1. 25 Jan, 2023 5 commits
    • Linus Torvalds's avatar
      Merge tag 'fs.fuse.acl.v6.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping · 7c46948a
      Linus Torvalds authored
      Pull fuse ACL fix from Christian Brauner:
       "The new posix acl API doesn't depend on the xattr handler
        infrastructure anymore and instead only relies on the posix acl inode
        operations. As a result daemons without FUSE_POSIX_ACL are unable to
        use posix acls like they used to.
      
        Fix this by copying what we did for overlayfs during the posix acl api
        conversion. Make fuse implement a dedicated ->get_inode_acl() method
        as does overlayfs. Fuse can then also uses this to express different
        needs for vfs permission checking during lookup and acl based
        retrieval via the regular system call path.
      
        This allows fuse to continue to refuse retrieving posix acls for
        daemons that don't set FUSE_POSXI_ACL for permission checking while
        also allowing a fuse server to retrieve it via the usual system calls"
      
      * tag 'fs.fuse.acl.v6.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping:
        fuse: fixes after adapting to new posix acl api
      7c46948a
    • Linus Torvalds's avatar
      Merge tag 'modules-6.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux · 948ef7bb
      Linus Torvalds authored
      Pull module fix from Luis Chamberlain:
       "Theis is a fix we have been delaying for v6.2 due to lack of early
        testing on linux-next.
      
        The commit has been sitting in linux-next since December and testing
        has also been now a bit extensive by a few developers. Since this is a
        fix which definitely will go to v6.3 it should also apply to v6.2 so
        if there are any issues we pick them up earlier rather than later. The
        fix fixes a regression since v5.3, prior to me helping with module
        maintenance, however, the issue is real in that in the worst case now
        can prevent boot.
      
        We've discussed all possible corner cases [0] and at last do feel this
        is ready for v6.2-rc6"
      
      Link https://lore.kernel.org/all/Y9A4fiobL6IHp%2F%2FP@bombadil.infradead.org/ [0]
      
      * tag 'modules-6.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux:
        module: Don't wait for GOING modules
      948ef7bb
    • Linus Torvalds's avatar
      Merge tag 'rust-fixes-6.2' of https://github.com/Rust-for-Linux/linux · 246dc53f
      Linus Torvalds authored
      Pull rust fix from Miguel Ojeda:
      
       - Avoid evaluating arguments in 'pr_*' macros in 'unsafe' blocks
      
      * tag 'rust-fixes-6.2' of https://github.com/Rust-for-Linux/linux:
        rust: print: avoid evaluating arguments in `pr_*` macros in `unsafe` blocks
      246dc53f
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · b2f31717
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "ARM64:
      
         - Pass the correct address to mte_clear_page_tags() on initialising a
           tagged page
      
         - Plug a race against a GICv4.1 doorbell interrupt while saving the
           vgic-v3 pending state.
      
        x86:
      
         - A command line parsing fix and a clang compilation fix for
           selftests
      
         - A fix for a longstanding VMX issue, that surprisingly was only
           found now to affect real world guests"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: selftests: Make reclaim_period_ms input always be positive
        KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
        selftests: kvm: move declaration at the beginning of main()
        KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation
        KVM: arm64: Pass the actual page address to mte_clear_page_tags()
      b2f31717
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 02db81a7
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Six fixes, all in drivers.
      
        The biggest are the UFS devfreq fixes which address a lock inversion
        and the two iscsi_tcp fixes which try to prevent a use after free from
        userspace still accessing an area which the kernel has released (seen
        by KASAN)"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: device_handler: alua: Remove a might_sleep() annotation
        scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
        scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
        scsi: ufs: core: Fix devfreq deadlocks
        scsi: hpsa: Fix allocation size for scsi_host_alloc()
        scsi: target: core: Fix warning on RT kernels
      02db81a7
  2. 24 Jan, 2023 6 commits
    • Linus Torvalds's avatar
      Merge tag 'nfsd-6.2-5' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · fb6e71db
      Linus Torvalds authored
      Pull nfsd fix from Chuck Lever:
      
       - Nail another UAF in NFSD's filecache
      
      * tag 'nfsd-6.2-5' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        nfsd: don't free files unconditionally in __nfsd_file_cache_purge
      fb6e71db
    • Linus Torvalds's avatar
      Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux · 50306df3
      Linus Torvalds authored
      Pull fscrypt MAINTAINERS entry update from Eric Biggers:
       "Update the MAINTAINERS file entry for fscrypt"
      
      * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux:
        MAINTAINERS: update fscrypt git repo
      50306df3
    • Petr Pavlu's avatar
      module: Don't wait for GOING modules · 0254127a
      Petr Pavlu authored
      During a system boot, it can happen that the kernel receives a burst of
      requests to insert the same module but loading it eventually fails
      during its init call. For instance, udev can make a request to insert
      a frequency module for each individual CPU when another frequency module
      is already loaded which causes the init function of the new module to
      return an error.
      
      Since commit 6e6de3de ("kernel/module.c: Only return -EEXIST for
      modules that have finished loading"), the kernel waits for modules in
      MODULE_STATE_GOING state to finish unloading before making another
      attempt to load the same module.
      
      This creates unnecessary work in the described scenario and delays the
      boot. In the worst case, it can prevent udev from loading drivers for
      other devices and might cause timeouts of services waiting on them and
      subsequently a failed boot.
      
      This patch attempts a different solution for the problem 6e6de3de
      was trying to solve. Rather than waiting for the unloading to complete,
      it returns a different error code (-EBUSY) for modules in the GOING
      state. This should avoid the error situation that was described in
      6e6de3de (user space attempting to load a dependent module because
      the -EEXIST error code would suggest to user space that the first module
      had been loaded successfully), while avoiding the delay situation too.
      
      This has been tested on linux-next since December 2022 and passes
      all kmod selftests except test 0009 with module compression enabled
      but it has been confirmed that this issue has existed and has gone
      unnoticed since prior to this commit and can also be reproduced without
      module compression with a simple usleep(5000000) on tools/modprobe.c [0].
      These failures are caused by hitting the kernel mod_concurrent_max and can
      happen either due to a self inflicted kernel module auto-loead DoS somehow
      or on a system with large CPU count and each CPU count incorrectly triggering
      many module auto-loads. Both of those issues need to be fixed in-kernel.
      
      [0] https://lore.kernel.org/all/Y9A4fiobL6IHp%2F%2FP@bombadil.infradead.org/
      
      Fixes: 6e6de3de ("kernel/module.c: Only return -EEXIST for modules that have finished loading")
      Co-developed-by: default avatarMartin Wilck <mwilck@suse.com>
      Signed-off-by: default avatarMartin Wilck <mwilck@suse.com>
      Signed-off-by: default avatarPetr Pavlu <petr.pavlu@suse.com>
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarPetr Mladek <pmladek@suse.com>
      [mcgrof: enhance commit log with testing and kmod test result interpretation ]
      Signed-off-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
      0254127a
    • Linus Torvalds's avatar
      Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux · 5149394c
      Linus Torvalds authored
      Pull fsverity MAINTAINERS entry update from Eric Biggers:
       "Update the MAINTAINERS file entry for fsverity"
      
      * tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux:
        MAINTAINERS: update fsverity git repo, list, and patchwork
      5149394c
    • Linus Torvalds's avatar
      ext4: make xattr char unsignedness in hash explicit · 854f0912
      Linus Torvalds authored
      Commit f3bbac32 ("ext4: deal with legacy signed xattr name hash
      values") added a hashing function for the legacy case of having the
      xattr hash calculated using a signed 'char' type.  It left the unsigned
      case alone, since it's all implicitly handled by the '-funsigned-char'
      compiler option.
      
      However, there's been some noise about back-porting it all into stable
      kernels that lack the '-funsigned-char', so let's just make that at
      least possible by making the whole 'this uses unsigned char' very
      explicit in the code itself.  Whether such a back-port is really
      warranted or not, I'll leave to others, but at least together with this
      change it is technically sensible.
      
      Also, add a 'pr_warn_once()' for reporting the "hey, signedness for this
      hash calculation has changed" issue.  Hopefully it never triggers except
      for that xfstests generic/454 test-case, but even if it does it's just
      good information to have.
      
      If for no other reason than "we can remove the legacy signed hash code
      entirely if nobody ever sees the message any more".
      
      Cc: Sasha Levin <sashal@kernel.org>
      Cc: Eric Biggers <ebiggers@kernel.org>
      Cc: Andreas Dilger <adilger@dilger.ca>
      Cc: Theodore Ts'o <tytso@mit.edu>,
      Cc: Jason Donenfeld <Jason@zx2c4.com>
      Cc: Masahiro Yamada <masahiroy@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      854f0912
    • Christian Brauner's avatar
      fuse: fixes after adapting to new posix acl api · facd6105
      Christian Brauner authored
      This cycle we ported all filesystems to the new posix acl api. While
      looking at further simplifications in this area to remove the last
      remnants of the generic dummy posix acl handlers we realized that we
      regressed fuse daemons that don't set FUSE_POSIX_ACL but still make use
      of posix acls.
      
      With the change to a dedicated posix acl api interacting with posix acls
      doesn't go through the old xattr codepaths anymore and instead only
      relies the get acl and set acl inode operations.
      
      Before this change fuse daemons that don't set FUSE_POSIX_ACL were able
      to get and set posix acl albeit with two caveats. First, that posix acls
      aren't cached. And second, that they aren't used for permission checking
      in the vfs.
      
      We regressed that use-case as we currently refuse to retrieve any posix
      acls if they aren't enabled via FUSE_POSIX_ACL. So older fuse daemons
      would see a change in behavior.
      
      We can restore the old behavior in multiple ways. We could change the
      new posix acl api and look for a dedicated xattr handler and if we find
      one prefer that over the dedicated posix acl api. That would break the
      consistency of the new posix acl api so we would very much prefer not to
      do that.
      
      We could introduce a new ACL_*_CACHE sentinel that would instruct the
      vfs permission checking codepath to not call into the filesystem and
      ignore acls.
      
      But a more straightforward fix for v6.2 is to do the same thing that
      Overlayfs does and give fuse a separate get acl method for permission
      checking. Overlayfs uses this to express different needs for vfs
      permission lookup and acl based retrieval via the regular system call
      path as well. Let fuse do the same for now. This way fuse can continue
      to refuse to retrieve posix acls for daemons that don't set
      FUSE_POSXI_ACL for permission checking while allowing a fuse server to
      retrieve it via the usual system calls.
      
      In the future, we could extend the get acl inode operation to not just
      pass a simple boolean to indicate rcu lookup but instead make it a flag
      argument. Then in addition to passing the information that this is an
      rcu lookup to the filesystem we could also introduce a flag that tells
      the filesystem that this is a request from the vfs to use these acls for
      permission checking. Then fuse could refuse the get acl request for
      permission checking when the daemon doesn't have FUSE_POSIX_ACL set in
      the same get acl method. This would also help Overlayfs and allow us to
      remove the second method for it as well.
      
      But since that change is more invasive as we need to update the get acl
      inode operation for multiple filesystems we should not do this as a fix
      for v6.2. Instead we will do this for the v6.3 merge window.
      
      Fwiw, since posix acls are now always correctly translated in the new
      posix acl api we could also allow them to be used for daemons without
      FUSE_POSIX_ACL that are not mounted on the host. But this is behavioral
      change and again if dones should be done for v6.3. For now, let's just
      restore the original behavior.
      
      A nice side-effect of this change is that for fuse daemons with and
      without FUSE_POSIX_ACL the same code is used for posix acls in a
      backwards compatible way. This also means we can remove the legacy xattr
      handlers completely. We've also added comments to explain the expected
      behavior for daemons without FUSE_POSIX_ACL into the code.
      
      Fixes: 318e6685 ("xattr: use posix acl api")
      Signed-off-by: default avatarSeth Forshee (Digital Ocean) <sforshee@kernel.org>
      Reviewed-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Signed-off-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
      facd6105
  3. 23 Jan, 2023 3 commits
  4. 22 Jan, 2023 11 commits
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v6.2_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2475bf02
      Linus Torvalds authored
      Pull scheduler fixes from Borislav Petkov:
      
       - Make sure the scheduler doesn't use stale frequency scaling values
         when latter get disabled due to a value error
      
       - Fix a NULL pointer access on UP configs
      
       - Use the proper locking when updating CPU capacity
      
      * tag 'sched_urgent_for_v6.2_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/aperfmperf: Erase stale arch_freq_scale values when disabling frequency invariance readings
        sched/core: Fix NULL pointer access fault in sched_setaffinity() with non-SMP configs
        sched/fair: Fixes for capacity inversion detection
        sched/uclamp: Fix a uninitialized variable warnings
      2475bf02
    • Linus Torvalds's avatar
      Merge tag 'edac_urgent_for_v6.2_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras · ab2f4087
      Linus Torvalds authored
      Pull EDAC fixes from Borislav Petkov:
      
       - Respect user-supplied polling value in the EDAC device code
      
       - Fix a use-after-free issue in qcom_edac
      
      * tag 'edac_urgent_for_v6.2_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
        EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
        EDAC/device: Respect any driver-supplied workqueue polling value
      ab2f4087
    • Linus Torvalds's avatar
      Merge tag 'perf_urgent_for_v6.2_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2b299a1c
      Linus Torvalds authored
      Pull perf fix from Borislav Petkov:
      
       - Add Emerald Rapids model support to more perf machinery
      
      * tag 'perf_urgent_for_v6.2_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel/cstate: Add Emerald Rapids
        perf/x86/intel: Add Emerald Rapids
      2b299a1c
    • Linus Torvalds's avatar
      Merge tag 'gfs2-v6.2-rc4-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · 3c006ad7
      Linus Torvalds authored
      Pull gfs2 writepage fix from Andreas Gruenbacher:
      
       - Fix a regression introduced by commit "gfs2: stop using
         generic_writepages in gfs2_ail1_start_one".
      
      * tag 'gfs2-v6.2-rc4-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        Revert "gfs2: stop using generic_writepages in gfs2_ail1_start_one"
      3c006ad7
    • Vipin Sharma's avatar
      KVM: selftests: Make reclaim_period_ms input always be positive · c2c46b10
      Vipin Sharma authored
      reclaim_period_ms used to be positive only but the commit 0001725d
      ("KVM: selftests: Add atoi_positive() and atoi_non_negative() for input
      validation") incorrectly changed it to non-negative validation.
      
      Change validation to allow only positive input.
      
      Fixes: 0001725d ("KVM: selftests: Add atoi_positive() and atoi_non_negative() for input validation")
      Signed-off-by: default avatarVipin Sharma <vipinsh@google.com>
      Reported-by: default avatarBen Gardon <bgardon@google.com>
      Reviewed-by: default avatarBen Gardon <bgardon@google.com>
      Reviewed-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20230111183408.104491-1-vipinsh@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c2c46b10
    • Hendrik Borghorst's avatar
      KVM: x86/vmx: Do not skip segment attributes if unusable bit is set · a44b3316
      Hendrik Borghorst authored
      When serializing and deserializing kvm_sregs, attributes of the segment
      descriptors are stored by user space. For unusable segments,
      vmx_segment_access_rights skips all attributes and sets them to 0.
      
      This means we zero out the DPL (Descriptor Privilege Level) for unusable
      entries.
      
      Unusable segments are - contrary to their name - usable in 64bit mode and
      are used by guests to for example create a linear map through the
      NULL selector.
      
      VMENTER checks if SS.DPL is correct depending on the CS segment type.
      For types 9 (Execute Only) and 11 (Execute Read), CS.DPL must be equal to
      SS.DPL [1].
      
      We have seen real world guests setting CS to a usable segment with DPL=3
      and SS to an unusable segment with DPL=3. Once we go through an sregs
      get/set cycle, SS.DPL turns to 0. This causes the virtual machine to crash
      reproducibly.
      
      This commit changes the attribute logic to always preserve attributes for
      unusable segments. According to [2] SS.DPL is always saved on VM exits,
      regardless of the unusable bit so user space applications should have saved
      the information on serialization correctly.
      
      [3] specifies that besides SS.DPL the rest of the attributes of the
      descriptors are undefined after VM entry if unusable bit is set. So, there
      should be no harm in setting them all to the previous state.
      
      [1] Intel SDM Vol 3C 26.3.1.2 Checks on Guest Segment Registers
      [2] Intel SDM Vol 3C 27.3.2 Saving Segment Registers and Descriptor-Table
      Registers
      [3] Intel SDM Vol 3C 26.3.2.2 Loading Guest Segment Registers and
      Descriptor-Table Registers
      
      Cc: Alexander Graf <graf@amazon.de>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarHendrik Borghorst <hborghor@amazon.de>
      Reviewed-by: default avatarJim Mattson <jmattson@google.com>
      Reviewed-by: default avatarAlexander Graf <graf@amazon.com>
      Message-Id: <20221114164823.69555-1-hborghor@amazon.de>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      a44b3316
    • Paolo Bonzini's avatar
      selftests: kvm: move declaration at the beginning of main() · 50aa870b
      Paolo Bonzini authored
      Placing a declaration of evt_reset is pedantically invalid
      according to the C standard.  While GCC does not really care
      and only warns with -Wpedantic, clang ignores the declaration
      altogether with an error:
      
      x86_64/xen_shinfo_test.c:965:2: error: expected expression
              struct kvm_xen_hvm_attr evt_reset = {
              ^
      x86_64/xen_shinfo_test.c:969:38: error: use of undeclared identifier evt_reset
              vm_ioctl(vm, KVM_XEN_HVM_SET_ATTR, &evt_reset);
                                                  ^
      Reported-by: default avatarYu Zhang <yu.c.zhang@linux.intel.com>
      Reported-by: default avatarSean Christopherson <seanjc@google.com>
      Fixes: a79b53aa ("KVM: x86: fix deadlock for KVM_XEN_EVTCHN_RESET", 2022-12-28)
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      50aa870b
    • Andreas Gruenbacher's avatar
      Revert "gfs2: stop using generic_writepages in gfs2_ail1_start_one" · 95ecbd0f
      Andreas Gruenbacher authored
      Commit b2b0a5e9 switched from generic_writepages() to
      filemap_fdatawrite_wbc() in gfs2_ail1_start_one() on the path to
      replacing ->writepage() with ->writepages() and eventually eliminating
      the former.  Function gfs2_ail1_start_one() is called from
      gfs2_log_flush(), our main function for flushing the filesystem log.
      
      Unfortunately, at least as implemented today, ->writepage() and
      ->writepages() are entirely different operations for journaled data
      inodes: while the former creates and submits transactions covering the
      data to be written, the latter flushes dirty buffers out to disk.
      
      With gfs2_ail1_start_one() now calling ->writepages(), we end up
      creating filesystem transactions while we are in the course of a log
      flush, which immediately deadlocks on the sdp->sd_log_flush_lock
      semaphore.
      
      Work around that by going back to how things used to work before commit
      b2b0a5e9 for now; figuring out a superior solution will take time we
      don't have available right now.  However ...
      
      Since the removal of generic_writepages() is imminent, open-code it
      here.  We're already inside a blk_start_plug() ...  blk_finish_plug()
      section here, so skip that part of the original generic_writepages().
      
      This reverts commit b2b0a5e9.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Acked-by: default avatarChristoph Hellwig <hch@lst.de>
      95ecbd0f
    • Paolo Bonzini's avatar
      Merge tag 'kvmarm-fixes-6.2-2' of... · d732cbf7
      Paolo Bonzini authored
      Merge tag 'kvmarm-fixes-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
      
      KVM/arm64 fixes for 6.2, take #2
      
      - Pass the correct address to mte_clear_page_tags() on initialising
        a tagged page
      
      - Plug a race against a GICv4.1 doorbell interrupt while saving
        the vgic-v3 pending state.
      d732cbf7
    • Linus Torvalds's avatar
      Linux 6.2-rc5 · 2241ab53
      Linus Torvalds authored
      2241ab53
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.2-2023-01-21' of git://git.kernel.dk/linux · 95f184d0
      Linus Torvalds authored
      Pull another io_uring fix from Jens Axboe:
       "Just a single fix for a regression that happened in this release due
        to a poll change. Normally I would've just deferred it to next week,
        but since the original fix got picked up by stable, I think it's
        better to just send this one off separately.
      
        The issue is around the poll race fix, and how it mistakenly also got
        applied to multishot polling. Those don't need the race fix, and we
        should not be doing any reissues for that case. Exhaustive test cases
        were written and committed to the liburing regression suite for the
        reported issue, and additions for similar issues"
      
      * tag 'io_uring-6.2-2023-01-21' of git://git.kernel.dk/linux:
        io_uring/poll: don't reissue in case of poll race on multishot request
      95f184d0
  5. 21 Jan, 2023 11 commits
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · f6714402
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char/misc and other subsystem driver fixes for
        6.2-rc5 to resolve a few reported issues. They include:
      
         - long time pending fastrpc fixes (should have gone into 6.1, my
           fault)
      
         - mei driver/bus fixes and new device ids
      
         - interconnect driver fixes for reported problems
      
         - vmci bugfix
      
         - w1 driver bugfixes for reported problems
      
        Almost all of these have been in linux-next with no reported problems,
        the rest have all passed 0-day bot testing in my tree and on the
        mailing lists where they have sat too long due to me taking a long
        time to catch up on my pending patch queue"
      
      * tag 'char-misc-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        VMCI: Use threaded irqs instead of tasklets
        misc: fastrpc: Pass bitfield into qcom_scm_assign_mem
        gsmi: fix null-deref in gsmi_get_variable
        misc: fastrpc: Fix use-after-free race condition for maps
        misc: fastrpc: Don't remove map on creater_process and device_release
        misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
        misc: fastrpc: fix error code in fastrpc_req_mmap()
        mei: me: add meteor lake point M DID
        mei: bus: fix unlink on bus in error path
        w1: fix WARNING after calling w1_process()
        w1: fix deadloop in __w1_remove_master_device()
        comedi: adv_pci1760: Fix PWM instruction handling
        interconnect: qcom: rpm: Use _optional func for provider clocks
        interconnect: qcom: msm8996: Fix regmap max_register values
        interconnect: qcom: msm8996: Provide UFS clocks to A2NoC
        dt-bindings: interconnect: Add UFS clocks to MSM8996 A2NoC
      f6714402
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · c88a3114
      Linus Torvalds authored
      Pull driver core fixes from Greg KH:
       "Here are three small driver and kernel core fixes for 6.2-rc5. They
        include:
      
         - potential gadget fixup in do_prlimit
      
         - device property refcount leak fix
      
         - test_async_probe bugfix for reported problem"
      
      * tag 'driver-core-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        prlimit: do_prlimit needs to have a speculation check
        driver core: Fix test_async_probe_init saves device in wrong array
        device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
      c88a3114
    • Linus Torvalds's avatar
      Merge tag 'staging-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · bb86d657
      Linus Torvalds authored
      Pull staging driver fix from Greg KH:
       "Here is a single staging driver fix for 6.2-rc5. It resolves a build
        issue reported and Fixed by Arnd in the vc04_services driver. It's
        been in linux-next this week with no reported problems"
      
      * tag 'staging-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: vchiq_arm: fix enum vchiq_status return types
      bb86d657
    • Linus Torvalds's avatar
      Merge tag 'tty-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · bd5cc6ee
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small tty and serial driver fixes for 6.2-rc5 that
        resolve a number of tiny reported issues and some new device ids. They
        include:
      
         - new device id for the exar serial driver
      
         - speakup tty driver bugfix
      
         - atmel serial driver baudrate fixup
      
         - stm32 serial driver bugfix and then revert as the bugfix broke the
           build. That will come back in a later pull request once it is all
           worked out properly.
      
         - amba-pl011 serial driver rs486 mode bugfix
      
         - qcom_geni serial driver bugfix
      
        Most of these have been in linux-next with no reported problems (well,
        other than the build breakage which generated the revert), the new
        device id passed 0-day testing"
      
      * tag 'tty-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: exar: Add support for Sealevel 7xxxC serial cards
        Revert "serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler"
        tty: serial: qcom_geni: avoid duplicate struct member init
        serial: atmel: fix incorrect baudrate setup
        tty: fix possible null-ptr-defer in spk_ttyio_release
        serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler
        serial: amba-pl011: fix high priority character transmission in rs486 mode
        serial: pch_uart: Pass correct sg to dma_unmap_sg()
        tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
      bd5cc6ee
    • Linus Torvalds's avatar
      Merge tag 'usb-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · e67da288
      Linus Torvalds authored
      Pull USB / Thunderbolt fixes from Greg KH:
       "Here are a number of small USB and Thunderbolt driver fixes and new
        device id changes for 6.2-rc5. Included in here are:
      
         - thunderbolt bugfixes for reported problems
      
         - new usb-serial driver ids added
      
         - onboard_hub usb driver fixes for much-reported problems
      
         - xhci bugfixes
      
         - typec bugfixes
      
         - ehci-fsl driver module alias fix
      
         - iowarrior header size fix
      
         - usb gadget driver fixes
      
        All of these, except for the iowarrior fix, have been in linux-next
        with no reported issues. The iowarrior fix passed the 0-day testing
        and is a one digit change based on a reported problem in the driver
        (which was written to a spec, not the real device that is now
        available)"
      
      * tag 'usb-6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (40 commits)
        USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
        usb: host: ehci-fsl: Fix module alias
        usb: dwc3: fix extcon dependency
        usb: core: hub: disable autosuspend for TI TUSB8041
        USB: fix misleading usb_set_intfdata() kernel doc
        usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
        USB: gadget: Add ID numbers to configfs-gadget driver names
        usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail
        usb: gadget: g_webcam: Send color matching descriptor per frame
        usb: typec: altmodes/displayport: Use proper macro for pin assignment check
        usb: typec: altmodes/displayport: Fix pin assignment calculation
        usb: typec: altmodes/displayport: Add pin assignment helper
        usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
        usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
        usb: misc: onboard_hub: Move 'attach' work to the driver
        usb: misc: onboard_hub: Invert driver registration order
        usb: ucsi: Ensure connector delayed work items are flushed
        usb: musb: fix error return code in omap2430_probe()
        usb: chipidea: core: fix possible constant 0 if use IS_ERR(ci->role_switch)
        xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
        ...
      e67da288
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v6.2-3' of... · 83cd5fd0
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Hide LDFLAGS_vmlinux from decompressor Makefiles to fix error
         messages when GNU Make 4.4 is used.
      
       - Fix 'make modules' build error when CONFIG_DEBUG_INFO_BTF_MODULES=y.
      
       - Fix warnings emitted by GNU Make 4.4 in scripts/kconfig/Makefile.
      
       - Support GNU Make 4.4 for scripts/jobserver-exec.
      
       - Show clearer error message when kernel/gen_kheaders.sh fails due to
         missing cpio.
      
      * tag 'kbuild-fixes-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kheaders: explicitly validate existence of cpio command
        scripts: support GNU make 4.4 in jobserver-exec
        kconfig: Update all declared targets
        scripts: rpm: make clear that mkspec script contains 4.13 feature
        init/Kconfig: fix LOCALVERSION_AUTO help text
        kbuild: fix 'make modules' error when CONFIG_DEBUG_INFO_BTF_MODULES=y
        kbuild: export top-level LDFLAGS_vmlinux only to scripts/Makefile.vmlinux
        init/version-timestamp.c: remove unneeded #include <linux/version.h>
        docs: kbuild: remove mention to dropped $(objtree) feature
      83cd5fd0
    • Linus Torvalds's avatar
      ext4: deal with legacy signed xattr name hash values · f3bbac32
      Linus Torvalds authored
      We potentially have old hashes of the xattr names generated on systems
      with signed 'char' types.  Now that everybody uses '-funsigned-char',
      those hashes will no longer match.
      
      This only happens if you use xattrs names that have the high bit set,
      which probably doesn't happen in practice, but the xfstest generic/454
      shows it.
      
      Instead of adding a new "signed xattr hash filesystem" bit and having to
      deal with all the possible combinations, just calculate the hash both
      ways if the first one fails, and always generate new hashes with the
      proper unsigned char version.
      Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
      Link: https://lore.kernel.org/oe-lkp/202212291509.704a11c9-oliver.sang@intel.com
      Link: https://lore.kernel.org/all/CAHk-=whUNjwqZXa-MH9KMmc_CpQpoFKFjAB9ZKHuu=TbsouT4A@mail.gmail.com/
      Exposed-by: 3bc753c0 ("kbuild: treat char as always unsigned")
      Cc: Eric Biggers <ebiggers@kernel.org>
      Cc: Andreas Dilger <adilger@dilger.ca>
      Cc: Theodore Ts'o <tytso@mit.edu>,
      Cc: Jason Donenfeld <Jason@zx2c4.com>
      Cc: Masahiro Yamada <masahiroy@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f3bbac32
    • Greg Kroah-Hartman's avatar
      prlimit: do_prlimit needs to have a speculation check · 73979060
      Greg Kroah-Hartman authored
      do_prlimit() adds the user-controlled resource value to a pointer that
      will subsequently be dereferenced.  In order to help prevent this
      codepath from being used as a spectre "gadget" a barrier needs to be
      added after checking the range.
      Reported-by: default avatarJordy Zomer <jordyzomer@google.com>
      Tested-by: default avatarJordy Zomer <jordyzomer@google.com>
      Suggested-by: default avatarLinus Torvalds <torvalds@linuxfoundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      73979060
    • Marc Zyngier's avatar
      KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation · ef369168
      Marc Zyngier authored
      To save the vgic LPI pending state with GICv4.1, the VPEs must all be
      unmapped from the ITSs so that the sGIC caches can be flushed.
      The opposite is done once the state is saved.
      
      This is all done by using the activate/deactivate irqdomain callbacks
      directly from the vgic code. Crutially, this is done without holding
      the irqdesc lock for the interrupts that represent the VPE. And these
      callbacks are changing the state of the irqdesc. What could possibly
      go wrong?
      
      If a doorbell fires while we are messing with the irqdesc state,
      it will acquire the lock and change the interrupt state concurrently.
      Since we don't hole the lock, curruption occurs in on the interrupt
      state. Oh well.
      
      While acquiring the lock would fix this (and this was Shanker's
      initial approach), this is still a layering violation we could do
      without. A better approach is actually to free the VPE interrupt,
      do what we have to do, and re-request it.
      
      It is more work, but this usually happens only once in the lifetime
      of the VM and we don't really care about this sort of overhead.
      
      Fixes: f66b7b15 ("KVM: arm64: GICv4.1: Try to save VLPI state in save_pending_tables")
      Reported-by: default avatarShanker Donthineni <sdonthineni@nvidia.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/r/20230118022348.4137094-1-sdonthineni@nvidia.com
      ef369168
    • Catalin Marinas's avatar
      KVM: arm64: Pass the actual page address to mte_clear_page_tags() · c3b37c2d
      Catalin Marinas authored
      Commit d77e59a8 ("arm64: mte: Lock a page for MTE tag
      initialisation") added a call to mte_clear_page_tags() in case a
      prior mte_copy_tags_from_user() failed in order to avoid stale tags in
      the guest page (it should have really been a separate commit).
      Unfortunately, the argument passed to this function was the address of
      the struct page rather than the actual page address. Fix this function
      call.
      
      Fixes: d77e59a8 ("arm64: mte: Lock a page for MTE tag initialisation")
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Cc: Marc Zyngier <maz@kernel.org>
      Reviewed-by: default avatarOliver Upton <oliver.upton@linux.dev>
      Reviewed-by: default avatarAnshuman Khandual <anshuman.khandual@arm.com>
      Reviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20230119170902.1574756-1-catalin.marinas@arm.com
      c3b37c2d
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · f883675b
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - fix a potential race condition and always set GPIOs used as interrupt
         source to input in gpio-mxc
      
       - fix a GPIO ACPI-related issue with system suspend on Clevo NL5xRU
      
      * tag 'gpio-fixes-for-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xRU
        gpiolib: acpi: Allow ignoring wake capability on pins that aren't in _AEI
        gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
        gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock
      f883675b
  6. 20 Jan, 2023 4 commits
    • Linus Torvalds's avatar
      Merge tag '6.2-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 4e31bada
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
      
       - important fix for packet signature calculation error
      
       - three fixes to correct DFS deadlock, and DFS refresh problem
      
       - remove an unused DFS function, and duplicate tcon refresh code
      
       - DFS cache lookup fix
      
       - uninitialized rc fix
      
      * tag '6.2-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: remove unused function
        cifs: do not include page data when checking signature
        cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
        cifs: handle cache lookup errors different than -ENOENT
        cifs: remove duplicate code in __refresh_tcon()
        cifs: don't take exclusive lock for updating target hints
        cifs: avoid re-lookups in dfs_cache_find()
        cifs: fix potential deadlock in cache_refresh_path()
      4e31bada
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 8440ffcd
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
      
       - Compilation fix for Sunplus sp7021
      
       - Add some missing headers after a cleanup to the Nomadik driver
      
       - Fix pull type and mux routes on Rockchip RK3568
      
      * tag 'pinctrl-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: rockchip: fix mux route data for rk3568
        pinctrl: rockchip: fix reading pull type on rk3568
        pinctrl: nomadik: Add missing header(s)
        pinctrl: sp7021: fix unused function warning
      8440ffcd
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 8974efaa
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
      
       - Several hfi1 patches fixing some long standing driver bugs
      
       - Overflow when working with sg lists with elements greater than 4G
      
       - An rxe regression with object numbering after the mrs reach their
         limit
      
       - A theoretical problem with the scatterlist merging code
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        lib/scatterlist: Fix to calculate the last_pg properly
        IB/hfi1: Remove user expected buffer invalidate race
        IB/hfi1: Immediately remove invalid memory from hardware
        IB/hfi1: Fix expected receive setup error exit issues
        IB/hfi1: Reserve user expected TIDs
        IB/hfi1: Reject a zero-length user expected buffer
        RDMA/core: Fix ib block iterator counter overflow
        RDMA/rxe: Prevent faulty rkey generation
        RDMA/rxe: Fix inaccurate constants in rxe_type_info
      8974efaa
    • Jens Axboe's avatar
      io_uring/poll: don't reissue in case of poll race on multishot request · 8caa03f1
      Jens Axboe authored
      A previous commit fixed a poll race that can occur, but it's only
      applicable for multishot requests. For a multishot request, we can safely
      ignore a spurious wakeup, as we never leave the waitqueue to begin with.
      
      A blunt reissue of a multishot armed request can cause us to leak a
      buffer, if they are ring provided. While this seems like a bug in itself,
      it's not really defined behavior to reissue a multishot request directly.
      It's less efficient to do so as well, and not required to rearm anything
      like it is for singleshot poll requests.
      
      Cc: stable@vger.kernel.org
      Fixes: 6e5aedb9 ("io_uring/poll: attempt request issue after racy poll wakeup")
      Reported-and-tested-by: default avatarOlivier Langlois <olivier@trillion01.com>
      Link: https://github.com/axboe/liburing/issues/778Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      8caa03f1