IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fix a missing bounds check in superblock validation.
Note that we don't yet have repair code for this case - repair code for
individual items is generally low priority, since the whole superblock
is checksummed, validated prior to write, and we have backups.
Reported-by: lei lu <llfamsec@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Petr Machata says:
====================
mlxsw: Fixes
This patchset fixes the following issues:
- During driver de-initialization the driver unregisters the EMAD
response trap by setting its action to DISCARD. However the manual
only permits TRAP and FORWARD, and future firmware versions will
enforce this.
In patch #1, suppress the error message by aligning the driver to the
manual and use a FORWARD (NOP) action when unregistering the trap.
- The driver queries the Management Capabilities Mask (MCAM) register
during initialization to understand if certain features are supported.
However, not all firmware versions support this register, leading to
the driver failing to load.
Patches #2 and #3 fix this issue by treating an error in the register
query as an indication that the feature is not supported.
v2:
- Patch #2:
- Make mlxsw_env_max_module_eeprom_len_query() void
====================
Link: https://lore.kernel.org/r/cover.1713446092.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The driver queries the Management Capabilities Mask (MCAM) register
during initialization to understand if a new and deeper reset flow is
supported.
However, not all firmware versions support this register, leading to the
driver failing to load.
Fix by treating an error in the register query as an indication that the
feature is not supported.
Fixes: f257c73e53 ("mlxsw: pci: Add support for new reset flow")
Reported-by: Tim 'mithro' Ansell <me@mith.ro>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/ee968c49d53bac96a4c66d1b09ebbd097d81aca5.1713446092.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The driver queries the Management Capabilities Mask (MCAM) register
during initialization to understand if it can read up to 128 bytes from
transceiver modules.
However, not all firmware versions support this register, leading to the
driver failing to load.
Fix by treating an error in the register query as an indication that the
feature is not supported.
Fixes: 1f4aea1f72 ("mlxsw: core_env: Read transceiver module EEPROM in 128 bytes chunks")
Reported-by: Tim 'mithro' Ansell <me@mith.ro>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/0afa8b2e8bac178f5f88211344429176dcc72281.1713446092.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The device's manual (PRM - Programmer's Reference Manual) classifies the
trap that is used to deliver EMAD responses as an "event trap". Among
other things, it means that the only actions that can be associated with
the trap are TRAP and FORWARD (NOP).
Currently, during driver de-initialization the driver unregisters the
trap by setting its action to DISCARD, which violates the above
guideline. Future firmware versions will prevent such misuses by
returning an error. This does not prevent the driver from working, but
an error will be printed to the kernel log during module removal /
devlink reload:
mlxsw_spectrum 0000:03:00.0: Reg cmd access status failed (status=7(bad parameter))
mlxsw_spectrum 0000:03:00.0: Reg cmd access failed (reg_id=7003(hpkt),type=write)
Suppress the error message by aligning the driver to the manual and use
a FORWARD (NOP) action when unregistering the trap.
Fixes: 4ec14b7634 ("mlxsw: Add interface to access registers and process events")
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Amit Cohen <amcohen@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/753a89e14008fde08cb4a2c1e5f537b81d8eb2d6.1713446092.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
When bringing down the TX rings we flush the rings but forget to
reclaimed the flushed packets. This leads to a memory leak since we
do not free the dma mapped buffers. This also leads to tx control
block corruption when bringing down the interface for power
management.
Fixes: 490cb41200 ("net: bcmasp: Add support for ASP2.0 Ethernet controller")
Signed-off-by: Justin Chen <justin.chen@broadcom.com>
Acked-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240418180541.2271719-1-justin.chen@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg),
"connected" should not be set to 0. Otherwise it stops
the connected socket from using the cached route.
Fixes: 2e8de85763 ("udp: add gso segment cmsg")
Signed-off-by: Yick Xie <yick.xie@gmail.com>
Cc: stable@vger.kernel.org
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
If capabilities of the share is not SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY,
ksmbd should not grant a persistent handle to the client.
This patch add continuous availability share parameter to control it.
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
4byte padding cause the connection issue with the applications of MacOS.
smb2_close response size increases by 4 bytes by padding, And the smb
client of MacOS check it and stop the connection. This patch use
struct_group_attr instead of struct_group for network_open_info to use
__packed to avoid padding.
Fixes: 0015eb6e12 ("smb: client, common: fix fortify warnings")
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
File overwrite case is explicitly handled, so it is not necessary to
pass RENAME_NOREPLACE to vfs_rename.
Clearing the flag fixes rename operations when the share is a ntfs-3g
mount. The latter uses an older version of fuse with no support for
flags in the ->rename op.
Cc: stable@vger.kernel.org
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
The response buffer should be allocated in smb2_allocate_rsp_buf
before validating request. But the fields in payload as well as smb2 header
is used in smb2_allocate_rsp_buf(). This patch add simple buffer size
validation to avoid potencial out-of-bounds in request buffer.
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size
validation could be skipped. if request size is smaller than
sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in
smb2_allocate_rsp_buf(). This patch allocate response buffer after
decrypting transform request. smb3_decrypt_req() will validate transform
request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().
Reported-by: Norbert Szetei <norbert@doyensec.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
A random set of small bug fixes:
* Fix perf annotate TUI when used with data type profiling
* Work around BPF verifier about sighand lock checking
And a set of kernel header synchronization.
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSo2x5BnqMqsoHtzsmMstVUGiXMgwUCZiLYdwAKCRCMstVUGiXM
g6kDAP9GYdWqmbYZhKgQQQwAVkgkB0j19vLu+6xphi6P3ul7pwD+Nr5mHEcqytU/
I1r0lrV/ybNmpUK3wFyRsyvRmnxe/Qw=
=/181
-----END PGP SIGNATURE-----
Merge tag 'perf-tools-fixes-for-v6.9-2024-04-19' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools
Pull perf tools fixes from Namhyung Kim:
"A random set of small bug fixes:
- Fix perf annotate TUI when used with data type profiling
- Work around BPF verifier about sighand lock checking
And a set of kernel header synchronization"
* tag 'perf-tools-fixes-for-v6.9-2024-04-19' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools:
tools/include: Sync arm64 asm/cputype.h with the kernel sources
tools/include: Sync asm-generic/bitops/fls.h with the kernel sources
tools/include: Sync x86 asm/msr-index.h with the kernel sources
tools/include: Sync x86 asm/irq_vectors.h with the kernel sources
tools/include: Sync x86 CPU feature headers with the kernel sources
tools/include: Sync uapi/sound/asound.h with the kernel sources
tools/include: Sync uapi/linux/kvm.h and asm/kvm.h with the kernel sources
tools/include: Sync uapi/linux/fs.h with the kernel sources
tools/include: Sync uapi/drm/i915_drm.h with the kernel sources
perf lock contention: Add a missing NULL check
perf annotate: Make sure to call symbol__annotate2() in TUI
After commit 2c7d399e55 ("smb: client: reuse file lease key in
compound operations") the client started reusing lease keys for
rename, unlink and set path size operations to prevent it from
breaking its own leases and thus causing unnecessary lease breaks to
same connection.
The implementation relies on positive dentries and
cifsInodeInfo::lease_granted to decide whether reusing lease keys for
the compound requests. cifsInodeInfo::lease_granted was introduced by
commit 0ab95c2510 ("Defer close only when lease is enabled.") to
indicate whether lease caching is granted for a specific file, but
that can only happen until file is open, so
cifsInodeInfo::lease_granted was left uninitialised in ->alloc_inode
and then client started sending random lease keys for files that
hadn't any leases.
This fixes the following test case against samba:
mount.cifs //srv/share /mnt/1 -o ...,nosharesock
mount.cifs //srv/share /mnt/2 -o ...,nosharesock
touch /mnt/1/foo; tail -f /mnt/1/foo & pid=$!
mv /mnt/2/foo /mnt/2/bar # fails with -EIO
kill $pid
Fixes: 0ab95c2510 ("Defer close only when lease is enabled.")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Two fixes for the selftests:
- CONFIG_IOMMUFD_TEST needs CONFIG_IOMMUFD_DRIVER to work
- The kconfig fragment sshould include fault injection so the fault
injection test can work
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCZiKoFwAKCRCFwuHvBreF
YQ8lAP9bIcqwt42VHcmrzU+C5dsZlBDLjpN44DQHlhEz7S2j2wD/Xpz+Xvpcm5jA
kgAXXu1PdOyo1gR9j0AMczf+xyyqlwQ=
=KssB
-----END PGP SIGNATURE-----
Merge tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd
Pull iommufd fixes from Jason Gunthorpe:
"Two fixes for the selftests:
- CONFIG_IOMMUFD_TEST needs CONFIG_IOMMUFD_DRIVER to work
- The kconfig fragment sshould include fault injection so the fault
injection test can work"
* tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd:
iommufd: Add config needed for iommufd_fail_nth
iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest
Add tracing for the refcounting/lifecycle of the cifs_tcon struct, marking
different events with different labels and giving each tcon its own debug
ID so that the tracelines corresponding to individual tcons can be
distinguished. This can be enabled with:
echo 1 >/sys/kernel/debug/tracing/events/cifs/smb3_tcon_ref/enable
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Three minor updates:
- Add a missing mutex_destroy() in rxe
- Enhance the debugging print for cm_destroy failures to help debug these
- Fix mlx5 MAD processing in cases where multiport devices are running in
switchedev mode
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCZiKYwwAKCRCFwuHvBreF
YTaSAPoCc6S6zBkZCC8/Zs4VxT/b+67UK4clwwGJR9MAUkuHfwD+IVgR3SgPQCMQ
RSXftkizHJZghmPXNH37DeijyTCTKgU=
=t/t4
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
- Add a missing mutex_destroy() in rxe
- Enhance the debugging print for cm_destroy failures to help debug
these
- Fix mlx5 MAD processing in cases where multiport devices are running
in switchedev mode
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/mlx5: Fix port number for counter query in multi-port configuration
RDMA/cm: Print the old state when cm_destroy_id gets timeout
RDMA/rxe: Fix the problem "mutex_destroy missing"
During mount, cifs_mount_get_tcon() gets a tcon resource connection record
and then attaches an fscache volume cookie to it. However, it does this
irrespective of whether or not the tcon returned from cifs_get_tcon() is a
new record or one that's already in use. This leads to a warning about a
volume cookie collision and a leaked volume cookie because tcon->fscache
gets reset.
Fix this be adding a mutex and a "we've already tried this" flag and only
doing it once for the lifetime of the tcon.
[!] Note: Looking at cifs_mount_get_tcon(), a more general solution may
actually be required. Reacquiring the volume cookie isn't the only thing
that function does: it also partially reinitialises the tcon record without
any locking - which may cause live filesystem ops already using the tcon
through a previous mount to malfunction.
This can be reproduced simply by something like:
mount //example.com/test /xfstest.test -o user=shares,pass=xxx,fsc
mount //example.com/test /mnt -o user=shares,pass=xxx,fsc
Fixes: 70431bfd82 ("cifs: Support fscache indexing rewrite")
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
cc: Shyam Prasad N <sprasad@microsoft.com>
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
This series contains a reversion of one of the original 6.9
patches which seems to have been the cause of most of the
instability. It also incorporates several fixes to legacy
support and cache fixes.
There are few additional changes to improve stability,
but I want another week of testing before sending them
upstream.
Signed-off-by: Eric Van Hensbergen <ericvh@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEElpbw0ZalkJikytFRiP/V+0pf/5gFAmYiiQ0ACgkQiP/V+0pf
/5hrCw//aJwdNAimpwPrc5UfE4Q37igQeXoT29VJbkOBO78rZ2cNgd3EFpgC2UES
RFJejQ/IQlEkpqbHiMHIyCii2MmWGT0xzePLf3nUZW/qmoUvhvXlPG5OZb0FomXY
gxCRFuUgegNcK3t3LtFAVn7v6NpXtOfLAgJb3MDIFP8WsCuN863pQcJCwn4aSuKc
C1ct2tLaaIeZSAy68xytqDwRXslMGaKUp7ygBzpyaIIEqy2l9H8NRKQ8Cmg+vyKF
2+zu3fNYIGIS3KflUtcTQDZ9IVtp/YxN7QXchZ56nnD5PFy9L9GgvBecZ0i8zzoZ
XFmzyp7HLwyBA8oNmmEJWMz93iwx61mePxOzPu2n1VfqWRTgFp/kd3KrFKWLfHvw
NoPGbneAhtwifKCNkxAmX6aCvnTZ18j9nds8WbRcuLRbTF0hHfkI36+vgoRWebaA
su673A0fnFFe64EEnOLjlnAa0V8CL26V2rX2Mi2Kjaw6emc1Yz5HDnGYjckKIlvS
fZjlfP1dtqzBecXvBLIuMQKfygpRJD83sEni+rGtAN1FKVP8eKz+/ZcyAG5xqcrZ
dnDXBegjhieqyz4q9vykxTLmYKEKd4fqbhhjZQ3PStyXgc6iFVKvD41akSdxR6ob
3oujNYblpkJVhHCcO+H4dWa7tznB7hqd9xv2Jerx4cKTdd9uIik=
=M4CO
-----END PGP SIGNATURE-----
Merge tag '9p-fixes-for-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs
Pull fs/9p fixes from Eric Van Hensbergen:
"This contains a reversion of one of the original 6.9 patches which
seems to have been the cause of most of the instability. It also
incorporates several fixes to legacy support and cache fixes.
There are few additional changes to improve stability, but I want
another week of testing before sending them upstream"
* tag '9p-fixes-for-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
fs/9p: drop inodes immediately on non-.L too
fs/9p: Revert "fs/9p: fix dups even in uncached mode"
fs/9p: remove erroneous nlink init from legacy stat2inode
9p: explicitly deny setlease attempts
fs/9p: fix the cache always being enabled on files with qid flags
fs/9p: translate O_TRUNC into OTRUNC
fs/9p: only translate RWX permissions for plain 9P2000
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCZiJcTAAKCRDh3BK/laaZ
PK1QAP9u/S7GYKDj0k58xOVAof2x/q0puHWXoObRma+bPmeoeQEA2+K+vlnTJHub
kLRURaTCzGyFfL+CB/JQ4Kv4tDF5qQc=
=Eoob
-----END PGP SIGNATURE-----
Merge tag 'fuse-fixes-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
- Fix two bugs in the new passthrough mode
- Fix a statx bug introduced in v6.6
- Fix code documentation
* tag 'fuse-fixes-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
cuse: add kernel-doc comments to cuse_process_init_reply()
fuse: fix leaked ENOSYS error on first statx call
fuse: fix parallel dio write on file open in passthrough mode
fuse: fix wrong ff->iomode state changes from parallel dio write
- Fix a kernel fault during page table walking in huge_pte_alloc() with
PTABLE_LEVELS=5 due to using p4d_offset() instead of p4d_alloc()
- head.S fix and cleanup to disable the MMU before toggling the
HCR_EL2.E2H bit when entering the kernel with the MMU on from the EFI
stub. Changing this bit (currently from VHE to nVHE) causes some
system registers as well as page table descriptors to be interpreted
differently, potentially resulting in spurious MMU faults
- Fix translation fault in swsusp_save() accessing MEMBLOCK_NOMAP memory
ranges due to kernel_page_present() returning true in most
configurations other than rodata_full == true,
CONFIG_DEBUG_PAGEALLOC=y or CONFIG_KFENCE=y
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmYirgQACgkQa9axLQDI
XvFbhQ/+MD6ziCPeVxpYNW44rWrG0p3VQ1uZniALSH2rsauNqSZiwGkXJskC5jmj
rgh2RF5reAokDeDNPSNlBzSpXvjknJNb4cJwYZzzhoOF+P3Oi0t6LQOeh07mi7sM
SjnklzoPWa88i5SjTQGmqnJTMe3okdFxHEsT+0Szuu1UZqOC63/Nf/LlBvAFcR0x
CP5I5701+1tlgPiW9YnaBBKMuPFqdYVtBsG1BLsUFBhkKr39vcmYfwo0gGzThJuP
XmvL3zWR53ec9yksBElXgWy38J0ixOxsZlHe1dQaxyQeUMK8ioFpsf/OdXRvs9nb
u3ezwRsgByZ4X+4Y1LwGHnYTOuKqOg/FDNUZAcg3ZDY2AOF4c7mPNmquEQJYaM5J
Ac//IRGAdZxZO6An7UrTv1lESjvsJ/8PosbyM5CPu+kIUwezvBL2xmJ22lTOmKrz
mtHIzH7pc0DfGvlu8czizH1oCuW20YviwNMb7PxzsSkIkDJsuHloefhcrmOm8BCM
LD5DfgzwONr6nlEMPdbRZcRz52RZAXgvgJml/qU4eZxvT8h8sQbgm/KiEBjuC/BO
4TgJ1z8w1Svu8ulLMVtLj0+zgtRlMCHHldiBVUIXZ5vvsJgtM9ALgTWGl05RLquu
EL4j3izYaFhCHY2PHwoMCWRh5We68xgU8r8mgq/cO7mEJAj3JCM=
=UvpI
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- Fix a kernel fault during page table walking in huge_pte_alloc() with
PTABLE_LEVELS=5 due to using p4d_offset() instead of p4d_alloc()
- head.S fix and cleanup to disable the MMU before toggling the
HCR_EL2.E2H bit when entering the kernel with the MMU on from the EFI
stub. Changing this bit (currently from VHE to nVHE) causes some
system registers as well as page table descriptors to be interpreted
differently, potentially resulting in spurious MMU faults
- Fix translation fault in swsusp_save() accessing MEMBLOCK_NOMAP
memory ranges due to kernel_page_present() returning true in most
configurations other than rodata_full == true,
CONFIG_DEBUG_PAGEALLOC=y or CONFIG_KFENCE=y
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: hibernate: Fix level3 translation fault in swsusp_save()
arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H
arm64/head: Drop unnecessary pre-disable-MMU workaround
arm64/hugetlb: Fix page table walk in huge_pte_alloc()
- Fix NULL pointer dereference in program check handler
- Fake IRBs are important events relevant for problem analysis.
Add traces when queueing and delivering
- Fix a race condition in ccw_device_set_online() that can cause the
online process to fail
- Deferred condition code 1 response indicates that I/O was not started
and should be retried. The current QDIO implementation handles a cc1
response as an error, resulting in a failed QDIO setup. Fix that by
retrying the setup when a cc1 response is received
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCZiImyhccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8EXjAQCwB0N7NM94ENmF0vo2MwgcvorW
XgoLZG/UkwfVNAJ0DAD8DzN4CTT8ZFkYsva5BIhLATjYAp1ePlIRfcnjgKdB6wg=
=YdTJ
-----END PGP SIGNATURE-----
Merge tag 's390-6.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Alexander Gordeev:
- Fix NULL pointer dereference in program check handler
- Fake IRBs are important events relevant for problem analysis. Add
traces when queueing and delivering
- Fix a race condition in ccw_device_set_online() that can cause the
online process to fail
- Deferred condition code 1 response indicates that I/O was not started
and should be retried. The current QDIO implementation handles a cc1
response as an error, resulting in a failed QDIO setup. Fix that by
retrying the setup when a cc1 response is received
* tag 's390-6.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/mm: Fix NULL pointer dereference
s390/cio: log fake IRB events
s390/cio: fix race condition during online processing
s390/qdio: handle deferred cc1
- Fix potential static_command_line buffer overrun. Currently we allocate
the memory for static_command_line based on "boot_command_line", but it
will copy "command_line" into it. So we use the length of "command_line"
instead of "boot_command_line" (as previously we did).
- Use memblock_free_late() in xbc_exit() instead of memblock_free() after
the buddy system is initialized.
- Fix a kerneldoc warning.
-----BEGIN PGP SIGNATURE-----
iQFPBAABCgA5FiEEh7BulGwFlgAOi5DV2/sHvwUrPxsFAmYgN1kbHG1hc2FtaS5o
aXJhbWF0c3VAZ21haWwuY29tAAoJENv7B78FKz8b/yEH/1FFgb7UJDtQLbtHl5/b
bcxLbSzfb/N37Bc+sE/AKZYrt5QAMjaOmdtzQz9kdLtycxWcQinne4jqGxd6zfTU
UIisfDjEZr46/Rs5sJg+5i8wWrud1TJOmlMsqiSVcorl0f/wE4S7PqgYXRNWZ0p+
KipjuCCV43ITmVjsiq2NxfZGDaWzow/EJXwZzpQkJE1zaU13w2nzgzg64JW3f/lf
Dx/o9jlYEoLkCjiQJ6XaRuTpHbPP1grozSMbvE3z1WnxCaiFHlzXGi6WUhto+pTu
vt/pUrIFYE7k0IFHAVEgBjOkfCm5y9FwOdPLqwy3harQ5ek9D6h6bFnDhbZw7I27
6V8=
=e2c5
-----END PGP SIGNATURE-----
Merge tag 'bootconfig-fixes-v6.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull bootconfig fixes from Masami Hiramatsu:
- Fix potential static_command_line buffer overrun.
Currently we allocate the memory for static_command_line based on
"boot_command_line", but it will copy "command_line" into it. So we
use the length of "command_line" instead of "boot_command_line" (as
we previously did)
- Use memblock_free_late() in xbc_exit() instead of memblock_free()
after the buddy system is initialized
- Fix a kerneldoc warning
* tag 'bootconfig-fixes-v6.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
bootconfig: Fix the kerneldoc of _xbc_exit()
bootconfig: use memblock_free_late to free xbc memory to buddy
init/main.c: Fix potential static_command_line memory overflow
Prevent the thermal debug code from attempting to divide by zero and
correct trip point statistics (Rafael Wysocki).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmYibScSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRx9AYP/0UJFnF4BiMvGevgmL12XpyYMFJDnDfB
0pOyb3vDQrggc7GdLe2osp0ZDiYkawJ+R1BeabrsZ7Xq7xKvpFnORiolb2XI4E6P
zwcmvtmicjPUb60+FyZOOKJvuJguMIx08VJqqgwS4o9ZvAGOfBbhXfMLnxXzDIDy
vJOzu88tnnqqsGl48PW5rRq8KIdvMCqPjSmDLeoE7G4nMtUfzvhfqJseQ7Vr7m6B
lyKyPAJ+Dy+KjpNbM1B+H4ZD+cDznOZxZoPO0IUBEyIdq40dntkeIBjxXjobUUF+
I7dDIAEQQRWExGGtZb/gI8j7kIik9E8D4BWb7dhQLrEusDGIBr2OJn51im0d73LP
5uaDal+2tN5H6WfGFh5BI45wSWONO5EH20/t1ELvl/cDQG/2+MU+xrP7UPM+FKtp
aL1MuW/5rIfXAkXyFLhbdFbuR7GnFu+aoe/7bC0NOpqxxPz2H37C1niVYs+wvlXQ
HVu6RyBm+FygP7u+91j0tXUGyucGsGhlxcX2QEjT1uNPGDMXLaNpbVdo0WXsylm9
5URBqR2Tcp9Ue2Rsba+8a08O1XHxS6jqNuEhSihzwDLc206uYoay2B1EtsH8IpmR
kSS5Vfjv4kRITjzQRStYjUjuwhqX6jLalwJoXTfOMMLYtSgehuDAdEu1wXXe3OqP
V7eCBA/ZJNA7
=4+IH
-----END PGP SIGNATURE-----
Merge tag 'thermal-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull thermal control fix from Rafael Wysocki:
"This prevents the thermal debug code from attempting to divide by zero
and corrects trip point statistics (Rafael Wysocki)"
* tag 'thermal-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
Things look calm and normal, we got handful HD-audio-related small
fixes and a fix for MIDI 2.0 UMP handling.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmYidpAOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE8O5w/+LLPJ+7LvHJonOuSf4EDIPOT90bL+zkvSJyLo
+7GYqgy7YqAvu7xef2gwT3u9ZJ5Sg5Mvq4GrNp/cMjwxxf2bafpCxe5Lt8iOFufC
TTeS53f+iRWBYUk2EkGbYBPpLpQDNKIVpTT0MyJoJtAJu8mjKvtIzmlG+nM9S3Ec
yxI/EgqkirwxkwNkV9PPLDogdP7ZJpZ9s+9UTlcnDSnGVnQvlzjejHnz+G/y0G+I
WJZU1N3aHjY3RAEoPkViqT62xXtA8Dsx2Rjcjyh1mS3W/gCu4KNOqpqyv3c7KGj+
eyWzt5dl0CdARBhdGkbybIVanmkq3oAtlh6FygdgaO4ZRSp5NWf5nxxBNS7B+fZc
n+Lcb/ZrPLMLhqWa0Uun+ZqABWpLZYVqdhyn5ZOHYfkgZIrSVzewnCzHuFMY1HiD
aOveSWSm1Ds3wwl2D8yPDSB2OdkMzyJZbBYi0IUeaKAmbnSkqlUVGptqBY3lFS+r
02lyJ+mSbfNswh7JkvRisrgBNHLgErtSnTdo2ST3CDDyLTEOJx1YqB6+ELTq9H7l
vwYBV0p72eNHTXwjT9hOLgsMZiO4ovY8G/wegrztJFsCZrhyxFPEzVtt82/4hnPA
xpU+mH+I2AnHksvC1pE+o2EbKisQzMwiNF81ixIC0HPXc8DYftaPE7Y/ycPjKY+H
zQw3RDY=
=59Kf
-----END PGP SIGNATURE-----
Merge tag 'sound-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Things look calm and normal, we got handful HD-audio-related small
fixes and a fix for MIDI 2.0 UMP handling"
* tag 'sound-6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages
ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N
ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4
ALSA: hda/realtek: Fixes for Asus GU605M and GA403U sound
ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1
ALSA: hda/tas2781: correct the register for pow calibrated data
ALSA: hda/realtek: Add quirk for HP SnowWhite laptops
ttm:
- Stop pooling cached NUMA pages
amdgpu:
- Fix invalid resource->start check
- USB-C DSC fix
- Fix a potential UAF in VA IOCTL
- Fix visible VRAM handling during faults
amdkfd:
- Fix memory leak in create_process failure
radeon:
- Silence UBSAN warnings from variable sized arrays
nouveau:
- dp: Don't probe DP ports twice
- nv04: Fix OOB access
- nv50: Disable AUX bus for disconnected DP ports
- nvkm: Fix instmem race condition
panel:
- Don't unregister DSI devices in several drivers
v3d:
- Fix enabled_ns increment
xe:
- Fix bo leak on error path during fb init
- Fix use-after-free due to order vm is put and destroyed
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmYhv5wACgkQDHTzWXnE
hr7H2RAAho4Ry8+0Tfg2rUDwqhUD2tNEkzvVJcD/1Y0GBmxkj4asKTOWH7fAQjEB
r4hSqNA1cIa4LP6Gg/hwuqPi+3OSyYRgVEBGjSH3fhOeNNHeN7PWW9ihlTNJNAnh
UUPfHPe6U7ZLUKxH7ob/NgKrxfaPoEiCXvU6L0e2rOWpSmcn/j76NwP4WTsqDriv
Zfh4lBnhCPkImp4OChIDG9RIRUvKL6tucNHMNpPee6lQ64pnM1zalSjLzMqmsuTG
Y5b0v0P1lif5YNXxGOAQJdg6xe96w4VzkezyNNCDJrx5Eva3x48i2HVtAcdUau0K
t11iai7M72Igjl3N9t4Ym84s1nsqwWr6nZ+pS4+8/MrEgEhhFyHm9FeYMdnax8jh
wmlRD6QbvF3l6dxqgg/RChatTxFkqaI3BYU9rzh+Ofk52LUpjNFsHLD6qNzHxa05
c/byKvgwJIfcfnCEAuUFP+MRyS4+2xl1RPrC2usCVQLZIVoj1Y/N4G8kx9kvQuY5
m3a/Ym4uC5yrOaHrACtKDmbkGIQIExorqBuWi9VRbsXcHv4IEFL3JmQpwRq4UEs7
StHWhfENHnIELhKj/Bsf368UfBUbbIsdGLRCTFvzSO1yolgu1KAI4z0Yl4OhU0kU
DZu4/rqJzi3YiJXqlctqoGwuzAujVJGwN23/YWJvbI5HsRjQA9U=
=1H9l
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2024-04-19' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Regular week of fixes, seems to be about right for this time in the
release cycle, amdgpu, and nouveau are the main one with some
scattered fixes otherwise.
ttm:
- Stop pooling cached NUMA pages
amdgpu:
- Fix invalid resource->start check
- USB-C DSC fix
- Fix a potential UAF in VA IOCTL
- Fix visible VRAM handling during faults
amdkfd:
- Fix memory leak in create_process failure
radeon:
- Silence UBSAN warnings from variable sized arrays
nouveau:
- dp: Don't probe DP ports twice
- nv04: Fix OOB access
- nv50: Disable AUX bus for disconnected DP ports
- nvkm: Fix instmem race condition
panel:
- Don't unregister DSI devices in several drivers
v3d:
- Fix enabled_ns increment
xe:
- Fix bo leak on error path during fb init
- Fix use-after-free due to order vm is put and destroyed"
* tag 'drm-fixes-2024-04-19' of https://gitlab.freedesktop.org/drm/kernel:
drm/radeon: silence UBSAN warning (v3)
drm/radeon: make -fstrict-flex-arrays=3 happy
drm/amdgpu: fix visible VRAM handling during faults
drm/amdgpu: validate the parameters of bo mapping operations more clearly
Revert "drm/amd/display: fix USB-C flag update after enc10 feature init"
drm/amdkfd: Fix memory leak in create_process failure
drm/amdgpu: remove invalid resource->start check v2
drm/xe/vm: prevent UAF with asid based lookup
drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init
drm/panel: novatek-nt36682e: don't unregister DSI device
drm/panel: visionox-rm69299: don't unregister DSI device
drm/nouveau/dp: Don't probe eDP ports twice harder
drm/nouveau/kms/nv50-: Disable AUX bus for disconnected DP ports
drm/v3d: Don't increment `enabled_ns` twice
drm/vmwgfx: Sort primary plane formats by order of preference
drm/vmwgfx: Fix crtc's atomic check conditional
drm/vmwgfx: Fix prime import/export
drm/ttm: stop pooling cached NUMA pages v2
drm: nv04: Fix out of bounds access
nouveau: fix instmem race condition around ptr stores
or aren't considered suitable for backporting.
There are a significant number of fixups for this cycle's page_owner
changes (series "page_owner: print stacks and their outstanding
allocations"). Apart from that, singleton changes all over, mainly in MM.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZiGTewAKCRDdBJ7gKXxA
jt1QAP9QxiU/+gUMVjkHyKaMBHSBMD/CWBFjDfRjx+BPqYx55gD+JWxUXwlyVkMo
Z8fqtCGEgatev1VbwpCwByhvnH9bKgw=
=YBZ9
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2024-04-18-14-41' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"15 hotfixes. 9 are cc:stable and the remainder address post-6.8 issues
or aren't considered suitable for backporting.
There are a significant number of fixups for this cycle's page_owner
changes (series "page_owner: print stacks and their outstanding
allocations"). Apart from that, singleton changes all over, mainly in
MM"
* tag 'mm-hotfixes-stable-2024-04-18-14-41' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
nilfs2: fix OOB in nilfs_set_de_type
MAINTAINERS: update Naoya Horiguchi's email address
fork: defer linking file vma until vma is fully initialized
mm/shmem: inline shmem_is_huge() for disabled transparent hugepages
mm,page_owner: defer enablement of static branch
Squashfs: check the inode number is not the invalid value of zero
mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
mm/userfaultfd: allow hugetlb change protection upon poison entry
mm,page_owner: fix printing of stack records
mm,page_owner: fix accounting of pages when migrating
mm,page_owner: fix refcount imbalance
mm,page_owner: update metadata for tail pages
userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly
Old and new state parameters are swapped, so the old state was cleared
instead of the new duplicated state.
Fixes: 903674588a ("drm/atomic-helper: Add format-conversion state to shadow-plane state")
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Tested-by: Leonard Göhrs <l.goehrs@pengutronix.de>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: <stable@vger.kernel.org> # v6.8+
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20240404081756.2714424-1-l.stach@pengutronix.de
Here are some new modem device ids for 6.9-rc5.
All have been in linux-next with no reported issues.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQHbPq+cpGvN/peuzMLxc3C7H1lCAUCZiJlDQAKCRALxc3C7H1l
CHssAQDRloOpuKCJJjVrr8PDdLSh9IkCSX82ashJIys9lEHXEAEAhBGJAucsTMBX
gvszixRlGe6nfO9M5JTUy8+sBMEZyAw=
=1mFa
-----END PGP SIGNATURE-----
Merge tag 'usb-serial-6.9-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus
Johan writes:
USB-serial device ids for 6.9-rc5
Here are some new modem device ids for 6.9-rc5.
All have been in linux-next with no reported issues.
* tag 'usb-serial-6.9-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
USB: serial: option: add Telit FN920C04 rmnet compositions
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Fibocom FM135-GL variants
In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which
is intended to confirm iocg is active when it has debt. However, warn
can be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn()
is run at that time:
WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190
Call trace:
iocg_pay_debt+0x14c/0x190
iocg_kick_waitq+0x438/0x4c0
iocg_waitq_timer_fn+0xd8/0x130
__run_hrtimer+0x144/0x45c
__hrtimer_run_queues+0x16c/0x244
hrtimer_interrupt+0x2cc/0x7b0
The warn in this situation is meaningless. Since this iocg is being
removed, the state of the 'active_list' is irrelevant, and 'waitq_timer'
is canceled after removing 'active_list' in ioc_pd_free(), which ensures
iocg is freed after iocg_waitq_timer_fn() returns.
Therefore, add the check if iocg was already offlined to avoid warn
when removing a blkcg or disk.
Signed-off-by: Li Nan <linan122@huawei.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20240419093257.3004211-1-linan666@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The count field in struct trip_stats, representing the number of times
the zone temperature was above the trip point, needs to be incremented
in thermal_debug_tz_trip_up(), for two reasons.
First, if a trip point is crossed on the way up for the first time,
thermal_debug_update_temp() called from update_temperature() does
not see it because it has not been added to trips_crossed[] array
in the thermal zone's struct tz_debugfs object yet. Therefore, when
thermal_debug_tz_trip_up() is called after that, the trip point's
count value is 0, and the attempt to divide by it during the average
temperature computation leads to a divide error which causes the kernel
to crash. Setting the count to 1 before the division by incrementing it
fixes this problem.
Second, if a trip point is crossed on the way up, but it has been
crossed on the way up already before, its count value needs to be
incremented to make a record of the fact that the zone temperature is
above the trip now. Without doing that, if the mitigations applied
after crossing the trip cause the zone temperature to drop below its
threshold, the count will not be updated for this episode at all and
the average temperature in the trip statistics record will be somewhat
higher than it should be.
Fixes: 7ef01f228c ("thermal/debugfs: Add thermal debugfs information for mitigation episodes")
Cc :6.8+ <stable@vger.kernel.org> # 6.8+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
The VXLAN driver currently does not check if the inner layer2
source-address is valid.
In case source-address snooping/learning is enabled, a entry in the FDB
for the invalid address is created with the layer3 address of the tunnel
endpoint.
If the frame happens to have a non-unicast address set, all this
non-unicast traffic is subsequently not flooded to the tunnel network
but sent to the learnt host in the FDB. To make matters worse, this FDB
entry does not expire.
Apply the same filtering for packets as it is done for bridges. This not
only drops these invalid packets but avoids them from being learnt into
the FDB.
Fixes: d342894c5d ("vxlan: virtual extensible lan")
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
driver needs queue msix vectors and one misc irq vector,
but only queue vectors need irq affinity.
when num_online_cpus is less than chip max msix vectors,
driver will acquire (num_online_cpus + 1) vecotrs, and
call pci_alloc_irq_vectors_affinity functions with affinity
params without setting pre_vectors or post_vectors, it will
cause return error code -ENOSPC.
Misc irq vector is vector 0, driver need to set affinity params
.pre_vectors = 1.
Fixes: 3f70318611 ("net: libwx: Add irq flow functions")
Signed-off-by: Duanqiang Wen <duanqiangwen@net-swift.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The conversion from MIDI2 to MIDI1 UMP messages had a leftover
artifact (superfluous bit shift), and this resulted in the bogus type
check, leading to empty outputs. Let's fix it.
Fixes: e9e02819a9 ("ALSA: seq: Automatic conversion of UMP events")
Cc: <stable@vger.kernel.org>
Link: https://github.com/alsa-project/alsa-utils/issues/262
Message-ID: <20240419100442.14806-1-tiwai@suse.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The Haier Boyue G42 with ALC269VC cannot detect the MIC of headset,
the line out and internal speaker until
ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS quirk applied.
Signed-off-by: Ai Chao <aichao@kylinos.cn>
Cc: <stable@vger.kernel.org>
Message-ID: <20240419082159.476879-1-aichao@kylinos.cn>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The AP removal timer field need not be aligned, so the
code shouldn't access it directly, but use unaligned
loads. Use get_unaligned_le16(), which even is shorter
than the current code since it doesn't need a cast.
Fixes: 8eb8dd2ffb ("wifi: mac80211: Support link removal using Reconfiguration ML element")
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.356788ba0045.I2b3cdb3644e205d5bb10322c345c0499171cf5d2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the AP removal timer is long, we don't really want to
remove the link immediately. However, we really should do
it _before_ the AP removes it (which happens at or after
count reaches 0), so subtract 1 from the countdown when
scheduling the timer. This causes the link removal work
to run just after the beacon with value 1 is received. If
the counter is already zero, do it immediately.
This fixes an issue where we do the removal too late and
receive a beacon from the AP that's no longer associated
with the MLD, but thus removed EHT and ML elements, and
then we disconnect instead from the whole MLD, since one
of the associated APs changed mode from EHT to HE.
Fixes: 8eb8dd2ffb ("wifi: mac80211: Support link removal using Reconfiguration ML element")
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.03ac4a09fa74.Ifb8c8d38e3402721a81ce5981568f47b5c5889cb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we don't get all the values here, we might pass them to
cfg80211 uninitialized. Fix that, even if the input might
then not make much sense.
Fixes: 2af3b2a631 ("mac80211_hwsim: add PMSR report support via virtio")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.e1317621c1f9.If7dd447de24d7493d133284db5e9e482e4e299f8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the AP mode ends up being determined less than the client mode,
there may be different reasons for this, e.g. AP misconfiguration.
If this happens in a way that causes e.g. EHT to be rejected, the
elements need to be re-parsed since we'll connect as HE, but not
reparsing means that we'll still think it's OK to use multi-link,
so we can connect in a non-sensical configuration of advertising
only HE on a secondary link. This normally won't happen for the
assoc link because that reuses the mode from authentication, and
if that's not EHT, multi-link association is rejected.
Fix this inconsistency by parsing the elements again if the mode
was different from the first parsing attempt. Print the message a
bit later to avoid printing "determined AP ... to be HE" twice in
cases where ieee80211_determine_ap_chan() returned a lesser mode,
rather than the regulatory downgrades below changing it.
Fixes: 310c8387c6 ("wifi: mac80211: clean up connection process")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.d1f25d92cfe7.Ia21eff6cdcae2f5aca13cf8e742a986af5e70f89@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When doing re-parsing in ieee80211_determine_chan_mode(),
the conn->mode is changed, and the whole point of doing
the parsing again was to parse as the downgraded mode.
However, that didn't actually work, because the setting
was copied before and never changed again. Fix that.
Fixes: 310c8387c6 ("wifi: mac80211: clean up connection process")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.5e0d1fcb5622.Ib0673e0bc90033fd6d387b6a5f107c040eb907cf@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The vif's idle state doesn't automatically go to true when
any link removes the channel context, it's only idle when
_all_ links no longer have a channel context. Fix that.
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.90df97557702.I05d2228ce85c203b9f2d6da8538cc16dce46752a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
- Fix use-after-free due to order vm is put and destroyed
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE6rM8lpABPHM5FqyDm6KlpjDL6lMFAmYhP4gZHGx1Y2FzLmRl
bWFyY2hpQGludGVsLmNvbQAKCRCboqWmMMvqU72FD/9fdK0UOtlKJc93YatiMAoz
JFre/RQlqLpblP3/HJliDc6rfbPK3dynZwOpItM9hYgjnOs7ZZygz20iTAGwk1mI
10s0E1MiDPRt0NTDijsWMmvnyU38vsQtrK29A9Lhb6eVJ8ruO+qUbPYYxkTZzwTz
WouJtZDa7JnCRC/dGDSFuVP+SlZVUIuVSSStgyIbZfFizr0T93IFCqeo1lY7L1oa
ZblqWt2tF/Z6A3r1xJDfddTYEqsKq2G1/w5bVh269ePZ1YKdtuB4cEXwngyTNWeM
cp+ZKde1y/zsj7AkPyWQ/TRo1bJXG2SY5DLtUgjyQRBG3s7Q2QyKswLPS4dOYqIO
yKW9OWQE9XhEcZzvXEKhaNV9kTSUhX5K1jRnYtnX7qwIPf6lhJZYfXqFHM+3A0Ur
GocgJ/pz2yBQWOoj8tLRmh/9YQVF72s5tmRtTpla7TkTXZiWX/9JMgZ+UVx0Gm+A
VQquefEsgYfvno3k8AJxQUN2BisAlXBZ9CjLYCnYa3yoLlejyqcLBJeRC7JNl5c6
1WA4GmkC2RNB+rd5aOUqOzmdJzNh8+/qNlwnNdK7Pu1SpfbqEcdv21U7xV4hdtri
GTB42BvSY/fwy4ujMHR0qlOiOMAWsuwEh81J/i6ZPhMiX3wJiyW52qbJT8KoAq9z
HHdU77zxhv0T0mS7LG+Y1A==
=x39h
-----END PGP SIGNATURE-----
Merge tag 'drm-xe-fixes-2024-04-18' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes
- Fix bo leak on error path during fb init
- Fix use-after-free due to order vm is put and destroyed
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/xjguifyantaibyrnymuiotxws6akiexi6r7tqyieqxgquovubc@kkrtbe24hjjr
