1. 18 Nov, 2022 24 commits
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.1-2022-11-18' of git://git.kernel.dk/linux · a66e4cbf
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "This is mostly fixing issues around the poll rework, but also two
        tweaks for the multishot handling for accept and receive.
      
        All stable material"
      
      * tag 'io_uring-6.1-2022-11-18' of git://git.kernel.dk/linux:
        io_uring: disallow self-propelled ring polling
        io_uring: fix multishot recv request leaks
        io_uring: fix multishot accept request leaks
        io_uring: fix tw losing poll events
        io_uring: update res mask in io_poll_check_events
      a66e4cbf
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 23a60a03
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - Fix a build error with CONFIG_CFI_CLANG + CONFIG_FTRACE when
         CONFIG_FUNCTION_GRAPH_TRACER is not enabled.
      
       - Fix a BUG_ON triggered by the page table checker due to incorrect
         file_map_count for non-leaf pmd/pud (the arm64
         pmd_user_accessible_page() not checking whether it's a leaf entry).
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
        arm64: ftrace: Define ftrace_stub_graph only with FUNCTION_GRAPH_TRACER
      23a60a03
    • Linus Torvalds's avatar
      Merge tag 'block-6.1-2022-11-18' of git://git.kernel.dk/linux · f4408c3d
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request via Christoph:
            - Two more bogus nid quirks (Bean Huo, Tiago Dias Ferreira)
            - Memory leak fix in nvmet (Sagi Grimberg)
      
       - Regression fix for block cgroups pinning the wrong blkcg, causing
         leaks of cgroups and blkcgs (Chris)
      
       - UAF fix for drbd setup error handling (Dan)
      
       - Fix DMA alignment propagation in DM (Keith)
      
      * tag 'block-6.1-2022-11-18' of git://git.kernel.dk/linux:
        dm-log-writes: set dma_alignment limit in io_hints
        dm-integrity: set dma_alignment limit in io_hints
        block: make blk_set_default_limits() private
        dm-crypt: provide dma_alignment limit in io_hints
        block: make dma_alignment a stacking queue_limit
        nvmet: fix a memory leak in nvmet_auth_set_key
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
        drbd: use after free in drbd_create_device()
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
        blk-cgroup: properly pin the parent in blkcg_css_online
      f4408c3d
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2022-11-19' of git://anongit.freedesktop.org/drm/drm · b5bf1d8a
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "I guess the main question is are things settling down, and I'd say
        kinda, these are all pretty small fixes, nothing big stands out
        really, just seems to be quite a few of them.
      
        Mostly amdgpu and core fixes, with some i915, tegra, vc4, panel bits.
      
        core:
         - Fix potential memory leak in drm_dev_init()
         - Fix potential null-ptr-deref in drm_vblank_destroy_worker()
         - Revert hiding unregistered connectors from userspace, as it breaks
           on DP-MST
         - Add workaround for DP++ dual mode adaptors that don't support i2c
           subaddressing
      
        i915:
         - Fix uaf with lmem_userfault_list handling
      
        amdgpu:
         - gang submit fixes
         - Fix a possible memory leak in ganng submit error path
         - DP tunneling fixes
         - DCN 3.1 page flip fix
         - DCN 3.2.x fixes
         - DCN 3.1.4 fixes
         - Don't expose degamma on hardware that doesn't support it
         - BACO fixes for SMU 11.x
         - BACO fixes for SMU 13.x
         - Virtual display fix for devices with no display hardware
      
        amdkfd:
         - Memory limit regression fix
      
        tegra:
         - tegra20 GART fix
      
        vc4:
         - Fix error handling in vc4_atomic_commit_tail()
      
        lima:
         - Set lima's clkname corrrectly when regulator is missing
      
        panel:
         - Set bpc for logictechno panels"
      
      * tag 'drm-fixes-2022-11-19' of git://anongit.freedesktop.org/drm/drm: (28 commits)
        gpu: host1x: Avoid trying to use GART on Tegra20
        drm/display: Don't assume dual mode adaptors support i2c sub-addressing
        drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround
        drm/amd/pm: enable runpm support over BACO for SMU13.0.7
        drm/amd/pm: enable runpm support over BACO for SMU13.0.0
        drm/amdgpu: there is no vbios fb on devices with no display hw (v2)
        drm/amdkfd: Fix a memory limit issue
        drm/amdgpu: disable BACO support on more cards
        drm/amd/display: don't enable DRM CRTC degamma property for DCE
        drm/amd/display: Set max for prefetch lines on dcn32
        drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32
        drm/amd/display: Fix prefetch calculations for dcn32
        drm/amd/display: Fix optc2_configure warning on dcn314
        drm/amd/display: Fix calculation for cursor CAB allocation
        Revert "drm: hide unregistered connectors from GETCONNECTOR IOCTL"
        drm/amd/display: Support parsing VRAM info v3.0 from VBIOS
        drm/amd/display: Fix invalid DPIA AUX reply causing system hang
        drm/amdgpu: Add psp_13_0_10_ta firmware to modinfo
        drm/amd/display: Add HUBP surface flip interrupt handler
        drm/amd/display: Fix access timeout to DPIA AUX at boot time
        ...
      b5bf1d8a
    • Linus Torvalds's avatar
      Merge tag 's390-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · ab290ead
      Linus Torvalds authored
      Pull s390 fixes from Alexander Gordeev:
      
       - Fix deadlock in discontiguous saved segments (DCSS) block device
         driver. When adding a disk and scanning partitions the scan would not
         break out early without a missed flag.
      
       - Avoid using global register variable for current_stack_pointer due to
         an old bug in gcc versions prior to gcc-8.4. Due to this bug a broken
         code is generated, which leads to stack corruptions.
      
      * tag 's390-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: avoid using global register for current_stack_pointer
        s390/dcssblk: fix deadlock when adding a DCSS
      ab290ead
    • Linus Torvalds's avatar
      Merge tag 'for-6.1/dm-fixes-2' of... · 5556a78c
      Linus Torvalds authored
      Merge tag 'for-6.1/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix misbehavior if list_versions DM ioctl races with module loading
      
       - Fix missing decrement of no_sleep_enabled if dm_bufio_client_create
         failed
      
       - Allow DM integrity devices to be activated in read-only mode
      
      * tag 'for-6.1/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm integrity: clear the journal on suspend
        dm integrity: flush the journal on suspend
        dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed
        dm ioctl: fix misbehavior if list_versions races with module loading
      5556a78c
    • Dave Airlie's avatar
      Merge tag 'drm/tegra/for-6.1-rc6' of https://gitlab.freedesktop.org/drm/tegra into drm-fixes · b1010b93
      Dave Airlie authored
      drm/tegra: Fixes for v6.1-rc6
      
      This contains a single fix that avoids using the GART on Tegra20 because
      it doesn't work well with the way the Tegra DRM driver tries to use it.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thierry Reding <thierry.reding@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20221118121614.3511110-1-thierry.reding@gmail.com
      b1010b93
    • Linus Torvalds's avatar
      Merge tag 'usb-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 950a9f56
      Linus Torvalds authored
      Pull USB driver fixes from Greg KH:
       "Here are a number of USB driver fixes and new device ids for 6.1-rc6.
        Included in here are:
      
         - new usb-serial device ids
      
         - dwc3 driver fixes for reported problems
      
         - cdns3 driver fixes
      
         - new USB device quirks
      
         - typec driver fixes
      
         - extcon USB typec driver fix
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: serial: option: add u-blox LARA-L6 modem
        USB: serial: option: add u-blox LARA-R6 00B modem
        USB: serial: option: remove old LARA-R6 PID
        USB: serial: option: add Fibocom FM160 0x0111 composition
        usb: add NO_LPM quirk for Realforce 87U Keyboard
        usb: cdns3: host: fix endless superspeed hub port reset
        usb: chipidea: fix deadlock in ci_otg_del_timer
        usb: dwc3: Do not get extcon device when usb-role-switch is used
        usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler
        usb: typec: mux: Enter safe mode only when pins need to be reconfigured
        extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered
        Revert "usb: dwc3: disable USB core PHY management"
        usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
        USB: bcma: Make GPIO explicitly optional
        USB: serial: option: add Sierra Wireless EM9191
      950a9f56
    • Linus Torvalds's avatar
      Merge tag 'staging-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 12fe29ee
      Linus Torvalds authored
      Pull staging driver fix from Greg KH:
       "Here is a single staging driver fix for 6.1-rc6.
      
        It resolves a bogus signed character test as pointed out, and fixed
        by, Jason in the rtl8192e driver
      
        It has been in linux-next for a few weeks now with no reported
        problems"
      
      * tag 'staging-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: rtl8192e: remove bogus ssid character sign test
      12fe29ee
    • Liu Shixin's avatar
      arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud · 5b47348f
      Liu Shixin authored
      The page table check trigger BUG_ON() unexpectedly when collapse hugepage:
      
       ------------[ cut here ]------------
       kernel BUG at mm/page_table_check.c:82!
       Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
       Dumping ftrace buffer:
          (ftrace buffer empty)
       Modules linked in:
       CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750
       Hardware name: linux,dummy-virt (DT)
       pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
       pc : page_table_check_clear.isra.0+0x258/0x3f0
       lr : page_table_check_clear.isra.0+0x240/0x3f0
      [...]
       Call trace:
        page_table_check_clear.isra.0+0x258/0x3f0
        __page_table_check_pmd_clear+0xbc/0x108
        pmdp_collapse_flush+0xb0/0x160
        collapse_huge_page+0xa08/0x1080
        hpage_collapse_scan_pmd+0xf30/0x1590
        khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8
        khugepaged+0x338/0x518
        kthread+0x278/0x2f8
        ret_from_fork+0x10/0x20
      [...]
      
      Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it
      decrease file_map_count for a non-leaf pmd comes from collapse_huge_page().
      and so trigger BUG_ON() unexpectedly.
      
      Fix this problem by using pmd_leaf() insteal of pmd_present() in
      pmd_user_accessible_page(). Moreover, use pud_leaf() for
      pud_user_accessible_page() too.
      
      Fixes: 42b25471 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK")
      Reported-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      Signed-off-by: default avatarLiu Shixin <liushixin2@huawei.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarPasha Tatashin <pasha.tatashin@soleen.com>
      Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20221117075602.2904324-2-liushixin2@huawei.comSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      5b47348f
    • Linus Torvalds's avatar
      Merge tag 'tty-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 09389357
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are a number of small tty and serial driver fixes for 6.1-rc6.
        They all resolve reported problems:
      
         - kernel doc build problems with the -rc1 serial driver documentation
           update
      
         - n_gsm reported problems
      
         - imx serial driver missing callback
      
         - lots of tiny 8250 driver fixes for reported issues.
      
        All of these have been in linux-next for over a week with no reported
        problems"
      
      * tag 'tty-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c
        serial: 8250: Flush DMA Rx on RLSI
        serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
        serial: 8250_lpss: Configure DMA also w/o DMA filter
        serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
        tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
        Revert "tty: n_gsm: replace kicktimer with delayed_work"
        Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
        serial: imx: Add missing .thaw_noirq hook
        tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
        serial: 8250: omap: Flush PM QOS work on remove
        serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
        serial: 8250_omap: remove wait loop from Errata i202 workaround
        serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
        serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
      09389357
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 63c8c0d7
      Linus Torvalds authored
      Pull driver core fixes from Greg KH:
       "Here are two small driver core fixes for 6.1-rc6:
      
         - utsname fix, this one should already be in your tree as it came
           from a different tree earlier.
      
         - kernfs bugfix for a much reported syzbot report that seems to keep
           getting triggered.
      
        Both of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'driver-core-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kernfs: Fix spurious lockdep warning in kernfs_find_and_get_node_by_id()
        kernel/utsname_sysctl.c: Add missing enum uts_proc value
      63c8c0d7
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 1f63d1a1
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char/misc and other driver fixes for 6.1-rc6 to
        resolve some reported problems. Included in here are:
      
         - iio driver fixes
      
         - binder driver fix
      
         - nvmem driver fix
      
         - vme_vmci information leak fix
      
         - parport fix
      
         - slimbus configuration fix
      
         - coreboot firmware bugfix
      
         - speakup build fix and crash fix
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (22 commits)
        firmware: coreboot: Register bus in module init
        nvmem: u-boot-env: fix crc32_data_offset on redundant u-boot-env
        slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m
        docs: update mediator contact information in CoC doc
        slimbus: stream: correct presence rate frequencies
        nvmem: lan9662-otp: Fix compatible string
        binder: validate alloc->mm in ->mmap() handler
        parport_pc: Avoid FIFO port location truncation
        siox: fix possible memory leak in siox_device_add()
        misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
        speakup: replace utils' u_char with unsigned char
        speakup: fix a segfault caused by switching consoles
        tools: iio: iio_generic_buffer: Fix read size
        iio: imu: bno055: uninitialized variable bug in bno055_trigger_handler()
        iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
        iio: adc: mp2629: fix potential array out of bound access
        iio: adc: mp2629: fix wrong comparison of channel
        iio: pressure: ms5611: changed hardcoded SPI speed to value limited
        iio: pressure: ms5611: fixed value compensation bug
        iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID.
        ...
      1f63d1a1
    • Linus Torvalds's avatar
      Merge tag 'sound-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · ae558268
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A fair amount of commits at this time due to ASoC PR merge, but all
        look small and easy, mostly device-specific fixes spanned in various
        drivers. Hopefully this should be the last big chunk for 6.1"
      
      * tag 'sound-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits)
        ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
        ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
        ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
        ASoC: stm32: dfsdm: manage cb buffers cleanup
        ASoC: sof_es8336: reduce pop noise on speaker
        ASoC: SOF: topology: No need to assign core ID if token parsing failed
        ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
        ASoC: rt5677: fix legacy dai naming
        ASoC: rt5514: fix legacy dai naming
        ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older
        ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake
        ASoC: Intel: soc-acpi: add ES83x6 support to IceLake
        ASoC: tas2780: Fix set_tdm_slot in case of single slot
        ASoC: tas2764: Fix set_tdm_slot in case of single slot
        ASoC: tas2770: Fix set_tdm_slot in case of single slot
        ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
        ASoC: core: Fix use-after-free in snd_soc_exit()
        MAINTAINERS: update Tzung-Bi's email address
        ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
        ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
        ...
      ae558268
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 4ab9ffda
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Fixup VDD/VMMC voltage-range negotiation
      
        MMC host:
         - sdhci-pci: Fix memory leak by adding a missing pci_dev_put()
         - sdhci-pci-o2micro: Fix card detect by tuning the debounce timeout"
      
      * tag 'mmc-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
        mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
        mmc: core: properly select voltage range without power cycle
      4ab9ffda
    • Pavel Begunkov's avatar
      io_uring: disallow self-propelled ring polling · 7fdbc5f0
      Pavel Begunkov authored
      When we post a CQE we wake all ring pollers as it normally should be.
      However, if a CQE was generated by a multishot poll request targeting
      its own ring, it'll wake that request up, which will make it to post
      a new CQE, which will wake the request and so on until it exhausts all
      CQ entries.
      
      Don't allow multishot polling io_uring files but downgrade them to
      oneshots, which was always stated as a correct behaviour that the
      userspace should check for.
      
      Cc: stable@vger.kernel.org
      Fixes: aa43477b ("io_uring: poll rework")
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Link: https://lore.kernel.org/r/3124038c0e7474d427538c2d915335ec28c92d21.1668785722.git.asml.silence@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      7fdbc5f0
    • Mikulas Patocka's avatar
      dm integrity: clear the journal on suspend · 984bf2cc
      Mikulas Patocka authored
      There was a problem that a user burned a dm-integrity image on CDROM
      and could not activate it because it had a non-empty journal.
      
      Fix this problem by flushing the journal (done by the previous commit)
      and clearing the journal (done by this commit). Once the journal is
      cleared, dm-integrity won't attempt to replay it on the next
      activation.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      984bf2cc
    • Mikulas Patocka's avatar
      dm integrity: flush the journal on suspend · 5e5dab5e
      Mikulas Patocka authored
      This commit flushes the journal on suspend. It is prerequisite for the
      next commit that enables activating dm integrity devices in read-only mode.
      
      Note that we deliberately didn't flush the journal on suspend, so that the
      journal replay code would be tested. However, the dm-integrity code is 5
      years old now, so that journal replay is well-tested, and we can make this
      change now.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      5e5dab5e
    • Zhihao Cheng's avatar
      dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed · 0dfc1f4c
      Zhihao Cheng authored
      The 'no_sleep_enabled' should be decreased in error handling path
      in dm_bufio_client_create() when the DM_BUFIO_CLIENT_NO_SLEEP flag
      is set, otherwise static_branch_unlikely() will always return true
      even if no dm_bufio_client instances have DM_BUFIO_CLIENT_NO_SLEEP
      flag set.
      
      Cc: stable@vger.kernel.org
      Fixes: 3c1c875d ("dm bufio: conditionally enable branching for DM_BUFIO_CLIENT_NO_SLEEP")
      Signed-off-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      0dfc1f4c
    • Mikulas Patocka's avatar
      dm ioctl: fix misbehavior if list_versions races with module loading · 4fe1ec99
      Mikulas Patocka authored
      __list_versions will first estimate the required space using the
      "dm_target_iterate(list_version_get_needed, &needed)" call and then will
      fill the space using the "dm_target_iterate(list_version_get_info,
      &iter_info)" call. Each of these calls locks the targets using the
      "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first
      and second "dm_target_iterate" there is no lock held and the target
      modules can be loaded at this point, so the second "dm_target_iterate"
      call may need more space than what was the first "dm_target_iterate"
      returned.
      
      The code tries to handle this overflow (see the beginning of
      list_version_get_info), however this handling is incorrect.
      
      The code sets "param->data_size = param->data_start + needed" and
      "iter_info.end = (char *)vers+len" - "needed" is the size returned by the
      first dm_target_iterate call; "len" is the size of the buffer allocated by
      userspace.
      
      "len" may be greater than "needed"; in this case, the code will write up
      to "len" bytes into the buffer, however param->data_size is set to
      "needed", so it may write data past the param->data_size value. The ioctl
      interface copies only up to param->data_size into userspace, thus part of
      the result will be truncated.
      
      Fix this bug by setting "iter_info.end = (char *)vers + needed;" - this
      guarantees that the second "dm_target_iterate" call will write only up to
      the "needed" buffer and it will exit with "DM_BUFFER_FULL_FLAG" if it
      overflows the "needed" space - in this case, userspace will allocate a
      larger buffer and retry.
      
      Note that there is also a bug in list_version_get_needed - we need to add
      "strlen(tt->name) + 1" to the needed size, not "strlen(tt->name)".
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
      4fe1ec99
    • Jens Axboe's avatar
      Merge tag 'nvme-6.1-2022-11-18' of git://git.infradead.org/nvme into block-6.1 · 5c59789c
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 6.1
      
       - two more bogus nid quirks (Bean Huo, Tiago Dias Ferreira)
       - memory leak fix in nvmet (Sagi Grimberg)"
      
      * tag 'nvme-6.1-2022-11-18' of git://git.infradead.org/nvme:
        nvmet: fix a memory leak in nvmet_auth_set_key
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
        nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
      5c59789c
    • Robin Murphy's avatar
      gpu: host1x: Avoid trying to use GART on Tegra20 · c2418f91
      Robin Murphy authored
      Since commit c7e3ca51 ("iommu/tegra: gart: Do not register with
      bus") quite some time ago, the GART driver has effectively disabled
      itself to avoid issues with the GPU driver expecting it to work in ways
      that it doesn't. As of commit 57365a04 ("iommu: Move bus setup to
      IOMMU device registration") that bodge no longer works, but really the
      GPU driver should be responsible for its own behaviour anyway. Make the
      workaround explicit.
      Reported-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Suggested-by: default avatarDmitry Osipenko <digetx@gmail.com>
      Signed-off-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Tested-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Signed-off-by: default avatarThierry Reding <treding@nvidia.com>
      c2418f91
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-6.1-2022-11-16' of... · 585f2bc8
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-6.1-2022-11-16' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
      
      amd-drm-fixes-6.1-2022-11-16:
      
      amdgpu:
      - Fix a possible memory leak in ganng submit error path
      - DP tunneling fixes
      - DCN 3.1 page flip fix
      - DCN 3.2.x fixes
      - DCN 3.1.4 fixes
      - Don't expose degamma on hardware that doesn't support it
      - BACO fixes for SMU 11.x
      - BACO fixes for SMU 13.x
      - Virtual display fix for devices with no display hardware
      
      amdkfd:
      - Memory limit regression fix
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20221117040416.6100-1-alexander.deucher@amd.com
      585f2bc8
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2022-11-17' of... · a73b603f
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2022-11-17' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      - Fix uaf with lmem_userfault_list handling (Matthew Auld)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/Y3X2bNJ/4GR1BAiG@tursulin-desk
      a73b603f
  2. 17 Nov, 2022 13 commits
  3. 16 Nov, 2022 3 commits