2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-11-30 21:44:06 +08:00
Commit Graph

1235120 Commits

Author SHA1 Message Date
Richard Fitzgerald
15bf000014 kunit: string-stream: Allow ERR_PTR to be passed to string_stream_destroy()
Check the stream pointer passed to string_stream_destroy() for
IS_ERR_OR_NULL() instead of only NULL.

Whatever alloc_string_stream() returns should be safe to pass
to string_stream_destroy(), and that will be an ERR_PTR.

It's obviously good practise and generally helpful to also check
for NULL pointers so that client cleanup code can call
string_stream_destroy() unconditionally - which could include
pointers that have never been set to anything and so are NULL.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Reviewed-by: Rae Moar <rmoar@google.com>
Reviewed-by: David Gow <davidgow@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2023-12-18 13:21:14 -07:00
Richard Fitzgerald
37f0d37ffc kunit: string-stream-test: Avoid cast warning when testing gfp_t flags
Passing a gfp_t to KUNIT_EXPECT_EQ() causes a cast warning:

  lib/kunit/string-stream-test.c:73:9: sparse: sparse: incorrect type in
  initializer (different base types) expected long long right_value
  got restricted gfp_t const __right

Avoid this by testing stream->gfp for the expected value and passing the
boolean result of this comparison to KUNIT_EXPECT_TRUE(), as was already
done a few lines above in string_stream_managed_init_test().

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: d1a0d699bf ("kunit: string-stream: Add tests for freeing resource-managed string_stream")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202311181918.0mpCu2Xh-lkp@intel.com/
Reviewed-by: Rae Moar <rmoar@google.com>
Reviewed-by: David Gow <davidgow@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2023-12-18 13:21:14 -07:00
David Gow
a08d4d6284 drm/vc4: tests: Use KUNIT_DEFINE_ACTION_WRAPPER
In order to pass functions to kunit_add_action(), they need to be of the
kunit_action_t type. While casting the function pointer can work, it
will break control-flow integrity.

vc4_mock already defines such a wrapper for drm_dev_unregister(), but it
involves less boilerplate to use the new macro, so replace the manual
implementation.

Signed-off-by: David Gow <davidgow@google.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2023-12-18 13:21:14 -07:00
David Gow
e847934bb1 drm/tests: Use KUNIT_DEFINE_ACTION_WRAPPER()
In order to pass functions to kunit_add_action(), they need to be of the
kunit_action_t type. While casting the function pointer can work, it
will break control-flow integrity.

drm_kunit_helpers already defines wrappers, but we now have a macro
which does this automatically. Using this greatly reduces the
boilerplate needed.

Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: David Gow <davidgow@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2023-12-18 13:21:14 -07:00
David Gow
56778b49c9 kunit: Add a macro to wrap a deferred action function
KUnit's deferred action API accepts a void(*)(void *) function pointer
which is called when the test is exited. However, we very frequently
want to use existing functions which accept a single pointer, but which
may not be of type void*. While this is probably dodgy enough to be on
the wrong side of the C standard, it's been often used for similar
callbacks, and gcc's -Wcast-function-type seems to ignore cases where
the only difference is the type of the argument, assuming it's
compatible (i.e., they're both pointers to data).

However, clang 16 has introduced -Wcast-function-type-strict, which no
longer permits any deviation in function pointer type. This seems to be
because it'd break CFI, which validates the type of function calls.

This rather ruins our attempts to cast functions to defer them, and
leaves us with a few options. The one we've chosen is to implement a
macro which will generate a wrapper function which accepts a void*, and
casts the argument to the appropriate type.

For example, if you were trying to wrap:
void foo_close(struct foo *handle);
you could use:
KUNIT_DEFINE_ACTION_WRAPPER(kunit_action_foo_close,
			    foo_close,
			    struct foo *);

This would create a new kunit_action_foo_close() function, of type
kunit_action_t, which could be passed into kunit_add_action() and
similar functions.

In addition to defining this macro, update KUnit and its tests to use
it.

Link: https://github.com/ClangBuiltLinux/linux/issues/1750
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Daniel Vetter <daniel@ffwll.ch>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: David Gow <davidgow@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2023-12-18 13:21:14 -07:00
Linus Torvalds
ceb6a6f023 Linux 6.7-rc6 2023-12-17 15:19:28 -08:00
Linus Torvalds
177c2ffe69 - Avoid iterating over newly created group leader event's siblings
because there are none, and thus prevent a lockdep splat
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmV/WSEACgkQEsHwGGHe
 VUoQ7RAAoc9AdZJ8ZmTMLy/5/SS3542z3w3Ts5DxHziZrIzBclRx5RYBw3YgBA2q
 AgbPIgqr1Y4+45gChhwKIAp7G6g2K8lpqNSJbqP/nFpwkmx7v/m5T/9DH7id1UyQ
 uRKwxtEAwKz5XeR2czXI5Z+VvG9vIqkrdAR+dSRmcXgcfi8oJCKOywW+n7QFUarf
 sYWdMQwbMNenl0y/o8MQXmTraQWkRJCqI5JXc23GIkr03z6ZUOwt2qAx2YW4GQQo
 enXzdk9MokKU4IpRz/rU9j7qaOd9h/AZZXhACSMUVJqDQVDFJJO1rbktKcS17sNH
 EgRv57xSAYsPvARk2wvw3INEIPOvL4Jb1s86MLa0eN2mH4mVwkqlv/KkUl1/RuHY
 IuCgpNWliQ3nb6dQeEsp83EW6Ao8FTn3D8+66tbtCVXnMBFQEfUHWFnSfHqcUizb
 JsRnBA9ke2t3Wu0ph/nZBzck+9kxp0PeUvio//x2IznjfeZ31fQYdVDYU0o8QgOe
 Ns6MyCn1OcCulfZZTpUbMhy/5FjokKLf2Sfit1r8duDMXVu4cicSnuMUpVPvZd+A
 8XcbH73kCO0DuUVtYMbYerFJLgZrcN1gzyPgAmegoaDXBVu4KkOIbXBGEJjv7pPs
 h5p84zKibyjKhwa+bqlIgy9R9EYb9sPwbNv5eWgQFXzrvQVm5FA=
 =s8Bq
 -----END PGP SIGNATURE-----

Merge tag 'perf_urgent_for_v6.7_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull perf fix from Borislav Petkov:

 - Avoid iterating over newly created group leader event's siblings
   because there are none, and thus prevent a lockdep splat

* tag 'perf_urgent_for_v6.7_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf: Fix perf_event_validate_size() lockdep splat
2023-12-17 14:03:11 -08:00
Linus Torvalds
0e38983467 for-6.7-rc5-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmV/Kr0ACgkQxWXV+ddt
 WDveXA/+N3y74uafOZI8Bh4PtHuArgjdHsbQVO0Oev5j4dFyDbrz0D84YqGxfB1X
 GFQzbv01xuyvuJfXQ5Pyfnqt/N/K4ZDGg6kkYR2MC9T3LOGZFv5kyTSFbj2q0Qy7
 3K+xolPmk34DBjipCKi5kV7wo2xLxqpnzs5oYZzwfaSRig+GuG30u/levADc7uG/
 fcnVbvf2Vz8YgIe/62RkZc7jWQrhjGPyrTVN5pj75+o2Up7iKM63F2eOTcTj/Fqk
 RMWBuDNSEiYBm6SPUwpBJ7r6NHbKuXbtbceelsOD36wL4i+lZGOhM/8Tlw/6U2Ks
 JxRkezDn62NiwZKd9d7po1AKPziFOdXjqhc3tZIFjR0xSgsjFFFrI6Qig/BURlbx
 L70c+dqojYpQvGndr9+wPxdEyUigAiCP7y7eym4yegY+93W/UXSjMGAUxCPKkgpL
 FUUB5HBIn2P3KeJGidu2NRWW85163ISEASUcyhcLA1hd5LThWbdyXxWO19lG6foH
 lLg0U0LJ+2HSB6FjW9+GKFTzT8/90nmz5ap7N/Vl3xENz0KXgFuDXx76bvW8Yj1E
 t8hrtXEMD+RaTZI7OFYpSEtmD5zeoJx48FLalwlEblHHbMcgPsLTfiBLA4GR3VHa
 vMn3mRrCowyOYoUljZm1aS1sWPwk+VT3gBpxDSQermYjT7x40Tc=
 =HN3b
 -----END PGP SIGNATURE-----

Merge tag 'for-6.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fix from David Sterba:
 "One more fix that verifies that the snapshot source is a root, same
  check is also done in user space but should be done by the ioctl as
  well"

* tag 'for-6.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: do not allow non subvolume root targets for snapshot
2023-12-17 09:27:36 -08:00
Linus Torvalds
accc98aff5 soundwire fixes for 6.7
- Null pointer dereference for mult link in core
  - AC timing fix in intel driver
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmV/KH4ACgkQfBQHDyUj
 g0ftDg//ZtBZ8lZ42SL8449zb7LUxSOrIZ4dDc2LmAAhjhP+A9uY11A1NZ+qHY23
 2fMIqT5T7u/HMoIKdfJ+tbME3YAEQ64IeQBR+d4kC00xbhX/2DNMpHls6cUc0p/5
 +lfXI7K1HKSMbsHN27gjuD20ffz2TEpeF4DVsJSi5Sj0cQvlaNPDpYF8S6jvOglx
 lMI2S2W+SWY/b1d4WpUGroV2tDmOOrwpntuQLpwOJSN/cpdcHTeOUB38U72mOvTl
 +Wx3wdLCLnQEyMEpRP2F/n4gtEwOqVwa40D8Ypcp2jrFFmA0NrfBR9u83S+nOeGJ
 TLjxxOFYOgCe4IGCw3IH1jl8WDBh14eJcz/vLtqNpl2+OhMUOO0ITZ+vpgHiytGT
 xKIeOnhNWt6U/W+XZ7Oav0ZHbCDLcnxrMFMbLt1YKAkbs4Jbud+tGd1Hc8DIO5RB
 SXNnDDMhkoBGqft6dauWPOUyasVulHbZ/MZOYo9SKH1NP4dUP5Fol2IcNA8O6d+O
 HuVz4ACPqKeQWprSqPmdXJl6Vob6lRaoyCavXJE3o289MAjS5VKPYPJVQ2J0ABFo
 Rb+ehfR1DXdhOWUBIWwMOh3bivMErbLKns9UDCUnI4TXXRsi/sC6sMKQV7m/sGAu
 vVApVxyAwrW4Ke3D2D0LHHT1SSowS6JxXSgYRm8Tok5Xoxu5bkc=
 =ast6
 -----END PGP SIGNATURE-----

Merge tag 'soundwire-6.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire

Pull soundwire fixes from Vinod Koul:

 - Null pointer dereference for mult link in core

 - AC timing fix in intel driver

* tag 'soundwire-6.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire:
  soundwire: intel_ace2x: fix AC timing setting for ACE2.x
  soundwire: stream: fix NULL pointer dereference for multi_link
2023-12-17 09:24:06 -08:00
Linus Torvalds
7f499ec27c phy fixes for 6.7
- Driver fixes for
    - register offset fix for TI driver
    - mediatek driver minimal supported frequency fix
    - negative error code in probe fix for sunplus driver
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmV/J04ACgkQfBQHDyUj
 g0ckDxAAgZQpE5Of7rcSrO4VYtVqpfsLQMLVmm9w+NuTehZhTOqZWuo4d4En3c+V
 KGzqKUMLOpQn+5F+XqNQKu/Siv758zyb0taUZQn7wTB0egwF24ZJ+tD2p19KXLfG
 2Wfijapz8N2/0ZIDGZQ8XTyU9tvgOZB0vkZUP0oH2Sxhd3BASWGnaHNstzedXcEs
 MAV8VHAOXI+pYBsKIaw9pfa2IzuseVh2JiVjeQyCzQ5iGzJYHjHTJ8Hk+rJckJcf
 xpunxdBM0jZASE7EC2rUNP8mha/HPHYoeVa02AOlr6FFwGkZXYTuOXT6C3CXbrsG
 Qxl0zqPzTCxGGZxNMVtZah8b/ucQtyYxLURWVrZjlDMHiua8dr13ZtNw7VyymCGu
 tAqquugB7nESroEhLPoKeOrlpbx5+m/8X5OWSnq1h1Q8gtlz32qqX34FM8wvbI/V
 feGW7MM0r6PJHyk6DGk6fNWF6kR6VWqM/2YngfAs60dowu7okU+kN6F+IioJ4+K4
 N4X+z0J6XkOz6KnaBdowX+GsJqeVFvHaNM82WMAt35rV/f6GPwvUaAI5mGdl0rMZ
 OUbRT8JN3EfLAeAAxNewn4pYW+eq5YKarZu7qZeT1Q9MAAAPA7FQmo+ZKN+ugpC3
 WrfLAkDbDRbprCMfHN/gftuAGty4CxYj+lTJdUuuOLG9B257Fr0=
 =gL7U
 -----END PGP SIGNATURE-----

Merge tag 'phy-fixes-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy

Pull phy fixes from Vinod Koul:

  - register offset fix for TI driver

  - mediatek driver minimal supported frequency fix

  - negative error code in probe fix for sunplus driver

* tag 'phy-fixes-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy:
  phy: sunplus: return negative error code in sp_usb_phy_probe
  phy: mediatek: mipi: mt8183: fix minimal supported frequency
  phy: ti: gmii-sel: Fix register offset when parent is not a syscon node
2023-12-17 09:19:27 -08:00
Linus Torvalds
6d04b70ea4 dmaengine fixes for v6.7
Driver fixes for:
  - SPI PDMA data fix for TI k3-psil drivers
  - suspend fix, pointer check, logic for arbitration fix and channel leak
    fix in fsl-edma driver
  - couple of fixes in idxd driver for GRPCFG descriptions and int_handle
    field handling
  - single fix for stm32 driver for bitfield overflow
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmV/JdoACgkQfBQHDyUj
 g0fqHw//cEfh03zYDxdXgvXbREzQ8M3bcXuJc0ZSgJimcWtMPOJaWu+L8XlRhMm/
 0+eHn2T3NpeuPADJhoCzlIiHKvNkRIe3qFspWXkYrxs3zWXglIya8uf/pJO3SFkO
 J8lGXk7JvFhhgp9qELNAe4190tJgdVheBHGjGlpvQAPv+B6lXrDR4IVxD6jYUVs3
 PgFYj+TvWBYAfC6XZJvX3E7hygo/TCBA59xYlCtq4bsMz3tFH7RPi3SyUc4/YJz6
 jjgnyxBn11Kk3xtxtzzhbXGfDKa7SRyMWMMahxPXe4pK8PJKo98t2FlYE4TEwJP+
 1vHgzpHJ9GLVdpSHD87vEWrUwlHHK0Fyvc8CuULBg71NgaNQ49AegqHjy4jd2bSH
 TtO7AWfH5qlehYXzV24htWTq+rAh4vxQWtVXI6Ppdl6VhSgIkxtxCsuqnmrW69yR
 WrhbicQ6puZx430d4AiaZJAnyPqe6EakmvgB66b0RTDpiT3qPVUDy6jKOfy1n3NF
 UKzzIpWToRIFUT5kYlCWn382oyBhyHm7B3BMmrYZgV+OiBQ0rosBRA1V1sqO54fI
 G0IWnZuRDruLvAik919IQQHkedLeB+yJ6Dgy2Ggt1EjNlIQ4CIAH5TVqvTenKOBf
 4zTEIz2B2wj4eD+GPad6Ith45EXkdlaBzYSqYRPYVdIm2YwQUVw=
 =afh2
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine

Pull dmaengine fixes from Vinod Koul:

 - SPI PDMA data fix for TI k3-psil drivers

 - suspend fix, pointer check, logic for arbitration fix and channel
   leak fix in fsl-edma driver

 - couple of fixes in idxd driver for GRPCFG descriptions and int_handle
   field handling

 - single fix for stm32 driver for bitfield overflow

* tag 'dmaengine-fix-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine:
  dmaengine: fsl-edma: fix DMA channel leak in eDMAv4
  dmaengine: fsl-edma: fix wrong pointer check in fsl_edma3_attach_pd()
  dmaengine: idxd: Fix incorrect descriptions for GRPCFG register
  dmaengine: idxd: Protect int_handle field in hw descriptor
  dmaengine: stm32-dma: avoid bitfield overflow assertion
  dmaengine: fsl-edma: Add judgment on enabling round robin arbitration
  dmaengine: fsl-edma: Do not suspend and resume the masked dma channel when the system is sleeping
  dmaengine: ti: k3-psil-am62a: Fix SPI PDMA data
  dmaengine: ti: k3-psil-am62: Fix SPI PDMA data
2023-12-17 09:11:32 -08:00
Linus Torvalds
134fdb80bc cxl fixes for 6.7-rc6
- Fix alloc_free_mem_region()'s scan for address space, prevent false
   negative out-of-space events
 
 - Fix sleeping lock acquisition from CXL trace event (atomic context)
 
 - Fix put_device() like for the new CXL PMU driver
 
 - Fix wrong pointer freed on error path
 
 - Fixup several lockdep reports (missing lock hold) from new assertion
   in cxl_num_decoders_committed() and new tests
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQSbo+XnGs+rwLz9XGXfioYZHlFsZwUCZX6oZwAKCRDfioYZHlFs
 ZyLRAPwLXinja3lpUab4mV6P6w87oO7qz1n4ly8vKpTTZZxaJAD/QGlqYS6YtiPo
 IXA8QiHe9RX3bGKhYmzSOd2/JFjyhQc=
 =2+M9
 -----END PGP SIGNATURE-----

Merge tag 'cxl-fixes-6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl

Pull CXL (Compute Express Link) fixes from Dan Williams:
 "A collection of CXL fixes.

  The touch outside of drivers/cxl/ is for a helper that allocates
  physical address space. Device hotplug tests showed that the driver
  failed to utilize (skipped over) valid capacity when allocating a new
  memory region. Outside of that, new tests uncovered a small crop of
  lockdep reports.

  There is also some miscellaneous error path and leak fixups that are
  not urgent, but useful to cleanup now.

   - Fix alloc_free_mem_region()'s scan for address space, prevent false
     negative out-of-space events

   - Fix sleeping lock acquisition from CXL trace event (atomic context)

   - Fix put_device() like for the new CXL PMU driver

   - Fix wrong pointer freed on error path

   - Fixup several lockdep reports (missing lock hold) from new
     assertion in cxl_num_decoders_committed() and new tests"

* tag 'cxl-fixes-6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
  cxl/pmu: Ensure put_device on pmu devices
  cxl/cdat: Free correct buffer on checksum error
  cxl/hdm: Fix dpa translation locking
  kernel/resource: Increment by align value in get_free_mem_region()
  cxl: Add cxl_num_decoders_committed() usage to cxl_test
  cxl/memdev: Hold region_rwsem during inject and clear poison ops
  cxl/core: Always hold region_rwsem while reading poison lists
  cxl/hdm: Fix a benign lockdep splat
2023-12-17 09:07:34 -08:00
Linus Torvalds
ef6a7c27db - A single fix for the EDAC Versal driver to read out register fields
properly
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmV+4i4ACgkQEsHwGGHe
 VUruHQ/+POkN/AkZTup/sOb7h0baQhQQobF4rc/7AWMhesFnpaSMG4svIZ0LsQW0
 3INKseD+CecwLpCuztcxAp7/lCyjcDirivC4ULDVwoQPsT9xFIx7Q5WhlLIr9/tK
 EUecbPXGrhosSSv7k8wXrGp7DYsXmQjBjyrl5Z+QtCQQRon0F+OBfBz0ijlKHsmc
 JBasFTh1P5EQIhDvSzjDNOzLf+/tXV+lcs1ya+08voKw/MbA1cSA7wsnU0Jn3Poh
 gaWA/tP9E/J/lRxx68R7IzY88siUkIWXyc3dLcxHRoXKNUhEvM1+rvouECop+VxB
 xKrm4Yw0TzqGL4HBqU2OYVNZ/eW6RIfDEUlBuM5UFgaKLwbD8zmvXKxWfPTh3Quv
 pKIO9+E34RiGFHmp61TKeo6pwoWsao+Pyj9x3lP3oj+ZWpP2CapTuCBzI/F9YfMt
 cf5+g3KlX9ksax0a8sbqJHm47D9roTKjcSqudziPbPRegsbpk98zk/x6BHZI1Djw
 UGgRPAh4oYFPAGXsX9LdlT4zaFG/dT/B9EpmXXTXPXt27C2pZigrk6cW1tQDjp7A
 g6ctzgOYG8uvzneBFWaUyczRsU7e17TNq6BTezhEutU8nHQwdU4HHCGvXCMeu1G/
 XRjF0GEqhlY45vUpCQtmoRFnbsu2V+2fCTWcDTh7Ma8O8Mj8lwY=
 =sArl
 -----END PGP SIGNATURE-----

Merge tag 'edac_urgent_for_v6.7_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras

Pull EDAC fix from Borislav Petkov:

 - A single fix for the EDAC Versal driver to read out register fields
   properly

* tag 'edac_urgent_for_v6.7_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
  EDAC/versal: Read num_csrows and num_chans using the correct bitfield macro
2023-12-17 09:02:20 -08:00
Linus Torvalds
5ef3720d91 powerpc fixes for 6.7 #5
- Fix a bug where heavy VAS (accelerator) usage could race with partition
    migration and prevent the migration from completing.
 
  - Update MAINTAINERS to add Aneesh & Naveen.
 
 Thanks to: Haren Myneni
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmV+hQYTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgOGuD/4hYEm8kds5un1Ac7rqr9+0USpB+eB3
 KFC5Z3xqUNuyh0TmRIh600gY5RZocb2gfke42RTxliNrR1e9Kft+ehZJ3Bvfrl3r
 4v2sqo2HH15jKpGSuzpBhVcl+EjI3dM12F/mWcR9ROg71VE920cKxZMH7F2N3mjf
 rXW7z7oYwilAR89lF2au5reaLmFzZ5ikjupM2tH4n04D3k4g/3nNt4lMyJQ/qKRQ
 tUmzeSGisOciKVHkC0xp2jYH+LWW3frD8ot+cjf2TZBCwrfXd6HIbEUIEDCdVZtl
 LLnYZ24otdZO8gNRIpCQ51LDrd2usjnHQyPK9w56q3o0K/wQ3FQ0FrrjGGyEY5h2
 wUvOxNTkFBrW9cM0CfYscrDE0+h19TTaXacv7CiVs4oFcCbPFet/en73D+b3EumI
 16xgMoPHZx1CPbYkoM9agMryRiXW3a6rEh0ViIyvHnIL/9mjaUFqcMl0MuD1OSQB
 VyzPwvka/cxR3vtG58Cojj1se+Wi45HYsDebX7BXf9i0IxUhAV66T16ugUCvDNFb
 9n4Q3mige//ZUEGWLzEweRp+sCNrbx6O+9XF2BGFez5ZJrXwtfup5csp3Lzgdzz/
 jP7DPhsbhJEE0bevKpSyIcKi0C+p8Lbs6tKzgp5pGbh2gPAK5Vi8QMoKo6SrJzOl
 FctWttezuIw9XQ==
 =MaRL
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-6.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Fix a bug where heavy VAS (accelerator) usage could race with
   partition migration and prevent the migration from completing.

 - Update MAINTAINERS to add Aneesh & Naveen.

Thanks to Haren Myneni.

* tag 'powerpc-6.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  MAINTAINERS: powerpc: Add Aneesh & Naveen
  powerpc/pseries/vas: Migration suspend waits for no in-progress open windows
2023-12-17 08:50:00 -08:00
Linus Torvalds
dde0672bfa A handful of clk fixes, mostly in the rockchip clk driver
- Fix a clk name, clk parent, and a register for a clk gate in the
    Rockchip rk3128 clk driver
  - Add a PLL frequency on Rockchip rk3568 to fix some display artifacts
  - Fix a kbuild dependency for Qualcomm's SM_CAMCC_8550 symbol so that
    it isn't possible to select the associated GCC driver
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAmV+RNQRHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSXG+hAA13VoPADVhWCa9JxxmUtmFA9WQVZQLrDz
 7r33ntE6u1KA1AYCIuH6/H4NCaPBXQ6+ZI4iZGSundRGvanK5Jg6WNNOZjclEPcj
 YUnoO10b0jHmIo7aLy9ds6d1AUJVPpZXjN/STrZ2Usx2TrZj572sO0ZdRbcHLSZB
 metqjlpDXvXamQn3drf9Q90uhWHMe792/Ha89qWdPHF+d85sQnSxb9OcbzVSBi5/
 I9BmIFyJyT+f8+/HFz8LWiA3WGj8ikoWpaGqd6ENEWRUt/Jq6EZUfGKbvXqnpuhI
 mAd647AM/oGZVabauDoR65XyEhStkwdmGrQQlTdY2c5/De9nNteCGXpwsOdWZkBA
 pf0uN4niK5TeIF2OncQ3I3rj1AzRHqOnFzoy78oQLpMsyE6yViqBMECqm4HPMcBy
 rpQiK0qivQaE61kKEDAjsEbkYACE/m8UlLS/G+vpC+myusP8c3KUw8UKXDNDZO0l
 TUbZPAGavhvhvW7KV8+48rREXsQQglcIG2S7tkdffZKO1Hng2IxasC0k5ur7JfWf
 0kwRjDvhXAEmbrwLJN7rD4LBiI6h8dNPPDYBEpnSaLTK5e8Q0FSR0fsuuVmjSfxw
 flhchSlH+nDI76KPpX/hDQdJxmpvE1MwX/gV1ybZV6baE5Ik+mbKApWbpKBPloLK
 kaGsthZ0ils=
 =GPdk
 -----END PGP SIGNATURE-----

Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fixes from Stephen Boyd:
 "A handful of clk fixes, mostly in the rockchip clk driver:

   - Fix a clk name, clk parent, and a register for a clk gate in the
     Rockchip rk3128 clk driver

   - Add a PLL frequency on Rockchip rk3568 to fix some display
     artifacts

   - Fix a kbuild dependency for Qualcomm's SM_CAMCC_8550 symbol so that
     it isn't possible to select the associated GCC driver"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: rockchip: rk3128: Fix SCLK_SDMMC's clock name
  clk: rockchip: rk3128: Fix aclk_peri_src's parent
  clk: qcom: Fix SM_CAMCC_8550 dependencies
  clk: rockchip: rk3128: Fix HCLK_OTG gate register
  clk: rockchip: rk3568: Add PLL rate for 292.5MHz
2023-12-16 16:57:55 -08:00
Linus Torvalds
3b8a9b2e68 Tracing fixes for v6.7-rc5:
- Fix eventfs to check creating new files for events with names greater than
   NAME_MAX. The eventfs lookup needs to check the return result of
   simple_lookup().
 
 - Fix the ring buffer to check the proper max data size. Events must be able to
   fit on the ring buffer sub-buffer, if it cannot, then it fails to be written
   and the logic to add the event is avoided. The code to check if an event can
   fit failed to add the possible absolute timestamp which may make the event
   not be able to fit. This causes the ring buffer to go into an infinite loop
   trying to find a sub-buffer that would fit the event. Luckily, there's a check
   that will bail out if it looped over a 1000 times and it also warns.
 
   The real fix is not to add the absolute timestamp to an event that is
   starting at the beginning of a sub-buffer because it uses the sub-buffer
   timestamp. By avoiding the timestamp at the start of the sub-buffer allows
   events that pass the first check to always find a sub-buffer that it can fit
   on.
 
 - Have large events that do not fit on a trace_seq to print "LINE TOO BIG" like
   it does for the trace_pipe instead of what it does now which is to silently
   drop the output.
 
 - Fix a memory leak of forgetting to free the spare page that is saved by a
   trace instance.
 
 - Update the size of the snapshot buffer when the main buffer is updated if the
   snapshot buffer is allocated.
 
 - Fix ring buffer timestamp logic by removing all the places that tried to put
   the before_stamp back to the write stamp so that the next event doesn't add
   an absolute timestamp. But each of these updates added a race where by making
   the two timestamp equal, it was validating the write_stamp so that it can be
   incorrectly used for calculating the delta of an event.
 
 - There's a temp buffer used for printing the event that was using the event
   data size for allocation when it needed to use the size of the entire event
   (meta-data and payload data)
 
 - For hardening, use "%.*s" for printing the trace_marker output, to limit the
   amount that is printed by the size of the event. This was discovered by
   development that added a bug that truncated the '\0' and caused a crash.
 
 - Fix a use-after-free bug in the use of the histogram files when an instance
   is being removed.
 
 - Remove a useless update in the rb_try_to_discard of the write_stamp. The
   before_stamp was already changed to force the next event to add an absolute
   timestamp that the write_stamp is not used. But the write_stamp is modified
   again using an unneeded 64-bit cmpxchg.
 
 - Fix several races in the 32-bit implementation of the rb_time_cmpxchg() that
   does a 64-bit cmpxchg.
 
 - While looking at fixing the 64-bit cmpxchg, I noticed that because the ring
   buffer uses normal cmpxchg, and this can be done in NMI context, there's some
   architectures that do not have a working cmpxchg in NMI context. For these
   architectures, fail recording events that happen in NMI context.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZX0nChQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qlOMAQD3iegTcceQl9lAsroa3tb3xdweC1GP
 51MsX5athxSyoQEAutI/2pBCtLFXgTLMHAMd5F23EM1U9rha7W0myrnvKQY=
 =d3bS
 -----END PGP SIGNATURE-----

Merge tag 'trace-v6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

 - Fix eventfs to check creating new files for events with names greater
   than NAME_MAX. The eventfs lookup needs to check the return result of
   simple_lookup().

 - Fix the ring buffer to check the proper max data size. Events must be
   able to fit on the ring buffer sub-buffer, if it cannot, then it
   fails to be written and the logic to add the event is avoided. The
   code to check if an event can fit failed to add the possible absolute
   timestamp which may make the event not be able to fit. This causes
   the ring buffer to go into an infinite loop trying to find a
   sub-buffer that would fit the event. Luckily, there's a check that
   will bail out if it looped over a 1000 times and it also warns.

   The real fix is not to add the absolute timestamp to an event that is
   starting at the beginning of a sub-buffer because it uses the
   sub-buffer timestamp.

   By avoiding the timestamp at the start of the sub-buffer allows
   events that pass the first check to always find a sub-buffer that it
   can fit on.

 - Have large events that do not fit on a trace_seq to print "LINE TOO
   BIG" like it does for the trace_pipe instead of what it does now
   which is to silently drop the output.

 - Fix a memory leak of forgetting to free the spare page that is saved
   by a trace instance.

 - Update the size of the snapshot buffer when the main buffer is
   updated if the snapshot buffer is allocated.

 - Fix ring buffer timestamp logic by removing all the places that tried
   to put the before_stamp back to the write stamp so that the next
   event doesn't add an absolute timestamp. But each of these updates
   added a race where by making the two timestamp equal, it was
   validating the write_stamp so that it can be incorrectly used for
   calculating the delta of an event.

 - There's a temp buffer used for printing the event that was using the
   event data size for allocation when it needed to use the size of the
   entire event (meta-data and payload data)

 - For hardening, use "%.*s" for printing the trace_marker output, to
   limit the amount that is printed by the size of the event. This was
   discovered by development that added a bug that truncated the '\0'
   and caused a crash.

 - Fix a use-after-free bug in the use of the histogram files when an
   instance is being removed.

 - Remove a useless update in the rb_try_to_discard of the write_stamp.
   The before_stamp was already changed to force the next event to add
   an absolute timestamp that the write_stamp is not used. But the
   write_stamp is modified again using an unneeded 64-bit cmpxchg.

 - Fix several races in the 32-bit implementation of the
   rb_time_cmpxchg() that does a 64-bit cmpxchg.

 - While looking at fixing the 64-bit cmpxchg, I noticed that because
   the ring buffer uses normal cmpxchg, and this can be done in NMI
   context, there's some architectures that do not have a working
   cmpxchg in NMI context. For these architectures, fail recording
   events that happen in NMI context.

* tag 'trace-v6.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
  ring-buffer: Have rb_time_cmpxchg() set the msb counter too
  ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg()
  ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
  ring-buffer: Remove useless update to write_stamp in rb_try_to_discard()
  ring-buffer: Do not try to put back write_stamp
  tracing: Fix uaf issue when open the hist or hist_debug file
  tracing: Add size check when printing trace_marker output
  ring-buffer: Have saved event hold the entire event
  ring-buffer: Do not update before stamp when switching sub-buffers
  tracing: Update snapshot buffer on resize if it is allocated
  ring-buffer: Fix memory leak of free page
  eventfs: Fix events beyond NAME_MAX blocking tasks
  tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
  ring-buffer: Fix writing to the buffer with max_data_size
2023-12-16 10:40:51 -08:00
Linus Torvalds
c8e97fc6b4 arm64 fixes:
- Arm CMN perf: fix the DTC allocation failure path which can end up
   erroneously clearing live counters
 
 - arm64/mm: fix hugetlb handling of the dirty page state leading to a
   continuous fault loop in user on hardware without dirty bit management
   (DBM). That's caused by the dirty+writeable information not being
   properly preserved across a series of mprotect(PROT_NONE),
   mprotect(PROT_READ|PROT_WRITE)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmV85TIACgkQa9axLQDI
 XvFx/A/+P0PPVvIWr1VEggXeGhalhrXnn5H3TKm3F7Vz8+VH4X/z5gTdAj1FtwTu
 MIyjGFl3dQWEq5g4qscBNPqy045AGpRBJKmOw1V6mANuyRcg+06d9qCsosb7/pcs
 sMLsS34cmWPIQemd3AAyV20DeQPkYQEVEPdZ4QM0cvhCNCYspWmuqc8lEqldl25G
 5AnwFPrWza5a/4bKZgVOlyXrZtUxX3uwN1/7IbMrJ6ncpsRn1QMjqRfSlrYlTbcw
 O0IAnLFqtXqvO7nVaBw5Jq2EYrj0oOC25Pg8fCmaLsFM2yMky4186slULHg3c63Z
 zGyMPOLWdFGa/Vj6yliB8xPrrJGgTfRbFk9LYa4BvJcU3nXxcMI/LXJzM7TZYMFr
 j1vkH4cLyf76r12xzT/UYooE+A8gMJNuns+G0RqGuPYZ7fA2ut77H1IpDxBiCCEM
 tB2ys8lV/GtkGqNseGNX75hNPgsykPsCi7HTnXjMFK84iP/6CFUE2V0haOV1cUDw
 8r1nGe5wVJ/Yc/6/62mzCQjEluhdAn0gK1b/QQyOt0QN6maPXjIF4CILbuLwdRQh
 RDYNeRK+dlqLGmBwxM99zVrb3NnPH6oTm0Vq3VK+9mTQeGXNzmWfFQk8odTKiIEA
 oksWFX91exOXhcrqkB1GCRaLjrQWeuA2eq5RrPpmDmUsPyhoeCM=
 =wq2L
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Arm CMN perf: fix the DTC allocation failure path which can end up
   erroneously clearing live counters

 - arm64/mm: fix hugetlb handling of the dirty page state leading to a
   continuous fault loop in user on hardware without dirty bit
   management (DBM). That's caused by the dirty+writeable information
   not being properly preserved across a series of mprotect(PROT_NONE),
   mprotect(PROT_READ|PROT_WRITE)

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
  perf/arm-cmn: Fail DTC counter allocation correctly
2023-12-15 19:59:03 -08:00
Linus Torvalds
2e3f280b24 pci-v6.7-fixes-1
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmV8vZwUHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vwQARAApzU4pesi9dkl/Fyv11IwayNm+gra
 8dTsdT6dcnTq8DKXdTRtuyMwY+H57YC/Cxl0/Y6KPnJqUmgXEiOfe1duPvy5HJB2
 YQGPszDC/yrbU/s65cWwuw+wLHk3PeoR/RNfo0PBNRb+FIoE2tV6mgAw0CR2xyhV
 MTDMMvdJBAQoNytmkw5ZYgdr3zUPgb80VgjBa453xGxMHlnpqhRIKNw5jXBOWCpY
 1TkrDAtKzziCXVx9oqLDA46AgdVo48w+vPrC3wa/8kxv4/N0BplhiUrtAdXMrsIH
 wR3uX3ypfdjEWf+iX3dgGbvwoSZirlZdu9BaSTZqM/WAHdync/Hit/mF6rYpOQfJ
 9WpALQkx11EvYpltZOO4JahaWueGxEK73/P43Cb9Pgj5zNiMagGwVc+1iEXMC0k8
 MML/MZrQQaNcJOQL+V3rXr7pcRqV8X6H5/0K/e8M53D5U3ZkcjBc2QcqOd3/4ugf
 7sa9JfXOFcBJvwUt3HQNHEyj+leJDJ09kRXSx8szfRrCGVTkNtZ9DxKePHzCk+kC
 kU4y+5E9iIsGwdGknnO53LbilgGtutJx+JpBPz0guXb53RIGQGcHfWVPHzB9fmJk
 Ty4d+zsP2OmKgMDX2FdVv4xVNYDsdOGG7PQu++pm0fBmIvBixRcQyfXrLdTMvjwX
 6AOhXOppox58COs=
 =4BWR
 -----END PGP SIGNATURE-----

Merge tag 'pci-v6.7-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci

Pull pci fixes from Bjorn Helgaas:

 - Limit Max_Read_Request_Size (MRRS) on some MIPS Loongson systems
   because they don't all support MRRS > 256, and firmware doesn't
   always initialize it correctly, which meant some PCIe devices didn't
   work (Jiaxun Yang)

 - Add and use pci_enable_link_state_locked() to prevent potential
   deadlocks in vmd and qcom drivers (Johan Hovold)

 - Revert recent (v6.5) acpiphp resource assignment changes that fixed
   issues with hot-adding devices on a root bus or with large BARs, but
   introduced new issues with GPU initialization and hot-adding SCSI
   disks in QEMU VMs and (Bjorn Helgaas)

* tag 'pci-v6.7-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
  Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
  PCI/ASPM: Add pci_disable_link_state_locked() lockdep assert
  PCI/ASPM: Clean up __pci_disable_link_state() 'sem' parameter
  PCI: qcom: Clean up ASPM comment
  PCI: qcom: Fix potential deadlock when enabling ASPM
  PCI: vmd: Fix potential deadlock when enabling ASPM
  PCI/ASPM: Add pci_enable_link_state_locked()
  PCI: loongson: Limit MRRS to 256
2023-12-15 19:48:47 -08:00
Josef Bacik
a8892fd719 btrfs: do not allow non subvolume root targets for snapshot
Our btrfs subvolume snapshot <source> <destination> utility enforces
that <source> is the root of the subvolume, however this isn't enforced
in the kernel.  Update the kernel to also enforce this limitation to
avoid problems with other users of this ioctl that don't have the
appropriate checks in place.

Reported-by: Martin Michaelis <code@mgjm.de>
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2023-12-15 23:46:51 +01:00
Jens Axboe
ae1914174a cred: get rid of CONFIG_DEBUG_CREDENTIALS
This code is rarely (never?) enabled by distros, and it hasn't caught
anything in decades. Let's kill off this legacy debug code.

Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-15 14:19:48 -08:00
Jens Axboe
f8fa5d7692 cred: switch to using atomic_long_t
There are multiple ways to grab references to credentials, and the only
protection we have against overflowing it is the memory required to do
so.

With memory sizes only moving in one direction, let's bump the reference
count to 64-bit and move it outside the realm of feasibly overflowing.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-15 14:08:46 -08:00
Bjorn Helgaas
5df12742b7 Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
This reverts commit 40613da52b and the
subsequent fix to it:

  cc22522fd5 ("PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus")

40613da52b fixed a problem where hot-adding a device with large BARs
failed if the bridge windows programmed by firmware were not large enough.

cc22522fd5 ("PCI: acpiphp: Use pci_assign_unassigned_bridge_resources()
only for non-root bus") fixed a problem with 40613da52b: an ACPI hot-add
of a device on a PCI root bus (common in the virt world) or firmware
sending ACPI Bus Check to non-existent Root Ports (e.g., on Dell Inspiron
7352/0W6WV0) caused a NULL pointer dereference and suspend/resume hangs.

Unfortunately the combination of 40613da52b and cc22522fd5 caused other
problems:

  - Fiona reported that hot-add of SCSI disks in QEMU virtual machine fails
    sometimes.

  - Dongli reported a similar problem with hot-add of SCSI disks.

  - Jonathan reported a console freeze during boot on bare metal due to an
    error in radeon GPU initialization.

Revert both patches to avoid adding these problems.  This means we will
again see the problems with hot-adding devices with large BARs and the NULL
pointer dereferences and suspend/resume issues that 40613da52b and
cc22522fd5 were intended to fix.

Fixes: 40613da52b ("PCI: acpiphp: Reassign resources on bridge if necessary")
Fixes: cc22522fd5 ("PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus")
Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Closes: https://lore.kernel.org/r/9eb669c0-d8f2-431d-a700-6da13053ae54@proxmox.com
Reported-by: Dongli Zhang <dongli.zhang@oracle.com>
Closes: https://lore.kernel.org/r/3c4a446a-b167-11b8-f36f-d3c1b49b42e9@oracle.com
Reported-by: Jonathan Woithe <jwoithe@just42.net>
Closes: https://lore.kernel.org/r/ZXpaNCLiDM+Kv38H@marvin.atrad.com.au
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Cc: <stable@vger.kernel.org>
2023-12-15 14:55:10 -06:00
Linus Torvalds
3bd7d74881 io_uring-6.7-2023-12-15
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmV8gc4QHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgplBqEADL6a1gx/lg5I6oXFbPMVH6RCb2bgECmvWJ
 H7sbNlACCBSMRu9OT7IlS2kZBdcYsyX/haYHBExlt+z4xL76AQfIDiYOsKHooY3D
 AhOt1CHLTD2NMlilxS/a233AFOwMyQ5PvGUPgq2kMGqa0QwhGnXyhs5TNlmdrOF/
 8OyYvlVPZ57+MhSJ+IlpFzm2QWr/jQ8L5mBF0NacponRWnfP+0FKL4Dbww71hvkI
 CR2uwtr1ilN7N7JTfiJ9nPBzOXPCm1EacW2PeqG1NtLyUg44Ibs57lYwjWifuB7i
 iy+q/ssK3A9qE4kQfvhDwXf1W4T9HKCZ5Tzsnaxj5TnRd4K2O2UHJfLRH3CSx8sN
 gVN3HZRIdw7W4cy8GgbPjEqEznHED/aSHdGaBNk5wzabmFuvojKQsbxQd2jToZBc
 95pwMSakUBPBnas39M9npT+J5y+XevDOI9g13EiI/ry1AjgNz8QFbpt0pX+L10Yt
 YG14rGe66UCJ84pnlCMl91bzchYlpV0DaxEoXyrKxxbeUMemjofDZ0NLVrye3b6J
 Gc1jXromaict263t+4QhsPwA6QW0z1l69I90n+DGvvz6BZssFPIPcb17ZQKGxGYw
 wyNqckEqoDHBKNb0fsUW9DIP2ZKl0TxMtNdd5Ng6TFiroYtt3vBWkyStu0VRGzLH
 nqTT4kOmew==
 =MPxu
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-6.7-2023-12-15' of git://git.kernel.dk/linux

Pull io_uring fixes from Jens Axboe:
 "Just two minor fixes:

   - Fix for the io_uring socket option commands using the wrong value
     on some archs (Al)

   - Tweak to the poll lazy wake enable (me)"

* tag 'io_uring-6.7-2023-12-15' of git://git.kernel.dk/linux:
  io_uring/cmd: fix breakage in SOCKET_URING_OP_SIOC* implementation
  io_uring/poll: don't enable lazy wake for POLLEXCLUSIVE
2023-12-15 12:20:14 -08:00
Linus Torvalds
a62aa88ba1 17 hotfixes. 8 are cc:stable and the other 9 pertain to post-6.6 issues.
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZXxs8wAKCRDdBJ7gKXxA
 junbAQCdItfHHinkWziciOrb0387wW+5WZ1ohqRFW8pGYLuasQEArpKmw13bvX7z
 e+ec9K1Ek9MlIsO2RwORR4KHH4MAbwA=
 =YpZh
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2023-12-15-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc fixes from Andrew Morton:
 "17 hotfixes. 8 are cc:stable and the other 9 pertain to post-6.6
  issues"

* tag 'mm-hotfixes-stable-2023-12-15-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  mm/mglru: reclaim offlined memcgs harder
  mm/mglru: respect min_ttl_ms with memcgs
  mm/mglru: try to stop at high watermarks
  mm/mglru: fix underprotected page cache
  mm/shmem: fix race in shmem_undo_range w/THP
  Revert "selftests: error out if kernel header files are not yet built"
  crash_core: fix the check for whether crashkernel is from high memory
  x86, kexec: fix the wrong ifdeffery CONFIG_KEXEC
  sh, kexec: fix the incorrect ifdeffery and dependency of CONFIG_KEXEC
  mips, kexec: fix the incorrect ifdeffery and dependency of CONFIG_KEXEC
  m68k, kexec: fix the incorrect ifdeffery and build dependency of CONFIG_KEXEC
  loongarch, kexec: change dependency of object files
  mm/damon/core: make damon_start() waits until kdamond_fn() starts
  selftests/mm: cow: print ksft header before printing anything else
  mm: fix VMA heap bounds checking
  riscv: fix VMALLOC_START definition
  kexec: drop dependency on ARCH_SUPPORTS_KEXEC from CRASH_DUMP
2023-12-15 12:00:54 -08:00
Linus Torvalds
26e7a30141 sound fixes for 6.7-rc6
A collection of HD-audio quirks for TAS2781 codec and device-specific
 workarounds.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmV7+yQOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE9iQBAA0TxpzzVqstG9XdsDGJcAgrPlpviwgw0+y7zX
 YTL8qgo++LB2ask0oUy+p5bfElXkHaXHpjJfQoEgd+8TtVZkSh/QCvjoaxsi9f7M
 IXe3iRs4agvcCm6cDLu/Ye9pUaSO0FZ5QurkdUHf4DRIxwsyWvdG5uWRIyxuLusA
 h5UgfaG0mt3DfdoeVXBhiNSp8wPuALHwgaZFDEi6YwbhuCKvXHETwDw8JLvS/q3h
 n75Px4jPi4d7xlcL83gHWOYmQMFRfzerMckTMIRfEH5SQtgg8AxjVrsuwuHwfTIn
 eUaRskgeKNbxGZFWMlnaZ8o/An/htND+LV94BuAQwVbPHnS/NJR8KX14wEtYxnM0
 QjBxBzTrlgBrMnXF/X6BY4GTZc/zTqhXbNHwrWzQ+NxEMVf5dPm7QdFVwlP3iR1o
 /LeCMKr/ZZFGHHjsMGHkBzhqCvGnt1hlperBmYYJjtUr+tIf42Lp2HftrW3dJ4ST
 zPFagZhVU9kBWllVbDVxehYpVP2sd4+2MM5ryrG5K+6KtuVspAw5Y+6GjPdfpTG+
 /3TxLP4aJpijy+C14gsXaSoUYqqwNlIx5wfnTtOH/uJUQyVIuNDldex8og0S+SGY
 XKcodufTXjyDNb5xYQxrtgtJNOmnfvWXOf6F61OglaupO0qpPhZhCZm2FXC0zgq1
 BLKGLzM=
 =LpMQ
 -----END PGP SIGNATURE-----

Merge tag 'sound-6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of HD-audio quirks for TAS2781 codec and device-specific
  workarounds"

* tag 'sound-6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/tas2781: reset the amp before component_add
  ALSA: hda/tas2781: call cleanup functions only once
  ALSA: hda/tas2781: handle missing EFI calibration data
  ALSA: hda/tas2781: leave hda_component in usable state
  ALSA: hda/realtek: Apply mute LED quirk for HP15-db
  ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants
  ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
2023-12-15 11:35:55 -08:00
Linus Torvalds
595609b2ad drm fixes for 6.7-rc6
drm:
 - fix uninit problems in crtc
 - fix fd ownership check
 - edid: add modes in fallback paths
 
 panel:
 - move LG panel into DSI yaml
 - ltk050h3146w: set burst mode
 
 mediatek:
 - mtk_disp_gamma: Fix breakage due to merge issue
 - fix kernel oops if no crtc is found
 - Add spinlock for setting vblank event in atomic_begin
 - Fix access violation in mtk_drm_crtc_dma_dev_get
 
 i915:
 - Fix selftest engine reset count storage for multi-tile
 - Fix out-of-bounds reads for engine reset counts
 - Fix ADL+ remapped stride with CCS
 - Fix intel_atomic_setup_scalers() plane_state handling
 - Fix ADL+ tiled plane stride when the POT stride is smaller than the original
 - Fix eDP 1.4 rate select method link configuration
 
 amdgpu:
 - Fix suspend fix that got accidently mangled last week
 - Fix OD regression
 - PSR fixes
 - OLED Backlight regression fix
 - JPEG 4.0.5 fix
 - Misc display fixes
 - SDMA 5.2 fix
 - SDMA 2.4 regression fix
 - GPUVM race fix
 
 nouveau:
 - fix gk20a instobj hierarchy
 - fix headless iors inheritance regression
 
 ivpu:
 - fix WA initialisation
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmV79NwACgkQDHTzWXnE
 hr5WBA//SfblRiZsFCl6FlS3QqXcHqkVlK0FFtvcfGY0VCUjiKkEbi4ukf4NU8qs
 /GVK/CrQK0N3IVGwI5uEhSBcPXWgQLWA3mHuaYCBUTTzh9tBKW1JGfCE/ife58ec
 1TFgCyqJ/42pb43oT1J3gV0vTk/QKm3XBAKS5nUdKqSoifXLIJibwLwJ6ppMUp7j
 Z+TnwVnWoeK7hBCI6PEHBM9aEmlhOkkdjMH8liGtcEBv2DVxKoF92ubMd8YYCi3G
 DAOmYQc1BrUUx1ASpG40CZ0lbNNzxfDSq4vFJ+sKkQrD0CaJ7DKDVUQtjvHXfbZU
 xXUNH1fxbp6eoAFZmKpRYKRkfMKWk8CeNaDwZipi4jk8cDMSz6oRAzTcuM+M5jEG
 XsTaTwwxHFJGG+Zp6NLZpSwhdRft+ZHnce64MHDvVyUFJrTv2gX3USwJozOX6qhp
 dcA6+ymU816EX8Naa2sJbW0FtdC1djfFBogH+Yv+cCSRRfZ+mzfetuuoGlkcMWlO
 snXuyBdwyv0Nw7lKgyEuDes5/lQqd8nZKnTlMIlItiGaokivquZtpUDyxseK7rDg
 PmtLPVqXpmDaoRCneEVvUQ/OeWn1SRoKD88InOyL8fONNs847tPvrfX23FTNWqYQ
 Rd3YniB500P1emMNqXT+5law37Xi5iBBHTh7v12as4U7Ro8+qGQ=
 =duFG
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2023-12-15' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "More regular fixes, amdgpu, i915, mediatek and nouveau are most of
  them this week. Nothing too major, then a few misc bits and pieces in
  core, panel and ivpu.

  drm:
   - fix uninit problems in crtc
   - fix fd ownership check
   - edid: add modes in fallback paths

  panel:
   - move LG panel into DSI yaml
   - ltk050h3146w: set burst mode

  mediatek:
   - mtk_disp_gamma: Fix breakage due to merge issue
   - fix kernel oops if no crtc is found
   - Add spinlock for setting vblank event in atomic_begin
   - Fix access violation in mtk_drm_crtc_dma_dev_get

  i915:
   - Fix selftest engine reset count storage for multi-tile
   - Fix out-of-bounds reads for engine reset counts
   - Fix ADL+ remapped stride with CCS
   - Fix intel_atomic_setup_scalers() plane_state handling
   - Fix ADL+ tiled plane stride when the POT stride is smaller than the original
   - Fix eDP 1.4 rate select method link configuration

  amdgpu:
   - Fix suspend fix that got accidently mangled last week
   - Fix OD regression
   - PSR fixes
   - OLED Backlight regression fix
   - JPEG 4.0.5 fix
   - Misc display fixes
   - SDMA 5.2 fix
   - SDMA 2.4 regression fix
   - GPUVM race fix

  nouveau:
   - fix gk20a instobj hierarchy
   - fix headless iors inheritance regression

  ivpu:
   - fix WA initialisation"

* tag 'drm-fixes-2023-12-15' of git://anongit.freedesktop.org/drm/drm: (31 commits)
  drm/nouveau/kms/nv50-: Don't allow inheritance of headless iors
  drm/nouveau: Fixup gk20a instobj hierarchy
  drm/amdgpu: warn when there are still mappings when a BO is destroyed v2
  drm/amdgpu: fix tear down order in amdgpu_vm_pt_free
  drm/amd: Fix a probing order problem on SDMA 2.4
  drm/amdgpu/sdma5.2: add begin/end_use ring callbacks
  drm/panel: ltk050h3146w: Set burst mode for ltk050h3148w
  dt-bindings: panel-simple-dsi: move LG 5" HD TFT LCD panel into DSI yaml
  drm/amd/display: Disable PSR-SU on Parade 0803 TCON again
  drm/amd/display: Populate dtbclk from bounding box
  drm/amd/display: Revert "Fix conversions between bytes and KB"
  drm/amdgpu/jpeg: configure doorbell for each playback
  drm/amd/display: Restore guard against default backlight value < 1 nit
  drm/amd/display: fix hw rotated modes when PSR-SU is enabled
  drm/amd/pm: fix pp_*clk_od typo
  drm/amdgpu: fix buffer funcs setting order on suspend harder
  drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get
  drm/edid: also call add modes in EDID connector update fallback
  drm/i915/edp: don't write to DP_LINK_BW_SET when using rate select
  drm/i915: Fix ADL+ tiled plane stride when the POT stride is smaller than the original
  ...
2023-12-15 11:07:13 -08:00
Steven Rostedt (Google)
712292308a ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
As the ring buffer recording requires cmpxchg() to work, if the
architecture does not support cmpxchg in NMI, then do not do any recording
within an NMI.

Link: https://lore.kernel.org/linux-trace-kernel/20231213175403.6fc18540@gandalf.local.home

Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-15 08:54:26 -05:00
Steven Rostedt (Google)
0aa0e5289c ring-buffer: Have rb_time_cmpxchg() set the msb counter too
The rb_time_cmpxchg() on 32-bit architectures requires setting three
32-bit words to represent the 64-bit timestamp, with some salt for
synchronization. Those are: msb, top, and bottom

The issue is, the rb_time_cmpxchg() did not properly salt the msb portion,
and the msb that was written was stale.

Link: https://lore.kernel.org/linux-trace-kernel/20231215084114.20899342@rorschach.local.home

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes: f03f2abce4 ("ring-buffer: Have 32 bit time stamps use all 64 bits")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-15 08:43:35 -05:00
Mathieu Desnoyers
dec890089b ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg()
The following race can cause rb_time_read() to observe a corrupted time
stamp:

rb_time_cmpxchg()
[...]
        if (!rb_time_read_cmpxchg(&t->msb, msb, msb2))
                return false;
        if (!rb_time_read_cmpxchg(&t->top, top, top2))
                return false;
<interrupted before updating bottom>
__rb_time_read()
[...]
        do {
                c = local_read(&t->cnt);
                top = local_read(&t->top);
                bottom = local_read(&t->bottom);
                msb = local_read(&t->msb);
        } while (c != local_read(&t->cnt));

        *cnt = rb_time_cnt(top);

        /* If top and msb counts don't match, this interrupted a write */
        if (*cnt != rb_time_cnt(msb))
                return false;
          ^ this check fails to catch that "bottom" is still not updated.

So the old "bottom" value is returned, which is wrong.

Fix this by checking that all three of msb, top, and bottom 2-bit cnt
values match.

The reason to favor checking all three fields over requiring a specific
update order for both rb_time_set() and rb_time_cmpxchg() is because
checking all three fields is more robust to handle partial failures of
rb_time_cmpxchg() when interrupted by nested rb_time_set().

Link: https://lore.kernel.org/lkml/20231211201324.652870-1-mathieu.desnoyers@efficios.com/
Link: https://lore.kernel.org/linux-trace-kernel/20231212193049.680122-1-mathieu.desnoyers@efficios.com

Fixes: f458a14534 ("ring-buffer: Test last update in 32bit version of __rb_time_read()")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-15 08:39:34 -05:00
Steven Rostedt (Google)
fff88fa0fb ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
Mathieu Desnoyers pointed out an issue in the rb_time_cmpxchg() for 32 bit
architectures. That is:

 static bool rb_time_cmpxchg(rb_time_t *t, u64 expect, u64 set)
 {
	unsigned long cnt, top, bottom, msb;
	unsigned long cnt2, top2, bottom2, msb2;
	u64 val;

	/* The cmpxchg always fails if it interrupted an update */
	 if (!__rb_time_read(t, &val, &cnt2))
		 return false;

	 if (val != expect)
		 return false;

<<<< interrupted here!

	 cnt = local_read(&t->cnt);

The problem is that the synchronization counter in the rb_time_t is read
*after* the value of the timestamp is read. That means if an interrupt
were to come in between the value being read and the counter being read,
it can change the value and the counter and the interrupted process would
be clueless about it!

The counter needs to be read first and then the value. That way it is easy
to tell if the value is stale or not. If the counter hasn't been updated,
then the value is still good.

Link: https://lore.kernel.org/linux-trace-kernel/20231211201324.652870-1-mathieu.desnoyers@efficios.com/
Link: https://lore.kernel.org/linux-trace-kernel/20231212115301.7a9c9a64@gandalf.local.home

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Fixes: 10464b4aa6 ("ring-buffer: Add rb_time_t 64 bit operations for speeding up 32 bit")
Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-15 08:39:34 -05:00
Steven Rostedt (Google)
083e9f65bd ring-buffer: Remove useless update to write_stamp in rb_try_to_discard()
When filtering is enabled, a temporary buffer is created to place the
content of the trace event output so that the filter logic can decide
from the trace event output if the trace event should be filtered out or
not. If it is to be filtered out, the content in the temporary buffer is
simply discarded, otherwise it is written into the trace buffer.

But if an interrupt were to come in while a previous event was using that
temporary buffer, the event written by the interrupt would actually go
into the ring buffer itself to prevent corrupting the data on the
temporary buffer. If the event is to be filtered out, the event in the
ring buffer is discarded, or if it fails to discard because another event
were to have already come in, it is turned into padding.

The update to the write_stamp in the rb_try_to_discard() happens after a
fix was made to force the next event after the discard to use an absolute
timestamp by setting the before_stamp to zero so it does not match the
write_stamp (which causes an event to use the absolute timestamp).

But there's an effort in rb_try_to_discard() to put back the write_stamp
to what it was before the event was added. But this is useless and
wasteful because nothing is going to be using that write_stamp for
calculations as it still will not match the before_stamp.

Remove this useless update, and in doing so, we remove another
cmpxchg64()!

Also update the comments to reflect this change as well as remove some
extra white space in another comment.

Link: https://lore.kernel.org/linux-trace-kernel/20231215081810.1f4f38fe@rorschach.local.home

Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Cc: Vincent Donnefort   <vdonnefort@google.com>
Fixes: b2dd797543 ("ring-buffer: Force absolute timestamp on discard of event")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-15 08:38:11 -05:00
Steven Rostedt (Google)
dd93942570 ring-buffer: Do not try to put back write_stamp
If an update to an event is interrupted by another event between the time
the initial event allocated its buffer and where it wrote to the
write_stamp, the code try to reset the write stamp back to the what it had
just overwritten. It knows that it was overwritten via checking the
before_stamp, and if it didn't match what it wrote to the before_stamp
before it allocated its space, it knows it was overwritten.

To put back the write_stamp, it uses the before_stamp it read. The problem
here is that by writing the before_stamp to the write_stamp it makes the
two equal again, which means that the write_stamp can be considered valid
as the last timestamp written to the ring buffer. But this is not
necessarily true. The event that interrupted the event could have been
interrupted in a way that it was interrupted as well, and can end up
leaving with an invalid write_stamp. But if this happens and returns to
this context that uses the before_stamp to update the write_stamp again,
it can possibly incorrectly make it valid, causing later events to have in
correct time stamps.

As it is OK to leave this function with an invalid write_stamp (one that
doesn't match the before_stamp), there's no reason to try to make it valid
again in this case. If this race happens, then just leave with the invalid
write_stamp and the next event to come along will just add a absolute
timestamp and validate everything again.

Bonus points: This gets rid of another cmpxchg64!

Link: https://lore.kernel.org/linux-trace-kernel/20231214222921.193037a7@gandalf.local.home

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Cc: Vincent Donnefort <vdonnefort@google.com>
Fixes: a389d86f7f ("ring-buffer: Have nested events still record running time stamp")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-12-15 08:38:05 -05:00
Shubhrajyoti Datta
9483aa4491 EDAC/versal: Read num_csrows and num_chans using the correct bitfield macro
Fix the extraction of num_csrows and num_chans. The extraction of the
num_rows is wrong. Instead of extracting using the FIELD_GET it is
calling FIELD_PREP.

The issue was masked as the default design has the rows as 0.

Fixes: 6f15b178cd ("EDAC/versal: Add a Xilinx Versal memory controller driver")
Closes: https://lore.kernel.org/all/60ca157e-6eff-d12c-9dc0-8aeab125edda@linux-m68k.org/
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20231215053352.8740-1-shubhrajyoti.datta@amd.com
2023-12-15 13:01:27 +01:00
Mark Rutland
7e2c1e4b34 perf: Fix perf_event_validate_size() lockdep splat
When lockdep is enabled, the for_each_sibling_event(sibling, event)
macro checks that event->ctx->mutex is held. When creating a new group
leader event, we call perf_event_validate_size() on a partially
initialized event where event->ctx is NULL, and so when
for_each_sibling_event() attempts to check event->ctx->mutex, we get a
splat, as reported by Lucas De Marchi:

  WARNING: CPU: 8 PID: 1471 at kernel/events/core.c:1950 __do_sys_perf_event_open+0xf37/0x1080

This only happens for a new event which is its own group_leader, and in
this case there cannot be any sibling events. Thus it's safe to skip the
check for siblings, which avoids having to make invasive and ugly
changes to for_each_sibling_event().

Avoid the splat by bailing out early when the new event is its own
group_leader.

Fixes: 382c27f4ed ("perf: Fix perf_event_validate_size()")
Closes: https://lore.kernel.org/lkml/20231214000620.3081018-1-lucas.demarchi@intel.com/
Closes: https://lore.kernel.org/lkml/ZXpm6gQ%2Fd59jGsuW@xpf.sh.intel.com/
Reported-by: Lucas De Marchi <lucas.demarchi@intel.com>
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20231215112450.3972309-1-mark.rutland@arm.com
2023-12-15 12:33:23 +01:00
Ira Weiny
ef3d5cf9c5 cxl/pmu: Ensure put_device on pmu devices
The following kmemleaks were detected when removing the cxl module
stack:

unreferenced object 0xffff88822616b800 (size 1024):
...
  backtrace:
    [<00000000bedc6f83>] kmalloc_trace+0x26/0x90
    [<00000000448d1afc>] devm_cxl_pmu_add+0x3a/0x110 [cxl_core]
    [<00000000ca3bfe16>] 0xffffffffa105213b
    [<00000000ba7f78dc>] local_pci_probe+0x41/0x90
    [<000000005bb027ac>] pci_device_probe+0xb0/0x1c0
...
unreferenced object 0xffff8882260abcc0 (size 16):
...
  hex dump (first 16 bytes):
    70 6d 75 5f 6d 65 6d 30 2e 30 00 26 82 88 ff ff  pmu_mem0.0.&....
  backtrace:
...
    [<00000000152b5e98>] dev_set_name+0x43/0x50
    [<00000000c228798b>] devm_cxl_pmu_add+0x102/0x110 [cxl_core]
    [<00000000ca3bfe16>] 0xffffffffa105213b
    [<00000000ba7f78dc>] local_pci_probe+0x41/0x90
    [<000000005bb027ac>] pci_device_probe+0xb0/0x1c0
...
unreferenced object 0xffff8882272af200 (size 256):
...
  backtrace:
    [<00000000bedc6f83>] kmalloc_trace+0x26/0x90
    [<00000000a14d1813>] device_add+0x4ea/0x890
    [<00000000a3f07b47>] devm_cxl_pmu_add+0xbe/0x110 [cxl_core]
    [<00000000ca3bfe16>] 0xffffffffa105213b
    [<00000000ba7f78dc>] local_pci_probe+0x41/0x90
    [<000000005bb027ac>] pci_device_probe+0xb0/0x1c0
...

devm_cxl_pmu_add() correctly registers a device remove function but it
only calls device_del() which is only part of device unregistration.

Properly call device_unregister() to free up the memory associated with
the device.

Fixes: 1ad3f701c3 ("cxl/pci: Find and register CXL PMU devices")
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/20231016-pmu-unregister-fix-v1-1-1e2eb2fa3c69@intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2023-12-14 21:54:45 -08:00
Lyude Paul
7ba84cbf18 drm/nouveau/kms/nv50-: Don't allow inheritance of headless iors
Turns out we made a silly mistake when coming up with OR inheritance on
nouveau. On pre-DCB 4.1, iors are statically routed to output paths via the
DCB. On later generations iors are only routed to an output path if they're
actually being used. Unfortunately, it appears with NVIF_OUTP_INHERIT_V0 we
make the mistake of assuming the later is true on all generations, which is
currently leading us to return bogus ior -> head assignments through nvif,
which causes WARN_ON().

So - fix this by verifying that we actually know that there's a head
assigned to an ior before allowing it to be inherited through nvif. This
-should- hopefully fix the WARN_ON on GT218 reported by Borislav.

Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Reported-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20231214004359.1028109-1-lyude@redhat.com
2023-12-15 14:11:47 +10:00
Thierry Reding
46dec61643 drm/nouveau: Fixup gk20a instobj hierarchy
Commit 12c9b05da9 ("drm/nouveau/imem: support allocations not
preserved across suspend") uses container_of() to cast from struct
nvkm_memory to struct nvkm_instobj, assuming that all instance objects
are derived from struct nvkm_instobj. For the gk20a family that's not
the case and they are derived from struct nvkm_memory instead. This
causes some subtle data corruption (nvkm_instobj.preserve ends up
mapping to gk20a_instobj.vaddr) that causes a NULL pointer dereference
in gk20a_instobj_acquire_iommu() (and possibly elsewhere) and also
prevents suspend/resume from working.

Fix this by making struct gk20a_instobj derive from struct nvkm_instobj
instead.

Fixes: 12c9b05da9 ("drm/nouveau/imem: support allocations not preserved across suspend")
Reported-by: Jonathan Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20231208104653.1917055-1-thierry.reding@gmail.com
2023-12-15 14:10:40 +10:00
Linus Torvalds
3f7168591e four import client fixes addressing potential overflows, all marked for stable as well
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmV7q7QACgkQiiy9cAdy
 T1G9EQv/fpdrMMDcivh3h8vzZTxR9kIDa971C/wEPgQb4CNtRp2LTfybg/OOeyPD
 qtdRVXyUs3fA/1/tCxfdo2Jan1E4iEFOkzGXv+EmolCpQ5Ye3tEsAwF6s5eP9pUc
 wR5/swzNFdVfW5BwoES7/RonMezc43OXWZY0Y/9NiaPZKV7i8NTz2ZlfDMjPkplL
 Pxlmiht62L11O3Ui4h8udVGaLagfbmbPt4MLfpuMupDFg071XA8Sz8AF0Wfqh2zu
 WxkTCGHD6Oj8GPp1gJcVUkLgugvSzeSmarTOgygZVF5/fIeFJKB8VrfqCxDZcxhe
 e4E4QEv6tfetutwuCFJejTHeNgrzvMOoR+tuw5/oci/W8msq0l91varSXf0TwUBc
 7ZSnFIw92Oa4pG0zYV9SbTAxEwuoMbrUAXDvraT9AccBYFBZm66TVooR2rnTwRwc
 art398CiTdRcllP9g4ZI4ogxzkHHsVJnQ5w0h/R6/7Y1qLEqRcps84LwmSMYaK4y
 5jad3mh9
 =i6Gk
 -----END PGP SIGNATURE-----

Merge tag '6.7-rc5-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:
 "Address OOBs and NULL dereference found by Dr. Morris's recent
  analysis and fuzzing.

  All marked for stable as well"

* tag '6.7-rc5-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  smb: client: fix OOB in smb2_query_reparse_point()
  smb: client: fix NULL deref in asn1_ber_decoder()
  smb: client: fix potential OOBs in smb2_parse_contexts()
  smb: client: fix OOB in receive_encrypted_standard()
2023-12-14 19:57:42 -08:00
Dave Airlie
f8678a3368 Merge tag 'drm-misc-fixes-2023-12-14' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
drm-misc-fixes for v6.7-rc6:
- Fix regression for checking if FD is master capable.
- Fix uninitialized variables in drm/crtc.
- Fix ivpu w/a.
- Refresh modes correctly when updating EDID.
- Small panel fixes.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/2d46b68f-c5a4-45e5-beb4-411569f4aac8@linux.intel.com
2023-12-15 12:47:12 +10:00
Dave Airlie
7beae48301 amd-drm-fixes-6.7-2023-12-13:
amdgpu:
 - Fix suspend fix that got accidently mangled last week
 - Fix OD regression
 - PSR fixes
 - OLED Backlight regression fix
 - JPEG 4.0.5 fix
 - Misc display fixes
 - SDMA 5.2 fix
 - SDMA 2.4 regression fix
 - GPUVM race fix
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZXorEAAKCRC93/aFa7yZ
 2KlVAQDR5Vu1PR63CTKM97Q9LZk49oJMGp3ymmmzlo6gOMqL1AD/U6KBr5Tkpm+0
 zkClEbVieWArqEPW4uVtpOekJPlpoAc=
 =APob
 -----END PGP SIGNATURE-----

Merge tag 'amd-drm-fixes-6.7-2023-12-13' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-6.7-2023-12-13:

amdgpu:
- Fix suspend fix that got accidently mangled last week
- Fix OD regression
- PSR fixes
- OLED Backlight regression fix
- JPEG 4.0.5 fix
- Misc display fixes
- SDMA 5.2 fix
- SDMA 2.4 regression fix
- GPUVM race fix

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20231213221122.4937-1-alexander.deucher@amd.com
2023-12-15 12:22:00 +10:00
Linus Torvalds
976600c6da platform-drivers-x86 for v6.7-4
Changes:
 - tablet-mode-switch events fix
 - kernel-doc warning fixes
 
 The following is an automated shortlog grouped by driver:
 
 intel_ips:
  -  fix kernel-doc formatting
 
 intel-vbtn:
  -  Fix missing tablet-mode-switch events
 
 thinkpad_acpi:
  -  fix kernel-doc warnings
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCZXsmeAAKCRBZrE9hU+XO
 MTloAQD4LVq4SjFt6ioTe/rViBNEp2SzMIVg7TCGVmK03l/wVQEAthR0Wm0m+PhK
 CNKXB0PhFkf1rPLznaO1nRh6MIYZUQE=
 =Uqjo
 -----END PGP SIGNATURE-----

Merge tag 'platform-drivers-x86-v6.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform driver fixes from Ilpo Järvinen:

 - tablet-mode-switch events fix

 - kernel-doc warning fixes

* tag 'platform-drivers-x86-v6.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
  platform/x86: intel_ips: fix kernel-doc formatting
  platform/x86: thinkpad_acpi: fix kernel-doc warnings
  platform/x86: intel-vbtn: Fix missing tablet-mode-switch events
2023-12-14 17:15:33 -08:00
Dave Airlie
51af556342 Merge tag 'drm-intel-fixes-2023-12-13' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
drm/i915 fixes for v6.7-rc6:
- Fix selftest engine reset count storage for multi-tile
- Fix out-of-bounds reads for engine reset counts
- Fix ADL+ remapped stride with CCS
- Fix intel_atomic_setup_scalers() plane_state handling
- Fix ADL+ tiled plane stride when the POT stride is smaller than the original
- Fix eDP 1.4 rate select method link configuration

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/871qbqw4rw.fsf@intel.com
2023-12-15 11:12:41 +10:00
Al Viro
1ba0e9d69b io_uring/cmd: fix breakage in SOCKET_URING_OP_SIOC* implementation
In 8e9fad0e70 "io_uring: Add io_uring command support for sockets"
you've got an include of asm-generic/ioctls.h done in io_uring/uring_cmd.c.
That had been done for the sake of this chunk -
+               ret = prot->ioctl(sk, SIOCINQ, &arg);
+               if (ret)
+                       return ret;
+               return arg;
+       case SOCKET_URING_OP_SIOCOUTQ:
+               ret = prot->ioctl(sk, SIOCOUTQ, &arg);

SIOC{IN,OUT}Q are defined to symbols (FIONREAD and TIOCOUTQ) that come from
ioctls.h, all right, but the values vary by the architecture.

FIONREAD is
	0x467F on mips
	0x4004667F on alpha, powerpc and sparc
	0x8004667F on sh and xtensa
	0x541B everywhere else
TIOCOUTQ is
	0x7472 on mips
	0x40047473 on alpha, powerpc and sparc
	0x80047473 on sh and xtensa
	0x5411 everywhere else

->ioctl() expects the same values it would've gotten from userland; all
places where we compare with SIOC{IN,OUT}Q are using asm/ioctls.h, so
they pick the correct values.  io_uring_cmd_sock(), OTOH, ends up
passing the default ones.

Fixes: 8e9fad0e70 ("io_uring: Add io_uring command support for sockets")
Cc:  <stable@vger.kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Link: https://lore.kernel.org/r/20231214213408.GT1674809@ZenIV
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-12-14 16:52:13 -07:00
Linus Torvalds
c7402612e2 Current release - regressions:
- tcp: fix tcp_disordered_ack() vs usec TS resolution
 
 Current release - new code bugs:
 
   - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()
 
   - eth: octeon_ep: initialise control mbox tasks before using APIs
 
 Previous releases - regressions:
 
   - io_uring/af_unix: disable sending io_uring over sockets
 
   - eth: mlx5e:
     - TC, don't offload post action rule if not supported
     - fix possible deadlock on mlx5e_tx_timeout_work
 
   - eth: iavf: fix iavf_shutdown to call iavf_remove instead iavf_close
 
   - eth: bnxt_en: fix skb recycling logic in bnxt_deliver_skb()
 
   - eth: ena: fix DMA syncing in XDP path when SWIOTLB is on
 
   - eth: team: fix use-after-free when an option instance allocation fails
 
 Previous releases - always broken:
 
   - neighbour: don't let neigh_forced_gc() disable preemption for long
 
   - net: prevent mss overflow in skb_segment()
 
   - ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
 
   - tcp: remove acked SYN flag from packet in the transmit queue correctly
 
   - eth: octeontx2-af:
     - fix a use-after-free in rvu_nix_register_reporters
     - fix promisc mcam entry action
 
   - eth: dwmac-loongson: make sure MDIO is initialized before use
 
   - eth: atlantic: fix double free in ring reinit logic
 
 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmV6/E4SHHBhYmVuaUBy
 ZWRoYXQuY29tAAoJECkkeY3MjxOkas8P/if7c+MUxkegwRbO0vOObG/B/QXJ+dR8
 UcqPYnroF0u7s2KhDqbj/h9msbNhAmWzrhzk4c086hpIkq34piiS+W319K/tia6u
 H1fRbVfBAo/mcQ8eG7EPiDYrNKDhuiGL6Gsd/Fdl9om1CMjW4fAFWY1F79OoL7F5
 mDTiVdnHik06CGgic6zRdp4xy6zHZ5oBanS60VNjLa4sb69g1Z1fjLQoJt4qXYbJ
 jWZ9QkJ1t/98MOca6mFIZNJY+f3doYMRv5dP1oUSJmbFGfCYjbMcdpa3BQlTiDdu
 96xWF01p5uJ2UBib0nKiGSZmg1Xz1xal9V+ahApmTe8BpZAn6PJeXYbtMQO2SXYf
 VW3V7rSkCB482UPN3siubhtZnOE5oYixM/5OL/UGZv113ShF8HNjj4AAZOeXtJPc
 75QeQOSRy+vhopEexCZ+21Zou+Ao3MjEFlVMCfTJ7couvjFg9LNkazHTXfAkwe0J
 QaLYpbbaXwS3lOspwWFK2rV/G+3fpJZBrW2WRwlLBMMg3lXLuo2OdqrewV9GoI36
 ksqv2c5mMtLwomdM2QfK0zeUc6kDeqlpEcjMzfapn/92A+pcAmcBpT2FfFDR4QUz
 nhoULC2XvTdlri7nxxp/9AYbQK0DFXqChPPV3NdcN/HPI7fYFHTv387ZkLU5zDlN
 nwnXj8rbA0d5
 =84lK
 -----END PGP SIGNATURE-----

Merge tag 'net-6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Paolo Abeni:
"Current release - regressions:

   - tcp: fix tcp_disordered_ack() vs usec TS resolution

  Current release - new code bugs:

   - dpll: sanitize possible null pointer dereference in
     dpll_pin_parent_pin_set()

   - eth: octeon_ep: initialise control mbox tasks before using APIs

  Previous releases - regressions:

   - io_uring/af_unix: disable sending io_uring over sockets

   - eth: mlx5e:
       - TC, don't offload post action rule if not supported
       - fix possible deadlock on mlx5e_tx_timeout_work

   - eth: iavf: fix iavf_shutdown to call iavf_remove instead iavf_close

   - eth: bnxt_en: fix skb recycling logic in bnxt_deliver_skb()

   - eth: ena: fix DMA syncing in XDP path when SWIOTLB is on

   - eth: team: fix use-after-free when an option instance allocation
     fails

  Previous releases - always broken:

   - neighbour: don't let neigh_forced_gc() disable preemption for long

   - net: prevent mss overflow in skb_segment()

   - ipv6: support reporting otherwise unknown prefix flags in
     RTM_NEWPREFIX

   - tcp: remove acked SYN flag from packet in the transmit queue
     correctly

   - eth: octeontx2-af:
       - fix a use-after-free in rvu_nix_register_reporters
       - fix promisc mcam entry action

   - eth: dwmac-loongson: make sure MDIO is initialized before use

   - eth: atlantic: fix double free in ring reinit logic"

* tag 'net-6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (62 commits)
  net: atlantic: fix double free in ring reinit logic
  appletalk: Fix Use-After-Free in atalk_ioctl
  net: stmmac: Handle disabled MDIO busses from devicetree
  net: stmmac: dwmac-qcom-ethqos: Fix drops in 10M SGMII RX
  dpaa2-switch: do not ask for MDB, VLAN and FDB replay
  dpaa2-switch: fix size of the dma_unmap
  net: prevent mss overflow in skb_segment()
  vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space()
  Revert "tcp: disable tcp_autocorking for socket when TCP_NODELAY flag is set"
  MIPS: dts: loongson: drop incorrect dwmac fallback compatible
  stmmac: dwmac-loongson: drop useless check for compatible fallback
  stmmac: dwmac-loongson: Make sure MDIO is initialized before use
  tcp: disable tcp_autocorking for socket when TCP_NODELAY flag is set
  dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()
  net: ena: Fix XDP redirection error
  net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
  net: ena: Fix xdp drops handling due to multibuf packets
  net: ena: Destroy correct number of xdp queues upon failure
  net: Remove acked SYN flag from packet in the transmit queue correctly
  qed: Fix a potential use-after-free in qed_cxt_tables_alloc
  ...
2023-12-14 13:11:49 -08:00
Linus Torvalds
bdb2701f0b for-6.7-rc5-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmV5rTIACgkQxWXV+ddt
 WDuLUg/+Ix/CeA+JY6VZMA2kBHMzmRexSjYONWfQwIL7LPBy4sOuSEaTZt+QQMs+
 AEKau1YfTgo7e9S2DlbZhIWp6P87VFui7Q1E99uJEmKelakvf94DbMrufPTTKjaD
 JG2KB6LsD59yWwfbGHEAVVNGSMRk2LDXzcUWMK6/uzu/7Bcr4ataOymWd86/blUV
 cw5g87uAHpBn+R1ARTf1CkqyYiI9UldNUJmW1q7dwxOyYG+weUtJImosw2Uda76y
 wQXAFQAH3vsFzTC+qjC9Vz7cnyAX9qAw48ODRH7rIT1BQ3yAFQbfXE20jJ/fSE+C
 lz3p05tA9373KAOtLUHmANBwe3NafCnlut6ZYRfpTcEzUslAO5PnajPaHh5Al7uC
 Iwdpy49byoyVFeNf0yECBsuDP8s86HlUALF8mdJabPI1Kl66MUea6KgS1oyO3pCB
 hfqLbpofV4JTywtIRLGQTQvzSwkjPHTbSwtZ9nftTw520a5f7memDu5vi4XzFd+B
 NrJxmz2DrMRlwrLgWg9OXXgx1riWPvHnIoqzjG5W6A9N74Ud1/oz7t3VzjGSQ5S2
 UikRB6iofPE0deD8IF6H6DvFfvQxU9d9BJ6IS9V2zRt5vdgJ2w08FlqbLZewSY4x
 iaQ+L7UYKDjC9hdosXVNu/6fAspyBVdSp2NbKk14fraZtNAoPNs=
 =uF/Q
 -----END PGP SIGNATURE-----

Merge tag 'for-6.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:
  "Some fixes to quota accounting code, mostly around error handling and
   correctness:

   - free reserves on various error paths, after IO errors or
     transaction abort

   - don't clear reserved range at the folio release time, it'll be
     properly cleared after final write

   - fix integer overflow due to int used when passing around size of
     freed reservations

   - fix a regression in squota accounting that missed some cases with
     delayed refs"

* tag 'for-6.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: ensure releasing squota reserve on head refs
  btrfs: don't clear qgroup reserved bit in release_folio
  btrfs: free qgroup pertrans reserve on transaction abort
  btrfs: fix qgroup_free_reserved_data int overflow
  btrfs: free qgroup reserve when ORDERED_IOERR is set
2023-12-14 11:53:00 -08:00
Igor Russkikh
7bb26ea74a net: atlantic: fix double free in ring reinit logic
Driver has a logic leak in ring data allocation/free,
where double free may happen in aq_ring_free if system is under
stress and driver init/deinit is happening.

The probability is higher to get this during suspend/resume cycle.

Verification was done simulating same conditions with

    stress -m 2000 --vm-bytes 20M --vm-hang 10 --backoff 1000
    while true; do sudo ifconfig enp1s0 down; sudo ifconfig enp1s0 up; done

Fixed by explicitly clearing pointers to NULL on deallocation

Fixes: 018423e90b ("net: ethernet: aquantia: Add ring support code")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Closes: https://lore.kernel.org/netdev/CAHk-=wiZZi7FcvqVSUirHBjx0bBUZ4dFrMDVLc3+3HCrtq0rBA@mail.gmail.com/
Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
Link: https://lore.kernel.org/r/20231213094044.22988-1-irusskikh@marvell.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-14 12:10:59 +01:00
Gergo Koteles
315deab289 ALSA: hda/tas2781: reset the amp before component_add
Calling component_add starts loading the firmware, the callback function
writes the program to the amplifiers. If the module resets the
amplifiers after component_add, it happens that one of the amplifiers
does not work because the reset and program writing are interleaving.

Call tas2781_reset before component_add to ensure reliable
initialization.

Fixes: 5be27f1e3e ("ALSA: hda/tas2781: Add tas2781 HDA driver")
CC: stable@vger.kernel.org
Signed-off-by: Gergo Koteles <soyer@irl.hu>
Link: https://lore.kernel.org/r/4d23bf58558e23ee8097de01f70f1eb8d9de2d15.1702511246.git.soyer@irl.hu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2023-12-14 12:04:38 +01:00
Gergo Koteles
6c6fa26414 ALSA: hda/tas2781: call cleanup functions only once
If the module can load the RCA but not the firmware binary, it will call
the cleanup functions. Then unloading the module causes general
protection fault due to double free.

Do not call the cleanup functions in tasdev_fw_ready.

general protection fault, probably for non-canonical address
0x6f2b8a2bff4c8fec: 0000 [#1] PREEMPT SMP NOPTI
Call Trace:
 <TASK>
 ? die_addr+0x36/0x90
 ? exc_general_protection+0x1c5/0x430
 ? asm_exc_general_protection+0x26/0x30
 ? tasdevice_config_info_remove+0x6d/0xd0 [snd_soc_tas2781_fmwlib]
 tas2781_hda_unbind+0xaa/0x100 [snd_hda_scodec_tas2781_i2c]
 component_unbind+0x2e/0x50
 component_unbind_all+0x92/0xa0
 component_del+0xa8/0x140
 tas2781_hda_remove.isra.0+0x32/0x60 [snd_hda_scodec_tas2781_i2c]
 i2c_device_remove+0x26/0xb0

Fixes: 5be27f1e3e ("ALSA: hda/tas2781: Add tas2781 HDA driver")
CC: stable@vger.kernel.org
Signed-off-by: Gergo Koteles <soyer@irl.hu>
Link: https://lore.kernel.org/r/1a0885c424bb21172702d254655882b59ef6477a.1702510018.git.soyer@irl.hu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2023-12-14 12:03:49 +01:00
Hyunwoo Kim
189ff16722 appletalk: Fix Use-After-Free in atalk_ioctl
Because atalk_ioctl() accesses sk->sk_receive_queue
without holding a sk->sk_receive_queue.lock, it can
cause a race with atalk_recvmsg().
A use-after-free for skb occurs with the following flow.
```
atalk_ioctl() -> skb_peek()
atalk_recvmsg() -> skb_recv_datagram() -> skb_free_datagram()
```
Add sk->sk_receive_queue.lock to atalk_ioctl() to fix this issue.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Link: https://lore.kernel.org/r/20231213041056.GA519680@v4bel-B760M-AORUS-ELITE-AX
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-14 12:02:45 +01:00
Andrew Halaney
e23c0d21ce net: stmmac: Handle disabled MDIO busses from devicetree
Many hardware configurations have the MDIO bus disabled, and are instead
using some other MDIO bus to talk to the MAC's phy.

of_mdiobus_register() returns -ENODEV in this case. Let's handle it
gracefully instead of failing to probe the MAC.

Fixes: 47dd7a540b ("net: add support for STMicroelectronics Ethernet controllers.")
Signed-off-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Link: https://lore.kernel.org/r/20231212-b4-stmmac-handle-mdio-enodev-v2-1-600171acf79f@redhat.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-14 11:59:21 +01:00