'aead_req' and 'aead_send' is allocated but not freed in default switch
case. This commit fixes the potential memory leak by freeing them under
the situation.
Note that the default cases here should never be reached as they'd
mean we allowed offloading an unsupported algorithm.
Fixes: ea7a9d88ba ("net/tls: Use cipher sizes structs")
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Link: https://lore.kernel.org/r/20221110090329.2036382-1-liaoyu15@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
When stmmac_xdp_release() is called, there is a possibility that tx
function is still running on other queues which will lead to tx queue
timed out and reset adapter.
This commit ensure that tx function is not running xdp before release
flow continue to run.
Fixes: ac746c8520 ("net: stmmac: enhance XDP ZC driver level switching performance")
Signed-off-by: Song Yoong Siang <yoong.siang.song@intel.com>
Signed-off-by: Mohd Faizal Abdul Rahim <faizal.abdul.rahim@intel.com>
Signed-off-by: Noor Azura Ahmad Tarmizi <noor.azura.ahmad.tarmizi@intel.com>
Link: https://lore.kernel.org/r/20221110064552.22504-1-noor.azura.ahmad.tarmizi@linux.intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Current driver code will read device tree node information,
and set default values if there is no info provided.
This is not done in non-OF devices leading to SGMII fifo depths being
set to the smallest size.
This patch sets the value to the default value of the PHY as stated in the
PHY datasheet.
Fixes: 4dc08dcc9f ("net: phy: dp83867: introduce critical chip default init for non-of platform")
Signed-off-by: Michael Sit Wei Hong <michael.wei.hong.sit@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20221110054938.925347-1-michael.wei.hong.sit@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
A problem about hinic create debugfs failed is triggered with the
following log given:
[ 931.419023] debugfs: Directory 'hinic' with parent '/' already present!
The reason is that hinic_module_init() returns pci_register_driver()
directly without checking its return value, if pci_register_driver()
failed, it returns without destroy the newly created debugfs, resulting
the debugfs of hinic can never be created later.
hinic_module_init()
hinic_dbg_register_debugfs() # create debugfs directory
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when pci_register_driver() returns error.
Fixes: 253ac3a979 ("hinic: add support to query sq info")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221110021642.80378-1-yuancan@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Afer commit 1fa5ae857b ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
use put_device() to give up the reference, so that the name can be
freed in kobject_cleanup() when the refcount is 0.
The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the
kfree() is removed. list_del() is called in mISDN_dsp_dev_release(),
so it need be initialized.
Fixes: 1fa5ae857b ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109132832.3270119-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
netdev is allocated in bgmac_alloc() with devm_alloc_etherdev() and will
be auto released in ->remove and ->probe failure path. Using free_netdev()
in bgmac_enet_remove() leads to double free.
Fixes: 34a5102c32 ("net: bgmac: allocate struct bgmac just once & don't copy it")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20221109150136.2991171-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Andrii Nakryiko says:
====================
bpf 2022-11-11
We've added 11 non-merge commits during the last 8 day(s) which contain
a total of 11 files changed, 83 insertions(+), 74 deletions(-).
The main changes are:
1) Fix strncpy_from_kernel_nofault() to prevent out-of-bounds writes,
from Alban Crequy.
2) Fix for bpf_prog_test_run_skb() to prevent wrong alignment,
from Baisong Zhong.
3) Switch BPF_DISPATCHER to static_call() instead of ftrace infra, with
a small build fix on top, from Peter Zijlstra and Nathan Chancellor.
4) Fix memory leak in BPF verifier in some error cases, from Wang Yufen.
5) 32-bit compilation error fixes for BPF selftests, from Pu Lehui and
Yang Jihong.
6) Ensure even distribution of per-CPU free list elements, from Xu Kuohai.
7) Fix copy_map_value() to track special zeroed out areas properly,
from Xu Kuohai.
* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
bpf: Fix offset calculation error in __copy_map_value and zero_map_value
bpf: Initialize same number of free nodes for each pcpu_freelist
selftests: bpf: Add a test when bpf_probe_read_kernel_str() returns EFAULT
maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
selftests/bpf: Fix test_progs compilation failure in 32-bit arch
selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms
bpf: Fix memory leaks in __check_func_call
bpf: Add explicit cast to 'void *' for __BPF_DISPATCHER_UPDATE()
bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
bpf: Revert ("Fix dispatcher patchable function entry to 5 bytes nop")
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
====================
Link: https://lore.kernel.org/r/20221111231624.938829-1-andrii@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
introduced post-6.0 or which aren't considered serious enough to justify a
-stable backport.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY27xPAAKCRDdBJ7gKXxA
juFXAP4tSmfNDrT6khFhV0l4cS43bluErVNLh32RfXBqse8GYgEA5EPvZkOssLqY
86ejRXFgAArxYC4caiNURUQL+IASvQo=
=YVOx
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc hotfixes from Andrew Morton:
"22 hotfixes.
Eight are cc:stable and the remainder address issues which were
introduced post-6.0 or which aren't considered serious enough to
justify a -stable backport"
* tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (22 commits)
docs: kmsan: fix formatting of "Example report"
mm/damon/dbgfs: check if rm_contexts input is for a real context
maple_tree: don't set a new maximum on the node when not reusing nodes
maple_tree: fix depth tracking in maple_state
arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level paging
fs: fix leaked psi pressure state
nilfs2: fix use-after-free bug of ns_writer on remount
x86/traps: avoid KMSAN bugs originating from handle_bug()
kmsan: make sure PREEMPT_RT is off
Kconfig.debug: ensure early check for KMSAN in CONFIG_KMSAN_WARN
x86/uaccess: instrument copy_from_user_nmi()
kmsan: core: kmsan_in_runtime() should return true in NMI context
mm: hugetlb_vmemmap: include missing linux/moduleparam.h
mm/shmem: use page_mapping() to detect page cache for uffd continue
mm/memremap.c: map FS_DAX device memory as decrypted
Partly revert "mm/thp: carry over dirty bit when thp splits on pmd"
nilfs2: fix deadlock in nilfs_count_free_blocks()
mm/mmap: fix memory leak in mmap_region()
hugetlbfs: don't delete error page from pagecache
maple_tree: reorganize testing to restore module testing
...
- Another fix for rodata=full. Since rodata= is not a simple boolean on
arm64 (accepting 'full' as well), it got inadvertently broken by
changes in the core code. If rodata=on is the default and rodata=off
is passed on the kernel command line, rodata_full is never disabled.
- Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
explicit conversion to u32 (triggered by the AMPERE1 MIDR definition).
- Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
struct pt_regs type causing the BPF verifier to refuse to load a
tracing program which accesses pt_regs.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmNu1ZQACgkQa9axLQDI
XvHdaQ/+NmdLFZuAbajhpV3NTmiC6oJmPZ9oGKxtBRGoHmH6WxoyB1X3Dj9ZMGBc
qZ1mUohHHwf+xWtX85aPUx4aJKImFuqSOU4MF5gectzXFEr4jR2nx5CYBaRmG+0d
axAUHIID4xWozid79KFUR46myG9GhTv8EGMlrY9VKY2GsFSD/EtNTQZhq+ISc05N
SQAkHN3iiIJhitgTtxxA2jQ8sEOvq41N4VRj4trNUnAp5Gis4nnl9KGpcayN/60z
8/9IGwcaLpnQnlf74E74y53Tfq8ZHSpiNcl3J5Mk1eMNrbkFePakyH/OtpHHYiZ0
/Y1cqUqvK2oZODE1Ro4mBMFLq3+lFMedla5S0jZtjApYnJ8MmUqFQwvJHIn0K02h
oH1OstQtYLUINTF3k1+TaYnmFjenx1eOJ/tdLjkcgI9WFbAYcqu1Z4bcO0HR0fqj
7d7HKCElHg+KIQBTfDtLvO1lNRvdpZYWe5uN3ItzPpYqrah4haHPJXPxcxVChkMv
A445kWMX5pV7CTNzlkrGgWjWkF8EwJ+lgr/xASrpHPxW80cZ7b+eg2lFkU0fptsz
FoHdUduGDB91hHo/k0Adx2gaS37SNOcBczr/1xFcId1ZpcxWwuBM1JeEDz1ccRDR
P9qKykOn6sQ8ykQGDIlyY9Hgaz8KgihT2VDixRyY0NNGq0XO4LM=
=W6FH
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- Another fix for rodata=full. Since rodata= is not a simple boolean on
arm64 (accepting 'full' as well), it got inadvertently broken by
changes in the core code. If rodata=on is the default and rodata=off
is passed on the kernel command line, rodata_full is never disabled
- Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
explicit conversion to u32 (triggered by the AMPERE1 MIDR definition)
- Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
struct pt_regs type causing the BPF verifier to refuse to load a
tracing program which accesses pt_regs
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
arm64: fix rodata=full again
While the ATA specification states that a device should return command
aborted for all commands queued after the device has entered error state,
since ATA only keeps the sense data for the latest command (in non-NCQ
case), we really don't want to send block layer commands to the device
after it has entered error state. (Only ATA EH commands should be sent,
to read the sense data etc.)
Currently, scsi_queue_rq() will check if scsi_host_in_recovery()
(state is SHOST_RECOVERY), and if so, it will _not_ issue a command via:
scsi_dispatch_cmd() -> host->hostt->queuecommand() (ata_scsi_queuecmd())
-> __ata_scsi_queuecmd() -> ata_scsi_translate() -> ata_qc_issue()
Before commit e494f6a728 ("[SCSI] improved eh timeout handler"),
when receiving a TFES error IRQ, the call chain looked like this:
ahci_error_intr() -> ata_port_abort() -> ata_do_link_abort() ->
ata_qc_complete() -> ata_qc_schedule_eh() -> blk_abort_request() ->
blk_rq_timed_out() -> q->rq_timed_out_fn() (scsi_times_out()) ->
scsi_eh_scmd_add() -> scsi_host_set_state(shost, SHOST_RECOVERY)
Which meant that as soon as an error IRQ was serviced, SHOST_RECOVERY
would be set.
However, after commit e494f6a728 ("[SCSI] improved eh timeout handler"),
scsi_times_out() will instead call scsi_abort_command() which will queue
delayed work, and the worker function scmd_eh_abort_handler() will call
scsi_eh_scmd_add(), which calls scsi_host_set_state(shost, SHOST_RECOVERY).
So now, after the TFES error IRQ has been serviced, we need to wait for
the SCSI workqueue to run its work before SHOST_RECOVERY gets set.
It is worth noting that, even before commit e494f6a728 ("[SCSI] improved
eh timeout handler"), we could receive an error IRQ from the time when
scsi_queue_rq() checks scsi_host_in_recovery(), to the time when
ata_scsi_queuecmd() is actually called.
In order to handle both the delayed setting of SHOST_RECOVERY and the
window where we can receive an error IRQ, add a check against
ATA_PFLAG_EH_PENDING (which gets set when servicing the error IRQ),
inside ata_scsi_queuecmd() itself, while holding the ap->lock.
(Since the ap->lock is held while servicing IRQs.)
Fixes: e494f6a728 ("[SCSI] improved eh timeout handler")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmNuf4IQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgppvMD/9K2kFcAiD85QmRoIgwlIRM604KZ6aGXqk3
BjTavxfB+3DJcb82FHywBF5DC0sUtrBOTn7+DJpf13lb4L2DZY1lfLkRL7SKHSs5
o1z+1uLcBtZtGCq5M+yhpxbAzJ2kNWdRe+FutSA6wiz03ATXTwo2qE1MLaw1jxap
DowK08DUtLNaFNoEGdpW8iub9ql1OVWWZdOaxZmVJkdPWeWMD6Zaqwi/MeyNv0aY
KbVpYHa2AGxGY6+2krLpL09kqYlW++UvFsofM6RJrHTlLyBdYKvM2Z+Tv9I6w81s
ZerVl5srC2pVj1K0isO7A25GTVIVzI9im/GCzStNTasFtlzW85CwLEcDS8T679bY
I0P+Wl3ZoLJztChrcSufiAaOfJIichML7H3h/iEkSE51+9cBr42fqJO64dc+s/Bi
OGmaFowYgJgOClzpAJ2upd2aNu4sLiR2DUb3qdHDpcio9bfpIme1Do1yB94kRR//
yIFrs47PW+JumE90iKJPnDRHWrl3dVUK27MqkAWSBuvOkBjKxLBSVHIARs1lGWy1
25y4atEMaEYnvjC3ATwM0WX0LY+5jCVqOXyfMPAMmEZ7WDbER7FfGxnnmw/pwka7
D4CiSWn5H2Jp9Lq7HiblgYucXXNCPYgSx9JiXnY/KBpARaKUIXuTOq2PuJ/FW4UG
dsJap0W2rw==
=s8Z1
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
"Nothing major, just a few minor tweaks:
- Tweak for the TCP zero-copy io_uring self test (Pavel)
- Rather than use our internal cached value of number of CQ events
available, use what the user can see (Dylan)
- Fix a typo in a comment, added in this release (me)
- Don't allow wrapping while adding provided buffers (me)
- Fix a double poll race, and add a lockdep assertion for it too
(Pavel)"
* tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux:
io_uring/poll: lockdep annote io_poll_req_insert_locked
io_uring/poll: fix double poll req->flags races
io_uring: check for rollover of buffer ID when providing buffers
io_uring: calculate CQEs from the user visible value
io_uring: fix typo in io_uring.h comment
selftests/net: don't tests batched TCP io_uring zc
Function __copy_map_value and zero_map_value miscalculated copy offset,
resulting in possible copy of unwanted data to user or kernel.
Fix it.
Fixes: cc48755808 ("bpf: Add zero_map_value to zero map value with special fields")
Fixes: 4d7d7f69f4 ("bpf: Adapt copy_map_value for multiple offset case")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/bpf/20221111125620.754855-1-xukuohai@huaweicloud.com
pcpu_freelist_populate() initializes nr_elems / num_possible_cpus() + 1
free nodes for some CPUs, and then possibly one CPU with fewer nodes,
followed by remaining cpus with 0 nodes. For example, when nr_elems == 256
and num_possible_cpus() == 32, CPU 0~27 each gets 9 free nodes, CPU 28 gets
4 free nodes, CPU 29~31 get 0 free nodes, while in fact each CPU should get
8 nodes equally.
This patch initializes nr_elems / num_possible_cpus() free nodes for each
CPU firstly, then allocates the remaining free nodes by one for each CPU
until no free nodes left.
Fixes: e19494edab ("bpf: introduce percpu_freelist")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221110122128.105214-1-xukuohai@huawei.com
- fix memcpy warning about field-spanning write in zcrypt driver.
- minor updates to defconfigs.
- Remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
addon config file. It significantly decreases compile time and allows
quickly enabling that option into the current kernel config.
- Add kasan.config addon config file which allows to easily enable
KASAN into the current kernel config.
- binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
relocs on misaligned symbols") caused several link errors.
Always build relocatable kernel to avoid this problem.
- Raise the minimum clang version to 15.0.0 to avoid silent generation
of a corrupted code.
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCY2566RccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8M0nAQDRrcyOb3BILKYNlYkb9H8Cw/0x
TMl/zEqcjD14XBGXXAD+L6M9nNuWd8GKLYzE7AxEeQ80kAQLqUPGGxhjc09hqAI=
=gkiM
-----END PGP SIGNATURE-----
Merge tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Alexander Gordeev:
- fix memcpy warning about field-spanning write in zcrypt driver
- minor updates to defconfigs
- remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
addon config file. It significantly decreases compile time and allows
quickly enabling that option into the current kernel config
- add kasan.config addon config file which allows to easily enable
KASAN into the current kernel config
- binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
relocs on misaligned symbols") caused several link errors. Always
build relocatable kernel to avoid this problem
- raise the minimum clang version to 15.0.0 to avoid silent generation
of a corrupted code
* tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
scripts/min-tool-version.sh: raise minimum clang version to 15.0.0 for s390
s390: always build relocatable kernel
s390/configs: add kasan.config addon config file
s390/configs: move CONFIG_DEBUG_INFO_BTF into btf.config addon config
s390: update defconfigs
s390/zcrypt: fix warning about field-spanning write
Alban Crequy says:
====================
Hi,
This is v2 of the fix & selftest previously sent at:
https://lore.kernel.org/linux-mm/20221108195211.214025-1-flaniel@linux.microsoft.com/
Changes v1 to v2:
- add 'cc:stable', 'Fixes:' and review/ack tags
- update commitmsg and fix my email
- rebase on bpf tree and tag for bpf tree
Thanks!
====================
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
This commit tests previous fix of bpf_probe_read_kernel_str().
The BPF helper bpf_probe_read_kernel_str should return -EFAULT when
given a bad source pointer and the target buffer should only be modified
to make the string NULL terminated.
bpf_probe_read_kernel_str() was previously inserting a NULL before the
beginning of the dst buffer. This test should ensure that the
implementation stays correct for now on.
Without the fix, this test will fail as follows:
$ cd tools/testing/selftests/bpf
$ make
$ sudo ./test_progs --name=varlen
...
test_varlen:FAIL:check got 0 != exp 66
Signed-off-by: Alban Crequy <albancrequy@linux.microsoft.com>
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221110085614.111213-3-albancrequy@linux.microsoft.com
Changes v1 to v2:
- add ack tag
- fix my email
- rebase on bpf tree and tag for bpf tree
If a page fault occurs while copying the first byte, this function resets one
byte before dst.
As a consequence, an address could be modified and leaded to kernel crashes if
case the modified address was accessed later.
Fixes: b58294ead1 ("maccess: allow architectures to provide kernel probing directly")
Signed-off-by: Alban Crequy <albancrequy@linux.microsoft.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Francis Laniel <flaniel@linux.microsoft.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: <stable@vger.kernel.org> [5.8]
Link: https://lore.kernel.org/bpf/20221110085614.111213-2-albancrequy@linux.microsoft.com
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAmNuXpMACgkQnJ2qBz9k
QNl5Vwf/b33TuakZY+m8IwUpYeZDKmFEmo/zxWV8QApx4Mi5R3tOZghjox1GEa6K
cmSCe8aQ830iYfuJN2Hy+bliRt0gQDZfzTS8HmJfdDmRHfp7RA8IepEKz+NjeHhI
xgX0KuTvrK3pcHfK0eALHGcSJPm4Q4MEUGGgTn7PU8fix1oJR/TRUIQqYO5aJEqS
rSoLGjlsr6a2k/RGDGSy2yRH3dw2wXE7nwL6Ria+N6vYa3bX/RjSAPG8whaSxyog
xzPYY5ZLROW51zYEkF0gRcqfDLn3poYh8AocMqlRhJaKKtst7B4GO2+Mm03j8rlk
XiJQrNo4lLfNLozRvWQwxzRNvrEYSg==
=5xuL
-----END PGP SIGNATURE-----
Merge tag 'fixes_for_v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull UDF fix from Jan Kara:
"Fix a possible memory corruption with UDF"
* tag 'fixes_for_v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
If the tlink setup failed, lost to put the connections, then
the module refcnt leak since the cifsd kthread not exit.
Also leak the fscache info, and for next mount with fsc, it will
print the follow errors:
CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)
Let's check the result of tlink setup, and do some cleanup.
Fixes: 56c762eb9b ("cifs: Refactor out cifs_mount()")
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
- Fix 'perf stat' crash with --per-node --metric-only in CSV mode, due
to the AGGR_NODE slot in the 'aggr_header_csv' array not being set.
- Fix printing prefix in CSV output of 'perf stat' metrics in interval
mode (-I), where an extra separator was being added to the start of
some lines.
- Fix skipping branch stack sampling 'perf test' entry, that was using
both --branch-any and --branch-filter, which can't be used together.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCY20xXwAKCRCyPKLppCJ+
J9bEAP4w0TRqn0f+ZGmw/7dxiNfwWqYGapP+2T4ZyYQ0UfexRAEAuqV8LwBh2+7j
f6fZ0krLN7roRY4+VEsOUJCjppz4XwM=
=ATWj
-----END PGP SIGNATURE-----
Merge tag 'perf-tools-fixes-for-v6.1-2-2022-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
Pull perf tools fixes from Arnaldo Carvalho de Melo:
- Fix 'perf stat' crash with --per-node --metric-only in CSV mode, due
to the AGGR_NODE slot in the 'aggr_header_csv' array not being set.
- Fix printing prefix in CSV output of 'perf stat' metrics in interval
mode (-I), where an extra separator was being added to the start of
some lines.
- Fix skipping branch stack sampling 'perf test' entry, that was using
both --branch-any and --branch-filter, which can't be used together.
* tag 'perf-tools-fixes-for-v6.1-2-2022-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
perf tools: Add the include/perf/ directory to .gitignore
perf test: Fix skipping branch stack sampling test
perf stat: Fix printing os->prefix in CSV metrics output
perf stat: Fix crash with --per-node --metric-only in CSV mode
* A fix to add the missing PWM LEDs into the SiFive HiFive Unleashed
device tree.
* A fix to fully clear a task's registers on creation, as they end up in
userspace and thus leak kernel memory.
* A pair of VDSO-related build fixes that manifest on recent LLVM-based
toolchains.
* A fix to our early init to ensure the DT is adequately processed
before reserved memory nodes are processed.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmNuex4THHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYiUm5D/94ElBfEEH1Si2qwzfk5Vwxap0Jsjwj
BA7GHito1P22P4yHlvXnMyPvjnl3f0/Cc7Q6O5+J8HvnR9FWeu97s84oBJU/Thkt
D9pd68nknY/HPZ1P5eb4gzBUwo2D6WWn4ISk2uoa8XAJ9EKfhylnYbn32rzyRerj
p8HFT1lP71mryLCr0FsxEOdqtBl7+41/Htd/jxEA+lwJtHJ3F3Yk+TnaeCzebGjT
kg5vwTzNwgkl7o4rlLsBv3d/Oz8kvLZh7V9qsZ9Ta//ZNpCGw0PMOwzxCKSYS6C0
ZK342BRThsqxAjc2y1QtKOzFBPzEECzbgSSixFiEVXY4qpDY4ZlojXEOxRLevMjl
KpLJL4e3wXpfyknZXLeIPIh0tFzHnuWrgliBVwa5CO4hYXhxWRY+qzh6LTqypx/W
ewvuQ1auxmFFB6U6RHEXWuUv5mtzymXVT8lcHltpGcpGvxcbvnSw9SYtXTM6Sz5d
DzEtEpgCZTx9MEp981FJ+uMYs4mGtURRDqqKZzeLOiBmXe8r7wfqnTIyosW1/f8V
aXYJB90yMX5QvVJPKJHocphaKbNl75ywF8z0JSdnilO8CKJMJ6elJ9KleiJGJGFc
zFWyFVPt18Eg+w+r4vMGmH2tz+hlaaZ+sOOGFExeM7KRU18WhP4MMVLgJiaLtoul
UUX63X1wx7S2JA==
=EHH7
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- A fix to add the missing PWM LEDs into the SiFive HiFive Unleashed
device tree.
- A fix to fully clear a task's registers on creation, as they end up
in userspace and thus leak kernel memory.
- A pair of VDSO-related build fixes that manifest on recent LLVM-based
toolchains.
- A fix to our early init to ensure the DT is adequately processed
before reserved memory nodes are processed.
* tag 'riscv-for-linus-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
RISC-V: vdso: Do not add missing symbols to version section in linker script
riscv: fix reserved memory setup
riscv: vdso: fix build with llvm
riscv: process: fix kernel info leakage
riscv: dts: sifive unleashed: Add PWM controlled LEDs
* PCI fix
* PV clock fix
x86:
* Fix clash between PMU MSRs and other MSRs
* Prepare SVM assembly trampoline for 6.2 retbleed mitigation
and for...
* ... tightening IBRS restore on vmexit, moving it before
the first RET or indirect branch
* Fix log level for VMSA dump
* Block all page faults during kvm_zap_gfn_range()
Tools:
* kvm_stat: fix incorrect detection of debugfs
* kvm_stat: update vmexit definitions
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNuVegUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroOcvgf/aiIi5tyqvIHArlOxyltF8myCmebM
vEDcyn9d+NNvApzRwIJNHfC8KBMgD2LYxVUuVtbor4A0pFl5P3ut7eypPbA8Veul
yX4wNdG5dE4JHzaDOUiG3NSUSRTJVO0TyKSCFlndmNnSrPBjGWTwkKurHtL+XO3B
AcqejhzDWiVZnnO90k7HcBTlVWZ8N1onupaA6zapIl8S3TdDIRi2qs63SnxUzDMf
cHak8RB7gQgebGIAQ6WPDJAgOyT+OnF8PPUeBjLVqaFmK4JBCoL6A2+qOnzljt+s
cajfJjFZYna4mNH5WuiXGmU5aKNwAn3+z0f4/3Jxl5ib+BcZ9gPuZeayLQ==
=jqwO
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm
"This is a pretty large diffstat for this time of the release. The main
culprit is a reorganization of the AMD assembly trampoline, allowing
percpu variables to be accessed early.
This is needed for the return stack depth tracking retbleed mitigation
that will be in 6.2, but it also makes it possible to tighten the IBRS
restore on vmexit. The latter change is a long tail of the
spectrev2/retbleed patches (the corresponding Intel change was simpler
and went in already last June), which is why I am including it right
now instead of sharing a topic branch with tip.
Being assembly and being rich in comments makes the line count balloon
a bit, but I am pretty confident in the change (famous last words)
because the reorganization actually makes everything simpler and more
understandable than before. It has also had external review and has
been tested on the aforementioned 6.2 changes, which explode quite
brutally without the fix.
Apart from this, things are pretty normal.
s390:
- PCI fix
- PV clock fix
x86:
- Fix clash between PMU MSRs and other MSRs
- Prepare SVM assembly trampoline for 6.2 retbleed mitigation and
for...
- ... tightening IBRS restore on vmexit, moving it before the first
RET or indirect branch
- Fix log level for VMSA dump
- Block all page faults during kvm_zap_gfn_range()
Tools:
- kvm_stat: fix incorrect detection of debugfs
- kvm_stat: update vmexit definitions"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range()
KVM: x86/pmu: Limit the maximum number of supported AMD GP counters
KVM: x86/pmu: Limit the maximum number of supported Intel GP counters
KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet
KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level
tools/kvm_stat: update exit reasons for vmx/svm/aarch64/userspace
tools/kvm_stat: fix incorrect detection of debugfs
x86, KVM: remove unnecessary argument to x86_virt_spec_ctrl and callers
KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly
KVM: SVM: restore host save area from assembly
KVM: SVM: move guest vmsave/vmload back to assembly
KVM: SVM: do not allocate struct svm_cpu_data dynamically
KVM: SVM: remove dead field from struct svm_cpu_data
KVM: SVM: remove unused field from struct vcpu_svm
KVM: SVM: retrieve VMCB from assembly
KVM: SVM: adjust register allocation for __svm_vcpu_run()
KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm
KVM: x86: use a separate asm-offsets.c file
KVM: s390: pci: Fix allocation size of aift kzdev elements
KVM: s390: pv: don't allow userspace to set the clock under PV
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEIbPD0id6easf0xsudhRwX5BBoF4FAmNtZ+UTHHdlaS5saXVA
a2VybmVsLm9yZwAKCRB2FHBfkEGgXm67B/9qQtQbqYHoV6bJKqiAHgh3ZcS/V7sn
iYc5egO84YZSTtkbLKeCixYD7i8Ltz+GzC7XgOwkvYKUkjOcs9keomKxhUnGl6jf
Z7N66r8zBkR5LlkmmqTSMz90EDGz+WYj/4DaIcna70rSYp9aS4qbXr7AEv8CjGGl
VZzt95L0nDx6VWdiP8NoQyqMwFXwgy2L2D4x4bDVlG7zihwl6f7VBvt4MYrunpjo
P25ppR+yigAzhtO6LD19jq4MPSqQ2kyv/m5QR1mQvCqELc5ehn3OY70V5vWV7o4e
y/qtngfowKeP0TynkWp3aScKwDbD5zSMvDf5obMPSvgbJpfXRi4dM0uA
=SaCF
-----END PGP SIGNATURE-----
Merge tag 'hyperv-fixes-signed-20221110' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
Pull hyperv fixes from Wei Liu:
- Fix TSC MSR write for root partition (Anirudh Rayabharam)
- Fix definition of vector in pci-hyperv driver (Dexuan Cui)
- A few other misc patches
* tag 'hyperv-fixes-signed-20221110' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
MAINTAINERS: remove sthemmin
x86/hyperv: fix invalid writes to MSRs during root partition kexec
clocksource/drivers/hyperv: add data structure for reference TSC MSR
Drivers: hv: fix repeated words in comments
x86/hyperv: Remove BUG_ON() for kmap_local_page()
Driver fixes for:
- Pile of at_hdmac driver rework which fixes many long standing issues
for this driver.
- couple of stm32 driver fixes for clearing structure and race fix
- idxd fixes for RO device state and batch size
- ti driver mem leak fix
- apple fix for grabbing channels in xlate
- resource leak fix in mv xor
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmNt7eYACgkQfBQHDyUj
g0dx3A/+NiVgApGZO1nvRCOFeBXSggZIzPYSDqS/ZqaYai63MoIB/em6CR36cYNm
xztCv/5MfpH8xcztoDBA4TwxcKzHo6/QxvHli3T+gMa0Imz/JSr8wxz2wfMnJStL
dcdCTQTRtUhdh8rlxAcGD4gWdhoZTrVoNSGQK3MgQC7GrcCET5K6hZB8JWOg9nd+
gxpZu5a4DirWAWW/MFdtfhfHjff4SDhLpRi+kWknA8UHQb9jlsidqvVjRQNWAy4u
QGhM4dxXsO+vSFxHcRZoxQjMQHoJ9v65Jh6cvADDpwa3/BbKFnljpCDA775hK2aL
SLqdUXtV9KeGpMVs6D8tradc2MqFgs+UfbNApZM+NY7UPpV0fQZh4wF8SQcS3lAq
1SIz5myxp1XLuac+TFR/nSlisdtEB/eVFcJKibJpc+RrEBZKIG0XzcBjTI1TrFz5
7p//84SE2EKd7MGKVUGZ1gWRG46VYGTsvQQpZ1YDaXdd9JKBl6jzgAPEoLIPEUC/
Pg60TIDXzM0pNtQUDIp6g4LPf6Q88poL8WxejsN2OS0Kxy+isYsY6S8GZIQB39Tw
9Q0JuN0AkQv+wSx5GGbVEaosZhoR/Vk8DJiq22H9joTUSVjrMGFlT+/Kw3X+H6gF
Pi3GcqIJeUbN+UPOMekR+UXS1U36/cB1Dh/ksLyEt3vAbm3U2NQ=
=UR0f
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
Pull dmaengine fixes from Vinod Koul:
"Misc minor driver fixes and a big pile of at_hdmac driver fixes. More
work on this driver is done and sitting in next:
- Pile of at_hdmac driver rework which fixes many long standing
issues for this driver.
- couple of stm32 driver fixes for clearing structure and race fix
- idxd fixes for RO device state and batch size
- ti driver mem leak fix
- apple fix for grabbing channels in xlate
- resource leak fix in mv xor"
* tag 'dmaengine-fix-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: (24 commits)
dmaengine: at_hdmac: Check return code of dma_async_device_register
dmaengine: at_hdmac: Fix impossible condition
dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
dmaengine: at_hdmac: Fix concurrency over the active list
dmaengine: at_hdmac: Free the memset buf without holding the chan lock
dmaengine: at_hdmac: Fix concurrency over descriptor
dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
dmaengine: at_hdmac: Protect atchan->status with the channel lock
dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
dmaengine: at_hdmac: Don't start transactions at tx_submit level
dmaengine: at_hdmac: Fix at_lli struct definition
dmaengine: stm32-dma: fix potential race between pause and resume
dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
dmaengine: apple-admac: Fix grabbing of channels in of_xlate
dmaengine: idxd: fix RO device state error after been disabled/reset
...
A relatively large batch of fixes here but all device specific, plus an
update to MAINTAINERS. The summary print change to the STM32 driver is
fixing an issue where the driver could easily end up spamming the logs
with something that should be a debug message.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmNuPWkACgkQJNaLcl1U
h9BZJQf/Rj3kjTdwjccp+QXTrXQZVMjkXYUuLHbUokO2Mzy+U3mNCkJuvLJjAvSw
kqFBbJNYIm1jItRoqOkwlnNb0hw+QZAzBivi4DLPZJUwEeT6LxQdlYvepy6bEjCW
XJpTMFxDDaWkFUftl+tLZFN2VxHaVHEVTJ5aMu2ija0mjG1M5vrYtgVemyJ+v2/o
0nhXgnRe7Fq2+MqJazVzYs6ZxCvpIiU18a4WLD5BPGTIZhdfE0UXG+QGqWV4toHI
uZWnV+NWEKNzMGS/QdcHZYQHWlcQBR/g5kPFQFCl2D+aK9CmakHc6Bk99H6tRdLn
xYHjHafs6BwCG3eBfE/hxD8rsfTNmw==
=UfdB
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A relatively large batch of fixes here but all device specific, plus
an update to MAINTAINERS.
The summary print change to the STM32 driver is fixing an issue where
the driver could easily end up spamming the logs with something that
should be a debug message"
* tag 'spi-fix-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: amd: Fix SPI_SPD7 value
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
spi: meson-spicc: fix do_div build error on non-arm64
spi: intel: Use correct mask for flash and protected regions
spi: mediatek: Fix package division error
spi: tegra210-quad: Don't initialise DMA if not supported
MAINTAINERS: Update HiSilicon SFC Driver maintainer
spi: meson-spicc: move wait completion in driver to take bursts delay in account
spi: stm32: Print summary 'callbacks suppressed' message
- cqhci: Provide helper for resetting both SDHCI and CQHCI
- sdhci_am654: Fix reset for CQHCI
- sdhci-brcmstb: Fix reset for CQHCI
- sdhci-esdhc-imx: Fix reset for CQHCI
- sdhci-esdhc-imx: Fixup support for MMC_CAP_8_BIT_DATA
- sdhci-of-arasan: Fix reset for CQHCI
- sdhci-tegra: Fix reset for CQHCI
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmNuPrUXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjClzKg//c6R96FHYGm087zGLMvx4MRlY
jdtyQoaEIK7ABzgZ2W1wlW3ZrSRs9PnTUf4bcPA48G12KQMr2LG+9iE3bwAq+wL6
NHPAMiazVk3qO3nuAMHZq67F9CPJ1teK/RGxpKAu3GIA21mTMdFMsjcrCyLg8ZLd
KTzsPmogKX3N6gIcskHlVzMp13UQS/twbxvYDYMUEN8Krj5sAp1xqUtmdbn8GP+I
6nLXM+Faq9eR6JozuOfCvQvoiuWcLlr2fTIzyYXw6FtcGnrsn+weq+Gd/NxMCMVD
mcdDkWT6ZMSqnoP0VjqNPJdqBypsiH1wNUnZcWDf4j2RVWj7eXqnL5XPYZrpwOG5
v2lHOsAUUBN3a2coSolf48yAkEUczx+04wtWYQjjEtmCiZvR6CJEAzbM+ZaWIVW8
HcE7V6vu7IJA/enG2w0WU0lAf+EjGbjAEJO06ffCBw5cbzP+wntMTD+blu2f1SwR
D2Nd/KYB7hLmCHWjRHdJ6Mvn4EpH64lLK8Pf3aNN/IRCTlgqqY3O7Qarf+9BUdo/
6fDlwtTL15hTzp7F+kEKUfP95ShK7J4aAY95OQlWlxo0TSOLgwSo5iQP0Iy7vzEU
ABS4q7ZmWjm44HNv9sodfe/rhYEJyR2U59F+IePHAaLactc2Ka+X14emkyTPHosz
HLZ7CqmK0PxfBP27VTk=
=2lk8
-----END PGP SIGNATURE-----
Merge tag 'mmc-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
- Provide helper for resetting both SDHCI and CQHCI
- Fix reset for CQHCI (am654, brcmstb, esdhc-imx, of-arasan, tegra)
- Fixup support for MMC_CAP_8_BIT_DATA (esdhc-imx)
* tag 'mmc-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
io_poll_double_prepare() | io_poll_wake()
| poll->head = NULL
smp_load(&poll->head); /* NULL */ |
flags = req->flags; |
| req->flags &= ~SINGLE_POLL;
req->flags = flags | DOUBLE_POLL |
The idea behind io_poll_double_prepare() is to serialise with the
first poll entry by taking the wq lock. However, it's not safe to assume
that io_poll_wake() is not running when we can't grab the lock and so we
may race modifying req->flags.
Skip double poll setup if that happens. It's ok because the first poll
entry will only be removed when it's definitely completing, e.g.
pollfree or oneshot with a valid mask.
Fixes: 49f1c68e04 ("io_uring: optimise submission side poll_refs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7fab2d502f6121a7d7b199fe4d914a43ca9cdfd.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Things look calming down, as this contains only a few small fixes.
- Fix for a corner-case bug with SG-buffer page allocation helper
- A regression fix for Roland USB-audio device probe
- A potential memory leak fix at the error path
- Handful quirks and device-specific fixes for HD- and USB-audio
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNt/G8OHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+t/Q//bmvq2YLb1RL0T0wIJQGGi3vuigxzx9J+r4ny
5fNel816R9JVHnimA7J1GbFIj8l63qiUu/dHMOmNDjqdSZ1KLbu8DpAZu4tL+KKo
XpmiXuFZlepgPGYY10kQG85EiuHriF7z1yKJ8QoP3ELIqBi/m77+qJ4JUk2XlPoT
4o4FCit9UQwd4xJ4EmUw3N6bPUumb6Uw0as8Qdfrw5P14VB5ev882eW7iQaeMxhd
S35IdXdqLGHVdPJXq38Wx8cvEyCFhS2SsG0QT5kul1Zg0ld5HSaN3V7rg0uKYcLQ
+2JfW5wcZwmcYTLpvfdMF/HNWN8RbEoexCUIlWsd7xzlFpB8Z6/EOPGxy2tXIwVb
rsElYlb9yeKTnyvTe2hRfHIWZH6s6eYqncv+/gpzxIwVBJ9Is8sMm7upxxki5bky
QPwnjWU3iiyJ7sjA+kU25aTdjdHQawz2ds0GILkoi5EnfcAj1fz4FJ+3l4C+Epsf
SL+OhcWxDeTggpK3p4lbJIIRY4k38VYXRXjE4gaYn7wdLlXS3SMQgFa6lU6uU286
m4OU/6clOctbBtkX41bicZcG7RzLyb/ns8W0hIhxaJA/QQP/7Jg03PebYe0fyQhu
wfMoeqnTHJaRfAOo8K7sEdmffHEJMifUzwNn7NoSxVsvPLWx/HvivdMx0hzGUgai
eTqQcEg=
=vmwO
-----END PGP SIGNATURE-----
Merge tag 'sound-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Things look calming down, as this contains only a few small fixes:
- Fix for a corner-case bug with SG-buffer page allocation helper
- A regression fix for Roland USB-audio device probe
- A potential memory leak fix at the error path
- Handful quirks and device-specific fixes for HD- and USB-audio"
* tag 'sound-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda: fix potential memleak in 'add_widget_node'
ALSA: memalloc: Don't fall back for SG-buffer with IOMMU
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
ALSA: hda/realtek: Add Positivo C6300 model quirk
ALSA: usb-audio: Add DSD support for Accuphase DAC-60
ALSA: usb-audio: Add quirk entry for M-Audio Micro
ALSA: hda/hdmi - enable runtime pm for more AMD display audio
ALSA: usb-audio: Remove redundant workaround for Roland quirk
ALSA: usb-audio: Yet more regression for for the delayed card registration
ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
ALSA: hda: clarify comments on SCF changes
ALSA: arm: pxa: pxa2xx-ac97-lib: fix return value check of platform_get_irq()
ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41
amdgpu:
- Fix s/r in amdgpu_vram_mgr_new
- SMU 13.0.4 update
- GPUVM TLB race fix
- DCN 3.1.4 fixes
- DCN 3.2.x fixes
- Vega10 fan fix
- BACO fix for Beige Goby board
- PSR fix
- GPU VM PT locking fixes
amdkfd:
- CRIU fixes
vc4:
- HDMI fixes to vc4.
panfrost:
- Make panfrost's uapi header compile with C++.
- Handle 1 gb boundary correctly in panfrost mmu code.
panel:
- Add rotation quirks for 2 panels.
rcar-du:
- DSI Kconfig fix
i915:
- Fix sg_table handling in map_dma_buf
- Send PSR update also on invalidate
- Do not set cache_dirty for DGFX
- Restore userptr probe_range behaviour
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmNtrMsACgkQDHTzWXnE
hr5EaRAApbJSzuhittt3I3WJ/w92+oyAmFo+gDuZ+IhXPNJm3QJ9pI92lWjKCi95
15Y+h6ao+it/6o6f3MbuKlgb+STTNztMDDutLl1W4K0vLCO7HBH/8YEt8JZFjHz0
l9TWmE/6fnHhLqBqdEtIn14kRaCrn9ALVsyKVhRMf5FIL4TamuTufLmY+SHvlVr7
bduqzxzlEys6DP0KBhgklRXCdARkPuj8OEoRgyuDcjHELz02Y/XBv2n4VyiUe61f
cs0iLxkzFm8s3CkZ4FAGhUFzNujQAeGHrdU37vbT0zL7OLLXap5EqSx6Iexm13Wv
x55/rKarbpSUqxCBYzEMqytxk9OBCDSer7YP/Z/7MgEmcdReW5JDFqTTsL97rpJr
AMegpz4jDmPSL0xRXlDqEpkCuvuVKOgZUpIacLg4kIdIN6/m+cK3LErWlGHJTlsx
q4Qt4qB58esZLN66cMlbr1zkk47O+FUzoWiz3OkZmegysmVz9FOFyN6wHR33rkE8
rmzjl7s0BKbxq34raGMwPtzEzvT9KaDZraHaVsZ11ucMiMAPUJHjIpgEc3hsSMSB
rPOJUfTv8V+LMosiGEJWTGHXrrX69S01iLqHvwtC2ndLl+ZWpNtQ5lffV+mF4RA4
fC4rfb+f3vnLEHVCsaRsF11Z5w0q+JgK6pb0PiLcRYAjZR6gtIg=
=vcrG
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2022-11-11' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Weekly pull request for graphics, mostly amdgpu and i915, with a
couple of fixes for vc4 and panfrost, panel quirks and a kconfig
change for rcar-du. Nothing seems to be too strange at this stage.
amdgpu:
- Fix s/r in amdgpu_vram_mgr_new
- SMU 13.0.4 update
- GPUVM TLB race fix
- DCN 3.1.4 fixes
- DCN 3.2.x fixes
- Vega10 fan fix
- BACO fix for Beige Goby board
- PSR fix
- GPU VM PT locking fixes
amdkfd:
- CRIU fixes
vc4:
- HDMI fixes to vc4.
panfrost:
- Make panfrost's uapi header compile with C++.
- Handle 1 gb boundary correctly in panfrost mmu code.
panel:
- Add rotation quirks for 2 panels.
rcar-du:
- DSI Kconfig fix
i915:
- Fix sg_table handling in map_dma_buf
- Send PSR update also on invalidate
- Do not set cache_dirty for DGFX
- Restore userptr probe_range behaviour"
* tag 'drm-fixes-2022-11-11' of git://anongit.freedesktop.org/drm/drm: (29 commits)
drm/amd/display: only fill dirty rectangles when PSR is enabled
drm/amdgpu: disable BACO on special BEIGE_GOBY card
drm/amdgpu: Drop eviction lock when allocating PT BO
drm/amdgpu: Unlock bo_list_mutex after error handling
Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
drm/amd/display: Enforce minimum prefetch time for low memclk on DCN32
drm/amd/display: Fix gpio port mapping issue
drm/amd/display: Fix reg timeout in enc314_enable_fifo
drm/amd/display: Fix FCLK deviation and tool compile issues
drm/amd/display: Zeromem mypipe heap struct before using it
drm/amd/display: Update SR watermarks for DCN314
drm/amdgpu: workaround for TLB seq race
drm/amdkfd: Fix error handling in criu_checkpoint
drm/amdkfd: Fix error handling in kfd_criu_restore_events
drm/amd/pm: update SMU IP v13.0.4 msg interface header
drm: rcar-du: Fix Kconfig dependency between RCAR_DU and RCAR_MIPI_DSI
drm/panfrost: Split io-pgtable requests properly
drm/amdgpu: Fix the lpfn checking condition in drm buddy
drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
...
get_port_from_cmdline() returns an int, yet is assigned to a char, which
is wrong in its own right, but also, with char becoming unsigned, this
poses problems, because -1 is used as an error value. Further
complicating things, fw_init_early_console() is only ever called with a
-1 argument. Fix this up by removing the unused argument from
fw_init_early_console() and treating port as a proper signed integer.
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cast upper bound of branch range to long to do signed compare,
avoid negative offset trigger this warning.
Fixes: 9b6584e35f ("MIPS: jump_label: Use compact branches for >= r6")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
The local GPIO driver in the MIPS Alchemy is including the legacy
<linux/gpio.h> header but what it wants is to implement a GPIO
driver so include <linux/gpio/driver.h> instead.
Cc: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: linux-gpio@vger.kernel.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Add WARN_ON on kexec related kmalloc failed, avoid to pass NULL pointer
to following memcpy and loongson_kexec_prepare.
Fixes: 6ce48897ce ("MIPS: Loongson64: Add kexec/kdump support")
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Building with clang-14 fails with:
AS arch/mips/kernel/relocate_kernel.o
<unknown>:0: error: symbol 'kexec_args' is already defined
<unknown>:0: error: symbol 'secondary_kexec_args' is already defined
<unknown>:0: error: symbol 'kexec_start_address' is already defined
<unknown>:0: error: symbol 'kexec_indirection_page' is already defined
<unknown>:0: error: symbol 'relocate_new_kernel_size' is already defined
It turns out EXPORT defined in asm/asm.h expands to a symbol definition,
so there is no need to define these symbols again. Remove duplicated
symbol definitions.
Fixes: 7aa1c8f47e ("MIPS: kdump: Add support")
Signed-off-by: Rongwei Zhang <pudh4418@gmail.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
In the mips CONFIG_SYS_SUPPORTS_ZBOOT kernel, fix the compile error
when using CONFIG_FORTIFY_SOURCE=y
LD vmlinuz
mipsel-openwrt-linux-musl-ld: arch/mips/boot/compressed/decompress.o: in
function `decompress_kernel':
./include/linux/decompress/mm.h:(.text.decompress_kernel+0x177c):
undefined reference to `warn_slowpath_fmt'
kernel test robot helped identify this as related to fortify. The error
appeared with commit 54d9469bc5 ("fortify: Add run-time WARN for
cross-field memcpy()")
Link: https://lore.kernel.org/r/202209161144.x9xSqNQZ-lkp@intel.com/
Resolve this in the same style as commit cfecea6ead ("lib/string:
Move helper functions out of string.c")
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 54d9469bc5 ("fortify: Add run-time WARN for cross-field memcpy()")
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
When zapping a GFN range, pass 0 => ALL_ONES for the to-be-invalidated
range to effectively block all page faults while the zap is in-progress.
The invalidation helpers take a host virtual address, whereas zapping a
GFN obviously provides a guest physical address and with the wrong unit
of measurement (frame vs. byte).
Alternatively, KVM could walk all memslots to get the associated HVAs,
but thanks to SMM, that would require multiple lookups. And practically
speaking, kvm_zap_gfn_range() usage is quite rare and not a hot path,
e.g. MTRR and CR0.CD are almost guaranteed to be done only on vCPU0
during boot, and APICv inhibits are similarly infrequent operations.
Fixes: edb298c663 ("KVM: x86/mmu: bump mmu notifier count in kvm_zap_gfn_range")
Reported-by: Chao Peng <chao.p.peng@linux.intel.com>
Cc: stable@vger.kernel.org
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20221111001841.2412598-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Extend the size of QSFP EEPROM for types SSF8436 and SFF8636
from 256 to 640 bytes in order to expose all the EEPROM pages by
ethtool.
For SFF-8636 and SFF-8436 specifications, the driver exposes
256 bytes of EEPROM data for ethtool's get_module_eeprom()
callback, resulting in "netlink error: Invalid argument" when
an EEPROM read with an offset larger than 256 bytes is attempted.
Changing the length enumerators to the _MAX_LEN
variants exposes all 640 bytes of the EEPROM allowing upper
pages 1, 2 and 3 to be read.
Fixes: 96d971e307 ("ethtool: Add fallback to get_module_eeprom from netlink command")
Signed-off-by: Jaco Coetzee <jaco.coetzee@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In ata_tdev_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x3a0
lr : device_del+0x44/0x3a0
Call trace:
device_del+0x48/0x3a0
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tdev_delete+0x24/0x50 [libata]
ata_tlink_delete+0x40/0xa0 [libata]
ata_tport_delete+0x2c/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tdev_add(). In the error path, device_del() is called to delete
the device which was added earlier in this function, and ata_tdev_free()
is called to free ata_dev.
Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
In ata_tlink_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
device_del+0x48/0x39c
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tlink_delete+0x88/0xb0 [libata]
ata_tport_delete+0x2c/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tlink_add().
Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
In ata_tport_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
device_del+0x48/0x39c
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tport_delete+0x34/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tport_add().
Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
In the error path in ata_tport_add(), when calling put_device(),
ata_tport_release() is called, it will put the refcount of 'ap->host'.
And then ata_host_put() is called again, the refcount is decreased
to 0, ata_host_release() is called, all ports are freed and set to
null.
When unbinding the device after failure, ata_host_stop() is called
to release the resources, it leads a null-ptr-deref(), because all
the ports all freed and null.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ata_host_stop+0x3c/0x84 [libata]
lr : release_nodes+0x64/0xd0
Call trace:
ata_host_stop+0x3c/0x84 [libata]
release_nodes+0x64/0xd0
devres_release_all+0xbc/0x1b0
device_unbind_cleanup+0x20/0x70
really_probe+0x158/0x320
__driver_probe_device+0x84/0x120
driver_probe_device+0x44/0x120
__driver_attach+0xb4/0x220
bus_for_each_dev+0x78/0xdc
driver_attach+0x2c/0x40
bus_add_driver+0x184/0x240
driver_register+0x80/0x13c
__pci_register_driver+0x4c/0x60
ahci_pci_driver_init+0x30/0x1000 [ahci]
Fix this by removing redundant ata_host_put() in the error path.
Fixes: 2623c7a5f2 ("libata: add refcounting to ata_host")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
The NAND controller size-cells should be 0 per DT bindings.
Fix the following warning produces by DT bindings check:
"
nand-controller@33002000: #size-cells:0:0: 0 was expected
nand-controller@33002000: Unevaluated properties are not allowed ('#address-cells', '#size-cells' were unexpected)
"
Fixes: 6c3debcbae ("arm64: dts: freescale: Add i.MX8MN dtsi support")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
The NAND controller size-cells should be 0 per DT bindings.
Fix the following warning produces by DT bindings check:
"
nand-controller@33002000: #size-cells:0:0: 0 was expected
nand-controller@33002000: Unevaluated properties are not allowed ('#address-cells', '#size-cells' were unexpected)
"
Fix the missing space in node name too.
Fixes: a05ea40eb3 ("arm64: dts: imx: Add i.mx8mm dtsi support")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
The NAND controller size-cells should be 0 per DT bindings.
Fix the following warning produces by DT bindings check:
"
nand-controller@33002000: #size-cells:0:0: 0 was expected
nand-controller@33002000: Unevaluated properties are not allowed ('#address-cells', '#size-cells' were unexpected)
"
Fix the missing space in node name too.
Fixes: e7495a45a7 ("ARM: dts: imx7: add GPMI NAND and APBH DMA")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
