The entire RPC_GSS_PROC_INIT path is converted over to xdr_stream
for decoding the Call credential and verifier.
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
gss_read_verf() is already short. Fold it into its only caller.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
gss_read_common_verf() is now just a wrapper for dup_netobj(), thus
it can be replaced with direct calls to dup_netobj().
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Since upcalls are infrequent, ensure the compiler places the upcall
mechanism out-of-line from the I/O path.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Done as part of hardening the server-side RPC header decoding path.
Since the server-side of the Linux kernel SunRPC implementation
ignores the contents of the Call's machinename field, there's no
need for its RPC_AUTH_UNIX authenticator to reject names that are
larger than UNX_MAXNODENAME.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
RFC 5531 defines the body of an RPC Call message like this:
struct call_body {
unsigned int rpcvers;
unsigned int prog;
unsigned int vers;
unsigned int proc;
opaque_auth cred;
opaque_auth verf;
/* procedure-specific parameters start here */
};
In the current server code, decoding a struct opaque_auth type is
open-coded in several places, and is thus difficult to harden
everywhere.
Introduce a helper for decoding an opaque_auth within the context
of a xdr_stream. This helper can be shared with all authentication
flavor implemenations, even on the client-side.
Done as part of hardening the server-side RPC header decoding paths.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Refactor: So that the overhaul of each ->accept method can be done
in separate smaller patches, temporarily move the
svcxdr_init_decode() call into those methods.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Now that all vs_dispatch functions invoke svcxdr_init_decode(), it
is common code and can be pushed down into the generic RPC server.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Now with NFSD being able to cross into auto mounts,
the check can be removed.
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Ian Kent <raven@themaw.net>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
This function is only used by NFSD to cross mount points.
If a mount point is of type auto mount, follow_down() will
not uncover it. Add LOOKUP_AUTOMOUNT to the lookup flags
to have ->d_automount() called when NFSD walks down the
mount tree.
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Ian Kent <raven@themaw.net>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Currently nfsd_mountpoint() tests for mount points using d_mountpoint(),
this works only when a mount point is already uncovered.
In our case the mount point is of type auto mount and can be coverted.
i.e. ->d_automount() was not called.
Using d_managed() nfsd_mountpoint() can test whether a mount point is
either already uncovered or can be uncovered later.
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Ian Kent <raven@themaw.net>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Revert the recent change to the MTRR code which aimed to support
SEV-SNP guests on Hyper-V. It cuased a regression on XEN Dom0
kernels.
The underlying issue of MTTR (mis)handling in the x86 code needs some
deeper investigation and is definitely not 6.2 material.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmPxYccTHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYoRESEACXnTGYtTw5JTXBcztuwXFsGuEvKcp4
yj1TF2l/OVjWh4MurjJRch0CSzkVZYOn4ymqR4H9ivjuwQkKxzvsO03+AwuJr8Rf
aDqbDzwf0i6E1NmbSU30GkQYGPFNY5fyEn46ptuzu8Humc4FfHt6IrJ5xgNt2nnr
xzRB0kJrB+EITe07Oh+3mj2YeTHNF7Uk0wQFhhXeLK8Xr2W3w/mmTAEddU42fgTE
GCboRec6a8eTOA+4l3gAINJcERxOBnwKEIWo2NWDWdMrrSfcq1Ig1vvHH10rIXxe
cPIHZY19kIBEvALfKlkzZk13cl6XDhHUnyK5mc9KBi/jZWBK8DF/8reyelW2ymyJ
GneU8HESPlVAv8UvyOc/1jFcolgASfScO3aG/S9twv0RGFUbRHVvk0yhyPJ61rPM
ibva+7PQG70AQc+kmsRBtZnR7zHNtoOYz3ufkKfl+InknkAMByR0DmT7Iw4HouAZ
oZ1WDAgrvg/ld+bIVjyjDnEmPyg50d3COjsGlzMTXeogJTERbIAUwTiC3iRmJksB
evTqKEYYiBbeex9LI8FOHvmLVew1SEvCScXdXX2+SjXdtJoAKO9uoUScju9MWeq5
/bdfudRekNG4z1fQ8Qhs/nBkVsIguT2xoMREqy6D3LRbEXgnCKiy5V1P1XEjlwwJ
ecBpXlRM+lIaBQ==
=nNAW
-----END PGP SIGNATURE-----
Merge tag 'x86-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fix from Thomas Gleixner:
"A single fix for x86.
Revert the recent change to the MTRR code which aimed to support
SEV-SNP guests on Hyper-V. It caused a regression on XEN Dom0 kernels.
The underlying issue of MTTR (mis)handling in the x86 code needs some
deeper investigation and is definitely not 6.2 material"
* tag 'x86-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/mtrr: Revert 90b926e68f ("x86/pat: Fix pat_x_mtrr_type() for MTRR disabled case")
Posix-timers armed with a short interval with an ignored signal result
in an unpriviledged DoS. Due to the ignored signal the timer switches
into self rearm mode. This issue had been "fixed" before but a rework of
the alarmtimer code 5 years ago lost that workaround.
There is no real good solution for this issue, which is also worked around
in the core posix-timer code in the same way, but it certainly moved way
up on the ever growing todo list.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmPxYIwTHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYocQ5D/45vfKxvXsF0mCHPpF+Dgx96T3rzpXY
aN/OeKWJ50A7IB5QKdxR3/VdDSuD6/HroFTfKTQIUVzkzAq47r7Ref7a0bgDsNbT
SLTX8oBUA1ALKVew3wGo5qkY317xyGb2WPiSCzfjAZk07MplOzDRC4YYgEfnYAWW
DzmzmkZQaAhKg3JONEB+kOas/E/T1MwTSs2NNJiY0hM6ATFK2+q2b706wjDHWspk
QwjCfUCbrFKSxol+hSQgvQpzV18FmS328xU4Ht4pioflch0dv1/HDrml9OGrCCzs
8hEmCcjxFwM2FXTPIix8/Jn4S8ppZwYQCi10bBjjF+0N9s897s/4dom88EbfwjfB
4YpE62SI8VZIyK0JauSuRcCAfnN7BwfgL9UpS3MEgHq4K+fnydZOItBYI3Rg4JY/
hAKizX5VzBSAq/iUFC9+DFKjonOz3cCvY5xoPLPfCXukykbYfOCz1BiBqrTP7n1z
/qWgDm+YvEyYNmoEqPjD5kktpHAvwGiMl6dmJJOUxaV6KNXWremykvI491oZK7fI
P3eWMPhJwJV7ukjUF6Wc5ylwupsakf+x802MF03rgmajXtzxnnFATotb/21g9SSD
/FYfdjS85CRArvYKuN59Yty8iMbjX4T1tRBaKgLYjpOdqgA6H6T3vmI+ShKS/FAM
T92uQTZMpVm7+w==
=s5VW
-----END PGP SIGNATURE-----
Merge tag 'timers-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Thomas Gleixner:
"A fix for a long standing issue in the alarmtimer code.
Posix-timers armed with a short interval with an ignored signal result
in an unpriviledged DoS. Due to the ignored signal the timer switches
into self rearm mode. This issue had been "fixed" before but a rework
of the alarmtimer code 5 years ago lost that workaround.
There is no real good solution for this issue, which is also worked
around in the core posix-timer code in the same way, but it certainly
moved way up on the ever growing todo list"
* tag 'timers-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
alarmtimer: Prevent starvation by small intervals and SIG_IGN
The addition of the new alloc/free interfaces in this cycle forgot to
add stub functions for pci_msix_alloc_irq_at() and pci_msix_free_irq()
for the CONFIG_PCI_MSI=n case
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmPxXRETHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYoWlnEADHqkzKsDVO0kW89dgfRzUYvvkQ3RX3
sebtAIOUg3Fay1e60ZiqJmmRrWwmRANNig62RwQczvBd/I95fMJd+pAS+SUS8ppS
HVJvd75UEcAzsKspJAIEPz2mTbV0XUooA1+/XWY/G2/tKhQ5RMvSpW/Z4Esaf9pO
9r2qO1QlldVHCMxToW2l8PiGxPfBTDjQswyRiEkYH6HNgSgev/FCNRARCTBDuVN7
61+xBWD7zxCmN4BhZTWvXgkis9If16YXZ7LkYMHlQ4qNIMWIeV9qyvJFFeFJClJC
LY3AAeq3TtZ1ok7bFabJGzQRpwKjXAkpcDNp+p/prydtkV0Sh9GA15D/WD7LXk37
XvtrxJFET4X1qJ9aNfM+KPZdwdLqYaYYyc0YHKcNSWH82q0BTuNS8zEGziVIfWGi
G/0W5/1n2nQcJv+Qn/M5eEzvlJWthCVYJdfZF9QQU/zs1oZhlAo82FR6Ie6A+SHi
ibPotuCcieOYLPnkDsXXznO8UNPknuPhAJqcCpoogGzgWNvX1Ory9SEdURlUXgEZ
bDI2rnllJw8SUH9BdnjIq+Wr5zGVfydIpmWsSaFXjck5lfiDUkSIJSxcgOKLaoQX
MfvWuSNifAQr4cvZs4eoi5N4Vi4lINSKGO1yR8/DrVvuZ4BEgdk1CL4E0+2aXkxI
1WRB1d1fcMnXjA==
=YGgx
-----END PGP SIGNATURE-----
Merge tag 'irq-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fix from Thomas Gleixner:
"A single build fix for the PCI/MSI infrastructure.
The addition of the new alloc/free interfaces in this cycle forgot to
add stub functions for pci_msix_alloc_irq_at() and pci_msix_free_irq()
for the CONFIG_PCI_MSI=n case"
* tag 'irq-urgent-2023-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
PCI/MSI: Provide missing stubs for CONFIG_PCI_MSI=n
* zero all padding for KVM_GET_DEBUGREGS
* fix rST warning
* disable vPMU support on hybrid CPUs
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmPw5PsUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroNqaAf6A0zjrdY1KjSyvrcHr0NV6lUfU+Ye
lc5xrtAJDuO7kERgnqFGPeg3a72tA4a9tlFrTdqqQIrAxnvVn4JNP5gtD7UxfpOn
PELO7JUbG3/CV2oErTugH02n3lKN/pLSISAClFkO7uAL5sJEM2pXH+ws1CZ7F7kN
FbPdnmvzi7tnTpv3oJ+gVl2l0HZYTnH4DydFGo68O3lP+oFgRXznkF5rpMxAe6oK
93fvSWGabVCft278sSVq5XpYfKQSJb5j8KjB8L4qqAlRh0ZJA5haDZWQyaaJvNY0
oefFj9XYPpA08l8VqZ2ti5vE4b6e+o2/oTg3Nwf/5DrQxJiYOGTHKoA/NA==
=H68L
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm/x86 fixes from Paolo Bonzini:
- zero all padding for KVM_GET_DEBUGREGS
- fix rST warning
- disable vPMU support on hybrid CPUs
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
perf/x86: Refuse to export capabilities for hybrid PMUs
KVM: x86/pmu: Disable vPMU support on hybrid CPUs (host PMUs)
Documentation/hw-vuln: Fix rST warning
- Fix 'perf' regression for non-standard CPU PMU hardware (i.e. Apple M1)
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmPvVyAQHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNEwzCACuxJI7xVvcjLktrcmdajkNH+j8Owvrpfq+
8Uja4ykbNJr9BIsZFcI9b7Y2vH7k4+noYDozPKvBgKlSYJVyUUsK2QoJNLzPflc2
RJDPjaM8KrBBE5OTgR5Pvbda+QJ2x5GQGmI1IZv//KVnRUoLTOAje9th4Yza+/oV
5y4THZjHlCeHpsfaVWNiVPqoodQw7Su++kXLABgBZrnRuBwg1lHUQp60cLdTx3lE
M4xgvB9MD1+QDFOgtP97AzegT7F251QFnr3JuBj9gtARX8qv2v/REBG/DRsgcPAm
piJ8pXaVuNf1rkznRlhiCtI5hhP+OIyySugDxzisBDUXfZ8AJOsv
=4A3e
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 regression fix from Will Deacon:
"Apologies for the _extremely_ late pull request here, but we had a
'perf' (i.e. CPU PMU) regression on the Apple M1 reported on Wednesday
[1] which was introduced by bd27568117 ("perf: Rewrite core context
handling") during the merge window.
Mark and I looked into this and noticed an additional problem caused
by the same patch, where the 'CHAIN' event (used to combine two
adjacent 32-bit counters into a single 64-bit counter) was not being
filtered correctly. Mark posted a series on Thursday [2] which
addresses both of these regressions and I queued it the same day.
The changes are small, self-contained and have been confirmed to fix
the original regression.
Summary:
- Fix 'perf' regression for non-standard CPU PMU hardware (i.e. Apple
M1)"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: perf: reject CHAIN events at creation time
arm_pmu: fix event CPU filtering
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPv7+wQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpgkvD/95SElddH7D5GhwNlAjl+HiNjBg1Oaa+BiC
6QMXz7x0/r+JG5xhzEC/w8Cxaghi841YyPDKHe+oE3Sy8yeA2bfFlJpHl7kwIcJZ
WhHa5IutOftXdeY+DMiJGwKZOGuBDla4ca9fpK4SOF7NdTrLFQL46mvawNq/WGTE
qQlXH3e9d7htfUq0AR5ZnnZ/nl2mBE1jRCajhTk29PT3Nje2Bo9lL6Kga2CysX4g
Zflc5aXX3KsyfxAx0kEkrjkZJ8ukqKyR7yh+bp+fu2pgpbwI9STFVvopv7r4MH1f
Y+2W1bCiwK/KneKNObbpzLGVRMfG5qv8z+pR6fpW4FRu0E5ZYDBE8JCG1dqg00K3
dfGydR27FFtt9YWMmiHaIWD6rZnCwHDoZnV0LLiAJ/i+kvJkGvT8fL7435+kiEVX
7u4lfce7GPuG2JErB7BnE+sG7J2dr+CuG/o7y7hTh+eKjWk+yTP6vn7QHka1Uj7X
LesTUEh2Y2tic4hXh//jKM4KCJk5xMJ1TDJadg1RNmD3sGvNnu5IItzyQ3rV1ZyJ
jqdppWxVUb+kRSRQEu/icN/rq4/f4jvPSV4DWb9NrzwCex3uzrMKW1j0oP9cMvQ0
KYhq0i6iWjzbCSSkJckHFiPt6hgicEuQlIl0zxYxoYpVWJmjmqG8QrPDbLQtz8P8
GViQGoiJ8w==
=/7xW
-----END PGP SIGNATURE-----
Merge tag 'block-6.2-2023-02-17' of git://git.kernel.dk/linux
Pull block fix from Jens Axboe:
"I guess this is what can happen when you prep things early for going
away, something else comes in last minute. This one fixes another
regression in 6.2 for NVMe, from this release, and hence we should
probably get it submitted for 6.2.
Still waiting for the original reporter (see bugzilla linked in the
commit) to test this, but Keith managed to setup and recreate the
issue and tested the patch that way"
* tag 'block-6.2-2023-02-17' of git://git.kernel.dk/linux:
nvme-pci: refresh visible attrs for cmb attributes
MAINTAINERS update.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY/AK0AAKCRDdBJ7gKXxA
jg4SAQCw/Udkt+UgtFzQ+oXg8FAw3ivrniGnOwaMfDDbiVz3KgD+Mkvnw6nb7PMT
G9iFA5ZRBISCv0ahXxnNrxbtmcFcewQ=
=fFg9
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2023-02-17-15-16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"Six hotfixes. Five are cc:stable: four for MM, one for nilfs2.
Also a MAINTAINERS update"
* tag 'mm-hotfixes-stable-2023-02-17-15-16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
nilfs2: fix underflow in second superblock position calculations
hugetlb: check for undefined shift on 32 bit architectures
mm/migrate: fix wrongly apply write bit after mkdirty on sparc64
MAINTAINERS: update FPU EMULATOR web page
mm/MADV_COLLAPSE: set EAGAIN on unexpected page refcount
mm/filemap: fix page end in filemap_get_read_batch
Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the second
superblock, underflows when the argument device size is less than 4096
bytes. Therefore, when using this macro, it is necessary to check in
advance that the device size is not less than a lower limit, or at least
that underflow does not occur.
The current nilfs2 implementation lacks this check, causing out-of-bound
block access when mounting devices smaller than 4096 bytes:
I/O error, dev loop0, sector 36028797018963960 op 0x0:(READ) flags 0x0
phys_seg 1 prio class 2
NILFS (loop0): unable to read secondary superblock (blocksize = 1024)
In addition, when trying to resize the filesystem to a size below 4096
bytes, this underflow occurs in nilfs_resize_fs(), passing a huge number
of segments to nilfs_sufile_resize(), corrupting parameters such as the
number of segments in superblocks. This causes excessive loop iterations
in nilfs_sufile_resize() during a subsequent resize ioctl, causing
semaphore ns_segctor_sem to block for a long time and hang the writer
thread:
INFO: task segctord:5067 blocked for more than 143 seconds.
Not tainted 6.2.0-rc8-syzkaller-00015-gf6feea56f66d #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:segctord state:D stack:23456 pid:5067 ppid:2
flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5293 [inline]
__schedule+0x1409/0x43f0 kernel/sched/core.c:6606
schedule+0xc3/0x190 kernel/sched/core.c:6682
rwsem_down_write_slowpath+0xfcf/0x14a0 kernel/locking/rwsem.c:1190
nilfs_transaction_lock+0x25c/0x4f0 fs/nilfs2/segment.c:357
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2486 [inline]
nilfs_segctor_thread+0x52f/0x1140 fs/nilfs2/segment.c:2570
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
...
Call Trace:
<TASK>
folio_mark_accessed+0x51c/0xf00 mm/swap.c:515
__nilfs_get_page_block fs/nilfs2/page.c:42 [inline]
nilfs_grab_buffer+0x3d3/0x540 fs/nilfs2/page.c:61
nilfs_mdt_submit_block+0xd7/0x8f0 fs/nilfs2/mdt.c:121
nilfs_mdt_read_block+0xeb/0x430 fs/nilfs2/mdt.c:176
nilfs_mdt_get_block+0x12d/0xbb0 fs/nilfs2/mdt.c:251
nilfs_sufile_get_segment_usage_block fs/nilfs2/sufile.c:92 [inline]
nilfs_sufile_truncate_range fs/nilfs2/sufile.c:679 [inline]
nilfs_sufile_resize+0x7a3/0x12b0 fs/nilfs2/sufile.c:777
nilfs_resize_fs+0x20c/0xed0 fs/nilfs2/super.c:422
nilfs_ioctl_resize fs/nilfs2/ioctl.c:1033 [inline]
nilfs_ioctl+0x137c/0x2440 fs/nilfs2/ioctl.c:1301
...
This fixes these issues by inserting appropriate minimum device size
checks or anti-underflow checks, depending on where the macro is used.
Link: https://lkml.kernel.org/r/0000000000004e1dfa05f4a48e6b@google.com
Link: https://lkml.kernel.org/r/20230214224043.24141-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: <syzbot+f0c4082ce5ebebdac63b@syzkaller.appspotmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Users can specify the hugetlb page size in the mmap, shmget and
memfd_create system calls. This is done by using 6 bits within the flags
argument to encode the base-2 logarithm of the desired page size. The
routine hstate_sizelog() uses the log2 value to find the corresponding
hugetlb hstate structure. Converting the log2 value (page_size_log) to
potential hugetlb page size is the simple statement:
1UL << page_size_log
Because only 6 bits are used for page_size_log, the left shift can not be
greater than 63. This is fine on 64 bit architectures where a long is 64
bits. However, if a value greater than 31 is passed on a 32 bit
architecture (where long is 32 bits) the shift will result in undefined
behavior. This was generally not an issue as the result of the undefined
shift had to exactly match hugetlb page size to proceed.
Recent improvements in runtime checking have resulted in this undefined
behavior throwing errors such as reported below.
Fix by comparing page_size_log to BITS_PER_LONG before doing shift.
Link: https://lkml.kernel.org/r/20230216013542.138708-1-mike.kravetz@oracle.com
Link: https://lore.kernel.org/lkml/CA+G9fYuei_Tr-vN9GS7SfFyU1y9hNysnf=PB7kT0=yv4MiPgVg@mail.gmail.com/
Fixes: 42d7395feb ("mm: support more pagesizes for MAP_HUGETLB/SHM_HUGETLB")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reviewed-by: Jesper Juhl <jesperjuhl76@gmail.com>
Acked-by: Muchun Song <songmuchun@bytedance.com>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: Anders Roxell <anders.roxell@linaro.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Sasha Levin <sashal@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Nick Bowler reported another sparc64 breakage after the young/dirty
persistent work for page migration (per "Link:" below). That's after a
similar report [2].
It turns out page migration was overlooked, and it wasn't failing before
because page migration was not enabled in the initial report test
environment.
David proposed another way [2] to fix this from sparc64 side, but that
patch didn't land somehow. Neither did I check whether there's any other
arch that has similar issues.
Let's fix it for now as simple as moving the write bit handling to be
after dirty, like what we did before.
Note: this is based on mm-unstable, because the breakage was since 6.1 and
we're at a very late stage of 6.2 (-rc8), so I assume for this specific
case we should target this at 6.3.
[1] https://lore.kernel.org/all/20221021160603.GA23307@u164.east.ru/
[2] https://lore.kernel.org/all/20221212130213.136267-1-david@redhat.com/
Link: https://lkml.kernel.org/r/20230216153059.256739-1-peterx@redhat.com
Fixes: 2e3468778d ("mm: remember young/dirty bit for page migrations")
Link: https://lore.kernel.org/all/CADyTPExpEqaJiMGoV+Z6xVgL50ZoMJg49B10LcZ=8eg19u34BA@mail.gmail.com/
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: Nick Bowler <nbowler@draconx.ca>
Acked-by: David Hildenbrand <david@redhat.com>
Tested-by: Nick Bowler <nbowler@draconx.ca>
Cc: <regressions@lists.linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
- Prevent fallthrough to hash TLB flush when using radix.
Thanks to: Benjamin Gray, "Erhard F.".
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmPv/QYTHG1wZUBlbGxl
cm1hbi5pZC5hdQAKCRBR6+o8yOGlgDbsEACu3yb1hmIwSxYsJxZMRv2Fnq99Iq/G
Mo8AbnIeWNsVD1ecNIRPfORUDZLh4n6qZ7TpPyPdAMzjBydircZnXbyrExwbrL4O
6io+3rbEGIp91rqORELHVaQtk/md+0v3jL91qd+8icVljvKp2iAbBTtc/vfmPH4m
9sSV2H4dhCXTOyxxvzAMkK41danWMymg57HmynskX7ZL41tuGTK0ILObxkBB2dOi
/NtJUJOUSX/sJRNEvZiy68N37U8u+3vKvwZxoeo/GZEmDkFZ2NSVtB7uHXulvIp1
DYVXllQb6WqejjyilqkKiZRkBkqhPjsJ40BzwnE6D5LYd3w5rE6kgqnOM4VKcrxZ
KFHjnkOHCt+2rj3XqyjpVp8hvOHer3Mq5R1IpDPNkKYUVP95HA7lGuG/O6uZfaAe
Z8sT+kAYkabrcgNkclsmzTI94RCP8TFOp8zZJj1qWgdyF7nH9oHkS+5pWG6P/CNZ
sUf523lQdE+jwoiM8R/iY6mxdmw0ZaQ0SCKNfgupU+63QUuAJVg0i/caVXsvl7Ra
qEaaZoZiddqFAwY6LYBvbFRZFZhH7irFnpIS3V3A5ZDmopAbO0HIw3Huue84NTrZ
CaycTrL+Cqbf7IGjHooiQcv6g1yUhVBQIRyYWFSr04DOm0L279Pe1Z+JJ7ZR5tcD
p20ZU0/HDsv6rQ==
=RpCo
-----END PGP SIGNATURE-----
Merge tag 'powerpc-6.2-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fix from Michael Ellerman:
- Prevent fallthrough to hash TLB flush when using radix
Thanks to Benjamin Gray and Erhard Furtner.
* tag 'powerpc-6.2-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/64s: Prevent fallthrough to hash TLB flush when using radix
Bugfix:
- Revert "NFSv4.2: Change the default KConfig value for READ_PLUS"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAmPvincACgkQZwvnipYK
APLiRQ//a3o1piP65mXrxrNHmom9UcafiLPuxaJeP2hFCLXjxhiXDPoRq+ot06dr
r26p4bpcABwCy5R3Kx4KHXC5eFUeKOLiJrSM3oFgTcCIZ3etOBsoKuu5JB9SdOpH
AB/vjDEXyqvG55q+HJRW780m1hufzj06lyatG1RBllsYDXhEOeo2eDqfVRUrgX8u
iWJZDDalIMZWlQWJiT3BRm/UGmyA/b6xueusiZotBLmWzaVvVvdiFaM6KKfur6+E
8lA67g4tFGZr2kfvMLt7CXVnldQysNIH25+wur5XcfDCk4346DhSVgDq9bd2x+8O
vmYaOdZ/29dN5mQ0T94jGiTui+r4OUee7gL8XJ1ESpwPSagh2xMvgA7JA/Scx7oh
D8H+VoW4UBm7PNUX22iysZfYfQds3Cm3lohr3d6X0a0ZLewYifdUuITE9RoUO4Ne
D3pmI0uFgvZK4V/Flg8hV8Ns7CApSjHUqcWb4uTGqG76IgWMtGuQGtVYU0XEYDVy
qxJMw+d0RGie0kzyFabZML9iKq/iwj4cYcjr2Ky8xJ0VeRDYL7cx/4dGYjrwEZh7
SEYVs2WjqSjEfnvwMjS5zVt30m7dzMMIp0YoYHv7GJ8P/hqMnaNIZo483JinqHGh
gj7pfsFyt5gF56iiXOqsJZR3soPQfWnonb4IddOVDv5z82//Ea4=
=9nSH
-----END PGP SIGNATURE-----
Merge tag 'nfs-for-6.2-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client fix from Trond Myklebust:
"Unfortunately, we found another bug in the NFSv4.2 READ_PLUS code.
Since it has not been possible to fix the bug in time for the 6.2
release, let's just revert the Kconfig change that enables it:
- Revert 'NFSv4.2: Change the default KConfig value for READ_PLUS'"
* tag 'nfs-for-6.2-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
Revert "NFSv4.2: Change the default KConfig value for READ_PLUS"
A few last-minute fixes. The significant ones are two ASoC SOF
regression fixes while the rest are trivial HD-audio quirks.
All are small / one-liners and should be pretty safe to take.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmPvPD0OHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/Fng/9FvLr3xCkoT8RP5HujOaDUXA22aOA+x1MBert
AWf11XFT7bp9QwLNq2J/QnZxQHVwyLoJhXCEM/9zqvQvObs7cYkVQmAFA3wwdmFg
trdjjhc9jjGZhz8n0bNlEF2D6lnXRGnpsC+CmjRL7+qLNE2k9wfhRfAMC2lO2DmO
hWJtlbz4Ojzas3SrJlnthELdHFoOhW8VeRbm7LI03qjf/bVUy/95bfcVQ9M7odFy
HOey4HcMHbbo2FK6GDH86EF6jV+HCjZlJmYXzByX3Z9q4INd6oLR80f0+FbUsn5f
2BA4IoxBswxkXwK7puvdHjfg/IrOYSpAx1s1hlcX2HsGbwOvSbXncziTsJ8fwUDK
Yu+UcvVPO0tmykVu82XbQ0FTGNKf0d8d6dPtjiG5y+jXDDp61Obb8uJOLTFQ641q
VlxbRFT3bL0ex7V2KShbQktY7AUycUmx0/BT24rm2RXeGb9ITXUegLr3Vkza0rEQ
8AUjEBeZeBOjg8q54TI3VgXUKfQoDB1qn60V9zYC+F+UPhe57tPo28hsuNfDKUqA
+UwxfOV4uTZzmx0ZcdEJ3t53bAsWQvetZeAel/u/dHpzHGrYMcEjfPCp0griaHsa
7bMV1AefozNlbZCyapRlqsncalK+KmYUdw6nyFkgwq285SSScdzFe5/ZDkhRuwqV
kdWGCvU=
=paSd
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A few last-minute fixes. The significant ones are two ASoC SOF
regression fixes while the rest are trivial HD-audio quirks.
All are small / one-liners and should be pretty safe to take"
* tag 'sound-fix-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops
ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform.
ALSA: hda/realtek - fixed wrong gpio assigned
ALSA: hda: Fix codec device field initializan
ALSA: hda/conexant: add a new hda codec SN6180
ASoC: SOF: ops: refine parameters order in function snd_sof_dsp_update8
- fix a memory leak in gpio-sim
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmPvcCoACgkQEacuoBRx
13L7wxAApoDFqkv7nCfjiJXiwrWCFRSEKMIUHlmlDY26SximPgrJX3lPyp5S0l8Q
Q658t3WryWJVO2xg9ZDwm1Kg5wHeDIIifrSZVGkeZBpBJuYZg85zI8FkfqwImK/i
h+EoB/EXPVYmEB3xY8/0sivpcsRoaPx3GyaD5jgT7yRbl89lx9+hXaeyafdJZsOj
Iw4PzSigiWkwUjh5LsN94wpTlV9XtWwc38q5nJRVXtDD1HP9dPdgADcYeVk3ZlL+
vaanN7dAf8lytBBEVCDLD1iw9MBmdbTmnIN/rkNjs+XfO84hQu0LYmUf4FMp1CU5
9++RRUEELJTviqX8P93hMCP1w+1NOh15ROSgJTqpYurYspuayRHTGPTd2OsBjE6U
sdmmjMgpVxn28jevnK9MsDWd3iRLfD1EqNGCrd1SNsHPUDJVPfuK85KophopypZW
9uD0S0ZPaBY4r05ZojUxsUIp8XML9gWYfmWXKpVcQhiH8GjhCtcv+bxoal+KR8Rc
T5Afe4tiFL77m2q6K/MRufnsjPrxFepYNnuT/vV6/eH+dVm/98SF0BIY1Z1nnYB3
lPoCQnGq3N1ENfjvD+a89mgrjNmVS86X7liU4+/6lUiSfbCxaklc8H3gLW9zhK+f
4K+sx1ho+Munj4BgtmGBC7wsfcLA7fBua9F1hyk3Z8zM/O2zrdE=
=Wdym
-----END PGP SIGNATURE-----
Merge tag 'gpio-fixes-for-v6.2-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fix from Bartosz Golaszewski:
- fix a memory leak in gpio-sim that was triggered every time libgpiod
tests are run in user-space
* tag 'gpio-fixes-for-v6.2-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpio: sim: fix a memory leak
Three small fixes for 6.2 final:
* Disable READ LOG DMA EXT for Samsung MZ7LH drives as these drives
choke on that command, from Patrick.
* Add Intel Tiger Lake UP{3,4} to the list of supported AHCI
controllers (this is not technically a bug fix, but it is trivial
enough that I add it here), from SImon.
* Fix code comments in the pata_octeon_cf driver as incorrect
formatting was causing warnings from kernel-doc, from Randy.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY+9ZvwAKCRDdoc3SxdoY
dtNIAQCTDJCUVZViAEIf/ntjAJSyjCw7SCkinOKHPpC40QpQ8wD/eRsuq4LfZY6H
rrFfRxuO7hgviGUTFuAbP7mNMMI05gw=
=lvfh
-----END PGP SIGNATURE-----
Merge tag 'ata-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ata fixes from Damien Le Moal:
"Three small fixes for 6.2 final:
- Disable READ LOG DMA EXT for Samsung MZ7LH drives as these drives
choke on that command, from Patrick.
- Add Intel Tiger Lake UP{3,4} to the list of supported AHCI
controllers (this is not technically a bug fix, but it is trivial
enough that I add it here), from Simon.
- Fix code comments in the pata_octeon_cf driver as incorrect
formatting was causing warnings from kernel-doc, from Randy"
* tag 'ata-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
ata: pata_octeon_cf: drop kernel-doc notation
ata: ahci: Add Tiger Lake UP{3,4} AHCI controller
ata: libata-core: Disable READ LOG DMA EXT for Samsung MZ7LH
- Fix potential resource leaks in SDIO card detection error path
MMC host:
- jz4740: Decrease maximum clock rate to workaround bug on JZ4760(B)
- meson-gx: Fix SDIO support to get some WiFi modules to work again
- mmc_spi: Fix error handling in ->probe()
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmPvV6gXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCm4lRAAjfO/NyxKKOOsrPpmupYu6tBb
gmRXF7Sl83L/b54d+V0aEdpUJP9iSiqW1VtOpzIiSgKvZkh3xpBzaJAwd0mdnpkW
YqMC3lZ9iOCNu8X3wAsiIqp2fuW0btNTDQWSljtLY2atvU9nfYRFWuOQoR8AIjSR
rCG235JggR93bfrEhb8mF+7EBIQa8awBBX4u20RA9LS5DyneD2qfExIOsG7Fz+T/
sjSdodwDBePMjrn1sXFVgzA/cCv5p2Xet5Mt2Qnl9Vl7GT0RwAKEXjwkn/7JDg3i
9SPknokyKZio3KJFa+bF3gS5S6bOABz1GUclZ5lGSKTR3lgpi4eZQ/I+r8uDRKaj
sAdm2ICCIdTgqTg983+zhBrQ2Zn1gV2gvDPSaQFs2fpi709tNZXOmIL4j2FcD3do
2kRLN3aJHGNPRcHGi3mu5BHjL9Bxq/6Z0CFyGgf+RserkZ3otOa8avV3Gpn/ovix
lU7sw1cZKBBDN0UXELI/7YKtNGMPpxJRkRGykCWDKyLPp/FyxL7E44HnRphxgWOV
gWU7TS773RcXEr3Porx+lPC1wDm31srszuZrAzIBGJIUUSqnJpdt3y89yVsDhzZW
05mvVCdWGOG2XSSQId4Aj1RiRemCu8oTd6+l/+k179mA8ezBUaXb9Mt6anvqvrop
oucJVLZGeDi4YnbNw3E=
=hNCw
-----END PGP SIGNATURE-----
Merge tag 'mmc-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
"MMC core:
- Fix potential resource leaks in SDIO card detection error path
MMC host:
- jz4740: Decrease maximum clock rate to workaround bug on JZ4760(B)
- meson-gx: Fix SDIO support to get some WiFi modules to work again
- mmc_spi: Fix error handling in ->probe()"
* tag 'mmc-v6.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: jz4740: Work around bug on JZ4760(B)
mmc: mmc_spi: fix error handling in mmc_spi_probe()
mmc: sdio: fix possible resource leaks in some error paths
mmc: meson-gx: fix SDIO mode if cap_sdio_irq isn't set
This reverts commit 7fd461c47c.
Unfortunately, it has come to our attention that there is still a bug
somewhere in the READ_PLUS code that can result in nfsroot systems on
ARM to crash during boot.
Let's do the right thing and revert this change so we don't break
people's nfsroot setups.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO
hog structures never being freed.
Fixes: cb8c474e79 ("gpio: sim: new testing module")
Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
One more fix from Peter which he'd very much like to get into
v6.2.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmPu3mMACgkQJNaLcl1U
h9Dcjwf/bTYPzsIoWJEdVXLHww5l6Jt6hLb5uhWfjw8+dnN+MwQ5iPsZ6b+jSdfD
q3mPI+t06wH5WIN6EfDeznHHH9xpOOKQKttHQpFxjlCW++sbfZ1W7HGA8COe2ye9
Sulu9uRkxQfAGrzD21JyZ4RHdfRzceYb30Fzv/0YJmutqwy/NSSBE5IeSDd6M2nu
Tz/GwXMnDj3QXhUxiQYGvjiMqWQ+5x3FpKX5G0yxMElVLho6XOkDB5Evq8W0vJPL
GRXh83z4+8izHZ32FMtPMDLkUccB5zggOKLNdv/jtttj02vEcLcIHE0RhXseTB9g
JBwExuMuWfFAQtKPyai2sS5q3OhAWA==
=Wxr1
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v6.2-rc8-2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: One more fix for v6.2
One more fix from Peter which he'd very much like to get into
v6.2.
The sysfs group containing the cmb attributes is registered before the
driver knows if they need to be visible or not. Update the group when
cmb attributes are known to exist so the visibility setting is correct.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217037
Fixes: 86adbf0cdb ("nvme: simplify transport specific device attribute handling")
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
drm:
- dynamic debug disable for now
fbdev:
- deferred i/o device close fix
amdgpu:
- Fix GC11.x suspend warning
- Fix display warning
vc4:
- YUV planes fix
- hdmi display fix
- crtc reduced blanking fix
ast:
- fix start address computation
vmwgfx:
- fix bo/handle races
i915:
- gen11 WA fix
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmPu4vMACgkQDHTzWXnE
hr5+eg/+LcMV6Mkc2pAWc/M9vjuViXgP6GlkUgqa5qD8oiB54ifyCYHjNYXt3LdQ
/s6xxfmD+9UitHAoCmt+j5LL0UYdLh3JGUP8y8FWEsPCigx3gPIInlrU92Y53hs7
9NsO7hGl7/5WJZngt7GO2fr4DG+Di0nZ5PUMYihk2EFl3OpeuhKmoz1Gw6HRDGvj
Alydm40SYFfVA0/RqdqybNJg9fFqLO/7NaK42KaFXpgL6uAnL6lHcmxgMXfHNeQD
0QCp6dxQSF1xbrrEgnS63QxObWDcBk8FeMGjLijQR0eoCg5FJrYXcQ7Vk7zgma/c
iCQyhd9xx7tdWd3rIf6kuBDKfKl7xFSNflgvjjWc4TwD9WfQuZXNkozO1GuZAPms
vsmF4Yj+GIsaKAyvUEr5u9S/zcPJ9s50Bn2QRTLyeKkYUoE7StukMvVqgAxqlJO5
ljrUbzl/EbRFMj/oGFQXi5hpemj2jyzsi5W9vsOgWMTw/gv2QIKIqjDjUVnhZ9Rf
14THVTILfQ6fTPUp5bq+yR5N9QIjr/qrmN/1BZHNTx9ZGMo0cMf7r4EmtPvy0gLi
EvdY2MrVPOVyFTWoE7ivY1RXHuh54LObw18uCsEaXRWWVxEEV0RfcpNvK3ukC1az
WhaXa2B5gTLWYBHSViexaRuKbQScAgLPDidj8KZhKsPpLTN1cKE=
=Dii1
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2023-02-17' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Just a final collection of misc fixes, the biggest disables the
recently added dynamic debugging support, it has a regression that
needs some bigger fixes.
Otherwise a bunch of fixes across the board, vc4, amdgpu and vmwgfx
mostly, with some smaller i915 and ast fixes.
drm:
- dynamic debug disable for now
fbdev:
- deferred i/o device close fix
amdgpu:
- Fix GC11.x suspend warning
- Fix display warning
vc4:
- YUV planes fix
- hdmi display fix
- crtc reduced blanking fix
ast:
- fix start address computation
vmwgfx:
- fix bo/handle races
i915:
- gen11 WA fix"
* tag 'drm-fixes-2023-02-17' of git://anongit.freedesktop.org/drm/drm:
drm/amd/display: Fail atomic_check early on normalize_zpos error
drm/amd/amdgpu: fix warning during suspend
drm/vmwgfx: Do not drop the reference to the handle too soon
drm/vmwgfx: Stop accessing buffer objects which failed init
drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
drm: Disable dynamic debug as broken
drm/ast: Fix start address computation
fbdev: Fix invalid page access after closing deferred I/O devices
drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking
drm/vc4: hdmi: Always enable GCP with AVMUTE cleared
drm/vc4: Fix YUV plane handling when planes are in different buffers
The web page entry for the FPU EMULATOR no longer works. I notified Bill
of this and he asked me to update it to this new entry.
Link: https://lkml.kernel.org/r/20230214170208.17287-1-rdunlap@infradead.org
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Bill Metzenthen <billm@melbpc.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
During collapse, in a few places we check to see if a given small page has
any unaccounted references. If the refcount on the page doesn't match our
expectations, it must be there is an unknown user concurrently interested
in the page, and so it's not safe to move the contents elsewhere.
However, the unaccounted pins are likely an ephemeral state.
In this situation, MADV_COLLAPSE returns -EINVAL when it should return
-EAGAIN. This could cause userspace to conclude that the syscall
failed, when it in fact could succeed by retrying.
Link: https://lkml.kernel.org/r/20230125015738.912924-1-zokeefe@google.com
Fixes: 7d8faaf155 ("mm/madvise: introduce MADV_COLLAPSE sync hugepage collapse")
Signed-off-by: Zach O'Keefe <zokeefe@google.com>
Reported-by: Hugh Dickins <hughd@google.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
I was running traces of the read code against an RAID storage system to
understand why read requests were being misaligned against the underlying
RAID strips. I found that the page end offset calculation in
filemap_get_read_batch() was off by one.
When a read is submitted with end offset 1048575, then it calculates the
end page for read of 256 when it should be 255. "last_index" is the index
of the page beyond the end of the read and it should be skipped when get a
batch of pages for read in @filemap_get_read_batch().
The below simple patch fixes the problem. This code was introduced in
kernel 5.12.
Link: https://lkml.kernel.org/r/20230208022400.28962-1-coolqyj@163.com
Fixes: cbd59c48ae ("mm/filemap: use head pages in generic_file_buffered_read")
Signed-off-by: Qian Yingjin <qian@ddn.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
In the fix reconnecting hash__tlb_flush() to tlb_flush() the
void return on radix__tlb_flush() was not restored and subsequently
falls through to the restored hash__tlb_flush().
Guard hash__tlb_flush() under an else to prevent this.
Fixes: 1665c027af ("powerpc/64s: Reconnect tlb_flush() to hash__tlb_flush()")
Reported-by: "Erhard F." <erhard_f@mailbox.org>
Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230217011434.115554-1-bgray@linux.ibm.com
an invalid page access fix for fbdev, mark dynamic debug as broken, a
double free and refcounting fix for vmwgfx.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCY+308gAKCRDj7w1vZxhR
xTd/AP9SMRG/taunOEH2LQ6MsiOqFOUqsC39FhHiFs7tJdGXIAEA6n3SuP+33k0d
YCwcH74h/sx+/ILHoQhdZnBFxhYrHwM=
=oo+N
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2023-02-16' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Multiple fixes in vc4 to address issues with YUV planes, HDMI and CRTC;
an invalid page access fix for fbdev, mark dynamic debug as broken, a
double free and refcounting fix for vmwgfx.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20230216091905.i5wswy4dd74x4br5@houat
Currently it's possible for a user to open CHAIN events arbitrarily,
which we previously tried to rule out in commit:
ca2b497253 ("arm64: perf: Reject stand-alone CHAIN events for PMUv3")
Which allowed the events to be opened, but prevented them from being
scheduled by by using an arm_pmu::filter_match hook to reject the
relevant events.
The CHAIN event filtering in the arm_pmu::filter_match hook was silently
removed in commit:
bd27568117 ("perf: Rewrite core context handling")
As a result, it's now possible for users to open CHAIN events, and for
these to be installed arbitrarily.
Fix this by rejecting CHAIN events at creation time. This avoids the
creation of events which will never count, and doesn't require using the
dynamic filtering.
Attempting to open a CHAIN event (0x1e) will now be rejected:
| # ./perf stat -e armv8_pmuv3/config=0x1e/ ls
| perf
|
| Performance counter stats for 'ls':
|
| <not supported> armv8_pmuv3/config=0x1e/
|
| 0.002197470 seconds time elapsed
|
| 0.000000000 seconds user
| 0.002294000 seconds sys
Other events (e.g. CPU_CYCLES / 0x11) will open as usual:
| # ./perf stat -e armv8_pmuv3/config=0x11/ ls
| perf
|
| Performance counter stats for 'ls':
|
| 2538761 armv8_pmuv3/config=0x11/
|
| 0.002227330 seconds time elapsed
|
| 0.002369000 seconds user
| 0.000000000 seconds sys
Fixes: bd27568117 ("perf: Rewrite core context handling")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20230216141240.3833272-3-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Janne reports that perf has been broken on Apple M1 as of commit:
bd27568117 ("perf: Rewrite core context handling")
That commit replaced the pmu::filter_match() callback with
pmu::filter(), whose return value has the opposite polarity, with true
implying events should be ignored rather than scheduled. While an
attempt was made to update the logic in armv8pmu_filter() and
armpmu_filter() accordingly, the return value remains inverted in a
couple of cases:
* If the arm_pmu does not have an arm_pmu::filter() callback,
armpmu_filter() will always return whether the CPU is supported rather
than whether the CPU is not supported.
As a result, the perf core will not schedule events on supported CPUs,
resulting in a loss of events. Additionally, the perf core will
attempt to schedule events on unsupported CPUs, but this will be
rejected by armpmu_add(), which may result in a loss of events from
other PMUs on those unsupported CPUs.
* If the arm_pmu does have an arm_pmu::filter() callback, and
armpmu_filter() is called on a CPU which is not supported by the
arm_pmu, armpmu_filter() will return false rather than true.
As a result, the perf core will attempt to schedule events on
unsupported CPUs, but this will be rejected by armpmu_add(), which may
result in a loss of events from other PMUs on those unsupported CPUs.
This means a loss of events can be seen with any arm_pmu driver, but
with the ARMv8 PMUv3 driver (which is the only arm_pmu driver with an
arm_pmu::filter() callback) the event loss will be more limited and may
go unnoticed, which is how this issue evaded testing so far.
Fix the CPU filtering by performing this consistently in
armpmu_filter(), and remove the redundant arm_pmu::filter() callback and
armv8pmu_filter() implementation.
Commit bd27568117 also silently removed the CHAIN event filtering from
armv8pmu_filter(), which will be addressed by a separate patch without
using the filter callback.
Fixes: bd27568117 ("perf: Rewrite core context handling")
Reported-by: Janne Grunau <j@jannau.net>
Link: https://lore.kernel.org/asahi/20230215-arm_pmu_m1_regression-v1-1-f5a266577c8d@jannau.net/
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Asahi Lina <lina@asahilina.net>
Cc: Eric Curtin <ecurtin@redhat.com>
Tested-by: Janne Grunau <j@jannau.net>
Link: https://lore.kernel.org/r/20230216141240.3833272-2-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Current release - regressions:
- fix unwanted sign extension in netdev_stats_to_stats64()
Current release - new code bugs:
- initialize net->notrefcnt_tracker earlier
- devlink: fix netdev notifier chain corruption
- nfp: make sure mbox accesses in IPsec code are atomic
- ice: fix check for weight and priority of a scheduling node
Previous releases - regressions:
- ice: xsk: fix cleaning of XDP_TX frame, prevent inf loop
- igb: fix I2C bit banging config with external thermal sensor
Previous releases - always broken:
- sched: tcindex: update imperfect hash filters respecting rcu
- mpls: fix stale pointer if allocation fails during device rename
- dccp/tcp: avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions
- remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues()
- af_key: fix heap information leak
- ipv6: fix socket connection with DSCP (correct interpretation
of the tclass field vs fib rule matching)
- tipc: fix kernel warning when sending SYN message
- vmxnet3: read RSS information from the correct descriptor (eop)
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmPueVYACgkQMUZtbf5S
IrudBg/9ENOTSK4LeUE0If6Mr/DBUje6OwUX29/prxJz+PfU+XTNZqFf9xfVC5tX
FnRAf7SxC4d4hmaA7JdOTFMyyDyZqQP1t13s0FSWAa5VbW3pnrqOXTyxCc9g3cZk
7m2co3XTH/U0FnbAZ6uzaoz7/NU+7UHYMVo5bCwLgB6YB31JWIcyTYKdYzl+xBFX
y0GNkLLDJOo6cSpA5VRDMit42XmIUk1C4uuMPN0M6Q2U2xnYg2nYqlSXvaW2Y9CN
NZgCCTp3AcKNqTU4zpjR6eyHK0xNgSCT4WJlx2tbnErdEo6gf8/Kw0PbbYAe/euk
hgZQ0I8JxujskJFuA7S4u+VaPG92ycAyKMZFIucwepKSqtAjjA+XxTs8jxyVJIwZ
+jwHnayEomlgnel+q+hE+XkNg3OdengTaudWn3vO2EtJrWyZh3nVP2krgxFlh8vY
qwSqhSiXi+sjxspYgeIyyu2XGfWdY1sKNRgkGqisTyfBIMRK/jRhas5kyKOAOiYo
32xuvXzVouxXipVZhE5RVoR1VpeKl6OXlCIVVDvT6el2Y5bkbEmkCgEyIPfv1xBX
17C9a1IhvTfHU8uJ11Mbi7jxRCC3ELi7JHNdht0/WZtdVNppcwALuK+xGjHwR67H
VWwWKO/M/ggd2OF1jW9eLzcJIixxCJjpu+VJFImd8aIUUw0LKy8=
=r2l1
-----END PGP SIGNATURE-----
Merge tag 'net-6.2-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Fixes from the main networking tree only, probably because all
sub-trees have backed off and haven't submitted their changes.
None of the fixes here are particularly scary and no outstanding
regressions. In an ideal world the "current release" sections would be
empty at this stage but that never happens.
Current release - regressions:
- fix unwanted sign extension in netdev_stats_to_stats64()
Current release - new code bugs:
- initialize net->notrefcnt_tracker earlier
- devlink: fix netdev notifier chain corruption
- nfp: make sure mbox accesses in IPsec code are atomic
- ice: fix check for weight and priority of a scheduling node
Previous releases - regressions:
- ice: xsk: fix cleaning of XDP_TX frame, prevent inf loop
- igb: fix I2C bit banging config with external thermal sensor
Previous releases - always broken:
- sched: tcindex: update imperfect hash filters respecting rcu
- mpls: fix stale pointer if allocation fails during device rename
- dccp/tcp: avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions
- remove WARN_ON_ONCE(sk->sk_forward_alloc) from
sk_stream_kill_queues()
- af_key: fix heap information leak
- ipv6: fix socket connection with DSCP (correct interpretation of
the tclass field vs fib rule matching)
- tipc: fix kernel warning when sending SYN message
- vmxnet3: read RSS information from the correct descriptor (eop)"
* tag 'net-6.2-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (35 commits)
devlink: Fix netdev notifier chain corruption
igb: conditionalize I2C bit banging on external thermal sensor support
net: mpls: fix stale pointer if allocation fails during device rename
net/sched: tcindex: search key must be 16 bits
tipc: fix kernel warning when sending SYN message
igb: Fix PPS input and output using 3rd and 4th SDP
net: use a bounce buffer for copying skb->mark
ixgbe: add double of VLAN header when computing the max MTU
i40e: add double of VLAN header when computing the max MTU
ixgbe: allow to increase MTU to 3K with XDP enabled
net: stmmac: Restrict warning on disabling DMA store and fwd mode
net/sched: act_ctinfo: use percpu stats
net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
ice: fix lost multicast packets in promisc mode
ice: Fix check for weight and priority of a scheduling node
bnxt_en: Fix mqprio and XDP ring checking logic
net: Fix unwanted sign extension in netdev_stats_to_stats64()
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
af_key: Fix heap information leak
...
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmPugusQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpm4sEACrMqKGTddM7rwxW0mUzZO3ywO2oS2rBfd1
+f1xD395wB3w02kAg8Iz6DKP3cO1l7C/YVek0SwzG5U2nvAURaoGI+Mxle1FT7Ho
OKf+QO2tBsiVXapOnCkAzCh7UQ4PcPHrbf/Kl41nQDkN3UDS2w3rFLNK7RtLD9F9
hW/4mxNsyUkOQpCDRuzwFi2KhCvyDYQQOTb+9SMgm9rZtrCkEOZxAEE7ByHfb3SG
aH0g39OcP7C1sD5Zs66tdYNUA/LldwF8BEJqmrwAkrsi2Vs+pForcinpyqS7ubX/
oHLkRnZ2TSyvmTKJwtxdXrMVn9zMa6TJ2XbIC6JUlXV3B2geonHKL8JItaYF7bbq
BUWL/oIY3gP7pO25oS6ZpZSmRUSBPx3AHy6v62dhpHu7T6Ayf6kt+X/YS/ab5EsP
0ot49lgP9c1A6OQp0/JuSU/dKtbLPpz5MVShTo8oc1qtJGjgjD4kM6wu98DSUWVw
QoreZSHyJxQWXkd/hrH6WD+zLRJCtUDssjANaQvpk2uAqE/0JDG+f3wQZXNcah9D
DjFgXuwjKjdZuUWfMjWfdpvQ0b+8FgE1r6J1KGC7A7ZZCQWcTDjFM91LaKRRwPOI
I+WdYe1PuXMUylIVyE4EoHVXqCcai1c7x+0Cui6M/OGytxdu4B4tgI34RQ1ZN0kp
KV2Y8kNV9Q==
=QFJG
-----END PGP SIGNATURE-----
Merge tag 'block-6.2-2023-02-16' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
"Just a few NVMe fixes that should go into the 6.2 release, adding a
quirk and fixing two issues introduced in this release:
- NVMe fixes via Christoph:
- Always return an ERR_PTR from nvme_pci_alloc_dev (Irvin Cote)
- Add bogus ID quirk for ADATA SX6000PNP (Daniel Wagner)
- Set the DMA mask earlier (Christoph Hellwig)"
* tag 'block-6.2-2023-02-16' of git://git.kernel.dk/linux:
nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
nvme-pci: set the DMA mask earlier
nvme-pci: add bogus ID quirk for ADATA SX6000PNP
One more last minute patch for v6.2 updating the parsing of the
newly added spi-cs-setup-delay-ns - it's been pointed out that
due to the way DT parsing works the change in property size is
ABI visible so let's not let a release go out without it being
fixed. The change got split from some earlier ABI related fixes
to the property since the first version sent had a build error.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmPuWgoACgkQJNaLcl1U
h9AI/gf/SEQzjI4vkoIezfwUfgzeP7Cjphna2rAmOOFc+S871FHUne7csWiNS3DI
YGhr3x2VqKdPyxkM+YoOavH9B9SmF9MUFtiT7Q5MEp0Pb7TQzw23qjrKBrKde0yX
r5cETkhy+21Tk6hzMs/0cC/4zRcf7IjgDT9L9+To9mKDHCYKoj3/WHoES6JgTYa8
z8fApLvjvCx2432eLzm66CoXgSK+UnQKT2bdo2w+YcITPBqge6REhmcfnOT9MzDO
LPOZ2hJ4lM6SPW2a4yBMX4pIouluDd6/giQ8LBt7xjesIKVmiHoW0dXRNis4+gq/
6kVjABEsBQ/xBOFgbuq1WfGRxaVJVA==
=qTWJ
-----END PGP SIGNATURE-----
Merge tag 'spi-v6.2-rc8-abi' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fix from Mark Brown:
"One more last minute patch for v6.2 updating the parsing of the newly
added spi-cs-setup-delay-ns.
It's been pointed out that due to the way DT parsing works the change
in property size is ABI visible so let's not let a release go out
without it being fixed. The change got split from some earlier ABI
related fixes to the property since the first version sent had a build
error"
* tag 'spi-v6.2-rc8-abi' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: Use a 32-bit DT property for spi-cs-setup-delay-ns