[ Upstream commit 3db03fb4995ef85fc41e86262ead7b4852f4bcf0 ]
While x86_64 has PMD aligned text sections, i386 does not have this
luxery. Notably ALIGN_ENTRY_TEXT_END is empty and _etext has PAGE
alignment.
This means that text on i386 can be page granular at the tail end,
which in turn means that the PTI text clones should consistently
account for this.
Make pti_clone_entry_text() consistent with pti_clone_kernel_text().
Fixes: 16a3fe634f ("x86/mm/pti: Clone kernel-image on PTE level for 32 bit")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 41e71dbb0e0a0fe214545fe64af031303a08524c ]
Guenter reported dodgy crashes on an i386-nosmp build using GCC-11
that had the form of endless traps until entry stack exhaust and then
#DF from the stack guard.
It turned out that pti_clone_pgtable() had alignment assumptions on
the start address, notably it hard assumes start is PMD aligned. This
is true on x86_64, but very much not true on i386.
These assumptions can cause the end condition to malfunction, leading
to a 'short' clone. Guess what happens when the user mapping has a
short copy of the entry text?
Use the correct increment form for addr to avoid alignment
assumptions.
Fixes: 16a3fe634f ("x86/mm/pti: Clone kernel-image on PTE level for 32 bit")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20240731163105.GG33588@noisy.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 224fa3552029a3d14bec7acf72ded8171d551b88 ]
Per the example of:
!atomic_cmpxchg(&key->enabled, 0, 1)
the inverse was written as:
atomic_cmpxchg(&key->enabled, 1, 0)
except of course, that while !old is only true for old == 0, old is
true for everything except old == 0.
Fix it to read:
atomic_cmpxchg(&key->enabled, 1, 0) == 1
such that only the 1->0 transition returns true and goes on to disable
the keys.
Fixes: 83ab38ef0a0b ("jump_label: Fix concurrency issues in static_key_slow_dec()")
Reported-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lkml.kernel.org/r/20240731105557.GY33588@noisy.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 72b96ee29ed6f7670bbb180ba694816e33d361d1 ]
Width of chunk related bitfields is ACTIVATE_SCAN and SCAN_STATUS MSRs
are different in newer IFS generation compared to gen0.
Make changes to scan test flow such that MSRs are populated
appropriately based on the generation supported by hardware.
Account for the 8/16 bit MSR bitfield width differences between gen0 and
newer generations for the scan test trace event too.
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Link: https://lore.kernel.org/r/20231005195137.3117166-5-jithu.joseph@intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Stable-dep-of: 3114f77e9453 ("platform/x86/intel/ifs: Initialize union ifs_status to zero")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6be6cba9c4371d27f78d900ccfe34bb880d9ee20 ]
The mbigen interrupt chip has its per node registers located in a
contiguous region of page sized chunks. The code maps them into virtual
address space as a contiguous region and determines the address of a node
by using the node ID as index.
mbigen chip
|-----------------|------------|--------------|
mgn_node_0 mgn_node_1 ... mgn_node_i
|--------------| |--------------| |----------------------|
[0x0000, 0x0x0FFF] [0x1000, 0x1FFF] [i*0x1000, (i+1)*0x1000 - 1]
This works correctly up to 10 nodes, but then fails because the 11th's
array slot is used for the MGN_CLEAR registers.
mbigen chip
|-----------|--------|--------|---------------|--------|
mgn_node_0 mgn_node_1 ... mgn_clear_register ... mgn_node_i
|-----------------|
[0xA000, 0xAFFF]
Skip the MGN_CLEAR register space when calculating the offset for node IDs
greater than or equal to ten.
Fixes: a6c2f87b88 ("irqchip/mbigen: Implement the mbigen irq chip operation functions")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/20240730014400.1751530-1-zouyipeng@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
During system resume, sd_start_stop_device() submits a START STOP UNIT
command to the SCSI device that is being resumed. That command is not
retried in case of a unit attention and hence may fail. An example:
[16575.983359] sd 0:0:0:3: [sdd] Starting disk
[16575.983693] sd 0:0:0:3: [sdd] Start/Stop Unit failed: Result: hostbyte=0x00 driverbyte=DRIVER_OK
[16575.983712] sd 0:0:0:3: [sdd] Sense Key : 0x6
[16575.983730] sd 0:0:0:3: [sdd] ASC=0x29 ASCQ=0x0
[16575.983738] sd 0:0:0:3: PM: dpm_run_callback(): scsi_bus_resume+0x0/0xa0 returns -5
[16575.983783] sd 0:0:0:3: PM: failed to resume async: error -5
Make the SCSI core retry the START STOP UNIT command if a retryable
error is encountered.
Cc: Damien Le Moal <dlemoal@kernel.org>
Cc: Mike Christie <michael.christie@oracle.com>
Change-Id: Ic8e0859c4455d93fcabee42f1598858571f5f3d1
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Bug: 348341595
Link: https://lore.kernel.org/linux-scsi/yq17ccp1i4b.fsf@ca-mkp.ca.oracle.com/T/#m52a26a50649b1d537cb129e5653f723509d6bde7
Signed-off-by: Bart Van Assche <bvanassche@google.com>
In commit 81dd3c82a4 ("net: fix __dst_negative_advice() race") the
struct dst_ops callback negative_advice is callback changes function
parameters. But as this pointer is part of a structure that is tracked
in the ABI checker, the tool triggers when this is changed.
However, the callback pointer is internal to the networking stack, so
changing the function type is safe, so needing to preserve this is not
required. To do so, switch the function pointer type back to the old
one so that the checking tools pass, AND then do a hard cast of the
function pointer to the new type when assigning and calling the
function.
[6.1.y backport note, work around --Werror=cast-function-type issue by
abusing void * for function pointer types, despite its best effort, C
still let's us shoot our foot off if we really want to!]
Bug: 343727534
Fixes: 81dd3c82a4 ("net: fix __dst_negative_advice() race")
Change-Id: I48d4ab4bbd29f8edc8fbd7923828b7f78a23e12e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.94
drm: Check output polling initialized before disabling
drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes
Bluetooth: btrtl: Add missing MODULE_FIRMWARE declarations
maple_tree: fix allocation in mas_sparse_area()
maple_tree: fix mas_empty_area_rev() null pointer dereference
mmc: core: Do not force a retune before RPMB switch
afs: Don't cross .backup mountpoint from backup volume
riscv: signal: handle syscall restart before get_signal
nilfs2: fix use-after-free of timer for log writer thread
drm/i915/audio: Fix audio time stamp programming for DP
mptcp: avoid some duplicate code in socket option handling
mptcp: cleanup SOL_TCP handling
mptcp: fix full TCP keep-alive support
vxlan: Fix regression when dropping packets due to invalid src addresses
scripts/gdb: fix SB_* constants parsing
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
media: lgdt3306a: Add a check against null-pointer-def
drm/amdgpu: add error handle to avoid out-of-bounds
bcache: fix variable length array abuse in btree_iter
wifi: rtw89: correct aSIFSTime for 6GHz band
ata: pata_legacy: make legacy_exit() work again
thermal/drivers/qcom/lmh: Check for SCM availability at probe
soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
arm64: tegra: Correct Tegra132 I2C alias
arm64: dts: qcom: qcs404: fix bluetooth device address
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
arm64: dts: hi3798cv200: fix the size of GICR
media: mc: Fix graph walk in media_pipeline_start
media: mc: mark the media devnode as registered from the, start
media: mxl5xx: Move xpt structures off stack
media: v4l2-core: hold videodev_lock until dev reg, finishes
mmc: core: Add mmc_gpiod_set_cd_config() function
mmc: sdhci: Add support for "Tuning Error" interrupts
mmc: sdhci-acpi: Sort DMI quirks alphabetically
mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA
fbdev: savage: Handle err return when savagefb_check_var failed
drm/amdgpu/atomfirmware: add intergrated info v2.3 table
9p: add missing locking around taking dentry fid list
drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
KVM: arm64: Fix AArch32 register narrowing on userspace write
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
KVM: arm64: AArch32: Fix spurious trapping of conditional instructions
crypto: ecdsa - Fix module auto-load on add-key
crypto: ecrdsa - Fix module auto-load on add_key
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
mm: fix race between __split_huge_pmd_locked() and GUP-fast
scsi: core: Handle devices which return an unusually large VPD page count
net/ipv6: Fix route deleting failure when metric equals 0
net/9p: fix uninit-value in p9_client_rpc()
kmsan: do not wipe out origin when doing partial unpoisoning
cpufreq: amd-pstate: Fix the inconsistency in max frequency units
intel_th: pci: Add Meteor Lake-S CPU support
sparc64: Fix number of online CPUs
mm/cma: drop incorrect alignment check in cma_init_reserved_mem
mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid
watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
net: fix __dst_negative_advice() race
sparc: move struct termio to asm/termios.h
ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
parisc: Define sigset_t in parisc uapi header
s390/ap: Fix crash in AP internal function modify_bitmap()
s390/cpacf: Split and rework cpacf query functions
s390/cpacf: Make use of invalid opcode produce a link error
i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
EDAC/igen6: Convert PCIBIOS_* return codes to errnos
nfs: fix undefined behavior in nfs_block_bits()
NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
btrfs: fix crash on racing fsync and size-extending write into prealloc
powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH
smb: client: fix deadlock in smb2_find_smb_tcon()
smp: Provide 'setup_max_cpus' definition on UP too
Linux 6.1.94
Change-Id: I0663c36ce2abdcc2ad77b5f86838c727d6b7cc12
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In commit e448d1bad7 ("net: qrtr: ns: Fix module refcnt"), a bug was
fixed with regards to reference counting, so now this build target needs
acces to the __module_get symbol (it's already part of the normal
supported list, just not for this target.)
Fixes: e448d1bad7 ("net: qrtr: ns: Fix module refcnt")
Change-Id: Iba1a30ba306340318e88120bd87f7e318554f095
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 26f73934ee which is
commit de1c705c50326acaceaf1f02bc5bf6f267c572bd upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Ib7f794ccd2b16db0b8958640ad7bd8f4e5c7296a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 302077d270 which is
commit 47c82aac10a6954d68f29f10d9758d016e8e5af1 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I8c6b68d3db780285be19b84004758f46be37048b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 632b63f127 which is
commit ce60b9231b66710b6ee24042ded26efee120ecfc upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I6685f67d86c6def437924a4e4bc2bdb88d55024c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.93
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
ftrace: Fix possible use-after-free issue in ftrace_location()
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
tty: n_gsm: fix missing receive state reset after mode switch
speakup: Fix sizeof() vs ARRAY_SIZE() bug
serial: 8250_bcm7271: use default_mux_rate if possible
serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
io_uring: fail NOP if non-zero op flags is passed in
Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already"
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
ring-buffer: Fix a race between readers and resize checks
tools/latency-collector: Fix -Wformat-security compile warns
tools/nolibc/stdlib: fix memory error in realloc()
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
fs/ntfs3: Remove max link count info display during driver init
fs/ntfs3: Taking DOS names into account during link counting
fs/ntfs3: Fix case when index is reused during tree transformation
fs/ntfs3: Break dir enumeration if directory contents error
ksmbd: avoid to send duplicate oplock break notifications
ksmbd: ignore trailing slashes in share paths
ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11.
ALSA: core: Fix NULL module pointer assignment at card init
ALSA: Fix deadlocks with kctl removals at disconnection
KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
wifi: mac80211: don't use rate mask for scanning
wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
drm/amdgpu: Update BO eviction priorities
drm/amdgpu: Fix the ring buffer size for queue VM flush
drm/amdgpu/mes: fix use-after-free issue
LoongArch: Lately init pmu after smp is online
selftests: sud_test: return correct emulated syscall value on RISC-V
sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too
regulator: irq_helpers: duplicate IRQ name
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: rt715-sdca: volume step modification
KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF
x86/efistub: Omit physical KASLR when memory reservations exist
efi: libstub: only free priv.runtime_map when allocated
KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
softirq: Fix suspicious RCU usage in __do_softirq()
ASoC: da7219-aad: fix usage of device_get_named_child_node()
ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
drm/amd/display: Add dtbclk access to dcn315
drm/amd/display: Add VCO speed parameter for DCN31 FPU
drm/amdkfd: Flush the process wq before creating a kfd_process
x86/mm: Remove broken vsyscall emulation code from the page fault code
nvme: find numa distance only if controller has valid numa id
nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
nvmet-auth: replace pr_debug() with pr_err() to report an error.
nvmet-tcp: fix possible memory leak when tearing down a controller
nvmet: fix nvme status code when namespace is disabled
epoll: be better about file lifetimes
nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
mm/slub, kunit: Use inverted data to corrupt kmem cache
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
crypto: x86/sha512-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of task_work
io_uring: use the right type for work_llist empty check
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
rcu: Fix buffer overflow in print_cpu_stall_info()
ARM: configs: sunxi: Enable DRM_DW_HDMI
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
block: open code __blk_account_io_start()
block: open code __blk_account_io_done()
block: support to account io_ticks precisely
wifi: ath10k: poll service ready message before failing
wifi: brcmfmac: pcie: handle randbuf allocation failure
wifi: ath11k: don't force enable power save on non-running vdevs
bpftool: Fix missing pids during link show
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
sched/fair: Add EAS checks before updating root_domain::overutilized
ACPI: Fix Generic Initiator Affinity _OSC bit
qed: avoid truncating work queue length
net/mlx5e: Fail with messages when params are not valid for XSK
mlx5: stop warning for 64KB pages
bitops: add missing prototype check
wifi: carl9170: re-fix fortified-memset warning
bpf: Pack struct bpf_fib_lookup
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
ACPI: LPSS: Advertise number of chip selects via property
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Don't forget to complete delayed withdraw
gfs2: Fix "ignore unlock failures after withdraw"
x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: exit() callback is optional
x86/pat: Introduce lookup_address_in_pgd_attr()
x86/pat: Restructure _lookup_address_cpa()
x86/pat: Fix W^X violation false-positives when running as Xen PV guest
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
cppc_cpufreq: Fix possible null pointer dereference
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
thermal/drivers/tsens: Fix null pointer dereference
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
selftests/bpf: Fix a fd leak in error paths in open_netns
wifi: ath10k: populate board data for WCN3990
net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers
net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches
tcp: avoid premature drops in tcp_add_backlog()
pwm: sti: Convert to platform remove callback returning void
pwm: sti: Prepare removing pwm_chip from driver data
pwm: sti: Simplify probe function using devm functions
drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
libbpf: Fix error message in attach_kprobe_multi
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
selftests/resctrl: fix clang build failure: use LOCAL_HDRS
selftests: default to host arch for LLVM builds
kunit: Fix kthread reference
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
scsi: qla2xxx: Fix debugfs output for fw_resource_count
kernel/numa.c: Move logging out of numa.h
x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
wifi: mwl8k: initialize cmd->addr[] properly
HID: amd_sfh: Handle "no sensors" in PM operations
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
selftests: net: move amt to socat for better compatibility
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Add a timeout to acquire the command queue semaphore
net/mlx5: Discard command completions in internal error
s390/bpf: Emit a barrier for BPF_FETCH instructions
riscv, bpf: make some atomic operations fully ordered
ax25: Use kernel universal linked list to implement ax25_dev_list
ax25: Fix reference count leak issues of ax25_dev
ax25: Fix reference count leak issue of net_device
mptcp: SO_KEEPALIVE: fix getsockopt support
Bluetooth: Consolidate code around sk_alloc into a helper function
Bluetooth: compute LE flow credits based on recvbuf space
Bluetooth: qca: Fix error code in qca_read_fw_build_info()
drm/bridge: Fix improper bridge init order with pre_enable_prev_first
printk: Let no_printk() use _printk()
dev_printk: Add and use dev_no_printk()
drm/lcdif: Do not disable clocks on already suspended hardware
drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
drm/dp: Don't attempt AUX transfers when eDP panels are not powered
drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: Intel: Disable route checks for Skylake boards
ASoC: Intel: avs: ssm4567: Do not ignore route checks
mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add()
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
ASoC: kirkwood: Fix potential NULL dereference
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
ASoC: Intel: avs: Fix ASRC module initialization
ASoC: Intel: avs: Fix potential integer overflow
media: ngene: Add dvb_ca_en50221_init return value check
media: rcar-vin: work around -Wenum-compare-conditional warning
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
drm/msm/dp: allow voltage swing / pre emphasis of 3
drm/msm/dp: Return IRQ_NONE for unhandled interrupts
drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected
media: ipu3-cio2: Request IRQ earlier
media: dt-bindings: ovti,ov2680: Fix the power supply names
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: anx7625: Don't log an error when DSI host can't be found
drm/bridge: icn6211: Don't log an error when DSI host can't be found
drm/bridge: lt8912b: Don't log an error when DSI host can't be found
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/bridge: dpc3433: Don't log an error when DSI host can't be found
drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
drm/rockchip: vop2: Do not divide height twice for YUV
clk: samsung: exynosautov9: fix wrong pll clock id value
RDMA/mlx5: Adding remote atomic access flag to updatable flags
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Fix deadlock on SRQ async events.
RDMA/hns: Fix UAF for cq async event
RDMA/hns: Fix GMV table pagesize
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: mediatek: mt8365-mm: fix DPI0 parent
clk: rs9: fix wrong default value for clock amplitude
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
RDMA/rxe: Fix incorrect rxe_put in error path
IB/mlx5: Use __iowrite64_copy() for write combining stores
clk: renesas: r8a779a0: Fix CANFD parent clock
clk: renesas: r9a07g043: Add clock and reset entry for PLIC
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
clk: qcom: dispcc-sm8450: fix DisplayPort clocks
clk: qcom: dispcc-sm6350: fix DisplayPort clocks
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS
ext4: avoid excessive credit estimate in ext4_tmpfile()
virt: acrn: stop using follow_pfn
drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: add pskb_may_pull_reason() helper
net: bridge: xmit: make sure we have at least eth header len bytes
selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval
net: bridge: mst: fix vlan use-after-free
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write()
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
perf record: Delete session after stopping sideband thread
perf probe: Add missing libgen.h header needed for using basename()
iio: core: Leave private pointer NULL when no private data supplied
greybus: lights: check return of get_channel_from_mode
f2fs: multidev: fix to recognize valid zero block address
f2fs: fix to wait on page writeback in __clone_blkaddrs()
counter: linux/counter.h: fix Excess kernel-doc description warning
perf annotate: Get rid of duplicate --group option item
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
PCI: tegra194: Fix probe path for Endpoint mode
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
arm64: dts: meson: fix S4 power-controller node
perf test: Add -w/--workload option
perf test: Add 'thloop' test workload
perf test: Add 'leafloop' test workload
perf test: Add 'sqrtloop' test workload
perf test: Add 'brstack' test workload
perf test: Add 'datasym' test workload
perf tests: Make "test data symbol" more robust on Neoverse N1
dt-bindings: PCI: rcar-pci-host: Add optional regulators
dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file()
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: adc: stm32: Fixing err code to not indicate success
coresight: etm4x: Fix unbalanced pm_runtime_enable()
perf docs: Document bpf event modifier
iio: pressure: dps310: support negative temperature values
coresight: etm4x: Do not hardcode IOMEM access for register restore
coresight: etm4x: Do not save/restore Data trace control registers
coresight: etm4x: Safe access for TRCQCLTR
coresight: etm4x: Fix access to resource selector registers
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer)
ovl: remove upper umask handling from ovl_create_upper()
VMCI: Fix an error handling path in vmci_guest_probe_device()
dt-bindings: pinctrl: mediatek: mt7622: fix array properties
watchdog: bd9576: Drop "always-running" property
watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
perf bench internals inject-build-id: Fix trap divide when collecting just one DSO
perf ui browser: Don't save pointer to stack memory
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
perf ui browser: Avoid SEGV on title
perf report: Avoid SEGV in report__setup_sample_type()
f2fs: compress: fix to update i_compr_blocks correctly
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
perf daemon: Fix file leak in daemon_session__control
f2fs: fix to add missing iput() in gc_data_segment()
perf stat: Don't display metric header for non-leader uncore events
LoongArch: Fix callchain parse error with kernel tracepoint events again
s390/vdso: filter out mno-pic-data-is-text-relative cflag
s390/vdso64: filter out munaligned-symbols flag for vdso
s390/vdso: Generate unwind information for C modules
s390/vdso: Use standard stack frame layout
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
s390/boot: Remove alt_stfle_fac_list from decompressor
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk
drm/msm/dpu: Always flush the slave INTF on the CTL
drm/mediatek: dp: Move PHY registration to new function
drm/mediatek: dp: Add support for embedded DisplayPort aux-bus
drm/mediatek: dp: Fix mtk_dp_aux_transfer return value
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
fs/ntfs3: Use variable length array instead of fixed size
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
Input: cyapa - add missing input core locking to suspend/resume functions
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
um: Fix the -Wmissing-prototypes warning for get_thread_reg
um: Fix the declaration of kasan_map_memory
media: sunxi: a83-mips-csi2: also select GENERIC_PHY
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
drm/msm: Enable clamp_to_idle for 7c3
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
ASoC: mediatek: mt8192: fix register configuration for tdm
regulator: bd71828: Don't overwrite runtime voltages
perf/arm-dmc620: Fix lockdep assert in ->event_init()
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
ipv6: sr: fix missing sk_buff release in seg6_input_core
selftests: net: kill smcrouted in the cleanup logic in amt.sh
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
NFSv4: Fixup smatch warning for ambiguous return
nfs: keep server info for remounts
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
ipv6: sr: fix memleak in seg6_hmac_init_algo
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
pNFS/filelayout: fixup pNfs allocation modes
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
rv: Update rv_en(dis)able_monitor doc to match kernel-doc
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
riscv: stacktrace: Make walk_stackframe cross pt_regs frame
riscv: stacktrace: fixed walk_stackframe()
Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
inet: factor out locked section of inet_accept() in a new helper
net: relax socket state check at accept time.
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
drivers/xen: Improve the late XenStore init protocol
ice: Interpret .set_channels() input differently
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
dma-mapping: benchmark: fix node id validation
dma-mapping: benchmark: handle NUMA_NO_NODE correctly
nvmet: fix ns enable/disable possible hang
net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
net/mlx5: Lag, do bond only if slaves agree on roce state
net/mlx5e: Fix IPsec tunnel mode offload feature check
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
net/mlx5e: Fix UDP GSO for encapsulated packets
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
ALSA: jack: Use guard() for locking
ALSA: core: Remove debugfs at disconnection
ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
enic: Validate length of nl attributes in enic_set_vf_port
af_unix: Read sk->sk_hash under bindlock during bind().
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
ice: fix accounting if a VLAN already exists
netfilter: nft_payload: move struct nft_payload_set definition where it belongs
netfilter: nft_payload: rebuild vlan header when needed
netfilter: nft_payload: rebuild vlan header on h_proto access
netfilter: nft_payload: skbuff vlan metadata mangle support
netfilter: tproxy: bail out if IP has been disabled on the device
netfilter: nft_fib: allow from forward/input without iif selector
kconfig: fix comparison to constant symbols, 'm', 'n'
drm/i915/guc: avoid FIELD_PREP warning
spi: stm32: Don't warn about spurious interrupts
net: dsa: microchip: fix RGMII error in KSZ DSA driver
net: ena: Add dynamic recycling mechanism for rx buffers
net: ena: Reduce lines with longer column width boundary
net: ena: Fix redundant device NUMA node override
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
powerpc/pseries/lparcfg: drop error message from guest name lookup
hwmon: (shtc1) Fix property misspelling
riscv: prevent pt_regs corruption for secondary idle threads
ALSA: timer: Set lower bound of start tick time
net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
Linux 6.1.93
Change-Id: I15fdbacdaee5a6d68347a7fd5218929488d594af
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit c1193d9bbbd379defe9be3c6de566de684de8a6f ]
Flushing list in cancel_gc drops references to other lists right away,
without waiting for RCU to destroy list. Fixes race when referenced
ipsets can't be destroyed while referring list is scheduled for destroy.
Fixes: 97f7cf1cd80e ("netfilter: ipset: fix performance regression in swap operation")
Signed-off-by: Alexander Maltsev <keltar.gw@gmail.com>
Acked-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 7c70bcc2a84cf925f655ea1ac4b8088062b144a3 upstream.
In main_loop_s function, when the open(cfg_input, O_RDONLY) function is
run, the last fd is not closed if the "--cfg_repeat > 0" branch is not
taken.
Fixes: 05be5e273c ("selftests: mptcp: add disconnect tests")
Cc: stable@vger.kernel.org
Signed-off-by: Liu Jing <liujing@cmss.chinamobile.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 68cc924729ffcfe90d0383177192030a9aeb2ee4 upstream.
When a subflow receives and discards duplicate data, the mptcp
stack assumes that the consumed offset inside the current skb is
zero.
With multiple subflows receiving data simultaneously such assertion
does not held true. As a result the subflow-level copied_seq will
be incorrectly increased and later on the same subflow will observe
a bad mapping, leading to subflow reset.
Address the issue taking into account the skb consumed offset in
mptcp_subflow_discard_data().
Fixes: 04e4cd4f7c ("mptcp: cleanup mptcp_subflow_discard_data()")
Cc: stable@vger.kernel.org
Link: https://github.com/multipath-tcp/mptcp_net-next/issues/501
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4258b94831bb7ff28ab80e3c8d94db37db930728 upstream.
The 'backup' flag from mptcp_subflow_context structure is supposed to be
set only when the other peer flagged a subflow as backup, not the
opposite.
Fixes: 067065422f ("mptcp: add the outgoing MP_PRIO support")
Cc: stable@vger.kernel.org
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0a567c2a10033bf04ed618368d179bce6977984b upstream.
Since its introduction, the mentioned MIB accounted for the wrong
event: wake-up being skipped as not-needed on some edge condition
instead of incoming skb being dropped after landing in the (subflow)
receive queue.
Move the increment in the correct location.
Fixes: ce599c5163 ("mptcp: properly account bulk freed memory")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4b317e0eb287bd30a1b329513531157c25e8b692 upstream.
Currently the per connection announced address counter is never
decreased. As a consequence, after connection establishment, if
the NL PM deletes an endpoint and adds a new/different one, no
additional subflow is created for the new endpoint even if the
current limits allow that.
Address the issue properly updating the signaled address counter
every time the NL PM removes such addresses.
Fixes: 01cacb00b3 ("mptcp: add netlink-based PM")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit efd340bf3d7779a3a8ec954d8ec0fb8a10f24982 upstream.
When sending an MP_JOIN + SYN + ACK, it is possible to mark the subflow
as 'backup' by setting the flag with the same name. Before this patch,
the backup was set if the other peer set it in its MP_JOIN + SYN
request.
It is not correct: the backup flag should be set in the MPJ+SYN+ACK only
if the host asks for it, and not mirroring what was done by the other
peer. It is then required to have a dedicated bit for each direction,
similar to what is done in the subflow context.
Fixes: f296234c98 ("mptcp: Add handling of incoming MP_JOIN requests")
Cc: stable@vger.kernel.org
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 167b93258d1e2230ee3e8a97669b4db4cc9e90aa upstream.
Currently the per-connection announced address counter is never
decreased. When the user-space PM is in use, this just affect
the information exposed via diag/sockopt, but it could still foul
the PM to wrong decision.
Add the missing accounting for the user-space PM's sake.
Fixes: 8b1c94da1e ("mptcp: only send RM_ADDR in nl_cmd_remove")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 08f3a5c38087d1569e982a121aad1e6acbf145ce upstream.
It could lead to error happen because the variable res is not updated if
the call to sr_share_read_word returns an error. In this particular case
error code was returned and res stayed uninitialized. Same issue also
applies to sr_read_reg.
This can be avoided by checking the return value of sr_share_read_word
and sr_read_reg, and propagating the error if the read operation failed.
Found by code review.
Cc: stable@vger.kernel.org
Fixes: c9b37458e9 ("USB2NET : SR9700 : One chip USB 1.1 USB2NET SR9700Device Driver Support")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Reviewed-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Hariprasad Kelam <hkelam@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5b511572660190db1dc8ba412efd0be0d3781ab6 upstream.
On the off chance that clock value ends up being too high (by means
of skl_ddi_calculate_wrpll() having been called with big enough
value of crtc_state->port_clock * 1000), one possible consequence
may be that the result will not be able to fit into signed int.
Fix this issue by moving conversion of clock parameter from kHz to Hz
into the body of skl_ddi_calculate_wrpll(), as well as casting the
same parameter to u64 type while calculating the value for AFE clock.
This both mitigates the overflow problem and avoids possible erroneous
integer promotion mishaps.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes: 82d3543701 ("drm/i915/skl: Implementation of SKL DPLL programming")
Cc: stable@vger.kernel.org
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240729174035.25727-1-n.zhandarovich@fintech.ru
(cherry picked from commit 833cf12846aa19adf9b76bc79c40747726f3c0c1)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e58337100721f3cc0c7424a18730e4f39844934f upstream.
Introduce a version of the fence ops that on release doesn't remove
the fence from the pending list, and thus doesn't require a lock to
fix poll->fence wait->fence unref deadlocks.
vmwgfx overwrites the wait callback to iterate over the list of all
fences and update their status, to do that it holds a lock to prevent
the list modifcations from other threads. The fence destroy callback
both deletes the fence and removes it from the list of pending
fences, for which it holds a lock.
dma buf polling cb unrefs a fence after it's been signaled: so the poll
calls the wait, which signals the fences, which are being destroyed.
The destruction tries to acquire the lock on the pending fences list
which it can never get because it's held by the wait from which it
was called.
Old bug, but not a lot of userspace apps were using dma-buf polling
interfaces. Fix those, in particular this fixes KDE stalls/deadlock.
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Fixes: 2298e804e9 ("drm/vmwgfx: rework to new fence interface, v2")
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list@broadcom.com>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v6.2+
Reviewed-by: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
Reviewed-by: Martin Krastev <martin.krastev@broadcom.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240722184313.181318-2-zack.rusin@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3dab73ab925a51ab05543b491bf17463a48ca323 upstream.
Commit 7ba5ca32fe ("ALSA: firewire-lib: operate for period elapse event
in process context") removed the process context workqueue from
amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove
its overhead.
With RME Fireface 800, this lead to a regression since
Kernels 5.14.0, causing an AB/BA deadlock competition for the
substream lock with eventual system freeze under ALSA operation:
thread 0:
* (lock A) acquire substream lock by
snd_pcm_stream_lock_irq() in
snd_pcm_status64()
* (lock B) wait for tasklet to finish by calling
tasklet_unlock_spin_wait() in
tasklet_disable_in_atomic() in
ohci_flush_iso_completions() of ohci.c
thread 1:
* (lock B) enter tasklet
* (lock A) attempt to acquire substream lock,
waiting for it to be released:
snd_pcm_stream_lock_irqsave() in
snd_pcm_period_elapsed() in
update_pcm_pointers() in
process_ctx_payloads() in
process_rx_packets() of amdtp-stream.c
? tasklet_unlock_spin_wait
</NMI>
<TASK>
ohci_flush_iso_completions firewire_ohci
amdtp_domain_stream_pcm_pointer snd_firewire_lib
snd_pcm_update_hw_ptr0 snd_pcm
snd_pcm_status64 snd_pcm
? native_queued_spin_lock_slowpath
</NMI>
<IRQ>
_raw_spin_lock_irqsave
snd_pcm_period_elapsed snd_pcm
process_rx_packets snd_firewire_lib
irq_target_callback snd_firewire_lib
handle_it_packet firewire_ohci
context_tasklet firewire_ohci
Restore the process context work queue to prevent deadlock
AB/BA deadlock competition for ALSA substream lock of
snd_pcm_stream_lock_irq() in snd_pcm_status64()
and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().
revert commit 7ba5ca32fe ("ALSA: firewire-lib: operate for period
elapse event in process context")
Replace inline description to prevent future deadlock.
Cc: stable@vger.kernel.org
Fixes: 7ba5ca32fe ("ALSA: firewire-lib: operate for period elapse event in process context")
Reported-by: edmund.raile <edmund.raile@proton.me>
Closes: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simnl@jn3eo7pe642q/
Signed-off-by: Edmund Raile <edmund.raile@protonmail.com>
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20240730195318.869840-3-edmund.raile@protonmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b6a66e521a2032f7fcba2af5a9bcbaeaa19b7ca3 upstream.
The 'mptcp_subflow_context' structure has two items related to the
backup flags:
- 'backup': the subflow has been marked as backup by the other peer
- 'request_bkup': the backup flag has been set by the host
Before this patch, the scheduler was only looking at the 'backup' flag.
That can make sense in some cases, but it looks like that's not what we
wanted for the general use, because either the path-manager was setting
both of them when sending an MP_PRIO, or the receiver was duplicating
the 'backup' flag in the subflow request.
Note that the use of these two flags in the path-manager are going to be
fixed in the next commits, but this change here is needed not to modify
the behaviour.
Fixes: f296234c98 ("mptcp: Add handling of incoming MP_JOIN requests")
Cc: stable@vger.kernel.org
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8aa37bde1a7b645816cda8b80df4753ecf172bf1 upstream.
both callers have verified that fd is not greater than ->max_fds;
however, misprediction might end up with
tofree = fdt->fd[fd];
being speculatively executed. That's wrong for the same reasons
why it's wrong in close_fd()/file_close_fd_locked(); the same
solution applies - array_index_nospec(fd, fdt->max_fds) could differ
from fd only in case of speculative execution on mispredicted path.
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8cd44dd1d17a23d5cc8c443c659ca57aa76e2fa5 upstream.
When btrfs makes a block group read-only, it adds all free regions in the
block group to space_info->bytes_readonly. That free space excludes
reserved and pinned regions. OTOH, when btrfs makes the block group
read-write again, it moves all the unused regions into the block group's
zone_unusable. That unused region includes reserved and pinned regions.
As a result, it counts too much zone_unusable bytes.
Fortunately (or unfortunately), having erroneous zone_unusable does not
affect the calculation of space_info->bytes_readonly, because free
space (num_bytes in btrfs_dec_block_group_ro) calculation is done based on
the erroneous zone_unusable and it reduces the num_bytes just to cancel the
error.
This behavior can be easily discovered by adding a WARN_ON to check e.g,
"bg->pinned > 0" in btrfs_dec_block_group_ro(), and running fstests test
case like btrfs/282.
Fix it by properly considering pinned and reserved in
btrfs_dec_block_group_ro(). Also, add a WARN_ON and introduce
btrfs_space_info_update_bytes_zone_unusable() to catch a similar mistake.
Fixes: 169e0da91a ("btrfs: zoned: track unusable bytes for zones")
CC: stable@vger.kernel.org # 5.15+
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit df615907f1bf907260af01ccb904d0e9304b5278 upstream.
The cros_ec_get_host_command_version_mask() function requires that the
caller must have ec_dev->lock mutex before calling it. This requirement
was not met and as a result it was possible that two commands were sent
to the device at the same time.
The problem was observed while using UART backend which doesn't use any
additional locks, unlike SPI backend which locks the controller until
response is received.
Fixes: f74c7557ed ("platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure")
Cc: stable@vger.kernel.org
Signed-off-by: Patryk Duda <patrykd@google.com>
Link: https://lore.kernel.org/r/20240730104425.607083-1-patrykd@google.com
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f126745da81783fb1d082e67bf14c6795e489a88 upstream.
When using the shadow call stack sanitizer, all code must be compiled
with the -ffixed-x18 flag, but this flag is not currently being passed
to Rust. This results in crashes that are extremely difficult to debug.
To ensure that nobody else has to go through the same debugging session
that I had to, prevent configurations that enable both SHADOW_CALL_STACK
and RUST.
It is rather common for people to backport 724a75ac9542 ("arm64: rust:
Enable Rust support for AArch64"), so I recommend applying this fix all
the way back to 6.1.
Cc: stable@vger.kernel.org # 6.1 and later
Fixes: 724a75ac9542 ("arm64: rust: Enable Rust support for AArch64")
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Acked-by: Miguel Ojeda <ojeda@kernel.org>
Link: https://lore.kernel.org/r/20240729-shadow-call-stack-v4-1-2a664b082ea4@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit cfb00a35786414e7c0e6226b277d9f09657eae74 ]
Although the Arm architecture permits concurrent modification and
execution of NOP and branch instructions, it still requires some
synchronisation to ensure that other CPUs consistently execute the newly
written instruction:
> When the modified instructions are observable, each PE that is
> executing the modified instructions must execute an ISB or perform a
> context synchronizing event to ensure execution of the modified
> instructions
Prior to commit f6cc0c5016 ("arm64: Avoid calling stop_machine() when
patching jump labels"), the arm64 jump_label patching machinery
performed synchronisation using stop_machine() after each modification,
however this was problematic when flipping static keys from atomic
contexts (namely, the arm_arch_timer CPU hotplug startup notifier) and
so we switched to the _nosync() patching routines to avoid "scheduling
while atomic" BUG()s during boot.
In hindsight, the analysis of the issue in f6cc0c5016 isn't quite
right: it cites the use of IPIs in the default patching routines as the
cause of the lockup, whereas stop_machine() does not rely on IPIs and
the I-cache invalidation is performed using __flush_icache_range(),
which elides the call to kick_all_cpus_sync(). In fact, the blocking
wait for other CPUs is what triggers the BUG() and the problem remains
even after f6cc0c5016, for example because we could block on the
jump_label_mutex. Eventually, the arm_arch_timer driver was fixed to
avoid the static key entirely in commit a862fc2254
("clocksource/arm_arch_timer: Remove use of workaround static key").
This all leaves the jump_label patching code in a funny situation on
arm64 as we do not synchronise with other CPUs to reduce the likelihood
of a bug which no longer exists. Consequently, toggling a static key on
one CPU cannot be assumed to take effect on other CPUs, leading to
potential issues, for example with missing preempt notifiers.
Rather than revert f6cc0c5016 and go back to stop_machine() for each
patch site, implement arch_jump_label_transform_apply() and kick all
the other CPUs with an IPI at the end of patching.
Cc: Alexander Potapenko <glider@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marc Zyngier <maz@kernel.org>
Fixes: f6cc0c5016 ("arm64: Avoid calling stop_machine() when patching jump labels")
Signed-off-by: Will Deacon <will@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20240731133601.3073-1-will@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 3f8e82a020a5c22f9b791f4ac499b8e18007fbda ]
Since the documentation for mlx5_toggle_port_link states that it should
only be used after setting the port register, we add a check for the
return value from mlx5_port_set_eth_ptys to ensure the register was
successfully set before calling it.
Fixes: 667daedaec ("net/mlx5e: Toggle link only after modifying port parameters")
Signed-off-by: Shahar Shitrit <shshitrit@nvidia.com>
Reviewed-by: Carolina Jubran <cjubran@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
Link: https://patch.msgid.link/20240730061638.1831002-9-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c22921df777de5606f1047b1345b8d22ef1c0b34 ]
ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],
but the function is exposed to user space before the entry is allocated
via register_pernet_subsys().
Let's call register_pernet_subsys() before xt_register_template().
Fixes: fdacd57c79 ("netfilter: x_tables: never register tables by default")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
