We can see that "Short form of movsx, dst_reg = (s8,s16,s32)src_reg" in
include/linux/filter.h, additionally, for BPF_ALU64 the value of the
destination register is unchanged whereas for BPF_ALU the upper 32 bits
of the destination register are zeroed, so it should clear the upper 32
bits for BPF_ALU.
[root@linux fedora]# echo 1 > /proc/sys/net/core/bpf_jit_enable
[root@linux fedora]# modprobe test_bpf
Before:
test_bpf: #81 ALU_MOVSX | BPF_B jited:1 ret 2 != 1 (0x2 != 0x1)FAIL (1 times)
test_bpf: #82 ALU_MOVSX | BPF_H jited:1 ret 2 != 1 (0x2 != 0x1)FAIL (1 times)
After:
test_bpf: #81 ALU_MOVSX | BPF_B jited:1 6 PASS
test_bpf: #82 ALU_MOVSX | BPF_H jited:1 6 PASS
By the way, the bpf selftest case "./test_progs -t verifier_movsx" can
also be fixed with this patch.
Fixes: f48012f161 ("LoongArch: BPF: Support sign-extension mov instructions")
Acked-by: Hengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Currently, we store syscall nr in pt_regs::regs[11] and syscall execve()
accidentally overrides it during its execution:
sys_execve()
-> do_execve()
-> do_execveat_common()
-> bprm_execve()
-> exec_binprm()
-> search_binary_handler()
-> load_elf_binary()
-> ELF_PLAT_INIT()
ELF_PLAT_INIT() reset regs[11] to 0, so in syscall_exit_to_user_mode()
we later get a wrong syscall nr. This breaks tools like execsnoop since
it relies on execve() tracepoints.
Skip pt_regs::regs[11] reset in ELF_PLAT_INIT() to fix the issue.
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
During unwinding, unwind_done() is used as an end condition. Normally it
unwind to the user stack and then set the stack type to unknown, which
is a normal exit. When something unexpected happens in unwind process
and we cannot unwind anymore, we should set the error flag, and also set
the stack type to unknown to indicate that the unwind process can not
continue. The error flag emphasizes that the unwind process produce an
unexpected error. There is no unexpected things when we unwind the PT_REGS
in the top of IRQ stack and find out that is an user mode PT_REGS. Thus,
we should not set error flag and just set stack type to unknown.
Reported-by: Hengqi Chen <hengqi.chen@gmail.com>
Acked-by: Hengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: Jinyang He <hejinyang@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
As we are just discarding the stable clock ID, simply write it into
$zero instead of allocating a temporary register.
Signed-off-by: Xi Ruoyao <xry111@xry111.site>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
For the following assembly code:
.text
.global func
func:
nop
.data
var:
.dword func
When linked with `-pie`, GNU LD populates the `var` variable with the
pre-relocated value of `func`. However, LLVM LLD does not exhibit the
same behavior. This issue also arises with the `kernel_entry` in arch/
loongarch/kernel/head.S:
_head:
.word MZ_MAGIC /* "MZ", MS-DOS header */
.org 0x8
.dword kernel_entry /* Kernel entry point */
The correct kernel entry from the MS-DOS header is crucial for jumping
to vmlinux from zboot. This necessity is why the compressed relocatable
kernel compiled by Clang encounters difficulties in booting.
To address this problem, it is proposed to apply dynamic relocations to
place with `--apply-dynamic-relocs`.
Link: https://github.com/ClangBuiltLinux/linux/issues/1962
Signed-off-by: WANG Rui <wangrui@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
When the chip is configured to timestamp all receive packets, the
timestamp in the RX completion is only valid if the metadata
present flag is not set for packets received on the wire. In
addition, internal loopback packets will never have a valid timestamp
and the timestamp field will always be zero. We must exclude
any 0 value in the timestamp field because there is no way to
determine if it is a loopback packet or not.
Add a new function bnxt_rx_ts_valid() to check for all timestamp
valid conditions.
Fixes: 66ed81dced ("bnxt_en: Enable packet timestamping for all RX packets")
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20231208001658.14230-5-michael.chan@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The wait_event_interruptible_timeout() function returns 0
if the timeout elapsed, -ERESTARTSYS if it was interrupted
by a signal, and the remaining jiffies otherwise if the
condition evaluated to true before the timeout elapsed.
Driver should have checked for zero return value instead of
a positive value.
MChan: Print a warning for -ERESTARTSYS. The close operation
will proceed anyway when wait_event_interruptible_timeout()
returns for any reason. Since we do the close no matter what,
we should not return this error code to the caller. Change
bnxt_close_nic() to a void function and remove all error
handling from some of the callers.
Fixes: c0c050c58d ("bnxt_en: New Broadcom ethernet driver.")
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Vikas Gupta <vikas.gupta@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20231208001658.14230-4-michael.chan@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Receive SKBs can go through the VF-rep path or the normal path.
skb_mark_for_recycle() is only called for the normal path. Fix it
to do it for both paths to fix possible stalled page pool shutdown
errors.
Fixes: 86b05508f7 ("bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP")
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20231208001658.14230-3-michael.chan@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
We are issuing HWRM_FUNC_RESET cmd to reset the device including
all reserved resources, but not clearing the reservations
within the driver struct. As a result, when the driver re-initializes
as part of resume, it believes that there is no need to do any
resource reservation and goes ahead and tries to allocate rings
which will eventually fail beyond a certain number pre-reserved by
the firmware.
Fixes: 674f50a5b0 ("bnxt_en: Implement new method to reserve rings.")
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20231208001658.14230-2-michael.chan@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
After commit 939463016b ("tcp: change data receiver flowlabel after one dup")
we noticed an increase of TCPACKSkippedPAWS events.
Neal Cardwell tracked the issue to tcp_disordered_ack() assumption
about remote peer TS clock.
RFC 1323 & 7323 are suggesting the following:
"timestamp clock frequency in the range 1 ms to 1 sec per tick
between 1ms and 1sec."
This has to be adjusted for 1 MHz clock frequency.
This hints at reorders of SACK packets on send side,
this might deserve a future patch.
(skb->ooo_okay is always set for pure ACK packets)
Fixes: 614e8316aa ("tcp: add support for usec resolution in TCP TS values")
Co-developed-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: David Morley <morleyd@google.com>
Link: https://lore.kernel.org/r/20231207181342.525181-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
I changed responsibilities some time ago, its time
to remove myself as maintainer of the SMC component.
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Wenjia Zhang <wenjia@linux.ibm.com>
Link: https://lore.kernel.org/r/20231207202358.53502-1-wenjia@linux.ibm.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The new 6.7-rc1 kernel now checks the checksum on CDAT data. While
using a branch of Fan's DCD qemu work (and specifying DCD devices), the
following splat was observed.
WARNING: CPU: 1 PID: 1384 at drivers/base/devres.c:1064 devm_kfree+0x4f/0x60
...
RIP: 0010:devm_kfree+0x4f/0x60
...
? devm_kfree+0x4f/0x60
read_cdat_data+0x1a0/0x2a0 [cxl_core]
cxl_port_probe+0xdf/0x200 [cxl_port]
...
The issue in qemu is still unknown but the spat is a straight forward
bug in the CDAT checksum processing code. Use a CDAT buffer variable to
ensure the devm_free() works correctly on error.
Fixes: 670e4e88f3 ("cxl: Add checksum verification to CDAT from CXL")
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Reviewed-by: Robert Richter <rrichter@amd.com>
Link: http://lore.kernel.org/r/20231116-fix-cdat-devm-free-v1-1-b148b40707d7@intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Stefan Wahren says:
====================
qca_spi: collection of major fixes
This series contains a collection of major fixes for the qca_spi driver,
which has been recently discovered.
====================
Link: https://lore.kernel.org/r/20231206141222.52029-1-wahrenst@gmx.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
In case of a reset triggered by the QCA7000 itself, the behavior of the
qca_spi driver was not quite correct:
- in case of a pending RX frame decoding the drop counter must be
incremented and decoding state machine reseted
- also the reset counter must always be incremented regardless of sync
state
Fixes: 291ab06ecf ("net: qualcomm: new Ethernet over SPI driver for QCA7000")
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Link: https://lore.kernel.org/r/20231206141222.52029-4-wahrenst@gmx.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
After calling ethtool -g it was not possible to adjust the TX ring
size again:
# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX: 4
RX Mini: n/a
RX Jumbo: n/a
TX: 10
Current hardware settings:
RX: 4
RX Mini: n/a
RX Jumbo: n/a
TX: 10
# ethtool -G eth1 tx 8
netlink error: Invalid argument
The reason for this is that the readonly setting rx_pending get
initialized and after that the range check in qcaspi_set_ringparam()
fails regardless of the provided parameter. So fix this by accepting
the exposed RX defaults. Instead of adding another magic number
better use a new define here.
Fixes: 291ab06ecf ("net: qualcomm: new Ethernet over SPI driver for QCA7000")
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Link: https://lore.kernel.org/r/20231206141222.52029-3-wahrenst@gmx.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The qca_spi driver stop and restart the SPI kernel thread
(via ndo_stop & ndo_open) in case of TX ring changes. This is
a big issue because it allows userspace to prevent restart of
the SPI kernel thread (via signals). A subsequent change of
TX ring wrongly assume a valid spi_thread pointer which result
in a crash.
So prevent this by stopping the network traffic handling and
temporary park the SPI thread.
Fixes: 291ab06ecf ("net: qualcomm: new Ethernet over SPI driver for QCA7000")
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Link: https://lore.kernel.org/r/20231206141222.52029-2-wahrenst@gmx.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Initialise various workqueue tasks and queue interrupt poll task
before the first invocation of any control net APIs. Since
octep_ctrl_net_get_info was called before the control net receive
work task was initialised or even the interrupt poll task was
queued, the function call wasn't returning actual firmware
info queried from Octeon.
Fixes: 8d6198a14e ("octeon_ep: support to fetch firmware info")
Signed-off-by: Shinas Rasheed <srasheed@marvell.com>
Reviewed-by: Michal Schmidt <mschmidt@redhat.com>
Link: https://lore.kernel.org/r/20231206135228.2591659-1-srasheed@marvell.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
One tiny fix to the be2iscsi driver fixing a memory leak in an error leg.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCZXNjACYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishYz4AQC/yT6c
gWAr2e6NMUXs0Wx3C25ZFA3MS5OOhnkmIt8e2gEApSuCvlRZmHmR/YCphQD4e1ij
k0M7kd9jM7v356QTFBE=
=q8tg
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fix from James Bottomley:
"One tiny fix to the be2iscsi driver fixing a memory leak in an error
leg"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmVzOGgQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgprPED/sFJUY31XzGNWlqigwneZYppNYLyfJwTZ5z
FJyMfN/i9IPWZdBnY/Sed4lp/rWhlEIDNN69bHG7ErK4t8weaGWAV9+ygwRHNmm/
bAcezY0rJwh23pl/kCYxidhVVFpyhSjFebDUQ6nY4XeTm9OOeeVsTsKVNmN7hF/M
kGkJU+xZfu63RHcc0NATJPaaZGv0t5tZDnLCOiBy71tckxQlvPqvGnXKoTK1XeEv
WQu3WgYFhDmRfjnaWPKW8HewcEjZHrRNFiAgKOf1fVCUdEbUrMU9qtGRr0Wv5Fwv
f5cVqc+K44AE+spz/3Kb07q2/yI9cY3gbB1Ogt1ML1ryOMX9VgmymTxAhHyMJdJF
+SnDgkUGnkn4mAr93lOad1DL76Ep5fvK3NX799TwkL1RC/78GiGYJWEOA3rC7sD2
Nfrs5RHxAnjwlT4jKSJ8pbGZa3SQ5g+zn7sePxTRSEARq4Z8YY7WhQpKuW70NVvp
qkVCZgUEXO7DQcpjPLksOGt4tviXHahuIbq7RQD6OFZ1eNFrljHljymo+4rRRT/B
QlouVtrdkGA+u2xj0NJ24rtlyVvSg/150UWdtxgkq9zLQudFD9HoIDySjdnwHgIE
JTjIwH6Wq2y4TqGb4BkOlYMSqJaL0jcac2mT9oLkVoJ4OoQ6P9rtjHnl0yQGsb2R
a6vKAkWF7Q==
=Ds8S
-----END PGP SIGNATURE-----
Merge tag 'block-6.7-2023-12-08' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
"Nothing major in here, just miscellanous fixes for MD and NVMe:
- NVMe pull request via Keith:
- Proper nvme ctrl state setting (Keith)
- Passthrough command optimization (Keith)
- Spectre fix (Nitesh)
- Kconfig clarifications (Shin'ichiro)
- Frozen state deadlock fix (Bitao)
- Power setting quirk (Georg)
- MD pull requests via Song:
- 6.7 regresisons with recovery/sync (Yu)
- Reshape fix (David)"
* tag 'block-6.7-2023-12-08' of git://git.kernel.dk/linux:
md: split MD_RECOVERY_NEEDED out of mddev_resume
nvme-pci: Add sleep quirk for Kingston drives
md: fix stopping sync thread
md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
md: fix missing flush of sync_work
nvme: fix deadlock between reset and scan
nvme: prevent potential spectre v1 gadget
nvme: improve NVME_HOST_AUTH and NVME_TARGET_AUTH config descriptions
nvme-ioctl: move capable() admin check to the end
nvme: ensure reset state check ordering
nvme: introduce helper function to get ctrl state
md/raid6: use valid sector values to determine if an I/O should wait on the reshape
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmVzOJkQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpmYVD/0cx0TTIrip959DLqF/V8sl2BIrt/mjAvS4
oeVUe5OmqyR2gjjEYewf21MUyzE4tSMO/LFTEr0744zENKNTL84YhIIq30ga+Gue
n61c4WfPnhpvj8NQHuEf65cPosPSvKi6NSMLRJZCLqHtn8SrTQyCg8zk8GwjN/nl
fJScbrj4XKfZNlizKfbHQexfi78DZ2braTds0pPZ+uFXDTIrOKAfixfV39qwTFYZ
zI4FYKH8KzZzuMyyu2B+F3xCMdelUg26i2KMImKBaOsamnucIlyNvr/uWGs2G8tu
Z7sWGXdY9bFlWfAFxGZeFRWbmqpFz15Mmi2Uqx8wiiYxBAaJKL+Qaq358KbTD0hB
ZBKdy3AUw5J/445pwIepGp5XVxqn/qJFxGXzLAlncdhf9mXrjmFwNC/Yp5lnyDYy
S3YhUsjpGX3Mymjd/gWkn1BTZh7zzpKI6LmWJjn89jmTpOzlWmfPu/uM/c/vKvE8
KajCkZ3nUCmr56GUxvSZcon7vwc8pLUyrF8Vo1vwEEVgiN+IjJVk3dMAz0hyGhtO
2HxSwOAHllAIyqjmazqESQnWEf1p8idnoR9qZXAiLzbwUFbUY/a/YrCul6vHM4yE
czat+EGWdfJi0EX0z/bMUVRz05UbNt0JtKf3BnqxWtQlT8yKwCvMgHXuPJbY4y5g
yXi7ep37JQ==
=Xta7
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.7-2023-12-08' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
"Two minor fixes for issues introduced in this release cycle, and two
fixes for issues or potential issues that are heading to stable.
One of these ends up disabling passing io_uring file descriptors via
SCM_RIGHTS. There really shouldn't be an overlap between that kind of
historic use case and modern usage of io_uring, which is why this was
deemed appropriate"
* tag 'io_uring-6.7-2023-12-08' of git://git.kernel.dk/linux:
io_uring/af_unix: disable sending io_uring over sockets
io_uring/kbuf: check for buffer list readiness after NULL check
io_uring/kbuf: Fix an NULL vs IS_ERR() bug in io_alloc_pbuf_ring()
io_uring: fix mutex_unlock with unreferenced ctx
Primarily rtrs and irdma fixes:
- Fix uninitialized value in ib_get_eth_speed()
- Fix hns refusing to work if userspace doesn't select the correct
congestion control algorithm
- Several irdma fixes - unreliable Send Queue Drain, use after free, 64k
page size bugs, device removal races
- Several rtrs bug fixes - crashes, memory leaks, use after free, bad
credit accounting, bogus WARN_ON
- Typos and a MAINTAINER update
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCZXMjNwAKCRCFwuHvBreF
YdnyAP9h6dQG+KgIl26q7Bk1AmsmoseZ1HmeGRacdHsW0qgXPwD/XRX/IgNpl465
fdt6Qh877LBEjlMFvyMxFTWG7v1ixwY=
=Tn3a
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Primarily rtrs and irdma fixes:
- Fix uninitialized value in ib_get_eth_speed()
- Fix hns refusing to work if userspace doesn't select the correct
congestion control algorithm
- Several irdma fixes - unreliable Send Queue Drain, use after free,
64k page size bugs, device removal races
- Several rtrs bug fixes - crashes, memory leaks, use after free, bad
credit accounting, bogus WARN_ON
- Typos and a MAINTAINER update"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/irdma: Avoid free the non-cqp_request scratch
RDMA/irdma: Fix support for 64k pages
RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz
RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info()
RDMA/bnxt_re: Correct module description string
RDMA/rtrs-clt: Remove the warnings for req in_use check
RDMA/rtrs-clt: Fix the max_send_wr setting
RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight
RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true
RDMA/rtrs-srv: Check return values while processing info request
RDMA/rtrs-clt: Start hb after path_up
RDMA/rtrs-srv: Do not unconditionally enable irq
MAINTAINERS: Add Chengchang Tang as Hisilicon RoCE maintainer
RDMA/irdma: Add wait for suspend on SQD
RDMA/irdma: Do not modify to SQD on error
RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm
RDMA/core: Fix uninit-value access in ib_get_eth_speed()
Fix cpufreq reference counting in the DTPM (dynamic thermal and
power management) power capping framework (Lukasz Luba).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmVzVpgSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxVr4P/j2SMo9M5tA39cHJ3nUWXBV23pWXQW/N
2Gl1oFr6UAHM3sbIAN6MGGGFAPjIxdLisUMDmPsIc1HkLHBV6aG5vOoxvUP9XCAK
je+kWIAKsIMaf/l3kfD3OdDda3RQlbcTbVyP8vKxcYWyLe1lAO7ddYuvsXuN9gCb
t+KoWjN5DSYbS+0reIsBGjYQRA6Asf6mciAdvbFkZwQkot/E9jxxH927IN69X2JJ
dRG6NsfFbX25Xb1i3a+uNCPrc7NeNYn1NHw2QfDEgGxM0sxBhamTJNNOePZwEx50
4mM8wvtshV9/rSGlXZBpKm0WaDB1exoE9ot9ZOjpeRiBnoNf1adTtsb0EHOA7V8Y
nRfB5hS4VfuOVuED9ytwAPcxb3s3VKJmmMb2xquODXRZVELIvtYvRia9Fnp3HP98
J/lUBmzVe3/ieBoUHPznNIinGqHuXMIRyNejybnwVXGf8wD2Te4tRU9DNeUgHkPJ
yQFQAURNwZxsCAYOv3DnA8eUjDbPXYrBlHSMP05BNUXBe6qmhf1kMJAEW/zz7x1h
lJ4mNBGVzfSBlUoD3uuf4+qb1VgseqN1VqgimbWahZqErAhToh0aRsfe8cs/7cFq
86qifoXfFYPUt2pJVF3P2DWPLZKU3HjpqQUrICQx5zc+EkDP9p9sdOvcnidC/UdV
b/C3KOe1EvfZ
=slx+
-----END PGP SIGNATURE-----
Merge tag 'pm-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fix from Rafael Wysocki:
"Fix cpufreq reference counting in the DTPM (dynamic thermal and power
management) power capping framework (Lukasz Luba)"
* tag 'pm-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
powercap: DTPM: Fix missing cpufreq_cpu_put() calls
Fix a possible crash on an attempt to free unallocated memory in the
error path of acpi_evaluate_reference() that has been introduced by one
of the recent changes (Rafael Wysocki).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmVzVyQSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxh38P/AyhME1sSfnVBFGBs6hbkiqbXkiv53ty
VSk08bp4r2Be+CruttN7D1lb9Y6RnIcQ0961dSEIwAEzuWy4lGUIAw02ljvZIr2z
XFbAtusRTAqJBkCuwvs3vFsUIC3AAH//m9wfVo75iTQSKCgbn0C8t92ttOrx9/Ys
XCPqEb06KeOU5C/twr5EbIUUpP+TARTAjP8CXeAaiYzjeSpNz/wQbkd5sHLJNBBO
O5hwhey944BIqvY3PXDl6hDiWVKqBs9w7qQmDVMc1dck2WhQ9L2wBsIgf4MICoAh
8IORi0PbEhsH9yxY8GIuLkYKIeMKx2bd04kDi8GuskP/GJxuZfehs7MH1Et0+glH
itN6EM7EanznBrKH55ilHi8A25aKI6vW8parMJjyZm66MlGha0FuY5d493PdA8hL
Zsoo130xVPhzEOXATUhNDRZhEW/vfow++MgFTGXZAj+aizVN6Cj8WNNqAaGjYAyZ
nvPIY48NVYb1GB0lDfoMiB/PKfMAAEHf9909AYSJnjbH+hc5Rw24+plBlOD9J8e+
6XfjgHpA9dn43e3HwnkgQb7wqGviCkdwfxkqw3RNpOAYcw2Orp82vs6BTaHcNMC+
ZxnftjuBoBm4L5hXj1+YbzSCUL+ILsUTvuGQDStgjTzz1mdhGUVIicoNhLL9UqFf
b/doQTA75g7F
=1Xw0
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Fix a possible crash on an attempt to free unallocated memory in the
error path of acpi_evaluate_reference() that has been introduced by
one of the recent changes (Rafael Wysocki)"
* tag 'acpi-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: utils: Fix error path in acpi_evaluate_reference()
- acpi_power_meter: Fix 4.29 MW output sen if acpi reports bad data
- corsair-psu: Fix ability to probe if the driver is built into the kernel
- ltc2991: Fix spelling mistake "contiuous" -> "continuous"
- max31827: Add missing regulator header file include
- nzxt-kraken2: Fix error handling path in probe function
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEiHPvMQj9QTOCiqgVyx8mb86fmYEFAmVzZNcACgkQyx8mb86f
mYFCgg/+KwO3QvSY7Mfwl93Xhijix7VC1XjJL4eHZfODiUQWnCgsjFLcA9SzbUsu
mN2kKVrDWtN+Gp5rPOmCN8JFLxe4uifdg1ThfZ1rVv0xrowiffLgibFM5OVo4ynO
1RJ8mg8y6JYb/Dy67kYwq2Z2NQPSB+6JourOJ+egXgZutZ7qmEcz81JjN+Dy1FAg
Wa7bEuIlPChPmWwZRHBSilkoyb9tvMpU/5jG06UWrQOjMNYE2Incw9HRmg5tKVlD
UVh4QrtP2kuk+M6ChwS4ffjD0Me3KIqQ9aAXb+QqNE0QziLkrLbRwHk1bHxrfjse
EdKs+X7Ic40U6N7BFbEEiq+MeG3Q+47S8IVDlWIvIR3om13Jswn6wGkHB2WnVGBk
zGXJ8iXLmxKuNiWvoeGUBvuSr/iaFY1jb8xFf+T92pso52GPVIgIDtS2H6qjSUE9
iE9hwxLGE5GHNQJNN3dmCvUV22RUOTQVVMqmMOGerufusyb55Am6KHar9HtxAmpe
SI0KB7i6zaPe0o8pXVMuWmonAsR0YXs57jyKB0lENJSCtjl3XiHEw7KkPZTYyKEo
3m3xpOGvSnmAK7DHlm2CAP6UvBpikG/JXJnLyT+0LcsC6ifhcAjdossoi4Jyk0fv
+v0tdhtd0DJTAO2DmVGtfc1WLIFEUq5xBEUhpLKMR2JpyVUTWAY=
=Bj8e
-----END PGP SIGNATURE-----
Merge tag 'hwmon-for-v6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
- acpi_power_meter: Fix 4.29 MW output seen if acpi reports bad data
- corsair-psu: Fix ability to probe if the driver is built into the kernel
- ltc2991: Fix spelling mistake "contiuous" -> "continuous"
- max31827: Add missing regulator header file include
- nzxt-kraken2: Fix error handling path in probe function
* tag 'hwmon-for-v6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (corsair-psu) Fix probe when built-in
hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
hwmon: (acpi_power_meter) Fix 4.29 MW bug
hwmon: max31827: include regulator header
hwmon: ltc2991: Fix spelling mistake "contiuous" -> "continuous"
This fixes a null pointer exception in the bcm2835 pwm driver. The
problem was introduced by a combination of two commits merged for
v6.7-rc1 where each change alone would have been fine.
Thanks to Florian Fainelli for noticing and fixing the issue.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEP4GsaTp6HlmJrf7Tj4D7WH0S/k4FAmVzH2kACgkQj4D7WH0S
/k7dLgf+IJh7lsXEdZCLhtXuopc+cT84AuM1tgtSE1dcO//QVXDMApCjuPcW8u6v
V6/ASBFjWuBJZJjW3qJ73XNMkNefYkVN4x0nDw1+u7zmjT2yCfyf2WYO3PzGqXmK
GTN/enXZuWTJAQhuKAqGbdMOCPyESwIcwZ7NtnOUoJ44tfzD+5bbgmq6UeftyM9R
bY+GY4TMKlZxJJiVEWaTdUejZViKTwY7GBi+0TCM8v6IVqH8Xqbyo1zt07UoU3R3
qD0+JnirLAZqweaEkKGLC7ch37qiEZ87traWP5J0OuoK9UoMj2NH056Y2gfOFlAD
ec9ew8S4Qd+tupMWZYIe2zEPiWPbgw==
=6v3w
-----END PGP SIGNATURE-----
Merge tag 'pwm/for-6.7-rc5-fixes' of https://git.pengutronix.de/git/ukl/linux
Pull pwm fix from Uwe Kleine-König:
"This fixes a null pointer exception in the bcm2835 pwm driver.
The problem was introduced by a combination of two commits merged for
v6.7-rc1 where each change alone would have been fine.
Thanks to Florian Fainelli for noticing and fixing the issue"
* tag 'pwm/for-6.7-rc5-fixes' of https://git.pengutronix.de/git/ukl/linux:
pwm: bcm2835: Fix NPD in suspend/resume
This is a typical bump in the middle of its way; we've gathered lots
of fixes (mostly for ASoC) at this time.
- PCM array out-of-bound access fix
- Correction of SOC PCM merge error
- Lots of ASoC SOF Intel updates
- A few ASoC AMD quirks
- More proper timer handling in PCM test module
- HD-audio and USB-audio quirks as usual
- Other device-specific fixes for various ASoC codecs
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmVy8MkOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+k9A/9HezmtiuQhxZ4l8AnbkSH1XBvFJjTIflpvuWh
b2qW3qAoAudoznDpVL4Ad1usK/pJpAQ2KoImR7wkGs22HyryaZ0rjok0Yh2J+emP
Z6Y4jnXOlgKugmVVzBBnrY6F+rESqm2JnZIfKQ2m8eD28s6WCl9r6uueSlCYnIMV
bpX7T01BSOmUCSgzG6DMK33aAB+hxZvhT5Dd/F6XIrpHFaqmFPX01r/YAppPq+Az
c8f4sqClndsEwPGBznUeHEDhwq7I1meeJzaIp+T9L5S/qDVUSueupqVBs8Aso6Cm
e59al1w/PfFUllWx3n87Q7+ZAW5Lv5IimxhmrKptrCQISYbjNCOW/05sOAJB3tNY
72acKUj0xFEq8kHr/KfTyOIDG6sYdUXgqCsmEPkMuV1z6R3jyfQuUs3MNBsjDEEx
z5bbd2OykCYMc3kyNSuaU23UzDOguOoaeNyW+9tV075joDEy9qlskArD+CCA7LMk
W7EdV5HxBXKMoxRMKuW+zg+dB7w5pkYoAXLdh/l9M6acfvYw69C4EeAa2ELQCJY6
Pkw0+EMdfRSOqudjbeyDJyOheYuqliiI/rfT8TEIf/CWiPDW0jtL1Nz1hW4a/Qyp
y+veNAEj6+e7Lww5K2dckp1k+fPqEsSKot7qlQC9ozu3gAPVjgvJJMuOdLAnv1Ym
nNAhPu0=
=m2Ci
-----END PGP SIGNATURE-----
Merge tag 'sound-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"This is a typical bump in the middle of its way; we've gathered lots
of fixes (mostly for ASoC) at this time:
- PCM array out-of-bound access fix
- Correction of SOC PCM merge error
- Lots of ASoC SOF Intel updates
- A few ASoC AMD quirks
- More proper timer handling in PCM test module
- HD-audio and USB-audio quirks as usual
- Other device-specific fixes for various ASoC codecs"
* tag 'sound-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (39 commits)
ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7
ALSA: pcmtest: stop timer before buffer is released
ALSA: hda/realtek: Add Framework laptop 16 to quirks
ALSA: hda/realtek: add new Framework laptop to quirks
ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
ASoC: qcom: sc8280xp: Limit speaker digital volumes
ASoC: ops: add correct range check for limiting volume
ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
ALSA: hda/realtek: fix speakers on XPS 9530 (2023)
ALSA: usb-audio: Add Pioneer DJM-450 mixer controls
ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
ASoC: da7219: Support low DC impedance headset
ASoC: amd: acp: Add support for a new Huawei Matebook laptop
ALSA: hda/realtek: Apply quirk for ASUS UM3504DA
ASoC: SOF: ipc4-topology: Correct data structures for the GAIN module
ASoC: SOF: ipc4-topology: Correct data structures for the SRC module
ASoC: hdac_hda: Conditionally register dais for HDMI and Analog
ASoC: codecs: lpass-tx-macro: set active_decimator correct default value
ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13
...
In __team_options_register, team_options are allocated and appended to
the team's option_list.
If one option instance allocation fails, the "inst_rollback" cleanup
path frees the previously allocated options but doesn't remove them from
the team's option_list.
This leaves dangling pointers that can be dereferenced later by other
parts of the team driver that iterate over options.
This patch fixes the cleanup path to remove the dangling pointers from
the list.
As far as I can tell, this uaf doesn't have much security implications
since it would be fairly hard to exploit (an attacker would need to make
the allocation of that specific small object fail) but it's still nice
to fix.
Cc: stable@vger.kernel.org
Fixes: 80f7c6683f ("team: add support for per-port options")
Signed-off-by: Florent Revest <revest@chromium.org>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://lore.kernel.org/r/20231206123719.1963153-1-revest@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
In general, activating long mode involves setting the EFER_LME bit in
the EFER register and then enabling the X86_CR0_PG bit in the CR0
register. At this point, the EFER_LMA bit will be set automatically by
hardware.
In the case of SVM/SEV guests where writes to CR0 are intercepted, it's
necessary for the host to set EFER_LMA on behalf of the guest since
hardware does not see the actual CR0 write.
In the case of SEV-ES guests where writes to CR0 are trapped instead of
intercepted, the hardware *does* see/record the write to CR0 before
exiting and passing the value on to the host, so as part of enabling
SEV-ES support commit f1c6366e30 ("KVM: SVM: Add required changes to
support intercepts under SEV-ES") dropped special handling of the
EFER_LMA bit with the understanding that it would be set automatically.
However, since the guest never explicitly sets the EFER_LMA bit, the
host never becomes aware that it has been set. This becomes problematic
when userspace tries to get/set the EFER values via
KVM_GET_SREGS/KVM_SET_SREGS, since the EFER contents tracked by the host
will be missing the EFER_LMA bit, and when userspace attempts to pass
the EFER value back via KVM_SET_SREGS it will fail a sanity check that
asserts that EFER_LMA should always be set when X86_CR0_PG and EFER_LME
are set.
Fix this by always inferring the value of EFER_LMA based on X86_CR0_PG
and EFER_LME, regardless of whether or not SEV-ES is enabled.
Fixes: f1c6366e30 ("KVM: SVM: Add required changes to support intercepts under SEV-ES")
Reported-by: Peter Gonda <pgonda@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210507165947.2502412-2-seanjc@google.com>
[A two year old patch that was revived after we noticed the failure in
KVM_SET_SREGS and a similar patch was posted by Michael Roth. This is
Sean's patch, but with Michael's more complete commit message. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It seems that when the driver is built-in, the HID bus is
initialized after the driver is loaded, which whould cause
module_hid_driver() to fail.
Fix this by registering the driver after the HID bus using
late_initcall() in accordance with other hwmon HID drivers.
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Link: https://lore.kernel.org/r/20231207210723.222552-1-W_Armin@gmx.de
[groeck: Dropped "compile tested" comment; the patch has been tested
but the tester did not provide a Tested-by: tag]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Using -MD without -MP causes build failures when a header file is deleted
or moved. With -MP, the compiler will emit phony targets for the header
files it lists as dependencies, and the Makefiles won't refuse to attempt
to rebuild a C unit which no longer includes the deleted header.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Link: https://lore.kernel.org/r/9fc8b5395321abbfcaf5d78477a9a7cd350b08e4.camel@infradead.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pass MAGIC_TOKEN to __TEST_REQUIRE() when printing the help message about
needing to pass a magic value to manually run the NX hugepages test,
otherwise the help message will contain garbage.
In file included from x86_64/nx_huge_pages_test.c:15:
x86_64/nx_huge_pages_test.c: In function ‘main’:
include/test_util.h:40:32: error: format ‘%d’ expects a matching ‘int’ argument [-Werror=format=]
40 | ksft_exit_skip("- " fmt "\n", ##__VA_ARGS__); \
| ^~~~
x86_64/nx_huge_pages_test.c:259:9: note: in expansion of macro ‘__TEST_REQUIRE’
259 | __TEST_REQUIRE(token == MAGIC_TOKEN,
| ^~~~~~~~~~~~~~
Signed-off-by: angquan yu <angquan21@gmail.com>
Link: https://lore.kernel.org/r/20231128221105.63093-1-angquan21@gmail.com
[sean: rewrite shortlog+changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
- When checking if a _running_ vCPU is "in-kernel", i.e. running at CPL0,
get the CPL directly instead of relying on preempted_in_kernel, which
is valid if and only if the vCPU was preempted, i.e. NOT running.
- Set .owner for various KVM file_operations so that files refcount the
KVM module until KVM is done executing _all_ code, including the last
few instructions of kvm_put_kvm(). And then revert the misguided
attempt to rely on "struct kvm" refcounts to pin KVM-the-module.
- Fix a benign "return void" that was recently introduced.
-----BEGIN PGP SIGNATURE-----
iQJGBAABCgAwFiEEMHr+pfEFOIzK+KY1YJEiAU0MEvkFAmVyeV0SHHNlYW5qY0Bn
b29nbGUuY29tAAoJEGCRIgFNDBL5aJIP/izKZivi/kZjuuKp2c1W2XM+mBZlM+Yj
qYcdV0rZygQJOZXTpMaEVg7iUtvbwAT495nm8sXr/IxXw+omMcP+qyLRCZ6JafYy
B19buCnAt2DymlJOurFzlIEeWtunkxk/gFLMB/BnSrok88cKz5PMxAVFPPBXsTms
ZqSFlDhzG0G4Mxhr8t0elyjd4HrCbNjCn1MhJg+uzFHKakfOvbST5jO02LkTeIM2
VFrqWZo1C6uPDrA8TzWzik54qOrDFrodNv/XvIJ0szgVOc+7Iwxy80A/v7o7jBET
igH+6F3cbST5uoKFrFn7pPJdTOfX2u18DXcpxiYIu+24ToKyqdE1Np9M5W4ZMX/9
Im5ilykfylHpRYAL4tECD6Jzd/Q/xIvpe8Uk6HTfFAtb/UdMY35/1keBnnkI2oj8
/4USM7AHNiqoAs4+OE4kZslrFG8ttv3vIOr7Mtk2UjGyGp8TH8sRFYPJKToXsQIJ
Gs96rsbiU+oo/IDp3UiRhWtwpwfKGbkDLp4r/3X6UOx6Re5u1ITVIoM14qFQaw3W
CKdHKN/MoreYLS5gasjaGRSyQNJPonaS10l8SqzWflrUBZYfyjCNKliihjKood2g
JykH4p69IFTWADT2VbrGCQVKfY1GJCxGwpGePFmChTsPUiQ2P+AbHCmaefnIRRbK
8UR/OmsDtFRZ
=gWp0
-----END PGP SIGNATURE-----
Merge tag 'kvm-x86-fixes-6.7-rcN' of https://github.com/kvm-x86/linux into kvm-master
KVM fixes for 6.7-rcN:
- When checking if a _running_ vCPU is "in-kernel", i.e. running at CPL0,
get the CPL directly instead of relying on preempted_in_kernel, which
is valid if and only if the vCPU was preempted, i.e. NOT running.
- Set .owner for various KVM file_operations so that files refcount the
KVM module until KVM is done executing _all_ code, including the last
few instructions of kvm_put_kvm(). And then revert the misguided
attempt to rely on "struct kvm" refcounts to pin KVM-the-module.
- Fix a benign "return void" that was recently introduced.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoWuZBM6M3lCBSfTnuARItAMU6BMFAmVTtQsACgkQuARItAMU
6BOk3g/+MJgTiOiADWMoODK6QO34xu6YqrhH1xwYmWiKNblH1w8d3gTeo3EV7bH5
BqybvuneoWxSrhOhkDplApJDPyjyBumvN59/JijrrGTv1ObmTokoEHeS4KCZR6oo
mYri16oGhepH8Kwg32shwOTI4mjf3fs5yHc/JkdbRevTJ8YAZYQJsoMIA4tNE/KG
vOESqQMDZZ+YCNgHUUuufuexBoXmaTEwtIlzQ324sGsmyKOu7JlqERrnh60zEfbT
wVGlVmlHG3eIbpofA0un12SAyQXE4AhIIjqB2czWG5aLigD+1zC1Ltn6i16wW+lW
c+0N1nLZbLHzv7NUGd/52LnZGmAj3cXV2uipGn/H/+YHs4XtEiDlIo5rNSNYj6HQ
m+/su7NQAvX5/YRxE3W3s0JYm/9gYoghh/I3uKKjlI07+kM7UN6uPqkh3biPCQeD
n8lnC7iFSyYr7QFIje8SuDW+rAD4oOhWtvetCfTDO5K8+KaEL6pqAZIkKXpFinZ5
2BV+wHDb0S20WjIK2Z9erFmQbe22gV5CxukGtbciEDEduRq9dw9/kgTAz/PHqqge
kZBOwyCB1Ihi5/jdInUMs0hTVawdvFLGuhpYES8NT0h/bgSDG4ncNIIba7sDcrCu
ngVnU4NTHCaZWPmaT9eIBBGaYHVqfHfhSobnCFDTfZAdJiDZRb8=
=2oOa
-----END PGP SIGNATURE-----
Merge tag 'kvm-s390-master-6.7-1' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master
Two small but important bugfixes.
- Avoid mapping vLPIs that have already been mapped
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSNXHjWXuzMZutrKNKivnWIJHzdFgUCZWub4QAKCRCivnWIJHzd
FnZPAP9KlyKZTy3RvczIy4imn+DebrASAApmREkAIvfmz9wFzQD+Lg8AfxPAMz8E
e9eNpTZ48Zqzmas93/eu1t6ZpcJOZQA=
=fyc9
-----END PGP SIGNATURE-----
Merge tag 'kvmarm-fixes-6.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master
KVM/arm64 fixes for 6.7, take #1
- Avoid mapping vLPIs that have already been mapped
* A pair of fixes to the new module load-time relocation code.
* A fix for hwprobe overflowing on rv32.
* A fix for to correctly decode C.SWSP and C.SDSP, which manifests in
misaligned access handling.
* A fix for a boot-time shadow call stack initialization ordering issue.
* A fix for Andes' errata probing, which was calling
riscv_noncoherent_supported() too late in the boot process and
triggering an oops.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmVzPZ8THHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYiV0LD/0S5ehBNExoF5B/uByAV+5Bgjvee2gc
UyYcPoFqhHrd3EUBRNO8bCWXphMpFe19HvR4DDjQwOxmSWKFN58TEjkLZQTmfNGX
z/iRdwkwCKWjnjnGdRupJT7nlPWnXDVbwosxcnRhkxBBZRPA29kjf+Hqg+vF0pIQ
JMXhUwcV6FrZrKszV/erjNp4L/B1N9uHb5CBMGaYBTaQzMzmcNsCGDZpJrZxlEV/
MESSwgZRc5fUEhCVyafXoq1VVnjC2yM1fgrigpNmilDDLXYZ6iHk8h19cX2Wk2Ns
AJ7PX9PR/xuDyaxPD8ANCj/isxqf06T8r3rdSn6aNjP+nzrAoSUAgKQDZNyZclFj
nymGD/ZvE3gCqoZ6eYJmA0a3qqxQYpL154F1jJiyB+lIUPiqKIQgc5ksLRNCdvF4
60wc4qKkBKc2PpxU+tD2rn9nl9pAOXiuDGyoT452I3W5SlXb1qDdd5g4hrOlYg4y
tSmnzyoI2L6qQ+Gux7TCAzTMTrBsSpMkH8uuPRFvk9DmV6bLsUHIlh/hGmqTQBdr
eZM4vO9Xi1haF8THeiuf4T1PgTfG7qFGpzs3nZwz16WQKd4tm5Qe6Ms3oDa1RM9D
ZX7feTdw859Pz6ULsm8QMTYn3mBKraUz1EdiNClsKFVBTw722pCk8VJhJbjWFQpZ
h9IAyKdQjNeTEA==
=Hb40
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- A pair of fixes to the new module load-time relocation code
- A fix for hwprobe overflowing on rv32
- A fix for to correctly decode C.SWSP and C.SDSP, which manifests in
misaligned access handling
- A fix for a boot-time shadow call stack initialization ordering issue
- A fix for Andes' errata probing, which was calling
riscv_noncoherent_supported() too late in the boot process and
triggering an oops
* tag 'riscv-for-linus-6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: errata: andes: Probe for IOCP only once in boot stage
riscv: Fix SMP when shadow call stacks are enabled
dt-bindings: perf: riscv,pmu: drop unneeded quotes
riscv: fix misaligned access handling of C.SWSP and C.SDSP
RISC-V: hwprobe: Always use u64 for extension bits
Support rv32 ULEB128 test
riscv: Correct type casting in module loading
riscv: Safely remove entries from relocation list
Most of the changes are devicetree fixes for NXP, Mediatek, Rockchips
Arm machines as well as Microchip RISC-V, and most of these address
build-time warnings for spec violations and other minor issues. One of
the Mediatek warnings was enabled by default and prevented a clean build.
The ones that address serious runtime issues are all on the i.MX platform:
- a boot time panic on imx8qm
- USB hanging under load on imx8
- regressions on the imx93 ethernet phy
Code fixes include a minor error handling for the i.MX PMU driver, and
a number of firmware driver fixes:
- OP-TEE fix for supplicant based device enumeration, and a new
sysfs attribute to needed to fix a race against userspace
- Arm SCMI fix for possible truncation/overflow in the frequency
computations
- Multiple FF-A fixes for the newly added notification support.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmVzIOMACgkQYKtH/8kJ
UidsiRAAloE2O29o1VxGSpuee5pJVdm1zr+lNfC/6chb+LKu6hXQjZY0IZOQup1p
oId8n+AiunZIDL/iBdMOqp2jWF2O6C9Ns/usdp4+V0RZ7DyjIVbR8E2RYgo/mb76
AxBxJCZVFIgMbqKjc1zg+5UmvGrl3zXAqmANfPDWu7hdbHafpbKz4Jb8iQe2/CKc
PFBrweit/t6icpEmmmRrQfB7EcMPNSOOMdt30PxM+V+uDME4ub4k1a4o0n9zd2LB
p2ZcxL8TX6LJRBRdg5T+QWvoFKHCOk+fVcvGAV28L/npORMrbpG7EHjrEbrhgs3f
PcJtorjTwkjMp2PJlvD7DBV79ViEhtpYA1gNryjoXzMlZe9VHf8oAmH+/oJY7Zv2
kVZwMiNb/eeMET3wG6fcyprkOwq1k0Ri6IHpYkVNvpQDCbEnc28zP2z3FNhoXF8U
PcMmUbClJFR8QJPABm/FRNTh/UDcfxU6TkIFsNbYwLxol4+sAtFV8dHkr6/1vVfX
FTXsYABFG5UAyQCtbbOQ6MuAMSTc4ox5Rh8aBATA/DQZabrWDon1ZU39WLJOarJ3
YB9JmgxkIhYqbh5/bsKgb7srHQwzY2Vgof2iK2PI73eLW9yiTd4ysbwSvnb/UdMP
fKssD6GfqWc340ugycNoorXYvi/N06f7r/u2AtjQzRyNaSnR/4s=
=mw0X
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-6.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"Most of the changes are devicetree fixes for NXP, Mediatek, Rockchips
Arm machines as well as Microchip RISC-V, and most of these address
build-time warnings for spec violations and other minor issues. One of
the Mediatek warnings was enabled by default and prevented a clean
build.
The ones that address serious runtime issues are all on the i.MX
platform:
- a boot time panic on imx8qm
- USB hanging under load on imx8
- regressions on the imx93 ethernet phy
Code fixes include a minor error handling for the i.MX PMU driver, and
a number of firmware driver fixes:
- OP-TEE fix for supplicant based device enumeration, and a new sysfs
attribute to needed to fix a race against userspace
- Arm SCMI fix for possible truncation/overflow in the frequency
computations
- Multiple FF-A fixes for the newly added notification support"
* tag 'soc-fixes-6.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (55 commits)
MAINTAINERS: change the S32G2 maintainer's email address.
arm64: dts: rockchip: Fix eMMC Data Strobe PD on rk3588
ARM: dts: imx28-xea: Pass the 'model' property
ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
MAINTAINERS: reinstate freescale ARM64 DT directory in i.MX entry
arm64: dts: imx8-apalis: set wifi regulator to always-on
ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
arm64: dts: imx8ulp: update gpio node name to align with register address
arm64: dts: imx93: update gpio node name to align with register address
arm64: dts: imx93: correct mediamix power
arm64: dts: imx8qm: Add imx8qm's own pm to avoid panic during startup
arm64: dts: freescale: imx8-ss-dma: Fix #pwm-cells
arm64: dts: freescale: imx8-ss-lsio: Fix #pwm-cells
dt-bindings: pwm: imx-pwm: Unify #pwm-cells for all compatibles
ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock
arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3
arm64: dts: rockchip: Fix PCI node addresses on rk3399-gru
arm64: dts: rockchip: drop interrupt-names property from rk3588s dfi
firmware: arm_scmi: Fix possible frequency truncation when using level indexing mode
firmware: arm_scmi: Fix frequency truncation by promoting multiplier type
...
This is a partial revert of 8b3517f88f ("PCI: loongson: Prevent LS7A MRRS
increases") for MIPS-based Loongson.
Some MIPS Loongson systems don't support arbitrary Max_Read_Request_Size
(MRRS) settings. 8b3517f88f ("PCI: loongson: Prevent LS7A MRRS
increases") worked around that by (1) assuming that firmware configured
MRRS to the maximum supported value and (2) preventing the PCI core from
increasing MRRS.
Unfortunately, some firmware doesn't set that maximum MRRS correctly, which
results in devices not being initialized correctly. One symptom, from the
Debian report below, is this:
ata4.00: exception Emask 0x0 SAct 0x20000000 SErr 0x0 action 0x6 frozen
ata4.00: failed command: WRITE FPDMA QUEUED
ata4.00: cmd 61/20:e8:00:f0:e1/00:00:00:00:00/40 tag 29 ncq dma 16384 out
res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
ata4.00: status: { DRDY }
ata4: hard resetting link
Limit MRRS to 256 because MIPS Loongson with higher MRRS support is
considered rare.
This must be done at device enablement stage because the MRRS setting may
get lost if PCI_COMMAND_MASTER on the parent bridge is cleared, and we are
only sure parent bridge is enabled at this point.
Fixes: 8b3517f88f ("PCI: loongson: Prevent LS7A MRRS increases")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217680
Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035587
Link: https://lore.kernel.org/r/20231201115028.84351-1-jiaxun.yang@flygoat.com
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Huacai Chen <chenhuacai@loongson.cn>
Cc: stable@vger.kernel.org
- Snapshot buffer issues
1. When instances started allowing latency tracers, it uses
a snapshot buffer (another buffer that is not written to
but swapped with the main buffer that is). The snapshot buffer
needs to be the same size as the main buffer. But when the
snapshot buffers were added to instances, the code to make
the snapshot equal to the main buffer still was only doing it
for the main buffer and not the instances.
2. Need to stop the current tracer when resizing the buffers.
Otherwise there can be a race if the tracer decides to make
a snapshot between resizing the main buffer and the snapshot
buffer.
3. When a tracer is "stopped" in disables both the main buffer
and the snapshot buffer. This needs to be done for instances
and not only the main buffer, now that instances also have
a snapshot buffer.
- Buffered event for filtering issues
When filtering is enabled, because events can be dropped often,
it is quicker to copy the event into a temp buffer and write that
into the main buffer if it is not filtered or just drop the event
if it is, than to write the event into the ring buffer and then
try to discard it. This temp buffer is allocated and needs special
synchronization to do so. But there were some issues with that:
1. When disabling the filter and freeing the buffer, a call to all
CPUs is required to stop each per_cpu usage. But the code
called smp_call_function_many() which does not include the
current CPU. If the task is migrated to another CPU when it
enables the CPUs via smp_call_function_many(), it will not enable
the one it is currently on and this causes issues later on.
Use on_each_cpu_mask() instead, which includes the current CPU.
2. When the allocation of the buffered event fails, it can give
a warning. But the buffered event is just an optimization
(it's still OK to write to the ring buffer and free it).
Do not WARN in this case.
3. The freeing of the buffer event requires synchronization.
First a counter is decremented to zero so that no new uses
of it will happen. Then it sets the buffered event to NULL,
and finally it frees the buffered event. There's a synchronize_rcu()
between the counter decrement and the setting the variable to
NULL, but only a smp_wmb() between that and the freeing of the
buffer. It is theoretically possible that a user missed seeing
the decrement, but will use the buffer after it is free. Another
synchronize_rcu() is needed in place of that smp_wmb().
- ring buffer timestamps on 32 bit machines
The ring buffer timestamp on 32 bit machines has to break the 64 bit
number into multiple values as cmpxchg is required on it, and a
64 bit cmpxchg on 32 bit architectures is very slow. The code use
to just use two 32 bit values and make it a 60 bit timestamp where
the other 4 bits were used as counters for synchronization. It later
came known that the timestamp on 32 bit still need all 64 bits in
some cases. So 3 words were created to handle the 64 bits. But issues
arised with this:
1. The synchronization logic still only compared the counter
with the first two, but not with the third number, so the
synchronization could fail unknowingly.
2. A check on discard of an event could race if an event happened
between the discard and updating one of the counters. The
counter needs to be updated (forcing an absolute timestamp
and not to use a delta) before the actual discard happens.
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZXIP5hQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qmJxAQDXBZwBUFQjWqZHLJn0S9aaz5FggkeR
RmlsOMND0PXcjwD+N6U905i553ehu3SSyOP+5svoi0hyCB2qhj3ZF0LzZQU=
=us1V
-----END PGP SIGNATURE-----
Merge tag 'trace-v6.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull tracing fixes from Steven Rostedt:
- Snapshot buffer issues:
1. When instances started allowing latency tracers, it uses a
snapshot buffer (another buffer that is not written to but swapped
with the main buffer that is). The snapshot buffer needs to be the
same size as the main buffer. But when the snapshot buffers were
added to instances, the code to make the snapshot equal to the
main buffer still was only doing it for the main buffer and not
the instances.
2. Need to stop the current tracer when resizing the buffers.
Otherwise there can be a race if the tracer decides to make a
snapshot between resizing the main buffer and the snapshot buffer.
3. When a tracer is "stopped" in disables both the main buffer and
the snapshot buffer. This needs to be done for instances and not
only the main buffer, now that instances also have a snapshot
buffer.
- Buffered event for filtering issues:
When filtering is enabled, because events can be dropped often, it is
quicker to copy the event into a temp buffer and write that into the
main buffer if it is not filtered or just drop the event if it is,
than to write the event into the ring buffer and then try to discard
it. This temp buffer is allocated and needs special synchronization
to do so. But there were some issues with that:
1. When disabling the filter and freeing the buffer, a call to all
CPUs is required to stop each per_cpu usage. But the code called
smp_call_function_many() which does not include the current CPU.
If the task is migrated to another CPU when it enables the CPUs
via smp_call_function_many(), it will not enable the one it is
currently on and this causes issues later on. Use
on_each_cpu_mask() instead, which includes the current CPU.
2.When the allocation of the buffered event fails, it can give a
warning. But the buffered event is just an optimization (it's
still OK to write to the ring buffer and free it). Do not WARN in
this case.
3.The freeing of the buffer event requires synchronization. First a
counter is decremented to zero so that no new uses of it will
happen. Then it sets the buffered event to NULL, and finally it
frees the buffered event. There's a synchronize_rcu() between the
counter decrement and the setting the variable to NULL, but only a
smp_wmb() between that and the freeing of the buffer. It is
theoretically possible that a user missed seeing the decrement,
but will use the buffer after it is free. Another
synchronize_rcu() is needed in place of that smp_wmb().
- ring buffer timestamps on 32 bit machines
The ring buffer timestamp on 32 bit machines has to break the 64 bit
number into multiple values as cmpxchg is required on it, and a 64
bit cmpxchg on 32 bit architectures is very slow. The code use to
just use two 32 bit values and make it a 60 bit timestamp where the
other 4 bits were used as counters for synchronization. It later came
known that the timestamp on 32 bit still need all 64 bits in some
cases. So 3 words were created to handle the 64 bits. But issues
arised with this:
1. The synchronization logic still only compared the counter with
the first two, but not with the third number, so the
synchronization could fail unknowingly.
2. A check on discard of an event could race if an event happened
between the discard and updating one of the counters. The counter
needs to be updated (forcing an absolute timestamp and not to use
a delta) before the actual discard happens.
* tag 'trace-v6.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
ring-buffer: Test last update in 32bit version of __rb_time_read()
ring-buffer: Force absolute timestamp on discard of event
tracing: Fix a possible race when disabling buffered events
tracing: Fix a warning when allocating buffered events fails
tracing: Fix incomplete locking when disabling buffered events
tracing: Disable snapshot buffer when stopping instance tracers
tracing: Stop current tracer when resizing buffer
tracing: Always update snapshot buffer size
The remainder address post-6.6 issues or aren't considered serious enough
to justify backporting.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZXKEfwAKCRDdBJ7gKXxA
jlRpAQCiAp1nSqIz/fOKTzoQRaTDXU/m+C+6ZAXdKLDfvQBhpwEAnxxjZ8IgF+8Z
Klz/GirHX5w5o7jE2wb8iObo1nR75Qo=
=omRq
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2023-12-07-18-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"31 hotfixes. Ten of these address pre-6.6 issues and are marked
cc:stable. The remainder address post-6.6 issues or aren't considered
serious enough to justify backporting"
* tag 'mm-hotfixes-stable-2023-12-07-18-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (31 commits)
mm/madvise: add cond_resched() in madvise_cold_or_pageout_pte_range()
nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
mm/hugetlb: have CONFIG_HUGETLB_PAGE select CONFIG_XARRAY_MULTI
scripts/gdb: fix lx-device-list-bus and lx-device-list-class
MAINTAINERS: drop Antti Palosaari
highmem: fix a memory copy problem in memcpy_from_folio
nilfs2: fix missing error check for sb_set_blocksize call
kernel/Kconfig.kexec: drop select of KEXEC for CRASH_DUMP
units: add missing header
drivers/base/cpu: crash data showing should depends on KEXEC_CORE
mm/damon/sysfs-schemes: add timeout for update_schemes_tried_regions
scripts/gdb/tasks: fix lx-ps command error
mm/Kconfig: make userfaultfd a menuconfig
selftests/mm: prevent duplicate runs caused by TEST_GEN_PROGS
mm/damon/core: copy nr_accesses when splitting region
lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly
checkstack: fix printed address
mm/memory_hotplug: fix error handling in add_memory_resource()
mm/memory_hotplug: add missing mem_hotplug_lock
.mailmap: add a new address mapping for Chester Lin
...
MS confirm that "AISi" name of SMB2_CREATE_ALLOCATION_SIZE in MS-SMB2
specification is a typo. cifs/ksmbd have been using this wrong name from
MS-SMB2. It should be "AlSi". Also It will cause problem when running
smb2.create.open test in smbtorture against ksmbd.
Cc: stable@vger.kernel.org
Fixes: 12197a7fdd ("Clarify SMB2/SMB3 create context and add missing ones")
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
When client send SMB2_CREATE_ALLOCATION_SIZE create context, ksmbd update
old size to ->AllocationSize in smb2 create response. ksmbd_vfs_getattr()
should be called after it to get updated stat result.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
opinfo_put() could be called twice on error of smb21_lease_break_ack().
It will cause UAF issue if opinfo is referenced on other places.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Don't immediately send directory lease break notification on smb2_write().
Instead, It postpones it until smb2_close().
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
If client send different parent key, different client guid, or there is
no parent lease key flags in create context v2 lease, ksmbd send lease
break to client.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Commit 3823119b9c ("drm/crtc: Fix uninit-value bug in
drm_mode_setcrtc") was supposed to fix use of an uninitialized variable,
but introduced another.
num_connectors is only initialized if crtc_req->count_connectors > 0,
but it's used regardless. Fix it.
Fixes: 3823119b9c ("drm/crtc: Fix uninit-value bug in drm_mode_setcrtc")
Cc: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
Cc: Ziqi Zhao <astrajoan@yahoo.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20231208131238.2924571-1-jani.nikula@intel.com
Fix kernel-doc function notation and comment formatting to prevent
warnings from scripts/kernel-doc.
for drivers/platform/x86/intel_ips.c:
595: warning: No description found for return value of 'mcp_exceeded'
624: warning: No description found for return value of 'cpu_exceeded'
650: warning: No description found for return value of 'mch_exceeded'
745: warning: bad line: cpu+ gpu+ cpu+gpu- cpu-gpu+ cpu-gpu-
746: warning: bad line: cpu < gpu < cpu+gpu+ cpu+ gpu+ nothing
753: warning: No description found for return value of 'ips_adjust'
747: warning: bad line: cpu < gpu >= cpu+gpu-(mcp<) cpu+gpu-(mcp<) gpu- gpu-
748: warning: bad line: cpu >= gpu < cpu-gpu+(mcp<) cpu- cpu-gpu+(mcp<) cpu-
749: warning: bad line: cpu >= gpu >= cpu-gpu- cpu-gpu- cpu-gpu- cpu-gpu-
945: warning: No description found for return value of 'ips_monitor'
1151: warning: No description found for return value of 'ips_irq_handler'
1301: warning: Function parameter or member 'ips' not described in 'ips_detect_cpu'
1302: warning: No description found for return value of 'ips_detect_cpu'
1358: warning: No description found for return value of 'ips_get_i915_syms'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Cc: platform-driver-x86@vger.kernel.org
Link: https://lore.kernel.org/r/20231206060120.4816-1-rdunlap@infradead.org
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
