Commit Graph

1200893 Commits

Author SHA1 Message Date
Stefan Haberland
8a2278ce9c s390/dasd: fix hanging device after request requeue
The DASD device driver has a function to requeue requests to the
blocklayer.
This function is used in various cases when basic settings for the device
have to be changed like High Performance Ficon related parameters or copy
pair settings.

The functions iterates over the device->ccw_queue and also removes the
requests from the block->ccw_queue.
In case the device is started on an alias device instead of the base
device it might be removed from the block->ccw_queue without having it
canceled properly before. This might lead to a hanging device since the
request is no longer on a queue and can not be handled properly.

Fix by iterating over the block->ccw_queue instead of the
device->ccw_queue. This will take care of all blocklayer related requests
and handle them on all associated DASD devices.

Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230721193647.3889634-4-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-07-24 13:05:29 -06:00
Stefan Haberland
acea28a6b7 s390/dasd: use correct number of retries for ERP requests
If a DASD request fails an error recovery procedure (ERP) request might
be built as a copy of the original request to do error recovery.

The ERP request gets a number of retries assigned.
This number is always 256 no matter what other value might have been set
for the original request. This is not what is expected when a user
specifies a certain amount of retries for the device via sysfs.

Correctly use the number of retries of the original request for ERP
requests.

Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230721193647.3889634-3-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-07-24 13:05:29 -06:00
Stefan Haberland
05f1d8ed03 s390/dasd: fix hanging device after quiesce/resume
Quiesce and resume are functions that tell the DASD driver to stop/resume
issuing I/Os to a specific DASD.

On resume dasd_schedule_block_bh() is called to kick handling of IO
requests again. This does unfortunately not cover internal requests which
are used for path verification for example.

This could lead to a hanging device when a path event or anything else
that triggers internal requests occurs on a quiesced device.

Fix by also calling dasd_schedule_device_bh() which triggers handling of
internal requests on resume.

Fixes: 8e09f21574 ("[S390] dasd: add hyper PAV support to DASD device driver, part 1")

Cc: stable@vger.kernel.org
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230721193647.3889634-2-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-07-24 13:05:29 -06:00
Jens Axboe
7b72d661f1 io_uring: gate iowait schedule on having pending requests
A previous commit made all cqring waits marked as iowait, as a way to
improve performance for short schedules with pending IO. However, for
use cases that have a special reaper thread that does nothing but
wait on events on the ring, this causes a cosmetic issue where we
know have one core marked as being "busy" with 100% iowait.

While this isn't a grave issue, it is confusing to users. Rather than
always mark us as being in iowait, gate setting of current->in_iowait
to 1 by whether or not the waiting task has pending requests.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/io-uring/CAMEGJJ2RxopfNQ7GNLhr7X9=bHXKo+G5OOe0LUq=+UgLXsv1Xg@mail.gmail.com/
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217699
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217700
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Reported-by: Phil Elwell <phil@raspberrypi.com>
Tested-by: Andres Freund <andres@anarazel.de>
Fixes: 8a796565ce ("io_uring: Use io_schedule* in cqring wait")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-07-24 11:44:35 -06:00
Christian Brauner
20ea1e7d13 file: always lock position for FMODE_ATOMIC_POS
The pidfd_getfd() system call allows a caller with ptrace_may_access()
abilities on another process to steal a file descriptor from this
process. This system call is used by debuggers, container runtimes,
system call supervisors, networking proxies etc. So while it is a
special interest system call it is used in common tools.

That ability ends up breaking our long-time optimization in fdget_pos(),
which "knew" that if we had exclusive access to the file descriptor
nobody else could access it, and we didn't need the lock for the file
position.

That check for file_count(file) was always fairly subtle - it depended
on __fdget() not incrementing the file count for single-threaded
processes and thus included that as part of the rule - but it did mean
that we didn't need to take the lock in all those traditional unix
process contexts.

So it's sad to see this go, and I'd love to have some way to re-instate
the optimization. At the same time, the lock obviously isn't ever
contended in the case we optimized, so all we were optimizing away is
the atomics and the cacheline dirtying. Let's see if anybody even
notices that the optimization is gone.

Link: https://lore.kernel.org/linux-fsdevel/20230724-vfs-fdget_pos-v1-1-a4abfd7103f3@kernel.org/
Fixes: 8649c322f7 ("pid: Implement pidfd_getfd syscall")
Cc: stable@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-07-24 10:16:36 -07:00
Linus Torvalds
9e0ee0c754 media fixes for v6.5-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+QmuaPwR3wnBdVwACF8+vY7k4RUFAmS+TSkACgkQCF8+vY7k
 4RXxpQ//feteV/misV4M6hivy99yA4XiRW61lCt80+jA6dGyIZtcxGAoCMQw7qUW
 //D9N07xaBfCDHlyy6viLEzU++Y+RtouOFKSjTFxK83t3GDwrQpld/6JFo9NCaRD
 LQ8mwNi4F/70RcUO2vr1mEpzTrYHDr4UnT1arsGYW0iXvP2WIL11+PNTWtidKx9W
 wpgsgd90NRocPR/C+RvgIAmu0gCUpd47p1yfPvlq8A3MU9bzXxJMAkJK2BRiVmkT
 qLPsdYgZDlMLIltgqJRc9dUA/a0jYH/hnc/9GRcvncCJQ0rEZZQpZdfm4pkCdP7N
 RQZgZZ6V90fFA6PQXwCIhzzOj+SfG2ChkbtPoW6cilcTZGI0j4PxvavHd6CUvtOw
 1SwVIMTs2eTKC0FqI42V7W7WL0WWCEcbA/x51JXEyUWbMQUljAPet8YKJVw8l715
 iP78u2dJFjY1BYDqJ6vtrbuWevKIwb4gvnN3+Xm6vObRdf1a5IeX7SKjpXbFoSbn
 uN+Tlvu5cwelPsKxcaJwGD4oC2CHcsLtZs9y2MejwlVtL9VG1b2IWxq7RycGTxHC
 +SNs9N9mbF2zeQwu8RZxxHJsiXnAObgp2uQHIOADp3+YUSTZ+95f7JFa+5gdoDRD
 e1AICwSdJWfpnOpKVxtDQjOLrhkRE++hxY6RAlzwYSX9I+a4cOY=
 =7EgV
 -----END PGP SIGNATURE-----

Merge tag 'media/v6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:

 - some warning fixes

 - verisilicon: an excessive usage of stack fix and changes at reg
   access

 - amphion: use dev_err_probe

 - pulse8-cec: handle possible ping error

 - imx-jpeg: Support to assign slot for encoder/decoder

 - amphion: Fix firmware path to match linux-firmware

 - pci: cx23885: fix error handling for cx23885 ATSC boards

 - staging: atomisp: select V4L2_FWNODE

 - mediatek: vcodec: fix cancel_work_sync fail with fluster test

* tag 'media/v6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  media: verisilicon: change confusingly named relaxed register access
  media: verisilicon: fix excessive stack usage
  media: mediatek: vcodec: fix cancel_work_sync fail with fluster test
  media: pci: cx23885: fix error handling for cx23885 ATSC boards
  media: pulse8-cec: handle possible ping error
  media: mtk_jpeg_core: avoid unused-variable warning
  media: imx-jpeg: Support to assign slot for encoder/decoder
  media: amphion: Fix firmware path to match linux-firmware
  media: amphion: use dev_err_probe
  media: staging: atomisp: select V4L2_FWNODE
  media: tc358746: Address compiler warnings
2023-07-24 09:25:18 -07:00
Filipe Manana
bf7ecbe987 btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
At btrfs_wait_for_commit() we wait for a transaction to finish and then
always return 0 (success) without checking if it was aborted, in which
case the transaction didn't happen due to some critical error. Fix this
by checking if the transaction was aborted.

Fixes: 462045928b ("Btrfs: add START_SYNC, WAIT_SYNC ioctls")
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2023-07-24 18:06:27 +02:00
Filipe Manana
d8ccbd2191 btrfs: remove BUG_ON()'s in add_new_free_space()
At add_new_free_space() we have these BUG_ON()'s that are there to deal
with any failure to add free space to the in memory free space cache.
Such failures are mostly -ENOMEM that should be very rare. However there's
no need to have these BUG_ON()'s, we can just return any error to the
caller and all callers and their upper call chain are already dealing with
errors.

So just make add_new_free_space() return any errors, while removing the
BUG_ON()'s, and returning the total amount of added free space to an
optional u64 pointer argument.

Reported-by: syzbot+3ba856e07b7127889d8c@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/000000000000e9cb8305ff4e8327@google.com/
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2023-07-24 18:06:05 +02:00
Linus Torvalds
0a9266b79c Fix an issue on AMD Zen2 processors called Zenbleed. The bug manifests
itself as a data corruption issue when executing VZEROUPPER under
 certain microarchitectural conditions.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmS2OeYACgkQEsHwGGHe
 VUqyRBAAu+OnWCX2QwutMmPCfsfZSt/VmlmQpz07JAlQP03yf+P4hMl+VLHTyLdr
 UAPAyZ3tTvHNnPWIukV3//zV8kuU4Jp/G4ozAJn4l/JxnMfj40zs7rxjMAGArCQp
 lWCZLx60KLz13Owd7FI0NXG8aIBY4HaGKVKa6p45ukEaYYP6BJ9/TFqTMJIFUECy
 q520RTp5dXuVeAim7Ke/RPF8YkSgmZuxlc98yXTAvmPBL7T5eiORbwTGDBuVD/x0
 n3ZM7ijlQg8usPkM2LmNY52wMWcHoNPUO1vC9SEYvAGLinLqHw5//UoFqwODJ2GO
 Cx036db9UZBM9ntTkHhJnyaw0d6xNIWHlYyo0ESQTEtTEJQaiGkSnk5IP9I3/1bd
 AM7vni7RKhav4GvN1ilH+axNRMgjQENja+21tGwAp+QcGuX54rxU5LqIGEY/1qtm
 Po5oYuuksrHIgouTLYOwinY+PxDdYnjaDs2fgXh9EhMU9VlAb76j+9d/I6j+1g64
 6D9fPijye3w075V4DGs8ogs/A2WGyxCueCsRfy0B3F++9Yez5EjwTjs45HKSCvkR
 96ODwG+Xsmbk/BKt1aUZDdLls3Xog8XwlTJMQrXTrYDKgEcQ401t5tCP/8jUTqQY
 twlj3fW1NItR1tgcH1eRAObsVsub+UYG7hPC5LpGFz7juHh+oZ0=
 =D7w9
 -----END PGP SIGNATURE-----

Merge tag 'x86_bugs_zenbleed' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull Zen 2 errata fix from Borislav Petkov:
 "Fix an issue on AMD Zen2 processors called Zenbleed.

  The bug manifests itself as a data corruption issue when executing
  VZEROUPPER under certain microarchitectural conditions"

* tag 'x86_bugs_zenbleed' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu/amd: Add a Zenbleed fix
  x86/cpu/amd: Move the errata checking functionality up
2023-07-24 08:55:53 -07:00
Gilles Buloz
54685abe66 hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
Because of hex value 0x46 used instead of decimal 46, the temp6
(PECI1) temperature is always declared visible and then displayed
even if disabled in the chip

Signed-off-by: Gilles Buloz <gilles.buloz@kontron.com>
Link: https://lore.kernel.org/r/DU0PR10MB62526435ADBC6A85243B90E08002A@DU0PR10MB6252.EURPRD10.PROD.OUTLOOK.COM
Fixes: fcdc5739dc ("hwmon: (nct7802) add temperature sensor type attribute")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2023-07-24 07:01:40 -07:00
Ben Hutchings
922a9bd138 m68k: Fix invalid .section syntax
gas supports several different forms for .section for ELF targets,
including:
    .section NAME [, "FLAGS"[, @TYPE[,FLAG_SPECIFIC_ARGUMENTS]]]
and:
    .section "NAME"[, #FLAGS...]

In several places we use a mix of these two forms:
    .section NAME, #FLAGS...

A current development snapshot of binutils (2.40.50.20230611) treats
this mixed syntax as an error.

Change to consistently use:
    .section NAME, "FLAGS"
as is used elsewhere in the kernel.

Link: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=m68k&ver=6.4%7Erc6-1%7Eexp1&stamp=1686907300&raw=1
Signed-off-by: Ben Hutchings <benh@debian.org>
Tested-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Link: https://lore.kernel.org/r/ZIyBaueWT9jnTwRC@decadent.org.uk
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
2023-07-24 14:50:02 +02:00
Xiubo Li
50164507f6 ceph: never send metrics if disable_send_metrics is set
Even the 'disable_send_metrics' is true so when the session is
being opened it will always trigger to send the metric for the
first time.

Cc: stable@vger.kernel.org
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2023-07-24 13:15:39 +02:00
Harshit Mogalapalli
13c088cf36 phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM.

In the for loop, 'i' is used as the index for array 'priv->ports[]'
with a check (i > INNO_PHY_PORT_NUM) which indicates that
INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop.

This > comparison needs to be changed to >=, otherwise it potentially leads
to an out of bounds write on the next iteration through the loop

Fixes: ba8b0ee81f ("phy: add inno-usb2-phy driver for hi3798cv200 SoC")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20230721090558.3588613-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2023-07-24 16:23:37 +05:30
David S. Miller
22117b3ae6 Merge branch 'vxlan-gro-fixes'
Jiri Benc says:

====================
vxlan: fix GRO with VXLAN-GPE

The first patch generalizes code for the second patch, which is a fix for
broken VXLAN-GPE GRO. Thanks to Paolo for noticing the bug.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 10:47:09 +01:00
Jiri Benc
b0b672c4d0 vxlan: fix GRO with VXLAN-GPE
In VXLAN-GPE, there may not be an Ethernet header following the VXLAN
header. But in GRO, the vxlan driver calls eth_gro_receive
unconditionally, which means the following header is incorrectly parsed
as Ethernet.

Introduce GPE specific GRO handling.

For better performance, do not check for GPE during GRO but rather
install a different set of functions at setup time.

Fixes: e1e5314de0 ("vxlan: implement GPE")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 10:47:09 +01:00
Jiri Benc
17a0a64448 vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
The vxlan_parse_gpe_hdr function extracts the next protocol value from
the GPE header and marks GPE bits as parsed.

In order to be used in the next patch, split the function into protocol
extraction and bit marking. The bit marking is meaningful only in
vxlan_rcv; move it directly there.

Rename the function to vxlan_parse_gpe_proto to reflect what it now
does. Remove unused arguments skb and vxflags. Move the function earlier
in the file to allow it to be called from more places in the next patch.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 10:47:09 +01:00
Yuanjun Gong
8d01da0a1d ethernet: atheros: fix return value check in atl1c_tso_csum()
in atl1c_tso_csum, it should check the return value of pskb_trim(),
and return an error code if an unexpected value is returned
by pskb_trim().

Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 10:39:11 +01:00
Jiri Benc
94d166c531 vxlan: calculate correct header length for GPE
VXLAN-GPE does not add an extra inner Ethernet header. Take that into
account when calculating header length.

This causes problems in skb_tunnel_check_pmtu, where incorrect PMTU is
cached.

In the collect_md mode (which is the only mode that VXLAN-GPE
supports), there's no magic auto-setting of the tunnel interface MTU.
It can't be, since the destination and thus the underlying interface
may be different for each packet.

So, the administrator is responsible for setting the correct tunnel
interface MTU. Apparently, the administrators are capable enough to
calculate that the maximum MTU for VXLAN-GPE is (their_lower_MTU - 36).
They set the tunnel interface MTU to 1464. If you run a TCP stream over
such interface, it's then segmented according to the MTU 1464, i.e.
producing 1514 bytes frames. Which is okay, this still fits the lower
MTU.

However, skb_tunnel_check_pmtu (called from vxlan_xmit_one) uses 50 as
the header size and thus incorrectly calculates the frame size to be
1528. This leads to ICMP too big message being generated (locally),
PMTU of 1450 to be cached and the TCP stream to be resegmented.

The fix is to use the correct actual header size, especially for
skb_tunnel_check_pmtu calculation.

Fixes: e1e5314de0 ("vxlan: implement GPE")
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 09:37:32 +01:00
David S. Miller
a071c6ace3 Merge branch 'hns3-fixes'
Jijie Shao says:

====================
There are some bugfix for the HNS3 ethernet driver

There are some bugfix for the HNS3 ethernet driver
====================

Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 09:36:23 +01:00
Jijie Shao
882481b1c5 net: hns3: fix wrong bw weight of disabled tc issue
In dwrr mode, the default bandwidth weight of disabled tc is set to 0.
If the bandwidth weight is 0, the mode will change to sp.
Therefore, disabled tc default bandwidth weight need changed to 1,
and 0 is returned when query the bandwidth weight of disabled tc.
In addition, driver need stop configure bandwidth weight if tc is disabled.

Fixes: 848440544b ("net: hns3: Add support of TX Scheduler & Shaper to HNS3 driver")
Signed-off-by: Jie Wang <wangjie125@huawei.com>
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 09:36:23 +01:00
Jijie Shao
116d9f732e net: hns3: fix wrong tc bandwidth weight data issue
Currently, the weight saved by the driver is used as the query result,
which may be different from the actual weight in the register.
Therefore, the register value read from the firmware is used
as the query result

Fixes: 0e32038dc8 ("net: hns3: refactor dump tc of debugfs")
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 09:36:23 +01:00
Hao Lan
6d2336120a net: hns3: add tm flush when setting tm
When the tm module is configured with traffic, traffic
may be abnormal. This patch fixes this problem.
Before the tm module is configured, traffic processing
should be stopped. After the tm module is configured,
traffic processing is enabled.

Signed-off-by: Hao Lan <lanhao@huawei.com>
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 09:36:23 +01:00
Hao Lan
b27d0232e8 net: hns3: fix the imp capability bit cannot exceed 32 bits issue
Current only the first 32 bits of the capability flag bit are considered.
When the matching capability flag bit is greater than 31 bits,
it will get an error bit.This patch use bitmap to solve this issue.
It can handle each capability bit whitout bit width limit.

Fixes: da77aef9cc ("net: hns3: create common cmdq resource allocate/free/query APIs")
Signed-off-by: Hao Lan <lanhao@huawei.com>
Signed-off-by: Jijie Shao <shaojijie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-24 09:36:22 +01:00
Thomas Gleixner
de99090852 irqchip fixes for 6.5, take #1
- Work around an erratum on GIC700, where a race between a CPU
   handling a wake-up interrupt, a change of affinity, and another
   CPU going to sleep can result in a lack of wake-up event on the
   next interrupt.
 
 - Fix the locking required on a VPE for GICv4
 
 - Enable Rockchip 3588001 erratum workaround for RK3588S
 
 - Fix the irq-bcm6345-l1 assumtions of the boot CPU always be
   the first CPU in the system
 -----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEEn9UcU+C1Yxj9lZw9I9DQutE9ekMFAmS1HZsPHG1hekBrZXJu
 ZWwub3JnAAoJECPQ0LrRPXpDwRUQAI/DDQqQH/1fCoE+LtcA4jNjOUva2NYyRjH2
 1qYRPgj39yiIKAPCWLKnIG28bY/zZC2RrhfSiswjQQLp80xaRwh08Q9ctWIfpkFi
 3K9QAoihYZuKt2DwezNIZapiKyN7m5NjPS7vdociwJ1yLnVp/LM6racRBz3uBAJB
 ijFHMC2i560EEpWtHdWrVSCkaryd/IMITy+AQUl/b9TbIXMM/SN2KurGp6fPhIiF
 FMDCgA7pl0BwaaJ88FJWUwlkJyFho4ERUJJKmxGqDrO8tXRRDJpLI/ZlT6jLeXCf
 dtIgbGYGQe7DZ2eUVw9YVmBA54oh6pgZ5p7xDphsGMXeQUWR29xWF4itxmq6jJOF
 HIwMLCHGpdHtxaUia/dwhykGEnT1gH13hAULRjAtf3kR5mmbNVA618lHSeFC3zcx
 2yeel4CoJ3hRTlilMAHQFjW+V481s+MhKuEUSJACgDYblQxQmyM82Qq+ZuG6g5ah
 IF0DNLsxvFDF1WIw9U30bM7DI4XtF9fs/rdKGh5tiSQQXSXz9N0Rw2cmuxyxNqRR
 effQyMpOqZUUCas/xOsF2JF4pQPy0nFmHBVSXylLF597omZKmxR6NS+sKJCieJS6
 JTDCfA1zDZfRh4KhqiWmh2e+iKmGc3jc1XHFXj5EzWUYOu/ohm+y5P7Ger4krZEx
 aXxnbgnE
 =hS3u
 -----END PGP SIGNATURE-----

Merge tag 'irqchip-fixes-6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent

Pull irqchip fixes from Marc Zyngier:

  - Work around an erratum on GIC700, where a race between a CPU
    handling a wake-up interrupt, a change of affinity, and another
    CPU going to sleep can result in a lack of wake-up event on the
    next interrupt.

  - Fix the locking required on a VPE for GICv4

  - Enable Rockchip 3588001 erratum workaround for RK3588S

  - Fix the irq-bcm6345-l1 assumtions of the boot CPU always be
    the first CPU in the system

Link: https://lore.kernel.org/lkml/20230717113857.304919-1-maz@kernel.org
2023-07-24 10:27:43 +02:00
Johan Hovold
4dd8752a14 serial: qcom-geni: drop bogus runtime pm state update
The runtime PM state should not be changed by drivers that do not
implement runtime PM even if it happens to work around a bug in PM core.

With the wake irq arming now fixed, drop the bogus runtime PM state
update which left the device in active state (and could potentially
prevent a parent device from suspending).

Fixes: f3974413cf ("tty: serial: qcom_geni_serial: Wakeup IRQ cleanup")
Cc: 5.6+ <stable@vger.kernel.org> # 5.6+
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2023-07-24 09:51:51 +02:00
Johan Hovold
e7b915219b PM: sleep: wakeirq: drop unused enable helpers
Drop the wake-irq enable and disable helpers which have not been used
since commit bed570307e ("PM / wakeirq: Fix dedicated wakeirq for
drivers not using autosuspend").

Note that these functions are essentially just leftovers from the first
iteration of the wake-irq implementation where device drivers were
supposed to call these functions themselves instead of PM core (as
is also indicated by the bogus kernel doc comments).

Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2023-07-24 09:51:51 +02:00
Johan Hovold
8527beb120 PM: sleep: wakeirq: fix wake irq arming
The decision whether to enable a wake irq during suspend can not be done
based on the runtime PM state directly as a driver may use wake irqs
without implementing runtime PM. Such drivers specifically leave the
state set to the default 'suspended' and the wake irq is thus never
enabled at suspend.

Add a new wake irq flag to track whether a dedicated wake irq has been
enabled at runtime suspend and therefore must not be enabled at system
suspend.

Note that pm_runtime_enabled() can not be used as runtime PM is always
disabled during late suspend.

Fixes: 69728051f5 ("PM / wakeirq: Fix unbalanced IRQ enable for wakeirq")
Cc: 4.16+ <stable@vger.kernel.org> # 4.16+
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Tested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2023-07-24 09:51:51 +02:00
Ahmad Fatoum
ac4436a5b2 thermal: of: fix double-free on unregistration
Since commit 3d439b1a2a ("thermal/core: Alloc-copy-free the thermal
zone parameters structure"), thermal_zone_device_register() allocates
a copy of the tzp argument and frees it when unregistering, so
thermal_of_zone_register() now ends up leaking its original tzp and
double-freeing the tzp copy. Fix this by locating tzp on stack instead.

Fixes: 3d439b1a2a ("thermal/core: Alloc-copy-free the thermal zone parameters structure")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: 6.4+ <stable@vger.kernel.org> # 6.4+: 8bcbb18c61d6: thermal: core: constify params in thermal_zone_device_register
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2023-07-24 09:51:31 +02:00
Ahmad Fatoum
80ddce5f2d thermal: core: constify params in thermal_zone_device_register
Since commit 3d439b1a2a ("thermal/core: Alloc-copy-free the thermal zone
parameters structure"), thermal_zone_device_register() allocates a copy
of the tzp argument and callers need not explicitly manage its lifetime.

This means the function no longer cares about the parameter being
mutable, so constify it.

No functional change.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2023-07-24 09:51:31 +02:00
Rik van Riel
9e46e4dcd9 mm,memblock: reset memblock.reserved to system init state to prevent UAF
The memblock_discard function frees the memblock.reserved.regions
array, which is good.

However, if a subsequent memblock_free (or memblock_phys_free) comes
in later, from for example ima_free_kexec_buffer, that will result in
a use after free bug in memblock_isolate_range.

When running a kernel with CONFIG_KASAN enabled, this will cause a
kernel panic very early in boot. Without CONFIG_KASAN, there is
a chance that memblock_isolate_range might scribble on memory
that is now in use by somebody else.

Avoid those issues by making sure that memblock_discard points
memblock.reserved.regions back at the static buffer.

If memblock_free is called after memblock memory is discarded, that will
print a warning in memblock_remove_region.

Signed-off-by: Rik van Riel <riel@surriel.com>
Link: https://lore.kernel.org/r/20230719154137.732d8525@imladris.surriel.com
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
2023-07-24 08:52:56 +03:00
Chen-Yu Tsai
67cb608838
regulator: mt6358: Fix incorrect VCN33 sync error message
After syncing the enable status of VCN33_WIFI to VCN33_BT, the driver
will disable VCN33_WIFI. If it fails it will error out with a message.
However the error message incorrectly refers to VCN33_BT.

Fix the error message so that it correctly refers to VCN33_WIFI.

Suggested-by: Fei Shao <fshao@chromium.org>
Fixes: 65bae54e08 ("regulator: mt6358: Merge VCN33_* regulators")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20230721082903.2038975-4-wenst@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
2023-07-23 23:40:09 +01:00
Chen-Yu Tsai
649fee5a17
regulator: mt6358: Sync VCN33_* enable status after checking ID
Syncing VCN33_* enable status should be done after checking the PMIC's
ID, to avoid setting random bits on other PMICs.

Suggested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Fixes: 65bae54e08 ("regulator: mt6358: Merge VCN33_* regulators")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20230721082903.2038975-3-wenst@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
2023-07-23 23:40:08 +01:00
Edson Juliano Drosdeck
1bc40efdaf
ASoC: nau8821: Add DMI quirk mechanism for active-high jack-detect
Add a quirk mechanism to allow specifying that active-high jack-detection
should be used on platforms where this info is not available in devicetree.

And add an entry for the Positivo CW14Q01P-V2 to the DMI table, so that
jack-detection will work properly on this laptop.

Signed-off-by: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
Link: https://lore.kernel.org/r/20230719200241.4865-1-edson.drosdeck@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2023-07-23 23:40:05 +01:00
Dmytro Maluka
f0691dc162
ASoC: da7219: Check for failure reading AAD IRQ events
When handling an AAD interrupt, if IRQ events read failed (for example,
due to i2c "Transfer while suspended" failure, i.e. when attempting to
read it while DA7219 is suspended, which may happen due to a spurious
AAD interrupt), the events array contains garbage uninitialized values.
So instead of trying to interprete those values and doing any actions
based on them (potentially resulting in misbehavior, e.g. reporting
bogus events), refuse to handle the interrupt.

Signed-off-by: Dmytro Maluka <dmy@semihalf.com>
Link: https://lore.kernel.org/r/20230717193737.161784-3-dmy@semihalf.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2023-07-23 23:40:00 +01:00
Dmytro Maluka
91e292917d
ASoC: da7219: Flush pending AAD IRQ when suspending
da7219_aad_suspend() disables jack detection, which should prevent
generating new interrupts by DA7219 while suspended. However, there is a
theoretical possibility that there is a pending interrupt generated just
before suspending DA7219 and not handled yet, so the IRQ handler may
still run after DA7219 is suspended. To prevent that, wait until the
pending IRQ handling is done.

This patch arose as an attempt to fix the following I2C failure
occurring sometimes during system suspend or resume:

[  355.876211] i2c_designware i2c_designware.3: Transfer while suspended
[  355.876245] WARNING: CPU: 2 PID: 3576 at drivers/i2c/busses/i2c-designware-master.c:570 i2c_dw_xfer+0x411/0x440
...
[  355.876462] Call Trace:
[  355.876468]  <TASK>
[  355.876475]  ? update_load_avg+0x1b3/0x615
[  355.876484]  __i2c_transfer+0x101/0x1d8
[  355.876494]  i2c_transfer+0x74/0x10d
[  355.876504]  regmap_i2c_read+0x6a/0x9c
[  355.876513]  _regmap_raw_read+0x179/0x223
[  355.876521]  regmap_raw_read+0x1e1/0x28e
[  355.876527]  regmap_bulk_read+0x17d/0x1ba
[  355.876532]  ? __wake_up+0xed/0x1bb
[  355.876542]  da7219_aad_irq_thread+0x54/0x2c9 [snd_soc_da7219 5fb8ebb2179cf2fea29af090f3145d68ed8e2184]
[  355.876556]  irq_thread+0x13c/0x231
[  355.876563]  ? irq_forced_thread_fn+0x5f/0x5f
[  355.876570]  ? irq_thread_fn+0x4d/0x4d
[  355.876576]  kthread+0x13a/0x152
[  355.876581]  ? synchronize_irq+0xc3/0xc3
[  355.876587]  ? kthread_blkcg+0x31/0x31
[  355.876592]  ret_from_fork+0x1f/0x30
[  355.876601]  </TASK>

which indicates that the AAD IRQ handler is unexpectedly running when
DA7219 is suspended, and as a result, is trying to read data from DA7219
over I2C and is hitting the I2C driver "Transfer while suspended"
failure.

However, with this patch the above failure is still reproducible. So
this patch does not fix any real observed issue so far, but at least is
useful for confirming that the above issue is not caused by a pending
IRQ but rather looks like a DA7219 hardware issue with an IRQ
unexpectedly generated after jack detection is already disabled.

Signed-off-by: Dmytro Maluka <dmy@semihalf.com>
Link: https://lore.kernel.org/r/20230717193737.161784-2-dmy@semihalf.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2023-07-23 23:39:59 +01:00
Mark Brown
1477c794c7 Linux 6.5-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAmS9qIoeHHRvcnZhbGRz
 QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGH6EH/2EnB8lLGOl8QINL
 E8eTWj6e7hdXXEX42j5h+TeGZZgBbTwogzE08uHBOP7lO0h31GVa97D5xkjS8UIa
 CzjYcnAuvf36nexakdC/0T8WgGzWwzKo0MIVraPBbq/pPRyrJ0CXPzB0Sl4Z2XlL
 W3N12a1N655FRx/tjaXgUB+aMPGrdBA2t0k6eXwFWyBdQhmt7O8Y3xy0rTVA+qHZ
 F6D4fZI2Ej9WbxX+tBs+DLEk+ZUz+0fABUqvgJRNofjgm71CpGhbv4ZGUFQaJT+I
 5S7cu3R8pS2YLP8TA3kJSj5GUEwPEDEZpxMIJAqkr5uvkNysGi55lYRxxULUw/sO
 EYHRBJE=
 =c8SQ
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmS9qpEACgkQJNaLcl1U
 h9BnQgf/Q82eMvv6MndpDvy1Ei6MNOCEaRoVywR1uI1vHYGnb21ldhtydnkE2MRZ
 6eLQ/TPqug4SK3W7GadzV+SrSjv6dtWY9ALVfRba9KRHYT0Q+1NHlrWezwfsccjA
 7PO9I8UitRyQU3xF8baUMJaqM5CvsRtwC0m6XVjbihxE6Knj+fB1czU2fthGq8i4
 PYzjYbtf9RsSDl/nZLqCMU0rkG95LslrKuJe8HMoQtqN94MDUIX9voz5WuoBOAOd
 xplVhYLAjhQhbYddDO5ShyP9c3o8BuiLvJUBZAgK0r1h4yHLW8ETyn0BOM5bKjEs
 /vUB4f3D8MqqREOXo7n031B3CSqQYA==
 =CgVY
 -----END PGP SIGNATURE-----

ASoC: Merge up fixes from mainline

There's several things here that will really help my CI.
2023-07-23 23:32:05 +01:00
Linus Torvalds
6eaae19807 Linux 6.5-rc3 2023-07-23 15:24:10 -07:00
Linus Torvalds
3b4e48b800 Tracing fixes for 6.5-rc2:
- Swapping the ring buffer for snapshotting (for things like irqsoff)
   can crash if the ring buffer is being resized. Disable swapping
   when this happens. The missed swap will be reported to the tracer.
 
 - Report error if the histogram fails to be created due to an error in
   adding a histogram variable, in event_hist_trigger_parse().
 
 - Remove unused declaration of tracing_map_set_field_descr().
 
 Chen Lin (1):
       ring-buffer: Do not swap cpu_buffer during resize process
 
 Mohamed Khalfella (1):
       tracing/histograms: Return an error if we fail to add histogram to hist_vars list
 
 YueHaibing (1):
       tracing: Remove unused extern declaration tracing_map_set_field_descr()
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZL2IixQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qsHAAQCS/VLpMOA5AS9JWvwuEnGAVymyJcGS
 jmnWkuMmf5fPpQD/di/xY1clLNhz6P7PAZvR3N6qw3AsNjPW/ZapDkrRWQA=
 =RoHL
 -----END PGP SIGNATURE-----

Merge tag 'trace-v6.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

 - Swapping the ring buffer for snapshotting (for things like irqsoff)
   can crash if the ring buffer is being resized. Disable swapping when
   this happens. The missed swap will be reported to the tracer

 - Report error if the histogram fails to be created due to an error in
   adding a histogram variable, in event_hist_trigger_parse()

 - Remove unused declaration of tracing_map_set_field_descr()

* tag 'trace-v6.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  tracing/histograms: Return an error if we fail to add histogram to hist_vars list
  ring-buffer: Do not swap cpu_buffer during resize process
  tracing: Remove unused extern declaration tracing_map_set_field_descr()
2023-07-23 15:19:14 -07:00
Linus Torvalds
12a5336ca3 Kbuild fixes for v6.5
- Fix stale help text in gconfig
 
  - Support *.S files in compile_commands.json
 
  - Flatten KBUILD_CFLAGS
 
  - Fix external module builds with Rust so that temporary files are
    created in the modules directories instead of the kernel tree
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmS9dUcVHG1hc2FoaXJv
 eUBrZXJuZWwub3JnAAoJED2LAQed4NsGBKAP/iOjCOxcoS9j2tk1/ht4FD6ECf9d
 K56II3l8/Vgj8yyLYWqMAJkwfv3QL5H6rD2Ewf1Fiy34GFX3bukeYezKnS6WIkFe
 Vbc0aUTXoOTvQ2pSHq46SPflr7EFps0h5mOx0o68bRfX+IbGyDIzqvCWZ+RHiSVR
 z97J80vxOKFkTZB38l+OLNbFwCyEw9oiH9vrzwSG3ixmdXwFYBCPxtp2Rb+9bclH
 Tq/VWUCtkn5LjmKCMkDYDHcQLVZNwY+UVYc4yVhjBklDZYn/xX/OjNDlEt5llOvV
 A0d8Gg8+skeI/4OdWHGWJFy0G5NHg0+API+uN83qiTUn8TmV1SAuRaDIOF9D7GFv
 zg1ubDjaZ5yvTT6qdsmipOJvwTW1wwv0Ocqy6I7bpxOzn7E9ZaxV2KyhCnUF4E9p
 9LdBcfXn+oir86OygcSN2rJWZnK8Ux+iwogItAVSBasze02v4AySc77gvCgHRPvp
 6kDUM5rgm8s0E1WY8iRGsGXf742/6NkFaf2pO7fKXc3fHm5DeN9EMy2eicF6A7x6
 +yypfOlo/+v452fDRvAY6FLFDnloNz20lV0/OJiPB45Qgkr7LgjGJZ4d6d+0bZWF
 hbBSW+r1Dj46G33KcSrLBvSaXCxrkNNd4L8G8wTEYDP57qo+nwDABqLPGsKrg4DU
 qpYo5vLJpduOOaId
 =BmWs
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - Fix stale help text in gconfig

 - Support *.S files in compile_commands.json

 - Flatten KBUILD_CFLAGS

 - Fix external module builds with Rust so that temporary files are
   created in the modules directories instead of the kernel tree

* tag 'kbuild-fixes-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kbuild: rust: avoid creating temporary files
  kbuild: flatten KBUILD_CFLAGS
  gen_compile_commands: add assembly files to compilation database
  kconfig: gconfig: correct program name in help text
  kconfig: gconfig: drop the Show Debug Info help text
2023-07-23 14:55:41 -07:00
Miguel Ojeda
df01b7cfce kbuild: rust: avoid creating temporary files
`rustc` outputs by default the temporary files (i.e. the ones saved
by `-Csave-temps`, such as `*.rcgu*` files) in the current working
directory when `-o` and `--out-dir` are not given (even if
`--emit=x=path` is given, i.e. it does not use those for temporaries).

Since out-of-tree modules are compiled from the `linux` tree,
`rustc` then tries to create them there, which may not be accessible.

Thus pass `--out-dir` explicitly, even if it is just for the temporary
files.

Similarly, do so for Rust host programs too.

Reported-by: Raphael Nestler <raphael.nestler@gmail.com>
Closes: https://github.com/Rust-for-Linux/linux/issues/1015
Reported-by: Andrea Righi <andrea.righi@canonical.com>
Tested-by: Raphael Nestler <raphael.nestler@gmail.com> # non-hostprogs
Tested-by: Andrea Righi <andrea.righi@canonical.com> # non-hostprogs
Fixes: 295d8398c6 ("kbuild: specify output names separately for each emission type from rustc")
Cc: stable@vger.kernel.org
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Tested-by: Martin Rodriguez Reboredo <yakoyoku@gmail.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2023-07-24 03:15:31 +09:00
Linus Torvalds
269f4a4b85 ARM:
* Avoid pKVM finalization if KVM initialization fails
 
 * Add missing BTI instructions in the hypervisor, fixing an early boot
   failure on BTI systems
 
 * Handle MMU notifiers correctly for non hugepage-aligned memslots
 
 * Work around a bug in the architecture where hypervisor timer controls
   have UNKNOWN behavior under nested virt.
 
 * Disable preemption in kvm_arch_hardware_enable(), fixing a kernel BUG
   in cpu hotplug resulting from per-CPU accessor sanity checking.
 
 * Make WFI emulation on GICv4 systems robust w.r.t. preemption,
   consistently requesting a doorbell interrupt on vcpu_put()
 
 * Uphold RES0 sysreg behavior when emulating older PMU versions
 
 * Avoid macro expansion when initializing PMU register names, ensuring
   the tracepoints pretty-print the sysreg.
 
 s390:
 
 * Two fixes for asynchronous destroy
 
 x86 fixes will come early next week.
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmS9WpwUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOhTAf9EsrnrDK2U0Q1wIGZCh/3d662yslF
 Kh0GidZ62w4P1O4q19lFhJ5ixVdHJjGaNrYGZm77yAi0UaYzx4wvkohdaDhIdeMg
 3do2uo6/iGU5m24BaVIXlSr8V6KDsMw0UvCAjxFWNvCzpR/7tpLOteXFS9rZQ+1N
 jfvoVKqE6LfgJ5IZiVdhIdEOxCf/QuQD/WdZ7fib8ngkY3dETi03MkATFKchtIzx
 j5aWruVHQlmb5ukZzHmmNuF7Yf6c1Bs+Rt6JFjyL+DxbtPBJmHP4TepYCDS4UqIm
 kkxrsqiTde13jQN7vDWzfzdpLQPIGV9OnvGWQoR4dyKfDlqSxJJyhXPuBw==
 =Mkzl
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "ARM:

   - Avoid pKVM finalization if KVM initialization fails

   - Add missing BTI instructions in the hypervisor, fixing an early
     boot failure on BTI systems

   - Handle MMU notifiers correctly for non hugepage-aligned memslots

   - Work around a bug in the architecture where hypervisor timer
     controls have UNKNOWN behavior under nested virt

   - Disable preemption in kvm_arch_hardware_enable(), fixing a kernel
     BUG in cpu hotplug resulting from per-CPU accessor sanity checking

   - Make WFI emulation on GICv4 systems robust w.r.t. preemption,
     consistently requesting a doorbell interrupt on vcpu_put()

   - Uphold RES0 sysreg behavior when emulating older PMU versions

   - Avoid macro expansion when initializing PMU register names,
     ensuring the tracepoints pretty-print the sysreg

  s390:

   - Two fixes for asynchronous destroy

  x86 fixes will come early next week"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: s390: pv: fix index value of replaced ASCE
  KVM: s390: pv: simplify shutdown and fix race
  KVM: arm64: Fix the name of sys_reg_desc related to PMU
  KVM: arm64: Correctly handle RES0 bits PMEVTYPER<n>_EL0.evtCount
  KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption
  KVM: arm64: Add missing BTI instructions
  KVM: arm64: Correctly handle page aging notifiers for unaligned memslot
  KVM: arm64: Disable preemption in kvm_arch_hardware_enable()
  KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm
  KVM: arm64: timers: Use CNTHCTL_EL2 when setting non-CNTKCTL_EL1 bits
2023-07-23 10:44:38 -07:00
Linus Torvalds
15b593ba68 Bug and regression fixes for 6.5-rc3 for ext4's mballoc and jbd2's
checkpoint code.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAmS9HHIACgkQ8vlZVpUN
 gaNg/wf8DAf9PMn2bmQ309Acs5E8Qi1bga/ofNnoBcDNC7k+iKGAGgwOnCn+ity4
 32KiA5Yh7tzoYvZHUTE5k297mN+4AX4DyAREh1cVITohRxm3BpXYZzezdLSieS8b
 7RAdOinaWzs0dBjwNqkKVrTL3jduD704DnefrtHFvwqzBf/QSVSaACoPACqCFyxx
 TFvutv2h5ifjS7fsjKXrXjHUAYMJCYzJNOcTW1OUb8rknUhCaKyoCkFht4PawuVx
 h1wTkP87RW/bTgHA7Kqrq4BY2nLg8U0B3U/4qmW7wMjUYyAPLTUXKD3Ewj7XaFMA
 UYRBr7xba8GWqyOURb3TvzrwRjqTJg==
 =inak
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus-6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "Bug and regression fixes for 6.5-rc3 for ext4's mballoc and jbd2's
  checkpoint code"

* tag 'ext4_for_linus-6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: fix rbtree traversal bug in ext4_mb_use_preallocated
  ext4: fix off by one issue in ext4_mb_choose_next_group_best_avail()
  ext4: correct inline offset when handling xattrs in inode body
  jbd2: remove __journal_try_to_free_buffer()
  jbd2: fix a race when checking checkpoint buffer busy
  jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
  jbd2: remove journal_clean_one_cp_list()
  jbd2: remove t_checkpoint_io_list
  jbd2: recheck chechpointing non-dirty buffer
2023-07-23 10:21:49 -07:00
Linus Torvalds
8266f53b39 add minor debugging improvement
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmS8M7gACgkQiiy9cAdy
 T1HwFQv+KkynZAnDOcjOBADzR3yVoH82KMksgi7Paw8QlQYCQ+Fu3i3+WFcTKWEk
 W/v2sm+F/5P8d2wjiuQKX3gzJrDQZcoyrpyhdV66abg1qursyUQitvbEEnQXwh4e
 9rTFEggTD9ior2/g35QVkPvf94sMpw525cI90btT4CL2WWzM7O7+cz48JtElaLJx
 NvqWc83r3Fn6kkeZn3LmwniTtNL3Cez0EOcL7SKVfOtXOlBiqxsotC6LrCJZ0Wgr
 DSiNAmq71tirfe6/b1+XIbJx0Pn4f8snxvfVW2/+FOaxx0qyT7JJHgWtUNocjHLs
 PESdve7fOlLYDLgQc+qfzmZrMQvsuEiGT49Zgh11Bmp55OBplIggiUjr1/gUVX2K
 F/WQz6IHhsbbVQDOkqnoRYjnBWsrDcSzjy/E6twHZvllSQDalCZCNHlpdKT8jIvw
 u8mbHQA92Xe0EPp/KHP+dP6OzntGNdl07qdBFc983KCHSWJxSw94tgI3Jk57alVA
 tSZkv8Th
 =HN3q
 -----END PGP SIGNATURE-----

Merge tag '6.5-rc2-smb3-client-fixes-ver2' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fix from Steve French:
 "Add minor debugging improvement.

  The change improves ability to read a network trace to debug problems
  on encrypted connections which are very common (e.g. using wireshark
  or tcpdump).

  That works today with tools like 'smbinfo keys /mnt/file' but requires
  passing in a filename on the mount (see e.g. [1]), but it often makes
  more sense to just pass in the mount point path (ie a directory not a
  filename).

  So this fix was needed to debug some types of problems (an obvious
  example is on an encrypted connection failing operations on an empty
  share or with no files in the root of the directory) - so you can
  simply pass in the 'smbinfo keys <mntpoint>' and get the information
  that wireshark needs"

Link: https://wiki.samba.org/index.php/Wireshark_Decryption [1]

* tag '6.5-rc2-smb3-client-fixes-ver2' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: update internal module version number for cifs.ko
  cifs: allow dumping keys for directories too
2023-07-23 10:16:44 -07:00
Paolo Bonzini
0c189708bf Two fixes for asynchronous destroy
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoWuZBM6M3lCBSfTnuARItAMU6BMFAmS2a84ACgkQuARItAMU
 6BPfCRAAyl56gfM+h5zhgsSQfKoZaSAkEqzB+uJ+bFXJ+1PMDGS9raD16RRpUpEp
 6DuT1HhwsV9mXffTrl3sE6Ov9bece/p6McQiKVoU8dn+E17gziEoEODE6gPpX6V6
 t2aBlNhz962QFSc+Z9P/ioyFB4rAtIrOY1mV1Ok74vOM4aGRh76i/WZpzW6Bgpe6
 jvtNuOlDvjofaI8cRDQ6qsRtT5DV3w4lM1Te8accmImBCezAAmxTh1KuLJZ/56Do
 Q/agC9wSPPdiTqE2ZqT0gKEWYOIlZPutyfr7thw0XJApwQ4XiO5hoDanMRnfbSL4
 Pr8wwR6fUlMdD8sr7U3aY/Jd9/RI/3I48DmyT/hcGITo6NoK/W0O77wZnRKeqKNy
 AarwlpYlaHr9HrrVsIXr8NY2hINuATAYhy6UnONlv5AVP2FwLzlaK/MO8iHY0zG3
 INzdl5orCsVblYllnmYINmyd9uEvNdx0FJo3/01DyVgnK+m7b58aJtbD0R7nMK7I
 YO0Rj1EJf9VfE0BsM29D9ev/asxggkbgExjl1nWOR/TiY9prg99MFJdnCEUED9EL
 kvdO6bUFJx7CJfeQU6Y2fq3jcdAsiTQOH7LRw8DOkOI/TszRQRsGU3BEy5RijZcL
 mnWMQ7WGydtqPC0WMzo5b2ND+WdLG1hiagw7kbDJM5MP/gABrq0=
 =9m5E
 -----END PGP SIGNATURE-----

Merge tag 'kvm-s390-master-6.5-1' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD

Two fixes for asynchronous destroy
2023-07-23 12:50:30 -04:00
Paolo Bonzini
675a15f4db KVM/arm64 fixes for 6.5, part #1
- Avoid pKVM finalization if KVM initialization fails
 
  - Add missing BTI instructions in the hypervisor, fixing an early boot
    failure on BTI systems
 
  - Handle MMU notifiers correctly for non hugepage-aligned memslots
 
  - Work around a bug in the architecture where hypervisor timer controls
    have UNKNOWN behavior under nested virt.
 
  - Disable preemption in kvm_arch_hardware_enable(), fixing a kernel BUG
    in cpu hotplug resulting from per-CPU accessor sanity checking.
 
  - Make WFI emulation on GICv4 systems robust w.r.t. preemption,
    consistently requesting a doorbell interrupt on vcpu_put()
 
  - Uphold RES0 sysreg behavior when emulating older PMU versions
 
  - Avoid macro expansion when initializing PMU register names, ensuring
    the tracepoints pretty-print the sysreg.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQSNXHjWXuzMZutrKNKivnWIJHzdFgUCZLWvCAAKCRCivnWIJHzd
 FvATAQDRFeGjnaEnnq2yufHNRcWeMEUgKSg153LUWYaVKYZMOAD+PfbXmCpZPuz3
 5nee77NrjrPHKMm38zMalABuK1qJFQM=
 =A7d0
 -----END PGP SIGNATURE-----

Merge tag 'kvmarm-fixes-6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

KVM/arm64 fixes for 6.5, part #1

 - Avoid pKVM finalization if KVM initialization fails

 - Add missing BTI instructions in the hypervisor, fixing an early boot
   failure on BTI systems

 - Handle MMU notifiers correctly for non hugepage-aligned memslots

 - Work around a bug in the architecture where hypervisor timer controls
   have UNKNOWN behavior under nested virt.

 - Disable preemption in kvm_arch_hardware_enable(), fixing a kernel BUG
   in cpu hotplug resulting from per-CPU accessor sanity checking.

 - Make WFI emulation on GICv4 systems robust w.r.t. preemption,
   consistently requesting a doorbell interrupt on vcpu_put()

 - Uphold RES0 sysreg behavior when emulating older PMU versions

 - Avoid macro expansion when initializing PMU register names, ensuring
   the tracepoints pretty-print the sysreg.
2023-07-23 12:50:14 -04:00
Namjae Jeon
536bb492d3 ksmbd: fix out of bounds in init_smb2_rsp_hdr()
If client send smb2 negotiate request and then send smb1 negotiate
request, init_smb2_rsp_hdr is called for smb1 negotiate request since
need_neg is set to false. This patch ignore smb1 packets after ->need_neg
is set to false.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21541
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-07-23 10:25:11 -05:00
Namjae Jeon
e202a1e863 ksmbd: no response from compound read
ksmbd doesn't support compound read. If client send read-read in
compound to ksmbd, there can be memory leak from read buffer.
Windows and linux clients doesn't send it to server yet. For now,
No response from compound read. compound read will be supported soon.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21587, ZDI-CAN-21588
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-07-23 10:25:11 -05:00
Namjae Jeon
3df0411e13 ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()
will always return the first request smb2 header in a compound request.
if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will
return 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21506
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-07-23 10:25:11 -05:00
Namjae Jeon
dc318846f3 ksmbd: fix out of bounds in smb3_decrypt_req()
smb3_decrypt_req() validate if pdu_length is smaller than
smb2_transform_hdr size.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21589
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-07-23 10:25:11 -05:00
Namjae Jeon
2b57a4322b ksmbd: check if a mount point is crossed during path lookup
Since commit 74d7970feb ("ksmbd: fix racy issue from using ->d_parent and
->d_name"), ksmbd can not lookup cross mount points. If last component is
a cross mount point during path lookup, check if it is crossed to follow it
down. And allow path lookup to cross a mount point when a crossmnt
parameter is set to 'yes' in smb.conf.

Cc: stable@vger.kernel.org
Fixes: 74d7970feb ("ksmbd: fix racy issue from using ->d_parent and ->d_name")
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-07-23 10:25:11 -05:00