1. 16 Oct, 2024 1 commit
    • Su Hui's avatar
      smb: client: fix possible double free in smb2_set_ea() · 19ebc1e6
      Su Hui authored
      Clang static checker(scan-build) warning:
      fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.
       1304 |         kfree(ea);
            |         ^~~~~~~~~
      
      There is a double free in such case:
      'ea is initialized to NULL' -> 'first successful memory allocation for
      ea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'
      -> 'goto replay_again' -> 'second goto sea_exit before allocate memory
      for ea' -> 'second memory release for ea resulted in double free'.
      
      Re-initialie 'ea' to NULL near to the replay_again label, it can fix this
      double free problem.
      
      Fixes: 4f1fffa2 ("cifs: commands that are retried should have replay flag set")
      Reviewed-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Signed-off-by: default avatarSu Hui <suhui@nfschina.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      19ebc1e6
  2. 13 Oct, 2024 5 commits
  3. 12 Oct, 2024 2 commits
  4. 11 Oct, 2024 19 commits
    • Linus Torvalds's avatar
      Merge tag 'linux_kselftest-fixes-6.12-rc3' of... · 09f6b0c8
      Linus Torvalds authored
      Merge tag 'linux_kselftest-fixes-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "Fixes for build, run-time errors, and reporting errors:
      
         - ftrace: regression test for a kernel crash when running function
           graph tracing and then enabling function profiler.
      
         - rseq: fix for mm_cid test failure.
      
         - vDSO:
            - fixes to reporting skip and other error conditions
            - changes unconditionally build chacha and getrandom tests on all
              architectures to make it easier for them to run in CIs
            - build error when sched.h to bring in CLONE_NEWTIME define"
      
      * tag 'linux_kselftest-fixes-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        ftrace/selftest: Test combination of function_graph tracer and function profiler
        selftests/rseq: Fix mm_cid test failure
        selftests: vDSO: Explicitly include sched.h
        selftests: vDSO: improve getrandom and chacha error messages
        selftests: vDSO: unconditionally build getrandom test
        selftests: vDSO: unconditionally build chacha test
      09f6b0c8
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 974099e4
      Linus Torvalds authored
      Pull devicetree fixes from Rob Herring:
      
       - Disable kunit tests for arm64+ACPI
      
       - Fix refcount issue in kunit tests
      
       - Drop constraints on non-conformant 'interrupt-map' in fsl,ls-extirq
      
       - Drop type ref on 'msi-parent in fsl,qoriq-mc binding
      
       - Move elgin,jg10309-01 to its own binding from trivial-devices
      
      * tag 'devicetree-fixes-for-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        of: Skip kunit tests when arm64+ACPI doesn't populate root node
        of: Fix unbalanced of node refcount and memory leaks
        dt-bindings: interrupt-controller: fsl,ls-extirq: workaround wrong interrupt-map number
        dt-bindings: misc: fsl,qoriq-mc: remove ref for msi-parent
        dt-bindings: display: elgin,jg10309-01: Add own binding
      974099e4
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · 9066258d
      Linus Torvalds authored
      Pull fbdev platform driver fix from Helge Deller:
       "Switch fbdev drivers back to struct platform_driver::remove()
      
        Now that 'remove()' has been converted to the sane new API, there's
        no reason for the 'remove_new()' use, so this converts back to the
        traditional and simpler name.
      
        See commits
      
           5c5a7680 ("platform: Provide a remove callback that returns no value")
           0edb555a ("platform: Make platform_driver::remove() return void")
      
        for background to this all"
      
      * tag 'fbdev-for-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: Switch back to struct platform_driver::remove()
      9066258d
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 547fc322
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - fix clock handle leak in probe() error path in gpio-aspeed
      
       - add a dummy register read to ensure the write actually completed
      
      * tag 'gpio-fixes-for-v6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: aspeed: Use devm_clk api to manage clock source
        gpio: aspeed: Add the flush write to ensure the write complete.
      547fc322
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-6.12-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 6254d537
      Linus Torvalds authored
      Pull NFS client fixes from Anna Schumaker:
       "Localio Bugfixes:
         - remove duplicated include in localio.c
         - fix race in NFS calls to nfsd_file_put_local() and nfsd_serv_put()
         - fix Kconfig for NFS_COMMON_LOCALIO_SUPPORT
         - fix nfsd_file tracepoints to handle NULL rqstp pointers
      
        Other Bugfixes:
         - fix program selection loop in svc_process_common
         - fix integer overflow in decode_rc_list()
         - prevent NULL-pointer dereference in nfs42_complete_copies()
         - fix CB_RECALL performance issues when using a large number of
           delegations"
      
      * tag 'nfs-for-6.12-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS: remove revoked delegation from server's delegation list
        nfsd/localio: fix nfsd_file tracepoints to handle NULL rqstp
        nfs_common: fix Kconfig for NFS_COMMON_LOCALIO_SUPPORT
        nfs_common: fix race in NFS calls to nfsd_file_put_local() and nfsd_serv_put()
        NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
        SUNRPC: Fix integer overflow in decode_rc_list()
        sunrpc: fix prog selection loop in svc_process_common
        nfs: Remove duplicated include in localio.c
      6254d537
    • Linus Torvalds's avatar
      Merge tag 'rcu.fixes.6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rcu/linux · a1029768
      Linus Torvalds authored
      Pull RCU fix from Neeraj Upadhyay:
       "Fix rcuog kthread wakeup invocation from softirq context on a CPU
        which has been marked offline.
      
        This can happen when new callbacks are enqueued from a softirq on an
        offline CPU before it calls rcutree_report_cpu_dead(). When this
        happens on NOCB configuration, the rcuog wake-up is deferred through
        an IPI to an online CPU. This is done to avoid call into the scheduler
        which can risk arming the RT-bandwidth after hrtimers have been
        migrated out and disabled.
      
        However, doing IPI call from softirq is not allowed: Fix this by
        forcing deferred rcuog wakeup through the NOCB timer when the CPU is
        offline"
      
      * tag 'rcu.fixes.6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rcu/linux:
        rcu/nocb: Fix rcuog wake-up from offline softirq
      a1029768
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.12a-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · d947d684
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "A fix for topology information of Xen PV guests"
      
      * tag 'for-linus-6.12a-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        x86/xen: mark boot CPU of PV guest in MSR_IA32_APICBASE
      d947d684
    • Steven Rostedt's avatar
      ftrace/selftest: Test combination of function_graph tracer and function profiler · 4ee5ca9a
      Steven Rostedt authored
      Masami reported a bug when running function graph tracing then the
      function profiler. The following commands would cause a kernel crash:
      
        # cd /sys/kernel/tracing/
        # echo function_graph > current_tracer
        # echo 1 > function_profile_enabled
      
      In that order. Create a test to test this two to make sure this does not
      come back as a regression.
      
      Link: https://lore.kernel.org/172398528350.293426.8347220120333730248.stgit@devnote2
      
      Link: https://lore.kernel.org/all/20241010165235.35122877@gandalf.local.home/Acked-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
      4ee5ca9a
    • Mathieu Desnoyers's avatar
      selftests/rseq: Fix mm_cid test failure · a0cc6493
      Mathieu Desnoyers authored
      Adapt the rseq.c/rseq.h code to follow GNU C library changes introduced by:
      
      glibc commit 2e456ccf0c34 ("Linux: Make __rseq_size useful for feature detection (bug 31965)")
      
      Without this fix, rseq selftests for mm_cid fail:
      
      ./run_param_test.sh
      Default parameters
      Running test spinlock
      Running compare-twice test spinlock
      Running mm_cid test spinlock
      Error: cpu id getter unavailable
      
      Fixes: 18c23558 ("selftests/rseq: Implement rseq mm_cid field support")
      Signed-off-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      CC: Boqun Feng <boqun.feng@gmail.com>
      CC: "Paul E. McKenney" <paulmck@kernel.org>
      Cc: Shuah Khan <skhan@linuxfoundation.org>
      CC: Carlos O'Donell <carlos@redhat.com>
      CC: Florian Weimer <fweimer@redhat.com>
      CC: linux-kselftest@vger.kernel.org
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
      a0cc6493
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.12-20241011' of git://git.kernel.dk/linux · 9e4c6c1a
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Explicitly have a mshot_finished condition for IORING_OP_RECV in
         multishot mode, similarly to what IORING_OP_RECVMSG has. This doesn't
         fix a bug right now, but it makes it harder to actually have a bug
         here if a request takes multiple iterations to finish.
      
       - Fix handling of retry of read/write of !FMODE_NOWAIT files. If they
         are pollable, that's all we need.
      
      * tag 'io_uring-6.12-20241011' of git://git.kernel.dk/linux:
        io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT
        io_uring/rw: fix cflags posting for single issue multishot read
      9e4c6c1a
    • Linus Torvalds's avatar
      Merge tag 'pm-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · e643edac
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These address two issues in the TPMI module of the Intel RAPL power
        capping driver and one issue in the processor part of the Intel
        int340x thermal driver, update a CPU ID list and register definitions
        needed for RAPL PL4 support and remove some unused code.
      
        Specifics:
      
         - Fix the TPMI_RAPL_REG_DOMAIN_INFO register offset in the TPMI part
           of the Intel RAPL power capping driver, make it ignore minor
           hardware version mismatches (which only indicate exposing
           additional features) and update register definitions in it to
           enable PL4 support (Zhang Rui)
      
         - Add Arrow Lake-U to the list of processors supporting PL4 in the
           MSR part of the Intel RAPL power capping driver (Sumeet Pawnikar)
      
         - Remove excess pci_disable_device() calls from the processor part of
           the int340x thermal driver to address a warning triggered during
           module unload and remove unused CPU hotplug code related to RAPL
           support from it (Zhang Rui)"
      
      * tag 'pm-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: intel: int340x: processor: Add MMIO RAPL PL4 support
        thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support
        powercap: intel_rapl_msr: Add PL4 support for Arrowlake-U
        powercap: intel_rapl_tpmi: Ignore minor version change
        thermal: intel: int340x: processor: Fix warning during module unload
        powercap: intel_rapl_tpmi: Fix bogus register reading
      e643edac
    • Linus Torvalds's avatar
      Merge tag 'thermal-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · f8fafb69
      Linus Torvalds authored
      Pull thermal control fixes from Rafael Wysocki:
       "Address possible use-after-free scenarios during the processing of
        thermal netlink commands and during thermal zone removal (Rafael
        Wysocki)"
      
      * tag 'thermal-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: core: Free tzp copy along with the thermal zone
        thermal: core: Reference count the zone in thermal_zone_get_by_id()
      f8fafb69
    • Linus Torvalds's avatar
      Merge tag 'acpi-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 325354cf
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "Reduce the number of ACPI IRQ override DMI quirks by combining quirks
        that cover similar systems while making them cover additional models
        at the same time (Hans de Goede)"
      
      * tag 'acpi-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: resource: Fold Asus Vivobook Pro N6506M* DMI quirks together
        ACPI: resource: Fold Asus ExpertBook B1402C* and B1502C* DMI quirks together
        ACPI: resource: Make Asus ExpertBook B2502 matches cover more models
        ACPI: resource: Make Asus ExpertBook B2402 matches cover more models
      325354cf
    • Linus Torvalds's avatar
      Merge tag 'pmdomain-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm · 22e6abaa
      Linus Torvalds authored
      Pull pmdomain fixes from Ulf Hansson:
       "pmdomain core:
         - Fix alloc/free in dev_pm_domain_attach|detach_list()
      
        pmdomain providers:
         - qcom: Fix the return of uninitialized variable
      
        pmdomain consumers:
         - drm/tegra/gr3d: Revert conversion to dev_pm_domain_attach|detach_list()
      
        OPP core:
         - Fix error code in dev_pm_opp_set_config()"
      
      * tag 'pmdomain-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
        PM: domains: Fix alloc/free in dev_pm_domain_attach|detach_list()
        Revert "drm/tegra: gr3d: Convert into dev_pm_domain_attach|detach_list()"
        pmdomain: qcom-cpr: Fix the return of uninitialized variable
        OPP: fix error code in dev_pm_opp_set_config()
      22e6abaa
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 7351a879
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Prevent splat from warning when setting maximum DMA segment
      
        MMC host:
         - mvsdio: Drop sg_miter support for PIO as it didn't work
         - sdhci-of-dwcmshc: Prevent stale interrupt for the T-Head 1520
           variant"
      
      * tag 'mmc-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling
        Revert "mmc: mvsdio: Use sg_miter for PIO"
        mmc: core: Only set maximum DMA segment size if DMA is supported
      7351a879
    • Linus Torvalds's avatar
      Merge tag 'ata-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux · 3700dc91
      Linus Torvalds authored
      Pull ata fixes from Niklas Cassel:
      
       - Fix a hibernate regression where the disk was needlessly spun down
         and then immediately spun up both when entering and when resuming
         from hibernation (me)
      
       - Update the MAINTAINERS file to remove remnants from Jens
         maintainership of libata (Damien)
      
      * tag 'ata-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
        ata: libata: Update MAINTAINERS file
        ata: libata: avoid superfluous disk spin down + spin up during hibernation
      3700dc91
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-10-11' of https://gitlab.freedesktop.org/drm/kernel · befcc893
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Weekly fixes haul for drm, lots of small fixes all over, amdgpu, xe
        lead the way, some minor nouveau and radeon fixes, and then a bunch of
        misc all over.
      
        Nothing too scary or out of the unusual.
      
        sched:
         - Avoid leaking lockdep map
      
        fbdev-dma:
         - Only clean up deferred I/O if instanciated
      
        amdgpu:
         - Fix invalid UBSAN warnings
         - Fix artifacts in MPO transitions
         - Hibernation fix
      
        amdkfd:
         - Fix an eviction fence leak
      
        radeon:
         - Add late register for connectors
         - Always set GEM function pointers
      
        i915:
         - HDCP refcount fix
      
        nouveau:
         - dmem: Fix privileged error in copy engine channel; Fix possible
           data leak in migrate_to_ram()
         - gsp: Fix coding style
      
        v3d:
         - Stop active perfmon before destroying it
      
        vc4:
         - Stop active perfmon before destroying it
      
        xe:
         - Drop GuC submit_wq pool
         - Fix error checking with xa_store()
         - Fix missing freq restore on GSC load error
         - Fix wedged_mode file permission
         - Fix use-after-free in ct communication"
      
      * tag 'drm-fixes-2024-10-11' of https://gitlab.freedesktop.org/drm/kernel:
        drm/fbdev-dma: Only cleanup deferred I/O if necessary
        drm/xe: Make wedged_mode debugfs writable
        drm/xe: Restore GT freq on GSC load error
        drm/xe/guc_submit: fix xa_store() error checking
        drm/xe/ct: fix xa_store() error checking
        drm/xe/ct: prevent UAF in send_recv()
        drm/radeon: always set GEM function pointer
        nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
        nouveau/dmem: Fix privileged error in copy engine channel
        drm/amd/display: fix hibernate entry for DCN35+
        drm/amd/display: Clear update flags after update has been applied
        drm/amdgpu: partially revert powerplay `__counted_by` changes
        drm/radeon: add late_register for connector
        drm/amdkfd: Fix an eviction fence leak
        drm/vc4: Stop the active perfmon before being destroyed
        drm/v3d: Stop the active perfmon before being destroyed
        drm/i915/hdcp: fix connector refcounting
        drm/nouveau/gsp: remove extraneous ; after mutex
        drm/xe: Drop GuC submit_wq pool
        drm/sched: Use drm sched lockdep map for submit_wq
      befcc893
    • Christophe Leroy's avatar
      powerpc/8xx: Fix kernel DTLB miss on dcbz · 8956c582
      Christophe Leroy authored
      Following OOPS is encountered while loading test_bpf module
      on powerpc 8xx:
      
      [  218.835567] BUG: Unable to handle kernel data access on write at 0xcb000000
      [  218.842473] Faulting instruction address: 0xc0017a80
      [  218.847451] Oops: Kernel access of bad area, sig: 11 [#1]
      [  218.852854] BE PAGE_SIZE=16K PREEMPT CMPC885
      [  218.857207] SAF3000 DIE NOTIFICATION
      [  218.860713] Modules linked in: test_bpf(+) test_module
      [  218.865867] CPU: 0 UID: 0 PID: 527 Comm: insmod Not tainted 6.11.0-s3k-dev-09856-g3de3d71ae2e6-dirty #1280
      [  218.875546] Hardware name: MIAE 8xx 0x500000 CMPC885
      [  218.880521] NIP:  c0017a80 LR: beab859c CTR: 000101d4
      [  218.885584] REGS: cac2bc90 TRAP: 0300   Not tainted  (6.11.0-s3k-dev-09856-g3de3d71ae2e6-dirty)
      [  218.894308] MSR:  00009032 <EE,ME,IR,DR,RI>  CR: 55005555  XER: a0007100
      [  218.901290] DAR: cb000000 DSISR: c2000000
      [  218.901290] GPR00: 000185d1 cac2bd50 c21b9580 caf7c030 c3883fcc 00000008 cafffffc 00000000
      [  218.901290] GPR08: 00040000 18300000 20000000 00000004 99005555 100d815e ca669d08 00000369
      [  218.901290] GPR16: ca730000 00000000 ca2c004c 00000000 00000000 0000035d 00000311 00000369
      [  218.901290] GPR24: ca732240 00000001 00030ba3 c3800000 00000000 00185d48 caf7c000 ca2c004c
      [  218.941087] NIP [c0017a80] memcpy+0x88/0xec
      [  218.945277] LR [beab859c] test_bpf_init+0x22c/0x3c90 [test_bpf]
      [  218.951476] Call Trace:
      [  218.953916] [cac2bd50] [beab8570] test_bpf_init+0x200/0x3c90 [test_bpf] (unreliable)
      [  218.962034] [cac2bde0] [c0004c04] do_one_initcall+0x4c/0x1fc
      [  218.967706] [cac2be40] [c00a2ec4] do_init_module+0x68/0x360
      [  218.973292] [cac2be60] [c00a5194] init_module_from_file+0x8c/0xc0
      [  218.979401] [cac2bed0] [c00a5568] sys_finit_module+0x250/0x3f0
      [  218.985248] [cac2bf20] [c000e390] system_call_exception+0x8c/0x15c
      [  218.991444] [cac2bf30] [c00120a8] ret_from_syscall+0x0/0x28
      
      This happens in the main loop of memcpy()
      
        ==>	c0017a80:	7c 0b 37 ec 	dcbz    r11,r6
      	c0017a84:	80 e4 00 04 	lwz     r7,4(r4)
      	c0017a88:	81 04 00 08 	lwz     r8,8(r4)
      	c0017a8c:	81 24 00 0c 	lwz     r9,12(r4)
      	c0017a90:	85 44 00 10 	lwzu    r10,16(r4)
      	c0017a94:	90 e6 00 04 	stw     r7,4(r6)
      	c0017a98:	91 06 00 08 	stw     r8,8(r6)
      	c0017a9c:	91 26 00 0c 	stw     r9,12(r6)
      	c0017aa0:	95 46 00 10 	stwu    r10,16(r6)
      	c0017aa4:	42 00 ff dc 	bdnz    c0017a80 <memcpy+0x88>
      
      Commit ac9f97ff ("powerpc/8xx: Inconditionally use task PGDIR in
      DTLB misses") relies on re-reading DAR register to know if an error is
      due to a missing copy of a PMD entry in task's PGDIR, allthough DAR
      was already read in the exception prolog and copied into thread
      struct. This is because is it done very early in the exception and
      there are not enough registers available to keep a pointer to thread
      struct.
      
      However, dcbz instruction is buggy and doesn't update DAR register on
      fault. That is detected and generates a call to FixupDAR workaround
      which updates DAR copy in thread struct but doesn't fix DAR register.
      
      Let's fix DAR in addition to the update of DAR copy in thread struct.
      
      Fixes: ac9f97ff ("powerpc/8xx: Inconditionally use task PGDIR in DTLB misses")
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://msgid.link/2b851399bd87e81c6ccb87ea3a7a6b32c7aa04d7.1728118396.git.christophe.leroy@csgroup.eu
      8956c582
    • Dave Airlie's avatar
      Merge tag 'drm-xe-fixes-2024-10-10' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes · ac44ff7c
      Dave Airlie authored
      Driver Changes:
      - Fix error checking with xa_store() (Matthe Auld)
      - Fix missing freq restore on GSC load error (Vinay)
      - Fix wedged_mode file permission (Matt Roper)
      - Fix use-after-free in ct communication (Matthew Auld)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Lucas De Marchi <lucas.demarchi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/jri65tmv3bjbhqhxs5smv45nazssxzhtwphojem4uufwtjuliy@gsdhlh6kzsdy
      ac44ff7c
  5. 10 Oct, 2024 13 commits
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2024-10-10' of... · b634acb2
      Dave Airlie authored
      Merge tag 'drm-misc-fixes-2024-10-10' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes
      
      Short summary of fixes pull:
      
      fbdev-dma:
      - Only clean up deferred I/O if instanciated
      
      nouveau:
      - dmem: Fix privileged error in copy engine channel; Fix possible
      data leak in migrate_to_ram()
      - gsp: Fix coding style
      
      sched:
      - Avoid leaking lockdep map
      
      v3d:
      - Stop active perfmon before destroying it
      
      vc4:
      - Stop active perfmon before destroying it
      
      xe:
      - Drop GuC submit_wq pool
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thomas Zimmermann <tzimmermann@suse.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/20241010133708.GA461532@localhost.localdomain
      b634acb2
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2024-10-10' of... · fe4a435b
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2024-10-10' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes
      
      - HDCP refcount fix
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/Zwd78Tnw8t3w9F16@jlahtine-mobl.ger.corp.intel.com
      fe4a435b
    • Linus Torvalds's avatar
      Merge tag 'net-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 1d227fcc
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bluetooth and netfilter.
      
        Current release - regressions:
      
         - dsa: sja1105: fix reception from VLAN-unaware bridges
      
         - Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is
           enabled"
      
         - eth: fec: don't save PTP state if PTP is unsupported
      
        Current release - new code bugs:
      
         - smc: fix lack of icsk_syn_mss with IPPROTO_SMC, prevent null-deref
      
         - eth: airoha: update Tx CPU DMA ring idx at the end of xmit loop
      
         - phy: aquantia: AQR115c fix up PMA capabilities
      
        Previous releases - regressions:
      
         - tcp: 3 fixes for retrans_stamp and undo logic
      
        Previous releases - always broken:
      
         - net: do not delay dst_entries_add() in dst_release()
      
         - netfilter: restrict xtables extensions to families that are safe,
           syzbot found a way to combine ebtables with extensions that are
           never used by userspace tools
      
         - sctp: ensure sk_state is set to CLOSED if hashing fails in
           sctp_listen_start
      
         - mptcp: handle consistently DSS corruption, and prevent corruption
           due to large pmtu xmit"
      
      * tag 'net-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (87 commits)
        MAINTAINERS: Add headers and mailing list to UDP section
        MAINTAINERS: consistently exclude wireless files from NETWORKING [GENERAL]
        slip: make slhc_remember() more robust against malicious packets
        net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC
        ppp: fix ppp_async_encode() illegal access
        docs: netdev: document guidance on cleanup patches
        phonet: Handle error of rtnl_register_module().
        mpls: Handle error of rtnl_register_module().
        mctp: Handle error of rtnl_register_module().
        bridge: Handle error of rtnl_register_module().
        vxlan: Handle error of rtnl_register_module().
        rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
        net: do not delay dst_entries_add() in dst_release()
        mptcp: pm: do not remove closing subflows
        mptcp: fallback when MPTCP opts are dropped after 1st data
        tcp: fix mptcp DSS corruption due to large pmtu xmit
        mptcp: handle consistently DSS corruption
        net: netconsole: fix wrong warning
        net: dsa: refuse cross-chip mirroring operations
        net: fec: don't save PTP state if PTP is unsupported
        ...
      1d227fcc
    • Linus Torvalds's avatar
      Merge tag 'trace-ringbuffer-v6.12-rc2' of... · 0edab8d1
      Linus Torvalds authored
      Merge tag 'trace-ringbuffer-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
      
      Pull tracing fix from Steven Rostedt:
       "Ring-buffer fix: do not have boot-mapped buffers use CPU hotplug
        callbacks
      
        When a ring buffer is mapped to memory assigned at boot, it also
        splits it up evenly between the possible CPUs. But the allocation code
        still attached a CPU notifier callback to this ring buffer. When a CPU
        is added, the callback will happen and another per-cpu buffer is
        created for the ring buffer.
      
        But for boot mapped buffers, there is no room to add another one (as
        they were all created already). The result of calling the CPU hotplug
        notifier on a boot mapped ring buffer is unpredictable and could lead
        to a system crash.
      
        If the ring buffer is boot mapped simply do not attach the CPU
        notifier to it"
      
      * tag 'trace-ringbuffer-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        ring-buffer: Do not have boot mapped buffers hook to CPU hotplug
      0edab8d1
    • Stephen Boyd's avatar
      of: Skip kunit tests when arm64+ACPI doesn't populate root node · 6e0391e4
      Stephen Boyd authored
      A root node is required to apply DT overlays. A root node is usually
      present after commit 7b937cc2 ("of: Create of_root if no dtb
      provided by firmware"), except for on arm64 systems booted with ACPI
      tables. In that case, the root node is intentionally not populated
      because it would "allow DT devices to be instantiated atop an ACPI base
      system"[1].
      
      Introduce an OF function that skips the kunit test if the root node
      isn't populated. Limit the test to when both CONFIG_ARM64 and
      CONFIG_ACPI are set, because otherwise the lack of a root node is a bug.
      Make the function private and take a kunit test parameter so that it
      can't be abused to test for the presence of the root node in non-test
      code.
      
      Use this function to skip tests that require the root node. Currently
      that's the DT tests and any tests that apply overlays.
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Closes: https://lore.kernel.org/r/6cd337fb-38f0-41cb-b942-5844b84433db@roeck-us.net
      Link: https://lore.kernel.org/r/Zd4dQpHO7em1ji67@FVFF77S0Q05N.cambridge.arm.com [1]
      Fixes: 893ecc6d ("of: Add KUnit test to confirm DTB is loaded")
      Signed-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
      Link: https://lore.kernel.org/r/20241009204133.1169931-1-sboyd@kernel.orgSigned-off-by: default avatarRob Herring (Arm) <robh@kernel.org>
      6e0391e4
    • Linus Torvalds's avatar
      Merge tag 'for-6.12-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · eb952c47
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
      
       - update fstrim loop and add more cancellation points, fix reported
         delayed or blocked suspend if there's a huge chunk queued
      
       - fix error handling in recent qgroup xarray conversion
      
       - in zoned mode, fix warning printing device path without RCU
         protection
      
       - again fix invalid extent xarray state (6252690f), lost due to
         refactoring
      
      * tag 'for-6.12-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix clear_dirty and writeback ordering in submit_one_sector()
        btrfs: zoned: fix missing RCU locking in error message when loading zone info
        btrfs: fix missing error handling when adding delayed ref with qgroups enabled
        btrfs: add cancellation points to trim loops
        btrfs: split remaining space to discard in chunks
      eb952c47
    • Linus Torvalds's avatar
      Merge tag 'nfsd-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · 5870963f
      Linus Torvalds authored
      Pull nfsd fixes from Chuck Lever:
      
       - Fix NFSD bring-up / shutdown
      
       - Fix a UAF when releasing a stateid
      
      * tag 'nfsd-6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        nfsd: fix possible badness in FREE_STATEID
        nfsd: nfsd_destroy_serv() must call svc_destroy() even if nfsd_startup_net() failed
        NFSD: Mark filecache "down" if init fails
      5870963f
    • Frederic Weisbecker's avatar
      rcu/nocb: Fix rcuog wake-up from offline softirq · f7345ccc
      Frederic Weisbecker authored
      After a CPU has set itself offline and before it eventually calls
      rcutree_report_cpu_dead(), there are still opportunities for callbacks
      to be enqueued, for example from a softirq. When that happens on NOCB,
      the rcuog wake-up is deferred through an IPI to an online CPU in order
      not to call into the scheduler and risk arming the RT-bandwidth after
      hrtimers have been migrated out and disabled.
      
      But performing a synchronized IPI from a softirq is buggy as reported in
      the following scenario:
      
              WARNING: CPU: 1 PID: 26 at kernel/smp.c:633 smp_call_function_single
              Modules linked in: rcutorture torture
              CPU: 1 UID: 0 PID: 26 Comm: migration/1 Not tainted 6.11.0-rc1-00012-g9139f932 #1
              Stopper: multi_cpu_stop+0x0/0x320 <- __stop_cpus+0xd0/0x120
              RIP: 0010:smp_call_function_single
              <IRQ>
              swake_up_one_online
              __call_rcu_nocb_wake
              __call_rcu_common
              ? rcu_torture_one_read
              call_timer_fn
              __run_timers
              run_timer_softirq
              handle_softirqs
              irq_exit_rcu
              ? tick_handle_periodic
              sysvec_apic_timer_interrupt
              </IRQ>
      
      Fix this with forcing deferred rcuog wake up through the NOCB timer when
      the CPU is offline. The actual wake up will happen from
      rcutree_report_cpu_dead().
      Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
      Closes: https://lore.kernel.org/oe-lkp/202409231644.4c55582d-lkp@intel.com
      Fixes: 9139f932 ("rcu/nocb: Fix RT throttling hrtimer armed from offline CPU")
      Reviewed-by: default avatar"Joel Fernandes (Google)" <joel@joelfernandes.org>
      Signed-off-by: default avatarFrederic Weisbecker <frederic@kernel.org>
      Signed-off-by: default avatarNeeraj Upadhyay <neeraj.upadhyay@kernel.org>
      f7345ccc
    • Linus Torvalds's avatar
      Merge tag 'xfs-6.12-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 825ec756
      Linus Torvalds authored
      Pull xfs fixes from Carlos Maiolino:
      
       - A few small typo fixes
      
       - fstests xfs/538 DEBUG-only fix
      
       - Performance fix on blockgc on COW'ed files, by skipping trims on
         cowblock inodes currently opened for write
      
       - Prevent cowblocks to be freed under dirty pagecache during unshare
      
       - Update MAINTAINERS file to quote the new maintainer
      
      * tag 'xfs-6.12-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: fix a typo
        xfs: don't free cowblocks from under dirty pagecache on unshare
        xfs: skip background cowblock trims on inodes open for write
        xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc
        xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc
        xfs: don't ifdef around the exact minlen allocations
        xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate
        xfs: distinguish extra split from real ENOSPC from xfs_attr_node_try_addname
        xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split
        xfs: return bool from xfs_attr3_leaf_add
        xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname
        xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()
        xfs: scrub: convert comma to semicolon
        xfs: Remove empty declartion in header file
        MAINTAINERS: add Carlos Maiolino as XFS release manager
      825ec756
    • Jakub Kicinski's avatar
      Merge branch 'maintainers-networking-file-coverage-updates' · 7b43ba65
      Jakub Kicinski authored
      Simon Horman says:
      
      ====================
      MAINTAINERS: Networking file coverage updates
      
      The aim of this proposal is to make the handling of some files,
      related to Networking and Wireless, more consistently. It does so by:
      
      1. Adding some more headers to the UDP section, making it consistent
         with the TCP section.
      
      2. Excluding some files relating to Wireless from NETWORKING [GENERAL],
         making their handling consistent with other files related to
         Wireless.
      
      The aim of this is to make things more consistent.  And for MAINTAINERS
      to better reflect the situation on the ground.  I am more than happy to
      be told that the current state of affairs is fine. Or for other ideas to
      be discussed.
      
      v1: https://lore.kernel.org/20241004-maint-net-hdrs-v1-0-41fd555aacc5@kernel.org
      ====================
      
      Link: https://patch.msgid.link/20241009-maint-net-hdrs-v2-0-f2c86e7309c8@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7b43ba65
    • Simon Horman's avatar
      MAINTAINERS: Add headers and mailing list to UDP section · 5404b5a2
      Simon Horman authored
      Add netdev mailing list and some more udp.h headers to the UDP section.
      This is now more consistent with the TCP section.
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://patch.msgid.link/20241009-maint-net-hdrs-v2-2-f2c86e7309c8@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5404b5a2
    • Simon Horman's avatar
      MAINTAINERS: consistently exclude wireless files from NETWORKING [GENERAL] · 9937aae3
      Simon Horman authored
      We already exclude wireless drivers from the netdev@ traffic, to
      delegate it to linux-wireless@, and avoid overwhelming netdev@.
      
      Many of the following wireless-related sections MAINTAINERS
      are already not included in the NETWORKING [GENERAL] section.
      For consistency, exclude those that are.
      
      * 802.11 (including CFG80211/NL80211)
      * MAC80211
      * RFKILL
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://patch.msgid.link/20241009-maint-net-hdrs-v2-1-f2c86e7309c8@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      9937aae3
    • Eric Dumazet's avatar
      slip: make slhc_remember() more robust against malicious packets · 7d3fce8c
      Eric Dumazet authored
      syzbot found that slhc_remember() was missing checks against
      malicious packets [1].
      
      slhc_remember() only checked the size of the packet was at least 20,
      which is not good enough.
      
      We need to make sure the packet includes the IPv4 and TCP header
      that are supposed to be carried.
      
      Add iph and th pointers to make the code more readable.
      
      [1]
      
      BUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666
        slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666
        ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455
        ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]
        ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212
        ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327
        pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379
        sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113
        __release_sock+0x1da/0x330 net/core/sock.c:3072
        release_sock+0x6b/0x250 net/core/sock.c:3626
        pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903
        sock_sendmsg_nosec net/socket.c:729 [inline]
        __sock_sendmsg+0x30f/0x380 net/socket.c:744
        ____sys_sendmsg+0x903/0xb60 net/socket.c:2602
        ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656
        __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742
        __do_sys_sendmmsg net/socket.c:2771 [inline]
        __se_sys_sendmmsg net/socket.c:2768 [inline]
        __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768
        x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Uninit was created at:
        slab_post_alloc_hook mm/slub.c:4091 [inline]
        slab_alloc_node mm/slub.c:4134 [inline]
        kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186
        kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587
        __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678
        alloc_skb include/linux/skbuff.h:1322 [inline]
        sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732
        pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867
        sock_sendmsg_nosec net/socket.c:729 [inline]
        __sock_sendmsg+0x30f/0x380 net/socket.c:744
        ____sys_sendmsg+0x903/0xb60 net/socket.c:2602
        ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656
        __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742
        __do_sys_sendmmsg net/socket.c:2771 [inline]
        __se_sys_sendmmsg net/socket.c:2768 [inline]
        __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768
        x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      CPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
      
      Fixes: b5451d78 ("slip: Move the SLIP drivers")
      Reported-by: syzbot+2ada1bc857496353be5a@syzkaller.appspotmail.com
      Closes: https://lore.kernel.org/netdev/670646db.050a0220.3f80e.0027.GAE@google.com/T/#uSigned-off-by: default avatarEric Dumazet <edumazet@google.com>
      Link: https://patch.msgid.link/20241009091132.2136321-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7d3fce8c