1. 09 Nov, 2022 13 commits
  2. 06 Nov, 2022 2 commits
    • Paolo Bonzini's avatar
      Merge tag 'kvmarm-fixes-6.1-3' of... · f4298cac
      Paolo Bonzini authored
      Merge tag 'kvmarm-fixes-6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
      
      * Fix the pKVM stage-1 walker erronously using the stage-2 accessor
      
      * Correctly convert vcpu->kvm to a hyp pointer when generating
        an exception in a nVHE+MTE configuration
      
      * Check that KVM_CAP_DIRTY_LOG_* are valid before enabling them
      
      * Fix SMPRI_EL1/TPIDR2_EL0 trapping on VHE
      
      * Document the boot requirements for FGT when entering the kernel
        at EL1
      f4298cac
    • Paolo Bonzini's avatar
      Merge branch 'kvm-master' into HEAD · 14620149
      Paolo Bonzini authored
      x86:
      * Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit()
      
      * Make argument order consistent for kvcalloc()
      
      * Userspace API fixes for DEBUGCTL and LBRs
      14620149
  3. 03 Nov, 2022 2 commits
    • Liao Chang's avatar
      KVM: x86: Fix a typo about the usage of kvcalloc() · 8670866b
      Liao Chang authored
      Swap the 1st and 2nd arguments to be consistent with the usage of
      kvcalloc().
      
      Fixes: c9b8fecd ("KVM: use kvcalloc for array allocations")
      Signed-off-by: default avatarLiao Chang <liaochang1@huawei.com>
      Message-Id: <20221103011749.139262-1-liaochang1@huawei.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      8670866b
    • Ben Gardon's avatar
      KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit() · 074c0080
      Ben Gardon authored
      kvm_zap_gfn_range() must be called in an SRCU read-critical section, but
      there is no SRCU annotation in __kvm_set_or_clear_apicv_inhibit(). This
      can lead to the following warning via
      kvm_arch_vcpu_ioctl_set_guest_debug() if a Shadow MMU is in use (TDP
      MMU disabled or nesting):
      
      [ 1416.659809] =============================
      [ 1416.659810] WARNING: suspicious RCU usage
      [ 1416.659839] 6.1.0-dbg-DEV #1 Tainted: G S        I
      [ 1416.659853] -----------------------------
      [ 1416.659854] include/linux/kvm_host.h:954 suspicious rcu_dereference_check() usage!
      [ 1416.659856]
      ...
      [ 1416.659904]  dump_stack_lvl+0x84/0xaa
      [ 1416.659910]  dump_stack+0x10/0x15
      [ 1416.659913]  lockdep_rcu_suspicious+0x11e/0x130
      [ 1416.659919]  kvm_zap_gfn_range+0x226/0x5e0
      [ 1416.659926]  ? kvm_make_all_cpus_request_except+0x18b/0x1e0
      [ 1416.659935]  __kvm_set_or_clear_apicv_inhibit+0xcc/0x100
      [ 1416.659940]  kvm_arch_vcpu_ioctl_set_guest_debug+0x350/0x390
      [ 1416.659946]  kvm_vcpu_ioctl+0x2fc/0x620
      [ 1416.659955]  __se_sys_ioctl+0x77/0xc0
      [ 1416.659962]  __x64_sys_ioctl+0x1d/0x20
      [ 1416.659965]  do_syscall_64+0x3d/0x80
      [ 1416.659969]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      Always take the KVM SRCU read lock in __kvm_set_or_clear_apicv_inhibit()
      to protect the GFN to memslot translation. The SRCU read lock is not
      technically required when no Shadow MMUs are in use, since the TDP MMU
      walks the paging structures from the roots and does not need to look up
      GFN translations in the memslots, but make the SRCU locking
      unconditional for simplicty.
      
      In most cases, the SRCU locking is taken care of in the vCPU run loop,
      but when called through other ioctls (such as KVM_SET_GUEST_DEBUG)
      there is no srcu_read_lock.
      
      Tested: ran tools/testing/selftests/kvm/x86_64/debug_regs on a DBG
      	build. This patch causes the suspicious RCU warning to disappear.
      	Note that the warning is hit in __kvm_zap_rmaps(), so
      	kvm_memslots_have_rmaps() must return true in order for this to
      	repro (i.e. the TDP MMU must be off or nesting in use.)
      Reported-by: default avatarGreg Thelen <gthelen@google.com>
      Fixes: 36222b11 ("KVM: x86: don't disable APICv memslot when inhibited")
      Signed-off-by: default avatarBen Gardon <bgardon@google.com>
      Message-Id: <20221102205359.1260980-1-bgardon@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      074c0080
  4. 02 Nov, 2022 6 commits
    • Linus Torvalds's avatar
      Merge tag 'parisc-for-6.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 8e5423e9
      Linus Torvalds authored
      Pull parisc architecture fixes from Helge Deller:
       "This mostly handles oddities with the serial port 8250_gsc.c driver.
      
        Although the name suggests it's just for serial ports on the GSC bus
        (e.g. in older PA-RISC machines), it handles serial ports on PA-RISC
        PCI devices (e.g. on the SuperIO chip) as well.
      
        Thus this renames the driver to 8250_parisc and fixes the config
        dependencies.
      
        The other change is a cleanup on how the device IDs of devices in a
        PA-RISC machine are shown at startup"
      
      * tag 'parisc-for-6.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Avoid printing the hardware path twice
        parisc: Export iosapic_serial_irq() symbol for serial port driver
        MAINTAINERS: adjust entry after renaming parisc serial driver
        parisc: Use signed char for hardware path in pdc.h
        parisc/serial: Rename 8250_gsc.c to 8250_parisc.c
        parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
      8e5423e9
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-6.1-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 31fc92fc
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
      
       - Fix some coccicheck warnings
      
       - Avoid memcpy() run-time warning
      
       - Fix up various state reclaim / RECLAIM_COMPLETE errors
      
       - Fix a null pointer dereference in sysfs
      
       - Fix LOCK races
      
       - Fix gss_unwrap_resp_integ() crasher
      
       - Fix zero length clones
      
       - Fix memleak when allocate slot fails
      
      * tag 'nfs-for-6.1-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        nfs4: Fix kmemleak when allocate slot failed
        NFSv4.2: Fixup CLONE dest file size for zero-length count
        SUNRPC: Fix crasher in gss_unwrap_resp_integ()
        NFSv4: Retry LOCK on OLD_STATEID during delegation return
        SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
        NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
        NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
        NFSv4: Fix a potential state reclaim deadlock
        NFS: Avoid memcpy() run-time warning for struct sockaddr overflows
        nfs: Remove redundant null checks before kfree
      31fc92fc
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · ae13366b
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "Fix a few more of the usual sorts of bugs:
      
         - Another regression with source route validation in CMA, introduced
           this merge window
      
         - Crash in hfi1 due to faulty list operations
      
         - PCI ID updates for EFA
      
         - Disable LOCAL_INV in hns because it causes a HW hang
      
         - Crash in hns due to missing initialization
      
         - Memory leak in rxe
      
         - Missing error unwind during ib_core module loading
      
         - Missing error handling in qedr around work queue creation during
           startup"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
        RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
        RDMA/rxe: Fix mr leak in RESPST_ERR_RNR
        RDMA/hns: Fix NULL pointer problem in free_mr_init()
        RDMA/hns: Disable local invalidate operation
        RDMA/efa: Add EFA 0xefa2 PCI ID
        IB/hfi1: Correctly move list in sc_disable()
        RDMA/cma: Use output interface for net_dev check
      ae13366b
    • Sean Christopherson's avatar
      KVM: VMX: Ignore guest CPUID for host userspace writes to DEBUGCTL · b333b8eb
      Sean Christopherson authored
      Ignore guest CPUID for host userspace writes to the DEBUGCTL MSR, KVM's
      ABI is that setting CPUID vs. state can be done in any order, i.e. KVM
      allows userspace to stuff MSRs prior to setting the guest's CPUID that
      makes the new MSR "legal".
      
      Keep the vmx_get_perf_capabilities() check for guest writes, even though
      it's technically unnecessary since the vCPU's PERF_CAPABILITIES is
      consulted when refreshing LBR support.  A future patch will clean up
      vmx_get_perf_capabilities() to avoid the RDMSR on every call, at which
      point the paranoia will incur no meaningful overhead.
      
      Note, prior to vmx_get_perf_capabilities() checking that the host fully
      supports LBRs via x86_perf_get_lbr(), KVM effectively relied on
      intel_pmu_lbr_is_enabled() to guard against host userspace enabling LBRs
      on platforms without full support.
      
      Fixes: c6462363 ("KVM: vmx/pmu: Add PMU_CAP_LBR_FMT check when guest LBR is enabled")
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20221006000314.73240-5-seanjc@google.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b333b8eb
    • Sean Christopherson's avatar
      KVM: VMX: Fold vmx_supported_debugctl() into vcpu_supported_debugctl() · 18e897d2
      Sean Christopherson authored
      Fold vmx_supported_debugctl() into vcpu_supported_debugctl(), its only
      caller.  Setting bits only to clear them a few instructions later is
      rather silly, and splitting the logic makes things seem more complicated
      than they actually are.
      
      Opportunistically drop DEBUGCTLMSR_LBR_MASK now that there's a single
      reference to the pair of bits.  The extra layer of indirection provides
      no meaningful value and makes it unnecessarily tedious to understand
      what KVM is doing.
      
      No functional change.
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20221006000314.73240-4-seanjc@google.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      18e897d2
    • Sean Christopherson's avatar
      KVM: VMX: Advertise PMU LBRs if and only if perf supports LBRs · 145dfad9
      Sean Christopherson authored
      Advertise LBR support to userspace via MSR_IA32_PERF_CAPABILITIES if and
      only if perf fully supports LBRs.  Perf may disable LBRs (by zeroing the
      number of LBRs) even on platforms the allegedly support LBRs, e.g. if
      probing any LBR MSRs during setup fails.
      
      Fixes: be635e34 ("KVM: vmx/pmu: Expose LBR_FMT in the MSR_IA32_PERF_CAPABILITIES")
      Reported-by: default avatarLike Xu <like.xu.linux@gmail.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20221006000314.73240-3-seanjc@google.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      145dfad9
  5. 01 Nov, 2022 8 commits
  6. 31 Oct, 2022 4 commits
  7. 30 Oct, 2022 5 commits
    • Linus Torvalds's avatar
      Linux 6.1-rc3 · 30a0b95b
      Linus Torvalds authored
      30a0b95b
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · b72018ab
      Linus Torvalds authored
      Pull fbdev fixes from Helge Deller:
       "A use-after-free bugfix in the smscufx driver and various minor error
        path fixes, smaller build fixes, sysfs fixes and typos in comments in
        the stifb, sisfb, da8xxfb, xilinxfb, sm501fb, gbefb and cyber2000fb
        drivers"
      
      * tag 'fbdev-for-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: cyber2000fb: fix missing pci_disable_device()
        fbdev: sisfb: use explicitly signed char
        fbdev: smscufx: Fix several use-after-free bugs
        fbdev: xilinxfb: Make xilinxfb_release() return void
        fbdev: sisfb: fix repeated word in comment
        fbdev: gbefb: Convert sysfs snprintf to sysfs_emit
        fbdev: sm501fb: Convert sysfs snprintf to sysfs_emit
        fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
        fbdev: da8xx-fb: Fix error handling in .remove()
        fbdev: MIPS supports iomem addresses
      b72018ab
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 9f127546
      Linus Torvalds authored
      Pull char/misc fixes from Greg KH:
       "Some small driver fixes for 6.1-rc3.  They include:
      
         - iio driver bugfixes
      
         - counter driver bugfixes
      
         - coresight bugfixes, including a revert and then a second fix to get
           it right.
      
        All of these have been in linux-next with no reported problems"
      
      * tag 'char-misc-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
        misc: sgi-gru: use explicitly signed char
        coresight: cti: Fix hang in cti_disable_hw()
        Revert "coresight: cti: Fix hang in cti_disable_hw()"
        counter: 104-quad-8: Fix race getting function mode and direction
        counter: microchip-tcb-capture: Handle Signal1 read and Synapse
        coresight: cti: Fix hang in cti_disable_hw()
        coresight: Fix possible deadlock with lock dependency
        counter: ti-ecap-capture: fix IS_ERR() vs NULL check
        counter: Reduce DEFINE_COUNTER_ARRAY_POLARITY() to defining counter_array
        iio: bmc150-accel-core: Fix unsafe buffer attributes
        iio: adxl367: Fix unsafe buffer attributes
        iio: adxl372: Fix unsafe buffer attributes
        iio: at91-sama5d2_adc: Fix unsafe buffer attributes
        iio: temperature: ltc2983: allocate iio channels once
        tools: iio: iio_utils: fix digit calculation
        iio: adc: stm32-adc: fix channel sampling time init
        iio: adc: mcp3911: mask out device ID in debug prints
        iio: adc: mcp3911: use correct id bits
        iio: adc: mcp3911: return proper error code on failure to allocate trigger
        iio: adc: mcp3911: fix sizeof() vs ARRAY_SIZE() bug
        ...
      9f127546
    • Linus Torvalds's avatar
      Merge tag 'usb-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · c4d25ce6
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "A few small USB fixes for 6.1-rc3. Include in here are:
      
         - MAINTAINERS update, including a big one for the USB gadget
           subsystem. Many thanks to Felipe for all of the years of hard work
           he has done on this codebase, it was greatly appreciated.
      
         - dwc3 driver fixes for reported problems.
      
         - xhci driver fixes for reported problems.
      
         - typec driver fixes for minor issues
      
         - uvc gadget driver change, and then revert as it wasn't relevant for
           6.1-final, as it is a new feature and people are still reviewing
           and modifying it.
      
        All of these have been in the linux-next tree with no reported issues"
      
      * tag 'usb-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: dwc3: gadget: Don't set IMI for no_interrupt
        usb: dwc3: gadget: Stop processing more requests on IMI
        Revert "usb: gadget: uvc: limit isoc_sg to super speed gadgets"
        xhci: Remove device endpoints from bandwidth list when freeing the device
        xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
        xhci: Add quirk to reset host back to default state at shutdown
        usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
        usb: dwc3: st: Rely on child's compatible instead of name
        usb: gadget: uvc: limit isoc_sg to super speed gadgets
        usb: bdc: change state when port disconnected
        usb: typec: ucsi: acpi: Implement resume callback
        usb: typec: ucsi: Check the connection on resume
        usb: gadget: aspeed: Fix probe regression
        usb: gadget: uvc: fix sg handling during video encode
        usb: gadget: uvc: fix sg handling in error case
        usb: gadget: uvc: fix dropped frame after missed isoc
        usb: dwc3: gadget: Don't delay End Transfer on delayed_status
        usb: dwc3: Don't switch OTG -> peripheral if extcon is present
        MAINTAINERS: Update maintainers for broadcom USB
        MAINTAINERS: move USB gadget and phy entries under the main USB entry
      c4d25ce6
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · ef3c0949
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - convert gpio-tegra to using an immutable irqchip
      
       - MAINTAINERS update
      
      * tag 'gpio-fixes-for-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        MAINTAINERS: Change myself to a maintainer
        gpio: tegra: Convert to immutable irq chip
      ef3c0949