snapshot-based mirroring scenarios in RBD and a reference counting
fixup to avoid use-after-free in CephFS, all marked for stable.
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmSDUh4THGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzi0guB/4l7wOFnFvC+Dz5Y0KKuq2zFGQ64eZM
hVpKEANsV/py/MTOdCzhW5cNcNj5/g8+1eozGxA8IzckzWf+25ziIn+BNWOO7DK1
eO1U0wdiFnkXzr3nKSqNqm+hrUupAUd4Rb6644I4FwWKRu1WQydRjmvFVE+gw86O
eeXujr3IlhhDF/VqO0sekCx9MaFPQaCaoscM3gU04meKAG84jt3oezueOlRqYFTX
batwJ33wzVtLSh1NJIhC0iBMuBgvnuqQ9R8bHTdSNkR8Ov4V3B4DQGL4lmYnBxbv
L3fMcz+sdZu3bDptUta4ZgdS4LkxUUUUEK07XeoBhAjZ3qPrMiD/gXay
=S7Tu
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-6.4-rc6' of https://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"A fix for a potential data corruption in differential backup and
snapshot-based mirroring scenarios in RBD and a reference counting
fixup to avoid use-after-free in CephFS, all marked for stable"
* tag 'ceph-for-6.4-rc6' of https://github.com/ceph/ceph-client:
ceph: fix use-after-free bug for inodes when flushing capsnaps
rbd: get snapshot context after exclusive lock is ensured to be held
rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
The lock around counting the channel queue length in the BIODASDINFO
ioctl was incorrectly changed to the dasd_block->queue_lock with commit
583d6535cb ("dasd: remove dead code"). This can lead to endless list
iterations and a subsequent crash.
The queue_lock is supposed to be used only for queue lists belonging to
dasd_block. For dasd_device related queue lists the ccwdev lock must be
used.
Fix the mentioned issues by correctly using the ccwdev lock instead of
the queue lock.
Fixes: 583d6535cb ("dasd: remove dead code")
Cc: stable@vger.kernel.org # v5.0+
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Link: https://lore.kernel.org/r/20230609153750.1258763-2-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
If qaic_destroy_drm_device() is called before the device has fully
initialized it will cause a NULL pointer dereference as the drm device
has not yet been created. Fix this with a NULL check.
Fixes: c501ca23a6 ("accel/qaic: Add uapi and core driver file")
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230602210440.8411-3-quic_jhugo@quicinc.com
After user handle is allocated, if mutex is interrupted, we do not free
the user handle and return an error. Kref had been initialized, but not
added to users list, so device teardown would also not call free_usr.
Fixes: c501ca23a6 ("accel/qaic: Add uapi and core driver file")
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230602210440.8411-2-quic_jhugo@quicinc.com
* A fix to avoid ISA-disallowed privilege mappings that can result from
WRITE+EXEC mmap requests from userspace.
* A fix for kfence to handle the huge pages.
* A fix to avoid converting misaligned VAs to huge pages.
* ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE has been selected so kprobe can
understand user pointers.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmSDOpgTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYie+/D/oCjQbBFZaOEsRtZp2SlMz0COjVurXv
ClQWSqPEvbWg28dZvapZzjRcBc6X7Th6P6ia1FIa/XDTLKTPBdBoVSo1iRfH12bm
1CBsEKP08vMeN3b2nOD82B0XFl9PCB2AEHYo88a8k6ifEYMwfRU6g8ldHZC2HMF1
3z2vT7XR40t9E7MNPBG7Kn+2JHob7iB8bqMAZfoxyth4q8H2s7QEGCCwtwFRWGix
h6NW66WojWnTn+cniX8NbIY+5xV37xH/S4x2cFqGUklHD1/B8rCnXPpJqtmcSb9n
pGV30m7sw8sYdWHPABjMutRVCRv0DpPmqUEHAOThLzAoIqBHv+4e9ov8PmU8pJcz
5em6Cl+5Io/qzNa+uXT3cO1tfAzCid2r91cbpfa8RTBu8ZIf1GPS0SrgrdofU+Mw
X5j90J8Hd7YH+egfI4DOZXxE+79VV8AVtH/aPWJxriOoAFjxzvP6OCckJo5ee4A7
EWhxsdQZVQ+WMga7yWMBknmxFYlabNjZrZ+/bAhfHTseljVGkHxr5dF+78g5dyZt
yvcnHMTiDXHKdRaHknquBh9hAVh2s4xNea00x3h0ybZR0GVJH3ZnWTdz7RLtyop7
tWEcFHngQRtKJeIn33T6yioRkfUq2ODXKmBAJq0OwQCV8S8f42mE72iVw67fJQ9u
XWJdYX0CqM3YPg==
=CaWh
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- A fix to avoid ISA-disallowed privilege mappings that can result from
WRITE+EXEC mmap requests from userspace.
- A fix for kfence to handle the huge pages.
- A fix to avoid converting misaligned VAs to huge pages.
- ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE has been selected so kprobe
can understand user pointers.
* tag 'riscv-for-linus-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: fix kprobe __user string arg print fault issue
riscv: Check the virtual alignment before choosing a map size
riscv: Fix kfence now that the linear mapping can be backed by PUD/P4D/PGD
riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
- Avoid linker error for randomly generated config file that
has CONFIG_BRANCH_PROFILE_NONE enabled and make it similar
to riscv, x86 and also to commit 4bf3ec384e ("s390: disable
branch profiling for vdso").
- Currently, if the device is offline and all the channel paths are
either configured or varied offline, the associated subchannel gets
unregistered. Don't unregister the subchannel, instead unregister
offline device.
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCZIMTsBccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8GXeAP0eglohSvMEtIQT3U5CaSdg8cXP
H3FXGtWymDiropZErQD/ZOYzbN1OBW05/ZBbdJQGYeH32FsJYXZE4JegAzDuqAY=
=bJaO
-----END PGP SIGNATURE-----
Merge tag 's390-6.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Alexander Gordeev:
- Avoid linker error for randomly generated config file that has
CONFIG_BRANCH_PROFILE_NONE enabled and make it similar to riscv, x86
and also to commit 4bf3ec384e ("s390: disable branch profiling for
vdso").
- Currently, if the device is offline and all the channel paths are
either configured or varied offline, the associated subchannel gets
unregistered. Don't unregister the subchannel, instead unregister
offline device.
* tag 's390-6.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/purgatory: disable branch profiling
s390/cio: unregister device when the only path is gone
In the following:
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
assign_lock_key kernel/locking/lockdep.c:982 [inline]
register_lock_class+0xdb6/0x1120 kernel/locking/lockdep.c:1295
__lock_acquire+0x10a/0x5df0 kernel/locking/lockdep.c:4951
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162
skb_dequeue+0x20/0x180 net/core/skbuff.c:3639
drain_resp_pkts drivers/infiniband/sw/rxe/rxe_comp.c:555 [inline]
rxe_completer+0x250d/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:652
rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761
execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473
__rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233
rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583
This is a use-before-initialization problem.
It happens because rxe_qp_do_cleanup is called during error unwind before
the struct has been fully initialized.
Move the initialization of the skb earlier.
Fixes: 8700e3e7c4 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20230602035408.741534-1-yanjun.zhu@intel.com
Reported-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
- fix a memory corruption bug in gpio-sim
- fix inconsistencies in user-space configuration of gpio-sim
- make Andy Shevchenko a reviewer for the GPIO subsystem
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmSDOaEACgkQEacuoBRx
13KlgQ/+M0154lzMnynfwK7UjCVhXrpeTvwvy+Lxl6rUOUwLAvf91RO6nKC838/m
XEqYIZ2gbWEbgVGQnSKAJFy8B0boso54DE0R/zQ3mkmiSsZmWhET7rCWtJCGkIDC
M7BJmYnLbTwlveI5FFAl+AMGH1RWDljubgEwqnCX2RbJFwz3DVAAn8o+tZWu1Wm4
GUAgu8vEggM6idk0TolrCr/Tuic+T8QpGU1P3I2PA05G6t746dpMCDKg6W5M7N4F
gKARLMsf1FOcQAA+AcTnu8XzbWaYrm/HUR3I+BtnBKLdB8EFYzTC7gamKtlbiUVj
ReM1P9L71P/oHG+64smH+NViI4poVeaWArNDP3zxvLvWe+flNS22vomEvVKo+q8H
9a2dS5a4HU3ZTUlVpIzVvM+52JY2cKk2c+KvvDTYU49AMsccAHkfLE3Qsw2JmzIj
dX5I/3HiYYraM7Pe5xS0xlbJk9hekSXT35yoIJDdH2pmZwORqzgd4nkBoXF7dyS1
S1NfABdyfdy3LpuoqEvspvv/0HJqba1y8/IaRBbJsn9mj5uvNSmzxKUGjbZUzQfB
OvUVynJD5Ac7qsnFo5QxCP0AuXFIF96P1tf44rGmZBd2Pw+MeOEiiS+yvLNNd/wM
SetlMHnZW+X/YorvWfVp5vUS1+Rw2LuPQPBWBjC/YIABJ1JC3Ks=
=DFOg
-----END PGP SIGNATURE-----
Merge tag 'gpio-fixes-for-v6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fixes from Bartosz Golaszewski:
"Two fixes for the GPIO testing module and one commit making Andy a
reviewer for the GPIO subsystem:
- fix a memory corruption bug in gpio-sim
- fix inconsistencies in user-space configuration of gpio-sim
- make Andy Shevchenko a reviewer for the GPIO subsystem"
* tag 'gpio-fixes-for-v6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
MAINTAINERS: add Andy Shevchenko as reviewer for the GPIO subsystem
gpio: sim: quietly ignore configured lines outside the bank
gpio: sim: fix memory corruption when adding named lines and unnamed hogs
The canonical location for the tracefs filesystem is at /sys/kernel/tracing.
But, from Documentation/trace/ftrace.rst:
Before 4.1, all ftrace tracing control files were within the debugfs
file system, which is typically located at /sys/kernel/debug/tracing.
For backward compatibility, when mounting the debugfs file system,
the tracefs file system will be automatically mounted at:
/sys/kernel/debug/tracing
A few spots in tools/virtio still refer to this older debugfs
path, so let's update them to avoid confusion.
Signed-off-by: Ross Zwisler <zwisler@google.com>
Message-Id: <20230215223350.2658616-6-zwisler@google.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com>
Use the right structs for PACKED or split vqs when setting and
getting the vring base.
Fixes: 4c8cf31885 ("vhost: introduce vDPA-based backend")
Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
Message-Id: <20230424225031.18947-4-shannon.nelson@amd.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Use the right structs for PACKED or split vqs when setting and
getting the vring base.
Fixes: 4c8cf31885 ("vhost: introduce vDPA-based backend")
Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
Message-Id: <20230424225031.18947-3-shannon.nelson@amd.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
so far this cycle.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmSC588ACgkQQRCzN7AZ
XXMISw/9EI3BIDi4cO92/E6PTmAq8JppxGVjojYsGAbZtQiFeBz2v514MizfG2Fk
JLxW8MLXde2L7Qa/eZ4JMIrrE8qvFDoBb5zkXGVkI5VqIJP33/rsM2p0N6lE7FJx
6jqfXEfxbeFRbGfPCeXE2gJPUIGqb3Rw0bE48n9sJ2t5e0WOkll6kf+lMuYnMKh9
Hy75+cqhnYocQRXr/93NmefNolG+o/usWm0Qt7G1ZVmmJ/oyQxSgS7+JgjMhOJxp
Cy2YM5IPT6qvX9WXMYXkxzmG3rfePIjh9lEI2VM2/PJ3GhYC/Su9lHsb0yz9ByUh
m8rnweZHiZ4R5hZtgItzvN716TvGoZ+qpewMPk7OO0OuM2/q7yk12grsDXYeIM6I
eocIOU5ipvKCDMMU0Ysqi2AgJOzIC5zRBdm+c++hpp/HuEvuZg95V4Suo+8B4DuK
A+oP76OMS5twvOPUIlt9yY70MJg00L26K7S8++AR00mTpfJ7YP+rRZDZFg640Wr5
APhHhU+bK1h5qG0lxdSeVZ2xfGrZyl8N6VpKp+k9Lmjo6a1CjXtC0PnOBjngfawN
66iZUOXccNmfqFLHuZOcgy5P5abK/z4+SWS/2KAWPwTTHsBZZW3E7KX/8cicRao0
MAletrjArcnXVSMhEiovfZq/Pmv03SLmKEZ0XMoBqSLP/INg0uE=
=pohE
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fix from Linus Walleij:
"A single fix for the Meson driver, nothing else has surfaced so far
this cycle"
* tag 'pinctrl-v6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: meson-axg: add missing GPIOA_18 gpio group
Lots of small fixes, and almost all are device-specific.
A few of them are the fixes for the old regressions by the fast
kctl lookups (introduced around 5.19). Others are ASoC simple-card
fixes, selftest compile warning fixes, ASoC AMD quirks, various
ASoC codec fixes as well as usual HD-audio quirks.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmSCzssOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9Xsw//Uw6S7GTEGSLGUGI1AkUB8iFql7/eyNg9jt0N
LCwHF0mST5GZ6t2BHHNchEW0xOU4QvwqKy/qw5Wcswnfv+zaqT8kOk3MwTWK775m
xCvt+TMXj16Raz/zm7fmfQqOgbnLXUEjssbekIPGJVt2NW+bGq5qlxsMZUC0lMwo
Dfc/kobOGjqwoYeOCzWG5NaRYqIeYIx9/RY0SOFilEmh+QpU8GXWbCKnWkMWaYCj
7Ey9jjEOct9Je8G4v4vtbPSpBdkNO2lgfsMC1mgVE2PspukN9oq6E8yaqrBVDg2d
Pf2sqESYilfku71aKL1DpKNl/PNACZ+GWFYwnMAO84JSPy1QdtVh3Roq5CwetXvD
WnentI7jSFblRduxr00ZPypLCBIgOnTYBizwx0HeI303cYHU1r1pP+9tuKlE/3lk
yx/PJE8crCzcb1rzdSw4ABkBQXgYuZ04DwseSMejC1JC+u8JLA6VkY9LXeByj/5G
MnT8cJaQQ6DzgfMK+wtLNqorlbBz1btKbgwPjg9sfOxGbp5Y11VNipyDMfE1vvyV
bGgeDbMppUAQxJssIozOU7gsF61FFbua9vTtr1ikEuH/Wywg3SIQboIn2i3n0tzq
pPzEc19BR3i7ZXVlRujnmRqImlW7JJ0QvYIaFh+V+BYYu+L74l+9WSnTnP9XuiEy
gbwXcnA=
=XwtQ
-----END PGP SIGNATURE-----
Merge tag 'sound-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Lots of small fixes, and almost all are device-specific.
A few of them are the fixes for the old regressions by the fast kctl
lookups (introduced around 5.19). Others are ASoC simple-card fixes,
selftest compile warning fixes, ASoC AMD quirks, various ASoC codec
fixes as well as usual HD-audio quirks"
* tag 'sound-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (26 commits)
ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform
ALSA: hda: Fix kctl->id initialization
ALSA: gus: Fix kctl->id initialization
ALSA: cmipci: Fix kctl->id initialization
ALSA: ymfpci: Fix kctl->id initialization
ALSA: ice1712,ice1724: fix the kcontrol->id initialization
ALSA: hda/realtek: Add quirk for Clevo NS50AU
ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256
ALSA: hda/realtek: Add Lenovo P3 Tower platform
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
selftests: alsa: pcm-test: Fix compiler warnings about the format
ASoC: fsl_sai: Enable BCI bit if SAI works on synchronous mode with BYP asserted
ASoC: simple-card-utils: fix PCM constraint error check
ASoC: cs35l56: Remove NULL check from cs35l56_sdw_dai_set_stream()
ASoC: max98363: limit the number of channel to 1
ASoC: max98363: Removed 32bit support
ASoC: mediatek: mt8195: fix use-after-free in driver remove path
ASoC: mediatek: mt8188: fix use-after-free in driver remove path
ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
...
have the quota feature enabled.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAmSClpwACgkQ8vlZVpUN
gaME9AgAhKZuMUc9HxcMmXgkrVVTYh18OQVNwb8yI09gVspUkNC43mgwtYLAL6XT
fr1ifzSDgjKYSAaSXALP//zxo/xGAl1cKfjLz/XqeqU2TlVnQyvUTkO5ywe2YYHo
UZ2HbbiYXKH1c5PsqcwaiPmcf/sZvrXjvpvP4v4iO/b58UBKG5OIIlP6X/XgArco
KYeMuFZYOX+jsgP/9+I+cutUEa9paHnMxycmPARdrnem3eA0jZtS7YrLJijxFmbV
c4AFcbtuaW+ZmMHPsxtYoeQxM7TbL3vA0FghS14MxtdCipLkv5MTPnstaW/jGnST
IlHLwLADCktbusV8UVJotWfAWcKeGw==
=lKq5
-----END PGP SIGNATURE-----
Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 fix from Ted Ts'o:
"Fix an ext4 regression which breaks remounting r/w file systems that
have the quota feature enabled"
* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: only check dquot_initialize_needed() when debugging
Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled"
- Fix SPI CS pinmux for the final production version of imx8mn-beacon
board.
- Fix GPIOs for USDHC2 CD and WP signals on imx8qm-mek board.
- Assign default clock rate for i.MX8 LPUARTs to fix UART failure.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCgAyFiEEFmJXigPl4LoGSz08UFdYWoewfM4FAmSAj+8UHHNoYXduZ3Vv
QGtlcm5lbC5vcmcACgkQUFdYWoewfM4UbQf8CZyNR0LC443TKq24tV5YFQktQOc4
4FD7H0oYnqcnlAgxqo0X2aq4K+OwpWxwN4sqKFq3IT6U/FbPxpNIAUXIFjCdvUQs
rnvOmsJRgW+RSc+imVfgKfDPQG3bPX6YaZ2G8b1IyP3HrPfpOgi0V5G5Oi/rzSJ+
doP/pvzNKbS+pUp2ez+LD/YfbcPJcJ6ALX5IkJ1oPbhM7OSpsaenoi1KrlYIC/f0
PLzGnRSu6XAv+Oq7HZz4RWehdWmdXZaAaeHqMID5iDoaELgsqS8hs5C01N0s898U
qyK5va0o9uKfN564ViBSHkrjvIBCRpujap6Mi/56alQxIg7UixmjFgBc3A==
=AbVA
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmSDF98ACgkQYKtH/8kJ
UieJSxAA1RWlEnhdJCapWooFiuZvSG5W4ZysRq7ni6rkxzbD3IcylYCzLmhM4/bh
QOHvtKJDNe93R8mASU8mbSCnx1cvesVJzjBwPw5qnbnRkiNvQGVg8wU2cxSQ8Tph
XHBUOP3fiBRO/9r6N7ffdtYP4A9tH3Oo59vwRv6GgnMCzoRidIk4eDrIXYCZ0RHh
6d93zsFzmBSIca+qokF7nzSwWDSX6UbComIy5sowr2DBo9doJfBrih2tmNEYEo/d
ecvFQoNYxtq0MJnhlYPnx2xYz6b68vF6KzRE0bx6WL2aynFJL0MT8WcBYnDCTJhG
vhyO7tAI/pso6qKmrJA3uVAEeDPh3CYyv5KuTWCeAuhZJr9AjsZ3kEiOoQNduM8O
agN6hFgjknekiBvoY4ej2PnVqhTSf2IMuAO8rEJld9d0SIs4r7z1ok54yI9s0OEP
FaIwvCWF7LlyEx2734JUKAkEumn34g6V+skasFlSyF4V0qo5+7gLekMqH5KrWYZ7
4e0Sbi5nhpqrNNAuUy7l8scaoPBC8F5YLgpgUW5fdkqIzfk1PfMIRkd3AoRXU1bX
4Y97MhB5Z1Lw/3065iWwdiPzwQBkuEfr+vjd+0E0LudJBDvBykieD+iRv5EXxVV0
wRmerups5UhKpoPBJpGr6CJ3hBaOVWdu4yacuGXNIcLTEBEoX4w=
=n8fu
-----END PGP SIGNATURE-----
Merge tag 'imx-fixes-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes
i.MX fixes for 6.4, round 2:
- Fix SPI CS pinmux for the final production version of imx8mn-beacon
board.
- Fix GPIOs for USDHC2 CD and WP signals on imx8qm-mek board.
- Assign default clock rate for i.MX8 LPUARTs to fix UART failure.
* tag 'imx-fixes-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
Link: https://lore.kernel.org/r/20230607141312.GU4199@dragon
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
ieee80211_vif_set_links requires the sdata->local->mtx lock to be held.
Add the appropriate locking around the calls in both the link add and
remove handlers.
This causes a warning when e.g. ieee80211_link_release_channel is called
via ieee80211_link_stop from ieee80211_vif_update_links.
Fixes: 0d8c4a3c86 ("wifi: mac80211: implement add/del interface link callbacks")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230608163202.fa0c6597fdad.I83dd70359f6cda30f86df8418d929c2064cf4995@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The wrapper function was incorrectly calling the add handler instead of
the del handler. This had no negative side effect as the default
handlers are essentially identical.
Fixes: f2a0290b2d ("wifi: cfg80211: add optional link add/remove callbacks")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230608163202.ebd00e000459.Iaff7dc8d1cdecf77f53ea47a0e5080caa36ea02a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In the normal MLME code we always call
ieee80211_mgd_set_link_qos_params() before
ieee80211_link_info_change_notify() and some drivers,
notably iwlwifi, rely on that as they don't do anything
(but store the data) in their conf_tx.
Fix the order here to be the same as in the normal code
paths, so this isn't broken.
Fixes: 3d90110292 ("wifi: mac80211: implement link switching")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230608163202.a2a86bba2f80.Iac97e04827966d22161e63bb6e201b4061e9651b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The locking was changed recently so now the caller holds the wiphy_lock()
lock. Taking the lock inside the reg_wdev_chan_valid() function will
lead to a deadlock.
Fixes: f7e60032c6 ("wifi: cfg80211: fix locking in regulatory disconnect")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/40c4114a-6cb4-4abf-b013-300b598aba65@moroto.mountain
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In the event of a failure in tcf_change_indev(), u32_set_parms() will
immediately return without decrementing the recently incremented
reference counter. If this happens enough times, the counter will
rollover and the reference freed, leading to a double free which can be
used to do 'bad things'.
In order to prevent this, move the point of possible failure above the
point where the reference counter is incremented. Also save any
meaningful return values to be applied to the return data at the
appropriate point in time.
This issue was caught with KASAN.
Fixes: 705c709126 ("net: sched: cls_u32: no need to call tcf_exts_change for newly allocated struct")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
As shown in [1], out-of-bounds access occurs in two cases:
1)when the qdisc of the taprio type is used to replace the previously
configured taprio, count and offset in tc_to_txq can be set to 0. In this
case, the value of *txq in taprio_next_tc_txq() will increases
continuously. When the number of accessed queues exceeds the number of
queues on the device, out-of-bounds access occurs.
2)When packets are dequeued, taprio can be deleted. In this case, the tc
rule of dev is cleared. The count and offset values are also set to 0. In
this case, out-of-bounds access is also caused.
Now the restriction on the queue number is added.
[1] https://groups.google.com/g/syzkaller-bugs/c/_lYOKgkBVMg
Fixes: 2f530df76c ("net/sched: taprio: give higher priority to higher TCs in software dequeue mode")
Reported-by: syzbot+04afcb3d2c840447559a@syzkaller.appspotmail.com
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Tested-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
CN10KB silicon introduced a new exact match feature,
which is used for DMAC filtering. The state of installed
DMAC filters in this exact match table is getting corrupted
when promiscuous mode is toggled. Fix this by not touching
Exact match related config when promiscuous mode is toggled.
Fixes: 2dba9459d2 ("octeontx2-af: Wrapper functions for MAC addr add/del/update/reset")
Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The timestamp descriptors were intended to act cyclically. Descriptors
from index 0 through gq->ring_size - 1 contain actual information, and
the last index (gq->ring_size) should have LINKFIX to indicate
the first index 0 descriptor. However, the LINKFIX value is missing,
causing the timestamp feature to stop after all descriptors are used.
To resolve this issue, set the LINKFIX to the timestamp descritors.
Reported-by: Phong Hoang <phong.hoang.wz@renesas.com>
Fixes: 33f5d733b5 ("net: renesas: rswitch: Improve TX timestamp accuracy")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Instead of relying on skb->transport_header being set correctly, opt
instead to parse the L3 header length out of the L3 headers for both
IPv4/IPv6 when the Extended Layer Op for tcp/udp is used. This fixes a
bug if GRO is disabled, when GRO is disabled skb->transport_header is
set by __netif_receive_skb_core() to point to the L3 header, it's later
fixed by the upper protocol layers, but act_pedit will receive the SKB
before the fixups are completed. The existing behavior causes the
following to edit the L3 header if GRO is disabled instead of the UDP
header:
tc filter add dev eth0 ingress protocol ip flower ip_proto udp \
dst_ip 192.168.1.3 action pedit ex munge udp set dport 18053
Also re-introduce a rate-limited warning if we were unable to extract
the header offset when using the 'ex' interface.
Fixes: 71d0ed7079 ("net/act_pedit: Support using offset relative to
the conventional network headers")
Signed-off-by: Max Tottenham <mtottenh@akamai.com>
Reviewed-by: Josh Hunt <johunt@akamai.com>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202305261541.N165u9TZ-lkp@intel.com/
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAmR80iseHHRvcnZhbGRz
QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGhxkH/2+2NEZjO5SCj9z6
FGrJunmXMOqoryoC3oL953Zhp3oeB/gB7GDdFQLg8tv0QprD6W0L9uorIgFi3lWU
doGWKSjFVEdu6RoUV09bTwm1DislZKJF3NCwTyeb44c3HnTzUvd/zFrY29YNRi9C
j5KXQIq91dke3qQi/3uCLFRKvmr2ss/lXapScwXFhQjaM2VmAMc51xIxkuRz3H01
EmcbJx3Rj9zPxx3Nc7ONMvtHE5+xuVsMdq3dLFCS9Xc/f+qbCCQdRIy9AjaRuR4c
F5nRjwDjq0iv2diF0gK4WtD8fvxVuLaqS0RAi0jsOKVfLphLwkqkPQbbMd5K8qwJ
xTNAiW0=
=FwWR
-----END PGP SIGNATURE-----
Merge tag 'v6.4-rc5' into v4l_for_linus
Linux 6.4-rc5
* tag 'v6.4-rc5': (303 commits)
Linux 6.4-rc5
leds: qcom-lpg: Fix PWM period limits
selftests/ftrace: Choose target function for filter test from samples
KVM: selftests: Add test for race in kvm_recalculate_apic_map()
KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds
KVM: x86: Account fastpath-only VM-Exits in vCPU stats
KVM: SVM: vNMI pending bit is V_NMI_PENDING_MASK not V_NMI_BLOCKING_MASK
KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
tpm, tpm_tis: correct tpm_tis_flags enumeration values
Revert "ext4: remove ac->ac_found > sbi->s_mb_min_to_scan dead check in ext4_mb_check_limits"
riscv: Implement missing huge_ptep_get
riscv: Fix huge_ptep_set_wrprotect when PTE is a NAPOT
module/decompress: Fix error checking on zstd decompression
fork, vhost: Use CLONE_THREAD to fix freezer/ps regression
dt-bindings: serial: 8250_omap: add rs485-rts-active-high
selinux: don't use make's grouped targets feature yet
riscv: perf: Fix callchain parse error with kernel tracepoint events
mptcp: fix active subflow finalization
mptcp: add annotations around sk->sk_shutdown accesses
mptcp: fix data race around msk->first access
...
Switching mm and tinkering with current->active_mm should be done with
irqs disabled. There is a path where exit_lazy_flush_tlb can be called
with irqs enabled:
exit_lazy_flush_tlb
flush_type_needed
__flush_all_mm
tlb_finish_mmu
exit_mmap
Which results in the switching being done with irqs enabled, which is
incorrect.
Fixes: a665eec0a2 ("powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm")
Cc: stable@vger.kernel.org # v5.10+
Reported-by: Sachin Sant <sachinp@linux.ibm.com>
Link: https://lore.kernel.org/linuxppc-dev/A9A5D83D-BA70-47A4-BCB4-30C1AE19BC22@linux.ibm.com/
Tested-by: Sachin Sant <sachinp@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230607005601.583293-1-npiggin@gmail.com
Before Linux v5.8 an AF_INET6 SOCK_DGRAM (udp/udplite) socket
with SOL_UDP, UDP_ENCAP, UDP_ENCAP_ESPINUDP{,_NON_IKE} enabled
would just unconditionally use xfrm4_udp_encap_rcv(), afterwards
such a socket would use the newly added xfrm6_udp_encap_rcv()
which only handles IPv6 packets.
Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Benedict Wong <benedictwong@google.com>
Cc: Yan Yan <evitayan@google.com>
Fixes: 0146dca70b ("xfrm: add support for UDPv6 encapsulation of ESP")
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
fb-helper:
- Fill in fb-helper vars more correctly.
amdgpu:
- S0ix fixes
- GPU reset fixes
- SMU13 fixes
- SMU11 fixes
- Misc Display fixes
- Revert RV/RV2/PCO clock counter changes
- Fix Stoney xclk value
- Fix reserved vram debug info
radeon:
- Fix a potential use after free
i915:
- CDCLK voltage fix for ADL-P
- eDP wake sync pulse fix.
- Two error handling fixes to selftests
exynos:
- Fix wrong return in Exynos vidi driver.
- Fix use-after-free issue to Exynos g2d driver.
ast:
- resume and modeset fixes for ast.
ivpu:
- Assorted ivpu fixes.
lima:
- lima context destroy fix.
msm:
- Fix max segment size to address splat on newer a6xx
- Disable PSR by default w/ modparam to re-enable, since there
still seems to be a lingering issue
- Fix HPD issue
- Fix issue with unitialized GMU mutex
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmSCgcQACgkQDHTzWXnE
hr7N1A//cApwpH16jUKriCXm69aD4fPsglUmS0gF3yMCjB+XwwsP3hP4V+nO29cq
Aouu/E2IDEqj2gwiVRVDYpn7Eklh/Ew9vvsIUnsbUWc93KsoCPG1o8rZfUomPjl+
aITtrr5hnVOY0HRM3VfajKhT8Wwit8Wk/BsGIK/SnXZ3mQJ6q6O+OGipgQpNbAPO
BF1+++pvVS1BGZjmkBmv3a4nvE8/tnCyOIuiZVBZqU89k7XUh2xyHMAXFVD4+GKB
BbFJtXWpmr2nM4hsuUBQA/mDOft9TrYfRrIn0WaLcrgxTjPZqDFkV9YTxaHlK1QG
2LLl2BZsN09nLhoM4xtFeL584MryngAv74x52URU3kR+eIwrwg9/wUoqUauhJ3lg
7I40qKlW2QLG7qXMx4QBK1fYJYqHDQl7Zoy1xO1uEPW02SgjRCfREMjv5DlL8zHp
XCZCH7em54/2q/x2JSe11OXdLT1rR45OBv0P+5ZkECZo1RfKrjXoPPyZ84eIVHUQ
LF6ERXikhcooKKhki72dewzD+kxlqgwebhTuUKk8QyncGY/umJEnE4RXLDbFHfdf
/FlWDQTEUbD3YxW4A0SGR9zJOtCgaedH7GreRCQpBdXB/7nt8NLsw1w3jlkhp4O2
FDlZd8/l9HCvq1NR02eKZMDiBoiyOp0IxR6F+/+60KCZSPSgHPA=
=4e1Q
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2023-06-09' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Bit busier and a bit more scattered than usual. amdgpu is the main
one, with ivpu and msm having a few fixes, then i915, exynos, ast,
lima, radeon with some misc bits, but overall nothing standing out.
fb-helper:
- Fill in fb-helper vars more correctly
amdgpu:
- S0ix fixes
- GPU reset fixes
- SMU13 fixes
- SMU11 fixes
- Misc Display fixes
- Revert RV/RV2/PCO clock counter changes
- Fix Stoney xclk value
- Fix reserved vram debug info
radeon:
- Fix a potential use after free
i915:
- CDCLK voltage fix for ADL-P
- eDP wake sync pulse fix
- Two error handling fixes to selftests
exynos:
- Fix wrong return in Exynos vidi driver
- Fix use-after-free issue to Exynos g2d driver
ast:
- resume and modeset fixes for ast
ivpu:
- Assorted ivpu fixes
lima:
- lima context destroy fix
msm:
- Fix max segment size to address splat on newer a6xx
- Disable PSR by default w/ modparam to re-enable, since there still
seems to be a lingering issue
- Fix HPD issue
- Fix issue with unitialized GMU mutex"
* tag 'drm-fixes-2023-06-09' of git://anongit.freedesktop.org/drm/drm: (32 commits)
drm/msm/a6xx: initialize GMU mutex earlier
drm/msm/dp: enable HDP plugin/unplugged interrupts at hpd_enable/disable
accel/ivpu: Fix sporadic VPU boot failure
accel/ivpu: Do not use mutex_lock_interruptible
accel/ivpu: Do not trigger extra VPU reset if the VPU is idle
drm/amd/display: Reduce sdp bw after urgent to 90%
drm/amdgpu: change reserved vram info print
drm/amdgpu: fix xclk freq on CHIP_STONEY
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
Revert "drm/amdgpu: switch to golden tsc registers for raven/raven2"
Revert "drm/amdgpu: Differentiate between Raven2 and Raven/Picasso according to revision id"
Revert "drm/amdgpu: change the reference clock for raven/raven2"
drm/amd/display: add ODM case when looking for first split pipe
drm/amd: Make lack of `ACPI_FADT_LOW_POWER_S0` or `CONFIG_AMD_PMC` louder during suspend path
drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs
drm/amd/pm: Fix power context allocation in SMU13
drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
drm/amd: Disallow s0ix without BIOS support again
drm/i915/selftests: Add some missing error propagation
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
...
82580/i354/i350 features circle-counter-like timestamp registers
that are different with newer i210. The EXTTS capture value in
AUXTSMPx should be converted from raw circle counter value to
timestamp value in resolution of 1 nanosec by the driver.
This issue can be reproduced on i350 nics, connecting an 1PPS
signal to a SDP pin, and run 'ts2phc' command to read external
1PPS timestamp value. On i210 this works fine, but on i350 the
extts is not correctly converted.
The i350/i354/82580's SYSTIM and other timestamp registers are
40bit counters, presenting time range of 2^40 ns, that means these
registers overflows every about 1099s. This causes all these regs
can't be used directly in contrast to the newer i210/i211s.
The igb driver needs to convert these raw register values to
valid time stamp format by using kernel timecounter apis for i350s
families. Here the igb_extts() just forgot to do the convert.
Fixes: 38970eac41 ("igb: support EXTTS on 82580/i354/i350")
Signed-off-by: Yuezhen Luan <eggcar.luan@gmail.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230607164116.3768175-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Ping sockets can't send packets when they're bound to a VRF master
device and the output interface is set to a slave device.
For example, when net.ipv4.ping_group_range is properly set, so that
ping6 can use ping sockets, the following kind of commands fails:
$ ip vrf exec red ping6 fe80::854:e7ff:fe88:4bf1%eth1
What happens is that sk->sk_bound_dev_if is set to the VRF master
device, but 'oif' is set to the real output device. Since both are set
but different, ping_v6_sendmsg() sees their value as inconsistent and
fails.
Fix this by allowing 'oif' to be a slave device of ->sk_bound_dev_if.
This fixes the following kselftest failure:
$ ./fcnal-test.sh -t ipv6_ping
[...]
TEST: ping out, vrf device+address bind - ns-B IPv6 LLA [FAIL]
Reported-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Closes: https://lore.kernel.org/netdev/b6191f90-ffca-dbca-7d06-88a9788def9c@alu.unizg.hr/
Tested-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Fixes: 5e45789698 ("net: ipv6: Fix ping to link-local addresses.")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/6c8b53108816a8d0d5705ae37bdc5a8322b5e3d9.1686153846.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
* Fix css_set reference leaks on fork failures.
* Fix CPU hotplug locking in cgroup_transfer_tasks() which is used by
cgroup1 cpuset.
* Doc update.
-----BEGIN PGP SIGNATURE-----
iIQEABYIACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCZIJ5bQ4cdGpAa2VybmVs
Lm9yZwAKCRCxYfJx3gVYGc/CAQCmE2cKGBWN45xbzIA5S7+zq8QCv85BYlnAgqpR
jgF8GQD/fFXdmKL0wTzjTf1YOvEi9UxJqhDvHSRtV53fzPedbg4=
=s+u8
-----END PGP SIGNATURE-----
Merge tag 'cgroup-for-6.4-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
- Fix css_set reference leaks on fork failures
- Fix CPU hotplug locking in cgroup_transfer_tasks() which is used by
cgroup1 cpuset
- Doc update
* tag 'cgroup-for-6.4-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: Documentation: Clarify usage of memory limits
cgroup: always put cset in cgroup_css_set_put_fork
cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
The internal_hpd flag is set to true by dp_bridge_hpd_enable() and set to
false by dp_bridge_hpd_disable() to handle GPIO pinmuxed into DP controller
case. HDP related interrupts can not be enabled until internal_hpd is set
to true. At current implementation dp_display_config_hpd() will initialize
DP host controller first followed by enabling HDP related interrupts if
internal_hpd was true at that time. Enable HDP related interrupts depends on
internal_hpd status may leave system with DP driver host is in running state
but without HDP related interrupts being enabled. This will prevent external
display from being detected. Eliminated this dependency by moving HDP related
interrupts enable/disable be done at dp_bridge_hpd_enable/disable() directly
regardless of internal_hpd status.
Changes in V3:
-- dp_catalog_ctrl_hpd_enable() and dp_catalog_ctrl_hpd_disable()
-- rewording ocmmit text
Changes in V4:
-- replace dp_display_config_hpd() with dp_display_host_start()
-- move enable_irq() at dp_display_host_start();
Changes in V5:
-- replace dp_display_host_start() with dp_display_host_init()
Changes in V6:
-- squash remove enable_irq() and disable_irq()
Fixes: cd198cadde ("drm/msm/dp: Rely on hpd_enable/disable callbacks")
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Tested-by: Leonard Lausen <leonard@lausen.nl> # on sc7180 lazor
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Tested-by: Bjorn Andersson <andersson@kernel.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Link: https://lore.kernel.org/r/1684878756-17830-1-git-send-email-quic_khsieh@quicinc.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
- Fix build breakage due to bogus MAX_ORDER definitions on !4k pages
- Avoid masking fault address for perf software events
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmSCO80QHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNFvXB/0aRpgYaYwyHc5+vO7iqb1qdiuLoxqXRpPT
HywWo6yajrhIQ4OaV1HED4jY1jCNyzpSWMMJGgDfQNgJf5R0hr7A+QPaoKOLqlOa
NN5FN84CcoiDxFszbolvn3UdXN+RA/P7buAZNv2ub7B7GpV9jnIkVkSviHlLlUUx
OgrnTvR7FlyBVK2p5WMPh6ZUsfi2K9lNkGQHQBpE7jRPJbqcBmkgHqgsA+76NupQ
5UE/3DxOuu4UEo1LAFam63P1pn62CGEv1ZXzQYJ4PrYjZ41HCYpiCFX9iuzAo6JA
FwhVy+X1pkE8UrOASKz7NdOZssV5oHjuZ/BKdE9txyzHOOCcdGOQ
=QIKK
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Two tiny arm64 fixes for -rc6.
One fixes a build breakage when MAX_ORDER can be nonsensical if
CONFIG_EXPERT=y and the other fixes the address masking for perf's
page fault software events so that it is consistent amongst them:
- Fix build breakage due to bogus MAX_ORDER definitions on !4k pages
- Avoid masking fault address for perf software events"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: mm: pass original fault address to handle_mm_fault() in PER_VMA_LOCK block
arm64: Remove the ARCH_FORCE_MAX_ORDER config input prompt
For ENETC hardware, the TCs are numbered from 0 to N-1, where N
is the number of TCs. Numerically higher TC has higher priority.
It's obvious that the highest priority TC index should be N-1 and
the 2nd highest priority TC index should be N-2.
However, the previous logic uses netdev_get_prio_tc_map() to get
the indexes of highest priority and 2nd highest priority TCs, it
does not make sense and is incorrect to give a "tc" argument to
netdev_get_prio_tc_map(). So the driver may get the wrong indexes
of the two highest priotiry TCs which would lead to failed to set
the CBS for the two highest priotiry TCs.
e.g.
$ tc qdisc add dev eno0 parent root handle 100: mqprio num_tc 6 \
map 0 0 1 1 2 3 4 5 queues 1@0 1@1 1@2 1@3 2@4 2@6 hw 1
$ tc qdisc replace dev eno0 parent 100:6 cbs idleslope 100000 \
sendslope -900000 hicredit 12 locredit -113 offload 1
$ Error: Specified device failed to setup cbs hardware offload.
^^^^^
In this example, the previous logic deems the indexes of the two
highest priotiry TCs should be 3 and 2. Actually, the indexes are
5 and 4, because the number of TCs is 6. So it would be failed to
configure the CBS for the two highest priority TCs.
Fixes: c431047c4e ("enetc: add support Credit Based Shaper(CBS) for hardware offload")
Signed-off-by: Wei Fang <wei.fang@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In case of error when adding a new rule that refers to an anonymous set,
deactivate expressions via NFT_TRANS_PREPARE state, not NFT_TRANS_RELEASE.
Thus, the lookup expression marks anonymous sets as inactive in the next
generation to ensure it is not reachable in this transaction anymore and
decrement the set refcount as introduced by c1592a8994 ("netfilter:
nf_tables: deactivate anonymous set from preparation phase"). The abort
step takes care of undoing the anonymous set.
This is also consistent with rule deletion, where NFT_TRANS_PREPARE is
used. Note that this error path is exercised in the preparation step of
the commit protocol. This patch replaces nf_tables_rule_release() by the
deactivate and destroy calls, this time with NFT_TRANS_PREPARE.
Due to this incorrect error handling, it is possible to access a
dangling pointer to the anonymous set that remains in the transaction
list.
[1009.379054] BUG: KASAN: use-after-free in nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379106] Read of size 8 at addr ffff88816c4c8020 by task nft-rule-add/137110
[1009.379116] CPU: 7 PID: 137110 Comm: nft-rule-add Not tainted 6.4.0-rc4+ #256
[1009.379128] Call Trace:
[1009.379132] <TASK>
[1009.379135] dump_stack_lvl+0x33/0x50
[1009.379146] ? nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379191] print_address_description.constprop.0+0x27/0x300
[1009.379201] kasan_report+0x107/0x120
[1009.379210] ? nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379255] nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379302] nft_lookup_init+0xa5/0x270 [nf_tables]
[1009.379350] nf_tables_newrule+0x698/0xe50 [nf_tables]
[1009.379397] ? nf_tables_rule_release+0xe0/0xe0 [nf_tables]
[1009.379441] ? kasan_unpoison+0x23/0x50
[1009.379450] nfnetlink_rcv_batch+0x97c/0xd90 [nfnetlink]
[1009.379470] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
[1009.379485] ? __alloc_skb+0xb8/0x1e0
[1009.379493] ? __alloc_skb+0xb8/0x1e0
[1009.379502] ? entry_SYSCALL_64_after_hwframe+0x46/0xb0
[1009.379509] ? unwind_get_return_address+0x2a/0x40
[1009.379517] ? write_profile+0xc0/0xc0
[1009.379524] ? avc_lookup+0x8f/0xc0
[1009.379532] ? __rcu_read_unlock+0x43/0x60
Fixes: 958bee14d0 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
We can race where we have added work to the work_list, but
vhost_task_fn has passed that check but not yet set us into
TASK_INTERRUPTIBLE. wake_up_process will see us in TASK_RUNNING and
just return.
This bug was intoduced in commit f9010dbdce ("fork, vhost: Use
CLONE_THREAD to fix freezer/ps regression") when I moved the setting
of TASK_INTERRUPTIBLE to simplfy the code and avoid get_signal from
logging warnings about being in the wrong state. This moves the setting
of TASK_INTERRUPTIBLE back to before we test if we need to stop the
task to avoid a possible race there as well. We then have vhost_worker
set TASK_RUNNING if it finds work similar to before.
Fixes: f9010dbdce ("fork, vhost: Use CLONE_THREAD to fix freezer/ps regression")
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Message-Id: <20230607192338.6041-3-michael.christie@oracle.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If userspace does VHOST_VSOCK_SET_GUEST_CID before VHOST_SET_OWNER we
can race where:
1. thread0 calls vhost_transport_send_pkt -> vhost_work_queue
2. thread1 does VHOST_SET_OWNER which calls vhost_worker_create.
3. vhost_worker_create will set the dev->worker pointer before setting
the worker->vtsk pointer.
4. thread0's vhost_work_queue will see the dev->worker pointer is
set and try to call vhost_task_wake using not yet set worker->vtsk
pointer.
5. We then crash since vtsk is NULL.
Before commit 6e890c5d50 ("vhost: use vhost_tasks for worker
threads"), we only had the worker pointer so we could just check it to
see if VHOST_SET_OWNER has been done. After that commit we have the
vhost_worker and vhost_task pointer, so we can now hit the bug above.
This patch embeds the vhost_worker in the vhost_dev and moves the work
list initialization back to vhost_dev_init, so we can just check the
worker.vtsk pointer to check if VHOST_SET_OWNER has been done like
before.
Fixes: 6e890c5d50 ("vhost: use vhost_tasks for worker threads")
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Message-Id: <20230607192338.6041-2-michael.christie@oracle.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: syzbot+d0d442c22fa8db45ff0e@syzkaller.appspotmail.com
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Fix possible virtqueue used buffers leak and corresponding stuck
in case of temporary -EIO from sendmsg() which is produced by
tun driver while backend device is not up.
In case of no-retriable error and zcopy do not revert upend_idx
to pass packet data (that is update used_idx in corresponding
vhost_zerocopy_signal_used()) as if packet data has been
transferred successfully.
v2: set vq->heads[ubuf->desc].len equal to VHOST_DMA_DONE_LEN
in case of fake successful transmit.
Signed-off-by: Andrey Smetanin <asmetanin@yandex-team.ru>
Message-Id: <20230424204411.24888-1-asmetanin@yandex-team.ru>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andrey Smetanin <asmetanin@yandex-team.ru>
Acked-by: Jason Wang <jasowang@redhat.com>
As is done in the net, iscsi, and vsock vhost support, let the vdpa vqs
know about the features that have been negotiated. This allows vhost
to more safely make decisions based on the features, such as when using
PACKED vs split queues.
Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230424225031.18947-2-shannon.nelson@amd.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
