1. 13 Aug, 2024 1 commit
    • Kees Cook's avatar
      exec: Fix ToCToU between perm check and set-uid/gid usage · f50733b4
      Kees Cook authored
      When opening a file for exec via do_filp_open(), permission checking is
      done against the file's metadata at that moment, and on success, a file
      pointer is passed back. Much later in the execve() code path, the file
      metadata (specifically mode, uid, and gid) is used to determine if/how
      to set the uid and gid. However, those values may have changed since the
      permissions check, meaning the execution may gain unintended privileges.
      
      For example, if a file could change permissions from executable and not
      set-id:
      
      ---------x 1 root root 16048 Aug  7 13:16 target
      
      to set-id and non-executable:
      
      ---S------ 1 root root 16048 Aug  7 13:16 target
      
      it is possible to gain root privileges when execution should have been
      disallowed.
      
      While this race condition is rare in real-world scenarios, it has been
      observed (and proven exploitable) when package managers are updating
      the setuid bits of installed programs. Such files start with being
      world-executable but then are adjusted to be group-exec with a set-uid
      bit. For example, "chmod o-x,u+s target" makes "target" executable only
      by uid "root" and gid "cdrom", while also becoming setuid-root:
      
      -rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target
      
      becomes:
      
      -rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target
      
      But racing the chmod means users without group "cdrom" membership can
      get the permission to execute "target" just before the chmod, and when
      the chmod finishes, the exec reaches brpm_fill_uid(), and performs the
      setuid to root, violating the expressed authorization of "only cdrom
      group members can setuid to root".
      
      Re-check that we still have execute permissions in case the metadata
      has changed. It would be better to keep a copy from the perm-check time,
      but until we can do that refactoring, the least-bad option is to do a
      full inode_permission() call (under inode lock). It is understood that
      this is safe against dead-locks, but hardly optimal.
      Reported-by: default avatarMarco Vanotti <mvanotti@google.com>
      Tested-by: default avatarMarco Vanotti <mvanotti@google.com>
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Cc: stable@vger.kernel.org
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Christian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarKees Cook <kees@kernel.org>
      f50733b4
  2. 10 Aug, 2024 1 commit
  3. 04 Aug, 2024 11 commits
    • Linus Torvalds's avatar
      Linux 6.11-rc2 · de9c2c66
      Linus Torvalds authored
      de9c2c66
    • Tetsuo Handa's avatar
      profiling: remove profile=sleep support · b88f5538
      Tetsuo Handa authored
      The kernel sleep profile is no longer working due to a recursive locking
      bug introduced by commit 42a20f86 ("sched: Add wrapper for get_wchan()
      to keep task blocked")
      
      Booting with the 'profile=sleep' kernel command line option added or
      executing
      
        # echo -n sleep > /sys/kernel/profiling
      
      after boot causes the system to lock up.
      
      Lockdep reports
      
        kthreadd/3 is trying to acquire lock:
        ffff93ac82e08d58 (&p->pi_lock){....}-{2:2}, at: get_wchan+0x32/0x70
      
        but task is already holding lock:
        ffff93ac82e08d58 (&p->pi_lock){....}-{2:2}, at: try_to_wake_up+0x53/0x370
      
      with the call trace being
      
         lock_acquire+0xc8/0x2f0
         get_wchan+0x32/0x70
         __update_stats_enqueue_sleeper+0x151/0x430
         enqueue_entity+0x4b0/0x520
         enqueue_task_fair+0x92/0x6b0
         ttwu_do_activate+0x73/0x140
         try_to_wake_up+0x213/0x370
         swake_up_locked+0x20/0x50
         complete+0x2f/0x40
         kthread+0xfb/0x180
      
      However, since nobody noticed this regression for more than two years,
      let's remove 'profile=sleep' support based on the assumption that nobody
      needs this functionality.
      
      Fixes: 42a20f86 ("sched: Add wrapper for get_wchan() to keep task blocked")
      Cc: stable@vger.kernel.org # v5.16+
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b88f5538
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a5dbd76a
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - Prevent a deadlock on cpu_hotplug_lock in the aperf/mperf driver.
      
         A recent change in the ACPI code which consolidated code pathes moved
         the invocation of init_freq_invariance_cppc() to be moved to a CPU
         hotplug handler. The first invocation on AMD CPUs ends up enabling a
         static branch which dead locks because the static branch enable tries
         to acquire cpu_hotplug_lock but that lock is already held write by
         the hotplug machinery.
      
         Use static_branch_enable_cpuslocked() instead and take the hotplug
         lock read for the Intel code path which is invoked from the
         architecture code outside of the CPU hotplug operations.
      
       - Fix the number of reserved bits in the sev_config structure bit field
         so that the bitfield does not exceed 64 bit.
      
       - Add missing Zen5 model numbers
      
       - Fix the alignment assumptions of pti_clone_pgtable() and
         clone_entry_text() on 32-bit:
      
         The code assumes PMD aligned code sections, but on 32-bit the kernel
         entry text is not PMD aligned. So depending on the code size and
         location, which is configuration and compiler dependent, entry text
         can cross a PMD boundary. As the start is not PMD aligned adding PMD
         size to the start address is larger than the end address which
         results in partially mapped entry code for user space. That causes
         endless recursion on the first entry from userspace (usually #PF).
      
         Cure this by aligning the start address in the addition so it ends up
         at the next PMD start address.
      
         clone_entry_text() enforces PMD mapping, but on 32-bit the tail might
         eventually be PTE mapped, which causes a map fail because the PMD for
         the tail is not a large page mapping. Use PTI_LEVEL_KERNEL_IMAGE for
         the clone() invocation which resolves to PTE on 32-bit and PMD on
         64-bit.
      
       - Zero the 8-byte case for get_user() on range check failure on 32-bit
      
         The recend consolidation of the 8-byte get_user() case broke the
         zeroing in the failure case again. Establish it by clearing ECX
         before the range check and not afterwards as that obvioulsy can't be
         reached when the range check fails
      
      * tag 'x86-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/uaccess: Zero the 8-byte get_range case on failure on 32-bit
        x86/mm: Fix pti_clone_entry_text() for i386
        x86/mm: Fix pti_clone_pgtable() alignment assumption
        x86/setup: Parse the builtin command line before merging
        x86/CPU/AMD: Add models 0x60-0x6f to the Zen5 range
        x86/sev: Fix __reserved field in sev_config
        x86/aperfmperf: Fix deadlock on cpu_hotplug_lock
      a5dbd76a
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 61ca6c78
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "Two fixes for the timer/clocksource code:
      
         - The recent fix to make the take over of the broadcast timer more
           reliable retrieves a per CPU pointer in preemptible context.
      
           This went unnoticed in testing as some compilers hoist the access
           into the non-preemotible section where the pointer is actually
           used, but obviously compilers can rightfully invoke it where the
           code put it.
      
           Move it into the non-preemptible section right to the actual usage
           side to cure it.
      
         - The clocksource watchdog is supposed to emit a warning when the
           retry count is greater than one and the number of retries reaches
           the limit.
      
           The condition is backwards and warns always when the count is
           greater than one. Fixup the condition to prevent spamming dmesg"
      
      * tag 'timers-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()
        tick/broadcast: Move per CPU pointer access into the atomic section
      61ca6c78
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6cc82dc2
      Linus Torvalds authored
      Pull scheduler fixes from Thomas Gleixner:
      
       - When stime is larger than rtime due to accounting imprecision, then
         utime = rtime - stime becomes negative. As this is unsigned math, the
         result becomes a huge positive number.
      
         Cure it by resetting stime to rtime in that case, so utime becomes 0.
      
       - Restore consistent state when sched_cpu_deactivate() fails.
      
         When offlining a CPU fails in sched_cpu_deactivate() after the SMT
         present counter has been decremented, then the function aborts but
         fails to increment the SMT present counter and leaves it imbalanced.
         Consecutive operations cause it to underflow. Add the missing fixup
         for the error path.
      
         For SMT accounting the runqueue needs to marked online again in the
         error exit path to restore consistent state.
      
      * tag 'sched-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate()
        sched/core: Introduce sched_set_rq_on/offline() helper
        sched/smt: Fix unbalance sched_smt_present dec/inc
        sched/smt: Introduce sched_smt_present_inc/dec() helper
        sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
      6cc82dc2
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1ddeb0ef
      Linus Torvalds authored
      Pull x86 perf fixes from Thomas Gleixner:
      
       - Move the smp_processor_id() invocation back into the non-preemtible
         region, so that the result is valid to use
      
       - Add the missing package C2 residency counters for Sierra Forest CPUs
         to make the newly added support actually useful
      
      * tag 'perf-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86: Fix smp_processor_id()-in-preemptible warnings
        perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest
      1ddeb0ef
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 953f7764
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A couple of fixes for interrupt chip drivers:
      
         - Make sure to skip the clear register space in the MBIGEN driver
           when calculating the node register index. Otherwise the clear
           register is clobbered and the wrong node registers are accessed.
      
         - Fix a signed/unsigned confusion in the loongarch CPU driver which
           converts an error code to a huge "valid" interrupt number.
      
         - Convert the mesion GPIO interrupt controller lock to a raw spinlock
           so it works on RT.
      
         - Add a missing static to a internal function in the pic32 EVIC
           driver"
      
      * tag 'irq-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/mbigen: Fix mbigen node address layout
        irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t'
        irqchip/irq-pic32-evic: Add missing 'static' to internal function
        irqchip/loongarch-cpu: Fix return value of lpic_gsi_to_irq()
      953f7764
    • Linus Torvalds's avatar
      Merge tag 'locking-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3bc70ad1
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "Two fixes for locking and jump labels:
      
         - Ensure that the atomic_cmpxchg() conditions are correct and
           evaluating to true on any non-zero value except 1. The missing
           check of the return value leads to inconsisted state of the jump
           label counter.
      
         - Add a missing type conversion in the paravirt spinlock code which
           makes loongson build again"
      
      * tag 'locking-urgent-2024-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        jump_label: Fix the fix, brown paper bags galore
        locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node()
      3bc70ad1
    • Rob Herring (Arm)'s avatar
      arm: dts: arm: versatile-ab: Fix duplicate clock node name · ff588380
      Rob Herring (Arm) authored
      Commit 04f08ef2 ("arm/arm64: dts: arm: Use generic clock and
      regulator nodenames") renamed nodes and created 2 "clock-24000000" nodes
      (at different paths).
      
      The kernel can't handle these duplicate names even though they are at
      different paths.  Fix this by renaming one of the nodes to "clock-pclk".
      
      This name is aligned with other Arm boards (those didn't have a known
      frequency to use in the node name).
      
      Fixes: 04f08ef2 ("arm/arm64: dts: arm: Use generic clock and regulator nodenames")
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarRob Herring (Arm) <robh@kernel.org>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Tested-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ff588380
    • Linus Torvalds's avatar
      Merge tag '6.11-rc1-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 3f3f6d61
      Linus Torvalds authored
      Pull smb client fixes from Steve French:
      
       - two reparse point fixes
      
       - minor cleanup
      
       - additional trace point (to help debug a recent problem)
      
      * tag '6.11-rc1-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal version number
        smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp
        smb3: add dynamic tracepoints for shutdown ioctl
        cifs: Remove cifs_aio_ctx
        smb: client: handle lack of FSCTL_GET_REPARSE_POINT support
      3f3f6d61
    • Linus Torvalds's avatar
      Merge tag 'media/v6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 3c41df42
      Linus Torvalds authored
      Pull media fixes from Mauro Carvalho Chehab:
      
       - two Kconfig fixes
      
       - one fix for the UVC driver addressing probing time detection of a UVC
         custom controls
      
       - one fix related to PDF generation
      
      * tag 'media/v6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
        media: v4l: Fix missing tabular column hint for Y14P format
        media: intel/ipu6: select AUXILIARY_BUS in Kconfig
        media: ipu-bridge: fix ipu6 Kconfig dependencies
        media: uvcvideo: Fix custom control mapping probing
      3c41df42
  4. 03 Aug, 2024 5 commits
  5. 02 Aug, 2024 22 commits
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.11-20240802' of git://git.kernel.dk/linux · 17712b7e
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Two minor tweaks for the NAPI handling, both from Olivier:
      
         - Kill two unused list definitions
      
         - Ensure that multishot NAPI doesn't age away"
      
      * tag 'io_uring-6.11-20240802' of git://git.kernel.dk/linux:
        io_uring: remove unused local list heads in NAPI functions
        io_uring: keep multishot request NAPI timeout current
      17712b7e
    • Linus Torvalds's avatar
      Merge tag 'thermal-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · d9ef02e5
      Linus Torvalds authored
      Pull thermal control fixes from Rafael Wysocki:
       "These fix a few issues related to the MSI IRQs management in the
        int340x thermal driver, fix a thermal core issue that may lead to
        missing trip point crossing events and update the thermal core
        documentation.
      
        Specifics:
      
         - Fix MSI error path cleanup in int340x, allow it to work with a
           subset of thermal MSI IRQs if some of them are not working and make
           it free all MSI IRQs on module exit (Srinivas Pandruvada)
      
         - Fix a thermal core issue that may lead to missing trip point
           crossing events in some cases when thermal_zone_set_trips() is used
           and update the thermal core documentation (Rafael Wysocki)"
      
      * tag 'thermal-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: core: Update thermal zone registration documentation
        thermal: trip: Avoid skipping trips in thermal_zone_set_trips()
        thermal: intel: int340x: Free MSI IRQ vectors on module exit
        thermal: intel: int340x: Allow limited thermal MSI support
        thermal: intel: int340x: Fix kernel warning during MSI cleanup
      d9ef02e5
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 041b1061
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - Expand the speculative SSBS errata workaround to more CPUs
      
       - Ensure jump label changes are visible to all CPUs with a
         kick_all_cpus_sync() (and also enable jump label batching as part of
         the fix)
      
       - The shadow call stack sanitiser is currently incompatible with Rust,
         make CONFIG_RUST conditional on !CONFIG_SHADOW_CALL_STACK
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: jump_label: Ensure patched jump_labels are visible to all CPUs
        rust: SHADOW_CALL_STACK is incompatible with Rust
        arm64: errata: Expand speculative SSBS workaround (again)
        arm64: cputype: Add Cortex-A725 definitions
        arm64: cputype: Add Cortex-X1C definitions
      041b1061
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-6.11-rc2' of https://github.com/ceph/ceph-client · 1c424629
      Linus Torvalds authored
      Pull ceph fix from Ilya Dryomov:
       "A fix for a potential hang in the MDS when cap revocation races with
        the client releasing the caps in question, marked for stable"
      
      * tag 'ceph-for-6.11-rc2' of https://github.com/ceph/ceph-client:
        ceph: force sending a cap update msg back to MDS for revoke op
      1c424629
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 725d410f
      Linus Torvalds authored
      Pull kvm updates from Paolo Bonzini:
       "The bulk of the changes here is a largish change to guest_memfd,
        delaying the clearing and encryption of guest-private pages until they
        are actually added to guest page tables. This started as "let's make
        it impossible to misuse the API" for SEV-SNP; but then it ballooned a
        bit.
      
        The new logic is generally simpler and more ready for hugepage support
        in guest_memfd.
      
        Summary:
      
         - fix latent bug in how usage of large pages is determined for
           confidential VMs
      
         - fix "underline too short" in docs
      
         - eliminate log spam from limited APIC timer periods
      
         - disallow pre-faulting of memory before SEV-SNP VMs are initialized
      
         - delay clearing and encrypting private memory until it is added to
           guest page tables
      
         - this change also enables another small cleanup: the checks in
           SNP_LAUNCH_UPDATE that limit it to non-populated, private pages can
           now be moved in the common kvm_gmem_populate() function
      
         - fix compilation error that the RISC-V merge introduced in selftests"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86/mmu: fix determination of max NPT mapping level for private pages
        KVM: riscv: selftests: Fix compile error
        KVM: guest_memfd: abstract how prepared folios are recorded
        KVM: guest_memfd: let kvm_gmem_populate() operate only on private gfns
        KVM: extend kvm_range_has_memory_attributes() to check subset of attributes
        KVM: cleanup and add shortcuts to kvm_range_has_memory_attributes()
        KVM: guest_memfd: move check for already-populated page to common code
        KVM: remove kvm_arch_gmem_prepare_needed()
        KVM: guest_memfd: make kvm_gmem_prepare_folio() operate on a single struct kvm
        KVM: guest_memfd: delay kvm_gmem_prepare_folio() until the memory is passed to the guest
        KVM: guest_memfd: return locked folio from __kvm_gmem_get_pfn
        KVM: rename CONFIG_HAVE_KVM_GMEM_* to CONFIG_HAVE_KVM_ARCH_GMEM_*
        KVM: guest_memfd: do not go through struct page
        KVM: guest_memfd: delay folio_mark_uptodate() until after successful preparation
        KVM: guest_memfd: return folio from __kvm_gmem_get_pfn()
        KVM: x86: disallow pre-fault for SNP VMs before initialization
        KVM: Documentation: Fix title underline too short warning
        KVM: x86: Eliminate log spam from limited APIC timer periods
      725d410f
    • Paolo Bonzini's avatar
      Merge branch 'kvm-fixes' into HEAD · 1773014a
      Paolo Bonzini authored
      * fix latent bug in how usage of large pages is determined for
        confidential VMs
      
      * fix "underline too short" in docs
      
      * eliminate log spam from limited APIC timer periods
      
      * disallow pre-faulting of memory before SEV-SNP VMs are initialized
      
      * delay clearing and encrypting private memory until it is added to
        guest page tables
      
      * this change also enables another small cleanup: the checks in
        SNP_LAUNCH_UPDATE that limit it to non-populated, private pages
        can now be moved in the common kvm_gmem_populate() function
      1773014a
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 948752d2
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A fix to avoid dropping some of the internal pseudo-extensions, which
         breaks *envcfg dependency parsing
      
       - The kernel entry address is now aligned in purgatory, which avoids a
         misaligned load that can lead to crash on systems that don't support
         misaligned accesses early in boot
      
       - The FW_SFENCE_VMA_RECEIVED perf event was duplicated in a handful of
         perf JSON configurations, one of them been updated to
         FW_SFENCE_VMA_ASID_SENT
      
       - The starfive cache driver is now restricted to 64-bit systems, as it
         isn't 32-bit clean
      
       - A fix for to avoid aliasing legacy-mode perf counters with software
         perf counters
      
       - VM_FAULT_SIGSEGV is now handled in the page fault code
      
       - A fix for stalls during CPU hotplug due to IPIs being disabled
      
       - A fix for memblock bounds checking. This manifests as a crash on
         systems with discontinuous memory maps that have regions that don't
         fit in the linear map
      
      * tag 'riscv-for-linus-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Fix linear mapping checks for non-contiguous memory regions
        RISC-V: Enable the IPI before workqueue_online_cpu()
        riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
        perf: riscv: Fix selecting counters in legacy mode
        cache: StarFive: Require a 64-bit system
        perf arch events: Fix duplicate RISC-V SBI firmware event name
        riscv/purgatory: align riscv_kernel_entry
        riscv: cpufeature: Do not drop Linux-internal extensions
      948752d2
    • Paolo Bonzini's avatar
      Merge tag 'kvm-riscv-fixes-6.11-1' of https://github.com/kvm-riscv/linux into HEAD · 29b5bbf7
      Paolo Bonzini authored
      KVM/riscv fixes for 6.11, take #1
      
      - Fix compile error in get-reg-list selftests
      29b5bbf7
    • Linus Torvalds's avatar
      Merge tag 's390-6.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 66242ef2
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
      
       - remove unused empty CPU alternatives header file
      
       - fix recently and erroneously removed exception handling when loading
         an invalid floating point register
      
       - ptdump fixes to reflect the recent changes due to the uncoupling of
         physical vs virtual kernel address spaces
      
       - changes to avoid the unnecessary splitting of large pages in kernel
         mappings
      
       - add the missing MODULE_DESCRIPTION for the CIO modules
      
      * tag 's390-6.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: Keep inittext section writable
        s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
        s390/mm: Get rid of RELOC_HIDE()
        s390/mm/ptdump: Improve sorting of markers
        s390/mm/ptdump: Add support for relocated lowcore mapping
        s390/mm/ptdump: Fix handling of identity mapping area
        s390/cio: Add missing MODULE_DESCRIPTION() macros
        s390/alternatives: Remove unused empty header file
        s390/fpu: Re-add exception handling in load_fpu_state()
      66242ef2
    • Paul E. McKenney's avatar
      clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() · f2655ac2
      Paul E. McKenney authored
      The current "nretries > 1 || nretries >= max_retries" check in
      cs_watchdog_read() will always evaluate to true, and thus pr_warn(), if
      nretries is greater than 1.  The intent is instead to never warn on the
      first try, but otherwise warn if the successful retry was the last retry.
      
      Therefore, change that "||" to "&&".
      
      Fixes: db3a34e1 ("clocksource: Retry clock read if long delays detected")
      Reported-by: default avatarBorislav Petkov <bp@alien8.de>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/all/20240802154618.4149953-2-paulmck@kernel.org
      f2655ac2
    • Linus Torvalds's avatar
      Merge tag 'asm-generic-fixes-6.11-1' of... · 29ccb40f
      Linus Torvalds authored
      Merge tag 'asm-generic-fixes-6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic
      
      Pull asm-generic fixes from Arnd Bergmann:
       "These are three important bug fixes for the cross-architecture tree,
        fixing a regression with the new syscall.tbl file, the inconsistent
        numbering for the new uretprobe syscall and a bug with iowrite64be on
        alpha"
      
      * tag 'asm-generic-fixes-6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
        syscalls: fix syscall macros for newfstat/newfstatat
        uretprobe: change syscall number, again
        alpha: fix ioread64be()/iowrite64be() helpers
      29ccb40f
    • Linus Torvalds's avatar
      Merge tag 'sound-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 6b779f8a
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A small collection of fixes:
      
         - Revert of FireWire changes that caused a long-time regression
      
         - Another long-time regression fix for AMD HDMI
      
         - MIDI2 UMP fixes
      
         - HD-audio Conexant codec fixes and a quirk"
      
      * tag 'sound-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda: Conditionally use snooping for AMD HDMI
        ALSA: usb-audio: Correct surround channels in UAC1 channel map
        ALSA: seq: ump: Explicitly reset RPN with Null RPN
        ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception
        ALSA: seq: ump: Use the common RPN/bank conversion context
        ALSA: ump: Explicitly reset RPN with Null RPN
        ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception
        Revert "ALSA: firewire-lib: operate for period elapse event in process context"
        Revert "ALSA: firewire-lib: obsolete workqueue for period update"
        ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
        ALSA: seq: ump: Optimize conversions from SysEx to UMP
        ALSA: hda/conexant: Mute speakers at suspend / shutdown
        ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
        ALSA: hda: conexant: Fix headset auto detect fail in the polling mode
      6b779f8a
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-08-02' of https://gitlab.freedesktop.org/drm/kernel · 29b4a699
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Regular weekly fixes. This is a bit larger than usual but doesn't seem
        too crazy.
      
        Most of it is vmwgfx changes that fix a bunch of issues with wayland
        userspaces with dma-buf/external buffers and modesetting fixes.
      
        Otherwise it's kinda spread out, v3d fixes some new ioctls, nouveau
        has regression revert and fixes, amdgpu, i915 and ast have some small
        fixes, and some core fixes spread about.
      
        client:
         - fix error code
      
        atomic:
         - allow damage clips with async flips
         - allow explicit sync with async flips
      
        kselftests:
         - fix dmabuf-heaps test
      
        panic:
         - fix schedule_work in panic paths
      
        panel:
         - fix OrangePi Neo orientation
      
        gpuvm:
         - fix missing dependency
      
        amdgpu:
         - SMU 14.x update
         - Fix contiguous VRAM handling for IB parsing
         - GFX 12 fix
         - Regression fix for old APUs
      
        i915:
         - Static analysis fix for int overflow
         - Fix for HDCP2_STREAM_STATUS macro and removal of PWR_CLK_STATE for gen12
      
        nouveau:
         - revert busy wait change that caused a resume regression
         - fix buffer placement fault on dynamic pm s/r
         - fix refcount underflow
      
        ast:
         - fix black screen on resume
         - wake during connector status detect
      
        v3d:
         - fix issues with perf/timestamp ioctls
      
        vmwgfx:
         - fix deadlock in dma-buf fence polling
         - fix screen surface refcounting
         - fix dumb buffer handling
         - fix support for external buffers
         - fix overlay with screen targets
         - trigger modeset on screen moves"
      
      * tag 'drm-fixes-2024-08-02' of https://gitlab.freedesktop.org/drm/kernel: (31 commits)
        Revert "nouveau: rip out busy fence waits"
        nouveau: set placement to original placement on uvmm validate.
        drm/atomic: Allow userspace to use damage clips with async flips
        drm/atomic: Allow userspace to use explicit sync with atomic async flips
        drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
        drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro
        drm/ast: astdp: Wake up during connector status detection
        i915/perf: Remove code to update PWR_CLK_STATE for gen12
        kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
        drm/client: Fix error code in drm_client_buffer_vmap_local()
        drm/amdgpu: Fix APU handling in amdgpu_pm_load_smu_firmware()
        drm/amdgpu: increase mes log buffer size for gfx12
        drm/amdgpu: fix contiguous handling for IB parsing v2
        drm/amdgpu/pm: support gpu_metrics sysfs interface for smu v14.0.2/3
        drm/vmwgfx: Trigger a modeset when the screen moves
        drm/vmwgfx: Fix overlay when using Screen Targets
        drm/vmwgfx: Add basic support for external buffers
        drm/vmwgfx: Fix handling of dumb buffers
        drm/vmwgfx: Make sure the screen surface is ref counted
        drm/vmwgfx: Fix a deadlock in dma buf fence polling
        ...
      29b4a699
    • Steve French's avatar
      cifs: update internal version number · a91bfa67
      Steve French authored
      To 2.50
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      a91bfa67
    • Paulo Alcantara's avatar
      smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp · ddecea00
      Paulo Alcantara authored
      NetApp server requires the file to be open with FILE_READ_EA access in
      order to support FSCTL_GET_REPARSE_POINT, otherwise it will return
      STATUS_INVALID_DEVICE_REQUEST.  It doesn't make any sense because
      there's no requirement for FILE_READ_EA bit to be set nor
      STATUS_INVALID_DEVICE_REQUEST being used for something other than
      "unsupported reparse points" in MS-FSA.
      
      To fix it and improve compatibility, set FILE_READ_EA & SYNCHRONIZE
      bits to match what Windows client currently does.
      Tested-by: default avatarSebastian Steinbeisser <Sebastian.Steinbeisser@lrz.de>
      Acked-by: default avatarTom Talpey <tom@talpey.com>
      Signed-off-by: default avatarPaulo Alcantara (Red Hat) <pc@manguebit.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      ddecea00
    • Steve French's avatar
      smb3: add dynamic tracepoints for shutdown ioctl · 69ca1f57
      Steve French authored
      For debugging an umount failure in xfstests generic/043 generic/044 in some
      configurations, we needed more information on the shutdown ioctl which
      was suspected of being related to the cause, so tracepoints are added
      in this patch e.g.
      
        "trace-cmd record -e smb3_shutdown_enter -e smb3_shutdown_done -e smb3_shutdown_err"
      
      Sample output:
        godown-47084   [011] .....  3313.756965: smb3_shutdown_enter: flags=0x1 tid=0x733b3e75
        godown-47084   [011] .....  3313.756968: smb3_shutdown_done: flags=0x1 tid=0x733b3e75
      Tested-by: default avatarAnthony Nandaa (Microsoft) <profnandaa@gmail.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      69ca1f57
    • David Howells's avatar
      cifs: Remove cifs_aio_ctx · cd936507
      David Howells authored
      Remove struct cifs_aio_ctx and its associated alloc/release functions as it
      is no longer used, the functions being taken over by netfslib.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Steve French <sfrench@samba.org>
      cc: linux-cifs@vger.kernel.org
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      cd936507
    • Paulo Alcantara's avatar
      smb: client: handle lack of FSCTL_GET_REPARSE_POINT support · 4b96024e
      Paulo Alcantara authored
      As per MS-FSA 2.1.5.10.14, support for FSCTL_GET_REPARSE_POINT is
      optional and if the server doesn't support it,
      STATUS_INVALID_DEVICE_REQUEST must be returned for the operation.
      
      If we find files with reparse points and we can't read them due to
      lack of client or server support, just ignore it and then treat them
      as regular files or junctions.
      
      Fixes: 5f71ebc4 ("smb: client: parse reparse point flag in create response")
      Reported-by: default avatarSebastian Steinbeisser <Sebastian.Steinbeisser@lrz.de>
      Tested-by: default avatarSebastian Steinbeisser <Sebastian.Steinbeisser@lrz.de>
      Acked-by: default avatarTom Talpey <tom@talpey.com>
      Signed-off-by: default avatarPaulo Alcantara (Red Hat) <pc@manguebit.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      4b96024e
    • Linus Torvalds's avatar
      Merge tag 'ata-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux · 454e2370
      Linus Torvalds authored
      Pull ata fix from Damien Le Moal:
      
       - Add missing power-domains property to the device tree bindings for
         the Rockchip Designware AHCI adapter (from Heiko)
      
      * tag 'ata-6.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
        dt-bindings: ata: rockchip-dwc-ahci: add missing power-domains
      454e2370
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · bbea34e6
      Linus Torvalds authored
      Pull vfs fix from Al Viro:
       "do_dup2() out-of-bounds array speculation fix"
      
      * tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        protect the fetch of ->fd[fd] in do_dup2() from mispredictions
      bbea34e6
    • Will Deacon's avatar
      arm64: jump_label: Ensure patched jump_labels are visible to all CPUs · cfb00a35
      Will Deacon authored
      Although the Arm architecture permits concurrent modification and
      execution of NOP and branch instructions, it still requires some
      synchronisation to ensure that other CPUs consistently execute the newly
      written instruction:
      
       >  When the modified instructions are observable, each PE that is
       >  executing the modified instructions must execute an ISB or perform a
       >  context synchronizing event to ensure execution of the modified
       >  instructions
      
      Prior to commit f6cc0c50 ("arm64: Avoid calling stop_machine() when
      patching jump labels"), the arm64 jump_label patching machinery
      performed synchronisation using stop_machine() after each modification,
      however this was problematic when flipping static keys from atomic
      contexts (namely, the arm_arch_timer CPU hotplug startup notifier) and
      so we switched to the _nosync() patching routines to avoid "scheduling
      while atomic" BUG()s during boot.
      
      In hindsight, the analysis of the issue in f6cc0c50 isn't quite
      right: it cites the use of IPIs in the default patching routines as the
      cause of the lockup, whereas stop_machine() does not rely on IPIs and
      the I-cache invalidation is performed using __flush_icache_range(),
      which elides the call to kick_all_cpus_sync(). In fact, the blocking
      wait for other CPUs is what triggers the BUG() and the problem remains
      even after f6cc0c50, for example because we could block on the
      jump_label_mutex. Eventually, the arm_arch_timer driver was fixed to
      avoid the static key entirely in commit a862fc22
      ("clocksource/arm_arch_timer: Remove use of workaround static key").
      
      This all leaves the jump_label patching code in a funny situation on
      arm64 as we do not synchronise with other CPUs to reduce the likelihood
      of a bug which no longer exists. Consequently, toggling a static key on
      one CPU cannot be assumed to take effect on other CPUs, leading to
      potential issues, for example with missing preempt notifiers.
      
      Rather than revert f6cc0c50 and go back to stop_machine() for each
      patch site, implement arch_jump_label_transform_apply() and kick all
      the other CPUs with an IPI at the end of patching.
      
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Marc Zyngier <maz@kernel.org>
      Fixes: f6cc0c50 ("arm64: Avoid calling stop_machine() when patching jump labels")
      Signed-off-by: default avatarWill Deacon <will@kernel.org>
      Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20240731133601.3073-1-will@kernel.orgSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      cfb00a35
    • Arnd Bergmann's avatar
      syscalls: fix syscall macros for newfstat/newfstatat · 343416f0
      Arnd Bergmann authored
      The __NR_newfstat and __NR_newfstatat macros accidentally got renamed
      in the conversion to the syscall.tbl format, dropping the 'new' portion
      of the name.
      
      In an unrelated change, the two syscalls are no longer architecture
      specific but are once more defined on all 64-bit architectures, so the
      'newstat' ABI keyword can be dropped from the table as a simplification.
      
      Fixes: Fixes: 4fe53bf2 ("syscalls: add generic scripts/syscall.tbl")
      Closes: https://lore.kernel.org/lkml/838053e0-b186-4e9f-9668-9a3384a71f23@app.fastmail.com/T/#tReported-by: default avatarFlorian Weimer <fweimer@redhat.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      343416f0