mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-26 04:16:39 +00:00
1154268 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Linus Torvalds
|
4f43ade45d |
memblock: always release pages to the buddy allocator in memblock_free_late()
If CONFIG_DEFERRED_STRUCT_PAGE_INIT is enabled, memblock_free_pages()
only releases pages to the buddy allocator if they are not in the
deferred range. This is correct for free pages (as defined by
for_each_free_mem_pfn_range_in_zone()) because free pages in the
deferred range will be initialized and released as part of the deferred
init process. memblock_free_pages() is called by memblock_free_late(),
which is used to free reserved ranges after memblock_free_all() has
run. All pages in reserved ranges have been initialized at that point,
and accordingly, those pages are not touched by the deferred init
process. This means that currently, if the pages that
memblock_free_late() intends to release are in the deferred range, they
will never be released to the buddy allocator. They will forever be
reserved.
In addition, memblock_free_pages() calls kmsan_memblock_free_pages(),
which is also correct for free pages but is not correct for reserved
pages. KMSAN metadata for reserved pages is initialized by
kmsan_init_shadow(), which runs shortly before memblock_free_all().
For both of these reasons, memblock_free_pages() should only be called
for free pages, and memblock_free_late() should call __free_pages_core()
directly instead.
One case where this issue can occur in the wild is EFI boot on
x86_64. The x86 EFI code reserves all EFI boot services memory ranges
via memblock_reserve() and frees them later via memblock_free_late()
(efi_reserve_boot_services() and efi_free_boot_services(),
respectively). If any of those ranges happens to fall within the
deferred init range, the pages will not be released and that memory will
be unavailable.
For example, on an Amazon EC2 t3.micro VM (1 GB) booting via EFI:
v6.2-rc2:
Node 0, zone DMA
spanned 4095
present 3999
managed 3840
Node 0, zone DMA32
spanned 246652
present 245868
managed 178867
v6.2-rc2 + patch:
Node 0, zone DMA
spanned 4095
present 3999
managed 3840
Node 0, zone DMA32
spanned 246652
present 245868
managed 222816 # +43,949 pages
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEeOVYVaWZL5900a/pOQOGJssO/ZEFAmPCrI8QHHJwcHRAa2Vy
bmVsLm9yZwAKCRA5A4Ymyw79kT1lB/wPbLpePLzZfDGyV/NR9gi4FuJiaRfhlklV
rbxnJce050GERbSQoF/r4zrxn2pzvIWGMh1xWZBGi/q8mT2rOIYtVqUahY9YuL/Z
7+xqdCOALIxEj+cXqYocqp8/NFgUWLGuMoomc9lWvEkUs+zOvkD8Z/bRecfPYvOa
BftPALmtXgx46Ecce0gZvvh4YULpVLNdDPPiwZTabV+47Cl8+cJ0Y+iEHsUfOesU
hQG0unWJH77O3IU4QxiirLekLP/6a5O5f0W7u3PZmNNv7N+UdwE+De+QF0aamfgA
LZDO1qOakflegFZvK0JchCzS4hc6dtRKqIvNM3cCBMXLvV4REHKP
=geNh
-----END PGP SIGNATURE-----
Merge tag 'fixes-2023-01-14' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
Pull memblock fix from Mike Rapoport:
"memblock: always release pages to the buddy allocator in
memblock_free_late()
If CONFIG_DEFERRED_STRUCT_PAGE_INIT is enabled, memblock_free_pages()
only releases pages to the buddy allocator if they are not in the
deferred range. This is correct for free pages (as defined by
for_each_free_mem_pfn_range_in_zone()) because free pages in the
deferred range will be initialized and released as part of the
deferred init process.
memblock_free_pages() is called by memblock_free_late(), which is used
to free reserved ranges after memblock_free_all() has run. All pages
in reserved ranges have been initialized at that point, and
accordingly, those pages are not touched by the deferred init process.
This means that currently, if the pages that memblock_free_late()
intends to release are in the deferred range, they will never be
released to the buddy allocator. They will forever be reserved.
In addition, memblock_free_pages() calls kmsan_memblock_free_pages(),
which is also correct for free pages but is not correct for reserved
pages. KMSAN metadata for reserved pages is initialized by
kmsan_init_shadow(), which runs shortly before memblock_free_all().
For both of these reasons, memblock_free_pages() should only be called
for free pages, and memblock_free_late() should call
__free_pages_core() directly instead.
One case where this issue can occur in the wild is EFI boot on x86_64.
The x86 EFI code reserves all EFI boot services memory ranges via
memblock_reserve() and frees them later via memblock_free_late()
(efi_reserve_boot_services() and efi_free_boot_services(),
respectively).
If any of those ranges happens to fall within the deferred init range,
the pages will not be released and that memory will be unavailable.
For example, on an Amazon EC2 t3.micro VM (1 GB) booting via EFI:
v6.2-rc2:
Node 0, zone DMA
spanned 4095
present 3999
managed 3840
Node 0, zone DMA32
spanned 246652
present 245868
managed 178867
v6.2-rc2 + patch:
Node 0, zone DMA
spanned 4095
present 3999
managed 3840
Node 0, zone DMA32
spanned 246652
present 245868
managed 222816 # +43,949 pages"
* tag 'fixes-2023-01-14' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
mm: Always release pages to the buddy allocator in memblock_free_late().
|
||
|
Linus Torvalds
|
880ca43e5c |
kernel hardening fixes for v6.2-rc4
- Fix CFI hash randomization with KASAN (Sami Tolvanen) - Check size of coreboot table entry and use flex-array -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmPB6IwWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJgqhEACZc2ehC6DNc3JSQEbZ9H47FL6Z pnyNvi+ZkC+vxENjH6WMMjtwehWHiQJVcHNaK9eF9/7A3pq58axw3RyeeVbPmC3B E0bDjJqaknAKa9FtFdyCTXD0V1TmY/s+oHTZHUXohq9ctI+hJT3reTJ55Uo5jlyV 8aB2lvbg8Bch4BAmg7z8gd3208VL30Q3Go0mspmovYUXVCvnwe08SyROIoJZnE9+ m5IIRfVCNFrAda1DPfiNeqQcE2EnKhTT0ESwtZbQ0HS5z1zJRYjs8gaeY63iQTNn tR1mpP97RngzQ1jCfZP3dZIuYA1TLgz/px0WraYflrpnYpzJOl0XLiigXefU5lyL 7YtGb9xuu8TXMI2D+n52DlYXGRjc9I7zUMPg03y7sC4BnKX5eA6Qda4plP5kvxxp K9PSO91RkS+01nwvXCNs7ISkQ1YpayDyNxsiDIqmHx3po9QB5QniceAa5mIYR/ld v9QKzRhLELiq8cYdu+fgfSOEaY8q9+/k+kEHakfsrXoLaiK2RVw4Y++S6Fh1QIy4 R8DHdhd8j33Yws96xRhI2P+g5mVzDpdEN1TtskdO5WjefCT83R84qqJsEaklVTrI AQDSweQfF+hc+B1PkDRbCgiLeSUnPfxzwdSoy35fc9/qg/JnoQMHFrkJB2Xn2+hv KaFfgM93f1CbCW/KDg== =KwzM -----END PGP SIGNATURE----- Merge tag 'hardening-v6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull kernel hardening fixes from Kees Cook: - Fix CFI hash randomization with KASAN (Sami Tolvanen) - Check size of coreboot table entry and use flex-array * tag 'hardening-v6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: kbuild: Fix CFI hash randomization with KASAN firmware: coreboot: Check size of table entry and use flex-array |
||
|
Linus Torvalds
|
8b7be52f3f |
modules-6.2-rc4
Just one fix for modules by Nick. -----BEGIN PGP SIGNATURE----- iQJGBAABCgAwFiEENnNq2KuOejlQLZofziMdCjCSiKcFAmPB5S4SHG1jZ3JvZkBr ZXJuZWwub3JnAAoJEM4jHQowkoin0OUQALx+uch7cZvl3aznH4CAkF1U2mKuESLT unQsnSlxIF0BETTAdPbhcCVEtKi102Xq4R6ffCSilB33b0IGM6qY6ZUQb/GMGhg5 qIur7EDiFksjCBmBuE1iNaAknkiKeirkJTEC4lEOl8OLXprmnuMeeR+E0BDi5sH3 YIxexLuhyKeF9Ke4bjAJ7A4WKvh2R7yamISCUcP6GL3w7U9urSjo9FHKcUmFH9nr qCX/1zE0fz7iJzb9YtBNVhdgKNOYNOxa7TDNXQCVuLcZQfmQqDMBVgKdOkj6TAWX 6L2CHT4N9IjPt9+DrlEUf6bSSwP4N4aFdyMAo6UlVXcgvEbTS/kdoMSqFOAQSAdb G/lzsvS3fD76VcCdZkwAFYnEhUTJ4xWTS0oaI++tu0EFX5lvRuQv2DRt0WULlD/u L0paUwmjtVajcSIATxRZkjoMiVD4btDRz30kaIUU/xoc1Gg/EADrSLHESaZ9eZVL EJ40aqLLIRBXGZrVEzvf97HIzuQiKfaPzywNvbMpxG3m0tV2pn3Z4ts/A8aO7c+O mBDnTURiZN6pT+xsnJBvqWrlXwPRUGwI+NjRcdPZhUyfgj5MHpEI8PAcUWy6TTUn H2P6x2iC3/nypqhnwjoixSptjaUWcak3R6UgwVS2YqfjePCqaq0wg9DAFDQH0Yx3 awAOoum0Ubin =aa3U -----END PGP SIGNATURE----- Merge tag 'modules-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux Pull module fix from Luis Chamberlain: "Just one fix for modules by Nick" * tag 'modules-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux: kallsyms: Fix scheduling with interrupts disabled in self-test |
||
|
Linus Torvalds
|
b35ad63eec |
7 smb3 client fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmPB/t0ACgkQiiy9cAdy T1Gvbwv+LIXF5dHNGHDuezecbD8T9sRF2v15Mh7i6SSg7BWeXXebYY4dyrSQ5SHu KqsN2Y3P3A0ZQ3ApzFryImM6BwSpOeyCsVRhl7VCWnMgXcroqc/O6F6/YRFVkUAi iWWZLXM7WFBQGXUbPXaiPc+wCRARrnul9p+48Teyy0CJWiWormQmkznVxeihErDX /pWdQdvJeFcUrIj1H3e4cyJF2hVzRiUGI/eZmBGlDyaK192vYgGYO2AhHnTfd7fU dUJ+/trVw0koyC5/86veHRqCcXzFD44ORkAB46NaCic1K8t+RPhmxgtriiNLcCrQ kEmeub6ayPkuniV88NBEPXaDy0S/cEYHr7GEuZTn4sq+hw//y5KbKN3sa6aLHsMH 46BIHcyTXU59eNJ4lWOjoqD2NiqP2GYFY4PZftB85H1EW8Fchwcsw4WzW0ENpzmi qcWslXDKYjJIZ6NHnBiR/FYI1VdsmoGbDzMhrHreCrWCuIuVaqfrFPMnvE8f5dqY fkfnkqT4 =SdZA -----END PGP SIGNATURE----- Merge tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: - memory leak and double free fix - two symlink fixes - minor cleanup fix - two smb1 fixes * tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: Fix uninitialized memory read for smb311 posix symlink create cifs: fix potential memory leaks in session setup cifs: do not query ifaces on smb1 mounts cifs: fix double free on failed kerberos auth cifs: remove redundant assignment to the variable match cifs: fix file info setting in cifs_open_file() cifs: fix file info setting in cifs_query_path_info() |
||
|
Linus Torvalds
|
8e76813085 |
SCSI fixes on 20230114
Two minor fixes in the hisi_sas driver which only impact enterprise style multi-expander and shared disk situations and no core changes. Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com> -----BEGIN PGP SIGNATURE----- iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCY8KxpSYcamFtZXMuYm90 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishRAlAP9cQmiq M8WGimymqulRFEpkWpDM1R06eqHDI2K0h5/rfAD+KlgS0cOVvx0nenWyhmprYvDX 2Z239J+WXOjSJq8UJL4= =gMQX -----END PGP SIGNATURE----- Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Two minor fixes in the hisi_sas driver which only impact enterprise style multi-expander and shared disk situations and no core changes" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id scsi: hisi_sas: Use abort task set to reset SAS disks when discovered |
||
|
Linus Torvalds
|
34cbf89afc |
ATA fixes for 6.2-rc4
A single fix for rc4 to prevent building the pata_cs5535 driver with user mode linux as it uses msr operations that are not defined with UML. -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY8HnowAKCRDdoc3SxdoY dmDWAPwKMUiDzFSkeD7zfKGwCd72HWUa1298yL+XnD8Y7vLBtgEAqhYi9fAnVnN0 dUHm12rEwFOay+lVwxWuQowFaVmzGAs= =RXSo -----END PGP SIGNATURE----- Merge tag 'ata-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata Pull ATA fix from Damien Le Moal: "A single fix to prevent building the pata_cs5535 driver with user mode linux as it uses msr operations that are not defined with UML" * tag 'ata-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata: ata: pata_cs5535: Don't build on UML |
||
|
Linus Torvalds
|
97ec4d559d |
block-6.2-2023-01-13
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPBsFAQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpqgnEAC0OqxnMsOPNbkLO7k6FsSrG7ZoENkOIMCt Grk3D1cPkM13I0xc+WiaOBezMriPzfdXvt5AGDn9fd53Ih47qpSY4eU6pCqoCk5y HWdn8KXZvhJGZsSy0Nz+cfPDW/8diJON8YBpJwWM/DfDdP8XibtjlIMTVTtJab6h aGWjmy3leNfghOJ0cZ1wjL6maWFoowQASs52PZfajSc0mQ5X0i8BgQb1WOHNu89C vEir9PYlTmdMnYlAKLsyEL3KoGUPm++zSLtJeyWYavlCMGK5WTyNkzmeXqsQhAGf b1LjovQASe//1t2wvCzQviRf4cae0pE9JhiaYt2oxoDdHrfQj/WPndVS4yE9c+0O BnLVTCFHNv86TRXNCbEUzI+Ftj6m9qt4MrHz8YpstX7FxGxYC+T5RqTwYClWZQ0j llBuJUHj+kkAv6kBMJCHTyat6pxIDgcb52QMJr5mFWuEaTloraBIJC70hMtxBQV/ j5mrBYqCngCHVs+hAl9UQ4zqQVSvkeT11QFvwFolxIfs7qtfLqeGzYxvaeomqO3V sA+H5NY50OEuPfFFmCpcNUJXeUKg7wP39iNHdz6P5cCDBCfUwbNbgKKKNmBovaC+ KhPd8Xo1MmzDuF+cylvTcjOBDte4425GN7PBj4vP1xbuHYcjg6AEFLawgqE9Y4XX xyNlgJXPOg== =ujiw -----END PGP SIGNATURE----- Merge tag 'block-6.2-2023-01-13' of git://git.kernel.dk/linux Pull block fixes from Jens Axboe: "Nothing major in here, just a collection of NVMe fixes and dropping a wrong might_sleep() that static checkers tripped over but which isn't valid" * tag 'block-6.2-2023-01-13' of git://git.kernel.dk/linux: MAINTAINERS: stop nvme matching for nvmem files nvme: don't allow unprivileged passthrough on partitions nvme: replace the "bool vec" arguments with flags in the ioctl path nvme: remove __nvme_ioctl nvme-pci: fix error handling in nvme_pci_enable() nvme-pci: add NVME_QUIRK_IDENTIFY_CNS quirk to Apple T2 controllers nvme-apple: add NVME_QUIRK_IDENTIFY_CNS quirk to fix regression block: Drop spurious might_sleep() from blk_put_queue() |
||
|
Linus Torvalds
|
2ce7592df9 |
io_uring-6.2-2023-01-13
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPBsL8QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgplLXD/9kmbwSseR8sm8s6rB3mZcfgN4vvkRDa5Kg
r5bj32sOl2o37szObGI53MneFcCpdOszA2R3AHqUoj7ZQsyPlt59OIpKtdBlp6xv
ACX1weBnxMTtdMZ90Mp/GxGLZuvSifbfL4z5YgbRRKnGorz3prmfRkKuO51DcJes
mhoPGTDUsAmxoU261LzuHI7DtD69We8yBzj58p21NF8DvBI3NtuWWhOI+EGs2CDr
aqilG5LxOYBKuEY660KhWKMAXwVbVkyLak4eIh4iax0R0Um/SKXnRMIRI3L1QZoP
eqGtF4zGJGM+47RUnl6GF59/IsyRZR04GJlZ5ma8aqqZNh4oj8E6A+hpgczJ0025
QM4hG+NwqXeNpMjN0PwDypo3WoYjyIhaMoEyCT7dmVzj62y3pm3DDaZDnzUlQF5w
8YvoSPwyCzWHWFDGEZp6WRYn2YfoiE+L48euknADmTL5FwUOs1J5OUK0v8BcAYLO
tqJ8Q8emx15ZTzHeI+Z9lDYIuYKBU9XuO8ugfbss/Xx2tQMDeHe6BIaujhwam6c4
BWyAIViXgWKpIIDB3Emsu3lStc3PJ1WLbBdw4ja0nwhCRB7IeclzZf1IZHTT4xsQ
eg5EK2QORLrlY9keCoFhqfT4guSYQptBlwPuxhHM2gcrxXegR6294hBoPVSd1be5
g5NK0rrSWA==
=9C0J
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.2-2023-01-13' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
"A fix for a regression that happened last week, rest is fixes that
will be headed to stable as well. In detail:
- Fix for a regression added with the leak fix from last week (me)
- In writing a test case for that leak, inadvertently discovered a
case where we a poll request can race. So fix that up and mark it
for stable, and also ensure that fdinfo covers both the poll tables
that we have. The latter was an oversight when the split poll table
were added (me)
- Fix for a lockdep reported issue with IOPOLL (Pavel)"
* tag 'io_uring-6.2-2023-01-13' of git://git.kernel.dk/linux:
io_uring: lock overflowing for IOPOLL
io_uring/poll: attempt request issue after racy poll wakeup
io_uring/fdinfo: include locked hash table in fdinfo output
io_uring/poll: add hash if ready poll request can't complete inline
io_uring/io-wq: only free worker if it was allocated for creation
|
||
|
Linus Torvalds
|
9e058c2952 |
pci-v6.2-fixes-1
-----BEGIN PGP SIGNATURE----- iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmPBniAUHGJoZWxnYWFz QGdvb2dsZS5jb20ACgkQWYigwDrT+vwOjRAAhjyRAgyiZV2rWS4pyvpQpqcpZWD9 796ZSqnzLJjVYCymGvUTX23FEA48n59+bCM/WpfEGUPrBf8LZQxC9YOCm6ltuM8+ FoSBykW/tHPq5IWaLzgrWpHeDOgEnZu/WFGGvrV3tl1mLpM1SJT8bGDsjHXlo+FM qkTEiA3nUEKQs5x9r2TTLCeUWGPNTIHNd2VfuxOqM3qC/nVCOfTTxU8nm6Lk7Eix nboAugAIADJIjs/+ZGekLBuzZYPkLYuDTyMYJ5hdo1p7wWCLc9gArEqvXKwVgmD3 ptenZeOlQi9Ay45HmkfIgfgKeeQ7REJj3dx04vf67neAianyUrB0EZDqDjR7LmgM ozlNt0XjyoeEhu6AQS0s1LZtbDiED1R/00P6Gb+YEjUCVipW2lEYYwP0v9dsnNoh 6wblgnkQoxLFM+5CAXRmCmpaoQn0Uam7okfVeohtsz8/kNQF2St0hjzr4Dmws+O3 k9PUqnnUl4ByElzpEDesVGZMJ3pxFVH15ufu8VnRqN60pLTvNrsPyU4cVnG176Rc 3RSDN3zMtPxnHJVy4r3bTNEZsX/7RUrOb4xScOXMmRDBMUc8QdscF8Oj1ucKlj5j mp7vB/7+VjU96uRarRyqUxGeQc77DCTcvOa1IGh/cuYom8ZJ6vpSCpKy6f6SFGuf i8iTTUcQKCdqVW4= =Fv2v -----END PGP SIGNATURE----- Merge tag 'pci-v6.2-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull pci fixes from Bjorn Helgaas: - Work around apparent firmware issue that made Linux reject MMCONFIG space, which broke PCI extended config space (Bjorn Helgaas) - Fix CONFIG_PCIE_BT1 dependency due to mid-air collision between a PCI_MSI_IRQ_DOMAIN -> PCI_MSI change and addition of PCIE_BT1 (Lukas Bulwahn) * tag 'pci-v6.2-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: x86/pci: Treat EfiMemoryMappedIO as reservation of ECAM space x86/pci: Simplify is_mmconf_reserved() messages PCI: dwc: Adjust to recent removal of PCI_MSI_IRQ_DOMAIN |
||
|
Sami Tolvanen
|
42633ed852 |
kbuild: Fix CFI hash randomization with KASAN
Clang emits a asan.module_ctor constructor to each object file when KASAN is enabled, and these functions are indirectly called in do_ctors. With CONFIG_CFI_CLANG, the compiler also emits a CFI type hash before each address-taken global function so they can pass indirect call checks. However, in commit |
||
|
Kees Cook
|
3b293487b8 |
firmware: coreboot: Check size of table entry and use flex-array
The memcpy() of the data following a coreboot_table_entry couldn't be evaluated by the compiler under CONFIG_FORTIFY_SOURCE. To make it easier to reason about, add an explicit flexible array member to struct coreboot_device so the entire entry can be copied at once. Additionally, validate the sizes before copying. Avoids this run-time false positive warning: memcpy: detected field-spanning write (size 168) of single field "&device->entry" at drivers/firmware/google/coreboot_table.c:103 (size 8) Reported-by: Paul Menzel <pmenzel@molgen.mpg.de> Link: https://lore.kernel.org/all/03ae2704-8c30-f9f0-215b-7cdf4ad35a9a@molgen.mpg.de/ Cc: Jack Rosenthal <jrosenth@chromium.org> Cc: Guenter Roeck <groeck@chromium.org> Cc: Julius Werner <jwerner@chromium.org> Cc: Brian Norris <briannorris@chromium.org> Cc: Stephen Boyd <swboyd@chromium.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Guenter Roeck <groeck@chromium.org> Link: https://lore.kernel.org/r/20230107031406.gonna.761-kees@kernel.org Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Link: https://lore.kernel.org/r/20230112230312.give.446-kees@kernel.org |
||
|
Nicholas Piggin
|
da35048f26 |
kallsyms: Fix scheduling with interrupts disabled in self-test
kallsyms_on_each* may schedule so must not be called with interrupts
disabled. The iteration function could disable interrupts, but this
also changes lookup_symbol() to match the change to the other timing
code.
Reported-by: Erhard F. <erhard_f@mailbox.org>
Link: https://lore.kernel.org/all/bug-216902-206035@https.bugzilla.kernel.org%2F/
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/oe-lkp/202212251728.8d0872ff-oliver.sang@intel.com
Fixes:
|
||
|
Peter Foley
|
22eebaa631 |
ata: pata_cs5535: Don't build on UML
This driver uses MSR functions that aren't implemented under UML. Avoid building it to prevent tripping up allyesconfig. e.g. /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x3a3): undefined reference to `__tracepoint_read_msr' /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x3d2): undefined reference to `__tracepoint_write_msr' /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x457): undefined reference to `__tracepoint_write_msr' /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x481): undefined reference to `do_trace_write_msr' /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x4d5): undefined reference to `do_trace_write_msr' /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x4f5): undefined reference to `do_trace_read_msr' /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../x86_64-pc-linux-gnu/bin/ld: pata_cs5535.c:(.text+0x51c): undefined reference to `do_trace_write_msr' Signed-off-by: Peter Foley <pefoley2@pefoley.com> Reviewed-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com> |
||
|
Linus Torvalds
|
92783a90bc |
ARM:
* Fix the PMCR_EL0 reset value after the PMU rework
* Correctly handle S2 fault triggered by a S1 page table walk
by not always classifying it as a write, as this breaks on
R/O memslots
* Document why we cannot exit with KVM_EXIT_MMIO when taking
a write fault from a S1 PTW on a R/O memslot
* Put the Apple M2 on the naughty list for not being able to
correctly implement the vgic SEIS feature, just like the M1
before it
* Reviewer updates: Alex is stepping down, replaced by Zenghui
x86:
* Fix various rare locking issues in Xen emulation and teach lockdep
to detect them
* Documentation improvements
* Do not return host topology information from KVM_GET_SUPPORTED_CPUID
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmPAT3EUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroPmDAf+ICCVMwgm+PjAc6NuXzaUk6BFGWKF
1lzMvnKb6ARnhMKwyjl/Sf5EgnTuucnSTBHuE1kjaLkPUDNJvi4oRXVdDwKjtXnZ
Zxk4dpsNLWVfALHTk1KweIkR5KNif0kugUh9RNp6zOBnoTVRh8XdCHpeDv73tJaG
R1gCAreVTDbp+wNrVpiImUfYAZ4GrGpwwWRH/xLAGDWoTL9Z9J5tQygf+0C429n/
eJoTrToLjESbYadDgCNDD+TUkHbeDVg8aeio2JZga9SvH3RBhwriLqz26v9yvikL
UoY96AySMaiox4pgCUYUl8nng8MR8AG4C4vpNnLalj7tfHxRfhtAwD0EYw==
=gDOV
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"ARM:
- Fix the PMCR_EL0 reset value after the PMU rework
- Correctly handle S2 fault triggered by a S1 page table walk by not
always classifying it as a write, as this breaks on R/O memslots
- Document why we cannot exit with KVM_EXIT_MMIO when taking a write
fault from a S1 PTW on a R/O memslot
- Put the Apple M2 on the naughty list for not being able to
correctly implement the vgic SEIS feature, just like the M1 before
it
- Reviewer updates: Alex is stepping down, replaced by Zenghui
x86:
- Fix various rare locking issues in Xen emulation and teach lockdep
to detect them
- Documentation improvements
- Do not return host topology information from KVM_GET_SUPPORTED_CPUID"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86/xen: Avoid deadlock by adding kvm->arch.xen.xen_lock leaf node lock
KVM: Ensure lockdep knows about kvm->lock vs. vcpu->mutex ordering rule
KVM: x86/xen: Fix potential deadlock in kvm_xen_update_runstate_guest()
KVM: x86/xen: Fix lockdep warning on "recursive" gpc locking
Documentation: kvm: fix SRCU locking order docs
KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID
KVM: nSVM: clarify recalc_intercepts() wrt CR8
MAINTAINERS: Remove myself as a KVM/arm64 reviewer
MAINTAINERS: Add Zenghui Yu as a KVM/arm64 reviewer
KVM: arm64: vgic: Add Apple M2 cpus to the list of broken SEIS implementations
KVM: arm64: Convert FSC_* over to ESR_ELx_FSC_*
KVM: arm64: Document the behaviour of S1PTW faults on RO memslots
KVM: arm64: Fix S1PTW handling on RO memslots
KVM: arm64: PMU: Fix PMCR_EL0 reset value
|
||
|
Mateusz Guzik
|
f5fe24ef17 |
lockref: stop doing cpu_relax in the cmpxchg loop
On the x86-64 architecture even a failing cmpxchg grants exclusive
access to the cacheline, making it preferable to retry the failed op
immediately instead of stalling with the pause instruction.
To illustrate the impact, below are benchmark results obtained by
running various will-it-scale tests on top of the 6.2-rc3 kernel and
Cascade Lake (2 sockets * 24 cores * 2 threads) CPU.
All results in ops/s. Note there is some variance in re-runs, but the
code is consistently faster when contention is present.
open3 ("Same file open/close"):
proc stock no-pause
1 805603 814942 (+%1)
2 1054980 1054781 (-0%)
8 1544802 1822858 (+18%)
24 1191064 2199665 (+84%)
48 851582 1469860 (+72%)
96 609481 1427170 (+134%)
fstat2 ("Same file fstat"):
proc stock no-pause
1 3013872 3047636 (+1%)
2 4284687 4400421 (+2%)
8 3257721 5530156 (+69%)
24 2239819 5466127 (+144%)
48 1701072 5256609 (+209%)
96
|
||
|
Bjorn Helgaas
|
fd3a8cff4d |
x86/pci: Treat EfiMemoryMappedIO as reservation of ECAM space
Normally we reject ECAM space unless it is reported as reserved in the E820 table or via a PNP0C02 _CRS method (PCI Firmware, r3.3, sec 4.1.2). |
||
|
Linus Torvalds
|
0bf913e07b |
First batch of EFI fixes for v6.2:
- avoid a potential crash on the efi_subsys_init() error path - use more appropriate error code for runtime services calls issued after a crash in the firmware occurred - avoid READ_ONCE() for accessing firmware tables that may appear misaligned in memory -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmPBg68ACgkQw08iOZLZ jyQs5Qv+PVg06BhEqN+vwNQy6vd4ezTxmDAy7yx751mo3HIw0qT0ohsCIpRydq0c +qlCXa+Uu/yr/IQplfDT9vY+MEwD9iuwJha8ltGRWM3++yEF4uQXowHDoEKsO84l 5PaC37EfOvHmV6UdFdIF0OYDOcRvX2FsIbmUKRyvIav1e+QRLvUWWKKEmAh04c7G yNc0837kmoOpjKrYPc8j2n3dVUbhrFUW5eLIFmd8yrR+GRu6Ae5RH3J7iF7Nqtrq oReYYq3XpmYg8c00WV0NKVuB0DK7fhGY7jcbDfLmTrPwqVzLjxQGecxsQPYnqrJd mZywkm2fM8KIJy2LQDJOVOZaDAzaC2SkrpELHX/MnPK1UrP561AIv/sXK+3+UBEm b6m5dHbJgaifKP3kkbc9Cy4f9avLJOdjdXH5f5zPe7it54yHLsacEvjT6M2oiunx zIvTd/MXi24J+tzgxr08KM5wHXgLGh+fUM7BfZTvEVQmUjY8TnIPjsaAJhTS3jzV TN3/XAWi =4LbF -----END PGP SIGNATURE----- Merge tag 'efi-fixes-for-v6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi Pull EFI fixes from Ard Biesheuvel: - avoid a potential crash on the efi_subsys_init() error path - use more appropriate error code for runtime services calls issued after a crash in the firmware occurred - avoid READ_ONCE() for accessing firmware tables that may appear misaligned in memory * tag 'efi-fixes-for-v6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: efi: tpm: Avoid READ_ONCE() for accessing the event log efi: rt-wrapper: Add missing include efi: fix userspace infinite retry read efivars after EFI runtime services page fault efi: fix NULL-deref in init error path |
||
|
Linus Torvalds
|
40d92fc4fa |
Three documentation fixes (or rather two and one warning):
- Sphinx 6.0 broke our configuration mechanism, so fix it. - I broke our configuration for non-Alabaster themes; Akira fixed it. - Deprecate Sphinx < 2.4 with an eye toward future removal -----BEGIN PGP SIGNATURE----- iQFDBAABCAAtFiEEIw+MvkEiF49krdp9F0NaE2wMflgFAmPBhWwPHGNvcmJldEBs d24ubmV0AAoJEBdDWhNsDH5Y+i8IAJCd8qgopxIcmzif8ncsrZFIdk3FBd4INCU3 gEr5IBQN10Fm3es8FcWQPhX8nqFzlyG9GyjNSEfZpKYF9y3zWx9l5xOD0f6Ki6F4 HEaBcP11zQCSbrdZMR2in7fW+SNqIjJ+srDLrLkG2d4il6IbbSwx121pjPxJgHkK Y4Sj4Aa3fm5m5JzqArc8/IQRl6ewrfCuGXGh2RdunMzdf22Q2vMdIzEfhyilV1Cg FSXttLDTq5huRSBv8PYaMJnpx2mMn+si8c5mFcNV6oDP+VG4m2rBw4kYQk6q0rU2 xJFnbh7oThKyQ955k+sxJYoSxq9Fd5lXX/3d+HtqSvvC/WAP8gY= =ttzZ -----END PGP SIGNATURE----- Merge tag 'docs-6.2-fixes' of git://git.lwn.net/linux Pull documentation fixes from Jonathan Corbet: "Three documentation fixes (or rather two and one warning): - Sphinx 6.0 broke our configuration mechanism, so fix it - I broke our configuration for non-Alabaster themes; Akira fixed it - Deprecate Sphinx < 2.4 with an eye toward future removal" * tag 'docs-6.2-fixes' of git://git.lwn.net/linux: docs/conf.py: Use about.html only in sidebar of alabaster theme docs: Deprecate use of Sphinx < 2.4.x docs: Fix the docs build with Sphinx 6.0 |
||
|
Ard Biesheuvel
|
d3f450533b |
efi: tpm: Avoid READ_ONCE() for accessing the event log
Nathan reports that recent kernels built with LTO will crash when doing EFI boot using Fedora's GRUB and SHIM. The culprit turns out to be a misaligned load from the TPM event log, which is annotated with READ_ONCE(), and under LTO, this gets translated into a LDAR instruction which does not tolerate misaligned accesses. Interestingly, this does not happen when booting the same kernel straight from the UEFI shell, and so the fact that the event log may appear misaligned in memory may be caused by a bug in GRUB or SHIM. However, using READ_ONCE() to access firmware tables is slightly unusual in any case, and here, we only need to ensure that 'event' is not dereferenced again after it gets unmapped, but this is already taken care of by the implicit barrier() semantics of the early_memunmap() call. Cc: <stable@vger.kernel.org> Cc: Peter Jones <pjones@redhat.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Cc: Matthew Garrett <mjg59@srcf.ucam.org> Reported-by: Nathan Chancellor <nathan@kernel.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Link: https://github.com/ClangBuiltLinux/linux/issues/1782 Signed-off-by: Ard Biesheuvel <ardb@kernel.org> |
||
|
Pavel Begunkov
|
544d163d65 |
io_uring: lock overflowing for IOPOLL
syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773 io_fill_cqe_req io_uring/io_uring.h:168 [inline] io_do_iopoll+0x474/0x62c io_uring/rw.c:1065 io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513 io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056 io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 There is no real problem for normal IOPOLL as flush is also called with uring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL, for which __io_cqring_overflow_flush() happens from the CQ waiting path. Reported-and-tested-by: syzbot+6805087452d72929404e@syzkaller.appspotmail.com Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Linus Torvalds
|
689968db7b |
sound fixes for 6.2-rc4
This became a slightly big update, but it's more or less expected, as the first batch after holidays. All changes (but for the last two last-minute fixes) have been stewed in linux-next long enough, so it's fairly safe to take. - PCM UAF fix in 32bit compat layer - ASoC board-specific fixes for Intel, AMD, Medathek, Qualcomm - SOF power management fixes - ASoC Intel link failure fixes - A series of fixes for USB-audio regressions - CS35L41 HD-audio codec regression fixes - HD-audio device-specific fixes / quirks Note that one SPI patch has been taken in ASoC subtree mistakenly, and the same fix is found in spi tree, but it should be OK to apply. -----BEGIN PGP SIGNATURE----- iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmPBZIsOHHRpd2FpQHN1 c2UuZGUACgkQLtJE4w1nLE/LEQ//XLbjI0EnjdpBgYRMocykaI2Y3n+72rncfTwQ FX8mtGtVpBsOp6LCQhJX/0A5B+NcBRk1atyJRsuaAuWxC298jZPMQaSBjlHiP56f 3IcV67gBM5Ve3JwttjF3AtveQPHe+pYh0RRy9HHd4qEEPpO+JdTwHbex+5Xnf3Qq jLDPwtrC5fd/Q38mfs881yoRLmnq3OppHJ630SklJBmdjuvVjHhXinOaDY5KBR42 /ewf946RKJFUpz0w72Hl4Kaw6kQ1HWb2kef+RZmdSp49EmUXyVmi9mxSSBJlDV0f QueZlvcZj+Hm6cAw1Kt6pSpShDJO/LwuCuRTaiprBYq+SbCSxaq2mWz0vzyGx8un U9QmLK4FRtPsZm3SPfVfDpROXc7ovydMOvOzFF6uRou/UdJZLnQYXmFTV5gphREa jSaekWqQhrV53LTYBFn38PDfq+xLEeBx7VsYBOLUHyR7QX2rdpRpLc9XJkgLy5tJ xozwrQFNdAvynfPGwBPBUAuWQOvRnuj0W9QIUmA4U2mxwvCbNGJETkI46/Wzixx0 C7n6JA6bc8rBsWHWXefGaabUaCqnBrPKxVqThYLJy05FUh58SP85Xo+k780CRQT7 tLMw2P7sJ1KKlvrVrmCqA2DlsraRT2pBcQEghKmfgded31/3PxAylhPuNO+E1QxP Eq2uo2g= =PKWN -----END PGP SIGNATURE----- Merge tag 'sound-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "This became a slightly big update, but it's more or less expected, as the first batch after holidays. All changes (but for the last two last-minute fixes) have been stewed in linux-next long enough, so it's fairly safe to take: - PCM UAF fix in 32bit compat layer - ASoC board-specific fixes for Intel, AMD, Medathek, Qualcomm - SOF power management fixes - ASoC Intel link failure fixes - A series of fixes for USB-audio regressions - CS35L41 HD-audio codec regression fixes - HD-audio device-specific fixes / quirks Note that one SPI patch has been taken in ASoC subtree mistakenly, and the same fix is found in spi tree, but it should be OK to apply" * tag 'sound-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (39 commits) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list ALSA: control-led: use strscpy in set_led_id() ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() ASoC: dt-bindings: qcom,lpass-tx-macro: correct clocks on SC7280 ASoC: dt-bindings: qcom,lpass-wsa-macro: correct clocks on SM8250 ASoC: qcom: Fix building APQ8016 machine driver without SOUNDWIRE ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle ALSA: hda: cs35l41: Don't return -EINVAL from system suspend/resume ASoC: fsl_micfil: Correct the number of steps on SX controls ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform Revert "ALSA: usb-audio: Drop superfluous interface setup at parsing" ALSA: usb-audio: More refactoring of hw constraint rules ALSA: usb-audio: Relax hw constraints for implicit fb sync ALSA: usb-audio: Make sure to stop endpoints before closing EPs ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 ... |
||
|
Linus Torvalds
|
d863f0539b |
Power management fixes for 6.2-rc4
- Fix cpufreq policy reference counting in amd-pstate to prevent it
from crashing on removal (Perry Yuan).
- Fix double initialization and set suspend-freq for Apple's cpufreq
driver (Arnd Bergmann, Hector Martin).
- Fix reading of "reg" property, update cpufreq-dt's blocklist and
update DT documentation for Qualcomm's cpufreq driver (Konrad Dybcio,
Krzysztof Kozlowski).
- Replace 0 with NULL in the Armada cpufreq driver (Miles Chen).
- Fix potential overflows in the CPPC cpufreq driver (Pierre Gondois).
- Update blocklist for the Tegra234 Soc cpufreq driver (Sumit Gupta).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmPBNrMSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxk9kP+waNWD/1Nuh8owqkTJduMV6uh46rOMdH
EO1siHGFxyfQn6IW6ch4wOwcMEjdk0VnRgcq5/sI1EVIE66aERBM0og3Se+g3RCg
nhYm3ZAhHOisHB3adhUVvdkHvD43iwuE1DedHSKI+TWDO5DmZeDD92/iCmXJ0esK
4mBAGHYX4Kr3aJNDvpMX6Q9VfLrBJ5+o3XM6PrKCk+tx1Aq7dH1M/iV/oLlM+tPz
OJus5KAwJGR0U+VXlIwu1d9CFyvynND15mfSl57G8RCxluhJl59+W4Vfs2ti/Pqo
Vf553jcftEBJB/aey5QwdEgJa3zkJYJZRg698NadF+WmlEZR1xGA0n4R7VSFVU88
xE7iSed4fIGfWTP01G72ZruF9Z7A6KIyvzq3vyhcl01yb7vsF1WC21qG/YGsPkRQ
i7JrLpbKYU+94rsfNEY2dTxYAL5Qs2cWld0S5iXxZVPixPeOeOtm56ci/dwPcuSA
FEeXGolStd1hwM70i4LYlcQ2RkcvJcEI/SF6jJpaiawXWdZihlQYHEq8/uNUsG5y
6gEfMUd1H7aershUBylqlcgMCpQIYHctI1M4hSePjhNy91Q1Ajuy+RCzL2YEtuwE
/NdPsVPHmbrHvHdQkbH3ntdj+S40Tnn9o8ytZit4iSGW1OIqqNexhqEb6NR82YGb
lx98QCiCw48e
=j/pc
-----END PGP SIGNATURE-----
Merge tag 'pm-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix assorted issues in the ARM cpufreq drivers and in the AMD
P-state driver.
Specifics:
- Fix cpufreq policy reference counting in amd-pstate to prevent it
from crashing on removal (Perry Yuan)
- Fix double initialization and set suspend-freq for Apple's cpufreq
driver (Arnd Bergmann, Hector Martin)
- Fix reading of "reg" property, update cpufreq-dt's blocklist and
update DT documentation for Qualcomm's cpufreq driver (Konrad
Dybcio, Krzysztof Kozlowski)
- Replace 0 with NULL in the Armada cpufreq driver (Miles Chen)
- Fix potential overflows in the CPPC cpufreq driver (Pierre Gondois)
- Update blocklist for the Tegra234 Soc cpufreq driver (Sumit Gupta)"
* tag 'pm-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering
cpufreq: armada-37xx: stop using 0 as NULL pointer
cpufreq: apple-soc: Switch to the lowest frequency on suspend
dt-bindings: cpufreq: cpufreq-qcom-hw: document interrupts
cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist
cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
cpufreq: qcom-hw: Fix reading "reg" with address/size-cells != 2
cpufreq: CPPC: Add u64 casts to avoid overflowing
cpufreq: apple: remove duplicate intializer
|
||
|
Linus Torvalds
|
cdbbca256c |
ACPI fixes for 6.2-rc4
- Improve ACPI companion lookup for backlight devices in the cases when
there is more than one candidate ACPI device object (Hans de Goede).
- Add missing support for manual selection of NVidia-WMI-EC or Apple
GMUX backlight in the kernel command line to the ACPI backlight
driver (Hans de Goede).
- Skip ACPI IRQ override on Asus Expertbook B2402CBA (Tamim Khan).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmPBNbISHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxixkP/3aIp3UZCjMwRqv0KtFGB3+bLiIcrVVb
WILER6FwaC9zy1fts2oa23nDT6l+DRdr6nqYA4K4557gK0pETJr/UK6uAFNOVFbA
fiVe3saGeHTOd+Oq8xcchX/sMSMneYwJwkByVaYwixLVvXSb4XNHAew5y0L3diod
xig1OreiPtEX8FvLCg6GNWBf9ULq1xiRPz2NMfx/FmkmvpQuFNVwlkrO7RJQMiCD
0uIwNqvM4wCgHyi7dwV6XsPebgpEJmwz4PaDkJ8FhpzARqes00Ua6wiBnhptuOsd
J1G1MEFeH095+xeSivnLesYhwrwiFGvLAq9pKIJYnuiRz80m2Y7ekhUuP1APPN3Z
5e+o2KqlDYOBZxD1tfDuJiaBwP+nzqKNseaYDeBR+Anj4lPnolCq/XQ4tdR1P+0o
hL8Xo8JWzN17r8AewLYN+pLwUceFrv7IL8pkSb+JF4UyZsLqmpYbdsulVSh8BDLt
g36lrABcZYqeFLiQD/ep3F39MTMNtkN3F1N6GUq0KHdyh/2f8LUWIpBQD35udaeb
GSamDfCIevSBDc6lk9kIvIrsh+uaB+Tk9ziMMZLIm4wB9ZD5ugYov7GrKo9cQuhi
3tIhjwScsGAfRMcvzo4zKkjxq1+nffHL6HJs4y15xsDnxgd09VjNNseBU+8D1y1F
2lcIUduQWUyd
=bDXc
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These add one more ACPI IRQ override quirk, improve ACPI companion
lookup for backlight devices and add missing kernel command line
option values for backlight detection.
Specifics:
- Improve ACPI companion lookup for backlight devices in the cases
when there is more than one candidate ACPI device object (Hans de
Goede)
- Add missing support for manual selection of NVidia-WMI-EC or Apple
GMUX backlight in the kernel command line to the ACPI backlight
driver (Hans de Goede)
- Skip ACPI IRQ override on Asus Expertbook B2402CBA (Tamim Khan)"
* tag 'acpi-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: Fix selecting wrong ACPI fwnode for the iGPU on some Dell laptops
ACPI: video: Allow selecting NVidia-WMI-EC or Apple GMUX backlight from the cmdline
ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
|
||
|
Linus Torvalds
|
0d0833e039 |
platform-drivers-x86 for v6.2-2
A small set of assorted fixes and hardware-id additions for 6.2. The following is an automated git shortlog grouped by driver: asus-nb-wmi: - Add alternate mapping for KEY_SCREENLOCK - Add alternate mapping for KEY_CAMERA asus-wmi: - Don't load fan curves without fan - Ignore fan on E410MA - Add quirk wmi_ignore_fan dell-privacy: - Only register SW_CAMERA_LENS_COVER if present - Fix SW_CAMERA_LENS_COVER reporting ideapad-laptop: - Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] int3472/discrete: - Ensure the clk/power enable pins are in output mode intel/pmc/core: - Add Meteor Lake mobile support platform/surface: - aggregator: Add missing call to ssam_request_sync_free() - aggregator: Ignore command messages not intended for us platform/x86/amd: - Fix refcount leak in amd_pmc_probe simatic-ipc: - add another model - correct name of a model sony-laptop: - Don't turn off 0x153 keyboard backlight during probe thinkpad_acpi: - Fix profile mode display in AMT mode touchscreen_dmi: - Add info for the CSL Panther Tab HD -----BEGIN PGP SIGNATURE----- iQFIBAABCAAyFiEEuvA7XScYQRpenhd+kuxHeUQDJ9wFAmPBN78UHGhkZWdvZWRl QHJlZGhhdC5jb20ACgkQkuxHeUQDJ9yQ7AgAuKK+TDlru+rup5PSvUBiRddYX8VI U+cJokT9sp748zau+S7zy+1PDYtAnaXbV6wf6/YwANq6Pw9aI9MCMFyc2iXzIDCW fp6d8xvow5XuWG/cK3rggl3WxzInyE2rcSI5epQPV9ylZSOPSPI8CKug/68I2L7W kohws/18ujOU4J5Y8ATH1jY3t8Zx+uA7sdU/Oo6hiA4Xen1qrABCSgcGgWNqxfqb C6tk1kF5agLmvR5I7Y0bDh1EHeN1CALPjl8MibEyYFldASLxmCYogx4bGDQBf0Qm XFZ5MxLdFbHDFXiyaKh+RNW2uHzbJV3rXYVOyUy2eXahBRGj+yoFwDK8Zw== =tB+M -----END PGP SIGNATURE----- Merge tag 'platform-drivers-x86-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 Pull x86 platform driver fixes from Hans de Goede: "A set of assorted fixes and hardware-id additions" * tag 'platform-drivers-x86-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86: platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode platform/x86/amd: Fix refcount leak in amd_pmc_probe platform/x86: intel/pmc/core: Add Meteor Lake mobile support platform/x86: simatic-ipc: add another model platform/x86: simatic-ipc: correct name of a model platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting platform/x86: asus-wmi: Don't load fan curves without fan platform/x86: asus-wmi: Ignore fan on E410MA platform/x86: asus-wmi: Add quirk wmi_ignore_fan platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK platform/x86: asus-nb-wmi: Add alternate mapping for KEY_CAMERA platform/surface: aggregator: Add missing call to ssam_request_sync_free() platform/surface: aggregator: Ignore command messages not intended for us platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe |
||
|
Linus Torvalds
|
ff5ebafd51 |
drm fixes for 6.2-rc4
buddy: - benchmark regression fix for top-down buddy allocation panel: - add Lenovo panel orientation quirk ttm: - fix kernel oops regression amdgpu: - fix missing fence references - fix missing pipeline sync fencing - SMU13 fan speed fix - SMU13 fix power cap handling - SMU13 BACO fix - Fix a possible segfault in bo validation error case - Delay removal of firmware framebuffer - Fix error when unloading amdkfd: - SVM fix when clearing vram - GC11 fix for multi-GPU i915: - Reserve enough fence slot for i915_vma_unbind_vsync - Fix potential use after free - Reset engines twice in case of reset failure - Use multi-cast registers for SVG Unit registers msm: - display: - doc warning fixes - dt attribs cleanups - memory leak fix - error handing in hdmi probe fix - dp_aux_isr incorrect signalling fix - shutdown path fix - accel: - a5xx: fix quirks to be a bitmask - a6xx: fix gx halt to avoid 1s hang - kexec shutdown fix - fix potential double free vmwgfx: - drop rcu usage to make code more robust virtio: - fix use-after-free in gem handle code nouveau: - drop unused nouveau_fbcon.c -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmPA5skACgkQDHTzWXnE hr69GA/8CgYwN/4vWDiQ+p4rX6muw0gicxKmfJZLxt8BFnQSSjESWZ6/L201JeZT dl34SdZ++rx8yYLeoJKHKocyvMIj9goHeGdNkeyhaoZvlfPVf0sAMNjYfysIvcGk s4HoLoXgzH8SCO2dp2MgOstJNncZNSZrH13b3UkgqQuB+VrL+pGx3qJM7z9Khe1j vtgpBStgFIlkvDYHuTJDsn0X4E543EBs54U4g/Jc3WcnQwtRycUhXmkFDOtwkM/d bwghisms6P+OvSAMdU2JWDwYLe/87zeXklKZqJzWpbrcB1iZPF/L2B40CuSXidj+ cXjNbWlwm0Yn6ytHMXp7+3bV6VTvDFmI+1uabXVH0wn8UIxX9WoKJeW7JgYnveXU FG4Un/PhILeRxZa3jRNJVhPPq4JWjoINJvVmwSMMZdKT9x5MvdfHy+gsCpP6Ojjy ++MjslROZE0ciYPmwG2WPsmwylV00aztdIcNHzXZp4tX79hGw6cOfFjH9rfUUqJv W52WVQnJ+JHv3BgFCyqXReUdSkXT39J3c54L1E9rK+OpVvc1i2gEN+eTVoNp1Vwn 4Gyb8MPKj//NxaUNwpEDfBRp6scd553xz5K+0SPBNB+G/XnRxoPT8jz0/ivpYGDd WB73KZbvxRz2vzyy+biuEctyVTDlKDNM3UADW83eFspxHNthX28= =OCT2 -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2023-01-13' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "There is a bit of a post-holiday build up here I expect, small fixes across the board, amdgpu and msm being the main leaders, with others having a few. One code removal patch for nouveau: buddy: - benchmark regression fix for top-down buddy allocation panel: - add Lenovo panel orientation quirk ttm: - fix kernel oops regression amdgpu: - fix missing fence references - fix missing pipeline sync fencing - SMU13 fan speed fix - SMU13 fix power cap handling - SMU13 BACO fix - Fix a possible segfault in bo validation error case - Delay removal of firmware framebuffer - Fix error when unloading amdkfd: - SVM fix when clearing vram - GC11 fix for multi-GPU i915: - Reserve enough fence slot for i915_vma_unbind_vsync - Fix potential use after free - Reset engines twice in case of reset failure - Use multi-cast registers for SVG Unit registers msm: - display: - doc warning fixes - dt attribs cleanups - memory leak fix - error handing in hdmi probe fix - dp_aux_isr incorrect signalling fix - shutdown path fix - accel: - a5xx: fix quirks to be a bitmask - a6xx: fix gx halt to avoid 1s hang - kexec shutdown fix - fix potential double free vmwgfx: - drop rcu usage to make code more robust virtio: - fix use-after-free in gem handle code nouveau: - drop unused nouveau_fbcon.c" * tag 'drm-fixes-2023-01-13' of git://anongit.freedesktop.org/drm/drm: (35 commits) drm: Optimize drm buddy top-down allocation method drm/ttm: Fix a regression causing kernel oops'es drm/i915/gt: Cover rest of SVG unit MCR registers drm/nouveau: Remove file nouveau_fbcon.c drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU drm/amd/pm/smu13: BACO is supported when it's in BACO state drm/amdkfd: Add sync after creating vram bo drm/i915/gt: Reset twice drm/amdgpu: fix pipeline sync v2 drm/vmwgfx: Remove rcu locks from user resources drm/virtio: Fix GEM handle creation UAF drm/amdgpu: Fixed bug on error when unloading amdgpu drm/amd: Delay removal of the firmware framebuffer drm/amdgpu: Fix potential NULL dereference drm/i915: Fix potential context UAFs drm/i915: Reserve enough fence slot for i915_vma_unbind_async drm: Add orientation quirk for Lenovo ideapad D330-10IGL drm/msm/a6xx: Avoid gx gbit halt during rpm suspend drm/msm/adreno: Make adreno quirks not overwrite each other drm/msm: another fix for the headless Adreno GPU ... |
||
|
Clement Lecigne
|
56b88b5056 |
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
Takes rwsem lock inside snd_ctl_elem_read instead of snd_ctl_elem_read_user
like it was done for write in commit
|
||
|
Linus Torvalds
|
d45b832d6f |
arm64 fixes for -rc4
- Fix PAGE_TABLE_CHECK failures on hugepage splitting path
- Fix PSCI encoding of MEM_PROTECT_RANGE function in UAPI header
- Fix NULL deref when accessing debugfs node if PSCI is not present
- Fix MTE core dumping when VMA list is being updated concurrently
- Fix SME signal frame handling when SVE is not implemented by the CPU
- Fix asm constraints for cmpxchg_double() to hazard both words
- Fix build failure with stack tracer and older versions of Clang
- Bring back workaround for Cortex-A715 erratum 2645198
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmO9SzwQHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNLdYB/9pX4El38TX4Y4M6sR2yl+m1rkGRiU4nV3N
MKJ3ZVjrx87QZ8CKVYmJbnHzolN0Art9WvqFnyxtPMBlZyWzHjtsrQnad3VwLDOu
4qmqjDCXvPod1EncCxBiGu28FZ88HoLqhnwWB6O2Su6TlczD0kJTfzincdyzqvi2
r0uUlBd9gtFt3sjV+sLPjE6NqMf9MfhoOLLafijz7ZMElQL+2/BjZxhpHLaWhUz1
aHIp4w841TJOuSlCwstX20Nc6Q9+6ta07bw+TD/flyQ+IGUptgDEoIrpjdSO5b2t
zFFHHN5IXovAJPDfhAdXGAbC2SDFyYJtURCpv6hVt/SSsilGEbYg
=241k
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Here's a sizeable batch of Friday the 13th arm64 fixes for -rc4. What
could possibly go wrong?
The obvious reason we have so much here is because of the holiday
season right after the merge window, but we've also brought back an
erratum workaround that was previously dropped at the last minute and
there's an MTE coredumping fix that strays outside of the arch/arm64
directory.
Summary:
- Fix PAGE_TABLE_CHECK failures on hugepage splitting path
- Fix PSCI encoding of MEM_PROTECT_RANGE function in UAPI header
- Fix NULL deref when accessing debugfs node if PSCI is not present
- Fix MTE core dumping when VMA list is being updated concurrently
- Fix SME signal frame handling when SVE is not implemented by the
CPU
- Fix asm constraints for cmpxchg_double() to hazard both words
- Fix build failure with stack tracer and older versions of Clang
- Bring back workaround for Cortex-A715 erratum 2645198"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Fix build with CC=clang, CONFIG_FTRACE=y and CONFIG_STACK_TRACER=y
arm64/mm: Define dummy pud_user_exec() when using 2-level page-table
arm64: errata: Workaround possible Cortex-A715 [ESR|FAR]_ELx corruption
firmware/psci: Don't register with debugfs if PSCI isn't available
firmware/psci: Fix MEM_PROTECT_RANGE function numbers
arm64/signal: Always allocate SVE signal frames on SME only systems
arm64/signal: Always accept SVE signal frames on SME only systems
arm64/sme: Fix context switch for SME only systems
arm64: cmpxchg_double*: hazard against entire exchange variable
arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
arm64: mte: Avoid the racy walk of the vma list during core dump
elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size}
arm64: mte: Fix double-freeing of the temporary tag storage during coredump
arm64: ptrace: Use ARM64_SME to guard the SME register enumerations
arm64/mm: add pud_user_exec() check in pud_user_accessible_page()
arm64/mm: fix incorrect file_map_count for invalid pmd
|
||
|
Christophe JAILLET
|
142e821f68 |
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
A clk, prepared and enabled in mtk_iommu_v1_hw_init(), is not released in
the error handling path of mtk_iommu_v1_probe().
Add the corresponding clk_disable_unprepare(), as already done in the
remove function.
Fixes:
|
||
|
Yunfei Wang
|
dcdb3ba7e2 |
iommu/iova: Fix alloc iova overflows issue
In __alloc_and_insert_iova_range, there is an issue that retry_pfn
overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when
iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will
overflow. As a result, if the retry logic is executed, low_pfn is
updated to 0, and then new_pfn < low_pfn returns false to make the
allocation successful.
This issue occurs in the following two situations:
1. The first iova size exceeds the domain size. When initializing
iova domain, iovad->cached_node is assigned as iovad->anchor. For
example, the iova domain size is 10M, start_pfn is 0x1_F000_0000,
and the iova size allocated for the first time is 11M. The
following is the log information, new->pfn_lo is smaller than
iovad->cached_node.
Example log as follows:
[ 223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
start_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00
[ 223.799590][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
success start_pfn:0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff
2. The node with the largest iova->pfn_lo value in the iova domain
is deleted, iovad->cached_node will be updated to iovad->anchor,
and then the alloc iova size exceeds the maximum iova size that can
be allocated in the domain.
After judging that retry_pfn is less than limit_pfn, call retry_pfn+1
to fix the overflow issue.
Signed-off-by: jianjiao zeng <jianjiao.zeng@mediatek.com>
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Cc: <stable@vger.kernel.org> # 5.15.*
Fixes:
|
||
|
Miaoqian Lin
|
a6a9a5da68 |
iommu: Fix refcount leak in iommu_device_claim_dma_owner
iommu_group_get() returns the group with the reference incremented.
Move iommu_group_get() after owner check to fix the refcount leak.
Fixes:
|
||
|
Vladimir Oltean
|
32ea2c57dc |
iommu/arm-smmu-v3: Don't unregister on shutdown
Similar to SMMUv2, this driver calls iommu_device_unregister() from the
shutdown path, which removes the IOMMU groups with no coordination
whatsoever with their users - shutdown methods are optional in device
drivers. This can lead to NULL pointer dereferences in those drivers'
DMA API calls, or worse.
Instead of calling the full arm_smmu_device_remove() from
arm_smmu_device_shutdown(), let's pick only the relevant function call -
arm_smmu_device_disable() - more or less the reverse of
arm_smmu_device_reset() - and call just that from the shutdown path.
Fixes:
|
||
|
Vladimir Oltean
|
ce31e6ca68 |
iommu/arm-smmu: Don't unregister on shutdown
Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while there was a packet transmission in flight. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 6.1.0-rc5-00088-gf3600ff8e322 #1930 Hardware name: Kontron KBox A-230-LS (DT) pc : iommu_get_dma_domain+0x14/0x20 lr : iommu_dma_map_page+0x9c/0x254 Call trace: iommu_get_dma_domain+0x14/0x20 dma_map_page_attrs+0x1ec/0x250 enetc_start_xmit+0x14c/0x10b0 enetc_xmit+0x60/0xdc dev_hard_start_xmit+0xb8/0x210 sch_direct_xmit+0x11c/0x420 __dev_queue_xmit+0x354/0xb20 ip6_finish_output2+0x280/0x5b0 __ip6_finish_output+0x15c/0x270 ip6_output+0x78/0x15c NF_HOOK.constprop.0+0x50/0xd0 mld_sendpack+0x1bc/0x320 mld_ifc_work+0x1d8/0x4dc process_one_work+0x1e8/0x460 worker_thread+0x178/0x534 kthread+0xe0/0xe4 ret_from_fork+0x10/0x20 Code: d503201f f9416800 d503233f d50323bf (f9404c00) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt This appears to be reproducible when the board has a fixed IP address, is ping flooded from another host, and "reboot -f" is used. The following is one more manifestation of the issue: $ reboot -f kvm: exiting hardware virtualization cfg80211: failed to load regulatory.db arm-smmu 5000000.iommu: disabling translation sdhci-esdhc 2140000.mmc: Removing from iommu group 11 sdhci-esdhc 2150000.mmc: Removing from iommu group 12 fsl-edma 22c0000.dma-controller: Removing from iommu group 17 dwc3 3100000.usb: Removing from iommu group 9 dwc3 3110000.usb: Removing from iommu group 10 ahci-qoriq 3200000.sata: Removing from iommu group 2 fsl-qdma 8380000.dma-controller: Removing from iommu group 20 platform f080000.display: Removing from iommu group 0 etnaviv-gpu f0c0000.gpu: Removing from iommu group 1 etnaviv etnaviv: Removing from iommu group 1 caam_jr 8010000.jr: Removing from iommu group 13 caam_jr 8020000.jr: Removing from iommu group 14 caam_jr 8030000.jr: Removing from iommu group 15 caam_jr 8040000.jr: Removing from iommu group 16 fsl_enetc 0000:00:00.0: Removing from iommu group 4 arm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications arm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000 fsl_enetc 0000:00:00.1: Removing from iommu group 5 arm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications arm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000 arm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications arm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000 fsl_enetc 0000:00:00.2: Removing from iommu group 6 fsl_enetc_mdio 0000:00:00.3: Removing from iommu group 8 mscc_felix 0000:00:00.5: Removing from iommu group 3 fsl_enetc 0000:00:00.6: Removing from iommu group 7 pcieport 0001:00:00.0: Removing from iommu group 18 arm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications arm-smmu 5000000.iommu: GFSR 0x00000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000 pcieport 0002:00:00.0: Removing from iommu group 19 Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8 pc : iommu_get_dma_domain+0x14/0x20 lr : iommu_dma_unmap_page+0x38/0xe0 Call trace: iommu_get_dma_domain+0x14/0x20 dma_unmap_page_attrs+0x38/0x1d0 enetc_unmap_tx_buff.isra.0+0x6c/0x80 enetc_poll+0x170/0x910 __napi_poll+0x40/0x1e0 net_rx_action+0x164/0x37c __do_softirq+0x128/0x368 run_ksoftirqd+0x68/0x90 smpboot_thread_fn+0x14c/0x190 Code: d503201f f9416800 d503233f d50323bf (f9405400) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- The problem seems to be that iommu_group_remove_device() is allowed to run with no coordination whatsoever with the shutdown procedure of the enetc PCI device. In fact, it almost seems as if it implies that the pci_driver :: shutdown() method is mandatory if DMA is used with an IOMMU, otherwise this is inevitable. That was never the case; shutdown methods are optional in device drivers. This is the call stack that leads to iommu_group_remove_device() during reboot: kernel_restart -> device_shutdown -> platform_shutdown -> arm_smmu_device_shutdown -> arm_smmu_device_remove -> iommu_device_unregister -> bus_for_each_dev -> remove_iommu_group -> iommu_release_device -> iommu_group_remove_device I don't know much about the arm_smmu driver, but arm_smmu_device_shutdown() invoking arm_smmu_device_remove() looks suspicious, since it causes the IOMMU device to unregister and that's where everything starts to unravel. It forces all other devices which depend on IOMMU groups to also point their ->shutdown() to ->remove(), which will make reboot slower overall. There are 2 moments relevant to this behavior. First was commit |
||
|
Robin Murphy
|
ac9c5e92dd |
iommu/arm-smmu: Report IOMMU_CAP_CACHE_COHERENCY even betterer
Although it's vanishingly unlikely that anyone would integrate an SMMU
within a coherent interconnect without also making the pagetable walk
interface coherent, the same effect happens if a coherent SMMU fails to
advertise CTTW correctly. This turns out to be the case on some popular
NXP SoCs, where VFIO started failing the IOMMU_CAP_CACHE_COHERENCY test,
even though IOMMU_CACHE *was* previously achieving the desired effect
anyway thanks to the underlying integration.
While those SoCs stand to gain some more general benefits from a
firmware update to override CTTW correctly in DT/ACPI, it's also easy
to work around this in Linux as well, to avoid imposing too much on
affected users - since the upstream client devices *are* correctly
marked as coherent, we can trivially infer their coherent paths through
the SMMU as well.
Reported-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Fixes:
|
||
|
Mark Pearson
|
fde5f74ccf |
platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode
Recently AMT mode was enabled (somewhat unexpectedly) on the Lenovo
Z13 platform. The FW is advertising it is available and the driver tries
to use it - unfortunately it reports the profile mode incorrectly.
Note, there is also some extra work needed to enable the dynamic aspect
of AMT support that I will be following up with; but more testing is
needed first. This patch just fixes things so the profiles are reported
correctly.
Link: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/issues/115
Fixes:
|
||
|
Rafael J. Wysocki
|
df3a71aba4 |
Merge branches 'acpi-resource' and 'acpi-video'
Merge an ACPI resource management quirk and an ACPI backlight driver fix for 6.2-rc4: - Skip ACPI IRQ override on Asus Expertbook B2402CBA (Tamim Khan). - Add missing support for manual selection of NVidia-WMI-EC or Apple GMUX backlight in the kernel command line to the ACPI backlight driver (Hans de Goede). * acpi-resource: ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA * acpi-video: ACPI: video: Allow selecting NVidia-WMI-EC or Apple GMUX backlight from the cmdline |
||
|
Jaroslav Kysela
|
92a9c0ad86 |
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
The subs function argument may be NULL, so do not use it before the NULL check.
Fixes:
|
||
|
Dave Airlie
|
e695bc7e54 |
Merge tag 'drm-msm-fixes-2023-01-12' of https://gitlab.freedesktop.org/drm/msm into drm-fixes
msm-fixes for v6.3-rc4 Display Fixes: - Fix the documentation for dpu_encoder_phys_wb_init() and dpu_encoder_phys_wb_setup_fb() APIs to address doc warnings - Remove vcca-supply and vdds-supply as mandatory for 14nm PHY and 10nm PHY DT schemas respectively as they are not present on some SOCs using these PHYs - Add the dsi-phy-regulator-ldo-mode to dsi-phy-28nm.yaml as it was missed out during txt to yaml migration - Remove operating-points-v2 and power-domain as a required property for the DSI controller as thats not the case for every SOC - Fix the description from display escape clock to display core clock in the dsi controller yaml - Fix the memory leak for mdp1-mem path for the cases when we return early after failing to get mdp0-mem ICC paths for msm - Fix error handling path in msm_hdmi_dev_probe() to release the phy ref count when devm_pm_runtime_enable() fails - Fix the dp_aux_isr() routine to make sure it doesnt incorrectly signal the aux transaction as complete if the ISR was not an AUX isr. This fixes a big hitter stability bug on chromebooks. - Add protection against null pointer dereference when there is no kms object as in the case of headless adreno GPU in the shutdown path. GPU Fixes: - a5xx: fix quirks to actually be a bitmask and not overwrite each other - a6xx: fix gx halt sequence to avoid 1000ms hang on some devices - kexec shutdown fix - fix potential double free Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rob Clark <robdclark@gmail.com> Link: https://patchwork.freedesktop.org/patch/msgid/CAF6AEGv7=in_MHW3kdkhqh7ZFoVCmnikmr29YYHCXR=7aOEneg@mail.gmail.com |
||
|
Dave Airlie
|
51883883ac |
- Reserve enough fence slot for i915_vma_unbind_vsync (Nirmoy)
- Fix potential use after free (Rob Clark) - Reset engines twice in case of reset failure (Chris) - Use multi-cast registers for SVG Unit registers (Gustavo) -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmPAGrUACgkQ+mJfZA7r E8rPowgAv98f3wHkok+Dfv4EQsFcANfpuJiJiXmsoIhrsEevaqvV8gBdMHKpqkC3 eKIqLXnOFprfrGq0AiM/ZZL3kZtJnxWFuhTv+rsyI0CUtIMER1GAzh8yISQF2TL4 1oHIEfXZSModvFEOqYFrVd4WFZ+1WOTQOHiUOHQMvxHeLhIJfapcJfC/oucUhYaT 9ywxZPZ+Ph9mFD4dVIoVIoKAApNoTLkStCZH4eIx8SqIE/qfu/5BBXsa8eBMVyXC 4/YsY5QKlUApM63Z0c/8C3w6P6uYieraK3GsyaIt3qTHmhXXp0pYFE1YtdA0okUb YdUOgYbdTM3Q/ej5UBkllJzxr6ygGw== =r216 -----END PGP SIGNATURE----- Merge tag 'drm-intel-fixes-2023-01-12' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes - Reserve enough fence slot for i915_vma_unbind_vsync (Nirmoy) - Fix potential use after free (Rob Clark) - Reset engines twice in case of reset failure (Chris) - Use multi-cast registers for SVG Unit registers (Gustavo) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rodrigo Vivi <rodrigo.vivi@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/Y8AbHelGeXc5eQ8U@intel.com |
||
|
Dave Airlie
|
28d31e1aed |
Merge tag 'amd-drm-fixes-6.2-2023-01-11' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
amd-drm-fixes-6.2-2023-01-11: amdgpu: - SMU13 fan speed fix - SMU13 fix power cap handling - SMU13 BACO fix - Fix a possible segfault in bo validation error case - Delay removal of firmware framebuffer - Fix error when unloading amdkfd: - SVM fix when clearing vram - GC11 fix for multi-GPU Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20230112033004.8184-1-alexander.deucher@amd.com |
||
|
Dave Airlie
|
a283773308 |
Several fixes for amdgpu (all addressing issues with fences), yet
another orientation quirk for a Lenovo device, a use-after-free fix for virtio, a regression fix in TTM and a performance regression in drm buddy. -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCY8AGjQAKCRDj7w1vZxhR xcrzAQCqyykgLij4IkADIm2q3IVTbWQkoyHXn/zt5MZQT3hHjgD/YYxlXTcnp/CT v5IhL8O5AbBbPC8x9IoK0rbLiUrriQU= =5g22 -----END PGP SIGNATURE----- Merge tag 'drm-misc-fixes-2023-01-12' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes Several fixes for amdgpu (all addressing issues with fences), yet another orientation quirk for a Lenovo device, a use-after-free fix for virtio, a regression fix in TTM and a performance regression in drm buddy. Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maxime Ripard <maxime@cerno.tech> Link: https://patchwork.freedesktop.org/patch/msgid/20230112130954.pxt77g3a7rokha42@houat |
||
|
Linus Torvalds
|
d9fc151172 |
Including fixes from rxrpc.
Current release - regressions:
- rxrpc:
- only disconnect calls in the I/O thread
- move client call connection to the I/O thread
- fix incoming call setup race
- eth: mlx5:
- restore pkt rate policing support
- fix memory leak on updating vport counters
Previous releases - regressions:
- gro: take care of DODGY packets
- ipv6: deduct extension header length in rawv6_push_pending_frames
- tipc: fix unexpected link reset due to discovery messages
Previous releases - always broken:
- sched: disallow noqueue for qdisc classes
- eth: ice: fix potential memory leak in ice_gnss_tty_write()
- eth: ixgbe: fix pci device refcount leak
- eth: mlx5:
- fix command stats access after free
- fix macsec possible null dereference when updating MAC security entity (SecY)
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmPAGskSHHBhYmVuaUBy
ZWRoYXQuY29tAAoJECkkeY3MjxOk9aQQAInUtOfTi0EwR5oveTMWOcDc8P1rGFru
Yfid6d4gVRKDm9tosW8HSlnMVCDIGrvhmwVfMevkLjgQtgRXYecXM7MYMVH+6f6e
yIF0azu5z2PEQvfTLTuTN++bQ3lgyfYXOB3mScCOtBE9BFXwjtL111Qby1QlvHTg
sPIH5kCxpDfg3i2rge1BiyoQ4BWc4c6Us86CriKDX1vl7lilJccpWYxKFY8hyRzl
PF3OVJlMph7jny4zKOa2chWUnDj5ycK289/x2rOla4EOX7R8IHDyL+sAAAvdm7/q
FDuuetC3M+eo8/NTLiZkjTipw1nO+G0c1VtzAZ/wX1QkomwmN0yyPx47EllVH+ez
YQ80UrXOF3f7xYXHZIhwCrIVSaHpLyZHSfDBW1r+vTokIRSJ+5TOIH/YAUUKSR0U
kE4r+eHU3AdcBsDV0pZXtE0mUxROwRatOt5u+XQ3WYdORDyKo0HYu8QskIurgqUv
Cnr554zogmC4Bt/uY7j5u9NvhUH/Xyp5RVXtaQnwz+hcncgVFASDDpblejHE2Lcu
8fb1NrwB7AsPnMDGUSjnG0BbQaTo6ccacBrIrhWxRbEBAQmZEbO507yoYz21EBM5
5XKWd1bTq1YG5oPYl9WR3FI9hSQN7vKsUoW4SXsuh5j65ENhCAwBK8i3liy1j+dS
sf5xUgCg6KyH
=4ANJ
-----END PGP SIGNATURE-----
Merge tag 'net-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from rxrpc.
The rxrpc changes are noticeable large: to address a recent regression
has been necessary completing the threaded refactor.
Current release - regressions:
- rxrpc:
- only disconnect calls in the I/O thread
- move client call connection to the I/O thread
- fix incoming call setup race
- eth: mlx5:
- restore pkt rate policing support
- fix memory leak on updating vport counters
Previous releases - regressions:
- gro: take care of DODGY packets
- ipv6: deduct extension header length in rawv6_push_pending_frames
- tipc: fix unexpected link reset due to discovery messages
Previous releases - always broken:
- sched: disallow noqueue for qdisc classes
- eth: ice: fix potential memory leak in ice_gnss_tty_write()
- eth: ixgbe: fix pci device refcount leak
- eth: mlx5:
- fix command stats access after free
- fix macsec possible null dereference when updating MAC security
entity (SecY)"
* tag 'net-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (64 commits)
r8152: add vendor/device ID pair for Microsoft Devkit
net: stmmac: add aux timestamps fifo clearance wait
bnxt: make sure we return pages to the pool
net: hns3: fix wrong use of rss size during VF rss config
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
net: lan966x: check for ptp to be enabled in lan966x_ptp_deinit()
net: sched: disallow noqueue for qdisc classes
iavf/iavf_main: actually log ->src mask when talking about it
igc: Fix PPS delta between two synchronized end-points
ixgbe: fix pci device refcount leak
octeontx2-pf: Fix resource leakage in VF driver unbind
selftests/net: l2_tos_ttl_inherit.sh: Ensure environment cleanup on failure.
selftests/net: l2_tos_ttl_inherit.sh: Run tests in their own netns.
selftests/net: l2_tos_ttl_inherit.sh: Set IPv6 addresses with "nodad".
net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
net/mlx5e: Fix macsec ssci attribute handling in offload path
net/mlx5: E-switch, Coverity: overlapping copy
net/mlx5e: Don't support encap rules with gbp option
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5e: Fix memory leak on updating vport counters
...
|
||
|
Linus Torvalds
|
5be413a6e2 |
s390 updates for 6.2-rc4
- Add various missing READ_ONCE() to cmpxchg() loops prevent the compiler from potentially generating incorrect code. This includes a rather large change to the s390 specific hardware sampling code and its current use of cmpxchg_double(). Do the fix now to get it out of the way of Peter Zijlstra's cmpxchg128() work, and have something that can be backported. The added new code includes a private 128 bit cmpxchg variant which will be removed again after Peter's rework is available. Also note that this 128 bit cmpxchg variant is used to implement 128 bit READ_ONCE(), while strictly speaking it wouldn't be necessary, and _READ_ONCE() should also be sufficient; even though it isn't obvious for all converted locations that this is the case. Therefore use this implementation for for the sake of clarity and consistency for now. - Fix ipl report address handling to avoid kdump failures/hangs. - Fix misuse of #(el)if in kernel decompressor. - Define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36, caused by the recently changed discard behaviour. - Make sure _edata and _end symbols are always page aligned. - The current header guard DEBUG_H in one of the s390 specific header files is too generic and conflicts with the ath9k wireless driver. Add an _ASM_S390_ prefix to the guard to make it unique. - Update defconfigs. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEECMNfWEw3SLnmiLkZIg7DeRspbsIFAmPAQ6UACgkQIg7DeRsp bsLE5A//cAmO6yS21zVA9aPypX2ZzCkhYH7hNr/8DQBQsDS5+VvgBFOIrQ7v2I+Q nBpdjUKMe+E8knAHX56cAXpOttdQmhxq4TURMNBX7LnXOcKmwAmAh9kQ4i+Og0yn 0SLiiGlVdKT5UlLd6LyRpPjnovNNW9x4UYiPY7D2Vr2T1r6/6HGH3xT2+E7fsVU9 ydkGBJ39oyZkO6WSk7TzvjLDI/fUroQYmFYHq8KWo5mrC/WxAo037nvA8Kn5TFdr g3xXdblqEC5m80U7Xx614cXD8leNA1x9gjsQKE2Nwedq1yed3o7NO0YF8va2NZot 18YpvNOLaaOeWwIvISJG5if1/h8UASx3hvzlZk98koKteoR09WnKadcHmM43HI++ eb6DuxTePZaX352EghDWyo3A9ELR9FmfQ0/Eu5RQ2XtSi3dChKEPztKABk9V0J1x itnVM1kGQdXxNL34qe9h8EzaqTbrQmec7ItMoM8uAs6q4RJ68Hx9hUynbq0qLAbd JyOoxMOkC+rqkGGAECtxegQAavr929F+OgP2C4P8mJDggoFi/czxK/sS+m1KbvW2 AtrHgqCg4PNv9IB8iwd7bGpFvfPcPgkWWp7omeZw9MVKDhwXaxjfbmtb3kyFDNzP 7fXKR1YlIPLbHX4q0hJSsT4Cfb2iA3Z6yVH+aZreV5n1jogmsoU= =IJd/ -----END PGP SIGNATURE----- Merge tag 's390-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Heiko Carstens: - Add various missing READ_ONCE() to cmpxchg() loops prevent the compiler from potentially generating incorrect code. This includes a rather large change to the s390 specific hardware sampling code and its current use of cmpxchg_double(). Do the fix now to get it out of the way of Peter Zijlstra's cmpxchg128() work, and have something that can be backported. The added new code includes a private 128 bit cmpxchg variant which will be removed again after Peter's rework is available. Also note that this 128 bit cmpxchg variant is used to implement 128 bit READ_ONCE(), while strictly speaking it wouldn't be necessary, and _READ_ONCE() should also be sufficient; even though it isn't obvious for all converted locations that this is the case. Therefore use this implementation for for the sake of clarity and consistency for now. - Fix ipl report address handling to avoid kdump failures/hangs. - Fix misuse of #(el)if in kernel decompressor. - Define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36, caused by the recently changed discard behaviour. - Make sure _edata and _end symbols are always page aligned. - The current header guard DEBUG_H in one of the s390 specific header files is too generic and conflicts with the ath9k wireless driver. Add an _ASM_S390_ prefix to the guard to make it unique. - Update defconfigs. * tag 's390-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: update defconfigs KVM: s390: interrupt: use READ_ONCE() before cmpxchg() s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops s390/kexec: fix ipl report address for kdump s390: fix -Wundef warning for CONFIG_KERNEL_ZSTD s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 s390: expicitly align _edata and _end symbols on page boundary s390/debug: add _ASM_S390_ prefix to header guard |
||
|
Linus Torvalds
|
bad8c4a850 |
xen: branch for v6.2-rc4
-----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCY76ohgAKCRCAXGG7T9hj vo8fAP0XJ94B7asqcN4W3EyeyfqxUf1eZvmWRhrbKqpLnmHLaQEA/uJBkXL49Zj7 TTcbxR1coJ/hPwhtmONU4TNtCZ+RXw0= =2Ib5 -----END PGP SIGNATURE----- Merge tag 'for-linus-6.2-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: - two cleanup patches - a fix of a memory leak in the Xen pvfront driver - a fix of a locking issue in the Xen hypervisor console driver * tag 'for-linus-6.2-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/pvcalls: free active map buffer on pvcalls_front_free_map hvc/xen: lock console list traversal x86/xen: Remove the unused function p2m_index() xen: make remove callback of xen driver void returned |
||
|
Linus Torvalds
|
772d0e9144 |
- Fix various DocBook formatting errors in kernel/time/ that
generated (justified) warnings during a kernel-doc build. Signed-off-by: Ingo Molnar <mingo@kernel.org> -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmPAGrkRHG1pbmdvQGtl cm5lbC5vcmcACgkQEnMQ0APhK1i+txAAuYNFi2RntHyD/0GIkgcyeS91gRE4WlTA WvCmg0I56oCiFY/TjRJSGOetEDAMs6CIeGmy5u4Al2Drnmw1LtSFwaJZoENJgqMG ytANTNqB4tYmYHVxm6U1eQSxse9vFb0EP/DrK15v+NapkYWXeQUnnGGrfnheeXiE Vg/PlaRkYncAzz424BHBvzK8YAmWiC9CfWAGxmX2PBNq8EL2P4BoFG/Tb0QpvWOL svR0QewSG7A+WnN9i42KaciMKo1pvtPdZPrxu4Mr5yT6t6LzdGLEhqRK+oejzwB0 En3kdI2uMv4Bn0YFwuXtASKpcRHF5qxfpMFRCNhZS0YzwGIJH68frGVhGVS2OFbW UbsD0DBFd30/D/BTtG7OpYBkSC/9DT0SsPpbpc0mqolSSAG/fXy960T5FJ9FzD1b S2TWnY6ZoYpKkrOXZ6DA6jHdc7GV7B1HmQxlVs0S5nzJ9bRCqI/qtUfY3/9pXq6e UyuovcWpQJlaGrDe1TpgzdEvw71+/qokYsuB/V0sViRLDg7VYkYUtQxQYcg+0Jhy J1F7WzxNkkuAgttZqMDKyBCZXFTbCAnihx/aleDnwGzPlF8Rz4l8nU++VvbV9NZp j0hX3GwqhO8fpk9ilRHuFjzzr3ZhhQg5OumZfMWeYvp13hUxoej4e5ZSj7VWhkV5 cENcjdvspG8= =nO/P -----END PGP SIGNATURE----- Merge tag 'timers-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer doc fixes from Ingo Molnar: - Fix various DocBook formatting errors in kernel/time/ that generated (justified) warnings during a kernel-doc build. * tag 'timers-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: time: Fix various kernel-doc problems |
||
|
Linus Torvalds
|
a7b19c603e |
- More hardware-enablement for Intel Meteor Lake & Emerald Rapid systems:
pure model ID enumeration additions that do not affect other systems. Signed-off-by: Ingo Molnar <mingo@kernel.org> -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmPAGSMRHG1pbmdvQGtl cm5lbC5vcmcACgkQEnMQ0APhK1isHBAAhdbT1j2iNBUimgLL/nW9NIluBcMJUdCN yY63WKBInyDuR3Toq/+EqdUqA3hGMg8swvDjij3XKJ75Hn7cMryigkUmONww22B9 KxU99H8l7UXDzPKJarQ2WIVrEUbgZPGao8NXo3pqHvEVQdii+MaLRvgnnV1IT1Z2 v5SvPslwf1Kh2GdQMsq9sEjiZG/vvWsB+ZNvPQW9WDnh7YUdyfsHhL+5HJDOTmA2 IArCtFfuxq02IjclfrQVigCpiYcgEbJDpBukqpv4X7pclBzTXfEzQqycce4bMS6W uU6zaKmTcLFYdFl+qrLvdW8NcbEGkapOoiaCfd3QHp4+cm90PwL7iCqY3BqIFxwg jRz5iosXP+/SzrObxtCch1VmBClnhsUZ57uUyUKYmVZG9FOXYccnQNXcBrMn07Lk ffyhJBs5gS5VrrSrONWGsPcNn7goPpqB8VgpJUYxx3twdctv1rEmQb2lOpVS2Got 3yPQpmtm/7ZUpP1JbCCzcyernc0c33FNHKuyvywiI+No2hy7WZ7oPsrSO+3PLLnB 2XFfS6HU1bDm3PzaCzTsHYK38lxZL/3lhacDZ7aRPvSTyXSSfTkjUHHiUeAecAdd n7CGllMiKyfazkOhNo806QPI0By/piYGObcafrMJI3PM/lWwBKF/QFQMgH69DXBl 3xF5+2+/vqM= =DFHV -----END PGP SIGNATURE----- Merge tag 'perf-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf events hw enablement from Ingo Molnar: - More hardware-enablement for Intel Meteor Lake & Emerald Rapid systems: pure model ID enumeration additions that do not affect other systems. * tag 'perf-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Add Emerald Rapids perf/x86/msr: Add Emerald Rapids perf/x86/msr: Add Meteor Lake support perf/x86/cstate: Add Meteor Lake support |
||
|
Linus Torvalds
|
ea66bf8653 |
- Fix scheduler frequency invariance bug related to overly long tickless periods
triggering an integer overflow and disabling the feature. - Fix use-after-free bug in dup_user_cpus_ptr(). - Fix do_set_cpus_allowed() deadlock scenarios related to calling kfree() with the pi_lock held. NOTE: the rcu_free() is the 'lazy' solution here - we looked at patches to free the structure after the pi_lock got dropped, but that looked quite a bit messier - and none of this is truly performance critical. We can revisit this if it's too lazy of a solution ... Signed-off-by: Ingo Molnar <mingo@kernel.org> -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmPAF7MRHG1pbmdvQGtl cm5lbC5vcmcACgkQEnMQ0APhK1gsaA/+Ic2IfCw5F836xBqEP/CI6kKHw13rtd3e zE41Jz6gpLQ6FcfiQpma8ZEhgEbW5zlvv5IXvDMVy5joHtWBIuxLDT5qXZSzgKHC Trf+kGcBQFo19axInDV0kI5EY9zr6msEa3jvk34WJeGrHQZlIJCvXamy5FryWqu+ yL1IQjQiHnjPfL5Ez3XWkjP+ijboy/gpgzOT4lqrHyl4U+y24Iuq/CpitDVcE3yf ExI1k9s6WsjLGL24hob+/jH3sWK57GWwIR1yDN1sQ8soX5V9oIjtHXRCaxqD8N+v UcDNZBpfH+7Mmsg7EKU/nYgtB7kbfbEjJbpxph9grsxNHEkbPTc0zLlERJa7VuIx HHABEdAstEq7V7WNPNEZpcgeoLyHCbLnnaxbNSXtj4nGyzgn8cEoDzeyZUw8mZFb 1ZYhGwba5BojKTvQmxVcWyqCi0Z32ERBYibGULnRbjX5TgOIEllhZ5VjtpI1b593 M4o1VUsKYeLl6QbdXYNlIiFUOmsW4eJBDy3kDxh4l2xH4LgKNaoh8zoAYtUQgRJU JOkP03PWvOoZEgcqur6ECcHolHaR65aFs8fkuZ+jMSUXOsIqSji6Cc1RPCQs3vpy 0tYFcnon9ZntPvecxQpbyretbRaehAFdZntKjfsS8RQzraFiPu3yfdHR57D97ioo u877g9M/kZo= =gCfL -----END PGP SIGNATURE----- Merge tag 'sched-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: - Fix scheduler frequency invariance bug related to overly long tickless periods triggering an integer overflow and disabling the feature. - Fix use-after-free bug in dup_user_cpus_ptr(). - Fix do_set_cpus_allowed() deadlock scenarios related to calling kfree() with the pi_lock held. NOTE: the rcu_free() is the 'lazy' solution here - we looked at patches to free the structure after the pi_lock got dropped, but that looked quite a bit messier - and none of this is truly performance critical. We can revisit this if it's too lazy of a solution ... * tag 'sched-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/core: Use kfree_rcu() in do_set_cpus_allowed() sched/core: Fix use-after-free bug in dup_user_cpus_ptr() sched/core: Fix arch_scale_freq_tick() on tickless systems |
||
|
Linus Torvalds
|
cf4d5be89c |
- Fix objtool to be more permissive with hand-written assembly
that uses non-function symbols in executable sections. Signed-off-by: Ingo Molnar <mingo@kernel.org> -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmPAETkRHG1pbmdvQGtl cm5lbC5vcmcACgkQEnMQ0APhK1jlhg//RtXGdWRPhbOxUBOxBxf0dlikeq9yy7Si JkdzAiv9r8YRWh0pLI4+YNLIKhlCxjN46ur2Pm9WlXa1VkA0mgA78DEnZvWCaQhJ SM334xB1NIb5PwdzIPP9qxPE/nZEUYHC9fGZsHhvy9XkqNDVW/3pqorjOQYHn+V6 LlQ2lLmU76jjandO3FbEt2AspWk1JAYbGomSgrVLnSw2GPreOre4EWYmMWuTyUUA ba0vcQT7Y8J5dqxuSiwbvxUQu1dY29FcR8kYEhreXGV+3y81Iw7gj06tevLgzusR UTXuONj/8/YXfBU/S5RDedzmRhLdUi5sN8/H4yY9V2jd8kHZXFIR9lmyoVBbJu5a jBicEIWlkzyXFxlbfis1y6JI4arLtgerMsWypn+s5gFikrIx0iEUvU9fkfmyuajf f9+k939Tf7pWo7BBZlU21ILDp+jDVhVhrRfBSQWQOBMymCAbQsI4tzL4NusS9EI+ NQXtNKWo4t4F/SO44MArHsvdsZ4aQe2kLlcwkkqd3oxmLXzJ1aNbmabO8WNRopjH twOVyHgh04HbbMkp/sHytiqRCWm6Qmiza47cJij/zCgn7yIow8RTV5pF6PqAaKfE boBeqhZEW/4RN6XHpwIlrTRctjUFJxpOAVSRhv8FbwlsoWQSqKuWB3O1wc5nRVBn 1IDeYCbHA/Y= =bMbY -----END PGP SIGNATURE----- Merge tag 'core-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool fix from Ingo Molnar: - Fix objtool to be more permissive with hand-written assembly that uses non-function symbols in executable sections. * tag 'core-urgent-2023-01-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Tolerate STT_NOTYPE symbols at end of section |
||
|
Linus Torvalds
|
f129b61612 |
Fixes for nolibc for v6.2
This series addresses the following bugs: o The fd_set structure was incorrectly defined as arrays of u32 instead of long, which breaks BE64. Fix courtesy of Sven Schnelle. o S_ISxxx macros were incorrectly testing the bits after applying them instead of bitwise ANDing S_FMT with the value. Fix from Warner Losh. o The mips code was randomly broken due to an unprotected "noreorder" directive in the _start code that could prevent the assembler from filling delayed slots. This in turn resulted in random other instructions being placed into those slots. Fix courtesy of Willy Tarreau. o The current nolibc header layout refrains from including files that are not explicitly included by the code using nolibc. Unfortunately, this causes build failures when such files contain definitions that are used (for example) by libgcc. Example definitions include raise() and memset(), which are called by some architectures, but only at certain optimization levels. Fix courtesy of Willy Tarreau. o gcc 11.3 in ARM thumb2 mode at -O2 recognized a memset() construction inside the memset() definition. The compiler replaced this construction with a call to... memset(). Userland cannot be forced to build with -ffreestanding, so an empty asm() statement was introduced into the loop the loop in order to prevent the compiler from making this unproductive transformation. Fix courtesy of Willy Tarreau. o Most of the O_* macros were wrong on RISCV because their octal values were coded as hexadecimal. This resulted in the getdents64() selftest failing. Fix courtesy of Willy Tarreau. The series was tested on x86_64, i386, armv5, armv7, thumb1, thumb2, mips and riscv, all at -O0, -Os and -O3. -----BEGIN PGP SIGNATURE----- iQJHBAABCgAxFiEEbK7UrM+RBIrCoViJnr8S83LZ+4wFAmO8ZPsTHHBhdWxtY2tA a2VybmVsLm9yZwAKCRCevxLzctn7jDqUD/4zymVYzv0Pfbr3gHiZAgWCr+FwHz46 SGK4KVvSPn3L0MMT0JW+Ws6tB/WKwOFzK4dtvhU+z1ClLZEhLgQVVjo9lwLvUorj QvxubMnRLJCZjyvgCOJ2mbJCGLMSoOceSrNgl4xEeQ1gu6wrmjLu8erDJvBCyTMX 4Io7tv1ddO3xJuptrJzB1jZpFl/OvJkrSuB3fHAtCcc/YcXy59imp690lawyWfLL ryiwVgep0XRPLTiEm+Jd0iMsTFJaJEEvkt2aQ9yd6C92z27/+erJ7SsrWcXHZAjD Ck7h4EX2SpJliRFW4QeGdC5/16/7EIGs2WUTuGnwB4uIleD4vGwwvNJkclhKi2au vKfcy5/soFuaWfOOUthfHAA0OX4DXHGFWP9BhEljGTG0F9bbGqqXnsZm37qrq2cQ Ns2tQ2BXvm6qY1TGsv3usMch8xF3Gy521iO5qMQ1YYMeB8Jw6IZJnT6w0gHSqo8O mR8i2zgnsvc3a2KTs45djdN4cu7ARzwwGDXc+ZgEhOsVGp5k93MGoixdYjZkIzCp Zoy/p9sr66OTeUXfxVOJvJcnXzAlWTUgWu92+tlDDrhu2S+YWRGDqhjUfjnqM+dt q7EYj/tVmXsy5B/f/ndmjTUwCxQ7oDM3v72YqGbrUFdA7lHeNSkWY1kjM4PmRJsr aZBwnA0Utly0VQ== =bR/q -----END PGP SIGNATURE----- Merge tag 'urgent-nolibc.2023.01.09a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu Pull nolibc fixes from Paul McKenney: - The fd_set structure was incorrectly defined as arrays of u32 instead of long, which breaks BE64. Fix courtesy of Sven Schnelle. - S_ISxxx macros were incorrectly testing the bits after applying them instead of bitwise ANDing S_FMT with the value. Fix from Warner Losh. - The mips code was randomly broken due to an unprotected "noreorder" directive in the _start code that could prevent the assembler from filling delayed slots. This in turn resulted in random other instructions being placed into those slots. Fix courtesy of Willy Tarreau. - The current nolibc header layout refrains from including files that are not explicitly included by the code using nolibc. Unfortunately, this causes build failures when such files contain definitions that are used (for example) by libgcc. Example definitions include raise() and memset(), which are called by some architectures, but only at certain optimization levels. Fix courtesy of Willy Tarreau. - gcc 11.3 in ARM thumb2 mode at -O2 recognized a memset() construction inside the memset() definition. The compiler replaced this construction with a call to... memset(). Userland cannot be forced to build with -ffreestanding, so an empty asm() statement was introduced into the loop the loop in order to prevent the compiler from making this unproductive transformation. Fix courtesy of Willy Tarreau. - Most of the O_* macros were wrong on RISCV because their octal values were coded as hexadecimal. This resulted in the getdents64() selftest failing. Fix courtesy of Willy Tarreau. This was tested on x86_64, i386, armv5, armv7, thumb1, thumb2, mips and riscv, all at -O0, -Os and -O3. * tag 'urgent-nolibc.2023.01.09a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu: tools/nolibc: fix the O_* fcntl/open macro definitions for riscv tools/nolibc: prevent gcc from making memset() loop over itself tools/nolibc: fix missing includes causing build issues at -O0 tools/nolibc: restore mips branch ordering in the _start block tools/nolibc: Fix S_ISxxx macros nolibc: fix fd_set type |
||
|
Hans de Goede
|
cf5ac2d45f |
platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode
acpi_get_and_request_gpiod() does not take a gpio_lookup_flags argument
specifying that the pins direction should be initialized to a specific
value.
This means that in some cases the pins might be left in input mode, causing
the gpiod_set() calls made to enable the clk / regulator to not work.
One example of this problem is the clk-enable GPIO for the ov01a1s sensor
on a Dell Latitude 9420 being left in input mode causing the clk to
never get enabled.
Explicitly set the direction of the pins to output to fix this.
Fixes:
|
||
|
Miaoqian Lin
|
ccb32e2be1 |
platform/x86/amd: Fix refcount leak in amd_pmc_probe
pci_get_domain_bus_and_slot() takes reference, the caller should release
the reference by calling pci_dev_put() after use. Call pci_dev_put() in
the error path to fix this.
Fixes:
|