3gm4hGXdBJlZ7Krx/gZQ6wUCZdrkZAAKCRBZ7Krx/gZQ
 67D8AP0eM68yZvbThA/Hb5iElDh3Aogt1AW/QAu9/alkDVHr+wD+PKqhamC8WXGk
 b1QZ5AOHQFwzkzdF4738fdbujquBWQE=
 =Ra0D
 -----END PGP SIGNATURE-----

Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull vfs fixes from Al Viro:
 "A couple of fixes - revert of regression from this cycle and a fix for
  erofs failure exit breakage (had been there since way back)"

* tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  erofs: fix handling kern_mount() failure
  Revert "get rid of DCACHE_GENOCIDE"
2024-02-25 09:17:15 -08:00
Al Viro
9fa8e282c2 ext4_get_link(): fix breakage in RCU mode
1) errors from ext4_getblk() should not be propagated to caller
unless we are really sure that we would've gotten the same error
in non-RCU pathwalk.
2) we leak buffer_heads if ext4_getblk() is successful, but bh is
not uptodate.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
Al Viro
0511fdb4a3 cifs_get_link(): bail out in unsafe case
->d_revalidate() bails out there, anyway.  It's not enough
to prevent getting into ->get_link() in RCU mode, but that
could happen only in a very contrieved setup.  Not worth
trying to do anything fancy here unless ->d_revalidate()
stops kicking out of RCU mode at least in some cases.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
Al Viro
053fc4f755 fuse: fix UAF in rcu pathwalks
->permission(), ->get_link() and ->inode_get_acl() might dereference
->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns
as well) when called from rcu pathwalk.

Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info
and dropping ->user_ns rcu-delayed too.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
Al Viro
e31f0a57ae procfs: make freeing proc_fs_info rcu-delayed
makes proc_pid_ns() safe from rcu pathwalk (put_pid_ns()
is still synchronous, but that's not a problem - it does
rcu-delay everything that needs to be)

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
Al Viro
47458802f6 procfs: move dropping pde and pid from ->evict_inode() to ->free_inode()
that keeps both around until struct inode is freed, making access
to them safe from rcu-pathwalk

Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
Al Viro
c1b967d03c nfs: fix UAF on pathwalk running into umount
NFS ->d_revalidate(), ->permission() and ->get_link() need to access
some parts of nfs_server when called in RCU mode:
	server->flags
	server->caps
	*(server->io_stats)
and, worst of all, call
	server->nfs_client->rpc_ops->have_delegation
(the last one - as NFS_PROTO(inode)->have_delegation()).  We really
don't want to RCU-delay the entire nfs_free_server() (it would have
to be done with schedule_work() from RCU callback, since it can't
be made to run from interrupt context), but actual freeing of
nfs_server and ->io_stats can be done via call_rcu() just fine.
nfs_client part is handled simply by making nfs_free_client() use
kfree_rcu().

Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
Al Viro
10a973fc4f nfs: make nfs_set_verifier() safe for use in RCU pathwalk
nfs_set_verifier() relies upon dentry being pinned; if that's
the case, grabbing ->d_lock stabilizes ->d_parent and guarantees
that ->d_parent points to a positive dentry.  For something
we'd run into in RCU mode that is *not* true - dentry might've
been through dentry_kill() just as we grabbed ->d_lock, with
its parent going through the same just as we get to into
nfs_set_verifier_locked().  It might get to detaching inode
(and zeroing ->d_inode) before nfs_set_verifier_locked() gets
to fetching that; we get an oops as the result.

That can happen in nfs{,4} ->d_revalidate(); the call chain in
question is nfs_set_verifier_locked() <- nfs_set_verifier() <-
nfs_lookup_revalidate_delegated() <- nfs{,4}_do_lookup_revalidate().
We have checked that the parent had been positive, but that's
done before we get to nfs_set_verifier() and it's possible for
memory pressure to pick our dentry as eviction candidate by that
time.  If that happens, back-to-back attempts to kill dentry and
its parent are quite normal.  Sure, in case of eviction we'll
fail the ->d_seq check in the caller, but we need to survive
until we return there...

Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Al Viro
275655d320 afs: fix __afs_break_callback() / afs_drop_open_mmap() race
In __afs_break_callback() we might check ->cb_nr_mmap and if it's non-zero
do queue_work(&vnode->cb_work).  In afs_drop_open_mmap() we decrement
->cb_nr_mmap and do flush_work(&vnode->cb_work) if it reaches zero.

The trouble is, there's nothing to prevent __afs_break_callback() from
seeing ->cb_nr_mmap before the decrement and do queue_work() after both
the decrement and flush_work().  If that happens, we might be in trouble -
vnode might get freed before the queued work runs.

__afs_break_callback() is always done under ->cb_lock, so let's make
sure that ->cb_nr_mmap can change from non-zero to zero while holding
->cb_lock (the spinlock component of it - it's a seqlock and we don't
need to mess with the counter).

Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Al Viro
af072cf683 hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info
->d_hash() and ->d_compare() use those, so we need to delay freeing
them.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Al Viro
a13d1a4de3 exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper
That stuff can be accessed by ->d_hash()/->d_compare(); as it is, we have
a hard-to-hit UAF if rcu pathwalk manages to get into ->d_hash() on a filesystem
that is in process of getting shut down.

Besides, having nls and upcase table cleanup moved from ->put_super() towards
the place where sbi is freed makes for simpler failure exits.

Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Al Viro
529f89a9e4 affs: free affs_sb_info with kfree_rcu()
one of the flags in it is used by ->d_hash()/->d_compare()

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Al Viro
cdb67fdeed rcu pathwalk: prevent bogus hard errors from may_lookup()
If lazy call of ->permission() returns a hard error, check that
try_to_unlazy() succeeds before returning it.  That both makes
life easier for ->permission() instances and closes the race
in ENOTDIR handling - it is possible that positive d_can_lookup()
seen in link_path_walk() applies to the state *after* unlink() +
mkdir(), while nd->inode matches the state prior to that.

Normally seeing e.g. EACCES from permission check in rcu pathwalk
means that with some timings non-rcu pathwalk would've run into
the same; however, running into a non-executable regular file
in the middle of a pathname would not get to permission check -
it would fail with ENOTDIR instead.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Al Viro
583340de1d fs/super.c: don't drop ->s_user_ns until we free struct super_block itself
Avoids fun races in RCU pathwalk...  Same goes for freeing LSM shite
hanging off super_block's arse.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:31 -05:00
Kent Overstreet
c4333eb541 bcachefs: Fix check_snapshot() memcpy
check_snapshot() copies the bch_snapshot to a temporary to easily handle
older versions that don't have all the fields of the current version,
but it lacked a min() to correctly handle keys newer and larger than the
current version.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24 20:47:47 -05:00
Kent Overstreet
097471f9e4 bcachefs: Fix bch2_journal_flush_device_pins()
If a journal write errored, the list of devices it was written to could
be empty - we're not supposed to mark an empty replicas list.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24 20:46:48 -05:00
Brian Foster
b58b1b883b bcachefs: fix iov_iter count underflow on sub-block dio read
bch2_direct_IO_read() checks the request offset and size for sector
alignment and then falls through to a couple calculations to shrink
the size of the request based on the inode size. The problem is that
these checks round up to the fs block size, which runs the risk of
underflowing iter->count if the block size happens to be large
enough. This is triggered by fstest generic/361 with a 4k block
size, which subsequently leads to a crash. To avoid this crash,
check that the shorten length doesn't exceed the overall length of
the iter.

Fixes:
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Su Yue <glass.su@suse.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24 20:45:24 -05:00
Kent Overstreet
204f45140f bcachefs: Fix BTREE_ITER_FILTER_SNAPSHOTS on inodes btree
If we're in FILTER_SNAPSHOTS mode and we start scanning a range of the
keyspace where no keys are visible in the current snapshot, we have a
problem - we'll scan for a very long time before scanning terminates.

Awhile back, this was fixed for most cases with peek_upto() (and
assertions that enforce that it's being used).

But the fix missed the fact that the inodes btree is different - every
key offset is in a different snapshot tree, not just the inode field.

Fixes:
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24 20:41:46 -05:00
Kent Overstreet
04fee68dd9 bcachefs: Kill __GFP_NOFAIL in buffered read path
Recently, we fixed our __GFP_NOFAIL usage in the readahead path, but the
easy one in read_single_folio() (where wa can return an error) was
missed - oops.

Fixes:
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24 20:41:42 -05:00
Kent Overstreet
1f626223a0 bcachefs: fix backpointer_to_text() when dev does not exist
Fixes:
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
2024-02-24 20:41:37 -05:00
Linus Torvalds
ab0a97cffa powerpc fixes for 6.8 #4
- Fix a crash when hot adding a PCI device to an LPAR since recent changes.
 
  - Fix nested KVM level-2 guest reboot failure due to empty 'arch_compat'.
 
 Thanks to: Amit Machhiwal, Aneesh Kumar K.V (IBM), Brian King, Gaurav Batra,
 Vaibhav Jain.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmXaf8kTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgJUyEACK+gmbPJxVwRnt60e7l8SJrjaXE9ZH
 llI2ffSM63KOL0qeJlWj8EfNcmU3ihCnMpVS4VHAIvEvCq8KBdcHh7EfLmIjMSl2
 oHfcb+dpdnWpQUkI2jci6ptxv8Al7hmd5kP6X5TGn0XJaXWatW4tj7QDP574DCZY
 UfbHGvGnCVmlcxm3xhn7JzJT4Lgj9ehxgZEMHB68qfwU2rJgUXNITBzOsGwfq4c0
 wiIdzVGMuJQdaFLt0JLNP2KY8kpVsAeKRYgSsLrkDkp+tKOIPvgeBmC221pOb1Y4
 iZbpXR3h06WfFBnA2PJpdfuacN55/gF0U5BnyOj5tB7CTx65oTyX/BJLIocKWAlF
 hRRPVEYqBH0mZCHXn03+J/A2/iut1XxDlVMpEhjjZjb57CTYCApSpHer6shPw6PV
 QqG+iAr7lBCZ70qS2m2+mjPhgDf5TNlxlsip7S3xJJpJvScN/JyPDupDF7tQYuHD
 GjIOm8gSHL0i3F4L3NAZ9FtPRwxXcv85sWCTbE7jsfVOT/kkDGTwhx/vdPIR0la8
 agDv/Q0FyyFHWd5IS4oqXFop6P3boulHexdIec/MIhBrPSZ6oG0ySzj3rqdI7VYh
 7BYj/cHerKONR/BU6S3vKddh9RDD9Fe5ghEAgng2DxG+Za/m/M2v/76123/ZeZuw
 qQ8aiIvYOJ4DGA==
 =+tcX
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-6.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Fix a crash when hot adding a PCI device to an LPAR since
   recent changes

 - Fix nested KVM level-2 guest reboot failure due to empty
   'arch_compat'

Thanks to Amit Machhiwal, Aneesh Kumar K.V (IBM), Brian King, Gaurav
Batra, and Vaibhav Jain.

* tag 'powerpc-6.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  KVM: PPC: Book3S HV: Fix L2 guest reboot failure due to empty 'arch_compat'
  powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
2024-02-24 16:49:51 -08:00
Linus Torvalds
91403d50e9 IOMMU Fixes for Linux v6.8-rc5
Including:
 
 	- Intel VT-d fixes for nested domain handling:
 	  - Cache invalidation for changes in a parent domain
 	  - Dirty tracking setting for parent and nested domains
 	  - Fix a constant-out-of-range warning
 
 	- ARM SMMU fixes:
 	  - Fix CD allocation from atomic context when using SVA with SMMUv3
 	  - Revert the conversion of SMMUv2 to domain_alloc_paging(), as it
 	    breaks the boot for Qualcomm MSM8996 devices
 
 	- Restore SVA handle sharing in core code as it turned out there are
 	  still drivers relying on it
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAmXaZ/QACgkQK/BELZcB
 GuPTaQ/9GJTAmfIktgPWqAgUOUa6fWpEsmChwVgpMDxw4fyQsJrKZ/YQfX8Vy17S
 TV9EyCFGALRdcE+VX41KtrvG5MWY5cHa4BlJ6/KaD3tilhViTsACN7JkGiWnlEIs
 4t6YefoaMvgdaJ4nqysFlHtlaVKHObTi6toyyCCHIywOcei2YqX3mqTIiPzUyflj
 dqx0HwBG5uz6q00JNbHVQHeMc8rIEvT61oMssQUMNt8KPvdNJl9OrZSRvXimHABU
 Vh0nMKYLAqHp40IvoXScA9Aj/DWTwE2346/Xpd6hnZ/yJvBlm6YQWKpJtjJz3z2Y
 ZnK+cmFPAaC0EE7dlEpN7hcwtEqumw1K+CJ4s8rfnNY5IdcY0DIRAVxCLsh2YH15
 rcupp3iNJMR3JeVUYHKe+mEHcYSyC9SABw01aq9NdEu1LRfXjLRrYFVh3yovpshV
 abXssThTFWQTfTvUs2Vt9zjVIinST3ogki+mxyfgqTuKYj9GY8P3eqYRFrdxGJnI
 mtwu0ByRwVpdNUBUWsOk+3sSdvPBsgd/Fchr8Gmpl5W2cAjPOetYn0th3hksG7tn
 9qyUDwTHDaQsXEONFwS44eP9KlccUUvvLhFHCBghDm5A6i/aDdnz6d1CdfPOdb4y
 DwOQem4AiOmeTBGEZA6Z/ZSKsqZGmpZditBveki0ImauxrUZXMU=
 =aVOB
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull iommu fixes from Joerg Roedel:

 - Intel VT-d fixes for nested domain handling:

      - Cache invalidation for changes in a parent domain

      - Dirty tracking setting for parent and nested domains

      - Fix a constant-out-of-range warning

 - ARM SMMU fixes:

      - Fix CD allocation from atomic context when using SVA with SMMUv3

      - Revert the conversion of SMMUv2 to domain_alloc_paging(), as it
        breaks the boot for Qualcomm MSM8996 devices

 - Restore SVA handle sharing in core code as it turned out there are
   still drivers relying on it

* tag 'iommu-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/sva: Restore SVA handle sharing
  iommu/arm-smmu-v3: Do not use GFP_KERNEL under as spinlock
  iommu/vt-d: Fix constant-out-of-range warning
  iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking
  iommu/vt-d: Add missing dirty tracking set for parent domain
  iommu/vt-d: Wrap the dirty tracking loop to be a helper
  iommu/vt-d: Remove domain parameter for intel_pasid_setup_dirty_tracking()
  iommu/vt-d: Add missing device iotlb flush for parent domain
  iommu/vt-d: Update iotlb in nested domain attach
  iommu/vt-d: Add missing iotlb flush for parent domain
  iommu/vt-d: Add __iommu_flush_iotlb_psi()
  iommu/vt-d: Track nested domains in parent
  Revert "iommu/arm-smmu: Convert to domain_alloc_paging()"
2024-02-24 15:59:26 -08:00
Linus Torvalds
ac389bc0ca cxl fixes for 6.8-rc6
- Fix NUMA initialization from ACPI CEDT.CFMWS
 
 - Fix region assembly failures due to async init order
 
 - Fix / simplify export of qos_class information
 
 - Fix cxl_acpi initialization vs single-window-init failures
 
 - Fix handling of repeated 'pci_channel_io_frozen' notifications
 
 - Workaround platforms that violate host-physical-address ==
   system-physical address assumptions
 
 - Defer CXL CPER notification handling to v6.9
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQSbo+XnGs+rwLz9XGXfioYZHlFsZwUCZdpH9gAKCRDfioYZHlFs
 ZwZlAQDE+PxTJnjCXDVnDylVF4yeJF2G/wSkH1CFVFVxa0OjhAD/ZFScS/nz/76l
 1IYYiiLqmVO5DdmJtfKtq16m7e1cZwc=
 =PuPF
 -----END PGP SIGNATURE-----

Merge tag 'cxl-fixes-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl

Pull cxl fixes from Dan Williams:
 "A collection of significant fixes for the CXL subsystem.

  The largest change in this set, that bordered on "new development", is
  the fix for the fact that the location of the new qos_class attribute
  did not match the Documentation. The fix ends up deleting more code
  than it added, and it has a new unit test to backstop basic errors in
  this interface going forward. So the "red-diff" and unit test saved
  the "rip it out and try again" response.

  In contrast, the new notification path for firmware reported CXL
  errors (CXL CPER notifications) has a locking context bug that can not
  be fixed with a red-diff. Given where the release cycle stands, it is
  not comfortable to squeeze in that fix in these waning days. So, that
  receives the "back it out and try again later" treatment.

  There is a regression fix in the code that establishes memory NUMA
  nodes for platform CXL regions. That has an ack from x86 folks. There
  are a couple more fixups for Linux to understand (reassemble) CXL
  regions instantiated by platform firmware. The policy around platforms
  that do not match host-physical-address with system-physical-address
  (i.e. systems that have an address translation mechanism between the
  address range reported in the ACPI CEDT.CFMWS and endpoint decoders)
  has been softened to abort driver load rather than teardown the memory
  range (can cause system hangs). Lastly, there is a robustness /
  regression fix for cases where the driver would previously continue in
  the face of error, and a fixup for PCI error notification handling.

  Summary:

   - Fix NUMA initialization from ACPI CEDT.CFMWS

   - Fix region assembly failures due to async init order

   - Fix / simplify export of qos_class information

   - Fix cxl_acpi initialization vs single-window-init failures

   - Fix handling of repeated 'pci_channel_io_frozen' notifications

   - Workaround platforms that violate host-physical-address ==
     system-physical address assumptions

   - Defer CXL CPER notification handling to v6.9"

* tag 'cxl-fixes-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
  cxl/acpi: Fix load failures due to single window creation failure
  acpi/ghes: Remove CXL CPER notifications
  cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
  cxl/test: Add support for qos_class checking
  cxl: Fix sysfs export of qos_class for memdev
  cxl: Remove unnecessary type cast in cxl_qos_class_verify()
  cxl: Change 'struct cxl_memdev_state' *_perf_list to single 'struct cxl_dpa_perf'
  cxl/region: Allow out of order assembly of autodiscovered regions
  cxl/region: Handle endpoint decoders in cxl_region_find_decoder()
  x86/numa: Fix the sort compare func used in numa_fill_memblks()
  x86/numa: Fix the address overlap check in numa_fill_memblks()
  cxl/pci: Skip to handle RAS errors if CXL.mem device is detached
2024-02-24 15:53:40 -08:00
Linus Torvalds
f2e367d6ad - Fix DM integrity and verity targets to not use excessive stack when
they recheck in the error path.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEJfWUX4UqZ4x1O2wixSPxCi2dA1oFAmXaEswACgkQxSPxCi2d
 A1oT2Qf/c1opgjRUe+yY/v7nWf4paufSj2O4LYAy/qQBU7IS9CcXQPzi/pKlfEo8
 60OZfa5gfrCAla79se7hHI/mxReq7CI5nFvYDyqQ1JZQ/djG/4cN/oWf5fQ12pon
 /ET1IzaZ+Mom+5wDBeQBLoQwXTA1ru5Bi1OiUe9Ed3wzadZQQks5s65fPnc0emGJ
 ClyaXiiCt4Dy36E5GmuPpmPB4ZJ57SwcnFWDFIeCHEbIQk36APkZ22z7lqGObjw2
 ANO1l59k6ojzmaXLi9pw/J/o/qyfNR0MpeI7SpmtJzhSZKeGKsUX2GlJ9QBhViJp
 XL/+7MbSRJ43IY1lomoHZm1vxe0aPg==
 =sQPX
 -----END PGP SIGNATURE-----

Merge tag 'for-6.8/dm-fix-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fix from Mike Snitzer:

 - Fix DM integrity and verity targets to not use excessive stack when
   they recheck in the error path.

* tag 'for-6.8/dm-fix-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm-integrity, dm-verity: reduce stack usage for recheck
2024-02-24 09:55:29 -08:00
Linus Torvalds
6d20acbf3e SCSI fixes on 20240224
Six fixes: the four driver ones are pretty trivial.  The larger two
 core changes are to try to fix various USB attached devices which have
 somewhat eccentric ways of handling the VPD and other mode pages which
 necessitate multiple revalidates (that were removed in the interests
 of efficiency) and updating the heuristic for supported VPD pages.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCZdkyyyYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishS2KAP0V8RVm
 U1gUoE4doIV9WdK8Dv0MUxnOpYVvjhRjM8PA1QEAwaPJivC91smxJv4MOIDq0PL3
 9qyMwQq4jWH/2zS14p8=
 =8aq+
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Six fixes: the four driver ones are pretty trivial.

  The larger two core changes are to try to fix various USB attached
  devices which have somewhat eccentric ways of handling the VPD and
  other mode pages which necessitate multiple revalidates (that were
  removed in the interests of efficiency) and updating the heuristic for
  supported VPD pages"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: jazz_esp: Only build if SCSI core is builtin
  scsi: smartpqi: Fix disable_managed_interrupts
  scsi: ufs: Uninitialized variable in ufshcd_devfreq_target()
  scsi: target: pscsi: Fix bio_put() for error case
  scsi: core: Consult supported VPD page list prior to fetching page
  scsi: sd: usb_storage: uas: Access media prior to querying device properties
2024-02-24 09:49:16 -08:00
Linus Torvalds
fef85269a1 Passing on a bugfix for host drivers
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmXZIXIACgkQFA3kzBSg
 KbZC3A/+I6QRwH0mh/DhkmimbNXPogPYnO3CfoZdLKkVefIFLc2Vm9y5VmpW4G3/
 yVrIZSaYbMBNJky3LfFwPV2WPcgxRvDHM8JFuLYoEw2mJtD6e71OgDxwZ2Io3vI+
 DMx35H92sKf2Ohvqtofkyjeb0xIgc9SuQL8yf+bBO4q4H62eS2E+flnsLWIZWvRT
 NhG+gbu9LcOrPEpjmsGIf/4c1siMraUy342dSWjk6h3ndzokCkViTgZf2MXpLoMa
 MYLyNdC+xBvePZcngexd3JC0qhaSi1FQxM2U7xnXYeibTl5q2gSrzWNXptqNfXLk
 IZCBWOt3K7LZgHXEf5Gzyh8o2q2jBsxbu3/BZEYuNImCtkCAX1+9JS0y8aCNmaBH
 oPXdhaPmdaJMdh4AYFn36p5VOWWrSsK5H1XzTkPNjPMtYJqnHmCWPAVOULCRwEcd
 BSmwggVhh6wkW3xTObTRer/IjziCu43E/lW8KUXpn1cdyw4POAzT/On+B3vrm6vX
 Ay5h1dVqUPIs7k2clZzsbXi8rPp5Myr1/hxOrDxH4vP3jv6OAlWz93KuHi2Fg66t
 71qmDumDq2Tr9A/tM9duQmZ72OwNS/1UqDVXg0Zk83frEpxjSmKC7ngDM2TNJ10E
 LMW1y0gAT9AzaJTvdAaLbzZmGrDNHjjqHLcLxo00UmAZw6JVP8I=
 =QxF6
 -----END PGP SIGNATURE-----

Merge tag 'i2c-for-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

Pull i2c fix from Wolfram Sang:
 "A bugfix for host drivers"

* tag 'i2c-for-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: imx: when being a target, mark the last read as processed
2024-02-24 09:46:05 -08:00
Linus Torvalds
c6a597fcc7 LoongArch fixes for v6.8-rc6
-----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCAA0FiEEzOlt8mkP+tbeiYy5AoYrw/LiJnoFAmXZeF4WHGNoZW5odWFj
 YWlAa2VybmVsLm9yZwAKCRAChivD8uImepF0D/9vFZTcp0RYeSg8ja6Hw5sPpCtO
 FbUepaxp7GnLzTAdCtrcNSGkKau4fWmo96fNcvs9Nshy08aemD8qLI9QH64oyLrJ
 K4YXk9MgU4ye5T71PHqSn5BMuVrNkeVt2Qe+2VCH15ZANTCkdComdLoxdkJa5N3M
 naOearhfh8qY0GHEVZFeBDkkcAU+xghi6//xwp3sd7562uUGsvXjiykog6JwNON5
 Bzet22YigCkb5jSm5nyTS5DXEiNUDHd06mPp8yN6RLFPcN1nEiw1xviPGlKJZbwm
 dgoYgbMZCz668x7Lw/Uga2wmZm4HyxcEagcHJDZEGmnO++8a8fQUMTG00rQqEinG
 XvwmFHgDReaKoDaEA5R+fPEoMR7akWkXv5hbLz+ym+gfpGfyAX8fIkEd8Vh8DmgL
 IMJdH4AXYZhXxJbNiLOnWRB4NUjvxS86QS4o2HJMO6WsSvF8MB0ZOR17ROVM9ABP
 vb/EDfTdN5KYRvg6vBrUKNtw87NYm97uBjPCdwf/PfZqNGQ8wcdDQ4oiSh92cF5c
 Vd3T0YwAO45mW6EmzrhXgNh9JmYvNn1jqsX6pqGRY5FQ+6wZf4TfhZzCvlM8ShoX
 NElM1gbtT63nxDFFWVrxTQtabFQy4CVzQSjVoaCffs9Xt3ZQucGo3v6r7tnC1MqR
 gjM9WTQH4IK0y63fnQ==
 =tRG3
 -----END PGP SIGNATURE-----

Merge tag 'loongarch-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson

Pull LoongArch fixes from Huacai Chen:
 "Fix two cpu-hotplug issues, fix the init sequence about FDT system,
  fix the coding style of dts, and fix the wrong CPUCFG ID handling of
  KVM"

* tag 'loongarch-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
  LoongArch: KVM: Streamline kvm_check_cpucfg() and improve comments
  LoongArch: KVM: Rename _kvm_get_cpucfg() to _kvm_get_cpucfg_mask()
  LoongArch: KVM: Fix input validation of _kvm_get_cpucfg() & kvm_check_cpucfg()
  LoongArch: dts: Minor whitespace cleanup
  LoongArch: Call early_init_fdt_scan_reserved_mem() earlier
  LoongArch: Update cpu_sibling_map when disabling nonboot CPUs
  LoongArch: Disable IRQ before init_fn() for nonboot CPUs
2024-02-24 09:36:35 -08:00
Arnd Bergmann
66ad2fbcdb dm-integrity, dm-verity: reduce stack usage for recheck
The newly added integrity_recheck() function has another larger stack
allocation, just like its caller integrity_metadata(). When it gets
inlined, the combination of the two exceeds the warning limit for 32-bit
architectures and possibly risks an overflow when this is called from
a deep call chain through a file system:

drivers/md/dm-integrity.c:1767:13: error: stack frame size (1048) exceeds limit (1024) in 'integrity_metadata' [-Werror,-Wframe-larger-than]
 1767 | static void integrity_metadata(struct work_struct *w)

Since the caller at this point is done using its checksum buffer,
just reuse the same buffer in the new function to avoid the double
allocation.

[Mikulas: add "noinline" to integrity_recheck and verity_recheck.
These functions are only called on error, so they shouldn't bloat the
stack frame or code size of the caller.]

Fixes: c88f5e553f ("dm-integrity: recheck the integrity tag after a failure")
Fixes: 9177f3c0de ("dm-verity: recheck the hash after a failure")
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
2024-02-24 10:53:57 -05:00
Corey Minyard
87aec49936 i2c: imx: when being a target, mark the last read as processed
When being a target, NAK from the controller means that all bytes have
been transferred. So, the last byte needs also to be marked as
'processed'. Otherwise index registers of backends may not increase.

Fixes: f7414cd692 ("i2c: imx: support slave mode for imx I2C driver")
Signed-off-by: Corey Minyard <minyard@acm.org>
Tested-by: Andrew Manley <andrew.manley@sealingtech.com>
Reviewed-by: Andrew Manley <andrew.manley@sealingtech.com>
Reviewed-by: Oleksij Rempel <o.rempel@pengutronix.de>
[wsa: fixed comment and commit message to properly describe the case]
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
2024-02-23 23:39:35 +01:00
Linus Torvalds
603c04e27c parisc architecture fixes for kernel v6.8-rc6:
- Fix CPU hotplug
 - Fix unaligned accesses and faults in stack unwinder
 - Fix potential build errors by always including asm-generic/kprobes.h
 - Fix build bug by add missing CONFIG_DYNAMIC_FTRACE check
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZdjO+gAKCRD3ErUQojoP
 X5QiAPsGd0pv/I5HXc/JkwnqBaP7RC1BwN01og4ftzmKG8ngvQD+JH4YT2rvT7c0
 0FgUVp5khg0ZgSZ6IGUFy7GUs8uanww=
 =XdOQ
 -----END PGP SIGNATURE-----

Merge tag 'parisc-for-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux

Pull parisc architecture fixes from Helge Deller:
 "Fixes CPU hotplug, the parisc stack unwinder and two possible build
  errors in kprobes and ftrace area:

   - Fix CPU hotplug

   - Fix unaligned accesses and faults in stack unwinder

   - Fix potential build errors by always including asm-generic/kprobes.h

   - Fix build bug by add missing CONFIG_DYNAMIC_FTRACE check"

* tag 'parisc-for-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: Fix stack unwinder
  parisc/kprobes: always include asm-generic/kprobes.h
  parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
  Revert "parisc: Only list existing CPUs in cpu_possible_mask"
2024-02-23 10:40:20 -08:00
Linus Torvalds
e44baca779 Arm and RISC-V SoC fixes for 6.8, part 2
The Rockchip and IMX8 platforms get a number of fixes for dts files in
 order to address some misconfigurations, including a regression for
 USB-C support on some boards.
 
 The other dts fixes are part of a series by Rob Herring to clean up
 another class of dtc compiler warnings across all platforms, with
 a few others helping out as well. With this, we can enable the warning
 for the coming merge window without introducing regressions.
 
 Conor Dooley has collected fixes for RISC-V platforms, both for the
 dts files and for platofrm specific drivers.
 
 The ep93xx platform gets a regression for for its gpio descriptors.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmXYmjcACgkQYKtH/8kJ
 UieiAw/+K1bDnxVhgHB8PXAToCF+fhNCpaSUp/oShz2cbPYcExOn2XMWPvkRp/Jo
 lEsZPr9E4M13ot0P/KOQO7J8aGYiaBca0enHD3EflPNo84qjnZfmBSnFVV9JHEk0
 WzyZBPlm1Ynz97bMr56KqzeJBdn+iYwpf7Ekp7OqOmTB7Y/q3DGr67TCLcxO+QJD
 s2pObk4CODeC8JuWDQ5SpA0K8KA6fO7ubGe2ecOJkaLqtdDoe6dMbnJ3VFtBKd4Y
 0uL2E0WGNsAP4fkYCeajTEKRmqjbWfNiFsgva4RFPVjcyKBqi890Mkes4MhS/bTo
 wCV/6AWYuIfZnKmzKGJp0Bj4cl2ZNEc6M+G5XQMHmlXrrTe2aFiKeibc56uKKrjC
 17DoPWD4oIUH3TLh0vRhRCG0/aagTeGYerOTtPKKs+vLfSqri7nv3gW7Cybm1oPh
 xcI2ieMNzLTEio3bQ1fu7B/wBWjtjGhi0VFsEQcj5wQpLuvMC4G5I1el0zbAlzri
 YzXRbNIkg7PRgOdNQ4d3FzM8TaKcG15AHOi56VXGz/aV7yBInMxfSrTEkzY/KFXN
 oXIhPRwJW3pDEa3dEcGataLwgVdZtCOdAi8CdEal5l8H33+WIKBN8jxlxirxs7IQ
 sxMaunOSSCOH+j71bwxuI5wFQ/OevX+lX+0AEAqh+qyuatw1d8I=
 =iNfa
 -----END PGP SIGNATURE-----

Merge tag 'arm-fixes-6.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull arm and RISC-V SoC fixes from Arnd Bergmann:
 "The Rockchip and IMX8 platforms get a number of fixes for dts files in
  order to address some misconfigurations, including a regression for
  USB-C support on some boards.

  The other dts fixes are part of a series by Rob Herring to clean up
  another class of dtc compiler warnings across all platforms, with a
  few others helping out as well. With this, we can enable the warning
  for the coming merge window without introducing regressions.

  Conor Dooley has collected fixes for RISC-V platforms, both for the
  dts files and for platofrm specific drivers.

  The ep93xx platform gets a regression for for its gpio descriptors"

* tag 'arm-fixes-6.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (28 commits)
  ARM: dts: renesas: rcar-gen2: Add missing #interrupt-cells to DA9063 nodes
  cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback()
  arm64: dts: qcom: Fix interrupt-map cell sizes
  arm: dts: Fix dtc interrupt_map warnings
  arm64: dts: Fix dtc interrupt_provider warnings
  arm: dts: Fix dtc interrupt_provider warnings
  arm64: dts: freescale: Disable interrupt_map check
  ARM: ep93xx: Add terminator to gpiod_lookup_table
  riscv: dts: sifive: add missing #interrupt-cells to pmic
  arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names
  arm64: dts: rockchip: Drop interrupts property from rk3328 pwm-rockchip node
  arm64: dts: rockchip: set num-cs property for spi on px30
  arm64: dts: rockchip: minor rk3588 whitespace cleanup
  riscv: dts: starfive: replace underscores in node names
  bus: imx-weim: fix valid range check
  Revert "arm64: dts: imx8mn-var-som-symphony: Describe the USB-C connector"
  Revert "arm64: dts: imx8mp-dhcom-pdk3: Describe the USB-C connector"
  arm64: dts: tqma8mpql: fix audio codec iov-supply
  arm64: dts: rockchip: drop unneeded status from rk3588-jaguar gpio-leds
  ARM: dts: rockchip: Drop interrupts property from pwm-rockchip nodes
  ...
2024-02-23 10:31:28 -08:00
Linus Torvalds
86f01602a4 arm64 fixes for -rc6
- Revert fix to jump label asm constraints, as it regresses the build
   with some GCC 5.5 toolchains.
 
 - Restore SME control registers when resuming from suspend
 
 - Fix incorrect filter definition in CXL PMU driver
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmXXVFoQHHdpbGxAa2Vy
 bmVsLm9yZwAKCRC3rHDchMFjNPQpB/9+TGwvTPj3xEJcrJwTnsoY2tMtJdYO/sli
 f31auT0PsOI1RtMin1fyiN9fOpIbjWHcdlBgUxnkyV6c2MpViw8L/0H27guJGWgv
 +G26+H/Ch1BsujewKkfJxX5GimdGZ2uBvbiYyBb4EXg36/UG6qeRjfYP+EB70UPY
 rrT01E8UGv6WDShY9om7QVO91X7YU6EBUfu46wPrs2LFbueaBwCEBZBLE5qu4vWF
 N7yWOWR2CUt/P4v8a5LfV3wwM+VRdmvovHnPUH5uR7QthEa+gDCDPsjf3fus4nts
 iE6NCC517j9cG8lz7B5FJP6UfMPWgbNr1QMFuoyrzwdvc6EoXG6z
 =+SsP
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "A simple fix to a definition in the CXL PMU driver, a couple of
  patches to restore SME control registers on the resume path (since
  Arm's fast model now clears them) and a revert for our jump label asm
  constraints after Geert noticed they broke the build with GCC 5.5.

  There was then the ensuing discussion about raising the minimum GCC
  (and corresponding binutils) versions at [1], but for now we'll keep
  things working as they were until that goes ahead.

   - Revert fix to jump label asm constraints, as it regresses the build
     with some GCC 5.5 toolchains.

   - Restore SME control registers when resuming from suspend

   - Fix incorrect filter definition in CXL PMU driver"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend
  arm64/sme: Restore SME registers on exit from suspend
  Revert "arm64: jump_label: use constraints "Si" instead of "i""
  perf: CXL: fix CPMU filter value mask length
2024-02-23 10:26:43 -08:00
Linus Torvalds
5efa18e862 s390 fixes for 6.8-rc6
- Fix invalid -EBUSY on ccw_device_start() which can lead to failing
   device initialization
 
 - Add missing multiplication by 8 in __iowrite64_copy() to get the
   correct byte length before calling zpci_memcpy_toio()
 
 - Various config updates
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEECMNfWEw3SLnmiLkZIg7DeRspbsIFAmXYvSsACgkQIg7DeRsp
 bsIkmw/+JABfYGH1/z0E3g7PSUrsbQkRiINyzmsv57KmIzMVNAhQoYSWiRiCqjVs
 /XB2u2vgkVSZL+29vJCd178MnKK/LiN7VavbmNrYJxpVmgSsM0cc/CjGGf71lh2b
 z25YbmtXGOA6Dgg+1KY0sFouMDzCT82imvKj5dvE0+NB4PBevslNGdY7qZroUGXg
 mcvAA44qkfv61TaaMkt7o/9Mz5SJZ6byR3kacz6twpyGfbIboeQqCkejovit/Yb2
 IlqtbMoWkCmO0ULRr96Pl156Ja8guCYiGvTjjL51DDeLymkiN9z6lNblOqRy0GP6
 +YZKtbU3vdmdaVgk1Bp/ez1frjeteLAFbhRejie39Wd9TibuJp00DouRLJRJnaep
 PywZd82oyMv94x2fy+nC4aBb6MxiOmsl5I2z/IilU0+O0gfToEgAXUb/fRAFFr1H
 1P/5jouS7mMpgaf9nHBWh740oOs5XJX8xGe9S8+BFLTElKnBbAEknQU+e5NOr39K
 OjMxG9OSC4UqiodYFgJtbhqmLV6BWN3m3sY/6SWZep3JbyiDwKB7G2a/4Q5SvypU
 3e5WTVdx9EuTRNgXtA7bkwnNt8XG9JubAhInlNAt29bSkIvt8YODDwPPSpMNMVhC
 vzotbMAX/cuncX6jumO3qkqimIZ1oSBBUJgq5RmYuLMvGQz7RH8=
 =RG5H
 -----END PGP SIGNATURE-----

Merge tag 's390-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Heiko Carstens:

 - Fix invalid -EBUSY on ccw_device_start() which can lead to failing
   device initialization

 - Add missing multiplication by 8 in __iowrite64_copy() to get the
   correct byte length before calling zpci_memcpy_toio()

 - Various config updates

* tag 's390-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/cio: fix invalid -EBUSY on ccw_device_start
  s390: use the correct count for __iowrite64_copy()
  s390/configs: update default configurations
  s390/configs: enable INIT_STACK_ALL_ZERO in all configurations
  s390/configs: provide compat topic configuration target
2024-02-23 09:54:13 -08:00
Linus Torvalds
95e73fb16a 14 hotfixes. 10 are cc:stable and the remainder address post-6.7 issues
or aren't considered appropriate for backporting.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZdfSoQAKCRDdBJ7gKXxA
 jtdcAQCEMwrTnSVOfP0WxixL11HK8a1bJdezHBLWFUDscm4BXgD9EV4mgQ2yPDA6
 ka+Lf9MucZSpJ2QYZA4GoDqP4wefawA=
 =zI6b
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2024-02-22-15-02' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc fixes from Andrew Morton:
 "A batch of MM (and one non-MM) hotfixes.

  Ten are cc:stable and the remainder address post-6.7 issues or aren't
  considered appropriate for backporting"

* tag 'mm-hotfixes-stable-2024-02-22-15-02' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  kasan: guard release_free_meta() shadow access with kasan_arch_is_ready()
  mm/damon/lru_sort: fix quota status loss due to online tunings
  mm/damon/reclaim: fix quota stauts loss due to online tunings
  MAINTAINERS: mailmap: update Shakeel's email address
  mm/damon/sysfs-schemes: handle schemes sysfs dir removal before commit_schemes_quota_goals
  mm: memcontrol: clarify swapaccount=0 deprecation warning
  mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array
  mm/zswap: invalidate duplicate entry when !zswap_enabled
  lib/Kconfig.debug: TEST_IOV_ITER depends on MMU
  mm/swap: fix race when skipping swapcache
  mm/swap_state: update zswap LRU's protection range with the folio locked
  selftests/mm: uffd-unit-test check if huge page size is 0
  mm/damon/core: check apply interval in damon_do_apply_schemes()
  mm: zswap: fix missing folio cleanup in writeback race path
2024-02-23 09:43:21 -08:00
Linus Torvalds
e7768e65cd - Stable fixes for 3 DM targets (integrity, verity and crypt) to
address systemic failure that can occur if user provided pages map
   to the same block.
 
 - Fix DM crypt to not allow modifying data that being encrypted for
   authenticated encryption.
 
 - Fix DM crypt and verity targets to align their respective bvec_iter
   struct members to avoid the need for byte level access (due to
   __packed attribute) that is costly on some arches (like RISC).
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEJfWUX4UqZ4x1O2wixSPxCi2dA1oFAmXY0iwACgkQxSPxCi2d
 A1oG3Qf/WE0T5qyBnDZ7irhvJmSLVx4oAwzB0PmMtELZ3Tkyn7BBAxq1Q2I2UT3x
 r90d1uy/pz6Y+kZkAPZjYuYLctukEa1swpfFe0Sn01dBrbgGU/p2vi3fkF+ZK6/t
 n5EN8S5dkf6rIDmp8R56iP8mP4OEultYjLugxc6ROohFgHZicoqv+Pye9kHp0Y19
 HSW2eueag/s2nMa9HKjIEd3+NBgmGb0qMMf3M6CXpRLNi/f/cyHbPzq83+eW3gcg
 jl480w5YHk2nOUSqrO8UfIaP4BpD3SEXQxVqIzdkVX4cEBO4yRcBNrQpsT89GsXj
 sg5zinkq3g7SThEpQWdpkeZMR/6q/A==
 =n0nQ
 -----END PGP SIGNATURE-----

Merge tag 'for-6.8/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - Stable fixes for 3 DM targets (integrity, verity and crypt) to
   address systemic failure that can occur if user provided pages map to
   the same block.

 - Fix DM crypt to not allow modifying data that being encrypted for
   authenticated encryption.

 - Fix DM crypt and verity targets to align their respective bvec_iter
   struct members to avoid the need for byte level access (due to
   __packed attribute) that is costly on some arches (like RISC).

* tag 'for-6.8/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm-crypt, dm-integrity, dm-verity: bump target version
  dm-verity, dm-crypt: align "struct bvec_iter" correctly
  dm-crypt: recheck the integrity tag after a failure
  dm-crypt: don't modify the data when using authenticated encryption
  dm-verity: recheck the hash after a failure
  dm-integrity: recheck the integrity tag after a failure
2024-02-23 09:23:54 -08:00
Linus Torvalds
06b7ef70b1 drm fixes for 6.8-rc6
fbdev:
 - fix sparc undefined reference
 
 syncobj:
 - fix sync obj fence waiting
 - handle NULL fence in syncobj eventfd code
 
 ttm:
 - fix invalid free
 
 buddy:
 - fix list handling
 - fix 32-bit build
 
 meson:
 - don't remove bridges from other drivers
 
 nouveau:
 - fix build warnings
 - add two minor info parameters
 - add a Kconfig to allow GSP by default on some GPUs
 
 ivpu:
 - allow fw to do initial tile config
 
 i915:
 - fix TV mode
 
 amdgpu:
 - Suspend/resume fixes
 - Backlight error fix
 - DCN 3.5 fixes
 - Misc fixes
 
 xe:
 - Remove support for persistent exec_queues
 - Drop a reduntant sysfs newline printout
 - A three-patch fix for a VM_BIND rebind optimization path
 - Fix a modpost warning on an xe KUNIT module
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmXX7WkACgkQDHTzWXnE
 hr5lBRAAozCmnFJmu1As6oz4Of4aSt+i9/R7raRqxzRvTrIIGVGVN3U4dCCsu0Ah
 +Zi+NBXxXlliW0oO9pNfbhPz8ji27SlzyTtulxO1m3MYk4dUu9Cs/5wGSwLqFfeM
 yDAX1vWOeIhu1etIeMsFu/AhhE+vdr7zK/P8OHsS5hmmEcz043pLvrnLM2RzRN41
 CGOttm3pDeJ1FJFTiItGnSmurwrpt3/gd/tMv0lJlaCAUAZwjM0mQwzi5agGgpuI
 QuHHxz+WKHzQM1IIZKpVsSCbwmpm2S7ljJUpV7NVi4ViZo51ZV54FNaki/Hef9AK
 ypNnb2cf4K7jfJLXmKu4xagam251c/kqxVCHUv7amGQcMhFWHLEvNxWdh+RaQDQz
 /m4SAhe3KpB7gIczVFqZmsxSYjxVGMqQIPVuYBrB/Umm2uOk5CzDdRCpoocXGVyI
 GrQ5KtLx2D82SgtjCOT1ZS7BH2bv1VgFZgGZ/q4CbShK3sqRt2OPOgBsvXfXKnPO
 6kYDQ/C2syl/CUrQ+Gy+QAZsKd7hmpPswozui55MrqI3ccblJEtGM1S6yj24liyH
 g+Xwvl5GwKO/ZdmHAyb5ID4zsG+LsaLQebquG9VE26ja94omz+XGN5Huu7f5B0Lx
 nYeqF3mZr4tH5oDk9GeQUkhzkO/XC4VbrJQH0bFn8G6G2arm5pE=
 =CBvJ
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2024-02-23' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "This is the weekly drm fixes. Non-drivers there is a fbdev/sparc fix,
  syncobj, ttm and buddy fixes.

  On the driver side, ivpu, meson, i915 have a small fix each. Then
  amdgpu and xe have a bunch. Nouveau has some minor uapi additions to
  give userspace some useful info along with a Kconfig change to allow
  the new GSP firmware paths to be used by default on the GPUs it
  supports.

  Seems about the usual amount for this time of release cycle.

  fbdev:
   - fix sparc undefined reference

  syncobj:
   - fix sync obj fence waiting
   - handle NULL fence in syncobj eventfd code

  ttm:
   - fix invalid free

  buddy:
   - fix list handling
   - fix 32-bit build

  meson:
   - don't remove bridges from other drivers

  nouveau:
   - fix build warnings
   - add two minor info parameters
   - add a Kconfig to allow GSP by default on some GPUs

  ivpu:
   - allow fw to do initial tile config

  i915:
   - fix TV mode

  amdgpu:
   - Suspend/resume fixes
   - Backlight error fix
   - DCN 3.5 fixes
   - Misc fixes

  xe:
   - Remove support for persistent exec_queues
   - Drop a reduntant sysfs newline printout
   - A three-patch fix for a VM_BIND rebind optimization path
   - Fix a modpost warning on an xe KUNIT module"

* tag 'drm-fixes-2024-02-23' of git://anongit.freedesktop.org/drm/drm: (27 commits)
  nouveau: add an ioctl to report vram usage
  nouveau: add an ioctl to return vram bar size.
  nouveau/gsp: add kconfig option to enable GSP paths by default
  drm/amdgpu: Fix the runtime resume failure issue
  drm/amd/display: fix null-pointer dereference on edid reading
  drm/amd/display: Fix memory leak in dm_sw_fini()
  drm/amd/display: fix input states translation error for dcn35 & dcn351
  drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv
  drm/amd/display: Only allow dig mapping to pwrseq in new asic
  drm/amd/display: adjust few initialization order in dm
  drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func
  drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
  drm/ttm: Fix an invalid freeing on already freed page in error path
  sparc: Fix undefined reference to fb_is_primary_device
  drm/xe: Fix modpost warning on xe_mocs kunit module
  drm/xe/xe_gt_idle: Drop redundant newline in name
  drm/xe: Return 2MB page size for compact 64k PTEs
  drm/xe: Add XE_VMA_PTE_64K VMA flag
  drm/xe: Fix xe_vma_set_pte_size
  drm/xe/uapi: Remove support for persistent exec_queues
  ...
2024-02-23 09:17:47 -08:00
Linus Torvalds
b6d69282db ata changes for 6.8-rc6
- Do not try to set a sleeping device to standby. Sleep is a deeper
    sleep state than standby, and needs a reset to wake up the drive.
    A system resume will reset the port. Sending a command other than
    reset to a sleeping device is not wise, as the command will timeout.
    (Damien Le Moal)
 
  - Do not try to put a device to standby twice during system shutdown.
    ata_dev_power_set_standby() is currently called twice during
    shutdown, once after the scsi device is removed, and another when
    ata_pci_shutdown_one() executes. Modify ata_dev_power_set_standby()
    to do nothing if the device is already in standby. (Damien Le Moal)
 
  - Add a quirk for ASM1064 to fixup the number of implemented ports.
    We probe all ports that the hardware reports to be implemented.
    Probing ports that are not implemented causes significantly increased
    boot time. (Andrey Jr. Melnikov)
 
  - Fix error handling for the ahci_ceva driver.
    Ensure that the ahci_ceva driver does a proper cleanup of its
    resources in the error path. (Radhey Shyam Pandey)
 -----BEGIN PGP SIGNATURE-----
 
 iIgEABYKADAWIQRN+ES/c4tHlMch3DzJZDGjmcZNcgUCZdjJthIcY2Fzc2VsQGtl
 cm5lbC5vcmcACgkQyWQxo5nGTXKjKQEAw4J68mFTAjJuM0JxerDG1MMNBRWTtfS3
 sWtjpbkC6H8A/0PBFhgedSTy9w2eewspDlUR44SMTaKykNyPwBEF6Q0C
 =gpJt
 -----END PGP SIGNATURE-----

Merge tag 'ata-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux

Pull ata fixes from Niklas Cassel:

 - Do not try to set a sleeping device to standby. Sleep is a deeper
   sleep state than standby, and needs a reset to wake up the drive. A
   system resume will reset the port. Sending a command other than reset
   to a sleeping device is not wise, as the command will timeout (Damien
   Le Moal)

 - Do not try to put a device to standby twice during system shutdown.
   ata_dev_power_set_standby() is currently called twice during
   shutdown, once after the scsi device is removed, and another when
   ata_pci_shutdown_one() executes. Modify ata_dev_power_set_standby()
   to do nothing if the device is already in standby (Damien Le Moal)

 - Add a quirk for ASM1064 to fixup the number of implemented ports. We
   probe all ports that the hardware reports to be implemented. Probing
   ports that are not implemented causes significantly increased boot
   time (Andrey Jr. Melnikov)

 - Fix error handling for the ahci_ceva driver. Ensure that the
   ahci_ceva driver does a proper cleanup of its resources in the error
   path (Radhey Shyam Pandey)

* tag 'ata-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
  ata: libata-core: Do not call ata_dev_power_set_standby() twice
  ata: ahci_ceva: fix error handling for Xilinx GT PHY support
  ahci: asm1064: correct count of reported ports
  ata: libata-core: Do not try to set sleeping devices to standby
2024-02-23 09:05:56 -08:00