Commit Graph

1123427 Commits

Author SHA1 Message Date
наб
03acba1217 Documentation: EEPROM_MAGIC_VALUE isn't a magic number
It's an EEPROM checksum, not a magic number per magic-number.rst

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/8881090c8bf1850e1d3597cb352a8dd1757c94f1.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:19 +02:00
наб
4da0cdb1a6 Documentation: COW_MAGIC isn't a magic number
At least not in the magic-number.rst sense: it's part of a file format

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/f24a428d82713821ca571bf477a099252d06ae14.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:19 +02:00
наб
6a0abf8ff9 Documentation: SAVEKMSG_MAGIC[12] aren't magic numbers
At least not in the magic-number.rst sense: they're used as part of
delineating messages dumping dmesg into Chip RAM on the Amiga with
debug=ram

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/c0fe3aadb700621eeee736f0ce6d73aa9d2cf856.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:19 +02:00
наб
976c957c19 Documentation: RIEBL_MAGIC isn't a magic number
At least not in the sense described in magic-number.rst:
it determines whether the Atari VME Lance Ethernet card has a hardware
MAC address or not, and is set thereby to indicate this

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/773e5a8fe80201bed0dff5cdb1ce6f4272b0cc92.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:19 +02:00
наб
ba5e03f15a Documentation: FULL_DUPLEX_MAGIC isn't a magic number
It's used to control a mysterious register on the DEC DE21040,
see comment in drivers/net/ethernet/dec/tulip/de2104x.c

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/ff28a15f9154589788277807523aa71c45c24d28.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:19 +02:00
наб
60464c2d3f Documentation: CG_MAGIC isn't a magic number
At least not in the sense described here: it delineates UFS cylinder
groups, is never assigned, and the only macro that incorporates it
(ufs_cg_chkmagic; the second one is unused) is used to detect CGs and
protect from filesystem corruption

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/a508477cfeb18eca4a24c29836f809fe34f20467.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:19 +02:00
наб
63e79d3f7c Documentation: zh: remove stale magic numbers
English and it magic-number.rsts were updated when these were removed;
the zh translations weren't

This equalises these lists to be the same across all translations

Automated:
grep MAGIC Documentation/translations/process/zh_TW/magic-number.rst |
while read -r mag _; do git grep -wF "$mag" | grep -vq \
'^Documentation.*magic-number.rst:' || sed -i "/^$mag/d" \
./Documentation/{,translations/{zh_CN,zh_TW,it_IT}/}process/magic-number.rst
; done

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/5d9fa062178c45822a600a723f6f71fdb92011f3.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
4235e89692 Documentation: zh: remove references to IrDA
These lines blame back to their first appearance which cites linux-2.6,
and IrDA was finally fully removed in 4.17 with commit d64c2a7612
("staging: irda: remove the irda network stack and drivers")

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/d07ce5b1bc173fd02b7e5b708beb81b9432745f8.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
82b5b4e6cc Documentation: sndmagic.h doesn't exist
It was added in 2.5.5 and removed in a 2.6.9 "ALSA CVS update", pre-git,
which states:
   Removal and replacement of magic memory allocators and casts
   (core part)

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/09e56999b0b323fb0add61f7dbd8c9f0a576561a.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
03b15a984d Documentation: HFS is not a user of magic numbers
In fs/hfs, the only magic is for delineating on-disk block types,
of which HFS_DRVR_DESC_MAGIC HFS_MFS_SUPER_MAGIC are define-only,
but they're out of scope for magic-number.rst

Magic numbers as described there were all removed, along their defines,
in the 2.6.4 "HFS rewrite", pre-git

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/e67cec702a7ab34a8c5f7966d930d793a097a90f.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
21c660fd7c MIPS: remove define-only GDA_MAGIC, previously magic number
The last user was removed in the 2.6.4 "MIPS mega-patch", pre-git

Found with
grep MAGIC Documentation/process/magic-number.rst | while read -r mag _;
do git grep -wF "$mag"  | grep -ve '^Documentation.*magic-number.rst:' \
-qe ':#define '"$mag" || git grep -wF "$mag" | while IFS=: read -r f _;
do sed -i '/\b'"$mag"'\b/d' "$f"; done ; done

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/c2e7510beebdd698e20d0704712e623fad00fc1c.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
ddbded78f7 Bluetooth: RFCOMM: remove define-only RFCOMM_TTY_MAGIC ex-magic-number
Appeared in its present state in pre-git (2.5.41), never used

Found with
grep MAGIC Documentation/process/magic-number.rst | while read -r mag _;
do git grep -wF "$mag"  | grep -ve '^Documentation.*magic-number.rst:' \
-qe ':#define '"$mag" || git grep -wF "$mag" | while IFS=: read -r f _;
do sed -i '/\b'"$mag"'\b/d' "$f"; done ; done

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/f6d375201dfd99416ea03b49b3dd40af56c1537e.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
53c2bd6790 a.out: remove define-only CMAGIC, previously magic number
The last user was removed in 5.1 in
commit 08300f4402 ("a.out: remove core dumping support")
but this is part of the UAPI headers, so this may want to either wait
until a.out is removed entirely, or be removed from the magic number doc
and silently remain in the header

A cursory glance on DCS didn't show any user code actually using this
value

Found with
grep MAGIC Documentation/process/magic-number.rst | while read -r mag _;
do git grep -wF "$mag"  | grep -ve '^Documentation.*magic-number.rst:' \
-qe ':#define '"$mag" || git grep -wF "$mag" | while IFS=: read -r f _;
do sed -i '/\b'"$mag"'\b/d' "$f"; done ; done

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/9cbea062df7125ef43e2e0b2a67ede6ad1c5f27e.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
наб
766c5a3ecb Documentation: remove nonexistent magic numbers
The entire file blames back to the start of git
(minus whitespace from the RST translation and a typo fix):
  * there are changelog comments for March 1994 through to Linux 2.5.74
  * struct tty_ldisc is two pointers nowadays, so naturally no magic
  * GDA_MAGIC is defined but unused, and it's been this way
    since start-of-git
  * M3_CARD_MAGIC isn't defined, because
    commit d56b9b9c46 ("[PATCH] The scheduled removal of some OSS
    drivers") removed the entire driver in 2006
  * CS_CARD_MAGIC likewise since
    commit b5d425c97f ("more scheduled OSS driver removal") in 2007
  * KMALLOC_MAGIC and VMALLOC_MAGIC were removed in
    commit e38e0cfa48 ("[ALSA] Remove kmalloc wrappers"),
    six months after start of git
  * SLAB_C_MAGIC has never even appeared in git
    (removed in 2.4.0-test3pre6)

magic-number.rst is a low-value historial relic at best and
misleading cruft at worst, so start with cleaning out ones that only
appear therein

Automated:
grep MAGIC Documentation/process/magic-number.rst | while read -r mag _;
do git grep -wF "$mag" | grep -vq '^Documentation.*magic-number.rst:' ||
sed -i "/^$mag/d" \
Documentation/{,translations/{zh_CN,zh_TW,it_IT}/}process/magic-number.rst
done

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Link: https://lore.kernel.org/r/8389a7b85b5c660c6891b1740b5dacc53491a41b.1663280877.git.nabijaczleweli@nabijaczleweli.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:17:18 +02:00
Mukesh Ojha
01daccf748 devcoredump : Serialize devcd_del work
In following scenario(diagram), when one thread X running dev_coredumpm()
adds devcd device to the framework which sends uevent notification to
userspace and another thread Y reads this uevent and call to
devcd_data_write() which eventually try to delete the queued timer that
is not initialized/queued yet.

So, debug object reports some warning and in the meantime, timer is
initialized and queued from X path. and from Y path, it gets reinitialized
again and timer->entry.pprev=NULL and try_to_grab_pending() stucks.

To fix this, introduce mutex and a boolean flag to serialize the behaviour.

 	cpu0(X)			                cpu1(Y)

    dev_coredump() uevent sent to user space
    device_add()  ======================> user space process Y reads the
                                          uevents writes to devcd fd
                                          which results into writes to

                                         devcd_data_write()
                                           mod_delayed_work()
                                             try_to_grab_pending()
                                               del_timer()
                                                 debug_assert_init()
   INIT_DELAYED_WORK()
   schedule_delayed_work()
                                                   debug_object_fixup()
                                                     timer_fixup_assert_init()
                                                       timer_setup()
                                                         do_init_timer()
                                                       /*
                                                        Above call reinitializes
                                                        the timer to
                                                        timer->entry.pprev=NULL
                                                        and this will be checked
                                                        later in timer_pending() call.
                                                       */
                                                 timer_pending()
                                                  !hlist_unhashed_lockless(&timer->entry)
                                                    !h->pprev
                                                /*
                                                  del_timer() checks h->pprev and finds
                                                  it to be NULL due to which
                                                  try_to_grab_pending() stucks.
                                                */

Link: https://lore.kernel.org/lkml/2e1f81e2-428c-f11f-ce92-eb11048cb271@quicinc.com/
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
Link: https://lore.kernel.org/r/1663073424-13663-1-git-send-email-quic_mojha@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:01:40 +02:00
Brian Norris
b8de524ce4 debugfs: Only clobber mode/uid/gid on remount if asked
Users may have explicitly configured their debugfs permissions; we
shouldn't overwrite those just because a second mount appeared.

Only clobber if the options were provided at mount time.

Existing behavior:

  ## Pre-existing status: debugfs is 0755.
  # chmod 755 /sys/kernel/debug/
  # stat -c '%A' /sys/kernel/debug/
  drwxr-xr-x

  ## New mount sets kernel-default permissions:
  # mount -t debugfs none /mnt/foo
  # stat -c '%A' /mnt/foo
  drwx------

  ## Unexpected: the original mount changed permissions:
  # stat -c '%A' /sys/kernel/debug
  drwx------

New behavior:

  ## Pre-existing status: debugfs is 0755.
  # chmod 755 /sys/kernel/debug/
  # stat -c '%A' /sys/kernel/debug/
  drwxr-xr-x

  ## New mount inherits existing permissions:
  # mount -t debugfs none /mnt/foo
  # stat -c '%A' /mnt/foo
  drwxr-xr-x

  ## Expected: old mount is unchanged:
  # stat -c '%A' /sys/kernel/debug
  drwxr-xr-x

Full test cases are being submitted to LTP.

Signed-off-by: Brian Norris <briannorris@chromium.org>
Link: https://lore.kernel.org/r/20220912163042.v3.1.Icbd40fce59f55ad74b80e5d435ea233579348a78@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 14:01:37 +02:00
Christian A. Ehrhardt
4abc996528 kernfs: fix use-after-free in __kernfs_remove
Syzkaller managed to trigger concurrent calls to
kernfs_remove_by_name_ns() for the same file resulting in
a KASAN detected use-after-free. The race occurs when the root
node is freed during kernfs_drain().

To prevent this acquire an additional reference for the root
of the tree that is removed before calling __kernfs_remove().

Found by syzkaller with the following reproducer (slab_nomerge is
required):

syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x408, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@mmap}, {@loose}, {@loose}, {@mmap}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@dont_hash}]}})

Sample report:

==================================================================
BUG: KASAN: use-after-free in kernfs_type include/linux/kernfs.h:335 [inline]
BUG: KASAN: use-after-free in kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]
BUG: KASAN: use-after-free in __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369
Read of size 2 at addr ffff8880088807f0 by task syz-executor.2/857

CPU: 0 PID: 857 Comm: syz-executor.2 Not tainted 6.0.0-rc3-00363-g7726d4c3e60b #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x6e/0x91 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:317 [inline]
 print_report.cold+0x5e/0x5e5 mm/kasan/report.c:433
 kasan_report+0xa3/0x130 mm/kasan/report.c:495
 kernfs_type include/linux/kernfs.h:335 [inline]
 kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]
 __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369
 __kernfs_remove fs/kernfs/dir.c:1356 [inline]
 kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589
 sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943
 __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899
 create_cache mm/slab_common.c:229 [inline]
 kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335
 p9_client_create+0xd4d/0x1190 net/9p/client.c:993
 v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408
 v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126
 legacy_get_tree+0xf1/0x200 fs/fs_context.c:610
 vfs_get_tree+0x85/0x2e0 fs/super.c:1530
 do_new_mount fs/namespace.c:3040 [inline]
 path_mount+0x675/0x1d00 fs/namespace.c:3370
 do_mount fs/namespace.c:3383 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]
 __se_sys_mount fs/namespace.c:3568 [inline]
 __x64_sys_mount+0x282/0x300 fs/namespace.c:3568
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f725f983aed
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f725f0f7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f725faa3f80 RCX: 00007f725f983aed
RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 00007f725f9f419c R08: 0000000020000280 R09: 0000000000000000
R10: 0000000000000408 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007f725faa3f80 R15: 00007f725f0d7000
 </TASK>

Allocated by task 855:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:437 [inline]
 __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:470
 kasan_slab_alloc include/linux/kasan.h:224 [inline]
 slab_post_alloc_hook mm/slab.h:727 [inline]
 slab_alloc_node mm/slub.c:3243 [inline]
 slab_alloc mm/slub.c:3251 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3258 [inline]
 kmem_cache_alloc+0xbf/0x200 mm/slub.c:3268
 kmem_cache_zalloc include/linux/slab.h:723 [inline]
 __kernfs_new_node+0xd4/0x680 fs/kernfs/dir.c:593
 kernfs_new_node fs/kernfs/dir.c:655 [inline]
 kernfs_create_dir_ns+0x9c/0x220 fs/kernfs/dir.c:1010
 sysfs_create_dir_ns+0x127/0x290 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:63 [inline]
 kobject_add_internal+0x24a/0x8d0 lib/kobject.c:223
 kobject_add_varg lib/kobject.c:358 [inline]
 kobject_init_and_add+0x101/0x160 lib/kobject.c:441
 sysfs_slab_add+0x156/0x1e0 mm/slub.c:5954
 __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899
 create_cache mm/slab_common.c:229 [inline]
 kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335
 p9_client_create+0xd4d/0x1190 net/9p/client.c:993
 v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408
 v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126
 legacy_get_tree+0xf1/0x200 fs/fs_context.c:610
 vfs_get_tree+0x85/0x2e0 fs/super.c:1530
 do_new_mount fs/namespace.c:3040 [inline]
 path_mount+0x675/0x1d00 fs/namespace.c:3370
 do_mount fs/namespace.c:3383 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]
 __se_sys_mount fs/namespace.c:3568 [inline]
 __x64_sys_mount+0x282/0x300 fs/namespace.c:3568
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 857:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track+0x21/0x30 mm/kasan/common.c:45
 kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free mm/kasan/common.c:367 [inline]
 ____kasan_slab_free mm/kasan/common.c:329 [inline]
 __kasan_slab_free+0x108/0x190 mm/kasan/common.c:375
 kasan_slab_free include/linux/kasan.h:200 [inline]
 slab_free_hook mm/slub.c:1754 [inline]
 slab_free_freelist_hook mm/slub.c:1780 [inline]
 slab_free mm/slub.c:3534 [inline]
 kmem_cache_free+0x9c/0x340 mm/slub.c:3551
 kernfs_put.part.0+0x2b2/0x520 fs/kernfs/dir.c:547
 kernfs_put+0x42/0x50 fs/kernfs/dir.c:521
 __kernfs_remove.part.0+0x72d/0x960 fs/kernfs/dir.c:1407
 __kernfs_remove fs/kernfs/dir.c:1356 [inline]
 kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589
 sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943
 __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899
 create_cache mm/slab_common.c:229 [inline]
 kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335
 p9_client_create+0xd4d/0x1190 net/9p/client.c:993
 v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408
 v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126
 legacy_get_tree+0xf1/0x200 fs/fs_context.c:610
 vfs_get_tree+0x85/0x2e0 fs/super.c:1530
 do_new_mount fs/namespace.c:3040 [inline]
 path_mount+0x675/0x1d00 fs/namespace.c:3370
 do_mount fs/namespace.c:3383 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]
 __se_sys_mount fs/namespace.c:3568 [inline]
 __x64_sys_mount+0x282/0x300 fs/namespace.c:3568
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

The buggy address belongs to the object at ffff888008880780
 which belongs to the cache kernfs_node_cache of size 128
The buggy address is located 112 bytes inside of
 128-byte region [ffff888008880780, ffff888008880800)

The buggy address belongs to the physical page:
page:00000000732833f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8880
flags: 0x100000000000200(slab|node=0|zone=1)
raw: 0100000000000200 0000000000000000 dead000000000122 ffff888001147280
raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888008880680: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
 ffff888008880700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff888008880780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                             ^
 ffff888008880800: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
 ffff888008880880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================

Acked-by: Tejun Heo <tj@kernel.org>
Cc: stable <stable@kernel.org> # -rc3
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Link: https://lore.kernel.org/r/20220913121723.691454-1-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 13:52:27 +02:00
Greg Kroah-Hartman
ec9c88070d Merge 1707c39ae3 ("Merge tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core") driver-core-next
This merges the driver core changes in 6.0-rc7 into driver-core-next as
they are needed here as well for testing.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-24 13:32:01 +02:00
Linus Torvalds
1707c39ae3 Driver core fixes for 6.0-rc7
Here are two tiny driver core fixes for 6.0-rc7 that resolve some
 oft-reported problems.
 
 The first is a revert of the "fw_devlink.strict=1" default option that
 we keep trying to enable, but we keep finding platforms that this just
 breaks everything on.  So again, we need it reverted and hopefully it
 can be worked on in future releases.
 
 The second is a sysfs file-size bugfix that resolves an issue that many
 people are starting to hit as the fix it is fixing also was backported
 to stable kernels.  The util-linux developers are starting to get
 bugreports about sysfs files that contain no data because of this
 problem, and this fix which has been in linux-next in the bitfield tree
 for a long time, resolves it.  I'm submitting it here as it needs to be
 merged for 6.0-final, not for 6.1-rc1.
 
 Both of these have been in linux-next with no reported issues, only
 reports were that these fixed problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYy3LhQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymQQQCgk1+jPfT3ilkWStWIxl3RVM/jl3YAn3ZAMFPk
 Mjqt3ltW9+Xzh/XniahY
 =OYfO
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fixes from Greg KH:
 "Here are two tiny driver core fixes for 6.0-rc7 that resolve some
  oft-reported problems.

  The first is a revert of the "fw_devlink.strict=1" default option that
  we keep trying to enable, but we keep finding platforms that this just
  breaks everything on. So again, we need it reverted and hopefully it
  can be worked on in future releases.

  The second is a sysfs file-size bugfix that resolves an issue that
  many people are starting to hit as the fix it is fixing also was
  backported to stable kernels. The util-linux developers are starting
  to get bugreports about sysfs files that contain no data because of
  this problem, and this fix which has been in linux-next in the
  bitfield tree for a long time, resolves it. I'm submitting it here as
  it needs to be merged for 6.0-final, not for 6.1-rc1.

  Both of these have been in linux-next with no reported issues, only
  reports were that these fixed problems"

* tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
  Revert "driver core: Set fw_devlink.strict=1 by default"
2022-09-23 09:12:18 -07:00
Linus Torvalds
33a4e37ebc USB / Thunderbolt driver fixes and ids for 6.0-rc7
Here are a few small USB and Thunderbolt driver fixes and new device ids
 for 6.0-rc7.
 
 They contain:
 	- new usb-serial driver ids
 	- documentation build warning fix in USB hub code
 	- flexcop-usb long-posted bugfix (the v4l maintainer for this is
 	  MIA so I have finally picked this up as it is a fix for a
 	  reported problem.)
 	- dwc3 64bit DMA bugfix
 	- new thunderbolt device ids
 	- typec build error fix
 
 All of these have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYy3Mew8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ykt8ACg0kKcrj40WNlj9iy3TH2FNBIxXXIAoIMUs4Oe
 rw0jU8KQGf+8NAKXwH87
 =Q7cc
 -----END PGP SIGNATURE-----

Merge tag 'usb-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB / Thunderbolt driver fixes and ids from Greg KH:
 "Here are a few small USB and Thunderbolt driver fixes and new device
  ids for 6.0-rc7.

  They contain:

   - new usb-serial driver ids

   - documentation build warning fix in USB hub code

   - flexcop-usb long-posted bugfix (the v4l maintainer for this is MIA
     so I have finally picked this up as it is a fix for a reported
     problem.)

   - dwc3 64bit DMA bugfix

   - new thunderbolt device ids

   - typec build error fix

  All of these have been in linux-next with no reported issues"

* tag 'usb-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: typec: anx7411: Fix build error without CONFIG_POWER_SUPPLY
  media: flexcop-usb: fix endpoint type check
  USB: serial: option: add Quectel RM520N
  USB: serial: option: add Quectel BG95 0x0203 composition
  thunderbolt: Add support for Intel Maple Ridge single port controller
  usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA
  USB: core: Fix RST error in hub.c
2022-09-23 09:07:08 -07:00
Linus Torvalds
9395cd7cef Landlock fix for v6.0-rc7
-----BEGIN PGP SIGNATURE-----
 
 iIYEABYIAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCYy2I2hAcbWljQGRpZ2lr
 b2QubmV0AAoJEOXj0OiMgvbSO6IA/0JQ+wSbd7M2LgSoaXqSf5jgOTtcwyN5i7CR
 1t6UwB9AAQCkE5iX3+BQpUAMyBTJinISvjf9C0vNyWiLyUlDSxgPBw==
 =CqGg
 -----END PGP SIGNATURE-----

Merge tag 'landlock-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull landlock fix from Mickaël Salaün:
 "Fix out-of-tree builds for Landlock tests"

* tag 'landlock-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
  selftests/landlock: Fix out-of-tree builds
2022-09-23 08:59:16 -07:00
Linus Torvalds
a7b7751aeb RISC-V Fixes for 6.0-rc7
* A handful of build fixes for the T-Head errata, including some
   functional issues the compilers found.
 * A fix for a nasty sigreturn bug.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmMtlZYTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYifj4EAC/POyM8gOYkiaaAgMvjeNTiJYdvBq/
 ZuWBpnmDfayXyg+OHRpe2EQDJL51oDLA0LejN3V0C3fMOA1/zvrb/2LGbwd8v3Ly
 i/Lm9/18P6MJo3vSZ0A5DEOZKj41QsoGd5PIn8uuYT8nYQhCtm2g2ug8lX5Eb3QH
 pI9xjYZWI3nJ8/ah7NOrtB7LWan8BZdH6VuPBKN6zbG466Td7jT3QFQuyw4Ri0Lk
 rbMifm985EUEs/o9X+ObXmi+5M1PoAw+DVMeFq7VkgkHHBwCuVBlEd80wT6wT//1
 qSPQh5i/zs7GT5o8fgRQ+VJCLBh2s3meIFPa3TZ+fkh17w8Ww7tx+NtcOFgp6jWP
 NcPsaF8tokOwNVJNbFdCjXRAHxc6TuZ8hfjj+IsDxxbit9BMVSXdEpeOjURbLCNX
 HI3qooTCIBYh+9CzK3dF+ep0dnGC/awBnoLoH8UgNVxmitSVyc5PgR4w3NBpjoO8
 Htxl1ESll8nIXam6Rzi0UHgDgmMCRNdrW6vil/QD9UNcBYbkrUWhD/PmTfH+2uYC
 UtfzVCnXpeDRkLbNxBMwBGSsb/kMl1hkHcMbXRRgIQRxzqRPs69K8umcc6Xy+3AB
 timl5kzIeGid0nFG1+H67uGjc8Ea0RW3awel2Y8PmCGJDUNMBmKlizqrwMDfZrB0
 HxxG8vcuPF7zWg==
 =9l0i
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - A handful of build fixes for the T-Head errata, including some
   functional issues the compilers found

 - A fix for a nasty sigreturn bug

* tag 'riscv-for-linus-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  RISC-V: Avoid coupling the T-Head CMOs and Zicbom
  riscv: fix a nasty sigreturn bug...
  riscv: make t-head erratas depend on MMU
  riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning
  RISC-V: Clean up the Zicbom block size probing
2022-09-23 08:51:05 -07:00
Linus Torvalds
317fab7ec5 ARM:
* Fix for kmemleak with pKVM
 
 s390:
 
 * Fixes for VFIO with zPCI
 
 * smatch fix
 
 x86:
 
 * Ensure XSAVE-capable hosts always allow  FP and SSE state to be saved
   and restored via KVM_{GET,SET}_XSAVE
 
 * Fix broken max_mmu_rmap_size stat
 
 * Fix compile error with old glibc that doesn't have gettid()
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMtvg4UHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNy2Af/VybWK2uAbaMkV6irQ1YTJIrRPco1
 C+JQdiQklYbjzThfPWNF/MiH+VTObloR1KqztOeQbfcrgwzygO68D3bs0wkAukLA
 mtdcMjdsqNx8r9u533i6S8Dpo0RkHKl+I8+3mHdPHTzlrbCuYJFFFxFNLhE+xbrK
 DP2Gl/xXIGYwOv2nfHA/xxI7TRICv4IxmzQazxlmC27n6BLNSr8qp6jI9lXJQfJ8
 XJh3SbmRux3/cs2oEqONg8DySJh631kI1jGGOmL3qk07ZR7A5KZ+lju0xM7vQIEq
 aR25YNYZux+BPIY/WxT1R0j6pwinBmFp8OoQYCs8DaQ65fdE5gegtJRpow==
 =VADm
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "As everyone back came back from conferences, here are the pending
  patches for Linux 6.0.

  ARM:

   - Fix for kmemleak with pKVM

  s390:

   - Fixes for VFIO with zPCI

   - smatch fix

  x86:

   - Ensure XSAVE-capable hosts always allow FP and SSE state to be
     saved and restored via KVM_{GET,SET}_XSAVE

   - Fix broken max_mmu_rmap_size stat

   - Fix compile error with old glibc that doesn't have gettid()"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
  KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
  KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0
  KVM: x86/mmu: add missing update to max_mmu_rmap_size
  selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c
  KVM: s390: pci: register pci hooks without interpretation
  KVM: s390: pci: fix GAIT physical vs virtual pointers usage
  KVM: s390: Pass initialized arg even if unused
  KVM: s390: pci: fix plain integer as NULL pointer warnings
  KVM: arm64: Use kmemleak_free_part_phys() to unregister hyp_mem_base
2022-09-23 08:42:30 -07:00
Linus Torvalds
526e826285 xen: branch for v6.0-rc7
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCYy1wIQAKCRCAXGG7T9hj
 vtbNAQCU6rDtPGB4I60tG9BU+8JKYLnUQ9oOY2OJOWWIO3M44AD+I7YHXyP0Y3Pj
 8L+aTXGX1mHht9jFXpChCYwaBceKGws=
 =B4T9
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-6.0-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fix from Juergen Gross:
 "A single fix for an issue in the xenbus driver (initialization of
  multi-page rings for Xen PV devices)"

* tag 'for-linus-6.0-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/xenbus: fix xenbus_setup_ring()
2022-09-23 08:31:24 -07:00
Linus Torvalds
22565ae784 drm fixes for v6.0-rc7
i915:
 - avoid a general protection failure when using perf/OA
 - avoid kernel warnings on driver release
 
 amdgpu:
 - SDMA 6.x fix
 - GPUVM TF fix
 - DCN 3.2.x fixes
 - DCN 3.1.x fixes
 - SMU 13.x fixes
 - Clang stack size fixes for recently enabled DML code
 - Fix drm dirty callback change on non-atomic cases
 - USB4 display fix
 
 mediatek:
 - dsi: Add atomic {destroy,duplicate}_state, reset callbacks
 - dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
 - Fix wrong dither settings
 
 hisilicon:
 - Depend on MMU
 
 mgag200:
 - Fix console on G200ER
 
 panel:
 - Fix innolux_g121i1_l01 bus format
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmMtSP4ACgkQDHTzWXnE
 hr6+6w/6A0yDFsGHgwpjB7uzj06ln2BzT4qiR9LoHbxEwpDsW94HV/9bI6mHjWSz
 ys89J1tYy4iC3fR/UceLPOhIprclCN0gVxxwJ8bGVkMwRnFN5fwf7T6TCyeDGRG5
 A8LcPidxSLaZO8myVqinEtFa4B9lb3cKvYSGEZeZbGU4SorxGem+Xr3DAU0pq4lO
 tZar1Qnojw6ZUG0Izakg1GL0RmYyH2bqdu8C1Aybws/jQ/HCGZfTW7K8G33PTEAm
 rJwXR4oKzCvPre26tdWOIJPDbXKMjRgeHsItO5ZVsyclGH3UxXfA3fLUyk5RJ6FT
 BYSAzjiDktcM2o9FGcOW/BGk2DfVDzzyY20doH2Q/GtY39SRd63GOUBhDlvoAe62
 hJtcdnshawbPO6RmlTrgceV65JxeXH0gBkoWCA/6Hf+uIEa9tkc+G04eTHWcrg38
 rfD96BCVCNOyiGRw46A3fYVuIRmCyFloOcRiepuLusW4XGD/uRztsGeCGHrLO0xp
 gg5AfSkeLi7j+mjVxA6KdR5kIXIoUMoN5AC0MNX4ciMEFYMGSLj86n7gGqPX25W/
 Arm88lvK0dkh8qd2Big4SSQrNkfr2do3gWXySFZY9ugIu6IfyfDQLAi+y0Wl2Ufa
 Nlz/7v+Bm31o8bQhKnF6+gHgv6/ue70jfpKTYvgAm3K2JUf7f3I=
 =DFaR
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2022-09-23-1' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Regular fixes for the week, i915, mediatek, hisilicon, mgag200 and
  panel have some small fixes.

  amdgpu has more stack size fixes for clang build, and fixes for new
  IPs, but all with low regression chances since they are for stuff new
  in v6.0.

  i915:
   - avoid a general protection failure when using perf/OA
   - avoid kernel warnings on driver release

  amdgpu:
   - SDMA 6.x fix
   - GPUVM TF fix
   - DCN 3.2.x fixes
   - DCN 3.1.x fixes
   - SMU 13.x fixes
   - Clang stack size fixes for recently enabled DML code
   - Fix drm dirty callback change on non-atomic cases
   - USB4 display fix

  mediatek:
   - dsi: Add atomic {destroy,duplicate}_state, reset callbacks
   - dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
   - Fix wrong dither settings

  hisilicon:
   - Depend on MMU

  mgag200:
   - Fix console on G200ER

  panel:
   - Fix innolux_g121i1_l01 bus format"

* tag 'drm-fixes-2022-09-23-1' of git://anongit.freedesktop.org/drm/drm: (30 commits)
  MAINTAINERS: switch graphics to airlied other addresses
  drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
  drm/amd/display: Reduce number of arguments of dml314's CalculateFlipSchedule()
  drm/amd/display: Reduce number of arguments of dml314's CalculateWatermarksAndDRAMSpeedChangeSupport()
  drm/amdgpu: don't register a dirty callback for non-atomic
  drm/amd/pm: drop the pptable related workarounds for SMU 13.0.0
  drm/amd/pm: add support for 3794 pptable for SMU13.0.0
  drm/amd/display: correct num_dsc based on HW cap
  drm/amd/display: Disable OTG WA for the plane_state NULL case on DCN314
  drm/amd/display: Add shift and mask for ICH_RESET_AT_END_OF_LINE
  drm/amd/display: increase dcn315 pstate change latency
  drm/amd/display: Fix DP MST timeslot issue when fallback happened
  drm/amd/display: Display distortion after hotplug 5K tiled display
  drm/amd/display: Update dummy P-state search to use DCN32 DML
  drm/amd/display: skip audio setup when audio stream is enabled
  drm/amd/display: update gamut remap if plane has changed
  drm/amd/display: Assume an LTTPR is always present on fixed_vs links
  drm/amd/display: fix dcn315 memory channel count and width read
  drm/amd/display: Fix double cursor on non-video RGB MPO
  drm/amd/display: Only consider pixle rate div policy for DCN32+
  ...
2022-09-23 08:18:55 -07:00
Paolo Bonzini
69604fe76e More pci fixes
Fix for a code analyser warning
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEwGNS88vfc9+v45Yq41TmuOI4ufgFAmMtmHcACgkQ41TmuOI4
 ufhapA/+OGjJtUKEa/LkCArUMUgJ+ZYy9cwx3Qrkvm7BtEguN35uxO5T7X8pdMDU
 /dYSDwtPT1ob/QmjhwwE0dpgUF8yfkBNLKBK37f6jTznI4mS6UEq/IB1BcCk3ss5
 45xG8rWiXS7oFm9bxtNsa5jkrSf7gIOuEa570tOVtOlBYvtFIH2SiHvcCUY1w48N
 A6docb+vOJnPIBHPR/1q+bBoghO5rplYaX0EiAt3EYThrhAjsXjIFzaQPwXUxgFh
 Nk/3ni1St72sbWDiC7YxjDghMVuW1GuQAlgkDWvy8bdA0IfsaqbyISuyIWZWkRfx
 V8+7OfGVsCB7qhT4C+65fQPqwZwERNwwvAFsx175/Mm9/AXn217+sN52O54olFcM
 dhKI7med1R/LqO2HH9kCGIUfJ3t+0JHpFDwcJyiAZsFbYffnwUQbIW4YcA3O+rje
 cV8/kRhD6ebzrScTOMVH+Rb4Q0N0kL34iHXbI8wcTBKmSFrdRm9YeLtQM2P/HtPA
 GVyg49bfXfA13goM9jaUW/IgT1aSHNRHfbfFKTUB7ph2Wi5ktMizpkn/CQ8L7bm1
 I0JoZfA7ALDufg2Ajyqsqmv3RX2k6ydenmX/AxzQlo34kSXY6X+N+yiPlqhumBqq
 Gs2pmvQoyvAmuShhj+eSZsQYBObgjzN7B/SAbbUBT71GerGyWeQ=
 =Z7gl
 -----END PGP SIGNATURE-----

Merge tag 'kvm-s390-master-6.0-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD

More pci fixes
Fix for a code analyser warning
2022-09-23 10:06:08 -04:00
Dave Airlie
8288206c27 MAINTAINERS: switch graphics to airlied other addresses
My linux.ie address is in a bad place.
also add dri-devel for agpgart.

Signed-off-by: Dave Airlie <airlied@redhat.com>
2022-09-23 15:38:06 +10:00
Dave Airlie
3b38b65ed0 Short summary of fixes pull
* drm/hisilicon: Depend on MMU
  * drm/mgag200: Fix console on G200ER
  * drm/panel: Fix innolux_g121i1_l01 bus format
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEchf7rIzpz2NEoWjlaA3BHVMLeiMFAmMsbTMACgkQaA3BHVML
 eiPSjQgAvaFF7mRxm8pj+e7/I4UF1mJrJfysND/IhSFzLLDqabkNnRcUAuT43aC9
 pR86BWAPdO6vl/stfvuJiSiom5TcGlk6mhC2FoCgziyNjUwfRpCl1Q7w8x31/FtQ
 ryH5G1+T/aHbHOwyMq6tpFeANnzBj0D/evkd3qQbZD1/n4imPG86uOOhMrkKtzkl
 +XwHtewK3g9Zy0SMBnA2+ih/8BccflRpap3Rd7Ux70ZE8tXI2fz/PXw4xKNqwH9P
 vWqrX3e5kV3sAEgLZRHvwTOxptBR0+l1Jxce662KeTGjmCvvVOlwOF2m63hJ65hv
 kD0nzmUFAEdcCExjHUFcYNotHAmwYw==
 =DNR3
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2022-09-22' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

Short summary of fixes pull

 * drm/hisilicon: Depend on MMU
 * drm/mgag200: Fix console on G200ER
 * drm/panel: Fix innolux_g121i1_l01 bus format

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/YyxtXS588at6S4wg@linux-uq9g
2022-09-23 13:18:26 +10:00
Dave Airlie
73646baf68 Mediatek DRM Fixes for Linux 6.0
1. dsi: Add atomic {destroy,duplicate}_state, reset callbacks
 2. drm/mediatek: Fix wrong dither settings
 3. dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEACwLKSDmq+9RDv5P4cpzo8lZTiQFAmMroWMACgkQ4cpzo8lZ
 TiQbzw/7BoPLQNXzksNehXqbmxN5XcmbXda/jL2OSXfjIxYOv3D5BMvSksmsZOmY
 ODHH8KQ7Ru7lKqxrltBToitCnHT7ZNTO6qrixogCMbDdewAeAhkTHhYoaUSfly34
 1t+HrdhTA/XQqyDU+v83PWtzD0FrvY3iJ1/l0/8311x66F/vdrNVBkpqNomVRve5
 BiFniFpjU5QP22/PU/VgvS/EcJ07Cy7PC0Ocv9guaaScaHMRl5HCGI3A0uBLqJyl
 NR/Sx6HXrHwKH219Oe1hZrj3RXVj5xp2qdKsiRtJiufniQFilKZjwS2bo+nZrvzz
 dKPPcLJsjjy/hH6S5t5X49Yn5GETBGE1KAB5y6AqrGvhi+vTxwhKhVxRxn+d5JgW
 RN0SiLIhwLaEifU3WyTuG+Zth4aY24Pakcd0lhn71avjXATG1Go/7D31gAUVhNw1
 rCFoiy4xxq2n3QFKfUNWePYn2RC98jF9kYo23aDhPi6tEbsxQ3IyMc2+PhtPQidW
 uXntRZAPd1Gd4B2Y3PXPOfLmes5a8w2HZxcNv3nE5F7hHF4j+x5Zf7jfHKNtxLwG
 dn20ahxXprt7mitWFxA5pIiiv1YciJy4A5jYknuDfa/xTiaPZ7jbmhfv4uZUisZW
 frl4MbV6OUxxfK6WxMdK/nzYdBMyuXfbhLZzN6o3ZBZSp6+SLTQ=
 =qZkC
 -----END PGP SIGNATURE-----

Merge tag 'mediatek-drm-fixes-6.0' of https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux into drm-fixes

Mediatek DRM Fixes for Linux 6.0

1. dsi: Add atomic {destroy,duplicate}_state, reset callbacks
2. drm/mediatek: Fix wrong dither settings
3. dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220921235624.23580-1-chunkuang.hu@kernel.org
2022-09-23 13:15:34 +10:00
Dave Airlie
387df878fd Merge tag 'amd-drm-fixes-6.0-2022-09-21' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
amd-drm-fixes-6.0-2022-09-21:

amdgpu:
- SDMA 6.x fix
- GPUVM TF fix
- DCN 3.2.x fixes
- DCN 3.1.x fixes
- SMU 13.x fixes
- Clang stack size fixes for recently enabled DML code
- Fix drm dirty callback change on non-atomic cases
- USB4 display fix

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220921220605.6136-1-alexander.deucher@amd.com
2022-09-23 11:12:07 +10:00
Linus Torvalds
bf682942cd SCSI fixes on 20220922
Three small and pretty obvious fixes, all in drivers.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCYyzJQSYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishTWYAQDdYNvh
 aS/3M0QRAajT0pXbpElbTEZunoTv8oG5rGtzHAD9Hy0VponMU0Ey9e1twkY7pdjI
 ik3qiy3gi9tu+bqgGuA=
 =cXQI
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Three small and pretty obvious fixes, all in drivers"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: mpt3sas: Fix return value check of dma_get_required_mask()
  scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  scsi: qedf: Fix a UAF bug in __qedf_probe()
2022-09-22 14:43:55 -07:00
Linus Torvalds
3c0f396a38 slab fixes for 6.0-rc7
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEjUuTAak14xi+SF7M4CHKc/GJqRAFAmMsvZoACgkQ4CHKc/GJ
 qRC3UQf/bHHsh/tYV26OrNBJ82V9KlM8V5TNkn2QRfnS9EP3J1y4snENpQ+gZRXf
 QgSt/hgQqhvdazNtNwzUeW4ENymyt78zJfH87Kj36ApB+6xUnX3qIqmPHGn5Bqzn
 Oo1mY4UfYExzq8k9m2L5De/ULNBClItjkYZ1sPGAbMvM8LSSeneABimxq9aey00d
 IENX1mboxju13+Z2nasze7QJkeaJ8emFJY2X2E1A0FGPvcnRSK34t5EtFZnC/wd3
 D2awIw4ebASY1NqBnJfy6ClcyY0dE30pT2eWLLatjDXdesI8oDkqkaeyyWZEXwX5
 gMkJOEaAJcob4LpcsVPikRUrPadGrA==
 =Jao8
 -----END PGP SIGNATURE-----

Merge tag 'slab-for-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab

Pull slab fixes from Vlastimil Babka:

 - Fix a possible use-after-free in SLUB's kmem_cache removal,
   introduced in this cycle, by Feng Tang.

 - WQ_MEM_RECLAIM dependency fix for the workqueue-based cpu slab
   flushing introduced in 5.15, by Maurizio Lombardi.

 - Add missing KASAN hooks in two kmalloc entry paths, by Peter
   Collingbourne.

 - A BUG_ON() removal in SLUB's kmem_cache creation when allocation
   fails (too small to possibly happen in practice, syzbot used fault
   injection), by Chao Yu.

* tag 'slab-for-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab:
  mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
  mm/slab_common: fix possible double free of kmem_cache
  kasan: call kasan_malloc() from __kmalloc_*track_caller()
  mm/slub: fix to return errno if kmalloc() fails
2022-09-22 14:37:58 -07:00
Sean Christopherson
50b2d49baf KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
Inject #UD when emulating XSETBV if CR4.OSXSAVE is not set.  This also
covers the "XSAVE not supported" check, as setting CR4.OSXSAVE=1 #GPs if
XSAVE is not supported (and userspace gets to keep the pieces if it
forces incoherent vCPU state).

Add a comment to kvm_emulate_xsetbv() to call out that the CPU checks
CR4.OSXSAVE before checking for intercepts.  AMD'S APM implies that #UD
has priority (says that intercepts are checked before #GP exceptions),
while Intel's SDM says nothing about interception priority.  However,
testing on hardware shows that both AMD and Intel CPUs prioritize the #UD
over interception.

Fixes: 02d4160fbd ("x86: KVM: add xsetbv to the emulator")
Cc: stable@vger.kernel.org
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220824033057.3576315-4-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-22 17:04:20 -04:00
Dr. David Alan Gilbert
a1020a25e6 KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
Allow FP and SSE state to be saved and restored via KVM_{G,SET}_XSAVE on
XSAVE-capable hosts even if their bits are not exposed to the guest via
XCR0.

Failing to allow FP+SSE first showed up as a QEMU live migration failure,
where migrating a VM from a pre-XSAVE host, e.g. Nehalem, to an XSAVE
host failed due to KVM rejecting KVM_SET_XSAVE.  However, the bug also
causes problems even when migrating between XSAVE-capable hosts as
KVM_GET_SAVE won't set any bits in user_xfeatures if XSAVE isn't exposed
to the guest, i.e. KVM will fail to actually migrate FP+SSE.

Because KVM_{G,S}ET_XSAVE are designed to allowing migrating between
hosts with and without XSAVE, KVM_GET_XSAVE on a non-XSAVE (by way of
fpu_copy_guest_fpstate_to_uabi()) always sets the FP+SSE bits in the
header so that KVM_SET_XSAVE will work even if the new host supports
XSAVE.

Fixes: ad856280dd ("x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0")
bz: https://bugzilla.redhat.com/show_bug.cgi?id=2079311
Cc: stable@vger.kernel.org
Cc: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
[sean: add comment, massage changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220824033057.3576315-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-22 17:04:19 -04:00
Sean Christopherson
ee519b3a2a KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0
Reinstate the per-vCPU guest_supported_xcr0 by partially reverting
commit 988896bb6182; the implicit assessment that guest_supported_xcr0 is
always the same as guest_fpu.fpstate->user_xfeatures was incorrect.

kvm_vcpu_after_set_cpuid() isn't the only place that sets user_xfeatures,
as user_xfeatures is set to fpu_user_cfg.default_features when guest_fpu
is allocated via fpu_alloc_guest_fpstate() => __fpstate_reset().
guest_supported_xcr0 on the other hand is zero-allocated.  If userspace
never invokes KVM_SET_CPUID2, supported XCR0 will be '0', whereas the
allowed user XFEATURES will be non-zero.

Practically speaking, the edge case likely doesn't matter as no sane
userspace will live migrate a VM without ever doing KVM_SET_CPUID2. The
primary motivation is to prepare for KVM intentionally and explicitly
setting bits in user_xfeatures that are not set in guest_supported_xcr0.

Because KVM_{G,S}ET_XSAVE can be used to svae/restore FP+SSE state even
if the host doesn't support XSAVE, KVM needs to set the FP+SSE bits in
user_xfeatures even if they're not allowed in XCR0, e.g. because XCR0
isn't exposed to the guest.  At that point, the simplest fix is to track
the two things separately (allowed save/restore vs. allowed XCR0).

Fixes: 988896bb61 ("x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr0")
Cc: stable@vger.kernel.org
Cc: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220824033057.3576315-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-22 17:04:19 -04:00
Miaohe Lin
604f533262 KVM: x86/mmu: add missing update to max_mmu_rmap_size
The update to statistic max_mmu_rmap_size is unintentionally removed by
commit 4293ddb788 ("KVM: x86/mmu: Remove redundant spte present check
in mmu_set_spte"). Add missing update to it or max_mmu_rmap_size will
always be nonsensical 0.

Fixes: 4293ddb788 ("KVM: x86/mmu: Remove redundant spte present check in mmu_set_spte")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Message-Id: <20220907080657.42898-1-linmiaohe@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-22 17:03:20 -04:00
Jinrong Liang
561cafebb2 selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c
The following warning appears when executing:
	make -C tools/testing/selftests/kvm

rseq_test.c: In function ‘main’:
rseq_test.c:237:33: warning: implicit declaration of function ‘gettid’; did you mean ‘getgid’? [-Wimplicit-function-declaration]
          (void *)(unsigned long)gettid());
                                 ^~~~~~
                                 getgid
/usr/bin/ld: /tmp/ccr5mMko.o: in function `main':
../kvm/tools/testing/selftests/kvm/rseq_test.c:237: undefined reference to `gettid'
collect2: error: ld returned 1 exit status
make: *** [../lib.mk:173: ../kvm/tools/testing/selftests/kvm/rseq_test] Error 1

Use the more compatible syscall(SYS_gettid) instead of gettid() to fix it.
More subsequent reuse may cause it to be wrapped in a lib file.

Signed-off-by: Jinrong Liang <cloudliang@tencent.com>
Message-Id: <20220802071240.84626-1-cloudliang@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-22 17:02:20 -04:00
Paolo Bonzini
b4ac28a32f KVM/arm64 fixes for 6.0, take #2
- Fix kmemleak usage in Protected KVM (again)
 -----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEEn9UcU+C1Yxj9lZw9I9DQutE9ekMFAmMoo2EPHG1hekBrZXJu
 ZWwub3JnAAoJECPQ0LrRPXpD308QAL5sZ7lzB6sS2Zw4zMxpi1nW0qPJKJuvwaF7
 PZKhZTJhbXUWlSFIBRtcfzR7Aw7fP5W/dcE66TcE8IA5zNd8/O+jrJtE3uul65SG
 3nKaVuU0cYvFiA7rLJsrg+KLqPHYGnKbRO3KQrfpPT8MDs0t/OgXdyiwBycU8Os0
 XWT5anjJRCPpUIUhOW19gBKSMyYrMRlhybrWbY0MAJgtpJTMJyqjosrHWFUeDog8
 0ecDg/FS7SZhRvm6Ruf27fydNkh4mJ2dNZqzpaWTttxOV8+LN2r9ClJP98a4VWYz
 ek55ihLU+XijNozOu3O9OxcC3VULf12R/0SMnXpGdi752H+3fH26iiDmxKiHGSSR
 LV/JVPLrw1OgxAK7Wb/0v29+Z7dD9l7gBGIgvZGT5PhgKGR4W//k1EGkIS0Yh7HI
 lT7URgwagP8qgdJBfmaROdx3V4XEDX17I862aEinstr8HaCvQzgKIXmdUHiW+21P
 4Xk7HcvgJuL/NOhVtZFT8ejAlgWNi4HRyPZ/YHVA2XPbmCZk2KS0Oe0WbX9iX7vT
 SYx/X9J/CJ1+BRiDk/hMQlNMxua/9eTG42iNdg/5zB/medZpb3GlDVmvO5vXIHut
 V2chjnt11rWtzskP4noaGYGd6QlURbSHYPWTG0+XCL9BG0CJ0+Pmu9lMRHwWGnlU
 NJoGm0ZC
 =UygE
 -----END PGP SIGNATURE-----

Merge tag 'kvmarm-fixes-6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

KVM/arm64 fixes for 6.0, take #2

- Fix kmemleak usage in Protected KVM (again)
2022-09-22 17:01:33 -04:00
Maurizio Lombardi
e45cc28872 mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
Commit 5a836bf6b0 ("mm: slub: move flush_cpu_slab() invocations
__free_slab() invocations out of IRQ context") moved all flush_cpu_slab()
invocations to the global workqueue to avoid a problem related
with deactivate_slab()/__free_slab() being called from an IRQ context
on PREEMPT_RT kernels.

When the flush_all_cpu_locked() function is called from a task context
it may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up
flushing the global workqueue, this will cause a dependency issue.

 workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core]
   is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab
 WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637
   check_flush_dependency+0x10a/0x120
 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core]
 RIP: 0010:check_flush_dependency+0x10a/0x120[  453.262125] Call Trace:
 __flush_work.isra.0+0xbf/0x220
 ? __queue_work+0x1dc/0x420
 flush_all_cpus_locked+0xfb/0x120
 __kmem_cache_shutdown+0x2b/0x320
 kmem_cache_destroy+0x49/0x100
 bioset_exit+0x143/0x190
 blk_release_queue+0xb9/0x100
 kobject_cleanup+0x37/0x130
 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc]
 nvme_free_ctrl+0x1ac/0x2b0 [nvme_core]

Fix this bug by creating a workqueue for the flush operation with
the WQ_MEM_RECLAIM bit set.

Fixes: 5a836bf6b0 ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context")
Cc: <stable@vger.kernel.org>
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
2022-09-22 21:48:48 +02:00
Linus Torvalds
c69cf88cda ARM: SoC fixes for 6.0-rc6
Another set of fixes for fixes for the soc tree:
 
  - A fix for the interrupt number on at91/lan966 ethernet PHYs
 
  - A second round of fixes for NXP i.MX series, including a couple
    of build issues, and board specific DT corrections on
    TQMa8MPQL, imx8mp-venice-gw74xx and imx8mm-verdin for reliability
    and partially broken functionality.
 
  - Several fixes for Rockchip SoCs, addressing a USB issue on BPI-R2-Pro,
    wakeup on Gru-Bob and reliability of high-speed SD cards, among
    other minor issues.
 
  - A fix for a long-running naming mistake that prevented the moxart mmc
    driver from working at all.
 
  - Multiple Arm SCMI firmware fixes for hardening some corner cases.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmMsf8kACgkQmmx57+YA
 GNklew//T+pAuVwhR8OMp3DolbM/CwezgZgEXkuqDS0GvLkuoR71N7y1wEO77CDI
 9/luYQiFnMI8ooBMXLG545EJCZNommtDKWfSMjJnYeVQit3nupJSYaOLkzD949hg
 fg2BhA3mIKJY53m5SHRfZJOr+Q5E1DEmREX7m9e3nXTDY7izWpE2HtlKt26lKTq4
 w4sbchmrC4YRLqkBbSGLczClCakF0/L3QhGUIfBlTdLmhye0PJiQzfhVTKgdb7Jr
 l0T8vt5vg+5f5ib3PrnPQCaA3Azgu0QvImwKr7/vU/Sn6/e/xwV/hcuqQBZPFbbl
 RmSkHb3mBLXogk/EjLiw8y59D22SIbdtE+/tD+FRP+q0gjgPKobRZiqLFijvIWSB
 TtaTsKhotFKFs+pDysF0C/IfpK9MaYcX71WdqfvwlPiGGK7xCt3W+AKzgUmRVfew
 dVMeyBlVL9T3003MpLkiaIoDp8JfJsD3051CCH5tdOtF53PeKsgTUEXtnQezBof2
 80KgGXg2QGbwx+vYPGJqgQKzG7teq06G4BERK/yeFCrOsxrRXzH/icDA3F5xKY5f
 IqQiTqvZeCQvvr8G1iZb6YkhflQHaNktsRCajxERTgPfRzuQFHwF96C/+weGcZBp
 edBtweGCJ7AvV8vmvmvCdMDg9BDfgHOOwiNOKqmVvsIO01Ei8Oc=
 =fI2K
 -----END PGP SIGNATURE-----

Merge tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Arnd Bergmann:
 "Another set of fixes for fixes for the soc tree:

   - A fix for the interrupt number on at91/lan966 ethernet PHYs

   - A second round of fixes for NXP i.MX series, including a couple of
     build issues, and board specific DT corrections on TQMa8MPQL,
     imx8mp-venice-gw74xx and imx8mm-verdin for reliability and
     partially broken functionality

   - Several fixes for Rockchip SoCs, addressing a USB issue on
     BPI-R2-Pro, wakeup on Gru-Bob and reliability of high-speed SD
     cards, among other minor issues

   - A fix for a long-running naming mistake that prevented the moxart
     mmc driver from working at all

   - Multiple Arm SCMI firmware fixes for hardening some corner cases"

* tag 'soc-fixes-6.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits)
  arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation
  ARM: dts: lan966x: Fix the interrupt number for internal PHYs
  arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port
  arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity
  dt-bindings: memory-controllers: fsl,imx8m-ddrc: drop Leonard Crestez
  arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header
  arm64: defconfig: enable ARCH_NXP
  arm64: dts: imx8mp-tqma8mpql-mba8mpxl: add missing pinctrl for RTC alarm
  ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
  arm64: dts: imx8mm-verdin: extend pmic voltages
  arm64: dts: rockchip: Remove 'enable-active-low' from rk3566-quartz64-a
  arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
  arm64: dts: rockchip: fix property for usb2 phy supply on rk3568-evb1-v10
  arm64: dts: rockchip: fix property for usb2 phy supply on rock-3a
  arm64: dts: imx8ulp: add #reset-cells for pcc
  arm64: dts: tqma8mpxl-ba8mpxl: Fix button GPIOs
  arm64: dts: imx8mn: remove GPU power domain reset
  arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
  arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on MX8Menlo
  arm64: dts: rockchip: fix upper usb port on BPI-R2-Pro
  ...
2022-09-22 11:10:11 -07:00
Linus Torvalds
504c25cb76 Including fixes from wifi, netfilter and can.
A handful of awaited fixes here - revert of the FEC changes,
 bluetooth fix, fixes for iwlwifi spew.
 
 We added a warning in PHY/MDIO code which is triggering on
 a couple of platforms in a false-positive-ish way. If we can't
 iron that out over the week we'll drop it and re-add for 6.1.
 
 I've added a new "follow up fixes" section for fixes to fixes
 in 6.0-rcs but it may actually give the false impression that
 those are problematic or that more testing time would have
 caught them. So likely a one time thing.
 
 Follow up fixes:
 
  - nf_tables_addchain: fix nft_counters_enabled underflow
 
  - ebtables: fix memory leak when blob is malformed
 
  - nf_ct_ftp: fix deadlock when nat rewrite is needed
 
 Current release - regressions:
 
  - Revert "fec: Restart PPS after link state change"
  - Revert "net: fec: Use a spinlock to guard `fep->ptp_clk_on`"
 
  - Bluetooth: fix HCIGETDEVINFO regression
 
  - wifi: mt76: fix 5 GHz connection regression on mt76x0/mt76x2
 
  - mptcp: fix fwd memory accounting on coalesce
 
  - rwlock removal fall out:
    - ipmr: always call ip{,6}_mr_forward() from RCU read-side
      critical section
    - ipv6: fix crash when IPv6 is administratively disabled
 
  - tcp: read multiple skbs in tcp_read_skb()
 
  - mdio_bus_phy_resume state warning fallout:
    - eth: ravb: fix PHY state warning splat during system resume
    - eth: sh_eth: fix PHY state warning splat during system resume
 
 Current release - new code bugs:
 
  - wifi: iwlwifi: don't spam logs with NSS>2 messages
 
  - eth: mtk_eth_soc: enable XDP support just for MT7986 SoC
 
 Previous releases - regressions:
 
  - bonding: fix NULL deref in bond_rr_gen_slave_id
 
  - wifi: iwlwifi: mark IWLMEI as broken
 
 Previous releases - always broken:
 
  - nf_conntrack helpers:
    - irc: tighten matching on DCC message
    - sip: fix ct_sip_walk_headers
    - osf: fix possible bogus match in nf_osf_find()
 
  - ipvlan: fix out-of-bound bugs caused by unset skb->mac_header
 
  - core: fix flow symmetric hash
 
  - bonding, team: unsync device addresses on ndo_stop
 
  - phy: micrel: fix shared interrupt on LAN8814
 
 Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmMsj3EACgkQMUZtbf5S
 IrsUgQ//eXxuUZeGTg7cgJKPFJelrZ3iL16B1+s2qX94GPIqXRAShgC78iM7IbSe
 y3vR/7YVE7sKXm88wnLefMQVXPp0cE2p0+8++E/j4zcRZsM5sHb2+d3gW6nos2ed
 U8Ldm7LzWUNt/o1ZHDqZWBSoreFkmbFyHO6FVPCuH11tFUJqxJ/SP860mwo6tbuT
 HOoVphKis41IMEXCgybs2V0DAQewba0gejzAmySDy8epNhOj2F4Vo6aadnUCI68U
 HrIFYe2wiEi6MZDsB9zpRXc9seb6ZBKbBjgQnTK7MwfBEQCzxtR2lkNobJM1WbdL
 nYwHBOJ16yX0BnlSpUEepv6iJYY5Q7FS35Wk3Rq5Mik6DaEir6vVSBdRxHpYOkO2
 KPIyyMMAA5E8mAtqH3PcpnwDK+9c3KlZYYKXxIp2IjQm87DpOZJFynwsC3Crmbzo
 C7UTMav2nkHljoapMLUwzqyw2ip+Qo14XA043FDPUru1sXY9CY6q50XZa5GmrNKh
 xyaBdp4Ckj1kOuXUR9jz3Rq8skOZ8lNGHtiCdgPZitWhNKW1YORJihC7/9zdieCR
 1gOE7Dpz/MhVmFn2e8S5O3TkU5lXfALfPDJi4QiML5VLHXd/nCE5sHPiOBWcoo4w
 2djKbIGpLRnO6qMs4NkWNmPbG+/ouvpM+lewqn+xU4TGyn/NTbI=
 =wrep
 -----END PGP SIGNATURE-----

Merge tag 'net-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
 "Including fixes from wifi, netfilter and can.

  A handful of awaited fixes here - revert of the FEC changes, bluetooth
  fix, fixes for iwlwifi spew.

  We added a warning in PHY/MDIO code which is triggering on a couple of
  platforms in a false-positive-ish way. If we can't iron that out over
  the week we'll drop it and re-add for 6.1.

  I've added a new "follow up fixes" section for fixes to fixes in
  6.0-rcs but it may actually give the false impression that those are
  problematic or that more testing time would have caught them. So
  likely a one time thing.

  Follow up fixes:

   - nf_tables_addchain: fix nft_counters_enabled underflow

   - ebtables: fix memory leak when blob is malformed

   - nf_ct_ftp: fix deadlock when nat rewrite is needed

  Current release - regressions:

   - Revert "fec: Restart PPS after link state change" and the related
     "net: fec: Use a spinlock to guard `fep->ptp_clk_on`"

   - Bluetooth: fix HCIGETDEVINFO regression

   - wifi: mt76: fix 5 GHz connection regression on mt76x0/mt76x2

   - mptcp: fix fwd memory accounting on coalesce

   - rwlock removal fall out:
      - ipmr: always call ip{,6}_mr_forward() from RCU read-side
        critical section
      - ipv6: fix crash when IPv6 is administratively disabled

   - tcp: read multiple skbs in tcp_read_skb()

   - mdio_bus_phy_resume state warning fallout:
      - eth: ravb: fix PHY state warning splat during system resume
      - eth: sh_eth: fix PHY state warning splat during system resume

  Current release - new code bugs:

   - wifi: iwlwifi: don't spam logs with NSS>2 messages

   - eth: mtk_eth_soc: enable XDP support just for MT7986 SoC

  Previous releases - regressions:

   - bonding: fix NULL deref in bond_rr_gen_slave_id

   - wifi: iwlwifi: mark IWLMEI as broken

  Previous releases - always broken:

   - nf_conntrack helpers:
      - irc: tighten matching on DCC message
      - sip: fix ct_sip_walk_headers
      - osf: fix possible bogus match in nf_osf_find()

   - ipvlan: fix out-of-bound bugs caused by unset skb->mac_header

   - core: fix flow symmetric hash

   - bonding, team: unsync device addresses on ndo_stop

   - phy: micrel: fix shared interrupt on LAN8814"

* tag 'net-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (83 commits)
  selftests: forwarding: add shebang for sch_red.sh
  bnxt: prevent skb UAF after handing over to PTP worker
  net: marvell: Fix refcounting bugs in prestera_port_sfp_bind()
  net: sched: fix possible refcount leak in tc_new_tfilter()
  net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
  udp: Use WARN_ON_ONCE() in udp_read_skb()
  selftests: bonding: cause oops in bond_rr_gen_slave_id
  bonding: fix NULL deref in bond_rr_gen_slave_id
  net: phy: micrel: fix shared interrupt on LAN8814
  net/smc: Stop the CLC flow if no link to map buffers on
  ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient
  net: atlantic: fix potential memory leak in aq_ndev_close()
  can: gs_usb: gs_usb_set_phys_id(): return with error if identify is not supported
  can: gs_usb: gs_can_open(): fix race dev->can.state condition
  can: flexcan: flexcan_mailbox_read() fix return value for drop = true
  net: sh_eth: Fix PHY state warning splat during system resume
  net: ravb: Fix PHY state warning splat during system resume
  netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed
  netfilter: ebtables: fix memory leak when blob is malformed
  netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
  ...
2022-09-22 10:58:13 -07:00
Linus Torvalds
129e715218 EFI fixes (take #2)
- Use the right variable to check for shim insecure mode
 - Wipe setup_data field when booting via EFI
 - Add missing error check to efibc driver
 -----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmMsbqYACgkQw08iOZLZ
 jyROTAwAoKK2463ZJb6H4JAPf3NWWy5lTiJE5GnQpf75soJENNJGQil2d2RBKDEs
 v8aBK6RleMTltmNesy7DNEHCi1It5zWNEPUIuo3AfteSHqeAZaebtfZ0JInatdGo
 umw3XriYxIG0XTr6SWktjzQvOrouT/+HqSLE/FdOHjFW3l2WXpWeqrZ69QRirrYL
 /tWVAwT5b8Y3Ds7lma4ivm8BZYEHVFdzHDUfZYh+YW13tRw23c93TNUF9vl9Pa83
 My9ncQIB9UqDZ6KVze/7tQ9BG5WatRgDJb+QlLaBSXX5191qfouj1mW7waoJ+Gs9
 ptQGBWGuOsGj9/85ixh+o9xjZrDq6sZksWI+pcbnJK7zQIrh2wBZI0xIaX79ekOM
 wUtavQ1QezuKntg7kZFgutMnUrqtCbEbQ9RL5JsbndQ8PkZH5v5XygwzBc/6h0pj
 ZgD3CQ04sDvy/UHhIARHDKzNCQldXjUyEVpAWwGlkPqTDqyPthtluzZ53kZbh+HX
 o+/rXcw8
 =Earg
 -----END PGP SIGNATURE-----

Merge tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi

Pull EFI fixes from Ard Biesheuvel:

 - Use the right variable to check for shim insecure mode

 - Wipe setup_data field when booting via EFI

 - Add missing error check to efibc driver

* tag 'efi-urgent-for-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  efi: libstub: check Shim mode using MokSBStateRT
  efi: x86: Wipe setup_data on pure EFI boot
  efi: efibc: Guard against allocation failure
2022-09-22 10:27:38 -07:00
Linus Torvalds
5e0a93e427 gpio fixes for v6.0-rc7
- fix a NULL-pointer dereference at driver unbind and a potential
   resource leak in error path in gpio-mockup
 - make the irqchip immutable in gpio-ftgpio010
 - fix dereferencing a potentially uninitialized variable in gpio-tqmx86
 - fix interrupt registering in gpiolib's character device code
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmMsNLoACgkQEacuoBRx
 13LdeBAApTXQb/AYIRKNJ06jB6GbZU0dH+X5fkr5u1EY8zCc2xshOgCiczI8zqir
 n3CoEXuekhpqL4cDr+rXX/fCPgED3s0RDTIrswwPFnvvmlr7yPbVIokecEUbzA40
 I7CKV/MtkDIvw05MGjiDWmk3SQZdWVrh5RaZclyxt3KXWIA6fu6T319tRf1C9UWt
 KQHsku15c8FEtwXjGjSUCEyKp53cXu+SNbUlkxwXbyov8ab+zWSzL0mDICRJkJYo
 Ort2y1G2zUubphQ4HLK3AGPDmhHxl52R+MTg5Mcutx/HfpWvm8+Vy6b58v91ycg2
 r4/8LUprFE3XI4+bIRWqftfl9CrTxLJzKUhUb4okExrGurOR+SHnvkYygUn4uef2
 jmKd0EUHYOsoJUryGYpIPuvXQpR/YoRkYEXNXGbeXghKzAbonYMsPaaUbGaGvwG4
 vgPBKcWPTXVda0bR5Vl1wkeN6422dwU/SQ+vN32Xgl/qszmIHPfzWz+FgpfN4L/R
 X2HMIoQ02h8uc2JC1R9H5bwbvVFrWI47XwIqh8xFf8UYZ7aUEI9hpm9CeVJDpbra
 EkQxft82GJ9GOt8QAakwQdlInoYp7OLEee1QAvaKJV8Psbydk5WarpB9R/0cqldP
 bbnTzrY4J+ZfNz1F1U7jYRAjSnChvW4d3b9AdwTVFdvpWFD4X68=
 =BBWZ
 -----END PGP SIGNATURE-----

Merge tag 'gpio-fixes-for-v6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

Pull gpio fixes from Bartosz Golaszewski:

 - fix a NULL-pointer dereference at driver unbind and a potential
   resource leak in error path in gpio-mockup

 - make the irqchip immutable in gpio-ftgpio010

 - fix dereferencing a potentially uninitialized variable in gpio-tqmx86

 - fix interrupt registering in gpiolib's character device code

* tag 'gpio-fixes-for-v6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
  gpio: tqmx86: fix uninitialized variable girq
  gpio: ftgpio010: Make irqchip immutable
  gpio: mockup: Fix potential resource leakage when register a chip
  gpio: mockup: fix NULL pointer dereference when removing debugfs
2022-09-22 10:17:29 -07:00
Linus Torvalds
9597f088c9 perf tools fixes for v6.0: 4th batch
- Fix polling of system-wide events related to mixing per-cpu and per-thread
   events.
 
 - Do not check if /proc/modules is unchanged when copying /proc/kcore,
   that doesn't get in the way of post processing analysis.
 
 - Include program header in ELF files generated for JIT files, so that they can
   be opened by tools using elfutils libraries.
 
 - Enter namespaces when synthesizing build-ids.
 
 - Fix some bugs related to a recent cpu_map overhaul where we should be
   using an index and not the cpu number.
 
 - Fix BPF program ELF section name, using the naming expected by libbpf when
   using BPF counters in 'perf stat'.
 
 - Add a new test for perf stat cgroup BPF counter.
 
 - Adjust check on 'perf test wp' for older kernels, where the
   PERF_EVENT_IOC_MODIFY_ATTRIBUTES ioctl isn't supported.
 
 - Sync x86 cpufeatures with the kernel sources, no changes in tooling.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCYyuOXgAKCRCyPKLppCJ+
 J7PsAPwMmEKNG08rBuZG64my1sS1hKNP2uAWcii871hFe0jSowEArWd2ErRw5wPw
 Y3uT9gP11NHDN+B87HxVErNkNUp3PQM=
 =S2hR
 -----END PGP SIGNATURE-----

Merge tag 'perf-tools-fixes-for-v6.0-2022-09-21' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix polling of system-wide events related to mixing per-cpu and
   per-thread events.

 - Do not check if /proc/modules is unchanged when copying /proc/kcore,
   that doesn't get in the way of post processing analysis.

 - Include program header in ELF files generated for JIT files, so that
   they can be opened by tools using elfutils libraries.

 - Enter namespaces when synthesizing build-ids.

 - Fix some bugs related to a recent cpu_map overhaul where we should be
   using an index and not the cpu number.

 - Fix BPF program ELF section name, using the naming expected by libbpf
   when using BPF counters in 'perf stat'.

 - Add a new test for perf stat cgroup BPF counter.

 - Adjust check on 'perf test wp' for older kernels, where the
   PERF_EVENT_IOC_MODIFY_ATTRIBUTES ioctl isn't supported.

 - Sync x86 cpufeatures with the kernel sources, no changes in tooling.

* tag 'perf-tools-fixes-for-v6.0-2022-09-21' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf tools: Honor namespace when synthesizing build-ids
  tools headers cpufeatures: Sync with the kernel sources
  perf kcore_copy: Do not check /proc/modules is unchanged
  libperf evlist: Fix polling of system-wide events
  perf record: Fix cpu mask bit setting for mixed mmaps
  perf test: Skip wp modify test on old kernels
  perf jit: Include program header in ELF files
  perf test: Add a new test for perf stat cgroup BPF counter
  perf stat: Use evsel->core.cpus to iterate cpus in BPF cgroup counters
  perf stat: Fix cpu map index in bperf cgroup code
  perf stat: Fix BPF program section name
2022-09-22 10:12:21 -07:00
Hangbin Liu
83e4b19683 selftests: forwarding: add shebang for sch_red.sh
RHEL/Fedora RPM build checks are stricter, and complain when executable
files don't have a shebang line, e.g.

*** WARNING: ./kselftests/net/forwarding/sch_red.sh is executable but has no shebang, removing executable bit

Fix it by adding shebang line.

Fixes: 6cf0291f95 ("selftests: forwarding: Add a RED test for SW datapath")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/20220922024453.437757-1-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-09-22 07:33:56 -07:00
Jakub Kicinski
c31f26c8f6 bnxt: prevent skb UAF after handing over to PTP worker
When reading the timestamp is required bnxt_tx_int() hands
over the ownership of the completed skb to the PTP worker.
The skb should not be used afterwards, as the worker may
run before the rest of our code and free the skb, leading
to a use-after-free.

Since dev_kfree_skb_any() accepts NULL make the loss of
ownership more obvious and set skb to NULL.

Fixes: 83bb623c96 ("bnxt_en: Transmit and retrieve packet timestamps")
Reviewed-by: Andy Gospodarek <gospo@broadcom.com>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20220921201005.335390-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-09-22 07:33:17 -07:00
Liang He
3aac7ada64 net: marvell: Fix refcounting bugs in prestera_port_sfp_bind()
In prestera_port_sfp_bind(), there are two refcounting bugs:
(1) we should call of_node_get() before of_find_node_by_name() as
it will automaitcally decrease the refcount of 'from' argument;
(2) we should call of_node_put() for the break of the iteration
for_each_child_of_node() as it will automatically increase and
decrease the 'child'.

Fixes: 52323ef754 ("net: marvell: prestera: add phylink support")
Signed-off-by: Liang He <windhl@126.com>
Reviewed-by: Yevhen Orlov <yevhen.orlov@plvision.eu>
Link: https://lore.kernel.org/r/20220921133245.4111672-1-windhl@126.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-09-22 07:23:58 -07:00
Hangyu Hua
c2e1cfefca net: sched: fix possible refcount leak in tc_new_tfilter()
tfilter_put need to be called to put the refount got by tp->ops->get to
avoid possible refcount leak when chain->tmplt_ops != NULL and
chain->tmplt_ops != tp->ops.

Fixes: 7d5509fa0d ("net: sched: extend proto ops with 'put' callback")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Reviewed-by: Vlad Buslov <vladbu@nvidia.com>
Link: https://lore.kernel.org/r/20220921092734.31700-1-hbh25y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-09-22 07:04:47 -07:00
Sean Anderson
878e240571 net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
There is a separate receive path for small packets (under 256 bytes).
Instead of allocating a new dma-capable skb to be used for the next packet,
this path allocates a skb and copies the data into it (reusing the existing
sbk for the next packet). There are two bytes of junk data at the beginning
of every packet. I believe these are inserted in order to allow aligned DMA
and IP headers. We skip over them using skb_reserve. Before copying over
the data, we must use a barrier to ensure we see the whole packet. The
current code only synchronizes len bytes, starting from the beginning of
the packet, including the junk bytes. However, this leaves off the final
two bytes in the packet. Synchronize the whole packet.

To reproduce this problem, ping a HME with a payload size between 17 and
214

	$ ping -s 17 <hme_address>

which will complain rather loudly about the data mismatch. Small packets
(below 60 bytes on the wire) do not have this issue. I suspect this is
related to the padding added to increase the minimum packet size.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220920235018.1675956-1-seanga2@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-09-22 06:44:28 -07:00
Greg Kroah-Hartman
47af6c640e USB-serial fixes for 6.0-rc7
Here are some new modem device ids.
 
 All have been in linux-next with no reported issues.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQQHbPq+cpGvN/peuzMLxc3C7H1lCAUCYyxkMgAKCRALxc3C7H1l
 CBLDAQCT7S5t6oGxwyX8/fiuIE7XtiW29UvQ5nCy/o960871EAEA6Z4AP7KQpAfS
 PIKJ8BxrW5tG5HGyD6zWcnmtF2rOPwA=
 =h6LC
 -----END PGP SIGNATURE-----

Merge tag 'usb-serial-6.0-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus

Johan writes:
  "USB-serial fixes for 6.0-rc7

   Here are some new modem device ids.

   All have been in linux-next with no reported issues."

* tag 'usb-serial-6.0-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
  USB: serial: option: add Quectel RM520N
  USB: serial: option: add Quectel BG95 0x0203 composition
2022-09-22 15:43:18 +02:00