1. 11 Sep, 2024 3 commits
    • Bibo Mao's avatar
      LoongArch: KVM: Add Binary Translation extension support · b67ee19a
      Bibo Mao authored
      Loongson Binary Translation (LBT) is used to accelerate binary translation,
      which contains 4 scratch registers (scr0 to scr3), x86/ARM eflags (eflags)
      and x87 fpu stack pointer (ftop).
      
      Like FPU extension, here a lazy enabling method is used for LBT. the LBT
      context is saved/restored on the vcpu context switch path.
      Signed-off-by: default avatarBibo Mao <maobibo@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      b67ee19a
    • Bibo Mao's avatar
      LoongArch: KVM: Add VM feature detection function · a53f48b6
      Bibo Mao authored
      Loongson SIMD Extension (LSX), Loongson Advanced SIMD Extension (LASX)
      and Loongson Binary Translation (LBT) features are defined in register
      CPUCFG2. Two kinds of LSX/LASX/LBT feature detection are added here, one
      is VCPU feature, and the other is VM feature. VCPU feature dection can
      only work with VCPU thread itself, and requires VCPU thread is created
      already. So LSX/LASX/LBT feature detection for VM is added also, it can
      be done even if VM is not created, and also can be done by any threads
      besides VCPU threads.
      
      Here ioctl command KVM_HAS_DEVICE_ATTR is added for VM, and macro
      KVM_LOONGARCH_VM_FEAT_CTRL is added to check supported feature. And
      five sub-features relative with LSX/LASX/LBT are added as following:
       KVM_LOONGARCH_VM_FEAT_LSX
       KVM_LOONGARCH_VM_FEAT_LASX
       KVM_LOONGARCH_VM_FEAT_X86BT
       KVM_LOONGARCH_VM_FEAT_ARMBT
       KVM_LOONGARCH_VM_FEAT_MIPSBT
      Signed-off-by: default avatarBibo Mao <maobibo@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      a53f48b6
    • Bibo Mao's avatar
      LoongArch: Revert qspinlock to test-and-set simple lock on VM · e5ba90ab
      Bibo Mao authored
      Similar with x86, when VM is detected, revert to a simple test-and-set
      lock to avoid the horrors of queue preemption.
      
      Tested on 3C5000 Dual-way machine with 32 cores and 2 numa nodes,
      test case is kcbench on kernel mainline 6.10, the detailed command is
      "kcbench --src /root/src/linux"
      
      Performance on host machine
                            kernel compile time       performance impact
         Original           150.29 seconds
         With patch         150.19 seconds            almost no impact
      
      Performance on virtual machine:
      1. 1 VM with 32 vCPUs and 2 numa node, numa node pinned
                            kernel compile time       performance impact
         Original           170.87 seconds
         With patch         171.73 seconds            almost no impact
      
      2. 2 VMs, each VM with 32 vCPUs and 2 numa node, numa node pinned
                            kernel compile time       performance impact
         Original           2362.04 seconds
         With patch         354.73  seconds            +565%
      Signed-off-by: default avatarBibo Mao <maobibo@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      e5ba90ab
  2. 08 Sep, 2024 5 commits
    • Linus Torvalds's avatar
      Linux 6.11-rc7 · da3ea350
      Linus Torvalds authored
      da3ea350
    • Linus Torvalds's avatar
      Merge tag 'timers_urgent_for_v6.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 89f5e14d
      Linus Torvalds authored
      Pull timer fixes from Borislav Petkov:
      
       - Remove percpu irq related code in the timer-of initialization routine
         as it is broken but also unused (Daniel Lezcano)
      
       - Fix return -ETIME when delta exceeds INT_MAX and the next event not
         taking effect sometimes (Jacky Bai)
      
      * tag 'timers_urgent_for_v6.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
        clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
        clocksource/drivers/timer-of: Remove percpu irq related code
      89f5e14d
    • Linus Torvalds's avatar
      Merge tag 'perf_urgent_for_v6.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e2039887
      Linus Torvalds authored
      Pull perf fixes from Borislav Petkov:
      
       - Fix perf's AUX buffer serialization
      
       - Prevent uninitialized struct members in perf's uprobes handling
      
      * tag 'perf_urgent_for_v6.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/aux: Fix AUX buffer serialization
        uprobes: Use kzalloc to allocate xol area
      e2039887
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 5dadc1be
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char/misc/other driver fixes for 6.11-rc7. It's
        nothing huge, just a bunch of small fixes of reported problems,
        including:
      
         - lots of tiny iio driver fixes
      
         - nvmem driver fixex
      
         - binder UAF bugfix
      
         - uio driver crash fix
      
         - other small fixes
      
        All of these have been in linux-next this week with no reported
        problems"
      
      * tag 'char-misc-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
        VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
        Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
        uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
        misc: keba: Fix sysfs group creation
        dt-bindings: nvmem: Use soc-nvmem node name instead of nvmem
        nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
        nvmem: u-boot-env: error if NVMEM device is too small
        misc: fastrpc: Fix double free of 'buf' in error path
        binder: fix UAF caused by offsets overwrite
        iio: imu: inv_mpu6050: fix interrupt status read for old buggy chips
        iio: adc: ad7173: fix GPIO device info
        iio: adc: ad7124: fix DT configuration parsing
        iio: adc: ad_sigma_delta: fix irq_flags on irq request
        iio: adc: ads1119: Fix IRQ flags
        iio: fix scale application in iio_convert_raw_to_processed_unlocked
        iio: adc: ad7124: fix config comparison
        iio: adc: ad7124: fix chip ID mismatch
        iio: adc: ad7173: Fix incorrect compatible string
        iio: buffer-dmaengine: fix releasing dma channel on error
        iio: adc: ad7606: remove frstdata check for serial mode
        ...
      5dadc1be
    • Linus Torvalds's avatar
      Merge tag 'usb-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 51c4d5f1
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a handful of small USB fixes for 6.11-rc7. Included in here
        are:
      
         - dwc3 driver fixes for two reported problems
      
         - two typec ucsi driver fixes
      
         - cdns2 controller reset fix
      
        All of these have been in linux-next this week with no reported
        problems"
      
      * tag 'usb-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: typec: ucsi: Fix cable registration
        usb: typec: ucsi: Fix the partner PD revision
        usb: cdns2: Fix controller reset issue
        usb: dwc3: core: update LC timer as per USB Spec V3.2
        usb: dwc3: Avoid waking up gadget during startxfer
      51c4d5f1
  3. 07 Sep, 2024 6 commits
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · d1f2d51b
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "A pile of Qualcomm clk driver fixes with two main themes: the alpha
        PLL driver and shared RCGs, and one fix for the Starfive JH7110 SoC.
      
         - The Alpha PLL clk_ops had multiple problems around setting rates.
      
           There are a handful of patches here that fix masks and skip
           enabling the clk from set_rate() when the PLL is disabled. The PLLs
           are crucial to operation of the system as almost all frequencies in
           the system are derived from them.
      
         - Parking shared RCGs at a slow always on clk at registration time
           breaks stuff.
      
           USB host mode can't handle such a slow frequency and the serial
           console gets all garbled when the UART clk is handed over to the
           kernel. There's a few patches that don't use the shared clk_ops for
           the UART clks and another one to skip parking the USB clk at
           registration time.
      
         - The Starfive PLL driver used for the CPU was busted causing cpufreq
           to fail because the clk didn't change to a safe parent during
           set_rate().
      
           The fix is to register a notifier and switch to a safe parent so
           the PLL can change rate in a glitch free manner"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: qcom: gcc-sc8280xp: don't use parking clk_ops for QUPs
        clk: starfive: jh7110-sys: Add notifier for PLL0 clock
        clk: qcom: gcc-sm8650: Don't use shared clk_ops for QUPs
        clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
        clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
        clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs
        clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
        clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags
        clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL
        clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled
        clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
        clk: qcom: clk-alpha-pll: Fix the pll post div mask
      d1f2d51b
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 37d4cc69
      Linus Torvalds authored
      Pull SCSI fix from James Bottomley:
       "Single ufs driver fix quirking around another device spec violation"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ufs: ufs-mediatek: Add UFSHCD_QUIRK_BROKEN_LSDBS_CAP
      37d4cc69
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v6.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 87276562
      Linus Torvalds authored
      Pull pin control fix from Linus Walleij:
       "A single fix for Qualcomm laptops that are affected by
        missing wakeup IRQs"
      
      * tag 'pinctrl-v6.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now
      87276562
    • Linus Torvalds's avatar
      Merge tag 'linux_kselftest-kunit-fixes-6.11-rc7-2' of... · b31c4492
      Linus Torvalds authored
      Merge tag 'linux_kselftest-kunit-fixes-6.11-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      PullKUnit fix from Shuah Khan:
       "Fix to a missing function parameter warning found during documentation
        build in linux-next"
      
      * tag 'linux_kselftest-kunit-fixes-6.11-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        kunit: Fix missing kerneldoc comment
      b31c4492
    • Linus Torvalds's avatar
      Merge tag 'pci-v6.11-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci · 487ee43b
      Linus Torvalds authored
      Pull pci fixes from Bjorn Helgaas:
      
       - Unregister platform devices for child nodes when stopping a PCI
         device, even if the PCI core has already cleared the OF_POPULATED bit
         and of_platform_depopulate() doesn't do anything (Bartosz
         Golaszewski)
      
       - Rescan the bus from a separate thread so we don't deadlock when
         triggering rescan from sysfs (Bartosz Golaszewski)
      
      * tag 'pci-v6.11-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
        PCI/pwrctl: Rescan bus on a separate thread
        PCI: Don't rely on of_platform_depopulate() for reused OF-nodes
      487ee43b
    • Linus Torvalds's avatar
      Merge tag 'v6.11-rc6-cifs-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · a86b83f7
      Linus Torvalds authored
      Pull smb client fixes from Steve French:
      
       - fix potential mount hang
      
       - fix retry problem in two types of compound operations
      
       - important netfs integration fix in SMB1 read paths
      
       - fix potential uninitialized zero point of inode
      
       - minor patch to improve debugging for potential crediting problems
      
      * tag 'v6.11-rc6-cifs-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        netfs, cifs: Improve some debugging bits
        cifs: Fix SMB1 readv/writev callback in the same way as SMB2/3
        cifs: Fix zero_point init on inode initialisation
        smb: client: fix double put of @cfile in smb2_set_path_size()
        smb: client: fix double put of @cfile in smb2_rename_path()
        smb: client: fix hang in wait_for_response() for negproto
      a86b83f7
  4. 06 Sep, 2024 20 commits
    • Linus Torvalds's avatar
      KVM: x86: don't fall through case statements without annotations · 9d4c3040
      Linus Torvalds authored
      clang warns on this because it has an unannotated fall-through between
      cases:
      
         arch/x86/kvm/x86.c:4819:2: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
      
      and while we could annotate it as a fallthrough, the proper fix is to
      just add the break for this case, instead of falling through to the
      default case and the break there.
      
      gcc also has that warning, but it looks like gcc only warns for the
      cases where they fall through to "real code", rather than to just a
      break.  Odd.
      
      Fixes: d30d9ee9 ("KVM: x86: Only advertise KVM_CAP_READONLY_MEM when supported by VM")
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Tom Dohrmann <erbse.13@gmx.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9d4c3040
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 6b8ff511
      Linus Torvalds authored
      Pull arm64 fix from Catalin Marinas:
       "Fix the arm64 usage of ftrace_graph_ret_addr() to pass the
        &state->graph_idx pointer instead of NULL, otherwise this function
        just returns early"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: stacktrace: fix the usage of ftrace_graph_ret_addr()
      6b8ff511
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 890daede
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A revert for the mmap() change that ties the allocation range to the
         hint adress, as what we tried to do ended up regressing on other
         userspace workloads.
      
       - A fix to avoid a kernel memory leak when emulating misaligned
         accesses from userspace.
      
       - A Kconfig fix for toolchain vector detection, which now correctly
         detects vector support on toolchains where the V extension depends on
         the M extension.
      
       - A fix to avoid failing the linear mapping bootmem bounds check on
         NOMMU systems.
      
       - A fix for early alternatives on relocatable kernels.
      
      * tag 'riscv-for-linus-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Fix RISCV_ALTERNATIVE_EARLY
        riscv: Do not restrict memory size because of linear mapping on nommu
        riscv: Fix toolchain vector detection
        riscv: misaligned: Restrict user access to kernel memory
        riscv: mm: Do not restrict mmap address based on hint
        riscv: selftests: Remove mmap hint address checks
        Revert "RISC-V: mm: Document mmap changes"
      890daede
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · a78d7dce
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix a deadlock in the powerpc qspinlock MCS queue logic
      
       - Fix the return type of pgd_val() to not truncate 64-bit PTEs on 85xx
      
       - Allow the check for dynamic relocations in the VDSO to work correctly
      
       - Make mmu_pte_psize static to fix a build error
      
      Thanks to Christophe Leroy, Nysal Jan K.A., Nicholas Piggin, Geetika
      Moolchandani, Jijo Varghese, and Vaishnavi Bhat.
      
      * tag 'powerpc-6.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/qspinlock: Fix deadlock in MCS queue
        powerpc/mm: Fix return type of pgd_val()
        powerpc/vdso: Don't discard rela sections
        powerpc/64e: Define mmu_pte_psize static
      a78d7dce
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d45111e5
      Linus Torvalds authored
      Pull x86 kvm fixes from Paolo Bonzini:
       "Many small fixes that accumulated while I was on vacation...
      
         - Fixup missed comments from the REMOVED_SPTE => FROZEN_SPTE rename
      
         - Ensure a root is successfully loaded when pre-faulting SPTEs
      
         - Grab kvm->srcu when handling KVM_SET_VCPU_EVENTS to guard against
           accessing memslots if toggling SMM happens to force a VM-Exit
      
         - Emulate MSR_{FS,GS}_BASE on SVM even though interception is always
           disabled, so that KVM does the right thing if KVM's emulator
           encounters {RD,WR}MSR
      
         - Explicitly clear BUS_LOCK_DETECT from KVM's caps on AMD, as KVM
           doesn't yet virtualize BUS_LOCK_DETECT on AMD
      
         - Cleanup the help message for CONFIG_KVM_AMD_SEV, and call out that
           KVM now supports SEV-SNP too
      
         - Specialize return value of
           KVM_CHECK_EXTENSION(KVM_CAP_READONLY_MEM), based on VM type
      
         - Remove unnecessary dependency on CONFIG_HIGH_RES_TIMERS
      
         - Note an RCU quiescent state on guest exit. This avoids a call to
           rcu_core() if there was a grace period request while guest was
           running"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: Remove HIGH_RES_TIMERS dependency
        kvm: Note an RCU quiescent state on guest exit
        KVM: x86: Only advertise KVM_CAP_READONLY_MEM when supported by VM
        KVM: SEV: Update KVM_AMD_SEV Kconfig entry and mention SEV-SNP
        KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
        KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
        KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
        KVM: x86/mmu: Check that root is valid/loaded when pre-faulting SPTEs
        KVM: x86/mmu: Fixup comments missed by the REMOVED_SPTE=>FROZEN_SPTE rename
      d45111e5
    • Linus Torvalds's avatar
      Merge tag 'pm-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 788220ee
      Linus Torvalds authored
      Pull power management fix from Rafael Wysocki:
       "Fix an incorrect warning emitted by the amd-pstate driver on
        processors that don't support X86_FEATURE_CPPC (Gautham Shenoy)"
      
      * tag 'pm-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq/amd-pstate: Remove warning for X86_FEATURE_CPPC on certain Zen models
      788220ee
    • Linus Torvalds's avatar
      Merge tag 'block-6.11-20240906' of git://git.kernel.dk/linux · b66f0b11
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Mostly just some fixlets for NVMe, but also a bug fix for the ublk
        driver and an integrity fix"
      
      * tag 'block-6.11-20240906' of git://git.kernel.dk/linux:
        bio-integrity: don't restrict the size of integrity metadata
        ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
        nvmet: Identify-Active Namespace ID List command should reject invalid nsid
        nvme: set BLK_FEAT_ZONED for ZNS multipath disks
        nvme-pci: Add sleep quirk for Samsung 990 Evo
        nvme-pci: allocate tagset on reset if necessary
        nvmet-tcp: fix kernel crash if commands allocation fails
        nvme: use better description for async reset reason
        nvmet: Make nvmet_debugfs static
      b66f0b11
    • Linus Torvalds's avatar
      Merge tag 'sound-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 703896be
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Hopefully the last PR for 6.11, at least for this level of amount.
      
        In addition to the usual HD-audio quirks, there are more changes in
        ASoC, but all look small and device-specific fixes, and nothing stands
        out. The only slightly big change is sunxi I2S fix, which looks quite
        safe to apply, too"
      
      * tag 'sound-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits)
        ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP
        ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
        ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx
        ALSA: hda/realtek: extend quirks for Clevo V5[46]0
        ASoC: codecs: lpass-va-macro: set the default codec version for sm8250
        ALSA: hda: add HDMI codec ID for Intel PTL
        ALSA: hda/realtek: add patch for internal mic in Lenovo V145
        ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
        ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK)
        ASoC: mediatek: mt8188-mt6359: Modify key
        ASoc: SOF: topology: Clear SOF link platform name upon unload
        ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
        ASoC: SOF: ipc: replace "enum sof_comp_type" field with "uint32_t"
        ASoC: fix module autoloading
        ASoC: tda7419: fix module autoloading
        ASoC: google: fix module autoloading
        ASoC: intel: fix module autoloading
        ASoC: tegra: Fix CBB error during probe()
        ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
        ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict
        ...
      703896be
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · c3af2256
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Apply SD quirks earlier during probe so they become relevant
      
        MMC host:
         - cqhci: Fix checking of CQHCI_HALT state
         - dw_mmc: Fix IDMAC operation with pages bigger than 4K
         - sdhci-of-aspeed: Fix module autoloading"
      
      * tag 'mmc-v6.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: cqhci: Fix checking of CQHCI_HALT state
        mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
        mmc: sdhci-of-aspeed: fix module autoloading
        mmc: core: apply SD quirks earlier during probe
      c3af2256
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 0de82f0d
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - fix an OF node reference leak in gpio-rockchip
      
       - add the missing module device table to gpio-modepin
      
      * tag 'gpio-fixes-for-v6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: modepin: Enable module autoloading
        gpio: rockchip: fix OF node leak in probe()
      0de82f0d
    • Linus Torvalds's avatar
      Merge tag 'pmdomain-v6.11-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm · 2125a725
      Linus Torvalds authored
      Pull pmdomain fix from Ulf Hansson:
      
       - Fix support for required OPPs for multiple PM domains
      
      * tag 'pmdomain-v6.11-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
        OPP: Fix support for required OPPs for multiple PM domains
      2125a725
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux · 8654fa5c
      Linus Torvalds authored
      Pull pwm fix from Uwe Kleine-König:
       "Fix an off-by-one in the stm32 driver.
      
        Hardware engineers tend to start counting at 1 while the software guys
        usually start with 0. This isn't so nice because that results in
        drivers where pwm device #2 needs to use the hardware registers with
        index 3.
      
        This was noticed by Fabrice Gasnier.
      
        A small patch fixing that mismatch is the only change included here"
      
      * tag 'pwm/for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux:
        pwm: stm32: Use the right CCxNP bit in stm32_pwm_enable()
      8654fa5c
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-09-06' of https://gitlab.freedesktop.org/drm/kernel · ea462f0f
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "This has a fair few patches in it, but I reviewed them all and they
        seem like real things, amdgpu, i915 and xe each have a bunch of fixes
        for various things, then there is a some bridge suspend/resume
        ordering fixes for a recent rework, and then some single driver
        changes in a few others.
      
        Nothing looks too serious, hopefully next week is quiet.
      
        amdgpu:
         - IPS workaround
         - Fix compatibility with older MES firmware
         - Fix CPU spikes when clearing VRAM
         - Backlight fix
         - PMO fix
         - Revert SWSMU change to fix regression
      
        xe:
         - GSC loading fix
         - PCODE mutex fix
         - Suspend/Resume fixes
         - RPM fixes
      
        i915:
         - Do not attempt to load the GSC multiple times
         - Fix readout degamma_lut mismatch on ilk/snb
         - Mark debug_fence_init_onstack() with __maybe_unused
         - fence: Mark debug_fence_free() with __maybe_unused
         - display: Add mechanism to use sink model when applying quirk
         - display: Increase Fast Wake Sync length as a quirk
      
        komeda:
         - zpos normalization fix
      
        nouveau:
         - incorrect register fix
      
        imagination:
         - memory leak fix
      
        bridge:
         - hdmi/bridge rework fixes
      
        panthor:
         - cache coherency fix
         - hi priority access fix
      
        panel:
         - change of compatible string
      
        fbdev:
         - deferred-io init with no struct page fix"
      
      * tag 'drm-fixes-2024-09-06' of https://gitlab.freedesktop.org/drm/kernel: (29 commits)
        Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
        drm/fbdev-dma: Only install deferred I/O if necessary
        drm/panthor: flush FW AS caches in slow reset path
        drm: panel: nv3052c: Correct WL-355608-A8 panel compatible
        dt-bindings: display: panel: Rename WL-355608-A8 panel to rg35xx-*-panel
        drm/panthor: Restrict high priorities on group_create
        drm/xe/display: Avoid encoder_suspend at runtime suspend
        drm/xe: Suspend/resume user access only during system s/r
        drm/xe/display: Match i915 driver suspend/resume sequences better
        drm/xe: Add missing runtime reference to wedged upon gt_reset
        drm/xe/pcode: Treat pcode as per-tile rather than per-GT
        drm/xe/gsc: Do not attempt to load the GSC multiple times
        drm/bridge-connector: reset the HDMI connector state
        drm/bridge-connector: move to DRM_DISPLAY_HELPER module
        drm/display: stop depending on DRM_DISPLAY_HELPER
        drm/i915/display: Increase Fast Wake Sync length as a quirk
        drm/i915/display: Add mechanism to use sink model when applying quirk
        drm/amd/display: Block timing sync for different signals in PMO
        drm/amd/display: Lock DC and exit IPS when changing backlight
        drm/amdgpu: always allocate cleared VRAM for GEM allocations
        ...
      ea462f0f
    • Christian Brauner's avatar
      libfs: fix get_stashed_dentry() · 4e32c25b
      Christian Brauner authored
      get_stashed_dentry() tries to optimistically retrieve a stashed dentry
      from a provided location.  It needs to ensure to hold rcu lock before it
      dereference the stashed location to prevent UAF issues.  Use
      rcu_dereference() instead of READ_ONCE() it's effectively equivalent
      with some lockdep bells and whistles and it communicates clearly that
      this expects rcu protection.
      
      Link: https://lore.kernel.org/r/20240906-vfs-hotfix-5959800ffa68@brauner
      Fixes: 07fd7c32 ("libfs: add path_from_stashed()")
      Reported-by: syzbot+f82b36bffae7ef78b6a7@syzkaller.appspotmail.com
      Fixes: syzbot+f82b36bffae7ef78b6a7@syzkaller.appspotmail.com
      Reported-by: syzbot+cbe4b96e1194b0e34db6@syzkaller.appspotmail.com
      Fixes: syzbot+cbe4b96e1194b0e34db6@syzkaller.appspotmail.com
      Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4e32c25b
    • Takashi Iwai's avatar
      Merge tag 'asoc-fix-v6.11-rc6' of... · c491b044
      Takashi Iwai authored
      Merge tag 'asoc-fix-v6.11-rc6' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
      
      ASoC: Fixes for v6.11
      
      A larger set of fixes than I'd like at this point, but mainly due to
      people working on fixing module autoloading by adding missing exports of
      ID tables rather than anything particularly concerning.  There are some
      other runtime fixes and quirks, and a tweak to the ABI definition for
      SOF which ensures that a struct layout doesn't vary depending on the
      architecture of the host.
      c491b044
    • Linus Torvalds's avatar
      Merge tag 'bpf-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · b831f83e
      Linus Torvalds authored
      Pull bpf fixes from Alexei Starovoitov:
      
       - Fix crash when btf_parse_base() returns an error (Martin Lau)
      
       - Fix out of bounds access in btf_name_valid_section() (Jeongjun Park)
      
      * tag 'bpf-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        selftests/bpf: Add a selftest to check for incorrect names
        bpf: add check for invalid name in btf_name_valid_section()
        bpf: Fix a crash when btf_parse_base() returns an error pointer
      b831f83e
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-6.11-2024-09-05' of... · 141bb6bc
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-6.11-2024-09-05' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
      
      amd-drm-fixes-6.11-2024-09-05:
      
      amdgpu:
      - IPS workaround
      - Fix compatibility with older MES firmware
      - Fix CPU spikes when clearing VRAM
      - Backlight fix
      - PMO fix
      - Revert SWSMU change to fix regression
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20240905190533.854116-1-alexander.deucher@amd.com
      141bb6bc
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2024-09-05' of... · ca10367a
      Dave Airlie authored
      Merge tag 'drm-misc-fixes-2024-09-05' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes
      
      A zpos normalization fix for komeda, a register bitmask fix for nouveau,
      a memory leak fix for imagination, three fixes for the recent bridge
      HDMI work, a potential DoS fix and a cache coherency for panthor, a
      change of panel compatible and a deferred-io fix when used with
      non-highmem memory.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Maxime Ripard <mripard@redhat.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20240905-original-radical-guan-e7a2ae@houat
      ca10367a
    • Dave Airlie's avatar
      Merge tag 'drm-xe-fixes-2024-09-05' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes · 4de4a0f1
      Dave Airlie authored
      - GSC loading fix (Daniele)
      - PCODE mutex fix (Matt)
      - Suspend/Resume fixes (Maarten, Imre)
      - RPM fixes (Rodrigo)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/ZtmyFvDfFLPbuf6A@intel.com
      4de4a0f1
    • Linus Torvalds's avatar
      Merge tag 'net-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · d759ee24
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from can, bluetooth and wireless.
      
        No known regressions at this point. Another calm week, but chances are
        that has more to do with vacation season than the quality of our work.
      
        Current release - new code bugs:
      
         - smc: prevent NULL pointer dereference in txopt_get
      
         - eth: ti: am65-cpsw: number of XDP-related fixes
      
        Previous releases - regressions:
      
         - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over
           BREDR/LE", it breaks existing user space
      
         - Bluetooth: qca: if memdump doesn't work, re-enable IBS to avoid
           later problems with suspend
      
         - can: mcp251x: fix deadlock if an interrupt occurs during
           mcp251x_open
      
         - eth: r8152: fix the firmware communication error due to use of bulk
           write
      
         - ptp: ocp: fix serial port information export
      
         - eth: igb: fix not clearing TimeSync interrupts for 82580
      
         - Revert "wifi: ath11k: support hibernation", fix suspend on Lenovo
      
        Previous releases - always broken:
      
         - eth: intel: fix crashes and bugs when reconfiguration and resets
           happening in parallel
      
         - wifi: ath11k: fix NULL dereference in ath11k_mac_get_eirp_power()
      
        Misc:
      
         - docs: netdev: document guidance on cleanup.h"
      
      * tag 'net-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (61 commits)
        ila: call nf_unregister_net_hooks() sooner
        tools/net/ynl: fix cli.py --subscribe feature
        MAINTAINERS: fix ptp ocp driver maintainers address
        selftests: net: enable bind tests
        net: dsa: vsc73xx: fix possible subblocks range of CAPT block
        sched: sch_cake: fix bulk flow accounting logic for host fairness
        docs: netdev: document guidance on cleanup.h
        net: xilinx: axienet: Fix race in axienet_stop
        net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
        r8152: fix the firmware doesn't work
        fou: Fix null-ptr-deref in GRO.
        bareudp: Fix device stats updates.
        net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
        bpf, net: Fix a potential race in do_sock_getsockopt()
        net: dqs: Do not use extern for unused dql_group
        sch/netem: fix use after free in netem_dequeue
        usbnet: modern method to get random MAC
        MAINTAINERS: wifi: cw1200: add net-cw1200.h
        ice: do not bring the VSI up, if it was down before the XDP setup
        ice: remove ICE_CFG_BUSY locking from AF_XDP code
        ...
      d759ee24
  5. 05 Sep, 2024 6 commits
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v6.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · f9535999
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "A few small driver specific fixes (including some of the widespread
        work on fixing missing ID tables for module autoloading and the revert
        of some problematic PM work in spi-rockchip), some improvements to the
        MAINTAINERS information for the NXP drivers and the addition of a new
        device ID to spidev"
      
      * tag 'spi-fix-v6.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        MAINTAINERS: SPI: Add mailing list imx@lists.linux.dev for nxp spi drivers
        MAINTAINERS: SPI: Add freescale lpspi maintainer information
        spi: spi-fsl-lpspi: Fix off-by-one in prescale max
        spi: spidev: Add missing spi_device_id for jg10309-01
        spi: bcm63xx: Enable module autoloading
        spi: intel: Add check devm_kasprintf() returned value
        spi: spidev: Add an entry for elgin,jg10309-01
        spi: rockchip: Resolve unbalanced runtime PM / system PM handling
      f9535999
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2024-09-05' of... · f2064ae3
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2024-09-05' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes
      
      - drm/i915: Do not attempt to load the GSC multiple times (Daniele Ceraolo Spurio)
      - drm/i915: Fix readout degamma_lut mismatch on ilk/snb (Ville Syrjälä)
      - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
      - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
      - drm/i915/display: Add mechanism to use sink model when applying quirk [display] (Jouni Högander)
      - drm/i915/display: Increase Fast Wake Sync length as a quirk [display] (Jouni Högander)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Tvrtko Ursulin <tursulin@igalia.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/Ztlo2hVO4SBvfAnq@linux
      f2064ae3
    • Linus Torvalds's avatar
      Merge tag 'regulator-fix-v6.11-stub' of... · 2a660447
      Linus Torvalds authored
      Merge tag 'regulator-fix-v6.11-stub' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
      
      Pull regulator fix from Mark Brown:
       "A fix from Doug Anderson for a missing stub, required to fix the build
        for some newly added users of devm_regulator_bulk_get_const() in
        !REGULATOR configurations"
      
      * tag 'regulator-fix-v6.11-stub' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
      2a660447
    • Linus Torvalds's avatar
      Merge tag 'rust-fixes-6.11-2' of https://github.com/Rust-for-Linux/linux · 6c5b3e30
      Linus Torvalds authored
      Pull Rust fixes from Miguel Ojeda:
       "Toolchain and infrastructure:
      
         - Fix builds for nightly compiler users now that 'new_uninit' was
           split into new features by using an alternative approach for the
           code that used what is now called the 'box_uninit_write' feature
      
         - Allow the 'stable_features' lint to preempt upcoming warnings about
           them, since soon there will be unstable features that will become
           stable in nightly compilers
      
         - Export bss symbols too
      
        'kernel' crate:
      
         - 'block' module: fix wrong usage of lockdep API
      
        'macros' crate:
      
         - Provide correct provenance when constructing 'THIS_MODULE'
      
        Documentation:
      
         - Remove unintended indentation (blockquotes) in generated output
      
         - Fix a couple typos
      
        MAINTAINERS:
      
         - Remove Wedson as Rust maintainer
      
         - Update Andreas' email"
      
      * tag 'rust-fixes-6.11-2' of https://github.com/Rust-for-Linux/linux:
        MAINTAINERS: update Andreas Hindborg's email address
        MAINTAINERS: Remove Wedson as Rust maintainer
        rust: macros: provide correct provenance when constructing THIS_MODULE
        rust: allow `stable_features` lint
        docs: rust: remove unintended blockquote in Quick Start
        rust: alloc: eschew `Box<MaybeUninit<T>>::write`
        rust: kernel: fix typos in code comments
        docs: rust: remove unintended blockquote in Coding Guidelines
        rust: block: fix wrong usage of lockdep API
        rust: kbuild: fix export of bss symbols
      6c5b3e30
    • Linus Torvalds's avatar
      Merge tag 'trace-v6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · e4b42053
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix adding a new fgraph callback after function graph tracing has
         already started.
      
         If the new caller does not initialize its hash before registering the
         fgraph_ops, it can cause a NULL pointer dereference. Fix this by
         adding a new parameter to ftrace_graph_enable_direct() passing in the
         newly added gops directly and not rely on using the fgraph_array[],
         as entries in the fgraph_array[] must be initialized.
      
         Assign the new gops to the fgraph_array[] after it goes through
         ftrace_startup_subops() as that will properly initialize the
         gops->ops and initialize its hashes.
      
       - Fix a memory leak in fgraph storage memory test.
      
         If the "multiple fgraph storage on a function" boot up selftest fails
         in the registering of the function graph tracer, it will not free the
         memory it allocated for the filter. Break the loop up into two where
         it allocates the filters first and then registers the functions where
         any errors will do the appropriate clean ups.
      
       - Only clear the timerlat timers if it has an associated kthread.
      
         In the rtla tool that uses timerlat, if it was killed just as it was
         shutting down, the signals can free the kthread and the timer. But
         the closing of the timerlat files could cause the hrtimer_cancel() to
         be called on the already freed timer. As the kthread variable is is
         set to NULL when the kthreads are stopped and the timers are freed it
         can be used to know not to call hrtimer_cancel() on the timer if the
         kthread variable is NULL.
      
       - Use a cpumask to keep track of osnoise/timerlat kthreads
      
         The timerlat tracer can use user space threads for its analysis. With
         the killing of the rtla tool, the kernel can get confused between if
         it is using a user space thread to analyze or one of its own kernel
         threads. When this confusion happens, kthread_stop() can be called on
         a user space thread and bad things happen. As the kernel threads are
         per-cpu, a bitmask can be used to know when a kernel thread is used
         or when a user space thread is used.
      
       - Add missing interface_lock to osnoise/timerlat stop_kthread()
      
         The stop_kthread() function in osnoise/timerlat clears the osnoise
         kthread variable, and if it was a user space thread does a put_task
         on it. But this can race with the closing of the timerlat files that
         also does a put_task on the kthread, and if the race happens the task
         will have put_task called on it twice and oops.
      
       - Add cond_resched() to the tracing_iter_reset() loop.
      
         The latency tracers keep writing to the ring buffer without resetting
         when it issues a new "start" event (like interrupts being disabled).
         When reading the buffer with an iterator, the tracing_iter_reset()
         sets its pointer to that start event by walking through all the
         events in the buffer until it gets to the time stamp of the start
         event. In the case of a very large buffer, the loop that looks for
         the start event has been reported taking a very long time with a non
         preempt kernel that it can trigger a soft lock up warning. Add a
         cond_resched() into that loop to make sure that doesn't happen.
      
       - Use list_del_rcu() for eventfs ei->list variable
      
         It was reported that running loops of creating and deleting kprobe
         events could cause a crash due to the eventfs list iteration hitting
         a LIST_POISON variable. This is because the list is protected by SRCU
         but when an item is deleted from the list, it was using list_del()
         which poisons the "next" pointer. This is what list_del_rcu() was to
         prevent.
      
      * tag 'trace-v6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()
        tracing/timerlat: Only clear timer if a kthread exists
        tracing/osnoise: Use a cpumask to know what threads are kthreads
        eventfs: Use list_del_rcu() for SRCU protected list variable
        tracing: Avoid possible softlockup in tracing_iter_reset()
        tracing: Fix memory leak in fgraph storage selftest
        tracing: fgraph: Fix to add new fgraph_ops to array after ftrace_startup_subops()
      e4b42053
    • Eric Dumazet's avatar
      ila: call nf_unregister_net_hooks() sooner · 031ae728
      Eric Dumazet authored
      syzbot found an use-after-free Read in ila_nf_input [1]
      
      Issue here is that ila_xlat_exit_net() frees the rhashtable,
      then call nf_unregister_net_hooks().
      
      It should be done in the reverse way, with a synchronize_rcu().
      
      This is a good match for a pre_exit() method.
      
      [1]
       BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]
       BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]
       BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
       BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672
      Read of size 4 at addr ffff888064620008 by task ksoftirqd/0/16
      
      CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
      Call Trace:
       <TASK>
        __dump_stack lib/dump_stack.c:93 [inline]
        dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
        print_address_description mm/kasan/report.c:377 [inline]
        print_report+0x169/0x550 mm/kasan/report.c:488
        kasan_report+0x143/0x180 mm/kasan/report.c:601
        rht_key_hashfn include/linux/rhashtable.h:159 [inline]
        __rhashtable_lookup include/linux/rhashtable.h:604 [inline]
        rhashtable_lookup include/linux/rhashtable.h:646 [inline]
        rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672
        ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]
        ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]
        ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190
        nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
        nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626
        nf_hook include/linux/netfilter.h:269 [inline]
        NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312
        __netif_receive_skb_one_core net/core/dev.c:5661 [inline]
        __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775
        process_backlog+0x662/0x15b0 net/core/dev.c:6108
        __napi_poll+0xcb/0x490 net/core/dev.c:6772
        napi_poll net/core/dev.c:6841 [inline]
        net_rx_action+0x89b/0x1240 net/core/dev.c:6963
        handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
        run_ksoftirqd+0xca/0x130 kernel/softirq.c:928
        smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
        kthread+0x2f0/0x390 kernel/kthread.c:389
        ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
        ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
       </TASK>
      
      The buggy address belongs to the physical page:
      page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620
      flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
      page_type: 0xbfffffff(buddy)
      raw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000
      raw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000
      page dumped because: kasan: bad access detected
      page_owner tracks the page as freed
      page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187
        set_page_owner include/linux/page_owner.h:32 [inline]
        post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493
        prep_new_page mm/page_alloc.c:1501 [inline]
        get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439
        __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695
        __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
        alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
        ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103
        __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130
        __do_kmalloc_node mm/slub.c:4146 [inline]
        __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164
        __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650
        bucket_table_alloc lib/rhashtable.c:186 [inline]
        rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071
        ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613
        ops_init+0x359/0x610 net/core/net_namespace.c:139
        setup_net+0x515/0xca0 net/core/net_namespace.c:343
        copy_net_ns+0x4e2/0x7b0 net/core/net_namespace.c:508
        create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
        unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
        ksys_unshare+0x619/0xc10 kernel/fork.c:3328
        __do_sys_unshare kernel/fork.c:3399 [inline]
        __se_sys_unshare kernel/fork.c:3397 [inline]
        __x64_sys_unshare+0x38/0x40 kernel/fork.c:3397
      page last free pid 11846 tgid 11846 stack trace:
        reset_page_owner include/linux/page_owner.h:25 [inline]
        free_pages_prepare mm/page_alloc.c:1094 [inline]
        free_unref_page+0xd22/0xea0 mm/page_alloc.c:2612
        __folio_put+0x2c8/0x440 mm/swap.c:128
        folio_put include/linux/mm.h:1486 [inline]
        free_large_kmalloc+0x105/0x1c0 mm/slub.c:4565
        kfree+0x1c4/0x360 mm/slub.c:4588
        rhashtable_free_and_destroy+0x7c6/0x920 lib/rhashtable.c:1169
        ila_xlat_exit_net+0x55/0x110 net/ipv6/ila/ila_xlat.c:626
        ops_exit_list net/core/net_namespace.c:173 [inline]
        cleanup_net+0x802/0xcc0 net/core/net_namespace.c:640
        process_one_work kernel/workqueue.c:3231 [inline]
        process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
        worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
        kthread+0x2f0/0x390 kernel/kthread.c:389
        ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
        ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
      
      Memory state around the buggy address:
       ffff88806461ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff88806461ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      >ffff888064620000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                            ^
       ffff888064620080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
       ffff888064620100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      
      Fixes: 7f00feaf ("ila: Add generic ILA translation facility")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Tom Herbert <tom@herbertland.com>
      Reviewed-by: default avatarFlorian Westphal <fw@strlen.de>
      Link: https://patch.msgid.link/20240904144418.1162839-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      031ae728