mirror of
https://github.com/torvalds/linux.git
synced 2024-11-25 13:41:51 +00:00
ca9649e9bd
1216370 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Eric Dumazet
|
5baa0433a1 |
neighbour: fix data-races around n->output
n->output field can be read locklessly, while a writer
might change the pointer concurrently.
Add missing annotations to prevent load-store tearing.
Fixes:
|
||
|
Eric Dumazet
|
25563b581b |
net: fix possible store tearing in neigh_periodic_work()
While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.
Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.
I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().
Fixes:
|
||
Masahiro Yamada
|
2d7d1bc119 |
kbuild: remove stale code for 'source' symlink in packaging scripts
Since commit
|
||
David S. Miller
|
c15cd642d4 |
bluetooth pull request for net:
- Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER - Fix handling of listen for ISO unicast - Fix build warnings - Fix leaking content of local_codecs - Add shutdown function for QCA6174 - Delete unused hci_req_prepare_suspend() declaration - Fix hci_link_tx_to RCU lock usage - Avoid redundant authentication -----BEGIN PGP SIGNATURE----- iQJNBAABCAA3FiEE7E6oRXp8w05ovYr/9JCA4xAyCykFAmULNMMZHGx1aXoudm9u LmRlbnR6QGludGVsLmNvbQAKCRD0kIDjEDILKYF+D/4lgcowz8/5ry6Idp1yDR4r H4ns/Q199jUlLRKjUQxwGcAM3mp5JlM+ZGjHooFHZmXhthRCvqv2poyheVq9GdQT 46yCwAWSK+PmHlXzLUQrPK7eNUwFCG5T6wVtvQHMybN1sf3fBfR9TMZup4rMHUtI Zdz2e2WxiFj07TaSWIDh966YTPxq0uGEB+Fl7UQXnd4rlWWbke7uD6XcNm2b5+M5 mSeJUXfr+w3RUcNMT86OQ+vDlRTkzBN7zWkHvskI9o8wnnkkNPoUvIb7nJH6BafP iKHgC28eBI+8GXLTgC4GQs/LHQpTOPI6u2WSEjVImAdtTqMum4d7x55Tf+l8sY/G J222Izqt0cAvmPbkV+GLhtVzASfaE5Dmz5ORFf3r/sbG1TYndBnrjGUvFMr++D6r Bl19piDj08+k2GeJVJpnKNRDDycGnrxOZfbAKbezQSuFCU252RiIpT+FwJvkkkg2 epX1VJk0JQiE3MO7fOEO65smRxxQp/mWgNaCbZgbEeK1o/erKAPXCjTP3AMZ/kEW 2rrxQisv/BzaEBWrQSM3+1r7omzngOVfOJtlXmN94kIDJBCdM7A2Y5VRajgMR+tC uxfS4YeClB/dl217Yh4bcvZYYse+opkHH5c+nmC+Q+Lr1ZxMcgqWpY8fr/AtdJbB yMBTfPKX0BCb0NKZinPtxQ== =L6VV -----END PGP SIGNATURE----- Merge tag 'for-net-2023-09-20' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth bluetooth pull request for net: - Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER - Fix handling of listen for ISO unicast - Fix build warnings - Fix leaking content of local_codecs - Add shutdown function for QCA6174 - Delete unused hci_req_prepare_suspend() declaration - Fix hci_link_tx_to RCU lock usage - Avoid redundant authentication Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Clark Wang
|
6b09edc1b3 |
net: stmmac: platform: fix the incorrect parameter
The second parameter of stmmac_pltfr_init() needs the pointer of
"struct plat_stmmacenet_data". So, correct the parameter typo when calling the
function.
Otherwise, it may cause this alignment exception when doing suspend/resume.
[ 49.067201] CPU1 is up
[ 49.135258] Internal error: SP/PC alignment exception: 000000008a000000 [#1] PREEMPT SMP
[ 49.143346] Modules linked in: soc_imx9 crct10dif_ce polyval_ce nvmem_imx_ocotp_fsb_s400 polyval_generic layerscape_edac_mod snd_soc_fsl_asoc_card snd_soc_imx_audmux snd_soc_imx_card snd_soc_wm8962 el_enclave snd_soc_fsl_micfil rtc_pcf2127 rtc_pcf2131 flexcan can_dev snd_soc_fsl_xcvr snd_soc_fsl_sai imx8_media_dev(C) snd_soc_fsl_utils fuse
[ 49.173393] CPU: 0 PID: 565 Comm: sh Tainted: G C 6.5.0-rc4-next-20230804-05047-g5781a6249dae #677
[ 49.183721] Hardware name: NXP i.MX93 11X11 EVK board (DT)
[ 49.189190] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 49.196140] pc : 0x80800052
[ 49.198931] lr : stmmac_pltfr_resume+0x34/0x50
[ 49.203368] sp : ffff800082f8bab0
[ 49.206670] x29: ffff800082f8bab0 x28: ffff0000047d0ec0 x27: ffff80008186c170
[ 49.213794] x26: 0000000b5e4ff1ba x25: ffff800081e5fa74 x24: 0000000000000010
[ 49.220918] x23: ffff800081fe0000 x22: 0000000000000000 x21: 0000000000000000
[ 49.228042] x20: ffff0000001b4010 x19: ffff0000001b4010 x18: 0000000000000006
[ 49.235166] x17: ffff7ffffe007000 x16: ffff800080000000 x15: 0000000000000000
[ 49.242290] x14: 00000000000000fc x13: 0000000000000000 x12: 0000000000000000
[ 49.249414] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff800082f8b8c0
[ 49.256538] x8 : 0000000000000008 x7 : 0000000000000001 x6 : 000000005f54a200
[ 49.263662] x5 : 0000000001000000 x4 : ffff800081b93680 x3 : ffff800081519be0
[ 49.270786] x2 : 0000000080800052 x1 : 0000000000000000 x0 : ffff0000001b4000
[ 49.277911] Call trace:
[ 49.280346] 0x80800052
[ 49.282781] platform_pm_resume+0x2c/0x68
[ 49.286785] dpm_run_callback.constprop.0+0x74/0x134
[ 49.291742] device_resume+0x88/0x194
[ 49.295391] dpm_resume+0x10c/0x230
[ 49.298866] dpm_resume_end+0x18/0x30
[ 49.302515] suspend_devices_and_enter+0x2b8/0x624
[ 49.307299] pm_suspend+0x1fc/0x348
[ 49.310774] state_store+0x80/0x104
[ 49.314258] kobj_attr_store+0x18/0x2c
[ 49.318002] sysfs_kf_write+0x44/0x54
[ 49.321659] kernfs_fop_write_iter+0x120/0x1ec
[ 49.326088] vfs_write+0x1bc/0x300
[ 49.329485] ksys_write+0x70/0x104
[ 49.332874] __arm64_sys_write+0x1c/0x28
[ 49.336783] invoke_syscall+0x48/0x114
[ 49.340527] el0_svc_common.constprop.0+0xc4/0xe4
[ 49.345224] do_el0_svc+0x38/0x98
[ 49.348526] el0_svc+0x2c/0x84
[ 49.351568] el0t_64_sync_handler+0x100/0x12c
[ 49.355910] el0t_64_sync+0x190/0x194
[ 49.359567] Code: ???????? ???????? ???????? ???????? (????????)
[ 49.365644] ---[ end trace 0000000000000000 ]---
Fixes:
|
||
Uwe Kleine-König
|
f177cd0c15 |
modpost: Don't let "driver"s reference .exit.*
Drivers must not reference functions marked with __exit as these likely
are not available when the code is built-in.
There are few creative offenders uncovered for example in ARCH=amd64
allmodconfig builds. So only trigger the section mismatch warning for
W=1 builds.
The dual rule that drivers must not reference .init.* is implemented
since commit
|
||
|
Masahiro Yamada
|
15e86643d5 |
vmlinux.lds.h: remove unused CPU_KEEP and CPU_DISCARD macros
Remove the left-over of commit
|
||
Mauricio Faria de Oliveira
|
cbc3d00cf8 |
modpost: add missing else to the "of" check
Without this 'else' statement, an "usb" name goes into two handlers:
the first/previous 'if' statement _AND_ the for-loop over 'devtable',
but the latter is useless as it has no 'usb' device_id entry anyway.
Tested with allmodconfig before/after patch; no changes to *.mod.c:
git checkout v6.6-rc3
make -j$(nproc) allmodconfig
make -j$(nproc) olddefconfig
make -j$(nproc)
find . -name '*.mod.c' | cpio -pd /tmp/before
# apply patch
make -j$(nproc)
find . -name '*.mod.c' | cpio -pd /tmp/after
diff -r /tmp/before/ /tmp/after/
# no difference
Fixes:
|
||
Linus Torvalds
|
e402b08634 |
ARM: SoC fixes for 6.6
These are teh latest bug fixes that have come up in the soc tree.
Most of these are fairly minor. Most notably, the majority of
changes this time are not for dts files as usual.
- Updates to the addresses of the broadcom and aspeed entries in the
MAINTAINERS file.
- Defconfig updates to address a regression on samsung and a build
warning from an unknown Kconfig symbol
- Build fixes for the StrongARM and Uniphier platforms
- Code fixes for SCMI and FF-A firmware drivers, both of which had
a simple bug that resulted in invalid data, and a lesser fix for
the optee firmware driver
- Multiple fixes for the recently added loongson/loongarch "guts"
soc driver
- Devicetree fixes for RISC-V on the startfive platform, addressing
issues with NOR flash, usb and uart.
- Multiple fixes for NXP i.MX8/i.MX9 dts files, fixing problems
with clock, gpio, hdmi settings and the Makefile
- Bug fixes for i.MX firmware code and the OCOTP soc driver
- Multiple fixes for the TI sysc bus driver
- Minor dts updates for TI omap dts files, to address boot
time warnings and errors
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmUYkbMACgkQYKtH/8kJ
UieVvhAAxBNwvYsM7YCqmcD0xENAwMam3+zVEsDNac6yp4k1zrJxPItYeqx65qvj
de3/1toUcq5q/XN1MQYyIdHrL4QX/I3KG8+SJB/X9z0if882CUtC/1fd9d7Mj0hu
K7T7JZHDUj2rk+6Bh6sLRp6QmuS2KcKErYFlASXqqg49MddjbB8/QtYPZEAUOlmK
x4l9trnno42gvzjkNba/w1uiOA1WIwUp6d6VoM7oxIiFomHxBBZf1mzTgXaNDNvN
2vf+kumhQNvC3tKOUZNxps4N21N6kz0MAad/VcCKUyQ1bDTicdVwkTKUTrHs+hcu
EauWObm+fFfdSTflQ3R9+6ooDN70CCpDmS+ZdoFP/Nt+h9m/TcNYHp5mtr3gt9+O
cDkkGPKQyVBw0HjEG6yzEfYnPJ8w7v/+zpnie4Drc61i/kb8ETVNd9eOJTftvsFu
QcsANKdeZOc/64ZL27FD1ZZrvDWJsIDVG3dcX2+AgoZhjo0M3HGKv1LtWqJhvspU
lCzGNBsjcG/bQMupVxgomRhvg9hWWnXLTp949dOESecx4iUDEXl3nCo0+efXB2Tx
DNLnMEXC1F/B2GdYRUU61fmGVwIgItLJtyYFB8Miw+id+K0k8+uaklq2dHmLZOtq
FWbCB9oMks7q3lcEn1GJeIYFetuO+dmSEam/Hcg2hmW0Ke1ZZQI=
=HAuE
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"These are the latest bug fixes that have come up in the soc tree. Most
of these are fairly minor. Most notably, the majority of changes this
time are not for dts files as usual.
- Updates to the addresses of the broadcom and aspeed entries in the
MAINTAINERS file.
- Defconfig updates to address a regression on samsung and a build
warning from an unknown Kconfig symbol
- Build fixes for the StrongARM and Uniphier platforms
- Code fixes for SCMI and FF-A firmware drivers, both of which had a
simple bug that resulted in invalid data, and a lesser fix for the
optee firmware driver
- Multiple fixes for the recently added loongson/loongarch "guts" soc
driver
- Devicetree fixes for RISC-V on the startfive platform, addressing
issues with NOR flash, usb and uart.
- Multiple fixes for NXP i.MX8/i.MX9 dts files, fixing problems with
clock, gpio, hdmi settings and the Makefile
- Bug fixes for i.MX firmware code and the OCOTP soc driver
- Multiple fixes for the TI sysc bus driver
- Minor dts updates for TI omap dts files, to address boot time
warnings and errors"
* tag 'soc-fixes-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (35 commits)
MAINTAINERS: Fix Florian Fainelli's email address
arm64: defconfig: enable syscon-poweroff driver
ARM: locomo: fix locomolcd_power declaration
soc: loongson: loongson2_guts: Remove unneeded semicolon
soc: loongson: loongson2_guts: Convert to devm_platform_ioremap_resource()
soc: loongson: loongson_pm2: Populate children syscon nodes
dt-bindings: soc: loongson,ls2k-pmc: Allow syscon-reboot/syscon-poweroff as child
soc: loongson: loongson_pm2: Drop useless of_device_id compatible
dt-bindings: soc: loongson,ls2k-pmc: Use fallbacks for ls2k-pmc compatible
soc: loongson: loongson_pm2: Add dependency for INPUT
arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y
ARM: uniphier: fix cache kernel-doc warnings
MAINTAINERS: aspeed: Update Andrew's email address
MAINTAINERS: aspeed: Update git tree URL
firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND
arm64: dts: imx: Add imx8mm-prt8mm.dtb to build
arm64: dts: imx8mm-evk: Fix hdmi@3d node
soc: imx8m: Enable OCOTP clock for imx8mm before reading registers
arm64: dts: imx8mp-beacon-kit: Fix audio_pll2 clock
arm64: dts: imx8mp: Fix SDMA2/3 clocks
...
|
||
|
Linus Torvalds
|
3b347e4032 |
Tracing fixes for v6.6-rc3:
- Make sure 32 bit applications using user events have aligned access when running on a 64 bit kernel. - Add cond_resched in the loop that handles converting enums in print_fmt string is trace events. - Fix premature wake ups of polling processes in the tracing ring buffer. When a task polls waiting for a percentage of the ring buffer to be filled, the writer still will wake it up at every event. Add the polling's percentage to the "shortest_full" list to tell the writer when to wake it up. - For eventfs dir lookups on dynamic events, an event system's only event could be removed, leaving its dentry with no children. This is totally legitimate. But in eventfs_release() it must not access the children array, as it is only allocated when the dentry has children. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZRiI2xQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qlvoAQDKbevbqA0C8lEV1rbVh4Q9Rnq580rz EAyEO/RrSOwE9AEA2z+Q597mDjEiqQBvqTjBkS+0xZ7AUQYZRWgTHRIbegg= =tqOM -----END PGP SIGNATURE----- Merge tag 'trace-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing fixes from Steven Rostedt: - Make sure 32-bit applications using user events have aligned access when running on a 64-bit kernel. - Add cond_resched in the loop that handles converting enums in print_fmt string is trace events. - Fix premature wake ups of polling processes in the tracing ring buffer. When a task polls waiting for a percentage of the ring buffer to be filled, the writer still will wake it up at every event. Add the polling's percentage to the "shortest_full" list to tell the writer when to wake it up. - For eventfs dir lookups on dynamic events, an event system's only event could be removed, leaving its dentry with no children. This is totally legitimate. But in eventfs_release() it must not access the children array, as it is only allocated when the dentry has children. * tag 'trace-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: eventfs: Test for dentries array allocated in eventfs_release() tracing/user_events: Align set_bit() address for all archs tracing: relax trace_event_eval_update() execution with cond_resched() ring-buffer: Update "shortest_full" in polling |
||
Steven Rostedt (Google)
|
2598bd3ca8 |
eventfs: Test for dentries array allocated in eventfs_release()
The dcache_dir_open_wrapper() could be called when a dynamic event is
being deleted leaving a dentry with no children. In this case the
dlist->dentries array will never be allocated. This needs to be checked
for in eventfs_release(), otherwise it will trigger a NULL pointer
dereference.
Link: https://lore.kernel.org/linux-trace-kernel/20230930090106.1c3164e9@rorschach.local.home
Cc: Mark Rutland <mark.rutland@arm.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes:
|
||
Beau Belgrave
|
2de9ee9405 |
tracing/user_events: Align set_bit() address for all archs
All architectures should use a long aligned address passed to set_bit().
User processes can pass either a 32-bit or 64-bit sized value to be
updated when tracing is enabled when on a 64-bit kernel. Both cases are
ensured to be naturally aligned, however, that is not enough. The
address must be long aligned without affecting checks on the value
within the user process which require different adjustments for the bit
for little and big endian CPUs.
Add a compat flag to user_event_enabler that indicates when a 32-bit
value is being used on a 64-bit kernel. Long align addresses and correct
the bit to be used by set_bit() to account for this alignment. Ensure
compat flags are copied during forks and used during deletion clears.
Link: https://lore.kernel.org/linux-trace-kernel/20230925230829.341-2-beaub@linux.microsoft.com
Link: https://lore.kernel.org/linux-trace-kernel/20230914131102.179100-1-cleger@rivosinc.com/
Cc: stable@vger.kernel.org
Fixes:
|
||
Clément Léger
|
23cce5f254 |
tracing: relax trace_event_eval_update() execution with cond_resched()
When kernel is compiled without preemption, the eval_map_work_func() (which calls trace_event_eval_update()) will not be preempted up to its complete execution. This can actually cause a problem since if another CPU call stop_machine(), the call will have to wait for the eval_map_work_func() function to finish executing in the workqueue before being able to be scheduled. This problem was observe on a SMP system at boot time, when the CPU calling the initcalls executed clocksource_done_booting() which in the end calls stop_machine(). We observed a 1 second delay because one CPU was executing eval_map_work_func() and was not preempted by the stop_machine() task. Adding a call to cond_resched() in trace_event_eval_update() allows other tasks to be executed and thus continue working asynchronously like before without blocking any pending task at boot time. Link: https://lore.kernel.org/linux-trace-kernel/20230929191637.416931-1-cleger@rivosinc.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Clément Léger <cleger@rivosinc.com> Tested-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Atish Patra <atishp@rivosinc.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> |
||
|
Steven Rostedt (Google)
|
1e0cb399c7 |
ring-buffer: Update "shortest_full" in polling
It was discovered that the ring buffer polling was incorrectly stating that read would not block, but that's because polling did not take into account that reads will block if the "buffer-percent" was set. Instead, the ring buffer polling would say reads would not block if there was any data in the ring buffer. This was incorrect behavior from a user space point of view. This was fixed by commit |
||
|
Linus Torvalds
|
3b517966c5 |
dma-mapping fixes for Linux 6.6
- fix the narea calculation in swiotlb initialization (Ross Lagerwall) - fix the check whether a device has used swiotlb (Petr Tesarik) -----BEGIN PGP SIGNATURE----- iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAmUYWTULHGhjaEBsc3Qu ZGUACgkQD55TZVIEUYMilA/8DomLRCrDy792MoRvBCThWaY6auW4bCUoY7S6VZe7 LVECKAJRwFH7b+dk1mNjPhWTyq8/wB7kr/OLuU9HDcVIeiP9zxks4BMQ4RGc/ZuK rSZ5ZHPVVCC4EOI3ncjQXrODwgGkGUvtdriByCtX2r4NLBjO1T0vUQB4bLyBTZf+ GnTCLxCkSrIxaqniRvM0K34yO/0rq0ci5840MNneR7MKQkVqPUDY83sHwL1KcQPf s16lwclQdjZdOVpFMPxFin5NpvPIrjdrvhoaxdnz+8ZuwSACqRUZDQuNlZ3+Zep6 iaynNR04o0c2p0PTT5l3ZRD5vsyCjvc+/3kB3KlM33XbBArWi6XV+694QQn59JnZ 5MmHoIulwZGLsIlTG188QreZBlLrmxylUX311Kot5ood/HW8DsYbTo/krbiiUgEk MXKWq9k6cQOdhgriS4zxvUl+xkjby12jvSFxv9tN3HHvFsFB8+veVrTuLZzEDXpX a5PrmI/dcQmlVpCZllzVzeTgL2KeE1Jo0uRZ1vXhuoX8IBys4/TstIXOB4jnyVb4 kzrHbLIoVqLSN42eVMRKBrqGXGlZSWETBpkdSQ41St6t/3MurhKAWZ/1SFPXlI06 SnatIdOU7nSZRofK8/Xe1CnWia5NUpyUQpb+tLUHTgo4kZzGV330bf34iJ+BvC1h aks= =bhgc -----END PGP SIGNATURE----- Merge tag 'dma-mapping-6.6-2023-09-30' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping fixes from Christoph Hellwig: - fix the narea calculation in swiotlb initialization (Ross Lagerwall) - fix the check whether a device has used swiotlb (Petr Tesarik) * tag 'dma-mapping-6.6-2023-09-30' of git://git.infradead.org/users/hch/dma-mapping: swiotlb: fix the check whether a device has used software IO TLB swiotlb: use the calculated number of areas |
||
|
Linus Torvalds
|
25d48d570e |
Bug fixes for 6.6-rc4:
* Handle a race between writing and shrinking block devices by
returning EIO.
* Fix a typo in a comment.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQ2qTKExjcn+O1o2YRKO3ySh0YRpgUCZRWpqAAKCRBKO3ySh0YR
puinAP46EI8AvxQOid2ukGIEP09ZdhYNcJkWsigZ8k7Z/wcqagD/UVliaDPGC2kk
rlrPN6jmNyqDzAP6muBmqu2v44GVWwY=
=7nql
-----END PGP SIGNATURE-----
Merge tag 'iomap-6.6-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull iomap fixes from Darrick Wong:
- Handle a race between writing and shrinking block devices by
returning EIO
- Fix a typo in a comment
* tag 'iomap-6.6-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
iomap: Spelling s/preceeding/preceding/g
iomap: add a workaround for racy i_size updates on block devices
|
||
|
Linus Torvalds
|
cefc06e4de |
Usual buisness: a driver fix, a DT fix, a minor core fix
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmUX8OkACgkQFA3kzBSg KbYasA/+KhTMt8iMduKHTjjHgB8hv3AYw5QY9gYxIFMMjM6UpSHqM+LI9bwAQTfq dpTykOXNHlROVs9iZeU8g7oYDX6H3ku5yYBJPptYDdcG7U3WLFt7ndUUOReQVU8L aPQ8yyFMuyDF1s5ItIE3DF0rSVX6OngIOOLcSGPALEcbUSuyfbjf0yw1bL2pW7dF 2bX8RLKaeuvo1tt9g4AUzg+7gOQs9dxCE44Lpiqy1R2gJC/2WBxRdkYVdCYOR23s CZX7ds1TKUQJiFpyZsgTQt0Qc9K7253TpqxemQAjsfN982VPmIjVeX4OvjjJlgul AFISVN58WW4V28drw6kN9oCOwTal8Use8nBzVtVKqa7ebJ46UrUM6oJRHr3Z/xDP nBPnS48MGwyEym7QKy97ZV10u14OSj9J5sHn+125EHPo6TnW2SvQ/qfr51ejs619 4lorzyBBwSgFoGk+jaeG85E46GkedmJmBm6iDlz+ADQIamMIlRgolNltClZusB3x DMsCI9zpx96tkHL7cG8OVynD+392kKSsSkYhzQbBQjZ10dbNtmBY92jkq2Q3zd2m w99pWhjREn82e4MYyAVwAMiNpCwDM4kbYVXr608FWryrctp0RKNNSS3Hu7w9AcT4 6QcKhQulmSBvstfLXHqxu1Nuey25j91sNfVnTUulCgdmaBK7c00= =Fla+ -----END PGP SIGNATURE----- Merge tag 'i2c-for-6.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Usual business: a driver fix, a DT fix, a minor core fix" * tag 'i2c-for-6.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: npcm7xx: Fix callback completion ordering i2c: mux: Avoid potential false error message in i2c_mux_add_adapter dt-bindings: i2c: mxs: Pass ref and 'unevaluatedProperties: false' |
||
|
Linus Torvalds
|
830380e317 |
ACPI fix for 6.6-rc4
Fix a possible NULL pointer dereference in the error path of acpi_video_bus_add() resulting from recent changes (Dinghao Liu). -----BEGIN PGP SIGNATURE----- iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmUXBBwSHHJqd0Byand5 c29ja2kubmV0AAoJEILEb/54YlRxFxQP/3WiDVfRlcDpKJd/221dSdtttBziH8SX 1r5n0eHgf5czl59DzzkCF57C+Quw9konBXj3hVYsP+YkgcgvgknctIlFMtw1inSr 91ybwDDb6qeL2S99GxXkltx61o2DO/Xkv8AQ2HVhNKUtfCY6ihcaoS+Yfnm5ZYCX dEQ4BgWjfmYyfWXQKRA8NoSO+c1r8CtXGFpq7bA/og+z+YWS9MjZZb/3b03EhyIG vMuGbJzoxoWAUhmAVYwezv0r8iGCcdyv1z+nAwYq/XZnPZJPv5IKNjLz7Ou0hP4K MyorDD/wCDCZCV6hTTqy+ezS6xGnmNE6+xexe9fUv72+F2NTBRpj2sEeaWsxhC8Z l8vxWTJB0gZbuvDQIu/iNXA+edun+h2Inyg+AS2nYnPZWQqZLVrzcXNfeT6Q+uoM G3P+qsiJJxfDgbieoOsA1AoY0ITZzFlZzm5DuoXSHn8VAdGbtYiidpq6wCqo8Mhl sbFF4W01iE6EUosv2mzfA7DxHbq9zG4ydMeY/xb3hC22hDOdYXrnmormpIFjWVda VRhpRKBQvcH3isPA8WcaZNQIvArpLkc7cPbYWepQF7nsxLZqiA8ksacX2itFTF7j Hb5fHvvY+XUquEOqsm+73OBipiYYq79qlUVEs7QnShoUENBI8VpV4mojelQ+okwS pzDGDXt28H+R =+sV7 -----END PGP SIGNATURE----- Merge tag 'acpi-6.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "Fix a possible NULL pointer dereference in the error path of acpi_video_bus_add() resulting from recent changes (Dinghao Liu)" * tag 'acpi-6.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: video: Fix NULL pointer dereference in acpi_video_bus_add() |
||
|
Linus Torvalds
|
1c9d831221 |
powerpc fixes for 6.6 #3
- Fix arch_stack_walk_reliable(), used by live patching. - Fix powerpc selftests to work with run_kselftest.sh Thanks to: Joe Lawrence, Petr Mladek. -----BEGIN PGP SIGNATURE----- iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmUYGLITHG1wZUBlbGxl cm1hbi5pZC5hdQAKCRBR6+o8yOGlgMJ3D/9UqgUm8f0vIGYu2jhvTYoR+b2Dqwls PFQKqiN78gWi/8njduY1j1U4EB8fJuFS972mDV04+mvUBM1Qj/jcCDKyO0lpYb9C ns+UUYFXF5QNBNrnSUSaItPRpXPceHEcIsVMolhRMBZHvKO1sl8D+kmpmnUML3Do qf/u508Xz3oB/+hPPPF/rOew9UHTroosD5/BPmaYzvjLx+8NTtJGuQI5spqyBI80 nerphmJoE7TjA08QgbtKd15xyYd+wciADJVPRzCnOJ2SNka8D+marmFG53c1LGLc j/5gbmogy7PtKYpCDOg8XAjqs1VMggZVGECC6VRAF2+IykdQP+6eV9rGluUafbQr 51bRClOe4dUIBqr0RIbNZGA80+hb9tqVEe5J2jyO4/f9XLd49prY2OSxAIgteCt8 Ak3W8TcSKcmzx45yPyg0Xac66HmvFzvCkj8oZTLT4m+11oPjWoxNSy3040anxJ8Y htYhl5T/tsEU8ZC96y4RfP1T20HQZW4PmXsJKLW/MADy5sN7YCzpMf9G2uj4id5J fizB7tRm2CmIfHsw6e8KGJ6NrD2uJcOwLR6Y7zb7QJ0PzwgYQWfjTCMXo2D1zEak RzyaKcY/ySkFZMb1sb867nc+VFCAG1UNJiNiZKNifZ0RElx+6U2KgZTUwYYs2aj2 jdudr2tl5BwhGQ== =gh/A -----END PGP SIGNATURE----- Merge tag 'powerpc-6.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - Fix arch_stack_walk_reliable(), used by live patching - Fix powerpc selftests to work with run_kselftest.sh Thanks to Joe Lawrence and Petr Mladek. * tag 'powerpc-6.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: selftests/powerpc: Fix emit_tests to work with run_kselftest.sh powerpc/stacktrace: Fix arch_stack_walk_reliable() |
||
|
Linus Torvalds
|
ae21363998 |
nfsd-6.6 fixes:
- Fix NFSv4 READ corner case -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmUYSnEACgkQM2qzM29m f5dtSxAAk/n3CzeIJFALIcP+JmHW6Zh2KbpygcqhxFoO1FAyRBJgOIEhtdD/c65Q fzfCQDZUzdTSirklBS5m0lIMhqaYMe1LUC8OIq/hh309vQ6WnlLltIU3fsaZFva5 kAaDeI/oGq2YnbjQENWCGHvKC7RR1jOTWASI/+52oYg/fwRkt14so/wDl54mxhNP q6Gt0Xw/mXkslAkQNQ+7a5eAa4TtepzkjkNWL4hSqboHQ4QFT2tmXqDV3E+V9tzX F/tlEN3EJo3nDNcUYAh6ec/YXo0tBh4DsnJxA9bRYloU40EUGP19ewXLEQgXPw9M IgSNluxTmDTQGz6kSUkQpepevWDUN0+fDt1kVqACIRXuvuMcGuDUCbD4VMa8HNnc bCMg8R/SkrBnzTamHJpPhbV/F/C0Iwp80RpqDMAnt4splrQUCJeB+Wl1qJAnYUW5 TdJxSJKCvypMIcNCd1ZMSVbeByUgZ/qXKKsS2YNS4l8+DGdnEJQ2mnFKw3Nk5bEF byWoyW6RMXCIwaqQa8hNsO5kW4MTxURxLXcgqzN7+5L2ht7pAYpNjnOc0vIBPe5t 9z+/dSk8a9QXBwRTxPL4QOgludXPqvokGBtCIV1LD5xQA9OZuXivnBz2DWmCt+IR GOYfjs3gSlvVrv7+EGffYlOh9f7GN/wlUfUxERKcB6HPweGOtqs= =aD10 -----END PGP SIGNATURE----- Merge tag 'nfsd-6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux Pull nfsd fix from Chuck Lever: - Fix NFSv4 READ corner case * tag 'nfsd-6.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: NFSD: Fix zero NFSv4 READ results when RQ_SPLICE_OK is not set |
||
Hou Tao
|
9077fc228f |
bpf: Use kmalloc_size_roundup() to adjust size_index
Commit |
||
|
Linus Torvalds
|
ba77f7a63f |
smb3 client fix for password freeing potential oops
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmUXmlQACgkQiiy9cAdy T1Gh8Av8DprSP5ARIljIzuzPL60R/TF8WvWTuQZ93+KzGkM0eMXSvZ6VH0T3WXGs amfgwZFw1TOiQ6j3OqxX7ppd2PeooY65mX2tKVEQ27POQXB3VyUy2gBSPCTsDckD uOFX55GoPzkxxRgTWO7UHAbBzrZDJ8geH12Z0z9EXgJJjnJhkQi7dPkA+OusE3y0 wo4AjKOk+7HOFiuvG3p1XZKYHeB36PD+xATqRBxJAaUGkgV76stFEK/7lNWzxg/t NdiHQG5ILZP6L2RZrCVX88Et3HggGV5AF3GpDb8ZNfD7xQcu8lgVzHlw2E6CA5DS WFR6zrBiBsz9mPrS9cWY83C+aL8MHeumalBjLKQ5krL+IpC46H7a12yAWt5Yk6Q7 zdRQ9TtE8CMozqEJiaCFgL1Hz1CuTCvK974q+p5RG8OejRLzgmzFKYp8k7+L0qrc tZXQ16McYkBRcRIgaOk0i8GpJ44qNdhu/KTI5iKNqH0ScfHn56CIBiwSmZHiX75t zcCdF0bz =KBcN -----END PGP SIGNATURE----- Merge tag '6.6-rc3-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fix from Steve French: "Fix for password freeing potential oops (also for stable)" * tag '6.6-rc3-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6: fs/smb/client: Reset password pointer to NULL |
||
Arthur Grillo
|
885291ab68
|
drm/tests: Fix kunit_release_action ctx argument
The kunit_action_platform_driver_unregister is added with
&fake_platform_driver as ctx, but the kunit_release_action is called
pdev as ctx. Fix that by replacing it with &fake_platform_driver.
Fixes:
|
||
Baoquan He
|
e2a8f20dd8 |
Crash: add lock to serialize crash hotplug handling
Eric reported that handling corresponding crash hotplug event can be
failed easily when many memory hotplug event are notified in a short
period. They failed because failing to take __kexec_lock.
=======
[ 78.714569] Fallback order for Node 0: 0
[ 78.714575] Built 1 zonelists, mobility grouping on. Total pages: 1817886
[ 78.717133] Policy zone: Normal
[ 78.724423] crash hp: kexec_trylock() failed, elfcorehdr may be inaccurate
[ 78.727207] crash hp: kexec_trylock() failed, elfcorehdr may be inaccurate
[ 80.056643] PEFILE: Unsigned PE binary
=======
The memory hotplug events are notified very quickly and very many, while
the handling of crash hotplug is much slower relatively. So the atomic
variable __kexec_lock and kexec_trylock() can't guarantee the
serialization of crash hotplug handling.
Here, add a new mutex lock __crash_hotplug_lock to serialize crash hotplug
handling specifically. This doesn't impact the usage of __kexec_lock.
Link: https://lkml.kernel.org/r/20230926120905.392903-1-bhe@redhat.com
Fixes:
|
||
Juntong Deng
|
bbe246f875 |
selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error
According to the awk manual, the -e option does not need to be specified in front of 'program' (unless you need to mix program-file). The redundant -e option can cause error when users use awk tools other than gawk (for example, mawk does not support the -e option). Error Example: awk: not an option: -e Link: https://lkml.kernel.org/r/VI1P193MB075228810591AF2FDD7D42C599C3A@VI1P193MB0752.EURP193.PROD.OUTLOOK.COM Signed-off-by: Juntong Deng <juntong.deng@outlook.com> Cc: Shuah Khan <shuah@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
||
Yang Shi
|
24526268f4 |
mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified
When calling mbind() with MPOL_MF_{MOVE|MOVEALL} | MPOL_MF_STRICT, kernel
should attempt to migrate all existing pages, and return -EIO if there is
misplaced or unmovable page. Then commit
|
||
Jinjie Ruan
|
45120b1574 |
mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. Since commit |
||
Michal Hocko
|
4597648fdd |
mm, memcg: reconsider kmem.limit_in_bytes deprecation
This reverts commits |
||
Domenico Cerasuolo
|
ca56489c2f |
mm: zswap: fix potential memory corruption on duplicate store
While stress-testing zswap a memory corruption was happening when writing
back pages. __frontswap_store used to check for duplicate entries before
attempting to store a page in zswap, this was because if the store fails
the old entry isn't removed from the tree. This change removes duplicate
entries in zswap_store before the actual attempt.
[cerasuolodomenico@gmail.com: add a warning and a comment, per Johannes]
Link: https://lkml.kernel.org/r/20230925130002.1929369-1-cerasuolodomenico@gmail.com
Link: https://lkml.kernel.org/r/20230922172211.1704917-1-cerasuolodomenico@gmail.com
Fixes:
|
||
Ryan Roberts
|
6f1bace9a9 |
arm64: hugetlb: fix set_huge_pte_at() to work with all swap entries
When called with a swap entry that does not embed a PFN (e.g. PTE_MARKER_POISONED or PTE_MARKER_UFFD_WP), the previous implementation of set_huge_pte_at() would either cause a BUG() to fire (if CONFIG_DEBUG_VM is enabled) or cause a dereference of an invalid address and subsequent panic. arm64's huge pte implementation supports multiple huge page sizes, some of which are implemented in the page table with multiple contiguous entries. So set_huge_pte_at() needs to work out how big the logical pte is, so that it can also work out how many physical ptes (or pmds) need to be written. It previously did this by grabbing the folio out of the pte and querying its size. However, there are cases when the pte being set is actually a swap entry. But this also used to work fine, because for huge ptes, we only ever saw migration entries and hwpoison entries. And both of these types of swap entries have a PFN embedded, so the code would grab that and everything still worked out. But over time, more calls to set_huge_pte_at() have been added that set swap entry types that do not embed a PFN. And this causes the code to go bang. The triggering case is for the uffd poison test, commit |
||
|
Ryan Roberts
|
935d4f0c6d |
mm: hugetlb: add huge page size param to set_huge_pte_at()
Patch series "Fix set_huge_pte_at() panic on arm64", v2. This series fixes a bug in arm64's implementation of set_huge_pte_at(), which can result in an unprivileged user causing a kernel panic. The problem was triggered when running the new uffd poison mm selftest for HUGETLB memory. This test (and the uffd poison feature) was merged for v6.5-rc7. Ideally, I'd like to get this fix in for v6.6 and I've cc'ed stable (correctly this time) to get it backported to v6.5, where the issue first showed up. Description of Bug ================== arm64's huge pte implementation supports multiple huge page sizes, some of which are implemented in the page table with multiple contiguous entries. So set_huge_pte_at() needs to work out how big the logical pte is, so that it can also work out how many physical ptes (or pmds) need to be written. It previously did this by grabbing the folio out of the pte and querying its size. However, there are cases when the pte being set is actually a swap entry. But this also used to work fine, because for huge ptes, we only ever saw migration entries and hwpoison entries. And both of these types of swap entries have a PFN embedded, so the code would grab that and everything still worked out. But over time, more calls to set_huge_pte_at() have been added that set swap entry types that do not embed a PFN. And this causes the code to go bang. The triggering case is for the uffd poison test, commit |
||
Liam R. Howlett
|
a8091f039c |
maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states
When updating the maple tree iterator to avoid rewalks, an issue was
introduced when shifting beyond the limits. This can be seen by trying to
go to the previous address of 0, which would set the maple node to
MAS_NONE and keep the range as the last entry.
Subsequent calls to mas_find() would then search upwards from mas->last
and skip the value at mas->index/mas->last. This showed up as a bug in
mprotect which skips the actual VMA at the current range after attempting
to go to the previous VMA from 0.
Since MAS_NONE may already be set when searching for a value that isn't
contained within a node, changing the handling of MAS_NONE in mas_find()
would make the code more complicated and error prone. Furthermore, there
was no way to tell which limit was hit, and thus which action to take
(next or the entry at the current range).
This solution is to add two states to track what happened with the
previous iterator action. This allows for the expected behaviour of the
next command to return the correct item (either the item at the range
requested, or the next/previous).
Tests are also added and updated accordingly.
Link: https://lkml.kernel.org/r/20230921181236.509072-3-Liam.Howlett@oracle.com
Link: https://gist.github.com/heatd/85d2971fae1501b55b6ea401fbbe485b
Link: https://lore.kernel.org/linux-mm/20230921181236.509072-1-Liam.Howlett@oracle.com/
Fixes:
|
||
|
Liam R. Howlett
|
5c590804b6 |
maple_tree: add mas_is_active() to detect in-tree walks
Patch series "maple_tree: Fix mas_prev() state regression". Pedro Falcato retported an mprotect regression [1] which was bisected back to the iterator changes for maple tree. Root cause analysis showed the mas_prev() running off the end of the VMA space (previous from 0) followed by mas_find(), would skip the first value. This patchset introduces maple state underflow/overflow so the sequence of calls on the maple state will return what the user expects. Users who encounter this bug may see mprotect(), userfaultfd_register(), and mlock() fail on VMAs mapped with address 0. This patch (of 2): Instead of constantly checking each possibility of the maple state, create a fast path that will skip over checking unlikely states. Link: https://lkml.kernel.org/r/20230921181236.509072-1-Liam.Howlett@oracle.com Link: https://lkml.kernel.org/r/20230921181236.509072-2-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Pedro Falcato <pedro.falcato@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
||
Pan Bian
|
7ee29facd8 |
nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the
reference count of bh when the call to nilfs_dat_translate() fails. If
the reference count hits 0 and its owner page gets unlocked, bh may be
freed. However, bh->b_page is dereferenced to put the page after that,
which may result in a use-after-free bug. This patch moves the release
operation after unlocking and putting the page.
NOTE: The function in question is only called in GC, and in combination
with current userland tools, address translation using DAT does not occur
in that function, so the code path that causes this issue will not be
executed. However, it is possible to run that code path by intentionally
modifying the userland GC library or by calling the GC ioctl directly.
[konishi.ryusuke@gmail.com: NOTE added to the commit log]
Link: https://lkml.kernel.org/r/1543201709-53191-1-git-send-email-bianpan2016@163.com
Link: https://lkml.kernel.org/r/20230921141731.10073-1-konishi.ryusuke@gmail.com
Fixes:
|
||
Matthew Wilcox (Oracle)
|
ce60f27bb6 |
mm: abstract moving to the next PFN
In order to fix the L1TF vulnerability, x86 can invert the PTE bits for
PROT_NONE VMAs, which means we cannot move from one PTE to the next by
adding 1 to the PFN field of the PTE. This results in the BUG reported at
[1].
Abstract advancing the PTE to the next PFN through a pte_next_pfn()
function/macro.
Link: https://lkml.kernel.org/r/20230920040958.866520-1-willy@infradead.org
Fixes:
|
||
|
Matthew Wilcox (Oracle)
|
a501a07030 |
mm: report success more often from filemap_map_folio_range()
Even though we had successfully mapped the relevant page, we would rarely
return success from filemap_map_folio_range(). That leads to falling back
from the VMA lock path to the mmap_lock path, which is a speed &
scalability issue. Found by inspection.
Link: https://lkml.kernel.org/r/20230920035336.854212-1-willy@infradead.org
Fixes:
|
||
Greg Ungerer
|
7c31515857 |
fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
The elf-fdpic loader hard sets the process personality to either
PER_LINUX_FDPIC for true elf-fdpic binaries or to PER_LINUX for normal ELF
binaries (in this case they would be constant displacement compiled with
-pie for example). The problem with that is that it will lose any other
bits that may be in the ELF header personality (such as the "bug
emulation" bits).
On the ARM architecture the ADDR_LIMIT_32BIT flag is used to signify a
normal 32bit binary - as opposed to a legacy 26bit address binary. This
matters since start_thread() will set the ARM CPSR register as required
based on this flag. If the elf-fdpic loader loses this bit the process
will be mis-configured and crash out pretty quickly.
Modify elf-fdpic loader personality setting so that it preserves the upper
three bytes by using the SET_PERSONALITY macro to set it. This macro in
the generic case sets PER_LINUX and preserves the upper bytes.
Architectures can override this for their specific use case, and ARM does
exactly this.
The problem shows up quite easily running under qemu using the ARM
architecture, but not necessarily on all types of real ARM hardware. If
the underlying ARM processor does not support the legacy 26-bit addressing
mode then everything will work as expected.
Link: https://lkml.kernel.org/r/20230907011808.2985083-1-gerg@kernel.org
Fixes:
|
||
|
Linus Torvalds
|
9f3ebbef74 |
Two SMB3 server fixes
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmUXOMIACgkQiiy9cAdy
T1G+XQv9Fj1kWJRPHih1wTRFHAgysHRtFw04KvW9SLmpGkPLBslJm3Fg1yPiXytc
nfqZNCPS/tuWIdqc9YRJqEWKfCO6X/+0IESnN6Wl4jIqMSviL/Hg3DzXZr5YCsAy
1vJ+DYmQkmWNgZ8grnFjKCSezTrAb+b+VLZqsx7dzT8NhTRxdKoTBDS31jTGMswV
OIQ1b/aLv9hgUS08wqzSKveMq8DkX66UbkSakM+tVImu32eh7u1HG89P7y3e/dr3
lGwd/Pq+IIiyAgZ0uoPdI9hQ2+Md6JfhVFMiMTLUfwh1LCDgrYnYrOkuZWYvDr9z
t2Y0+IwEkljk7HcFaL0NKPJW2beG4eNh/t2t6ff6vK8MhzlXp3KM5yVBlXNYc7hA
JfsMxVIFhUobeRKbQY9S6BstHyo19pdfeHDm/+RicIhRfOo++7kWYzwqKsD0pvLC
wcr3CBLqqsPXamRwUBbxnMASjYVmoz4nSXusXLDxmSWK39NCjEIz3YeFZfcAdoou
jnvMikMA
=jim3
-----END PGP SIGNATURE-----
Merge tag '6.6-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd
Pull smb server fixes from Steve French:
"Two SMB3 server fixes for null pointer dereferences:
- invalid SMB3 request case (fixes issue found in testing the read
compound patch)
- iovec error case in response processing"
* tag '6.6-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
ksmbd: check iov vector index in ksmbd_conn_write()
ksmbd: return invalid parameter error response if smb2 request is invalid
|
||
|
Linus Torvalds
|
14c06b913d |
A series that fixes an involved "double watch error" deadlock in RBD
marked for stable and two cleanups. -----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmUW5QwTHGlkcnlvbW92 QGdtYWlsLmNvbQAKCRBKf944AhHziw7+B/99D/BRIJUaCz8hm2xMZC3Yu6Cvi2de YlgHZBuHm5lmihzITEdoHTmWlIpgGchqjTaikCvVooKEe1w4sNr7nYFiXUFVw9sf W/I06dtlJlj2f4oyK91i4sIzpQKbXZznFDpTHThjRJt+uyUp3RYVbrCDMmGAnJv3 foppstycm5fe2Y2e/RgNyYOHY+EAjvS5UrpvT3lAX+iw5KXR1pyMBrFo8iICLPlZ TIPP4mwlVwb/WB1rGnxaK65RJxGuXLwuMWdLF9kq1ZeCld6owPH3x2RDax2+vMvA bZxI6gQymU2SquKiNseYF3kQ+2KdC5mfjmkoncOH79Je4JPHf7xa4LYZ =7/Ez -----END PGP SIGNATURE----- Merge tag 'ceph-for-6.6-rc4' of https://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "A series that fixes an involved 'double watch error' deadlock in RBD marked for stable and two cleanups" * tag 'ceph-for-6.6-rc4' of https://github.com/ceph/ceph-client: rbd: take header_rwsem in rbd_dev_refresh() only when updating rbd: decouple parent info read-in from updating rbd_dev rbd: decouple header read-in from updating rbd_dev->header rbd: move rbd_dev_refresh() definition Revert "ceph: make members in struct ceph_mds_request_args_ext a union" ceph: remove unnecessary check for NULL in parse_longname() |
||
|
Linus Torvalds
|
10c0b6ba25 |
Bug fixes for 6.6-rc4:
* Include modifications made to commit "xfs: load uncached unlinked inodes into memory on demand" (Commit ID: |
||
Daniel Borkmann
|
d1a783daa4 |
selftest/bpf: Add various selftests for program limits
Add various tests to check maximum number of supported programs being attached: # ./vmtest.sh -- ./test_progs -t tc_opts [...] ./test_progs -t tc_opts [ 1.185325] bpf_testmod: loading out-of-tree module taints kernel. [ 1.186826] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel [ 1.270123] tsc: Refined TSC clocksource calibration: 3407.988 MHz [ 1.272428] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fc932722, max_idle_ns: 440795381586 ns [ 1.276408] clocksource: Switched to clocksource tsc #252 tc_opts_after:OK #253 tc_opts_append:OK #254 tc_opts_basic:OK #255 tc_opts_before:OK #256 tc_opts_chain_classic:OK #257 tc_opts_chain_mixed:OK #258 tc_opts_delete_empty:OK #259 tc_opts_demixed:OK #260 tc_opts_detach:OK #261 tc_opts_detach_after:OK #262 tc_opts_detach_before:OK #263 tc_opts_dev_cleanup:OK #264 tc_opts_invalid:OK #265 tc_opts_max:OK <--- (new test) #266 tc_opts_mixed:OK #267 tc_opts_prepend:OK #268 tc_opts_replace:OK #269 tc_opts_revision:OK Summary: 18/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20230929204121.20305-2-daniel@iogearbox.net |
||
|
Daniel Borkmann
|
f9b0e1088b |
bpf, mprog: Fix maximum program check on mprog attachment
After Paul's recent improvement to syzkaller to improve coverage for
bpf_mprog and tcx, it hit a splat that the program limit was surpassed.
What happened is that the maximum number of progs got added, followed
by another prog add request which adds with BPF_F_BEFORE flag relative
to the last program in the array. The idx >= bpf_mprog_max() check in
bpf_mprog_attach() still passes because the index is below the maximum
but the maximum will be surpassed. We need to add a check upfront for
insertions to catch this situation.
Fixes:
|
||
Mika Westerberg
|
c82458101d |
PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
Mark Blakeney reported that when suspending system with a Thunderbolt
dock connected and then unplugging the dock before resume (which is
pretty normal flow with laptops), resuming takes long time.
What happens is that the PCIe link from the root port to the PCIe switch
inside the Thunderbolt device does not train (as expected, the link is
unplugged):
pcieport 0000:00:07.2: restoring config space at offset 0x24 (was 0x3bf12001, writing 0x3bf12001)
pcieport 0000:00:07.0: waiting 100 ms for downstream link
pcieport 0000:01:00.0: not ready 1023ms after resume; giving up
However, at this point we still try to resume the devices below that
unplugged link:
pcieport 0000:01:00.0: Unable to change power state from D3cold to D0, device inaccessible
...
pcieport 0000:01:00.0: restoring config space at offset 0x38 (was 0xffffffff, writing 0x0)
...
pcieport 0000:02:02.0: waiting 100 ms for downstream link, after activation
And this is the link from PCIe switch downstream port to the xHCI on the
dock:
xhci_hcd 0000:03:00.0: not ready 65535ms after resume; giving up
xhci_hcd 0000:03:00.0: Unable to change power state from D3cold to D0, device inaccessible
xhci_hcd 0000:03:00.0: restoring config space at offset 0x3c (was 0xffffffff, writing 0x1ff)
This ends up slowing down the resume time considerably. For this reason
mark these devices as disconnected if the link above them did not train
properly.
Fixes:
|
||
Lizhi Hou
|
f699774047 |
PCI: of: Destroy changeset when adding PCI device node fails
Previously of_pci_make_dev_node() leaked a cset if it failed to create a
device node for the PCI device with of_changeset_create_node().
Destroy the cset if of_changeset_create_node() fails.
Fixes:
|
||
|
Lizhi Hou
|
33efa29e82 |
PCI: of_property: Handle interrupt parsing failures
of_pci_prop_intr_map() uses uninitialized addr_sz[] values if
of_irq_parse_raw() fails, which leads to intermittent crashes.
Clear addr_sz[] before use so we never use uninitialized elements.
If no valid IRQs are parsed, don't bother adding the interrupt-map
property.
Fixes:
|
||
|
Uwe Kleine-König
|
b0b88a585c |
MAINTAINERS: Fix Florian Fainelli's email address
Commit |
||
Sricharan Ramabadhran
|
6a878a54d0 |
PCI: qcom: Fix IPQ8074 enumeration
PARF_SLV_ADDR_SPACE_SIZE_2_3_3 is used by qcom_pcie_post_init_2_3_3(). This PCIe slave address space size register offset is 0x358 but was incorrectly changed to 0x16c by |
||
|
Linus Torvalds
|
95289e49f0 |
ATA fixes for 6.6-rc4
A larger than usual set of fixes for 6.6-rc4 due to the unexpected
number of fixes needed to address ATA disks suspend/resume issues.
In more details:
- Add missing additionalProperties on child nodes to the pata-common DT
bindings (Rob).
- Fix handling of the REPORT SUPPORTED OPERATION CODES command to
ignore reserved bits (Niklas).
- Increase port multiplier soft reset timeout to accomodate slow
devices and avoid issues on wakeup (Matthias).
- A couple of minor code fixes to avoid compilation warnings in
libata-core and libata-eh (me).
- Many patches from me to address suspend/resume issues, and in
particular a potential deadlock on resume due to the SCSI disk driver
resume operation not being synchronized with libata EH port resume
handling. This is addressed by changing the scsi disk driver disk
start/stop control to allow libata to execute disk suspend (spin
down) and resume (spin up) on its own during system suspend/resume.
Runtime suspend/resume control remains with the SCSI disk driver.
Other fixes include:
- Fix libata power management request issuing to avoid races.
- Establish a link between ATA ports and SCSI devices to order PM
operations.
- Fix device removal to avoid issues with driver rmmod removal.
- Fix synchronization of libata device rescan and SCSI disk resume
operation.
- Remove libsas PM operations as suspend/resume is handled directly
by the sas controller resume.
- Fix the SCSI disk driver to not issue commands to suspended disks,
thus avoiding potential system lock-up on resume.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCZRbR0gAKCRDdoc3SxdoY
dkArAP9PFTRgsXEwfE7arBXCwQqXj/W0R2KgKug7Fno+SoQLnAD/ZKe2TR50uwxr
9mwYROdMgi50T9ax1RX1jWA0npGXmQg=
=cFzG
-----END PGP SIGNATURE-----
Merge tag 'ata-6.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ATA fixes from Damien Le Moal:
"A larger than usual set of fixes for 6.6-rc4 due to the unexpected
number of fixes needed to address ATA disks suspend/resume issues.
In more detail:
- Add missing additionalProperties on child nodes to the pata-common
DT bindings (Rob)
- Fix handling of the REPORT SUPPORTED OPERATION CODES command to
ignore reserved bits (Niklas)
- Increase port multiplier soft reset timeout to accomodate slow
devices and avoid issues on wakeup (Matthias)
- A couple of minor code fixes to avoid compilation warnings in
libata-core and libata-eh (me)
- Many patches from me to address suspend/resume issues, and in
particular a potential deadlock on resume due to the SCSI disk
driver resume operation not being synchronized with libata EH port
resume handling.
This is addressed by changing the scsi disk driver disk start/stop
control to allow libata to execute disk suspend (spin down) and
resume (spin up) on its own during system suspend/resume. Runtime
suspend/resume control remains with the SCSI disk driver.
Other fixes include:
- Fix libata power management request issuing to avoid races
- Establish a link between ATA ports and SCSI devices to order PM
operations
- Fix device removal to avoid issues with driver rmmod removal
- Fix synchronization of libata device rescan and SCSI disk resume
operation
- Remove libsas PM operations as suspend/resume is handled
directly by the sas controller resume
- Fix the SCSI disk driver to not issue commands to suspended
disks, thus avoiding potential system lock-up on resume"
* tag 'ata-6.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
ata: libata-eh: Fix compilation warning in ata_eh_link_report()
ata: libata-core: Fix compilation warning in ata_dev_config_ncq()
scsi: sd: Do not issue commands to suspended disks on shutdown
ata: libata-core: Do not register PM operations for SAS ports
ata: libata-scsi: Fix delayed scsi_rescan_device() execution
scsi: Do not attempt to rescan suspended devices
ata: libata-scsi: Disable scsi device manage_system_start_stop
scsi: sd: Differentiate system and runtime start/stop management
ata: libata-scsi: link ata port and scsi device
ata: libata-core: Fix port and device removal
ata: libata-core: Fix ata_port_request_pm() locking
ata: libata-sata: increase PMP SRST timeout to 10s
ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
dt-bindings: ata: pata-common: Add missing additionalProperties on child nodes
|
||
|
Linus Torvalds
|
eafdc50713 |
block-6.6-2023-09-28
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmUWZsIQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgprWHEACArb3g5WR/KhSspTETNfEM4TB96kwhx8co srFatZYbOh/DxA4eVOJH1EJK4G34roCtugg5yRhFVQicMAkhcUqPRIAkmO5YGxDW tcjbppzmg8b8n3dL6hevgw+EJbg6l9fjmi5GU2yjmWIeZ4H11zieMCcfStidh9iD efdtFAfTBf6kvo5E4f0VFzJ11a8gI4gz7HGGD2dRPaGgZtWo2K6xJxKoc0x5b8zz 9Y2oN1+iAEoQCgoXfximDVgLo45laLVYaD1yyRc6bnkZVJEhN1iiOCob3cNyGUz+ 30daI5VUzcZBI8HWNBBeR/YmxW2pohPWz/UCwLlE3CoA+n4FRZkY2FzOaApgmKuw 2iGDRaGj5Nuq2ODf6jtjxwMqbp3noyJv768Cg78KDE3VSWCYtftsXqB+XURM1zCK +HeYa4MN+2fzC4B7X37vlnA5mviztl1tAzWN2vuia2CStBr+R2QTW/YwOA06bG7m rTQZQIw2+OHfdHkbpF2t6+7CbmLviNbrlm2qNUa2WyCbkNdJGghXOnlBTi+CPHUo uaj1BSP3mAYBPnj0uImyLIUxlpYH9r8/V9ZrY3ZYV+wT6vl7UxyHQhRBN5Au9rMG qJpxScceIKeQjr+gYeqlX3mgQJHKdlt5xdXcCT0PKt9sCjzd/ZSIEoMULzflFK6A t6oyb1NWgw== =tdkz -----END PGP SIGNATURE----- Merge tag 'block-6.6-2023-09-28' of git://git.kernel.dk/linux Pull block fixes from Jens Axboe: "Just two minor comment / documentation fixes for the block side" * tag 'block-6.6-2023-09-28' of git://git.kernel.dk/linux: block: fix kernel-doc for disk_force_media_change() block: correct stale comment in rq_qos_wait |
||
|
Linus Torvalds
|
a98b95959b |
io_uring-6.6-2023-09-28
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmUWk/gQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpiq5D/0ZVXb6LjbpX3FTmKdWk/Z8C6XGUxGN2XA3 5QEjhGIfM8Cu35ZHPW2av6ffZk/9Nmpdu00Y+s22mirJ5qUX57AsAyk3E6eweDha yiWgo9lEC+EX7f6xDbnFgqxXD2y/pJBJ/ZjUifn/MklAR1j2mthaU7fKpXAb+unB yecbfk8zUNd6OUpXvAqWhclmaserR94j2MBNGheTTEEkjApOY6RcdjCcDPJOjyYq TDe5BpqsqryCWBSE7605wVnscxpCUBbnYxctXQej8WaBZVSGoJWTFdYeH4DMZdO5 EHnM9sMw5zRv/2mAh/jukI41SZHI/YqJ0WBLrzbt0e3KNOiWx4QmWwmm/SGVyqy8 0mB5zqWZRVtD2Cv9V9lxb7HKxOBs8vEPtAHz2JGvbjBQgHDDc3nVEToHysKrWOhO wfIXmk+/ZTNkuNL1dKSFL47f1BuwmdWXimq6l1ux1v9Lhe4TnPuIwrtUcKWIhuLf ZawJWQwL6NQBa7cGNQOm4Y6LrIHpFQtx9CnmcRNr1CQ+IercRllf5xAqNu4y44aj M5p/EjdNgAiaW9dufusmWiySLE5eeGlVu0IXUa0M6nqaGV2KvBqbx21CUg2QOYXJ LKrISnxCiEEGxDQaS/qTMCn2seyF9cAExENfpaNYzejO9CzoFQ3KpY0+lmr5zcMN NQS+itqbNw== =fAm6 -----END PGP SIGNATURE----- Merge tag 'io_uring-6.6-2023-09-28' of git://git.kernel.dk/linux Pull io_uring fix from Jens Axboe: "A single fix going to stable for the IORING_OP_LINKAT flag handling" * tag 'io_uring-6.6-2023-09-28' of git://git.kernel.dk/linux: io_uring/fs: remove sqe->rw_flags checking from LINKAT |