mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-03 12:24:45 +08:00
4d57a7333e
1154711 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Zhihao Cheng
|
4d57a7333e |
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
Following process will trigger an infinite loop in ubi_wl_put_peb():
ubifs_bgt ubi_bgt
ubifs_leb_unmap
ubi_leb_unmap
ubi_eba_unmap_leb
ubi_wl_put_peb wear_leveling_worker
e1 = rb_entry(rb_first(&ubi->used)
e2 = get_peb_for_wl(ubi)
ubi_io_read_vid_hdr // return err (flash fault)
out_error:
ubi->move_from = ubi->move_to = NULL
wl_entry_destroy(ubi, e1)
ubi->lookuptbl[e->pnum] = NULL
retry:
e = ubi->lookuptbl[pnum]; // return NULL
if (e == ubi->move_from) { // NULL == NULL gets true
goto retry; // infinite loop !!!
$ top
PID USER PR NI VIRT RES SHR S %CPU %MEM COMMAND
7676 root 20 0 0 0 0 R 100.0 0.0 ubifs_bgt0_0
Fix it by:
1) Letting ubi_wl_put_peb() returns directly if wearl leveling entry has
been removed from 'ubi->lookuptbl'.
2) Using 'ubi->wl_lock' protecting wl entry deletion to preventing an
use-after-free problem for wl entry in ubi_wl_put_peb().
Fetch a reproducer in [Link].
Fixes:
|
||
|
Zhihao Cheng
|
a240bc5c43 |
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
Wear-leveling entry could be freed in error path, which may be accessed
again in eraseblk_count_seq_show(), for example:
__erase_worker eraseblk_count_seq_show
wl = ubi->lookuptbl[*block_number]
if (wl)
wl_entry_destroy
ubi->lookuptbl[e->pnum] = NULL
kmem_cache_free(ubi_wl_entry_slab, e)
erase_count = wl->ec // UAF!
Wear-leveling entry updating/accessing in ubi->lookuptbl should be
protected by ubi->wl_lock, fix it by adding ubi->wl_lock to serialize
wl entry accessing between wl_entry_destroy() and
eraseblk_count_seq_show().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216305
Fixes:
|
||
|
Zhihao Cheng
|
76f9476ece |
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
After disabling fastmap(ubi->fm_disabled = 1), fastmap won't be updated,
fm_anchor PEB is missed being scheduled for erasing. Besides, fm_anchor
PEB may have smallest erase count, it doesn't participate wear-leveling.
The difference of erase count between fm_anchor PEB and other PEBs will
be larger and larger later on.
In which situation fastmap can be disabled? Initially, we have an UBI
image with fastmap. Then the image will be atttached without module
parameter 'fm_autoconvert', ubi turns to full scanning mode in one
random attaching process(eg. bad fastmap caused by powercut), ubi
fastmap is disabled since then.
Fix it by not getting fm_anchor if fastmap is disabled in
ubi_refill_pools().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216341
Fixes:
|
||
|
Zhihao Cheng
|
66f4742e93 |
ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
There are two states for ubifs writing pages:
1. Dirty, Private
2. Not Dirty, Not Private
The normal process cannot go to ubifs_releasepage() which means there
exists pages being private but not dirty. Reproducer[1] shows that it
could occur (which maybe related to [2]) with following process:
PA PB PC
lock(page)[PA]
ubifs_write_end
attach_page_private // set Private
__set_page_dirty_nobuffers // set Dirty
unlock(page)
write_cache_pages[PA]
lock(page)
clear_page_dirty_for_io(page) // clear Dirty
ubifs_writepage
do_truncation[PB]
truncate_setsize
i_size_write(inode, newsize) // newsize = 0
i_size = i_size_read(inode) // i_size = 0
end_index = i_size >> PAGE_SHIFT
if (page->index > end_index)
goto out // jump
out:
unlock(page) // Private, Not Dirty
generic_fadvise[PC]
lock(page)
invalidate_inode_page
try_to_release_page
ubifs_releasepage
ubifs_assert(c, 0)
// bad assertion!
unlock(page)
truncate_pagecache[PB]
Then we may get following assertion failed:
UBIFS error (ubi0:0 pid 1683): ubifs_assert_failed [ubifs]:
UBIFS assert failed: 0, in fs/ubifs/file.c:1513
UBIFS warning (ubi0:0 pid 1683): ubifs_ro_mode [ubifs]:
switched to read-only mode, error -22
CPU: 2 PID: 1683 Comm: aa Not tainted 5.16.0-rc5-00184-g0bca5994cacc-dirty #308
Call Trace:
dump_stack+0x13/0x1b
ubifs_ro_mode+0x54/0x60 [ubifs]
ubifs_assert_failed+0x4b/0x80 [ubifs]
ubifs_releasepage+0x67/0x1d0 [ubifs]
try_to_release_page+0x57/0xe0
invalidate_inode_page+0xfb/0x130
__invalidate_mapping_pages+0xb9/0x280
invalidate_mapping_pagevec+0x12/0x20
generic_fadvise+0x303/0x3c0
ksys_fadvise64_64+0x4c/0xb0
[1] https://bugzilla.kernel.org/show_bug.cgi?id=215373
[2] https://linux-mtd.infradead.narkive.com/NQoBeT1u/patch-rfc-ubifs-fix-assert-failed-in-ubifs-set-page-dirty
Fixes:
|
||
|
Zhihao Cheng
|
fb8bc4c74a |
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
There are two states for ubifs writing pages:
1. Dirty, Private
2. Not Dirty, Not Private
There is a third possibility which maybe related to [1] that page is
private but not dirty caused by following process:
PA
lock(page)
ubifs_write_end
attach_page_private // set Private
__set_page_dirty_nobuffers // set Dirty
unlock(page)
write_cache_pages
lock(page)
clear_page_dirty_for_io(page) // clear Dirty
ubifs_writepage
write_inode
// fail, goto out, following codes are not executed
// do_writepage
// set_page_writeback // set Writeback
// detach_page_private // clear Private
// end_page_writeback // clear Writeback
out:
unlock(page) // Private, Not Dirty
PB
ksys_fadvise64_64
generic_fadvise
invalidate_inode_page
// page is neither Dirty nor Writeback
invalidate_complete_page
// page_has_private is true
try_to_release_page
ubifs_releasepage
ubifs_assert(c, 0) !!!
Then we may get following assertion failed:
UBIFS error (ubi0:0 pid 1492): ubifs_assert_failed [ubifs]:
UBIFS assert failed: 0, in fs/ubifs/file.c:1499
UBIFS warning (ubi0:0 pid 1492): ubifs_ro_mode [ubifs]:
switched to read-only mode, error -22
CPU: 2 PID: 1492 Comm: aa Not tainted 5.16.0-rc2-00012-g7bb767dee0ba-dirty
Call Trace:
dump_stack+0x13/0x1b
ubifs_ro_mode+0x54/0x60 [ubifs]
ubifs_assert_failed+0x4b/0x80 [ubifs]
ubifs_releasepage+0x7e/0x1e0 [ubifs]
try_to_release_page+0x57/0xe0
invalidate_inode_page+0xfb/0x130
invalidate_mapping_pagevec+0x12/0x20
generic_fadvise+0x303/0x3c0
vfs_fadvise+0x35/0x40
ksys_fadvise64_64+0x4c/0xb0
Jump [2] to find a reproducer.
[1] https://linux-mtd.infradead.narkive.com/NQoBeT1u/patch-rfc-ubifs-fix-assert-failed-in-ubifs-set-page-dirty
[2] https://bugzilla.kernel.org/show_bug.cgi?id=215357
Fixes:
|
||
|
Zhihao Cheng
|
122deabfe1 |
ubifs: dirty_cow_znode: Fix memleak in error handling path
Following process will cause a memleak for copied up znode:
dirty_cow_znode
zn = copy_znode(c, znode);
err = insert_old_idx(c, zbr->lnum, zbr->offs);
if (unlikely(err))
return ERR_PTR(err); // No one refers to zn.
Fix it by adding copied znode back to tnc, then it will be freed
by ubifs_destroy_tnc_subtree() while closing tnc.
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216705
Fixes:
|
||
|
Zhihao Cheng
|
944e096aa2 |
ubifs: Re-statistic cleaned znode count if commit failed
Dirty znodes will be written on flash in committing process with
following states:
process A | znode state
------------------------------------------------------
do_commit | DIRTY_ZNODE
ubifs_tnc_start_commit | DIRTY_ZNODE
get_znodes_to_commit | DIRTY_ZNODE | COW_ZNODE
layout_commit | DIRTY_ZNODE | COW_ZNODE
fill_gap | 0
write master | 0 or OBSOLETE_ZNODE
process B | znode state
------------------------------------------------------
do_commit | DIRTY_ZNODE[1]
ubifs_tnc_start_commit | DIRTY_ZNODE
get_znodes_to_commit | DIRTY_ZNODE | COW_ZNODE
ubifs_tnc_end_commit | DIRTY_ZNODE | COW_ZNODE
write_index | 0
write master | 0 or OBSOLETE_ZNODE[2] or
| DIRTY_ZNODE[3]
[1] znode is dirtied without concurrent committing process
[2] znode is copied up (re-dirtied by other process) before cleaned
up in committing process
[3] znode is re-dirtied after cleaned up in committing process
Currently, the clean znode count is updated in free_obsolete_znodes(),
which is called only in normal path. If do_commit failed, clean znode
count won't be updated, which triggers a failure ubifs assertion[4] in
ubifs_tnc_close():
ubifs_assert_failed [ubifs]: UBIFS assert failed: freed == n
[4] Commit
|
||
ZhaoLong Wang
|
2de203d8ab |
ubi: Fix permission display of the debugfs files
Some interface files in debugfs support the read method
dfs_file_read(), but their rwx permissions is shown as
unreadable.
In the user mode, the following problem can be clearly seen:
# ls -l /sys/kernel/debug/ubi/ubi0/
total 0
--w------- 1 root root 0 Oct 22 16:26 chk_fastmap
--w------- 1 root root 0 Oct 22 16:26 chk_gen
--w------- 1 root root 0 Oct 22 16:26 chk_io
-r-------- 1 root root 0 Oct 22 16:26 detailed_erase_block_info
--w------- 1 root root 0 Oct 22 16:26 tst_disable_bgt
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_bitflips
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_io_failures
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut_max
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut_min
It shows that these files do not have read permission 'r',
but we can actually read their contents.
# echo 1 > /sys/kernel/debug/ubi/ubi0/chk_io
# cat /sys/kernel/debug/ubi/ubi0/chk_io
1
User's permission access is determined by capabilities.
Of course, the root user is not restricted from reading
these files.
When reading a debugfs file, the process is as follows:
ksys_read()
vfs_read()
if (file->f_op->read)
file->f_op->read()
full_proxy_open()
real_fops->read()
dfs_file_read() -- Read method of debugfs file.
else if (file->f_op->read_iter)
new_sync_read()
else
ret = -EINVAL -- Return -EINVAL if no read method.
This indicates that the debugfs file can be read as long as the read
method of the debugfs file is registered. This patch adds the read
permission display for file that support the read method.
Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
||
Yang Yingliang
|
c15859bfd3 |
ubi: Fix possible null-ptr-deref in ubi_free_volume()
It willl cause null-ptr-deref in the following case:
uif_init()
ubi_add_volume()
cdev_add() -> if it fails, call kill_volumes()
device_register()
kill_volumes() -> if ubi_add_volume() fails call this function
ubi_free_volume()
cdev_del()
device_unregister() -> trying to delete a not added device,
it causes null-ptr-deref
So in ubi_free_volume(), it delete devices whether they are added
or not, it will causes null-ptr-deref.
Handle the error case whlie calling ubi_add_volume() to fix this
problem. If add volume fails, set the corresponding vol to null,
so it can not be accessed in kill_volumes() and release the
resource in ubi_add_volume() error path.
Fixes:
|
||
|
ZhaoLong Wang
|
7af73882dd |
ubi: fastmap: Add fastmap control support for module parameter
The UBI driver can use the IOCTL to disable the fastmap after the
mainline
|
||
Li Zetao
|
4a1ff3c5d0 |
ubifs: Fix memory leak in alloc_wbufs()
kmemleak reported a sequence of memory leaks, and show them as following:
unreferenced object 0xffff8881575f8400 (size 1024):
comm "mount", pid 19625, jiffies 4297119604 (age 20.383s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8176cecd>] __kmalloc+0x4d/0x150
[<ffffffffa0406b2b>] ubifs_mount+0x307b/0x7170 [ubifs]
[<ffffffff819fa8fd>] legacy_get_tree+0xed/0x1d0
[<ffffffff81936f2d>] vfs_get_tree+0x7d/0x230
[<ffffffff819b2bd4>] path_mount+0xdd4/0x17b0
[<ffffffff819b37aa>] __x64_sys_mount+0x1fa/0x270
[<ffffffff83c14295>] do_syscall_64+0x35/0x80
[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff8881798a6e00 (size 512):
comm "mount", pid 19677, jiffies 4297121912 (age 37.816s)
hex dump (first 32 bytes):
6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
backtrace:
[<ffffffff8176cecd>] __kmalloc+0x4d/0x150
[<ffffffffa0418342>] ubifs_wbuf_init+0x52/0x480 [ubifs]
[<ffffffffa0406ca5>] ubifs_mount+0x31f5/0x7170 [ubifs]
[<ffffffff819fa8fd>] legacy_get_tree+0xed/0x1d0
[<ffffffff81936f2d>] vfs_get_tree+0x7d/0x230
[<ffffffff819b2bd4>] path_mount+0xdd4/0x17b0
[<ffffffff819b37aa>] __x64_sys_mount+0x1fa/0x270
[<ffffffff83c14295>] do_syscall_64+0x35/0x80
[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
The problem is that the ubifs_wbuf_init() returns an error in the
loop which in the alloc_wbufs(), then the wbuf->buf and wbuf->inodes
that were successfully alloced before are not freed.
Fix it by adding error hanging path in alloc_wbufs() which frees
the memory alloced before when ubifs_wbuf_init() returns an error.
Fixes:
|
||
|
Li Zetao
|
1e591ea072 |
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
There is a memory leaks problem reported by kmemleak:
unreferenced object 0xffff888102007a00 (size 128):
comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s)
hex dump (first 32 bytes):
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
backtrace:
[<ffffffff8176cecd>] __kmalloc+0x4d/0x150
[<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi]
[<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi]
[<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi]
[<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170
[<ffffffff83c142a5>] do_syscall_64+0x35/0x80
[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
This is due to a mismatch between create and destroy interfaces, and
in detail that "new_eba_tbl" created by ubi_eba_create_table() but
destroyed by kfree(), while will causing "new_eba_tbl->entries" not
freed.
Fix it by replacing kfree(new_eba_tbl) with
ubi_eba_destroy_table(new_eba_tbl)
Fixes:
|
||
|
Li Zetao
|
9af31d6ec1 |
ubi: Fix use-after-free when volume resizing failed
There is an use-after-free problem reported by KASAN:
==================================================================
BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi]
Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735
CPU: 2 PID: 4735 Comm: ubirsvol
Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-1.fc33 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_report+0x171/0x472
kasan_report+0xad/0x130
ubi_eba_copy_table+0x11f/0x1c0 [ubi]
ubi_resize_volume+0x4f9/0xbc0 [ubi]
ubi_cdev_ioctl+0x701/0x1850 [ubi]
__x64_sys_ioctl+0x11d/0x170
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
When ubi_change_vtbl_record() returns an error in ubi_resize_volume(),
"new_eba_tbl" will be freed on error handing path, but it is holded
by "vol->eba_tbl" in ubi_eba_replace_table(). It means that the liftcycle
of "vol->eba_tbl" and "vol" are different, so when resizing volume in
next time, it causing an use-after-free fault.
Fix it by not freeing "new_eba_tbl" after it replaced in
ubi_eba_replace_table(), while will be freed in next volume resizing.
Fixes:
|
||
|
Zhihao Cheng
|
e874dcde1c |
ubifs: Reserve one leb for each journal head while doing budget
UBIFS calculates available space by c->main_bytes - c->lst.total_used
(which means non-index lebs' free and dirty space is accounted into
total available), then index lebs and four lebs (one for gc_lnum, one
for deletions, two for journal heads) are deducted.
In following situation, ubifs may get -ENOSPC from make_reservation():
LEB 84: DATAHD free 122880 used 1920 dirty 2176 dark 6144
LEB 110:DELETION free 126976 used 0 dirty 0 dark 6144 (empty)
LEB 201:gc_lnum free 126976 used 0 dirty 0 dark 6144
LEB 272:GCHD free 77824 used 47672 dirty 1480 dark 6144
LEB 356:BASEHD free 0 used 39776 dirty 87200 dark 6144
OTHERS: index lebs, zero-available non-index lebs
UBIFS calculates the available bytes is 6888 (How to calculate it:
126976 * 5[remain main bytes] - 1920[used] - 47672[used] - 39776[used] -
126976 * 1[deletions] - 126976 * 1[gc_lnum] - 126976 * 2[journal heads]
- 6144 * 5[dark] = 6888) after doing budget, however UBIFS cannot use
BASEHD's dirty space(87200), because UBIFS cannot find next BASEHD to
reclaim current BASEHD. (c->bi.min_idx_lebs equals to c->lst.idx_lebs,
the empty leb won't be found by ubifs_find_free_space(), and dirty index
lebs won't be picked as gced lebs. All non-index lebs has dirty space
less then c->dead_wm, non-index lebs won't be picked as gced lebs
either. So new free lebs won't be produced.). See more details in Link.
To fix it, reserve one leb for each journal head while doing budget.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216562
Fixes:
|
||
|
Zhihao Cheng
|
25fce616a6 |
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
If target inode is a special file (eg. block/char device) with nlink
count greater than 1, the inode with ui->data will be re-written on
disk. However, UBIFS losts target inode's data_len while doing space
budget. Bad space budget may let make_reservation() return with -ENOSPC,
which could turn ubifs to read-only mode in do_writepage() process.
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216494
Fixes:
|
||
|
Zhihao Cheng
|
b248eaf049 |
ubifs: Fix wrong dirty space budget for dirty inode
Each dirty inode should reserve 'c->bi.inode_budget' bytes in space
budget calculation. Currently, space budget for dirty inode reports
more space than what UBIFS actually needs to write.
Fixes:
|
||
|
Zhihao Cheng
|
c04cc68da8 |
ubifs: Add comments and debug info for ubifs_xrename()
Just like other operations (eg. ubifs_create, do_rename), add comments and debug information for ubifs_xrename(). Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at> |
||
|
Zhihao Cheng
|
1b2ba09060 |
ubifs: Rectify space budget for ubifs_xrename()
There is no space budget for ubifs_xrename(). It may let
make_reservation() return with -ENOSPC, which could turn
ubifs to read-only mode in do_writepage() process.
Fix it by adding space budget for ubifs_xrename().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216569
Fixes:
|
||
|
Zhihao Cheng
|
c2c36cc6ca |
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
Fix bad space budget when symlink file is encrypted. Bad space budget
may let make_reservation() return with -ENOSPC, which could turn ubifs
to read-only mode in do_writepage() process.
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216490
Fixes:
|
||
Mårten Lindahl
|
6addbe91fc |
ubi: block: Reduce warning print to info for static volumes
If volume size is not multiple of the sector size 512 a warning is printed saying that the last non-sector aligned bytes will be ignored. This should be valid for resizable volumes, but when creating static volumes which are read only this will always be printed even if the unaligned data is deliberate. The message is still valid but the severity should be lowered for static volumes. Signed-off-by: Mårten Lindahl <marten.lindahl@axis.com> Signed-off-by: Richard Weinberger <richard@nod.at> |
||
Liu Shixin
|
203a55f04f |
ubifs: Fix memory leak in ubifs_sysfs_init()
When insmod ubifs.ko, a kmemleak reported as below:
unreferenced object 0xffff88817fb1a780 (size 8):
comm "insmod", pid 25265, jiffies 4295239702 (age 100.130s)
hex dump (first 8 bytes):
75 62 69 66 73 00 ff ff ubifs...
backtrace:
[<ffffffff81b3fc4c>] slab_post_alloc_hook+0x9c/0x3c0
[<ffffffff81b44bf3>] __kmalloc_track_caller+0x183/0x410
[<ffffffff8198d3da>] kstrdup+0x3a/0x80
[<ffffffff8198d486>] kstrdup_const+0x66/0x80
[<ffffffff83989325>] kvasprintf_const+0x155/0x190
[<ffffffff83bf55bb>] kobject_set_name_vargs+0x5b/0x150
[<ffffffff83bf576b>] kobject_set_name+0xbb/0xf0
[<ffffffff8100204c>] do_one_initcall+0x14c/0x5a0
[<ffffffff8157e380>] do_init_module+0x1f0/0x660
[<ffffffff815857be>] load_module+0x6d7e/0x7590
[<ffffffff8158644f>] __do_sys_finit_module+0x19f/0x230
[<ffffffff815866b3>] __x64_sys_finit_module+0x73/0xb0
[<ffffffff88c98e85>] do_syscall_64+0x35/0x80
[<ffffffff88e00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
When kset_register() failed, we should call kset_put to cleanup it.
Fixes:
|
||
Li Hua
|
aa6d148e6d |
ubifs: Fix build errors as symbol undefined
With CONFIG_UBIFS_FS_AUTHENTICATION not set, the compiler can assume that
ubifs_node_check_hash() is never true and drops the call to ubifs_bad_hash().
Is CONFIG_CC_OPTIMIZE_FOR_SIZE enabled this optimization does not happen anymore.
So When CONFIG_UBIFS_FS and CONFIG_CC_OPTIMIZE_FOR_SIZE is enabled but
CONFIG_UBIFS_FS_AUTHENTICATION is not set, the build errors is as followd:
ERROR: modpost: "ubifs_bad_hash" [fs/ubifs/ubifs.ko] undefined!
Fix it by add no-op ubifs_bad_hash() for the CONFIG_UBIFS_FS_AUTHENTICATION=n case.
Fixes:
|
||
George Kennedy
|
1b42b1a36f |
ubi: ensure that VID header offset + VID header size <= alloc, size
Ensure that the VID header offset + VID header size does not exceed
the allocated area to avoid slab OOB.
BUG: KASAN: slab-out-of-bounds in crc32_body lib/crc32.c:111 [inline]
BUG: KASAN: slab-out-of-bounds in crc32_le_generic lib/crc32.c:179 [inline]
BUG: KASAN: slab-out-of-bounds in crc32_le_base+0x58c/0x626 lib/crc32.c:197
Read of size 4 at addr ffff88802bb36f00 by task syz-executor136/1555
CPU: 2 PID: 1555 Comm: syz-executor136 Tainted: G W
6.0.0-1868 #1
Hardware name: Red Hat KVM, BIOS 1.13.0-2.module+el8.3.0+7860+a7792d29
04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x85/0xad lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold.13+0xb6/0x6bb mm/kasan/report.c:433
kasan_report+0xa7/0x11b mm/kasan/report.c:495
crc32_body lib/crc32.c:111 [inline]
crc32_le_generic lib/crc32.c:179 [inline]
crc32_le_base+0x58c/0x626 lib/crc32.c:197
ubi_io_write_vid_hdr+0x1b7/0x472 drivers/mtd/ubi/io.c:1067
create_vtbl+0x4d5/0x9c4 drivers/mtd/ubi/vtbl.c:317
create_empty_lvol drivers/mtd/ubi/vtbl.c:500 [inline]
ubi_read_volume_table+0x67b/0x288a drivers/mtd/ubi/vtbl.c:812
ubi_attach+0xf34/0x1603 drivers/mtd/ubi/attach.c:1601
ubi_attach_mtd_dev+0x6f3/0x185e drivers/mtd/ubi/build.c:965
ctrl_cdev_ioctl+0x2db/0x347 drivers/mtd/ubi/cdev.c:1043
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x213 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3e/0x86 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0x0
RIP: 0033:0x7f96d5cf753d
Code:
RSP: 002b:00007fffd72206f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96d5cf753d
RDX: 0000000020000080 RSI: 0000000040186f40 RDI: 0000000000000003
RBP: 0000000000400cd0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400be0
R13: 00007fffd72207e0 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Allocated by task 1555:
kasan_save_stack+0x20/0x3d mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:437 [inline]
____kasan_kmalloc mm/kasan/common.c:516 [inline]
__kasan_kmalloc+0x88/0xa3 mm/kasan/common.c:525
kasan_kmalloc include/linux/kasan.h:234 [inline]
__kmalloc+0x138/0x257 mm/slub.c:4429
kmalloc include/linux/slab.h:605 [inline]
ubi_alloc_vid_buf drivers/mtd/ubi/ubi.h:1093 [inline]
create_vtbl+0xcc/0x9c4 drivers/mtd/ubi/vtbl.c:295
create_empty_lvol drivers/mtd/ubi/vtbl.c:500 [inline]
ubi_read_volume_table+0x67b/0x288a drivers/mtd/ubi/vtbl.c:812
ubi_attach+0xf34/0x1603 drivers/mtd/ubi/attach.c:1601
ubi_attach_mtd_dev+0x6f3/0x185e drivers/mtd/ubi/build.c:965
ctrl_cdev_ioctl+0x2db/0x347 drivers/mtd/ubi/cdev.c:1043
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x213 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3e/0x86 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0x0
The buggy address belongs to the object at ffff88802bb36e00
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 0 bytes to the right of
256-byte region [ffff88802bb36e00, ffff88802bb36f00)
The buggy address belongs to the physical page:
page:00000000ea4d1263 refcount:1 mapcount:0 mapping:0000000000000000
index:0x0 pfn:0x2bb36
head:00000000ea4d1263 order:1 compound_mapcount:0 compound_pincount:0
flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
raw: 000fffffc0010200 ffffea000066c300 dead000000000003 ffff888100042b40
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88802bb36e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88802bb36e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88802bb36f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff88802bb36f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88802bb37000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Fixes:
|
||
Yifei Liu
|
23892d383b |
jffs2: correct logic when creating a hole in jffs2_write_begin
Bug description and fix: 1. Write data to a file, say all 1s from offset 0 to 16. 2. Truncate the file to a smaller size, say 8 bytes. 3. Write new bytes (say 2s) from an offset past the original size of the file, say at offset 20, for 4 bytes. This is supposed to create a "hole" in the file, meaning that the bytes from offset 8 (where it was truncated above) up to the new write at offset 20, should all be 0s (zeros). 4. Flush all caches using "echo 3 > /proc/sys/vm/drop_caches" (or unmount and remount) the f/s. 5. Check the content of the file. It is wrong. The 1s that used to be between bytes 9 and 16, before the truncation, have REAPPEARED (they should be 0s). We wrote a script and helper C program to reproduce the bug (reproduce_jffs2_write_begin_issue.sh, write_file.c, and Makefile). We can make them available to anyone. The above example is shown when writing a small file within the same first page. But the bug happens for larger files, as long as steps 1, 2, and 3 above all happen within the same page. The problem was traced to the jffs2_write_begin code, where it goes into an 'if' statement intended to handle writes past the current EOF (i.e., writes that may create a hole). The code computes a 'pageofs' that is the floor of the write position (pos), aligned to the page size boundary. In other words, 'pageofs' will never be larger than 'pos'. The code then sets the internal jffs2_raw_inode->isize to the size of max(current inode size, pageofs) but that is wrong: the new file size should be the 'pos', which is larger than both the current inode size and pageofs. Similarly, the code incorrectly sets the internal jffs2_raw_inode->dsize to the difference between the pageofs minus current inode size; instead it should be the current pos minus the current inode size. Finally, inode->i_size was also set incorrectly. The patch below fixes this bug. The bug was discovered using a new tool for finding f/s bugs using model checking, called MCFS (Model Checking File Systems). Signed-off-by: Yifei Liu <yifeliu@cs.stonybrook.edu> Signed-off-by: Erez Zadok <ezk@cs.stonybrook.edu> Signed-off-by: Manish Adkar <madkar@cs.stonybrook.edu> Signed-off-by: Richard Weinberger <richard@nod.at> |
||
Linus Torvalds
|
2241ab53cb | Linux 6.2-rc5 | ||
|
Linus Torvalds
|
95f184d0e1 |
io_uring-6.2-2023-01-21
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPMUNsQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpnvcD/wNdwcUhKbTffXBbOY4ma1m/onW0fiIjiT4 b5fQodwI+zaEvhdW4qy8L00mHQFeIag5/EfsQbM8zrrwcmXISaqJkdgG7/KPFlYJ UkuXi9XU3hR4/LKmXZKNRSs+HYWjARAuSTIaI03B9JKkNnDqkqQg8173lA/ejhkq J2tdZbRoOFhBtW1RgpuCHG0WRfrAo4NM97kR/Rr5CuPSPtQ1gGssmdUdTRn9ryVV i7SPzn0gfkOp9JS9wJx4WFG6uvHPOlONwbCMZEpoHuXZCbOKj0aYx97GcOt1AwCL pwaBTpS76So8nACcsdhwh7hgtbNwlkEChWS5dwe0j7TEmtzVUYRduWekcHYvSQ+2 SjxWg1lmdRBYOmxw6XzJcsaz1SG396RxU7uek/OSpw1kze48ZyjlKzlu4UTnVhvA lwMPwOcWG2VwFroWP9QQJ6xLv+qCQkHAIPBczqRbuoAuF8Q8JfvH4gezGm2c3Zcp jz2hYG7gg5/2Ci3//5i5R5CeiS0aVnyycFMEJ+ITkj9xFnzzrr1HOXl9w4KFZakH 3thMaGcK0CC+uWGnZmKgXh7CZ//IMQqbhXmeTMUakgrL4M9llhgPse1QfCRP5OQR 1Vfuvc4s6fMVRChb9Fu4masRhN4tQzafH1haM5q1onWeRvzAkRdri7c2micmsUiJ xFNvPmFBXA== =1c2L -----END PGP SIGNATURE----- Merge tag 'io_uring-6.2-2023-01-21' of git://git.kernel.dk/linux Pull another io_uring fix from Jens Axboe: "Just a single fix for a regression that happened in this release due to a poll change. Normally I would've just deferred it to next week, but since the original fix got picked up by stable, I think it's better to just send this one off separately. The issue is around the poll race fix, and how it mistakenly also got applied to multishot polling. Those don't need the race fix, and we should not be doing any reissues for that case. Exhaustive test cases were written and committed to the liburing regression suite for the reported issue, and additions for similar issues" * tag 'io_uring-6.2-2023-01-21' of git://git.kernel.dk/linux: io_uring/poll: don't reissue in case of poll race on multishot request |
||
|
Linus Torvalds
|
f671440228 |
Char/Misc driver fixes for 6.2-rc5
Here are some small char/misc and other subsystem driver fixes for
6.2-rc5 to resolve a few reported issues. They include:
- long time pending fastrpc fixes (should have gone into 6.1, my
fault.)
- mei driver/bus fixes and new device ids
- interconnect driver fixes for reported problems
- vmci bugfix
- w1 driver bugfixes for reported problems
Almost all of these have been in linux-next with no reported problems,
the rest have all passed 0-day bot testing in my tree and on the mailing
lists where they have sat too long due to me taking a long time to catch
up on my pending patch queue.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY8wBNA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+yk30QCgrdhgSnL4s2o/y0L/nkB4ubg9spkAoJtmRHe4
EYj/RIm7VYef65aIElVT
=Cj+i
-----END PGP SIGNATURE-----
Merge tag 'char-misc-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small char/misc and other subsystem driver fixes for
6.2-rc5 to resolve a few reported issues. They include:
- long time pending fastrpc fixes (should have gone into 6.1, my
fault)
- mei driver/bus fixes and new device ids
- interconnect driver fixes for reported problems
- vmci bugfix
- w1 driver bugfixes for reported problems
Almost all of these have been in linux-next with no reported problems,
the rest have all passed 0-day bot testing in my tree and on the
mailing lists where they have sat too long due to me taking a long
time to catch up on my pending patch queue"
* tag 'char-misc-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
VMCI: Use threaded irqs instead of tasklets
misc: fastrpc: Pass bitfield into qcom_scm_assign_mem
gsmi: fix null-deref in gsmi_get_variable
misc: fastrpc: Fix use-after-free race condition for maps
misc: fastrpc: Don't remove map on creater_process and device_release
misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
misc: fastrpc: fix error code in fastrpc_req_mmap()
mei: me: add meteor lake point M DID
mei: bus: fix unlink on bus in error path
w1: fix WARNING after calling w1_process()
w1: fix deadloop in __w1_remove_master_device()
comedi: adv_pci1760: Fix PWM instruction handling
interconnect: qcom: rpm: Use _optional func for provider clocks
interconnect: qcom: msm8996: Fix regmap max_register values
interconnect: qcom: msm8996: Provide UFS clocks to A2NoC
dt-bindings: interconnect: Add UFS clocks to MSM8996 A2NoC
|
||
|
Linus Torvalds
|
c88a311470 |
Driver core fixes for 6.2-rc5
Here are 3 small driver and kernel core fixes for 6.2-rc5. They include: - potential gadget fixup in do_prlimit - device property refcount leak fix - test_async_probe bugfix for reported problem. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY8wB5g8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+yl+5ACfbXPXK7nokMtxvs/9ybhH+IM63X0AmwYXZ5mK 3dCNVFru/lAZzS7HaR5F =4fuA -----END PGP SIGNATURE----- Merge tag 'driver-core-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fixes from Greg KH: "Here are three small driver and kernel core fixes for 6.2-rc5. They include: - potential gadget fixup in do_prlimit - device property refcount leak fix - test_async_probe bugfix for reported problem" * tag 'driver-core-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: prlimit: do_prlimit needs to have a speculation check driver core: Fix test_async_probe_init saves device in wrong array device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() |
||
|
Linus Torvalds
|
bb86d65775 |
Staging driver fix for 6.2-rc5
Here is a single staging driver fix for 6.2-rc5. It resolves a build issue reported and Fixed by Arnd in the vc04_services driver. It's been in linux-next this week with no reported problems. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY8wCRA8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ykjxQCfUhSZNjIy73tZg8haV7jXEVbekvAAoMz3Ploo 7TC1ZzaPkiQfIoagMcua =UzbQ -----END PGP SIGNATURE----- Merge tag 'staging-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fix from Greg KH: "Here is a single staging driver fix for 6.2-rc5. It resolves a build issue reported and Fixed by Arnd in the vc04_services driver. It's been in linux-next this week with no reported problems" * tag 'staging-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: vchiq_arm: fix enum vchiq_status return types |
||
|
Linus Torvalds
|
bd5cc6ee8f |
TTY/Serial driver fixes for 6.2-rc5
Here are some small tty and serial driver fixes for 6.2-rc5 that resolve
a number of tiny reported issues and some new device ids. They include:
- new device id for the exar serial driver
- speakup tty driver bugfix
- atmel serial driver baudrate fixup
- stm32 serial driver bugfix and then revert as the bugfix broke the
build. That will come back in a later pull request once it is all
worked out properly.
- amba-pl011 serial driver rs486 mode bugfix
- qcom_geni serial driver bugfix
Most of these have been in linux-next with no reported problems (well,
other than the build breakage which generated the revert), the new
device id passed 0-day testing.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY8wDQA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynGegCguB+ZpDHKt9wccrGP3h/dwT2MAm8AnAqG4bmy
Yw/cHHPt9gx+AW6RBtAL
=EymN
-----END PGP SIGNATURE-----
Merge tag 'tty-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty/serial driver fixes from Greg KH:
"Here are some small tty and serial driver fixes for 6.2-rc5 that
resolve a number of tiny reported issues and some new device ids. They
include:
- new device id for the exar serial driver
- speakup tty driver bugfix
- atmel serial driver baudrate fixup
- stm32 serial driver bugfix and then revert as the bugfix broke the
build. That will come back in a later pull request once it is all
worked out properly.
- amba-pl011 serial driver rs486 mode bugfix
- qcom_geni serial driver bugfix
Most of these have been in linux-next with no reported problems (well,
other than the build breakage which generated the revert), the new
device id passed 0-day testing"
* tag 'tty-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
serial: exar: Add support for Sealevel 7xxxC serial cards
Revert "serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler"
tty: serial: qcom_geni: avoid duplicate struct member init
serial: atmel: fix incorrect baudrate setup
tty: fix possible null-ptr-defer in spk_ttyio_release
serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler
serial: amba-pl011: fix high priority character transmission in rs486 mode
serial: pch_uart: Pass correct sg to dma_unmap_sg()
tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
|
||
|
Linus Torvalds
|
e67da28898 |
USB / Thunderbolt fixes for 6.2-rc5
Here are a number of small USB and Thunderbolt driver fixes and new device id changes for 6.2-rc5. Included in here are: - thunderbolt bugfixes for reported problems - new usb-serial driver ids added - onboard_hub usb driver fixes for much-reported problems - xhci bugfixes - typec bugfixes - ehci-fsl driver module alias fix - iowarrior header size fix - usb gadget driver fixes All of these, except for the iowarrior fix, have been in linux-next with no reported issues. The iowarrior fix passed the 0-day testing and is a one digit change based on a reported problem in the driver (which was written to a spec, not the real device that is now available.) Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY8wETA8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ymzQQCbBOPYVF6LWGoUCAi5nFbPgz0yAPYAoMpVH8Gx iSoT351gbn65LS+45ehc =mGTv -----END PGP SIGNATURE----- Merge tag 'usb-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB / Thunderbolt fixes from Greg KH: "Here are a number of small USB and Thunderbolt driver fixes and new device id changes for 6.2-rc5. Included in here are: - thunderbolt bugfixes for reported problems - new usb-serial driver ids added - onboard_hub usb driver fixes for much-reported problems - xhci bugfixes - typec bugfixes - ehci-fsl driver module alias fix - iowarrior header size fix - usb gadget driver fixes All of these, except for the iowarrior fix, have been in linux-next with no reported issues. The iowarrior fix passed the 0-day testing and is a one digit change based on a reported problem in the driver (which was written to a spec, not the real device that is now available)" * tag 'usb-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (40 commits) USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 usb: host: ehci-fsl: Fix module alias usb: dwc3: fix extcon dependency usb: core: hub: disable autosuspend for TI TUSB8041 USB: fix misleading usb_set_intfdata() kernel doc usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() USB: gadget: Add ID numbers to configfs-gadget driver names usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail usb: gadget: g_webcam: Send color matching descriptor per frame usb: typec: altmodes/displayport: Use proper macro for pin assignment check usb: typec: altmodes/displayport: Fix pin assignment calculation usb: typec: altmodes/displayport: Add pin assignment helper usb: gadget: f_fs: Ensure ep0req is dequeued before free_request usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait usb: misc: onboard_hub: Move 'attach' work to the driver usb: misc: onboard_hub: Invert driver registration order usb: ucsi: Ensure connector delayed work items are flushed usb: musb: fix error return code in omap2430_probe() usb: chipidea: core: fix possible constant 0 if use IS_ERR(ci->role_switch) xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables ... |
||
|
Linus Torvalds
|
83cd5fd014 |
Kbuild fixes for v6.2 (3rd)
- Hide LDFLAGS_vmlinux from decompressor Makefiles to fix error messages
when GNU Make 4.4 is used.
- Fix 'make modules' build error when CONFIG_DEBUG_INFO_BTF_MODULES=y.
- Fix warnings emitted by GNU Make 4.4 in scripts/kconfig/Makefile.
- Support GNU Make 4.4 for scripts/jobserver-exec.
- Show clearer error message when kernel/gen_kheaders.sh fails due to
missing cpio.
-----BEGIN PGP SIGNATURE-----
iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmPLnykVHG1hc2FoaXJv
eUBrZXJuZWwub3JnAAoJED2LAQed4NsGQ6QQAK+nhDBi+2X2F6D/KP4hIHSawRAx
oqbrYf+xfVB6sBpcqwlzW1jajqmHgwIYX0OmUMEGOoYsKcJ+ZtmMmGnBaukepXjt
6KVyLghNNdGPYHGrwMrvNIB2qUHQhrCP82laU701adac+mRnEAnubvIk+nJl00mF
g2gnlwtxqfH09xO2BICCMYzTnag63bIlNzkIFB4yz2LWGQZ3knHJ7THNOr9J3O3v
lx5bsQOGJYqq7q8UiTM5Y5GiWKhzupF56Q86ppIduV6LmzD7aj5sQgieGcgbkLW9
K2xXE/eIVKFPo5tazlDH5i/4oOo0ykjimt0qOd7ya1jHsgU1Qpst2cbe+evJP8fs
FcorOaizpvGYEM4C5kBh9x4kGdu71Dx9T/+JWHZ1u4vxw78DD4CqhdcZE7sR5cVr
A5RcbtIurNUka1GTllu27GqVrxLc8splMiyx9456MfHixywyvmpagW6DiU2MgLcx
wrlwN4VMylCAEKWNHB2FyeHevJqwfZgqfLTXvNGN6xQ4hITuVwTFpO6RdzztXVba
qIMMK6eK+6PKIidVDPb5dEJpkownlubccE84lYl55qSVo3CgKuweZOH1If78gGQU
927fFDyVTFtJsf68EEUUGxUS8OgWBQD9daTbNqnK28PLWWG/wtEjgHipycE4/QWN
lPMHP/qE7x3DLSB9
=m1Ee
-----END PGP SIGNATURE-----
Merge tag 'kbuild-fixes-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
- Hide LDFLAGS_vmlinux from decompressor Makefiles to fix error
messages when GNU Make 4.4 is used.
- Fix 'make modules' build error when CONFIG_DEBUG_INFO_BTF_MODULES=y.
- Fix warnings emitted by GNU Make 4.4 in scripts/kconfig/Makefile.
- Support GNU Make 4.4 for scripts/jobserver-exec.
- Show clearer error message when kernel/gen_kheaders.sh fails due to
missing cpio.
* tag 'kbuild-fixes-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
kheaders: explicitly validate existence of cpio command
scripts: support GNU make 4.4 in jobserver-exec
kconfig: Update all declared targets
scripts: rpm: make clear that mkspec script contains 4.13 feature
init/Kconfig: fix LOCALVERSION_AUTO help text
kbuild: fix 'make modules' error when CONFIG_DEBUG_INFO_BTF_MODULES=y
kbuild: export top-level LDFLAGS_vmlinux only to scripts/Makefile.vmlinux
init/version-timestamp.c: remove unneeded #include <linux/version.h>
docs: kbuild: remove mention to dropped $(objtree) feature
|
||
|
Linus Torvalds
|
f3bbac3247 |
ext4: deal with legacy signed xattr name hash values
We potentially have old hashes of the xattr names generated on systems
with signed 'char' types. Now that everybody uses '-funsigned-char',
those hashes will no longer match.
This only happens if you use xattrs names that have the high bit set,
which probably doesn't happen in practice, but the xfstest generic/454
shows it.
Instead of adding a new "signed xattr hash filesystem" bit and having to
deal with all the possible combinations, just calculate the hash both
ways if the first one fails, and always generate new hashes with the
proper unsigned char version.
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/oe-lkp/202212291509.704a11c9-oliver.sang@intel.com
Link: https://lore.kernel.org/all/CAHk-=whUNjwqZXa-MH9KMmc_CpQpoFKFjAB9ZKHuu=TbsouT4A@mail.gmail.com/
Exposed-by:
|
||
Greg Kroah-Hartman
|
7397906057 |
prlimit: do_prlimit needs to have a speculation check
do_prlimit() adds the user-controlled resource value to a pointer that will subsequently be dereferenced. In order to help prevent this codepath from being used as a spectre "gadget" a barrier needs to be added after checking the range. Reported-by: Jordy Zomer <jordyzomer@google.com> Tested-by: Jordy Zomer <jordyzomer@google.com> Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
f883675bf6 |
gpio fixes for v6.2-rc5
- fix a potential race condition and always set GPIOs used as interrupt source to input in gpio-mxc - fix a GPIO ACPI-related issue with system suspend on Clevo NL5xRU -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmPLFecACgkQEacuoBRx 13JVhRAAtaM45L65GHsiio06G3DOJthvvEXPvxN+bOgsLVrl+XE8jlEZrPkjjkwM jPDPpd5HLXXDxApOK2vVEXlSXS/4DuPMo7FyTInz/H2oTMXK3WubMTUM2iddgnQr fKjRTkhaeB+dQlrQ/6ZgT08cw+Bf3r0M+A0Mo8h63xzldxNssS3pHd1s3fxiebzG pLSlZzfBhLcXOGn74BttTTEKHLvA03CnEV/Kn1VcljLhGvudfdKzm58ncwONclea v8y3wNj9GdcUhBSnpRxISURW2K8g3SkRVPUjefqsy9xqXMBogsp2cxUjoP/6wsj0 yphDc9ArbdDJSaX7pewtzXmM1BsWAj7NqkOCFzl7Rg5VP7gcfj1Gdc3USSD721ID 4C8VfvakrS3QcfoZvynYB8RKGZuWaM/PibZAgCMq9fErGVPvs5YjFOID3bsVYaIw pbL6PQSsnZN1XLqPDFHGyVcBjvYR2JVWs5nuZPn3c4DhmAWgha3A51vq6vu/nUSx jTeBI/G0fXrc+Ohge6G8nnzKCddZTMT1niUaTO8H9n6aWYw0fGZfasEsWvJnAJxD uQ9MIQhtzM3mKCGWbx1d9l2gSj7/otrUSCG5Zx9OOuCGvq9WpEOwDDyQCoLLAb3X 7UsJT/hy1fPLhJgk5Byy/JW3DoqkNv+BbTeyiqgvnX/ClHhFj6Y= =x2Ca -----END PGP SIGNATURE----- Merge tag 'gpio-fixes-for-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux Pull gpio fixes from Bartosz Golaszewski: - fix a potential race condition and always set GPIOs used as interrupt source to input in gpio-mxc - fix a GPIO ACPI-related issue with system suspend on Clevo NL5xRU * tag 'gpio-fixes-for-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xRU gpiolib: acpi: Allow ignoring wake capability on pins that aren't in _AEI gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock |
||
|
Linus Torvalds
|
4e31badaa1 |
8 smb3 client fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmPK6WoACgkQiiy9cAdy T1G0kwv8CrtMwfk/DXhDoWKM5xCkw8at+LSI7KaL9A/xt+w2whU/bi87cC0usuiH ofdIoQnUiaTxsdcg3PZby9cX7PNPiF+B7pD+BYfIcsE4yV7xkB2B6bNpz5Yf/7d6 gx7HchkZBmGSbbYn5dBZobWiLiWMYsPn5B/0W1bpya5HvXZkhBUwLUMncHcfhgcU B3g+qxnEDuuxJlI9+t+FCRvrLmz6Wfme9FDMzEtgoH4/ym5Vx8RzUjFLSbNfcP1m zJSADjUQ8CIntvE5egGefmojO6w9Urmg1x8ZJFb37CvlC00X/a2af1i3YhpBYIpU ae0+4os+6RluJnrV9rWHQ0AZKm0ZzgLakCjyas2dyXHUC42ytBRPdCPjUKVA6fAM FhhITe7Xcu+VWN1s7mAqmbHTC2H8dzqqxOom/497msU9jKBUzETsf7Agzof+VP0m 3c7aRdKpLEBgvsst8a8sWkJZb5LuGG4EgyQXMPJ9+dfqwFkCmVXHUzGMnNnbUDLU c7k81xnp =k4Xk -----END PGP SIGNATURE----- Merge tag '6.2-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: - important fix for packet signature calculation error - three fixes to correct DFS deadlock, and DFS refresh problem - remove an unused DFS function, and duplicate tcon refresh code - DFS cache lookup fix - uninitialized rc fix * tag '6.2-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: remove unused function cifs: do not include page data when checking signature cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() cifs: handle cache lookup errors different than -ENOENT cifs: remove duplicate code in __refresh_tcon() cifs: don't take exclusive lock for updating target hints cifs: avoid re-lookups in dfs_cache_find() cifs: fix potential deadlock in cache_refresh_path() |
||
|
Linus Torvalds
|
8440ffcd68 |
Pin control fixes for the v6.2 series:
- Compilation fix for Sunplus sp7021 - Add some missing headers after a cleanup to the Nomadik driver - Fix pull type and mux routes on Rockchip RK3568 -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmPLBQIACgkQQRCzN7AZ XXPWChAAkygzD9nCTTwcbcaR2GYlLrtyt22meHhmVTXhbsyTvYQdbeHtHv04Dg2s WJF0WJshLaJL/FgJGRhXRz9Ec1XOg2BtqnEniEncFYZDZuca2YyLeBEvce8Ytkak XKga9XYyLOs1wC66gh7NVod3Q/1sZPnQIGOpP5lM3of6EiHp5Itg+1aSgzJvenxT 3Z0dMPcLqqcioSzWZh3u4bAIFrS1K9Tb6iDyjandKD6tYvOXJEXrzj0zitRcM8Ao T4PPfSapRpHLjPDAQ7MXAZCLuUlpwg2VTv9z8oi0bBaYa2BbWtXGTeY/bCbl1Fua NPtR501bVgb/fS7EjAN8tc6HAUgu37naiJY3OwMK+PS8MpvaWYIHDaBp33JYTpHV E0L1H3/9aq+SUuqn2ZRJsFE5b+eZwGCu+UEg9ezOwDcIh/wJVuHQXdwCDEv6iq4D qIRaN2JdK5FdOil+5NnLFhrgaU2xo+GMvLQDO7LZeeAh/GvpCYzZ4FRoyA/w1Eaf Pu4MgTJ2fL/zfCEYkxoZr6g7q4Yd/HZ3cTiDKFa2VBbxQYkPQfUSTYfkLN76l/r6 L26wLUQ+if+8MhxZdmrUDZJZnKslVS4Rhpj/PqNj21dX7a/bJ9YBs04Y4jxTkSOH IfXS+3xYkuO4/j64udl7x7qgpPWAi1kN/QEd8QCMEZ7iU/1vsnc= =8RV7 -----END PGP SIGNATURE----- Merge tag 'pinctrl-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: - Compilation fix for Sunplus sp7021 - Add some missing headers after a cleanup to the Nomadik driver - Fix pull type and mux routes on Rockchip RK3568 * tag 'pinctrl-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: rockchip: fix mux route data for rk3568 pinctrl: rockchip: fix reading pull type on rk3568 pinctrl: nomadik: Add missing header(s) pinctrl: sp7021: fix unused function warning |
||
|
Linus Torvalds
|
8974efaa33 |
v6.2 second rc pull request
- Several hfi1 patches fixing some long standing driver bugs - Overflow when working with sg lists with elements greater than 4G - An rxe regression with object numbering after the mrs reach their limit - A theoretical problem with the scatterlist merging code -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCY8sBzAAKCRCFwuHvBreF YWMBAP92rk8L3oLrNbYTryNTv8w/LicLhmAvhC42KRy8klvFkAD6A+wskhxmHMgO aSdznob6peMEyNONZUKcijqjnSXhyAY= =brq4 -----END PGP SIGNATURE----- Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: - Several hfi1 patches fixing some long standing driver bugs - Overflow when working with sg lists with elements greater than 4G - An rxe regression with object numbering after the mrs reach their limit - A theoretical problem with the scatterlist merging code * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: lib/scatterlist: Fix to calculate the last_pg properly IB/hfi1: Remove user expected buffer invalidate race IB/hfi1: Immediately remove invalid memory from hardware IB/hfi1: Fix expected receive setup error exit issues IB/hfi1: Reserve user expected TIDs IB/hfi1: Reject a zero-length user expected buffer RDMA/core: Fix ib block iterator counter overflow RDMA/rxe: Prevent faulty rkey generation RDMA/rxe: Fix inaccurate constants in rxe_type_info |
||
Jens Axboe
|
8caa03f10b |
io_uring/poll: don't reissue in case of poll race on multishot request
A previous commit fixed a poll race that can occur, but it's only
applicable for multishot requests. For a multishot request, we can safely
ignore a spurious wakeup, as we never leave the waitqueue to begin with.
A blunt reissue of a multishot armed request can cause us to leak a
buffer, if they are ring provided. While this seems like a bug in itself,
it's not really defined behavior to reissue a multishot request directly.
It's less efficient to do so as well, and not required to rearm anything
like it is for singleshot poll requests.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Linus Torvalds
|
edc00350d2 |
block-6.2-2023-01-20
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPK8NUQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgptS/EADT+m0n7jjonp7NoENoZT2y4o5ayESuEmBV
X8QUg/Ji1P3VG3QzI+yCqevGa2Rkkd8EenlokpjLliuqPdb/aZ56G7rsebotzWu3
zOV3XNvKvD0thiMIjmXABvmUKdb3lcrM5tpC9Uqq6L52SqbtkSsPUVO+rWE/tTZk
u97dUmyQcaD2brGfn4AcR0wgQoxrcLbmUpa/TKhFIDPDl+4PFi2ePoSQSsdDJT8R
PTvQhud1dl/wJ3733vj8S8s4Sxkbm5xXt50oDaTSmdOWSNOuMNuyW3WqkZ/SPdyK
LDmtOXEfuiokJK/l+DZ9SKt6jONW6ShdEaUo37/8yjYCnZFvWkcfn+6mWaDygjqS
eI3Mwb91w8K9krTZU1tGq3qOtxEJwbtLHCM96nh8SHLjNrYYrkZQZHOcea9CgX8h
iMzI5ylP2t6RofwHwwFoZYGOxrRz/R5LS+pCFIv720QnBjb9ZpO9zoDQaDl5tOS6
UpuL3XPzs9rZZizY00NG6+vQeSdSLRyyjs4XIWYxrZy2wuC2EjM0HstMfefldQcJ
uEfgrVgd/pcUTNzCG8uH8cZbmeflivm18J6OX86l2X9d3m62HD5gULHFOFxbDwsC
zoQOsyaGVRLpO0+/0MKs7aLaZlk40VDb4XdRsM6qbd4+x+J7yicvGrkUxS6cZMwT
VlQm3YUc0g==
=L12Q
-----END PGP SIGNATURE-----
Merge tag 'block-6.2-2023-01-20' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
"Various little tweaks all over the place:
- NVMe pull request via Christoph:
- fix controller shutdown regression in nvme-apple (Janne Grunau)
- fix a polling on timeout regression in nvme-pci (Keith Busch)
- Fix a bug in the read request side request allocation caching
(Pavel)
- pktcdvd was brought back after we configured a NULL return on bio
splits, make it consistent with the others (me)
- BFQ refcount fix (Yu)
- Block cgroup policy activation fix (Yu)
- Fix for an md regression introduced in the 6.2 cycle (Adrian)"
* tag 'block-6.2-2023-01-20' of git://git.kernel.dk/linux:
nvme-pci: fix timeout request state check
nvme-apple: only reset the controller when RTKit is running
nvme-apple: reset controller during shutdown
block: fix hctx checks for batch allocation
block/rnbd-clt: fix wrong max ID in ida_alloc_max
blk-cgroup: fix missing pd_online_fn() while activating policy
pktcdvd: check for NULL returna fter calling bio_split_to_limits()
block, bfq: switch 'bfqg->ref' to use atomic refcount apis
md: fix incorrect declaration about claim_rdev in md_import_device
|
||
|
Linus Torvalds
|
9c38747f0c |
io_uring-6.2-2023-01-20
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPK8LcQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpieSD/9Mip2tHIQYITn8kYrlcw4+r7mOkj6h8fwe
vHbwf8Cc5yBATNTo8kqflyboTYmSnwJo5hZn2aMJ2/5hGOkUtZe2t+WExwBK9gwo
hFd2rqFVYji0tM2oLee+W42NhOm758mY0oWeNIlRJUISoRt8P6NPID+mK/SrWSI6
lZ9vzLyxbq9N09LzmchF8mkN148mLpckRr68kc9RgtTxhLBkw2TsQfMWrsTq9I6m
J1ZMa1zNrBq0iJUYI8hD79/T4KS0HKtyFftcqWKlxJW3MOqpwyEwCqRvzxUE576L
7AiLEPZcW1zeZGfY6FjYhoc6+fLMYsjgYgfnU5XC0zNFPlyT9JiN85nN7khNAkUe
W25ZF40HDw67slky9JbNLWYdEOW1nU/YkVhUk8VbL40cr9fyRnVHc2I/nAjYVmm4
JQTykEAZuTU/p9eTJ8SVJ22vstrGEZElBqvZuFSSA9LAIDP5kOuBSypQ02bRAKim
Y73ShrjoAirDuEZiFXQzMd8xqpc9DeL4uqKP3SEstkaajIP52qoljrEKRPhBPxMW
oYygAl3kzU6XUBEqHvp/JqeL/s0qXgH+3dlp3cf5VYgQPw19skIRKftTaPnDCmbv
jUl0eOx9WCAxRHE6Q2n3fz62woozzLIsc4MJTyAoYZHbtBPY2uG8fnR19/ymhoSr
hFJXRiwD+w==
=/7Uv
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.2-2023-01-20' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
"Fixes for the MSG_RING opcode. Nothing really major:
- Fix an overflow missing serialization around posting CQEs to the
target ring (me)
- Disable MSG_RING on a ring that isn't enabled yet. There's nothing
really wrong with allowing it, but 1) it's somewhat odd as nobody
can receive them yet, and 2) it means that using the right delivery
mechanism might change. As nobody should be sending CQEs to a ring
that isn't enabled yet, let's just disable it (Pavel)
- Tweak to when we decide to post remotely or not for MSG_RING
(Pavel)"
* tag 'io_uring-6.2-2023-01-20' of git://git.kernel.dk/linux:
io_uring/msg_ring: fix remote queue to disabled ring
io_uring/msg_ring: fix flagging remote execution
io_uring/msg_ring: fix missing lock on overflow for IOPOLL
io_uring/msg_ring: move double lock/unlock helpers higher up
|
||
|
Linus Torvalds
|
26e57507a0 |
for-6.2-rc4-tag
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmPKw1QACgkQxWXV+ddt WDtwJw//UjVo7LEI6A86M73n/hGl/VDDJGaWB/FN/jrHoCeMrwd9BrC+ziD8Z8sx YoPJm9BIvvURFHZk257YuJmrkjWzh2x5T59BpsMjhg0MOiFNWIP+Cm4bc1pDgXoE 1y3YVYja3lvhR8IlUV9XGtNh16AVCzY5JQ3W8xem67+IIwa5xmOJRmDO1VIjHMGo kpWNTDBBIBFTfkeXqZFRaHVnf99YDBKtm3zPjsvSafqewYrVHV+Ioy19f5OAprIm E3gDVAZa5qzT0wX4Za0C9JgtlSIAQ9Q0z6s8DLbFF5B1sT1hJPKmadMSC7mvihI8 edQHuZnNmQ0ppGWK0jzxL3bLeF4fRq/u+/MxGx27OVyrdvZ3dD9VXWfxoEQ+lisI NrN8MvYtHH2Rnm2o9eiH9oIdbEame4yd31j4KhId6BjRALpmASnXY1vfv4m+Fsja JJ3VCQyuVCkOoC4lvLHku+/uNWpRX8xs18Bt80M/olrNM8JZc4EXssv/5uguAWOc 5SLwpkppnlHAGYOlva3TNV15mBO9gUiLQJ6YCAM2WQM+0+LmIMlSkc90n38g7KzP 351zvxkMbcaM9gRChfPxjejCJw0KY3Y5VbTyBJR65RQfQ2UM4B0QBeA10/zQSG3O gzB4M3at6jSwP4Z731k53q1dIZf4PMSaZVLiARrSTssSrcg6wSU= =Kqrg -----END PGP SIGNATURE----- Merge tag 'for-6.2-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: - fix potential out-of-bounds access to leaf data when seeking in an inline file - fix potential crash in quota when rescan races with disable - reimplement super block signature scratching by marking page/folio dirty and syncing block device, allow removing write_one_page * tag 'for-6.2-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: fix race between quota rescan and disable leading to NULL pointer deref btrfs: fix invalid leaf access due to inline extent during lseek btrfs: stop using write_one_page in btrfs_scratch_superblock btrfs: factor out scratching of one regular super block |
||
|
Linus Torvalds
|
d9166cb31c |
linux-kselftest-fixes-6.2-rc5
This Kselftest fixes update for Linux 6.2-rc5 consists of a single fix address error seen during unconfigured LLVM builds. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAmPKv0MACgkQCwJExA0N QxyVzg//SDB26SRVRIClssnq66PUlT6/MDBSRIO1fyzsurgvpZuB0As2sMBN8JB9 lfmMcG/bR61FYpF9aUAnObz9HhV9Kil/oEik63sTZkE+3LjWbOyePQqykjtqk6/z Rk1Y4ZDrwVztR8XiwzlOEuIyeR/tdnkwJlx4WE0VI+NcsAKzI5012guYbr59tnN0 6eKm1ZjCy5wLSyiEVEYgCMgX7mJEvWYiqSQl/kGdffuIu+4QSJYnEXY5HMMnYIiX HasoIBTnAC1yNdeLEc9rQF5WETzOO5PZdHypkgKwkwAzxPcM2VsCLYwbItgJqTj6 qhoJSrXlwQ8lVrnS+GXR5rAInObhWmN4WSTq4sX0WJWE8gSbYH03ieMAkJRDPmWE jb/WolrPuSIUSkuGRN6cTBM0I08BeNKKPMh26F1RXf0/eDa51FjaOUqFOJohSi9k JUprlni/tgLygj+A6GUVP4gjd1K6jzLEFXrbBPFztn1lxiuRkdW+XqpoExDB9xtd D88K+wvthc5sYYfOxwkDLftDVgjjRSpQ4XiZ2DHxyAQWy3dmRDA1xVjhDW+Qj2aA 8lWRxDAk5Jaqz8E1DFh/pcwHKnsY12Lt0s0iJ4Vq1H7FFcoXiPa4TfzTMOF4xuXa OZRPzfrbrURd/Lvwrr4uCGbCI+J3Ky/Exz27VDocX+OTLJDMtTY= =O4Lm -----END PGP SIGNATURE----- Merge tag 'linux-kselftest-fixes-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull Kselftest fix from Shuah Khan: "Fix an error seen during unconfigured LLVM builds" * tag 'linux-kselftest-fixes-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: kselftest: Fix error message for unconfigured LLVM builds |
||
|
Linus Torvalds
|
dc18175938 |
Thermal control fix for 6.2-rc5
Modify __thermal_cooling_device_register() to make it call put_device() after invoking device_register() and fix up a few error paths calling thermal_cooling_device_destroy_sysfs() unnecessarily (Viresh Kumar). -----BEGIN PGP SIGNATURE----- iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmPK1b8SHHJqd0Byand5 c29ja2kubmV0AAoJEILEb/54YlRxFWgP/jjzhUZ9UQiRZy0ZXN2Tk+7HKq3XKBVT 7G+Rj+vX7edKoK8IbYQHaJ4aGFSmDlcweoKpPlfsmW65OIRE5KQGIyWwDG9zOdqx iNW08Lls9H8RxZNp6Mn5CLe/pizOoWX6qtGXdQdytAJZgCZ3smDvVcVckO1DCyZH BwoIEjlzZltAJEmZiqUciJwtRYrlapflUQnIrMu6b0Sn4Njh2Iz4igTnqIVzQ+4w bQnwUBDv+RFS9A+DpUwjKNcxhyE6Y/uLrgreZOtTFiVuxKbKbFot59D6ixr7b/uB XlMHIctyCU5lp2BXgAoo+xeAFMru7cOwh+rJLrxW7ZPJFtvIWsfLpAAzZKjflKHn sNH92+yWA138phsFi9lBkvs6ebecWf40IQHpUbXV8oxRi2qnfXzn7/N8e9AGo8l7 2sLMzOa+Kf6nSE0i1KEpVHG9b1NiF7EFfQO2/yQ6Xxw0k8ONRd2aplgu55jY28W6 E5/+uSEPodoIc76yG/KKtK7UlPGnKaZwYcRf/jd4NR4S+p1yuU9rx56teNrRux96 ob7HleRtLqRSllfxD5WUjFeUCeEw+DoqTIzAU4+GIcc69OIvMAR4cQEXG9Mif8Ph FTz0Wz10DETembye1RXOqmTcFIa0EJxP8KAAkgT6ezV6yOgjt1VzY1SSqaqsG80b J8rIJkNn3icy =X6Th -----END PGP SIGNATURE----- Merge tag 'thermal-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull thermal control fix from Rafael Wysocki: "Modify __thermal_cooling_device_register() to make it call put_device() after invoking device_register() and fix up a few error paths calling thermal_cooling_device_destroy_sysfs() unnecessarily (Viresh Kumar)" * tag 'thermal-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: thermal: core: call put_device() only after device_register() fails |
||
|
Linus Torvalds
|
fe563a2c55 |
ACPI fixes for 6.2-rc5
- Update the ACPICA development list address in MAINTAINERS to the new
one that does not bounce (Rafael Wysocki).
- Check whether EFI runtime is available when registering the ACPI PRM
address space handler and when running it (Ard Biesheuvel).
- Add backlight=native DMI quirk for Acer Aspire 4810T to the ACPI
video driver (Hans de Goede).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmPK1noSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxqIUP/jp450F+5GLLFHGy+Ni6+Ng8Mv83H8l8
nTMqsG2jF0ACaTYrami1bZK9+b8mKTu5SVlmslEdOXYm32Jse3UoqJ3jq80goMXq
ifi2rp2sxcPH4DJllr2q77BhnULdrAHIPc/hHstVAHAVJ64347NBjD/OPx9UfJD5
TcguWxvZN9+HwSOQjOrCeu5gZmi9yuCKtFogNbrycjVJd3EBdZs+hq30lEWvrA+B
abPDHxOHF+9poTu2jpJkT1Ha78d6jcYFcWXtAivokJkFgJZEAPxSZAeRu7pmUThA
6Cc/Sw7tqrTbiv1X8Vlb5Ii4SpgL7JlHO+lh+ZhDWO906hGcvKpeHASh5wwPDOiS
ospGlRfn1FFDbrxWuY7gp+UYM4xHioG43Sk3NcSu05h8qZcvqSTdahkIDB6oMJYZ
9567FjfYBUUN+CvTOt3YNFCG7ZR3CDQezThOB5rq+p4kv5lCe608v1f0SD+4jmjL
HeZpUij9vOkVAjBEDhXMbTf2byg1ONjgHpPOMHtzBdVToxHTkqCygaQLlc6nFjXg
L6RiQjIiMP/bB9CP01ETCwmyFguhHhDtX/6AjojxvJwsGg2HJaYEHNt8d+je70n6
AOE5DZiXX7uvDZypQOIXcQQeXbohI2B2GEMbZ2T7YBgKLhvwDM4igr2wAZsx7BLt
ypsXF1/N0MBw
=2v8+
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These update the ACPICA entry in MAINTAINERS, add a backlight handling
quirk and fix the ACPI PRM (platform runtime) mechanism support.
Specifics:
- Update the ACPICA development list address in MAINTAINERS to the
new one that does not bounce (Rafael Wysocki)
- Check whether EFI runtime is available when registering the ACPI
PRM address space handler and when running it (Ard Biesheuvel)
- Add backlight=native DMI quirk for Acer Aspire 4810T to the ACPI
video driver (Hans de Goede)"
* tag 'acpi-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: PRM: Check whether EFI runtime is available
ACPI: video: Add backlight=native DMI quirk for Acer Aspire 4810T
MAINTAINERS: Update the ACPICA development list address
|
||
|
Linus Torvalds
|
1670d7e69b |
MMC host:
- sunxi-mmc: Fix clock refcount imbalance during unbind - sdhci-esdhc-imx: Fix some tuning settings -----BEGIN PGP SIGNATURE----- iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmPKa/MXHHVsZi5oYW5z c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjClREA//VmX8lBTD2I5FeHPwF5m4HRz7 jycUjqBFe5PpB6jvqkpPHQmaKkyouXkfdhVhrBKVnatSKvBDDRRjWL/yiG7tNW3r 2uOEYmzCobVRrmcvAJsk2Bxu6b8/YchdYNxR0bVU84z1VDM6skyiVGPlde6Xw9e6 ZLz3ZDDARS6GGFIIZu+mlMI5PHi16mdIXjoihev+zNY3ctwGPxWU9Id9kgGOYYrF 1DSu/u5K3XyE8XWc/yjgP5UD5PEEsbWOQ5HaAbA3WxlTkzHm27CYScrnBc/YQGwJ foy91zhj7vPuEP5Ef0wG8CBkrLdPjFZ1B5ENSOG9O66rTQwpp22Z0qEUkfBI91lH hGI3dGm6bYuIdDqS4BWuDSI4jbyIn7w87NROHjXr39U87FpswoN3fwg9ctJMfW2S d2NvKN8uRJqw2SfsHbISSakJp3ULWtQAbNHsadIDYTyfh/hott65sSTS/faA2qt1 9AqQ41OaoAnYB3DXglyNBReZyNFDn0D9D1TKI6CtuoRiEkLyeButjqniesIs+0c+ oRuGRjMBIoePY31vTRK9/s9bM0ieTrRW+HsyohciEW0X7X9YAIFC0uP2d/01R5NW q0/lBy+nBvFrbWHxLfu+oGs1wQ/ZNlb7aaP4WlvIvgA1KaqxyBQhZuy1Kq7g02wE s7evUrpmmbcROoMYGdA= =v3Cn -----END PGP SIGNATURE----- Merge tag 'mmc-v6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: - sunxi-mmc: Fix clock refcount imbalance during unbind - sdhci-esdhc-imx: Fix some tuning settings * tag 'mmc-v6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sunxi-mmc: Fix clock refcount imbalance during unbind mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting |
||
|
Linus Torvalds
|
1ed46384f8 |
ARM: SoC DT and driver fixes 6.2
Lots of dts fixes for Qualcomm Snapdragon and NXP i.MX platforms,
including:
- A regression fix for SDHCI controllers on Inforce 6540, and
another SDHCI fix on SM8350
- Reenable cluster idle on sm8250 after the the code fix is upstream
- multiple fixes for the QMP PHY binding, needing an incompatible
dt change
- The reserved memory map is updated on Xiaomi Mi 4C and Huawei Nexus
6P, to avoid instabilities caused by use of protected memory regions
- Fix i.MX8MP DT for missing GPC Interrupt, power-domain typo and USB
clock error
- A couple of verdin-imx8mm DT fixes for audio playback support
- Fix pca9547 i2c-mux node name for i.MX and Vybrid device trees
- Fix an imx93-11x11-evk uSDHC pad setting problem that causes Micron
eMMC CMD8 CRC error in HS400ES/HS400 mode
The remaining ARM and RISC-V platforms only have very few
smaller dts bugfixes this time:
- A fix for the SiFive unmatched board's PCI memory space
- A revert to fix a regression with GPIO on Marvell Armada
- A fix for the UART address on Marvell AC5
- Missing chip-select phandles for stm32 boards
- Selecting the correct clock for the sam9x60 memory controller
- Amlogic based Odroid-HC4 needs a revert to restore USB
functionality.
And finally, there are some minor code fixes:
- Build fixes for OMAP1, pxa, riscpc, raspberry pi firmware, and zynq
firmware
- memory controller driver fixes for an OMAP regression and older bugs
on tegra, atmel and mvebu
- reset controller fixes for ti-sci and uniphier platforms
- ARM SCMI firmware fixes for a couple of rare corner cases
- Qualcomm platform driver fixes for incorrect error handling and a
backwards compatibility fix for the apr driver using older dtb
- NXP i.MX SoC driver fixes for HDMI output, error handling in the imx8
soc-id and missing reference counting on older cpuid code
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmPKahwACgkQmmx57+YA
GNnxcA//YBkeRJfseYQoe9OyfkWOVDUIImffhuL+sl6wdEPKHDzqwiVBloMR9GXj
e6g+Qc4OWSHtTozrmIBHbMh41CKTXr+76XYeJwZXxb6VOkAwbJyom9BOsyO8V9oQ
hrnjeqMgHA8VrsP5EFkE8QAEK+ptyiYlPdQdWncqBJn4552xd95P1De3AOsUsjef
Rr/VanMpS2jLuPsTZsR7mT3RmbDbrYCGua84tXihqtfz/4Eqsr9OCKrMnkZbEQty
ehxN1qAOnx7fTr7r/FJFupWN7MPaOEuwYyjQY/cuTlPSt1sq1re7YII6CC5y1wGS
eFOc/m689GvACfCW8bQIVdXcRKcYFKJOK1XvA9168QupCd+cDmuKmu0VdKLCGgTd
9fzbvYfqhXcG8wXKvDPDw2GlMvItxjJ3kzGmHaDU33c+h9Ep9u9C/Jsf/mKYo8E6
TsOAgkl1pU23cuETATi2BXx/HdH8cHUVX1ssuqiGJeVGLF+hsJuEAMS5wKexBnJ0
pVrknInSli7s4qPcVe0GYpULGRxT/FYEEeCBgl9WppkhUaU3h1Pwo2SstL6tdTwE
2vMCEi8HdQuWccxoGMEG1nE1/de2Rxv7bcefVHQTpofv47kDOlnjlIoFy9nCCVaF
fDGbMK3ArpTUNscDBs9d81U3r26/8him36H+QRvWfb7zI7DryxU=
=W7dq
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC DT and driver fixes from Arnd Bergmann:
"Lots of dts fixes for Qualcomm Snapdragon and NXP i.MX platforms,
including:
- A regression fix for SDHCI controllers on Inforce 6540, and another
SDHCI fix on SM8350
- Reenable cluster idle on sm8250 after the the code fix is upstream
- multiple fixes for the QMP PHY binding, needing an incompatible dt
change
- The reserved memory map is updated on Xiaomi Mi 4C and Huawei Nexus
6P, to avoid instabilities caused by use of protected memory
regions
- Fix i.MX8MP DT for missing GPC Interrupt, power-domain typo and USB
clock error
- A couple of verdin-imx8mm DT fixes for audio playback support
- Fix pca9547 i2c-mux node name for i.MX and Vybrid device trees
- Fix an imx93-11x11-evk uSDHC pad setting problem that causes Micron
eMMC CMD8 CRC error in HS400ES/HS400 mode
The remaining ARM and RISC-V platforms only have very few smaller dts
bugfixes this time:
- A fix for the SiFive unmatched board's PCI memory space
- A revert to fix a regression with GPIO on Marvell Armada
- A fix for the UART address on Marvell AC5
- Missing chip-select phandles for stm32 boards
- Selecting the correct clock for the sam9x60 memory controller
- Amlogic based Odroid-HC4 needs a revert to restore USB
functionality.
And finally, there are some minor code fixes:
- Build fixes for OMAP1, pxa, riscpc, raspberry pi firmware, and zynq
firmware
- memory controller driver fixes for an OMAP regression and older
bugs on tegra, atmel and mvebu
- reset controller fixes for ti-sci and uniphier platforms
- ARM SCMI firmware fixes for a couple of rare corner cases
- Qualcomm platform driver fixes for incorrect error handling and a
backwards compatibility fix for the apr driver using older dtb
- NXP i.MX SoC driver fixes for HDMI output, error handling in the
imx8 soc-id and missing reference counting on older cpuid code"
* tag 'soc-fixes-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (60 commits)
firmware: zynqmp: fix declarations for gcc-13
ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp151a-prtt1l
ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp157c-emstamp-argon
ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp15xx-dhcom-som
ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp15xx-dhcor-som
ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60
ARM: omap1: fix building gpio15xx
ARM: omap1: fix !ARCH_OMAP1_ANY link failures
firmware: raspberrypi: Fix type assignment
arm64: dts: qcom: msm8992-libra: Fix the memory map
arm64: dts: qcom: msm8992: Don't use sfpb mutex
PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe()
arm64: dts: msm8994-angler: fix the memory map
arm64: dts: marvell: AC5/AC5X: Fix address for UART1
ARM: footbridge: drop unnecessary inclusion
Revert "ARM: dts: armada-39x: Fix compatible string for gpios"
Revert "ARM: dts: armada-38x: Fix compatible string for gpios"
ARM: pxa: enable PXA310/PXA320 for DT-only build
riscv: dts: sifive: fu740: fix size of pcie 32bit memory
soc: qcom: apr: Make qcom,protection-domain optional again
...
|
||
|
Linus Torvalds
|
ff83fec817 |
drm fixes for 6.2-rc5
fb-helper: - switcheroo fix msm: - kexec shutdown fix - fix potential double free i915: - Reject display plane with height == 0 - re-disable RC6p on Sandy Bridge - Fix hugepages' selftest - DG2 hw workarounds - switcheroo fix vc4: - fix a memory leak panfrost: - Kconfig fix amdgpu: - Fix display scaling - Fix RN/CZN power reporting on some firmware versions - Colorspace fixes - Fix resource freeing in error case in CS IOCTL - Fix warning on driver unload - GC11 fixes - DCN 3.1.4/5 S/G display workarounds -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmPKAMEACgkQDHTzWXnE hr6fxA/5ARcRrhnlx+2KzF2urHd6n90+9YDuY93YUYTGLc6m/U4caK32z7keVdst rTrW887zL6GYCJS1e/8R57mG75uBI0bKxWeSw5mBEyz53hu1QNS6d9Wl8dou/bXt YAC6c6Ux0mAIdjna7VFcw/bgean018SzlYmgnurxRAlSl/vRlpYicq3hPMKEd0sl eYPSoaoIGYTFBuJxglARdFIbKs6jxfjVC6mikgcqA9W8Zq2fOMi4ZCfbURtqFteX euuwdXcReveHLzczwQXS3sHwtsbwIeje9HFwlFIMDQcsbn9Aqvd7m/wNXeBXJcXI 9u/LFhCjJCEx2DmJfoBCc/6uO/Q4IT0aS61WXN3S5XyDCrdMXWbt0BH7IvYxA3tp tyiFGzdWn+z1HcwF3dAPe9myjj7HMuSSYSYBK0RekrJWHj0zG9/sbefvjV9dvHWC 8Wc2lYA8vTmLKlwuH4zlNggYK3zD9SoAItYORzcPs7ya2UsqT8ZRLmyBJ7vnFkym I0MX0G9i2PkM+3HynNW3SMZfLbYNItB7VHec6k/f4Vas9/Kzu/vE10t6G1g3EWtA +WCGTKP7P74Mv3m4xvqzMXSVWJU+HOW4rk1sV53EWRVwu8/C25cfrEveh6BU71ZZ c8V4Kfer1OCTmzyV52k4URS6w4XAOEdjaTP4xjYujbMm/Kiqx+c= =uBtr -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2023-01-20' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Just a pretty regular week for this stage of things, amdgpu and i915, along with some msm and misc others. fb-helper: - switcheroo fix msm: - kexec shutdown fix - fix potential double free i915: - Reject display plane with height == 0 - re-disable RC6p on Sandy Bridge - Fix hugepages' selftest - DG2 hw workarounds - switcheroo fix vc4: - fix a memory leak panfrost: - Kconfig fix amdgpu: - Fix display scaling - Fix RN/CZN power reporting on some firmware versions - Colorspace fixes - Fix resource freeing in error case in CS IOCTL - Fix warning on driver unload - GC11 fixes - DCN 3.1.4/5 S/G display workarounds" * tag 'drm-fixes-2023-01-20' of git://anongit.freedesktop.org/drm/drm: (24 commits) drm/amd/display: disable S/G display on DCN 3.1.4 drm/amd/display: disable S/G display on DCN 3.1.5 drm/amdgpu: allow multipipe policy on ASICs with one MEC drm/amdgpu: correct MEC number for gfx11 APUs drm/amd/display: fix issues with driver unload drm/amdgpu: fix amdgpu_job_free_resources v2 drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix drm/amd/display: Calculate output_color_space after pixel encoding adjustment drm/amdgpu: fix cleaning up reserved VMID on release drm/amdgpu: Correct the power calcultion for Renior/Cezanne. drm/amd/display: Fix set scaling doesn's work drm/i915: Remove unused variable drm/i915/dg2: Introduce Wa_18019271663 drm/i915/dg2: Introduce Wa_18018764978 drm/fb-helper: Set framebuffer for vga-switcheroo clients drm/i915: Allow switching away via vga-switcheroo if uninitialized drm/i915/selftests: Unwind hugepages to drop wakeref on error drm/i915: re-disable RC6p on Sandy Bridge drm/panfrost: fix GENERIC_ATOMIC64 dependency drm/i915/display: Check source height is > 0 ... |
||
|
Linus Torvalds
|
35929dae72 |
dmaengine fixes for v6.2
- Jie Hai's email address Update
- double increment of client_count in dma_chan_get()
- Driver fixes for:
- Bunch of idxd driver fixes use after free, probe error handling and
callback on wq disable
- Go tre fix for qcom gpi driver
- ptdma locking fix
- tegra & imx-sdma mem leak fix
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmPKrSQACgkQfBQHDyUj
g0dqcA/+L3UJYc2aFpdv5m/pNaf7EjaExqepXLlKLYFT6hOXfa7XTYGKM0MrWmu6
psGvavz1gADz5gqnMg8nDj/Ynzyd5lRHVjP/u2Wdhrm1TRQug3Mr/wY5UuVD7UIT
XvWcFuYRkufdCUXfijwSeeKopKUQZhqGjn3LyMfZ4UNhcZh+2q8ar7EfnBxqqUHX
wDSQFMV4rnNNLq4IS85UCCcx4J2JYNI/vkvLEVj4mB6PGdSaD8xf6sjzGDn3iW9Y
1BghSxjYRHUmOpO2Il5aUVyjmGYGg6tSRc8gs3CLQuCKMMKCBGCYINlQKm8VV5ts
bassiSEhnCwA5f53j/eq8nQDxqYTlHjrcYnEsrBATs4ehQLBLEJ28FOO5DYTgNky
93q6vxEzJ/aK/ndlay7B4wwbTe6cST66t3ljxbokL1dYoAl8PAQlw/x+lbZ65Pp2
FfyEh13o+Cytzbv27pzwnTNbyq+kKigymcSt/b9rdjQ3Fnblklh7x0a+V974qfXt
EDckPiZxpa90dVteH58qVqrn0rCce4nlhEqUfYxSd4Us8RFIbG2qAhZpIch1GE6u
sjd+yCURFDd0yW7NUe+SVMax4N5Kf4zCg1lkSmlFOgbFDKPygSzqM0bv3NLmQIVY
tZKnLEIV+quDwbaBqbrQskz8QjGfb9DWxSFMkdG1nvIzTgoB4Hw=
=Z2ew
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
Pull dmaengine fixes from Vinod Koul:
- email address Update for Jie Hai
- fix double increment of client_count in dma_chan_get()
- idxd driver fixes: use after free, probe error handling and callback
on wq disable
- fix for qcom gpi driver GO tre
- ptdma locking fix
- tegra & imx-sdma mem leak fix
* tag 'dmaengine-fix-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine:
ptdma: pt_core_execute_cmd() should use spinlock
dmaengine: tegra: Fix memory leak in terminate_all()
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
dmaengine: Fix double increment of client_count in dma_chan_get()
dmaengine: tegra210-adma: fix global intr clear
Add exception protection processing for vd in axi_chan_handle_err function
dmaengine: lgm: Move DT parsing after initialization
MAINTAINERS: update Jie Hai's email address
dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG
dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable
dmaengine: idxd: Prevent use after free on completion memory
dmaengine: idxd: Let probe fail when workqueue cannot be enabled
dmaengine: qcom: gpi: Set link_rx bit on GO TRE for rx operation
|
||
|
Linus Torvalds
|
aaaf919c2e |
phy: fixes for 6.2
Fixes in drivers for: - Binding fix for g12a phys - Kconfig operator precedence for TI driver - renesas: register setting - sunplus: null deref fix - rockchip-inno fix for clk_disable_unprepare() - MDM9607 init sequence revert due to regression -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmPKqp8ACgkQfBQHDyUj g0c8QxAAlT17OSekO44/4j1ZPc1c0fvgf0CEDE6xrcfoD7taByuvFK7gm2NGYSaT 5RNYDniiMBDgchxHvy4BoEAXqrTbGLC6uFBlZ3BcEMM9ONFSU5t/J7YK0gH1WdSq 15Bp491XhWGVr3KlqAxgtatv7qgi0JS/mRmjXnN5ytIxETCqzPWwWvMtMRudQFTy g3pydR1j4bTu/9yhBWfw6OIOnPVRTTmiEaqxUmahTCRld9YWvPLLJCCllZIh3YKS kDF3UKDP0nRTPH7LqPlZtnOFdM0yq8lU8Wzt4Y+QVzTUr2OZ7+hCK03c/kVIA/5e 5tRValarw5hpZ0BfRAqhRIFFkh6K7ImqlMuuduZnDG8v/m7XKse7y2HaVOn9wDY8 l4FgrzJxSbfQzyPk3JYds+9tQezM1IGAc0FxarqY99NYMwHbqAHPs+W/Ft2tRY3W ncG5j9YcGAdIZ/qa9/rY1Qdm9UOkzba9/bsi6ahQcW6QmtrmTtKgs2SKTpGOEnly qwjmjKynVByZ8Kf3310lmhHm8TPs/vN0SAKbzh0VLacAcYmJMV9bN/E/DLzttkKP lFx0GZ1WdyIlQaT/pXMGBPM2fux9oyNIKDn6sRmfe6ybx+I3e1UrHtgJa9HoyJet iJQibehGdM+o+RP12lO97IsvzN1qHhfPkN144r/PZwK95UJsWDM= =MDsZ -----END PGP SIGNATURE----- Merge tag 'phy-fixes-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy Pull phy fixes from Vinod Koul: - binding fix for g12a phys - Kconfig operator precedence for TI driver - renesas: register setting - sunplus: null deref fix - rockchip-inno fix for clk_disable_unprepare() - MDM9607 init sequence revert due to regression * tag 'phy-fixes-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy: phy: phy-can-transceiver: Skip warning if no "max-bitrate" dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation phy: freescale: imx8m-pcie: Add one missing error return phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() phy: renesas: r8a779f0-eth-serdes: Fix register setting phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe() phy: ti: fix Kconfig warning and operator precedence |