scripts/clang-tools/gen_compile_commands.py incorrectly assumes that
each .mod file only contains one line. That assumption was correct when
the script was originally created, but commit 9413e76405 ("kbuild:
split the second line of *.mod into *.usyms") changed the .mod file
format so that there is one entry per line, and potentially many lines.
The problem can be reproduced by using Kbuild to generate
compile_commands.json, like this:
make CC=clang compile_commands.json
In many cases, the problem might be overlooked because many subsystems
only have one line anyway. However, in some subsystems (Nouveau, with
762 entries, is a notable example) it results in skipping most of the
subsystem.
Fix this by fully processing each .mod file.
Bug: 254441685
Fixes: 9413e76405 ("kbuild: split the second line of *.mod into *.usyms")
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
(cherry picked from commit a4ab14e1d8)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic6f951a0c400b7831ae803a5f442f02fb26e221e
The EFI save/restore code is confused. When saving the check for saving
FFR is inverted due to confusion with the streaming mode check, and when
restoring we check if we need to restore FFR by checking the percpu
efi_sm_state without the required wrapper rather than based on the
combination of FA64 support and streaming mode.
Bug: 254441685
Fixes: e0838f6373 ("arm64/sme: Save and restore streaming mode over EFI runtime calls")
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220602124132.3528951-1-broonie@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit 2e990e6322)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I44a1e104216728816cc443dc029de8d8e644744e
Commit 22f26f2177 ("kbuild: get rid of duplication in *.mod files")
changed the format of *.mod files to put one object per line, but missed
to adjust scripts/nsdeps.
Bug: 254441685
Fixes: 22f26f2177 ("kbuild: get rid of duplication in *.mod files")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
(cherry picked from commit 49c3ca34f7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I1bc73a09c4af9ab53798d0ee3a7a4f6a01933281
In 22f26f2177 awk was added to deduplicate *.mod files. The awk
invocation passes -v RS='( |\n)' to match a space or newline character
as the record separator. Unfortunately, POSIX states[1]
> If RS contains more than one character, the results are unspecified.
Some implementations (such as the One True Awk[2] used by the BSDs) do
not treat RS as a regular expression. When awk does not support regex
RS, build failures such as the following are produced (first error using
allmodconfig):
CC [M] arch/x86/events/intel/uncore.o
CC [M] arch/x86/events/intel/uncore_nhmex.o
CC [M] arch/x86/events/intel/uncore_snb.o
CC [M] arch/x86/events/intel/uncore_snbep.o
CC [M] arch/x86/events/intel/uncore_discovery.o
LD [M] arch/x86/events/intel/intel-uncore.o
ld: cannot find uncore_nhmex.o: No such file or directory
ld: cannot find uncore_snb.o: No such file or directory
ld: cannot find uncore_snbep.o: No such file or directory
ld: cannot find uncore_discovery.o: No such file or directory
make[3]: *** [scripts/Makefile.build:422: arch/x86/events/intel/intel-uncore.o] Error 1
make[2]: *** [scripts/Makefile.build:487: arch/x86/events/intel] Error 2
make[1]: *** [scripts/Makefile.build:487: arch/x86/events] Error 2
make: *** [Makefile:1839: arch/x86] Error 2
To avoid this, use printf(1) to produce a newline between each object
path, instead of the space produced by echo(1), so that the default RS
can be used by awk.
[1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/awk.html
[2]: https://github.com/onetrueawk/awk
Bug: 254441685
Fixes: 22f26f2177 ("kbuild: get rid of duplication in *.mod files")
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
(cherry picked from commit 7bf179de5b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I344c0ead4158cf5704ada130af50fa71f52d12f4
When kernel handles the vm-exit caused by external interrupts and NMI,
it always sets kvm_intr_type to tell if it's dealing an IRQ or NMI. For
the PMI scenario, it could be IRQ or NMI.
However, intel_pt PMIs are only generated for HARDWARE perf events, and
HARDWARE events are always configured to generate NMIs. Use
kvm_handling_nmi_from_guest() to precisely identify if the intel_pt PMI
came from the guest; this avoids false positives if an intel_pt PMI/NMI
arrives while the host is handling an unrelated IRQ VM-Exit.
Bug: 254441685
Fixes: db215756ae ("KVM: x86: More precisely identify NMI from guest when handling PMI")
Signed-off-by: Yanfei Xu <yanfei.xu@intel.com>
Message-Id: <20220523140821.1345605-1-yanfei.xu@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit ffd1925a59)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If52325e8b61118e79a70ab4770de95b646ef62f8
In commit ca321ec743 ("module.h: allow #define strings to work with
MODULE_IMPORT_NS") I fixed up the MODULE_IMPORT_NS() macro to allow
defined strings to work with it. Unfortunatly I did it in a two-stage
process, when it could just be done with the __stringify() macro as
pointed out by Masahiro Yamada.
Clean this up to only be one macro instead of two steps to achieve the
same end result.
Bug: 254441685
Fixes: ca321ec743 ("module.h: allow #define strings to work with MODULE_IMPORT_NS")
Reported-by: Masahiro Yamada <masahiroy@kernel.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Jessica Yu <jeyu@kernel.org>
Cc: Matthias Maennich <maennich@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
(cherry picked from commit 80140a81f7)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I8f1677faefb6f07bd22000fc858e52890cebab21
The ID register table should have one entry per ID register but
currently has two entries for ID_AA64ISAR2_EL1. Only one entry has an
override, and get_arm64_ftr_reg() can end up choosing the other, causing
the override to be ignored. Fix this by removing the duplicate entry.
While here, also make the check in sort_ftr_regs() more strict so that
duplicate entries can't be added in the future.
Bug: 254441685
Fixes: def8c222f0 ("arm64: Add support of PAuth QARMA3 architected algorithm")
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Reviewed-by: Vladimir Murzin <vladimir.murzin@arm.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20220511162030.1403386-1-kristina.martsenko@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
(cherry picked from commit 2de7689c7c)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Id9e7c9e0c6977a27ae0376598df79d15d3a5b6c2
After waking up a suspended VM, the kernel prints the following trace
for virtio drivers which do not directly call virtio_device_ready() in
the .restore:
PM: suspend exit
irq 22: nobody cared (try booting with the "irqpoll" option)
Call Trace:
<IRQ>
dump_stack_lvl+0x38/0x49
dump_stack+0x10/0x12
__report_bad_irq+0x3a/0xaf
note_interrupt.cold+0xb/0x60
handle_irq_event+0x71/0x80
handle_fasteoi_irq+0x95/0x1e0
__common_interrupt+0x6b/0x110
common_interrupt+0x63/0xe0
asm_common_interrupt+0x1e/0x40
? __do_softirq+0x75/0x2f3
irq_exit_rcu+0x93/0xe0
sysvec_apic_timer_interrupt+0xac/0xd0
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x12/0x20
arch_cpu_idle+0x12/0x20
default_idle_call+0x39/0xf0
do_idle+0x1b5/0x210
cpu_startup_entry+0x20/0x30
start_secondary+0xf3/0x100
secondary_startup_64_no_verify+0xc3/0xcb
</TASK>
handlers:
[<000000008f9bac49>] vp_interrupt
[<000000008f9bac49>] vp_interrupt
Disabling IRQ #22
This happens because we don't invoke .enable_cbs callback in
virtio_device_restore(). That callback is used by some transports
(e.g. virtio-pci) to enable interrupts.
Let's fix it, by calling virtio_device_ready() as we do in
virtio_dev_probe(). This function calls .enable_cts callback and sets
DRIVER_OK status bit.
This fix also avoids setting DRIVER_OK twice for those drivers that
call virtio_device_ready() in the .restore.
Bug: 254441685
Fixes: d50497eb4e ("virtio_config: introduce a new .enable_cbs method")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://lore.kernel.org/r/20220322114313.116516-1-sgarzare@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 8d65bc9a5b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I1a16d4e905ed3929ecdd87c3a7852c0906611ff3
Not all .S files include asm/assembler.h, however the SYM_FUNC_*
definitions invoke the 'bti' macro. Include asm/assembler.h in
asm/linkage.h.
Bug: 254441685
Fixes: 9be34be87c ("arm64: Add macro version of the BTI instruction")
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit dd73d18e7f)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I5dc6693315e56c36bd5c597a3b0de1655e11c7ba
Only enforce export protection if there are symbols in the
unprotected list for the Kernel Module Interface (KMI).
This is only relevant for targets like arm64 that have
defined ABI symbol lists. This allows non-GKI targets
like arm and x86 to continue using GKI source code
without disabling the feature for those targets.
Bug: 232430739
Test: TH
Fixes: fd1e768866 ("ANDROID: GKI: Protect exports of protected GKI modules")
Change-Id: Ie89e8f63eda99d9b7aacd1bb76d036b3ff4ba37c
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Update protected export symbols list with exports
from list of protected modules at
android/gki_protected_modules.
It includes symbols from every GKI modules except
zram & zsmalloc; and serves as a baseline.
Bug: 232430739
Test: TH
Change-Id: Iec33dfe093b4e9e0281b910b2b3bf998cef55394
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
This reverts commit eb57c31115.
This branch looks clean of WERROR warnings. Let's try to re-enable it.
Fixes: eb57c31115 ("ANDROID: allmodconfig: disable WERROR")
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I0106dcd43d7e4b4e20ac768f3faac40285bc837b
Signed-off-by: Lee Jones <joneslee@google.com>
When CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is set, the code in algboss.c
that handles CRYPTO_MSG_ALG_REGISTER is unnecessary, so make it be
compiled out.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit 441cb1b730)
Change-Id: I11ebf60e1915ad5d13bd16a26d6c2c0944b4c401
Signed-off-by: Eric Biggers <ebiggers@google.com>
The crypto_boot_test_finished static key is unnecessary when self-tests
are disabled in the kconfig, so optimize it out accordingly, along with
the entirety of crypto_start_tests(). This mainly avoids the overhead
of an unnecessary static_branch_enable() on every boot.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit 06bd9c967e)
Change-Id: I68eff9772dc219a8786bf410cb4e946052ea7811
Signed-off-by: Eric Biggers <ebiggers@google.com>
Since algboss always skips testing of algorithms with the
CRYPTO_ALG_INTERNAL flag, there is no need to go through the dance of
creating the test kthread, which creates a lot of overhead. Instead, we
can just directly finish the algorithm registration, like is now done
when self-tests are disabled entirely.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit 9cadd73ade)
Change-Id: I10f814cd6903d41265f69297d8568b43ec30012e
Signed-off-by: Eric Biggers <ebiggers@google.com>
Currently, registering an algorithm with the crypto API always causes a
notification to be posted to the "cryptomgr", which then creates a
kthread to self-test the algorithm. However, if self-tests are disabled
in the kconfig (as is the default option), then this kthread just
notifies waiters that the algorithm has been tested, then exits.
This causes a significant amount of overhead, especially in the kthread
creation and destruction, which is not necessary at all. For example,
in a quick test I found that booting a "minimum" x86_64 kernel with all
the crypto options enabled (except for the self-tests) takes about 400ms
until PID 1 can start. Of that, a full 13ms is spent just doing this
pointless dance, involving a kthread being created, run, and destroyed
over 200 times. That's over 3% of the entire kernel start time.
Fix this by just skipping the creation of the test larval and the
posting of the registration notification entirely, when self-tests are
disabled.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit a7008584ab)
(Resolved trivial conflict due to missing upstream commit d6097b8d5d)
Change-Id: Ia6be068618e9286c1be01415a6766ba2fa94fc0d
Signed-off-by: Eric Biggers <ebiggers@google.com>
The delayed boot-time testing patch created a dependency loop
between api.c and algapi.c because it added a crypto_alg_tested
call to the former when the crypto manager is disabled.
We could instead avoid creating the test larvals if the crypto
manager is disabled. This avoids the dependency loop as well
as saving some unnecessary work, albeit in a very unlikely case.
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-by: kernel test robot <lkp@intel.com>
Fixes: adad556efc ("crypto: api - Fix built-in testing dependency failures")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit cad439fc04)
Change-Id: I4e0e0b2022dc060fc1d84744e04beae411165ad0
Signed-off-by: Eric Biggers <ebiggers@google.com>
We need to export crypto_boot_test_finished in case api.c is
built-in while algapi.c is built as a module.
Fixes: adad556efc ("crypto: api - Fix built-in testing dependency failures")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Stephen Rothwell <sfr@canb.auug.org.au> # ppc32 build
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit e42dff467e)
Change-Id: Iefc190f29539084e7c84e23120e861de2e0b9351
Signed-off-by: Eric Biggers <ebiggers@google.com>
When complex algorithms that depend on other algorithms are built
into the kernel, the order of registration must be done such that
the underlying algorithms are ready before the ones on top are
registered. As otherwise they would fail during the self-test
which is required during registration.
In the past we have used subsystem initialisation ordering to
guarantee this. The number of such precedence levels are limited
and they may cause ripple effects in other subsystems.
This patch solves this problem by delaying all self-tests during
boot-up for built-in algorithms. They will be tested either when
something else in the kernel requests for them, or when we have
finished registering all built-in algorithms, whichever comes
earlier.
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Bug: 256875295
(cherry picked from commit adad556efc)
Change-Id: I9cb048ffe0ce7e471cc6e71904f1b2c462b57be4
Signed-off-by: Eric Biggers <ebiggers@google.com>
android/gki_protected_modules serves as a running
list of protected GKI modules. This list is being
used as an input to generate list of protected
GKI modules exports at android/abi_gki_protected_exports
All GKI modules are protected except zram.ko & zsmalloc.ko
as baseline in this list.
Bug: 232430739
Test: TH
Change-Id: I0c993769b9d07543755fd056199b0e4d10d27f77
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Implement support for protecting the exported symbols of
protected GKI modules.
Only signed GKI modules are permitted to export symbols
listed in the android/abi_gki_protected_exports file.
Attempting to export these symbols from an unsigned module
will result in the module failing to load, with a
'Permission denied' error message.
Bug: 232430739
Test: TH
Change-Id: I3e8b330938e116bb2e022d356ac0d55108a84a01
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Hypervisor vendor modules may need to create non-cacheable mappings in
the hypervisor stage-1 for interacting with devices such as IOMMUs.
Add support for this memory type to the KVM pgtable API and implement
it for both stage-1 and stage-2.
Bug: 244373730
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: I2f88db7fe47e16366018e3e48f30d09b299ae6e4
The merge of 5.15.61 into this branch incorrectly deleted the test
vectors that were added by the following commits:
commit 0035442093 ("UPSTREAM: crypto: xctr - Add XCTR support")
commit e3efa8253b ("UPSTREAM: crypto: polyval - Add POLYVAL support")
commit d672bb9c20 ("UPSTREAM: crypto: hctr2 - Add HCTR2 support")
This causes a build error when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is
not set. Fix this by adding back the test vectors.
Bug: 233652475
Fixes: 47c7e57022 ("Merge 5.15.61 into android14-5.15")
Change-Id: I7dce7570d51a97b88ae751046443df6f0a9038b2
Signed-off-by: Eric Biggers <ebiggers@google.com>
If the filesystem being watched supports d_canonical_path,
notify the lower filesystem of the open as well.
Fixes: f37e05049b ("ANDROID: vfs: d_canonical_path for stacked FS")
Test: atest CtsOsTestCases:android.os.cts.FileObserverTest
Bug: 70706497
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I7c9d210e8e6ee99928ad9db0b41ffc3ac3371dc0
If a KVM_FUNC_MMIO_GUARD_MAP hypercall from a protected guest fails at
EL2 due to running out of page-table memory, the call is forwarded to
the host so that additional memory can be donated using the vCPU's
memcache.
Unfortunately, the host filters out these calls the hypervisor will
replay the guest's HVC instruction forever, making no progress because
it will fail each time.
Avoid filtering out KVM_FUNC_MMIO_GUARD_MAP, in the same way as we
handle the SHARE and UNSHARE hypercalls.
Bug: 262700476
Cc: Keir Fraser <keirf@google.com>
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Idd14c6bc08a4232939676e3566b79cbc7c927a3a
This optimization allows us to re-create higher order block mappings in
the host stage2 pagetables after we teardown a guest VM.
When the host reclaims ownership during guest teardown, the page table
walker drops the refcount of the counted entries and clears out
unreferenced entries (refcount == 1). Clearing out the entry installs a
zero PTE. When the host stage2 receives a data abort because there is no
mapping associated, it will try to create the largest possible block
mapping from the founded leaf entry.
With the current patch, we increase the chances of finding a leaf entry
that has level < 3 if the requested region comes from a reclaimed torned
down VM memory. This has the advantage of reducing the TLB pressure at
host stage2.
To increase the coalescing chances, we modify the way we refcount page
table descriptors for host stage2:
- non-zero invalid PTEs
- any of the reserved-high bits(58-55) toogled
- non-default attribute mappings
- page table descriptors
Bug: 222044487
Test: dump the host stage2 pagetables and view the mapping
Signed-off-by: Sebastian Ene <sebastianene@google.com>
Change-Id: I90ff4ec2185e9a76d7ad17e77ef9bdd8ce3e8698
In preparation for the coalescing algorithm implementation, move the
function which verifies if a page table entry is a tabel to the common
header.
Bug: 222044487
Change-Id: I4124b7727e91f61b8f0a7e44cd91403d09d83c3c
Signed-off-by: Sebastian Ene <sebastianene@google.com>
Move the host specific code for PTE reference counting out of the
pagetable code and define a new structure that wraps all the PTE
manipulation callbacks. This structure will be passed during the
pagetable code initialization and it allows to register different
callback for [guest|host].
Bug: 222044487
Signed-off-by: Sebastian Ene <sebastianene@google.com>
Change-Id: I116e8322935762df2f2be6e8d51a3f0c140b3d36
Make PTE attribute definitions available from kvm_pgtable.h and take
them out of the pagetable code. These attributes will be used later in
mem_protect.c to construct different masks during the PTE manipulation
callbacks.
Bug: 222044487
Signed-off-by: Sebastian Ene <sebastianene@google.com>
Change-Id: I2f7108815ef0fa536e7f3314762a412119400fe9
Refactor the code and add stage2_clear_pte(..) which removes the PTE
without dropping the refcount for an entry.
Bug: 222044487
Signed-off-by: Sebastian Ene <sebastianene@google.com>
Change-Id: Ia2cb47f2ffad6faa5c6b4ec8a37bcbe61be0bc2f
Extend the scope of the stage2_freewalker by passing the pgt instead of
the mm_ops callbacks. This will later be used by the stage2_pte_is_counted
function.
Bug: 222044487
Signed-off-by: Sebastian Ene <sebastianene@google.com>
Change-Id: I390661eb106cbdb863cbb1832e39ec155c439091
Note that this is specific for the non-upstreamed version
Bug: 202785178
Test: cat /sys/fs/fuse/fuse_bpf_major_version
Change-Id: I68f9ca56778874975428839dfc1fd8f48b11bd75
Signed-off-by: Paul Lawrence <paullawrence@google.com>
This reverts commit 2b6da462a1.
Note that this change was reworked completely after being cherry-picked
to 13-5.10, so revert this, then re-cherry-pick the version from 13-5.10
Bug: 202785178
Test: None (test with new version)
Change-Id: Idbf470e93a56e2fe5f1fda164635f6f171c2d2fb
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Changes in 5.15.83
clk: generalize devm_clk_get() a bit
clk: Provide new devm_clk helpers for prepared and enabled clocks
mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse()
arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series
arm: dts: rockchip: fix node name for hym8563 rtc
arm: dts: rockchip: remove clock-frequency from rtc
ARM: dts: rockchip: fix ir-receiver node names
arm64: dts: rockchip: fix ir-receiver node names
ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
fs: use acquire ordering in __fget_light()
ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
spi: mediatek: Fix DEVAPC Violation at KO Remove
ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions
9p/fd: Use P9_HDRSZ for header size
regulator: slg51000: Wait after asserting CS pin
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
selftests/net: Find nettest in current directory
btrfs: send: avoid unaligned encoded writes when attempting to clone range
ASoC: soc-pcm: Add NULL check in BE reparenting
regulator: twl6030: fix get status of twl6032 regulators
fbcon: Use kzalloc() in fbcon_prepare_logo()
usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
9p/xen: check logical size for buffer size
net: usb: qmi_wwan: add u-blox 0x1342 composition
mm/khugepaged: take the right locks for page table retraction
mm/khugepaged: fix GUP-fast interaction by sending IPI
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
rtc: mc146818-lib: extract mc146818_avoid_UIP
rtc: cmos: avoid UIP when writing alarm time
rtc: cmos: avoid UIP when reading alarm time
cifs: fix use-after-free caused by invalid pointer `hostname`
drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read()
xen/netback: Ensure protocol headers don't fall in the non-linear area
xen/netback: do some code cleanup
xen/netback: don't call kfree_skb() with interrupts disabled
media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
soundwire: intel: Initialize clock stop timeout
Revert "ARM: dts: imx7: Fix NAND controller size-cells"
media: v4l2-dv-timings.c: fix too strict blanking sanity checks
memcg: fix possible use-after-free in memcg_write_event_control()
mm/gup: fix gup_pud_range() for dax
Bluetooth: btusb: Add debug message for CSR controllers
Bluetooth: Fix crash when replugging CSR fake controllers
net: mana: Fix race on per-CQ variable napi work_done
KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
drm/vmwgfx: Don't use screen objects when SEV is active
drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend
drm/shmem-helper: Remove errant put in error path
drm/shmem-helper: Avoid vm_open error paths
net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
HID: usbhid: Add ALWAYS_POLL quirk for some mice
HID: hid-lg4ff: Add check for empty lbuf
HID: core: fix shift-out-of-bounds in hid_report_raw_event
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
can: af_can: fix NULL pointer dereference in can_rcv_filter
clk: Fix pointer casting to prevent oops in devm_clk_release()
gpiolib: improve coding style for local variables
gpiolib: check the 'ngpios' property in core gpiolib code
gpiolib: fix memory leak in gpiochip_setup_dev()
netfilter: nft_set_pipapo: Actually validate intervals in fields after the first one
drm/vmwgfx: Fix race issue calling pin_user_pages
ieee802154: cc2520: Fix error return code in cc2520_hw_init()
ca8210: Fix crash by zero initializing data
netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark
drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
gpio: amd8111: Fix PCI device reference count leak
e1000e: Fix TX dispatch condition
igb: Allocate MSI-X vector when testing
net: broadcom: Add PTP_1588_CLOCK_OPTIONAL dependency for BCMGENET under ARCH_BCM2835
drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
af_unix: Get user_ns from in_skb in unix_diag_get_exact().
vmxnet3: correctly report encapsulated LRO packet
vmxnet3: use correct intrConf reference when using extended queues
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
Bluetooth: Fix not cleanup led when bt_init fails
net: dsa: ksz: Check return value
net: dsa: hellcreek: Check return value
net: dsa: sja1105: Check return value
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
net: encx24j600: Add parentheses to fix precedence
net: encx24j600: Fix invalid logic in reading of MISTAT register
net: mdiobus: fwnode_mdiobus_register_phy() rework error handling
net: mdiobus: fix double put fwnode in the error path
octeontx2-pf: Fix potential memory leak in otx2_init_tc()
xen-netfront: Fix NULL sring after live migration
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
i40e: Fix not setting default xps_cpus after reset
i40e: Fix for VF MAC address 0
i40e: Disallow ip4 and ip6 l4_4_bytes
NFC: nci: Bounds check struct nfc_target arrays
nvme initialize core quirks before calling nvme_init_subsystem
gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
net: stmmac: fix "snps,axi-config" node property parsing
ip_gre: do not report erspan version on GRE interface
net: microchip: sparx5: Fix missing destroy_workqueue of mact_queue
net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
tipc: Fix potential OOB in tipc_link_proto_rcv()
ipv4: Fix incorrect route flushing when source address is deleted
ipv4: Fix incorrect route flushing when table ID 0 is used
net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
tipc: call tipc_lxc_xmit without holding node_read_lock
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
xen/netback: fix build warning
net: phy: mxl-gpy: fix version reporting
net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
ipv6: avoid use-after-free in ip6_fragment()
net: thunderbolt: fix memory leak in tbnet_open()
net: mvneta: Fix an out of bounds check
macsec: add missing attribute validation for offload
s390/qeth: fix various format strings
s390/qeth: fix use-after-free in hsci
can: esd_usb: Allow REC and TEC to return to zero
block: move CONFIG_BLOCK guard to top Makefile
io_uring: move to separate directory
io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
Linux 5.15.83
Change-Id: I08ef74d6ad8786c191050294dcbf1090908e7c4d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 998b30c394 ]
Syzkaller reports a NULL deref bug as follows:
BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3
Read of size 4 at addr 0000000000000138 by task file1/1955
CPU: 1 PID: 1955 Comm: file1 Not tainted 6.1.0-rc7-00103-gef4d3ea40565 #75
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xcd/0x134
? io_tctx_exit_cb+0x53/0xd3
kasan_report+0xbb/0x1f0
? io_tctx_exit_cb+0x53/0xd3
kasan_check_range+0x140/0x190
io_tctx_exit_cb+0x53/0xd3
task_work_run+0x164/0x250
? task_work_cancel+0x30/0x30
get_signal+0x1c3/0x2440
? lock_downgrade+0x6e0/0x6e0
? lock_downgrade+0x6e0/0x6e0
? exit_signals+0x8b0/0x8b0
? do_raw_read_unlock+0x3b/0x70
? do_raw_spin_unlock+0x50/0x230
arch_do_signal_or_restart+0x82/0x2470
? kmem_cache_free+0x260/0x4b0
? putname+0xfe/0x140
? get_sigframe_size+0x10/0x10
? do_execveat_common.isra.0+0x226/0x710
? lockdep_hardirqs_on+0x79/0x100
? putname+0xfe/0x140
? do_execveat_common.isra.0+0x238/0x710
exit_to_user_mode_prepare+0x15f/0x250
syscall_exit_to_user_mode+0x19/0x50
do_syscall_64+0x42/0xb0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0023:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 002b:00000000fffb7790 EFLAGS: 00000200 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Kernel panic - not syncing: panic_on_warn set ...
This happens because the adding of task_work from io_ring_exit_work()
isn't synchronized with canceling all work items from eg exec. The
execution of the two are ordered in that they are both run by the task
itself, but if io_tctx_exit_cb() is queued while we're canceling all
work items off exec AND gets executed when the task exits to userspace
rather than in the main loop in io_uring_cancel_generic(), then we can
find current->io_uring == NULL and hit the above crash.
It's safe to add this NULL check here, because the execution of the two
paths are done by the task itself.
Cc: stable@vger.kernel.org
Fixes: d56d938b4b ("io_uring: do ctx initiated file note removal")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20221206093833.3812138-1-harshit.m.mogalapalli@oracle.com
[axboe: add code comment and also put an explanation in the commit msg]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ed29b0b4fd ]
In preparation for splitting io_uring up a bit, move it into its own
top level directory. It didn't really belong in fs/ anyway, as it's
not a file system only API.
This adds io_uring/ and moves the core files in there, and updates the
MAINTAINERS file for the new location.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 998b30c394 ("io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 918ee4911f ]
We don't get any further EVENT from an esd CAN USB device for changes
on REC or TEC while those counters converge to 0 (with ecc == 0). So
when handling the "Back to Error Active"-event force txerr = rxerr =
0, otherwise the berr-counters might stay on values like 95 forever.
Also, to make life easier during the ongoing development a
netdev_dbg() has been introduced to allow dumping error events send by
an esd CAN USB device.
Fixes: 96d8e90382 ("can: Add driver for esd CAN-USB/2 device")
Signed-off-by: Frank Jungclaus <frank.jungclaus@esd.eu>
Link: https://lore.kernel.org/all/20221130202242.3998219-2-frank.jungclaus@esd.eu
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
