Граф коммитов

1137660 Коммитов

Автор SHA1 Сообщение Дата
Linus Torvalds f95077acac Additional sound fix for 6.1-rc5
This contains a regression fix for the latest memalloc helper change.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNvXmoOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE8xuw//fsXClcYR8PhY6TEMc1NvSJkVC0AsWNLQ3eMs
 YpiEBgzHn99YPGZx5cIiTES1e3HI0OgibnWEvF60rizjPeDELL1mJLAuupxjwRsE
 m1XsOuJ9AXDWdcwHZ/9Nh5A394El8fGo5au8IkOREMhHaMgwkWE7mVfl6h26qY8w
 0F6//MLuFNEuyWXAeZk9QqtYUpfIBf8xBGFkL0fa5dtTQ0NsqwGmoQx/WArk7E6U
 HrVL+x1mwZaK+8gSrbFdaAew8dxF1CAdk1XOVFiN8nvnN+Zvl7P1/WwU1u9FyAIC
 tcV7zqklv4oKGH2iRZzT+3TGDT5HN0ylzMKc0EAuBGKgveuw1BUIJo9QZ7frturh
 FCv/iOly1UP9lHFqoCrgBq4192gNwO2YNoLP3991iHVFliq9wS2Kk5QjGpVk49Z6
 6ujZlq8lvGgf+9/dEwfAxQmd2GjGU1fcg86e8trrgFaE5ESphyLWposLEPAxVQ+6
 EB1aeiLPrweS7IQ4qC6KHiS5tG6TZR3DUmKbjmwLB8+T/UALkcRY6wj8P0u9kUdH
 XWLrKmUv2ExysR0Pd2Hu2dMm2XX3fs5WgAtfRYrcNT2zKUemhbwIYubBkd9F6deb
 CMI8MomWOLC5KqEbNuOvMVOTavyPNFVh0LxVnwy2SK1rgxvwW1CfZaJFy1/noWqf
 GK4AdhY=
 =sSea
 -----END PGP SIGNATURE-----

Merge tag 'sound-fix-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull additional sound fix from Takashi Iwai:
 "A regression fix for the latest memalloc helper change"

* tag 'sound-fix-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: memalloc: Try dma_alloc_noncontiguous() at first
2022-11-12 09:23:32 -08:00
Takashi Iwai 9d8e536d36 ALSA: memalloc: Try dma_alloc_noncontiguous() at first
The latest fix for the non-contiguous memalloc helper changed the
allocation method for a non-IOMMU system to use only the fallback
allocator.  This should have worked, but it caused a problem sometimes
when too many non-contiguous pages are allocated that can't be treated
by HD-audio controller.

As a quirk workaround, go back to the original strategy: use
dma_alloc_noncontiguous() at first, and apply the fallback only when
it fails, but only for non-IOMMU case.

We'll need a better fix in the fallback code as well, but this
workaround should paper over most cases.

Fixes: 9736a32513 ("ALSA: memalloc: Don't fall back for SG-buffer with IOMMU")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/CAHk-=wgSH5ubdvt76gNwa004ooZAEJL_1Q-Fyw5M2FDdqL==dg@mail.gmail.com
Link: https://lore.kernel.org/r/20221112084718.3305-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-11-12 09:48:51 +01:00
Linus Torvalds 8f2975c2bb ata fixes for 6.1-rc5
Several libata generic code fixes for rc5:
 
  - Add missing translation of the SYNCHRONIZE CACHE 16 scsi command as
    this command is mandatory for host-managed ZBC drives. The lack of
    support for it in libata-scsi was causing issues with some
    passthrough applications using ZBC drives (from Shin'ichiro).
 
  - Fix the error path of libata-transport host, port, link and device
    attributes initialization (from Yingliang).
 
  - Prevent issuing new commands to a drive that is in the NCQ error
    state and undergoing recovery (From Niklas). This bug went unnoticed
    for a long time as commands issued to a drive in error state are
    aborted immediately and retried by the scsi layer, hiding the useless
    abort-and-retry sequence.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY2747wAKCRDdoc3SxdoY
 dto2APwMUungXAkvlc+GuvSxkgbu/0ERcaATs9l5doYAcQ2jPQD/fE6gpSaE5e3X
 RGm7egQrhkTUhoZnWmHtMdHCx2QgZQ4=
 =Cj/q
 -----END PGP SIGNATURE-----

Merge tag 'ata-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata

Pull ata fixes from Damien Le Moal:
 "Several libata generic code fixes for rc5:

   - Add missing translation of the SYNCHRONIZE CACHE 16 scsi command as
     this command is mandatory for host-managed ZBC drives.

     The lack of support for it in libata-scsi was causing issues with
     some passthrough applications using ZBC drives (from Shin'ichiro).

   - Fix the error path of libata-transport host, port, link and device
     attributes initialization (from Yingliang).

   - Prevent issuing new commands to a drive that is in the NCQ error
     state and undergoing recovery (From Niklas).

     This bug went unnoticed for a long time as commands issued to a
     drive in error state are aborted immediately and retried by the
     scsi layer, hiding the useless abort-and-retry sequence"

* tag 'ata-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
  ata: libata-core: do not issue non-internal commands once EH is pending
  ata: libata-transport: fix error handling in ata_tdev_add()
  ata: libata-transport: fix error handling in ata_tlink_add()
  ata: libata-transport: fix error handling in ata_tport_add()
  ata: libata-transport: fix double ata_host_put() in ata_tport_add()
  ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
2022-11-11 20:27:13 -08:00
Linus Torvalds d7c2b1f64e 22 hotfixes. 8 are cc:stable and the remainder address issues which were
introduced post-6.0 or which aren't considered serious enough to justify a
 -stable backport.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY27xPAAKCRDdBJ7gKXxA
 juFXAP4tSmfNDrT6khFhV0l4cS43bluErVNLh32RfXBqse8GYgEA5EPvZkOssLqY
 86ejRXFgAArxYC4caiNURUQL+IASvQo=
 =YVOx
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc hotfixes from Andrew Morton:
 "22 hotfixes.

  Eight are cc:stable and the remainder address issues which were
  introduced post-6.0 or which aren't considered serious enough to
  justify a -stable backport"

* tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (22 commits)
  docs: kmsan: fix formatting of "Example report"
  mm/damon/dbgfs: check if rm_contexts input is for a real context
  maple_tree: don't set a new maximum on the node when not reusing nodes
  maple_tree: fix depth tracking in maple_state
  arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level paging
  fs: fix leaked psi pressure state
  nilfs2: fix use-after-free bug of ns_writer on remount
  x86/traps: avoid KMSAN bugs originating from handle_bug()
  kmsan: make sure PREEMPT_RT is off
  Kconfig.debug: ensure early check for KMSAN in CONFIG_KMSAN_WARN
  x86/uaccess: instrument copy_from_user_nmi()
  kmsan: core: kmsan_in_runtime() should return true in NMI context
  mm: hugetlb_vmemmap: include missing linux/moduleparam.h
  mm/shmem: use page_mapping() to detect page cache for uffd continue
  mm/memremap.c: map FS_DAX device memory as decrypted
  Partly revert "mm/thp: carry over dirty bit when thp splits on pmd"
  nilfs2: fix deadlock in nilfs_count_free_blocks()
  mm/mmap: fix memory leak in mmap_region()
  hugetlbfs: don't delete error page from pagecache
  maple_tree: reorganize testing to restore module testing
  ...
2022-11-11 17:18:42 -08:00
Linus Torvalds 5ad6e7ba98 arm64 fixes:
- Another fix for rodata=full. Since rodata= is not a simple boolean on
   arm64 (accepting 'full' as well), it got inadvertently broken by
   changes in the core code. If rodata=on is the default and rodata=off
   is passed on the kernel command line, rodata_full is never disabled.
 
 - Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
   explicit conversion to u32 (triggered by the AMPERE1 MIDR definition).
 
 - Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
   struct pt_regs type causing the BPF verifier to refuse to load a
   tracing program which accesses pt_regs.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmNu1ZQACgkQa9axLQDI
 XvHdaQ/+NmdLFZuAbajhpV3NTmiC6oJmPZ9oGKxtBRGoHmH6WxoyB1X3Dj9ZMGBc
 qZ1mUohHHwf+xWtX85aPUx4aJKImFuqSOU4MF5gectzXFEr4jR2nx5CYBaRmG+0d
 axAUHIID4xWozid79KFUR46myG9GhTv8EGMlrY9VKY2GsFSD/EtNTQZhq+ISc05N
 SQAkHN3iiIJhitgTtxxA2jQ8sEOvq41N4VRj4trNUnAp5Gis4nnl9KGpcayN/60z
 8/9IGwcaLpnQnlf74E74y53Tfq8ZHSpiNcl3J5Mk1eMNrbkFePakyH/OtpHHYiZ0
 /Y1cqUqvK2oZODE1Ro4mBMFLq3+lFMedla5S0jZtjApYnJ8MmUqFQwvJHIn0K02h
 oH1OstQtYLUINTF3k1+TaYnmFjenx1eOJ/tdLjkcgI9WFbAYcqu1Z4bcO0HR0fqj
 7d7HKCElHg+KIQBTfDtLvO1lNRvdpZYWe5uN3ItzPpYqrah4haHPJXPxcxVChkMv
 A445kWMX5pV7CTNzlkrGgWjWkF8EwJ+lgr/xASrpHPxW80cZ7b+eg2lFkU0fptsz
 FoHdUduGDB91hHo/k0Adx2gaS37SNOcBczr/1xFcId1ZpcxWwuBM1JeEDz1ccRDR
 P9qKykOn6sQ8ykQGDIlyY9Hgaz8KgihT2VDixRyY0NNGq0XO4LM=
 =W6FH
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Another fix for rodata=full. Since rodata= is not a simple boolean on
   arm64 (accepting 'full' as well), it got inadvertently broken by
   changes in the core code. If rodata=on is the default and rodata=off
   is passed on the kernel command line, rodata_full is never disabled

 - Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
   explicit conversion to u32 (triggered by the AMPERE1 MIDR definition)

 - Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
   struct pt_regs type causing the BPF verifier to refuse to load a
   tracing program which accesses pt_regs

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
  arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
  arm64: fix rodata=full again
2022-11-11 17:10:13 -08:00
Niklas Cassel e20e81a24a ata: libata-core: do not issue non-internal commands once EH is pending
While the ATA specification states that a device should return command
aborted for all commands queued after the device has entered error state,
since ATA only keeps the sense data for the latest command (in non-NCQ
case), we really don't want to send block layer commands to the device
after it has entered error state. (Only ATA EH commands should be sent,
to read the sense data etc.)

Currently, scsi_queue_rq() will check if scsi_host_in_recovery()
(state is SHOST_RECOVERY), and if so, it will _not_ issue a command via:
scsi_dispatch_cmd() -> host->hostt->queuecommand() (ata_scsi_queuecmd())
-> __ata_scsi_queuecmd() -> ata_scsi_translate() -> ata_qc_issue()

Before commit e494f6a728 ("[SCSI] improved eh timeout handler"),
when receiving a TFES error IRQ, the call chain looked like this:
ahci_error_intr() -> ata_port_abort() -> ata_do_link_abort() ->
ata_qc_complete() -> ata_qc_schedule_eh() -> blk_abort_request() ->
blk_rq_timed_out() -> q->rq_timed_out_fn() (scsi_times_out()) ->
scsi_eh_scmd_add() -> scsi_host_set_state(shost, SHOST_RECOVERY)

Which meant that as soon as an error IRQ was serviced, SHOST_RECOVERY
would be set.

However, after commit e494f6a728 ("[SCSI] improved eh timeout handler"),
scsi_times_out() will instead call scsi_abort_command() which will queue
delayed work, and the worker function scmd_eh_abort_handler() will call
scsi_eh_scmd_add(), which calls scsi_host_set_state(shost, SHOST_RECOVERY).

So now, after the TFES error IRQ has been serviced, we need to wait for
the SCSI workqueue to run its work before SHOST_RECOVERY gets set.

It is worth noting that, even before commit e494f6a728 ("[SCSI] improved
eh timeout handler"), we could receive an error IRQ from the time when
scsi_queue_rq() checks scsi_host_in_recovery(), to the time when
ata_scsi_queuecmd() is actually called.

In order to handle both the delayed setting of SHOST_RECOVERY and the
window where we can receive an error IRQ, add a check against
ATA_PFLAG_EH_PENDING (which gets set when servicing the error IRQ),
inside ata_scsi_queuecmd() itself, while holding the ap->lock.
(Since the ap->lock is held while servicing IRQs.)

Fixes: e494f6a728 ("[SCSI] improved eh timeout handler")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-12 07:51:06 +09:00
Linus Torvalds b0b6e2c9d3 block-6.1-2022-11-11
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmNuaacQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpiHOD/wMxAiJcZfhTUakXuJnOOdNqgOzIkTOw1u9
 BHS23p8FwwaESevpTOEiGHh9DVRGBzDJknwsAf/YoHV5CA3BvhlW8I2zHp8ybzWD
 Mq9LLK/waifYo0/5eWdEG2b4cH1kXeK9n377RWi+LstL+C7X/+0w6Q0wBTV5SxNF
 mWHfhnomtTz1A0qcxgSkyIuJOoUQ5iH9LZvoOze+kIiJf0S7C2/oKfBKuXO8iPxI
 wt76qMlb1+uNTuTLVHpZDbF11df7wYSrTZIfYBH5hYZ5KefM3cHUSgedoBbOb3Gy
 2TdctzWyjxBhUKeeZxkWgV3kJ3ha0hQ5lRxvy8R9uYs8NMxfhe2lfoyJmU1NtEvm
 xNIs1sRRYQ8BpnVOdwPRPVqmpGCauGj9I7W8KEOEzvGdUFN1TIpEucIfRL3mg88w
 8/4JCDi10PNRpyc1G1bb/vqXF11iX2YI8Fr9M+R9oW8V28qdMFBob5MK+TTCBGDL
 2lQHx0wCZMK3dUiLLv0mqFPcrK9v1mxpBBwpPGkzGf/FvmB00aV1n02Bo8prCD/d
 tY/aghHviDPkpaR0MJ4+MHllloZR+gbcxYfGbpdDUrN8ZVYRMIzi8NrwwPb98zqB
 d6CX8BPevi3/azjORf/I/v7egTSTRhH/JHBw7derANhPd7OSWLQfjhIHDhZoYs/q
 wsuIlnJOyA==
 =lEq0
 -----END PGP SIGNATURE-----

Merge tag 'block-6.1-2022-11-11' of git://git.kernel.dk/linux

Pull block fixes from Jens Axboe:

 - NVMe pull request via Christoph:
        - Quiet user passthrough command errors (Keith Busch)
        - Fix memory leak in nvmet_subsys_attr_model_store_locked
        - Fix a memory leak in nvmet-auth (Sagi Grimberg)

 - Fix a potential NULL point deref in bfq (Yu)

 - Allocate command/response buffers separately for DMA for sed-opal,
   rather than rely on embedded alignment (Serge)

* tag 'block-6.1-2022-11-11' of git://git.kernel.dk/linux:
  nvmet: fix a memory leak
  nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  nvme: quiet user passthrough command errors
  block: sed-opal: kmalloc the cmd/resp buffers
  block, bfq: fix null pointer dereference in bfq_bio_bfqg()
2022-11-11 14:08:30 -08:00
Linus Torvalds 4e6b2b2e4f io_uring-6.1-2022-11-11
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmNuf4IQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgppvMD/9K2kFcAiD85QmRoIgwlIRM604KZ6aGXqk3
 BjTavxfB+3DJcb82FHywBF5DC0sUtrBOTn7+DJpf13lb4L2DZY1lfLkRL7SKHSs5
 o1z+1uLcBtZtGCq5M+yhpxbAzJ2kNWdRe+FutSA6wiz03ATXTwo2qE1MLaw1jxap
 DowK08DUtLNaFNoEGdpW8iub9ql1OVWWZdOaxZmVJkdPWeWMD6Zaqwi/MeyNv0aY
 KbVpYHa2AGxGY6+2krLpL09kqYlW++UvFsofM6RJrHTlLyBdYKvM2Z+Tv9I6w81s
 ZerVl5srC2pVj1K0isO7A25GTVIVzI9im/GCzStNTasFtlzW85CwLEcDS8T679bY
 I0P+Wl3ZoLJztChrcSufiAaOfJIichML7H3h/iEkSE51+9cBr42fqJO64dc+s/Bi
 OGmaFowYgJgOClzpAJ2upd2aNu4sLiR2DUb3qdHDpcio9bfpIme1Do1yB94kRR//
 yIFrs47PW+JumE90iKJPnDRHWrl3dVUK27MqkAWSBuvOkBjKxLBSVHIARs1lGWy1
 25y4atEMaEYnvjC3ATwM0WX0LY+5jCVqOXyfMPAMmEZ7WDbER7FfGxnnmw/pwka7
 D4CiSWn5H2Jp9Lq7HiblgYucXXNCPYgSx9JiXnY/KBpARaKUIXuTOq2PuJ/FW4UG
 dsJap0W2rw==
 =s8Z1
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux

Pull io_uring fixes from Jens Axboe:
 "Nothing major, just a few minor tweaks:

   - Tweak for the TCP zero-copy io_uring self test (Pavel)

   - Rather than use our internal cached value of number of CQ events
     available, use what the user can see (Dylan)

   - Fix a typo in a comment, added in this release (me)

   - Don't allow wrapping while adding provided buffers (me)

   - Fix a double poll race, and add a lockdep assertion for it too
     (Pavel)"

* tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux:
  io_uring/poll: lockdep annote io_poll_req_insert_locked
  io_uring/poll: fix double poll req->flags races
  io_uring: check for rollover of buffer ID when providing buffers
  io_uring: calculate CQEs from the user visible value
  io_uring: fix typo in io_uring.h comment
  selftests/net: don't tests batched TCP io_uring zc
2022-11-11 14:02:44 -08:00
Linus Torvalds f5020a08b2 s390 updates for 6.1-rc5
- fix memcpy warning about field-spanning write in zcrypt driver.
 
 - minor updates to defconfigs.
 
 - Remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
   addon config file. It significantly decreases compile time and allows
   quickly enabling that option into the current kernel config.
 
 - Add kasan.config addon config file which allows to easily enable
   KASAN into the current kernel config.
 
 - binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
   relocs on misaligned symbols") caused several link errors.
   Always build relocatable kernel to avoid this problem.
 
 - Raise the minimum clang version to 15.0.0 to avoid silent generation
   of a corrupted code.
 -----BEGIN PGP SIGNATURE-----
 
 iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCY2566RccYWdvcmRlZXZA
 bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8M0nAQDRrcyOb3BILKYNlYkb9H8Cw/0x
 TMl/zEqcjD14XBGXXAD+L6M9nNuWd8GKLYzE7AxEeQ80kAQLqUPGGxhjc09hqAI=
 =gkiM
 -----END PGP SIGNATURE-----

Merge tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Alexander Gordeev:

 - fix memcpy warning about field-spanning write in zcrypt driver

 - minor updates to defconfigs

 - remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
   addon config file. It significantly decreases compile time and allows
   quickly enabling that option into the current kernel config

 - add kasan.config addon config file which allows to easily enable
   KASAN into the current kernel config

 - binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
   relocs on misaligned symbols") caused several link errors. Always
   build relocatable kernel to avoid this problem

 - raise the minimum clang version to 15.0.0 to avoid silent generation
   of a corrupted code

* tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  scripts/min-tool-version.sh: raise minimum clang version to 15.0.0 for s390
  s390: always build relocatable kernel
  s390/configs: add kasan.config addon config file
  s390/configs: move CONFIG_DEBUG_INFO_BTF into btf.config addon config
  s390: update defconfigs
  s390/zcrypt: fix warning about field-spanning write
2022-11-11 11:49:20 -08:00
Linus Torvalds df65494ffb kernel hardening fix for v6.1-rc5
- Fix !SMP placement of '.data..decrypted' section (Nathan Chancellor)
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmNulf0WHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJgwiEACzB6Fkfie23zwzgSNOOGKa4El6
 nGbkPFLrMgXDkndiLso6b4ZfNHJz6HplG3l2x1b/GVIWw81d7SH33nqCDqTISeTH
 1B1/mHtwsQH4oPbu2VX5IpRfAF9kHl3FpraYFUgBD3/uOXaSzsHHa3iogrWUsch4
 Q384VIGe9gzB7Lp44K0ZkS3bgaOjsmewYBpg2Nd5TPVSGuMp/zKDeOlDCZSkUPMJ
 za83iuuKfaIs8tsQiUZvYR5oZ4pU3gxe0SrwJGQ291TTlXBrRxH03gAjdbkdqkyw
 68Gg42BnItVKbGvl83slIVyqONStuxKdhWc74milebsecBKHzg8FKZPfaWBgA1ZR
 02aVpu4ibSgaOvKiq88WF6zqWG4kmaP4tgY5csvY8r4gM+JfBjqg+R5vEhieC7Li
 pTkhfQ5llsLwinWjrpKE5eK6BA/mxls92zLHeh2ZrCVXCC12cbUs12qurVjaHgO3
 5bbPStekBz+vQEvophOlQLFkQE1dIgJuQe0t5GtKGtF9p2bydSzhQXYWI2GhJj4+
 t5zLMkghL/1iZW+NDCu80crGMLUiTg5Vm/QXEkOAzBj54OY/RRJ2GwdBMQHNwtwB
 a+r9IoxDVv6FE3g3kP+pic+Xl3yJ2XAXROd7R+PuAnwFANDzVXvHM7T1K5ZsBTxN
 IY8blJJIOXFbU6LXEA==
 =faOj
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull kernel hardening fix from Kees Cook:

 - Fix !SMP placement of '.data..decrypted' section (Nathan Chancellor)

* tag 'hardening-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  vmlinux.lds.h: Fix placement of '.data..decrypted' section
2022-11-11 11:41:02 -08:00
Linus Torvalds f9bbe0c99e Fixes:
- Fix an export leak
 - Fix a potential tracepoint crash
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmNuZA4ACgkQM2qzM29m
 f5fqphAAsxlP4niwGd9AQsQnHGymyutwCHetj0YIyYIyCP7alHVf69h4oEe4kp5H
 Xg9H996MySXEaHbjnvHQ4VtUmaQBvpLeSXpA5ChnOeU9V8WbvSBGxEYGWojQqO8k
 qk9wG2hNzAixh91IhICtnTEaIWwM1S6R/A8ytm2vz/PtWXzHcTtLKSZ30jayBXog
 svumLaD9PSMdhspVRsTFVRjbEReaQqcB588YPKylfv68DNfGRWAU+EhE0TJXkfoW
 32STWIxiSHPj9wv3xtWgel01L3IkhLlWiSALcN1m6Lk/5U5/NWF+LTNcBdrQU1rl
 /mMYwfz/pruie5w0TRAepdBq1tniY1RVtFr/h59uihdM844uL7xYtkpKgPvHQGeQ
 e8YroIhGFl5kJ93S9EtJLiJ768d71SFXymXa3YK5SW1YzaMBrDhpr6zWkmDIe4Fv
 Z5MFY3AENvsvADQKzPZqJXJLU+3Y81oVQknrUAJIkDxHMWO9a/Bxyv7u1Wk0jk+N
 A5nRiYfl0tL1ByRjhp60uKCYeE8XcTnrkwqCtLgDyKPt9Uu42MhSLtny8fF/1Aoh
 dmMh/XkaVAEE8PEDoS1q/UEspSe/22MBu9Qkum1eekBIRpSj+y6ydE+/X1aYD4Du
 dTaMewtlqloUWtw6At5VHz5wKgTLZfBLE0aNOPkY2+krHQ7gRwU=
 =QAjx
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

Pull nfsd fixes from Chuck Lever:

 - Fix an export leak

 - Fix a potential tracepoint crash

* tag 'nfsd-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
  nfsd: put the export reference in nfsd4_verify_deleg_dentry
  nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
2022-11-11 11:28:26 -08:00
Linus Torvalds e2559b7912 \n
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAmNuXpMACgkQnJ2qBz9k
 QNl5Vwf/b33TuakZY+m8IwUpYeZDKmFEmo/zxWV8QApx4Mi5R3tOZghjox1GEa6K
 cmSCe8aQ830iYfuJN2Hy+bliRt0gQDZfzTS8HmJfdDmRHfp7RA8IepEKz+NjeHhI
 xgX0KuTvrK3pcHfK0eALHGcSJPm4Q4MEUGGgTn7PU8fix1oJR/TRUIQqYO5aJEqS
 rSoLGjlsr6a2k/RGDGSy2yRH3dw2wXE7nwL6Ria+N6vYa3bX/RjSAPG8whaSxyog
 xzPYY5ZLROW51zYEkF0gRcqfDLn3poYh8AocMqlRhJaKKtst7B4GO2+Mm03j8rlk
 XiJQrNo4lLfNLozRvWQwxzRNvrEYSg==
 =5xuL
 -----END PGP SIGNATURE-----

Merge tag 'fixes_for_v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

Pull UDF fix from Jan Kara:
 "Fix a possible memory corruption with UDF"

* tag 'fixes_for_v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
2022-11-11 11:25:27 -08:00
Linus Torvalds eb037f16f7 perf tools fixes for v6.1: 2nd batch
- Fix 'perf stat' crash with --per-node --metric-only in CSV mode, due
   to the AGGR_NODE slot in the 'aggr_header_csv' array not being set.
 
 - Fix printing prefix in CSV output of 'perf stat' metrics in interval
   mode (-I), where an extra separator was being added to the start of
   some lines.
 
 - Fix skipping branch stack sampling 'perf test' entry, that was using
   both --branch-any and --branch-filter, which can't be used together.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCY20xXwAKCRCyPKLppCJ+
 J9bEAP4w0TRqn0f+ZGmw/7dxiNfwWqYGapP+2T4ZyYQ0UfexRAEAuqV8LwBh2+7j
 f6fZ0krLN7roRY4+VEsOUJCjppz4XwM=
 =ATWj
 -----END PGP SIGNATURE-----

Merge tag 'perf-tools-fixes-for-v6.1-2-2022-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix 'perf stat' crash with --per-node --metric-only in CSV mode, due
   to the AGGR_NODE slot in the 'aggr_header_csv' array not being set.

 - Fix printing prefix in CSV output of 'perf stat' metrics in interval
   mode (-I), where an extra separator was being added to the start of
   some lines.

 - Fix skipping branch stack sampling 'perf test' entry, that was using
   both --branch-any and --branch-filter, which can't be used together.

* tag 'perf-tools-fixes-for-v6.1-2-2022-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf tools: Add the include/perf/ directory to .gitignore
  perf test: Fix skipping branch stack sampling test
  perf stat: Fix printing os->prefix in CSV metrics output
  perf stat: Fix crash with --per-node --metric-only in CSV mode
2022-11-11 09:45:30 -08:00
Linus Torvalds 991f173cd2 RISC-V Fixes for 6.1-rc5
* A fix to add the missing PWM LEDs into the  SiFive HiFive Unleashed
   device tree.
 * A fix to fully clear a task's registers on creation, as they end up in
   userspace and thus leak kernel memory.
 * A pair of VDSO-related build fixes that manifest on recent LLVM-based
   toolchains.
 * A fix to our early init to ensure the DT is adequately processed
   before reserved memory nodes are processed.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmNuex4THHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiUm5D/94ElBfEEH1Si2qwzfk5Vwxap0Jsjwj
 BA7GHito1P22P4yHlvXnMyPvjnl3f0/Cc7Q6O5+J8HvnR9FWeu97s84oBJU/Thkt
 D9pd68nknY/HPZ1P5eb4gzBUwo2D6WWn4ISk2uoa8XAJ9EKfhylnYbn32rzyRerj
 p8HFT1lP71mryLCr0FsxEOdqtBl7+41/Htd/jxEA+lwJtHJ3F3Yk+TnaeCzebGjT
 kg5vwTzNwgkl7o4rlLsBv3d/Oz8kvLZh7V9qsZ9Ta//ZNpCGw0PMOwzxCKSYS6C0
 ZK342BRThsqxAjc2y1QtKOzFBPzEECzbgSSixFiEVXY4qpDY4ZlojXEOxRLevMjl
 KpLJL4e3wXpfyknZXLeIPIh0tFzHnuWrgliBVwa5CO4hYXhxWRY+qzh6LTqypx/W
 ewvuQ1auxmFFB6U6RHEXWuUv5mtzymXVT8lcHltpGcpGvxcbvnSw9SYtXTM6Sz5d
 DzEtEpgCZTx9MEp981FJ+uMYs4mGtURRDqqKZzeLOiBmXe8r7wfqnTIyosW1/f8V
 aXYJB90yMX5QvVJPKJHocphaKbNl75ywF8z0JSdnilO8CKJMJ6elJ9KleiJGJGFc
 zFWyFVPt18Eg+w+r4vMGmH2tz+hlaaZ+sOOGFExeM7KRU18WhP4MMVLgJiaLtoul
 UUX63X1wx7S2JA==
 =EHH7
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - A fix to add the missing PWM LEDs into the SiFive HiFive Unleashed
   device tree.

 - A fix to fully clear a task's registers on creation, as they end up
   in userspace and thus leak kernel memory.

 - A pair of VDSO-related build fixes that manifest on recent LLVM-based
   toolchains.

 - A fix to our early init to ensure the DT is adequately processed
   before reserved memory nodes are processed.

* tag 'riscv-for-linus-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  RISC-V: vdso: Do not add missing symbols to version section in linker script
  riscv: fix reserved memory setup
  riscv: vdso: fix build with llvm
  riscv: process: fix kernel info leakage
  riscv: dts: sifive unleashed: Add PWM controlled LEDs
2022-11-11 09:40:19 -08:00
Linus Torvalds 74bd160fd5 s390:
* PCI fix
 
 * PV clock fix
 
 x86:
 
 * Fix clash between PMU MSRs and other MSRs
 
 * Prepare SVM assembly trampoline for 6.2 retbleed mitigation
   and for...
 
 * ... tightening IBRS restore on vmexit, moving it before
   the first RET or indirect branch
 
 * Fix log level for VMSA dump
 
 * Block all page faults during kvm_zap_gfn_range()
 
 Tools:
 
 * kvm_stat: fix incorrect detection of debugfs
 
 * kvm_stat: update vmexit definitions
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNuVegUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOcvgf/aiIi5tyqvIHArlOxyltF8myCmebM
 vEDcyn9d+NNvApzRwIJNHfC8KBMgD2LYxVUuVtbor4A0pFl5P3ut7eypPbA8Veul
 yX4wNdG5dE4JHzaDOUiG3NSUSRTJVO0TyKSCFlndmNnSrPBjGWTwkKurHtL+XO3B
 AcqejhzDWiVZnnO90k7HcBTlVWZ8N1onupaA6zapIl8S3TdDIRi2qs63SnxUzDMf
 cHak8RB7gQgebGIAQ6WPDJAgOyT+OnF8PPUeBjLVqaFmK4JBCoL6A2+qOnzljt+s
 cajfJjFZYna4mNH5WuiXGmU5aKNwAn3+z0f4/3Jxl5ib+BcZ9gPuZeayLQ==
 =jqwO
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm
 "This is a pretty large diffstat for this time of the release. The main
  culprit is a reorganization of the AMD assembly trampoline, allowing
  percpu variables to be accessed early.

  This is needed for the return stack depth tracking retbleed mitigation
  that will be in 6.2, but it also makes it possible to tighten the IBRS
  restore on vmexit. The latter change is a long tail of the
  spectrev2/retbleed patches (the corresponding Intel change was simpler
  and went in already last June), which is why I am including it right
  now instead of sharing a topic branch with tip.

  Being assembly and being rich in comments makes the line count balloon
  a bit, but I am pretty confident in the change (famous last words)
  because the reorganization actually makes everything simpler and more
  understandable than before. It has also had external review and has
  been tested on the aforementioned 6.2 changes, which explode quite
  brutally without the fix.

  Apart from this, things are pretty normal.

  s390:

   - PCI fix

   - PV clock fix

  x86:

   - Fix clash between PMU MSRs and other MSRs

   - Prepare SVM assembly trampoline for 6.2 retbleed mitigation and
     for...

   - ... tightening IBRS restore on vmexit, moving it before the first
     RET or indirect branch

   - Fix log level for VMSA dump

   - Block all page faults during kvm_zap_gfn_range()

  Tools:

   - kvm_stat: fix incorrect detection of debugfs

   - kvm_stat: update vmexit definitions"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range()
  KVM: x86/pmu: Limit the maximum number of supported AMD GP counters
  KVM: x86/pmu: Limit the maximum number of supported Intel GP counters
  KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet
  KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level
  tools/kvm_stat: update exit reasons for vmx/svm/aarch64/userspace
  tools/kvm_stat: fix incorrect detection of debugfs
  x86, KVM: remove unnecessary argument to x86_virt_spec_ctrl and callers
  KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly
  KVM: SVM: restore host save area from assembly
  KVM: SVM: move guest vmsave/vmload back to assembly
  KVM: SVM: do not allocate struct svm_cpu_data dynamically
  KVM: SVM: remove dead field from struct svm_cpu_data
  KVM: SVM: remove unused field from struct vcpu_svm
  KVM: SVM: retrieve VMCB from assembly
  KVM: SVM: adjust register allocation for __svm_vcpu_run()
  KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm
  KVM: x86: use a separate asm-offsets.c file
  KVM: s390: pci: Fix allocation size of aift kzdev elements
  KVM: s390: pv: don't allow userspace to set the clock under PV
2022-11-11 09:32:57 -08:00
Linus Torvalds 5be07b3fb5 hyperv-fixes for v6.1-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEIbPD0id6easf0xsudhRwX5BBoF4FAmNtZ+UTHHdlaS5saXVA
 a2VybmVsLm9yZwAKCRB2FHBfkEGgXm67B/9qQtQbqYHoV6bJKqiAHgh3ZcS/V7sn
 iYc5egO84YZSTtkbLKeCixYD7i8Ltz+GzC7XgOwkvYKUkjOcs9keomKxhUnGl6jf
 Z7N66r8zBkR5LlkmmqTSMz90EDGz+WYj/4DaIcna70rSYp9aS4qbXr7AEv8CjGGl
 VZzt95L0nDx6VWdiP8NoQyqMwFXwgy2L2D4x4bDVlG7zihwl6f7VBvt4MYrunpjo
 P25ppR+yigAzhtO6LD19jq4MPSqQ2kyv/m5QR1mQvCqELc5ehn3OY70V5vWV7o4e
 y/qtngfowKeP0TynkWp3aScKwDbD5zSMvDf5obMPSvgbJpfXRi4dM0uA
 =SaCF
 -----END PGP SIGNATURE-----

Merge tag 'hyperv-fixes-signed-20221110' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux

Pull hyperv fixes from Wei Liu:

 - Fix TSC MSR write for root partition (Anirudh Rayabharam)

 - Fix definition of vector in pci-hyperv driver (Dexuan Cui)

 - A few other misc patches

* tag 'hyperv-fixes-signed-20221110' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
  PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
  MAINTAINERS: remove sthemmin
  x86/hyperv: fix invalid writes to MSRs during root partition kexec
  clocksource/drivers/hyperv: add data structure for reference TSC MSR
  Drivers: hv: fix repeated words in comments
  x86/hyperv: Remove BUG_ON() for kmap_local_page()
2022-11-11 09:24:03 -08:00
Linus Torvalds 91c77a6ec4 dmaengine fixes for v6.1
Driver fixes for:
  - Pile of at_hdmac driver rework which fixes many long standing issues
    for this driver.
  - couple of stm32 driver fixes for clearing structure and race fix
  - idxd fixes for RO device state and batch size
  - ti driver mem leak fix
  - apple fix for grabbing channels in xlate
  - resource leak fix in mv xor
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmNt7eYACgkQfBQHDyUj
 g0dx3A/+NiVgApGZO1nvRCOFeBXSggZIzPYSDqS/ZqaYai63MoIB/em6CR36cYNm
 xztCv/5MfpH8xcztoDBA4TwxcKzHo6/QxvHli3T+gMa0Imz/JSr8wxz2wfMnJStL
 dcdCTQTRtUhdh8rlxAcGD4gWdhoZTrVoNSGQK3MgQC7GrcCET5K6hZB8JWOg9nd+
 gxpZu5a4DirWAWW/MFdtfhfHjff4SDhLpRi+kWknA8UHQb9jlsidqvVjRQNWAy4u
 QGhM4dxXsO+vSFxHcRZoxQjMQHoJ9v65Jh6cvADDpwa3/BbKFnljpCDA775hK2aL
 SLqdUXtV9KeGpMVs6D8tradc2MqFgs+UfbNApZM+NY7UPpV0fQZh4wF8SQcS3lAq
 1SIz5myxp1XLuac+TFR/nSlisdtEB/eVFcJKibJpc+RrEBZKIG0XzcBjTI1TrFz5
 7p//84SE2EKd7MGKVUGZ1gWRG46VYGTsvQQpZ1YDaXdd9JKBl6jzgAPEoLIPEUC/
 Pg60TIDXzM0pNtQUDIp6g4LPf6Q88poL8WxejsN2OS0Kxy+isYsY6S8GZIQB39Tw
 9Q0JuN0AkQv+wSx5GGbVEaosZhoR/Vk8DJiq22H9joTUSVjrMGFlT+/Kw3X+H6gF
 Pi3GcqIJeUbN+UPOMekR+UXS1U36/cB1Dh/ksLyEt3vAbm3U2NQ=
 =UR0f
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine

Pull dmaengine fixes from Vinod Koul:
 "Misc minor driver fixes and a big pile of at_hdmac driver fixes. More
  work on this driver is done and sitting in next:

   - Pile of at_hdmac driver rework which fixes many long standing
     issues for this driver.

   - couple of stm32 driver fixes for clearing structure and race fix

   - idxd fixes for RO device state and batch size

   - ti driver mem leak fix

   - apple fix for grabbing channels in xlate

   - resource leak fix in mv xor"

* tag 'dmaengine-fix-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: (24 commits)
  dmaengine: at_hdmac: Check return code of dma_async_device_register
  dmaengine: at_hdmac: Fix impossible condition
  dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
  dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
  dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
  dmaengine: at_hdmac: Fix concurrency over the active list
  dmaengine: at_hdmac: Free the memset buf without holding the chan lock
  dmaengine: at_hdmac: Fix concurrency over descriptor
  dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
  dmaengine: at_hdmac: Protect atchan->status with the channel lock
  dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
  dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
  dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
  dmaengine: at_hdmac: Don't start transactions at tx_submit level
  dmaengine: at_hdmac: Fix at_lli struct definition
  dmaengine: stm32-dma: fix potential race between pause and resume
  dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
  dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
  dmaengine: apple-admac: Fix grabbing of channels in of_xlate
  dmaengine: idxd: fix RO device state error after been disabled/reset
  ...
2022-11-11 09:19:05 -08:00
Linus Torvalds a83e18ccc4 spi: Fixes for v6.1
A relatively large batch of fixes here but all device specific, plus an
 update to MAINTAINERS.  The summary print change to the STM32 driver is
 fixing an issue where the driver could easily end up spamming the logs
 with something that should be a debug message.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmNuPWkACgkQJNaLcl1U
 h9BZJQf/Rj3kjTdwjccp+QXTrXQZVMjkXYUuLHbUokO2Mzy+U3mNCkJuvLJjAvSw
 kqFBbJNYIm1jItRoqOkwlnNb0hw+QZAzBivi4DLPZJUwEeT6LxQdlYvepy6bEjCW
 XJpTMFxDDaWkFUftl+tLZFN2VxHaVHEVTJ5aMu2ija0mjG1M5vrYtgVemyJ+v2/o
 0nhXgnRe7Fq2+MqJazVzYs6ZxCvpIiU18a4WLD5BPGTIZhdfE0UXG+QGqWV4toHI
 uZWnV+NWEKNzMGS/QdcHZYQHWlcQBR/g5kPFQFCl2D+aK9CmakHc6Bk99H6tRdLn
 xYHjHafs6BwCG3eBfE/hxD8rsfTNmw==
 =UfdB
 -----END PGP SIGNATURE-----

Merge tag 'spi-fix-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

Pull spi fixes from Mark Brown:
 "A relatively large batch of fixes here but all device specific, plus
  an update to MAINTAINERS.

  The summary print change to the STM32 driver is fixing an issue where
  the driver could easily end up spamming the logs with something that
  should be a debug message"

* tag 'spi-fix-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: amd: Fix SPI_SPD7 value
  spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
  spi: meson-spicc: fix do_div build error on non-arm64
  spi: intel: Use correct mask for flash and protected regions
  spi: mediatek: Fix package division error
  spi: tegra210-quad: Don't initialise DMA if not supported
  MAINTAINERS: Update HiSilicon SFC Driver maintainer
  spi: meson-spicc: move wait completion in driver to take bursts delay in account
  spi: stm32: Print summary 'callbacks suppressed' message
2022-11-11 09:13:52 -08:00
Linus Torvalds 7c42d6f5e6 MMC host:
- cqhci: Provide helper for resetting both SDHCI and CQHCI
  - sdhci_am654: Fix reset for CQHCI
  - sdhci-brcmstb: Fix reset for CQHCI
  - sdhci-esdhc-imx: Fix reset for CQHCI
  - sdhci-esdhc-imx: Fixup support for MMC_CAP_8_BIT_DATA
  - sdhci-of-arasan: Fix reset for CQHCI
  - sdhci-tegra: Fix reset for CQHCI
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmNuPrUXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjClzKg//c6R96FHYGm087zGLMvx4MRlY
 jdtyQoaEIK7ABzgZ2W1wlW3ZrSRs9PnTUf4bcPA48G12KQMr2LG+9iE3bwAq+wL6
 NHPAMiazVk3qO3nuAMHZq67F9CPJ1teK/RGxpKAu3GIA21mTMdFMsjcrCyLg8ZLd
 KTzsPmogKX3N6gIcskHlVzMp13UQS/twbxvYDYMUEN8Krj5sAp1xqUtmdbn8GP+I
 6nLXM+Faq9eR6JozuOfCvQvoiuWcLlr2fTIzyYXw6FtcGnrsn+weq+Gd/NxMCMVD
 mcdDkWT6ZMSqnoP0VjqNPJdqBypsiH1wNUnZcWDf4j2RVWj7eXqnL5XPYZrpwOG5
 v2lHOsAUUBN3a2coSolf48yAkEUczx+04wtWYQjjEtmCiZvR6CJEAzbM+ZaWIVW8
 HcE7V6vu7IJA/enG2w0WU0lAf+EjGbjAEJO06ffCBw5cbzP+wntMTD+blu2f1SwR
 D2Nd/KYB7hLmCHWjRHdJ6Mvn4EpH64lLK8Pf3aNN/IRCTlgqqY3O7Qarf+9BUdo/
 6fDlwtTL15hTzp7F+kEKUfP95ShK7J4aAY95OQlWlxo0TSOLgwSo5iQP0Iy7vzEU
 ABS4q7ZmWjm44HNv9sodfe/rhYEJyR2U59F+IePHAaLactc2Ka+X14emkyTPHosz
 HLZ7CqmK0PxfBP27VTk=
 =2lk8
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:

 - Provide helper for resetting both SDHCI and CQHCI

 - Fix reset for CQHCI (am654, brcmstb, esdhc-imx, of-arasan, tegra)

 - Fixup support for MMC_CAP_8_BIT_DATA (esdhc-imx)

* tag 'mmc-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
  mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
  mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
  mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
  mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
  mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
  mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
2022-11-11 09:09:04 -08:00
Linus Torvalds 9c730fe104 for-linus-2022111101
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIVAwUAY24cL6Zi849r7WBJAQJ7wg//V0W+bJDu27oJWM5L3eOXx0MEcyxewdX0
 +kNCidfxWXVKDSXwXOm3e6rMX0Co+HN20MeZwAnjq6STVVG0btVhA3jAtl63/lT0
 uXwxNlmb5SyyffNu4IT8pBzNT0Nub6Hd2+ABlekPpTRtZTvEAIMmVN7D0RVw9CX/
 4a7uSZQQNbnjPsVZSS7zBN6dYsKu+iNlTlXs45Q+S/hwhCRRZzeRRd16UNZ4Ra0z
 hAcs0pa5mm6gGkvENh9nKUruaKpvutHc3Tses1MlwTwx0qcsLjKlder53ns8f7zJ
 Pn8BzIHYVUEnveSpA8P78iSQEzNj9w2vIk0cSjAFiNlvnNxiwUZnJ/GeGadERKq9
 mC6ogTjgKJNehLhmCWiAG4qeKYFdmEpSrGvIBjOvfonxra/WV26ZvnojjBKMZTcS
 Sh1+Sbj88K/C4kbPkzG4EjsMrZ4+9kLsxdbUR5hdTZMJzoa6qDxZ5BZNitB4vw94
 PULjS/d3GLZxLEfCpM9freGGjm57/tAu1zKtu/jQOe4+hSv1jxjl864MTLbtNdHH
 IvN9cbj9FYonRYnJS7PnU/EqqHKxf1ITU0TDoO9Yc1cmCsvxdZMia4RuuPmpAuuT
 oxp7IPKud9JCIIod3zIu0KztklB2yRml25Hx5K64pzdg6kL2Z4pI4w12NU0NX7/q
 rKmXWW0hD88=
 =YMm0
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-2022111101' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid

Pull HID fixes from Jiri Kosina:

 - fix for memory leak (on error path) in Hyper-V driver (Yang
   Yingliang)

 - regression fix for handling 3rd barrel switch emulation in Wacom
   driver (Jason Gerecke)

* tag 'for-linus-2022111101' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: wacom: Fix logic used for 3rd barrel switch emulation
  HID: hyperv: fix possible memory leak in mousevsc_probe()
  HID: asus: Remove unused variable in asus_report_tool_width()
2022-11-11 09:03:19 -08:00
Pavel Begunkov 5576035f15 io_uring/poll: lockdep annote io_poll_req_insert_locked
Add a lockdep annotation in io_poll_req_insert_locked().

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/8115d8e702733754d0aea119e9b5bb63d1eb8b24.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-11-11 09:59:27 -07:00
Pavel Begunkov 30a33669fa io_uring/poll: fix double poll req->flags races
io_poll_double_prepare()            | io_poll_wake()
                                    | poll->head = NULL
smp_load(&poll->head); /* NULL */   |
flags = req->flags;                 |
                                    | req->flags &= ~SINGLE_POLL;
req->flags = flags | DOUBLE_POLL    |

The idea behind io_poll_double_prepare() is to serialise with the
first poll entry by taking the wq lock. However, it's not safe to assume
that io_poll_wake() is not running when we can't grab the lock and so we
may race modifying req->flags.

Skip double poll setup if that happens. It's ok because the first poll
entry will only be removed when it's definitely completing, e.g.
pollfree or oneshot with a valid mask.

Fixes: 49f1c68e04 ("io_uring: optimise submission side poll_refs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7fab2d502f6121a7d7b199fe4d914a43ca9cdfd.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-11-11 09:59:27 -07:00
Linus Torvalds 64b4aef17e sound fixes for 6.1-rc5
Things look calming down, as this contains only a few small fixes.
 
 - Fix for a corner-case bug with SG-buffer page allocation helper
 - A regression fix for Roland USB-audio device probe
 - A potential memory leak fix at the error path
 - Handful quirks and device-specific fixes for HD- and USB-audio
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNt/G8OHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+t/Q//bmvq2YLb1RL0T0wIJQGGi3vuigxzx9J+r4ny
 5fNel816R9JVHnimA7J1GbFIj8l63qiUu/dHMOmNDjqdSZ1KLbu8DpAZu4tL+KKo
 XpmiXuFZlepgPGYY10kQG85EiuHriF7z1yKJ8QoP3ELIqBi/m77+qJ4JUk2XlPoT
 4o4FCit9UQwd4xJ4EmUw3N6bPUumb6Uw0as8Qdfrw5P14VB5ev882eW7iQaeMxhd
 S35IdXdqLGHVdPJXq38Wx8cvEyCFhS2SsG0QT5kul1Zg0ld5HSaN3V7rg0uKYcLQ
 +2JfW5wcZwmcYTLpvfdMF/HNWN8RbEoexCUIlWsd7xzlFpB8Z6/EOPGxy2tXIwVb
 rsElYlb9yeKTnyvTe2hRfHIWZH6s6eYqncv+/gpzxIwVBJ9Is8sMm7upxxki5bky
 QPwnjWU3iiyJ7sjA+kU25aTdjdHQawz2ds0GILkoi5EnfcAj1fz4FJ+3l4C+Epsf
 SL+OhcWxDeTggpK3p4lbJIIRY4k38VYXRXjE4gaYn7wdLlXS3SMQgFa6lU6uU286
 m4OU/6clOctbBtkX41bicZcG7RzLyb/ns8W0hIhxaJA/QQP/7Jg03PebYe0fyQhu
 wfMoeqnTHJaRfAOo8K7sEdmffHEJMifUzwNn7NoSxVsvPLWx/HvivdMx0hzGUgai
 eTqQcEg=
 =vmwO
 -----END PGP SIGNATURE-----

Merge tag 'sound-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Things look calming down, as this contains only a few small fixes:

   - Fix for a corner-case bug with SG-buffer page allocation helper

   - A regression fix for Roland USB-audio device probe

   - A potential memory leak fix at the error path

   - Handful quirks and device-specific fixes for HD- and USB-audio"

* tag 'sound-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda: fix potential memleak in 'add_widget_node'
  ALSA: memalloc: Don't fall back for SG-buffer with IOMMU
  ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
  ALSA: hda/realtek: Add Positivo C6300 model quirk
  ALSA: usb-audio: Add DSD support for Accuphase DAC-60
  ALSA: usb-audio: Add quirk entry for M-Audio Micro
  ALSA: hda/hdmi - enable runtime pm for more AMD display audio
  ALSA: usb-audio: Remove redundant workaround for Roland quirk
  ALSA: usb-audio: Yet more regression for for the delayed card registration
  ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
  ALSA: hda: clarify comments on SCF changes
  ALSA: arm: pxa: pxa2xx-ac97-lib: fix return value check of platform_get_irq()
  ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41
2022-11-11 08:58:43 -08:00
Linus Torvalds fd979ca691 drm fixes for 6.1-rc5
amdgpu:
 - Fix s/r in amdgpu_vram_mgr_new
 - SMU 13.0.4 update
 - GPUVM TLB race fix
 - DCN 3.1.4 fixes
 - DCN 3.2.x fixes
 - Vega10 fan fix
 - BACO fix for Beige Goby board
 - PSR fix
 - GPU VM PT locking fixes
 
 amdkfd:
 - CRIU fixes
 
 vc4:
 - HDMI fixes to vc4.
 
 panfrost:
 - Make panfrost's uapi header compile with C++.
 - Handle 1 gb boundary correctly in panfrost mmu code.
 
 panel:
 - Add rotation quirks for 2 panels.
 
 rcar-du:
 - DSI Kconfig fix
 
 i915:
 - Fix sg_table handling in map_dma_buf
 - Send PSR update also on invalidate
 - Do not set cache_dirty for DGFX
 - Restore userptr probe_range behaviour
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmNtrMsACgkQDHTzWXnE
 hr5EaRAApbJSzuhittt3I3WJ/w92+oyAmFo+gDuZ+IhXPNJm3QJ9pI92lWjKCi95
 15Y+h6ao+it/6o6f3MbuKlgb+STTNztMDDutLl1W4K0vLCO7HBH/8YEt8JZFjHz0
 l9TWmE/6fnHhLqBqdEtIn14kRaCrn9ALVsyKVhRMf5FIL4TamuTufLmY+SHvlVr7
 bduqzxzlEys6DP0KBhgklRXCdARkPuj8OEoRgyuDcjHELz02Y/XBv2n4VyiUe61f
 cs0iLxkzFm8s3CkZ4FAGhUFzNujQAeGHrdU37vbT0zL7OLLXap5EqSx6Iexm13Wv
 x55/rKarbpSUqxCBYzEMqytxk9OBCDSer7YP/Z/7MgEmcdReW5JDFqTTsL97rpJr
 AMegpz4jDmPSL0xRXlDqEpkCuvuVKOgZUpIacLg4kIdIN6/m+cK3LErWlGHJTlsx
 q4Qt4qB58esZLN66cMlbr1zkk47O+FUzoWiz3OkZmegysmVz9FOFyN6wHR33rkE8
 rmzjl7s0BKbxq34raGMwPtzEzvT9KaDZraHaVsZ11ucMiMAPUJHjIpgEc3hsSMSB
 rPOJUfTv8V+LMosiGEJWTGHXrrX69S01iLqHvwtC2ndLl+ZWpNtQ5lffV+mF4RA4
 fC4rfb+f3vnLEHVCsaRsF11Z5w0q+JgK6pb0PiLcRYAjZR6gtIg=
 =vcrG
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2022-11-11' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Weekly pull request for graphics, mostly amdgpu and i915, with a
  couple of fixes for vc4 and panfrost, panel quirks and a kconfig
  change for rcar-du. Nothing seems to be too strange at this stage.

  amdgpu:
   - Fix s/r in amdgpu_vram_mgr_new
   - SMU 13.0.4 update
   - GPUVM TLB race fix
   - DCN 3.1.4 fixes
   - DCN 3.2.x fixes
   - Vega10 fan fix
   - BACO fix for Beige Goby board
   - PSR fix
   - GPU VM PT locking fixes

  amdkfd:
   - CRIU fixes

  vc4:
   - HDMI fixes to vc4.

  panfrost:
   - Make panfrost's uapi header compile with C++.
   - Handle 1 gb boundary correctly in panfrost mmu code.

  panel:
   - Add rotation quirks for 2 panels.

  rcar-du:
   - DSI Kconfig fix

  i915:
   - Fix sg_table handling in map_dma_buf
   - Send PSR update also on invalidate
   - Do not set cache_dirty for DGFX
   - Restore userptr probe_range behaviour"

* tag 'drm-fixes-2022-11-11' of git://anongit.freedesktop.org/drm/drm: (29 commits)
  drm/amd/display: only fill dirty rectangles when PSR is enabled
  drm/amdgpu: disable BACO on special BEIGE_GOBY card
  drm/amdgpu: Drop eviction lock when allocating PT BO
  drm/amdgpu: Unlock bo_list_mutex after error handling
  Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
  drm/amd/display: Enforce minimum prefetch time for low memclk on DCN32
  drm/amd/display: Fix gpio port mapping issue
  drm/amd/display: Fix reg timeout in enc314_enable_fifo
  drm/amd/display: Fix FCLK deviation and tool compile issues
  drm/amd/display: Zeromem mypipe heap struct before using it
  drm/amd/display: Update SR watermarks for DCN314
  drm/amdgpu: workaround for TLB seq race
  drm/amdkfd: Fix error handling in criu_checkpoint
  drm/amdkfd: Fix error handling in kfd_criu_restore_events
  drm/amd/pm: update SMU IP v13.0.4 msg interface header
  drm: rcar-du: Fix Kconfig dependency between RCAR_DU and RCAR_MIPI_DSI
  drm/panfrost: Split io-pgtable requests properly
  drm/amdgpu: Fix the lpfn checking condition in drm buddy
  drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
  drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
  ...
2022-11-11 08:50:36 -08:00
Sean Christopherson 6d3085e4d8 KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range()
When zapping a GFN range, pass 0 => ALL_ONES for the to-be-invalidated
range to effectively block all page faults while the zap is in-progress.
The invalidation helpers take a host virtual address, whereas zapping a
GFN obviously provides a guest physical address and with the wrong unit
of measurement (frame vs. byte).

Alternatively, KVM could walk all memslots to get the associated HVAs,
but thanks to SMM, that would require multiple lookups.  And practically
speaking, kvm_zap_gfn_range() usage is quite rare and not a hot path,
e.g. MTRR and CR0.CD are almost guaranteed to be done only on vCPU0
during boot, and APICv inhibits are similarly infrequent operations.

Fixes: edb298c663 ("KVM: x86/mmu: bump mmu notifier count in kvm_zap_gfn_range")
Reported-by: Chao Peng <chao.p.peng@linux.intel.com>
Cc: stable@vger.kernel.org
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20221111001841.2412598-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-11 07:19:46 -05:00
Yang Yingliang 1ff3635130 ata: libata-transport: fix error handling in ata_tdev_add()
In ata_tdev_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc3+ #36
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x3a0
lr : device_del+0x44/0x3a0
Call trace:
 device_del+0x48/0x3a0
 attribute_container_class_device_del+0x28/0x40
 transport_remove_classdev+0x60/0x7c
 attribute_container_device_trigger+0x118/0x120
 transport_remove_device+0x20/0x30
 ata_tdev_delete+0x24/0x50 [libata]
 ata_tlink_delete+0x40/0xa0 [libata]
 ata_tport_delete+0x2c/0x60 [libata]
 ata_port_detach+0x148/0x1b0 [libata]
 ata_pci_remove_one+0x50/0x80 [libata]
 ahci_remove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transport_add_device()
in ata_tdev_add(). In the error path, device_del() is called to delete
the device which was added earlier in this function, and ata_tdev_free()
is called to free ata_dev.

Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-11 17:26:05 +09:00
Yang Yingliang cf0816f632 ata: libata-transport: fix error handling in ata_tlink_add()
In ata_tlink_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc3+ #12
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
 device_del+0x48/0x39c
 attribute_container_class_device_del+0x28/0x40
 transport_remove_classdev+0x60/0x7c
 attribute_container_device_trigger+0x118/0x120
 transport_remove_device+0x20/0x30
 ata_tlink_delete+0x88/0xb0 [libata]
 ata_tport_delete+0x2c/0x60 [libata]
 ata_port_detach+0x148/0x1b0 [libata]
 ata_pci_remove_one+0x50/0x80 [libata]
 ahci_remove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transport_add_device()
in ata_tlink_add().

Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-11 17:26:03 +09:00
Yang Yingliang 3613dbe390 ata: libata-transport: fix error handling in ata_tport_add()
In ata_tport_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc3+ #8
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
 device_del+0x48/0x39c
 attribute_container_class_device_del+0x28/0x40
 transport_remove_classdev+0x60/0x7c
 attribute_container_device_trigger+0x118/0x120
 transport_remove_device+0x20/0x30
 ata_tport_delete+0x34/0x60 [libata]
 ata_port_detach+0x148/0x1b0 [libata]
 ata_pci_remove_one+0x50/0x80 [libata]
 ahci_remove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transport_add_device()
in ata_tport_add().

Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-11 17:26:02 +09:00
Yang Yingliang 8c76310740 ata: libata-transport: fix double ata_host_put() in ata_tport_add()
In the error path in ata_tport_add(), when calling put_device(),
ata_tport_release() is called, it will put the refcount of 'ap->host'.

And then ata_host_put() is called again, the refcount is decreased
to 0, ata_host_release() is called, all ports are freed and set to
null.

When unbinding the device after failure, ata_host_stop() is called
to release the resources, it leads a null-ptr-deref(), because all
the ports all freed and null.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G            E      6.1.0-rc3+ #8
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ata_host_stop+0x3c/0x84 [libata]
lr : release_nodes+0x64/0xd0
Call trace:
 ata_host_stop+0x3c/0x84 [libata]
 release_nodes+0x64/0xd0
 devres_release_all+0xbc/0x1b0
 device_unbind_cleanup+0x20/0x70
 really_probe+0x158/0x320
 __driver_probe_device+0x84/0x120
 driver_probe_device+0x44/0x120
 __driver_attach+0xb4/0x220
 bus_for_each_dev+0x78/0xdc
 driver_attach+0x2c/0x40
 bus_add_driver+0x184/0x240
 driver_register+0x80/0x13c
 __pci_register_driver+0x4c/0x60
 ahci_pci_driver_init+0x30/0x1000 [ahci]

Fix this by removing redundant ata_host_put() in the error path.

Fixes: 2623c7a5f2 ("libata: add refcounting to ata_host")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-11 17:26:00 +09:00
Linus Torvalds 4bbf3422df Including fixes from netfilter, wifi, can and bpf.
Current release - new code bugs:
 
  - can: af_can: can_exit(): add missing dev_remove_pack() of canxl_packet
 
 Previous releases - regressions:
 
  - bpf, sockmap: fix the sk->sk_forward_alloc warning
 
  - wifi: mac80211: fix general-protection-fault in
    ieee80211_subif_start_xmit()
 
  - can: af_can: fix NULL pointer dereference in can_rx_register()
 
  - can: dev: fix skb drop check, avoid o-o-b access
 
  - nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
 
 Previous releases - always broken:
 
  - bpf: fix wrong reg type conversion in release_reference()
 
  - gso: fix panic on frag_list with mixed head alloc types
 
  - wifi: brcmfmac: fix buffer overflow in brcmf_fweh_event_worker()
 
  - wifi: mac80211: set TWT Information Frame Disabled bit as 1
 
  - eth: macsec offload related fixes, make sure to clear the keys
    from memory
 
  - tun: fix memory leaks in the use of napi_get_frags
 
  - tun: call napi_schedule_prep() to ensure we own a napi
 
  - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
 
  - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg
    to network
 
  - tipc: fix a msg->req tlv length check
 
  - sctp: clear out_curr if all frag chunks of current msg are pruned,
    avoid list corruption
 
  - mctp: fix an error handling path in mctp_init(), avoid leaks
 
 Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmNtnlEACgkQMUZtbf5S
 IrvSfg//axNePPwFiAdbYUmSNmnnv2Zpyz1l9a2/WvKKMeyAH3d4zuQGyTz7VgoJ
 at4k1fr14vm+3qBhlL0UFdd+h/wBewwuuWLiogIfhgqDO7KavZsbTJWQ59DSHH08
 ujihvt7dF9ByVd3hOpUDjrYGd2rPghqXk8l/2gpPp/KIrbj1jSW0DdF7Y48/0RRw
 PYzNYZ9tqICw1crBT52ZilNEebGaUuWpPLzV2owlhJpzqyRLcgd9GWN9DkKieiiw
 wF0Wi7A8b/+cR/Wo93RAXtvEayN9vp/t6iyiI1opv3Yg6bhAMlzDUX/v79ccnAM6
 wJ3b8bKyLgph5ZTNmbL8GwC2pwl/20hOgCVLb/Haykqrk4oO2+xD39fjKniFP/71
 IBYuLCethi0zmiSyR8yO4iyrfJCnkJffoxtcG8O5x+FuCfMI1xQWx44bSc34KlqT
 vDw/VmnIfXH9K3F+QdWtlZfLiM0F6vd7RNGIxX0cC2wQCwaubCo0LOs5vl2+jpR8
 Xclo+OquQtX5XRqGGQDtA7kCM9jfuc/DWla1v10wy7ZagiKkdfrV7Zu7r431Dtwn
 BWeKZAA38o9WNRb4FD5GGUN0dK5R5V25LmbpvYuerq5Ub3pGJgHMsdA15LqsqTnW
 MGIokGFhu7ToAQEnaRkF96jh3c3yoMU/sWXsqh7x/G6Tir7JGUw=
 =WPta
 -----END PGP SIGNATURE-----

Merge tag 'net-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
 "Including fixes from netfilter, wifi, can and bpf.

  Current release - new code bugs:

   - can: af_can: can_exit(): add missing dev_remove_pack() of
     canxl_packet

  Previous releases - regressions:

   - bpf, sockmap: fix the sk->sk_forward_alloc warning

   - wifi: mac80211: fix general-protection-fault in
     ieee80211_subif_start_xmit()

   - can: af_can: fix NULL pointer dereference in can_rx_register()

   - can: dev: fix skb drop check, avoid o-o-b access

   - nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()

  Previous releases - always broken:

   - bpf: fix wrong reg type conversion in release_reference()

   - gso: fix panic on frag_list with mixed head alloc types

   - wifi: brcmfmac: fix buffer overflow in brcmf_fweh_event_worker()

   - wifi: mac80211: set TWT Information Frame Disabled bit as 1

   - eth: macsec offload related fixes, make sure to clear the keys from
     memory

   - tun: fix memory leaks in the use of napi_get_frags

   - tun: call napi_schedule_prep() to ensure we own a napi

   - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent

   - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to
     network

   - tipc: fix a msg->req tlv length check

   - sctp: clear out_curr if all frag chunks of current msg are pruned,
     avoid list corruption

   - mctp: fix an error handling path in mctp_init(), avoid leaks"

* tag 'net-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (101 commits)
  eth: sp7021: drop free_netdev() from spl2sw_init_netdev()
  MAINTAINERS: Move Vivien to CREDITS
  net: macvlan: fix memory leaks of macvlan_common_newlink
  ethernet: tundra: free irq when alloc ring failed in tsi108_open()
  net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
  ethernet: s2io: disable napi when start nic failed in s2io_card_up()
  net: atlantic: macsec: clear encryption keys from the stack
  net: phy: mscc: macsec: clear encryption keys when freeing a flow
  stmmac: dwmac-loongson: fix missing of_node_put() while module exiting
  stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe()
  stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting
  cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
  mctp: Fix an error handling path in mctp_init()
  stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz
  net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
  net: cpsw: disable napi in cpsw_ndo_open()
  iavf: Fix VF driver counting VLAN 0 filters
  ice: Fix spurious interrupt during removal of trusted VF
  net/mlx5e: TC, Fix slab-out-of-bounds in parse_tc_actions
  net/mlx5e: E-Switch, Fix comparing termination table instance
  ...
2022-11-10 17:31:15 -08:00
Jakub Kicinski abd5ac18ae mlx5-fixes-2022-11-09
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAmNr8dQACgkQSD+KveBX
 +j4cCwf+O51qKPCU5XmpHUU21QmX36oEA0wJw4Y3uvTJqpbmWxKMI8pNUPFNhzl/
 0APMXm7uuD8o5Ehtq/rRzK0nCCTrN3OgkJYgaKnuUfr2NbBYCjHau1xKyIgPLj2m
 uSIxqlTblT3hBwaJjzqBIsFyhpT0x8ZS2lEd2tuoQw4uyrEv2sjceLRzdj21R5by
 HVtBECRI5wHXSVuZ31XjUGPbVXr6d42H5lz7465eae+FxavX0+XpzbFJLJdwOlyZ
 pynvEaqLwmpfXBpc0I+oYR5EJwm/HIMjZGDJRImdV29zC20ttX1tiJuT0Wr40yjZ
 1Ws3pf89GmkLB36SzPiEkp3o6HuB3A==
 =ccW3
 -----END PGP SIGNATURE-----

Merge tag 'mlx5-fixes-2022-11-09' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
mlx5 fixes 2022-11-02

This series provides bug fixes to mlx5 driver.

* tag 'mlx5-fixes-2022-11-09' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux:
  net/mlx5e: TC, Fix slab-out-of-bounds in parse_tc_actions
  net/mlx5e: E-Switch, Fix comparing termination table instance
  net/mlx5e: TC, Fix wrong rejection of packet-per-second policing
  net/mlx5e: Fix tc acts array not to be dependent on enum order
  net/mlx5e: Fix usage of DMA sync API
  net/mlx5e: Add missing sanity checks for max TX WQE size
  net/mlx5: fw_reset: Don't try to load device in case PCI isn't working
  net/mlx5: E-switch, Set to legacy mode if failed to change switchdev mode
  net/mlx5: Allow async trigger completion execution on single CPU systems
  net/mlx5: Bridge, verify LAG state when adding bond to bridge
====================

Link: https://lore.kernel.org/r/20221109184050.108379-1-saeed@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-11-10 16:29:57 -08:00
Jakub Kicinski b3bbeba094 Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue
Tony Nguyen says:

====================
Intel Wired LAN Driver Updates 2022-11-09 (ice, iavf)

This series contains updates to ice and iavf drivers.

Norbert stops disabling VF queues that are not enabled for ice driver.

Michal stops accounting of VLAN 0 filter to match expectations of PF
driver for iavf.

* '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
  iavf: Fix VF driver counting VLAN 0 filters
  ice: Fix spurious interrupt during removal of trusted VF
====================

Link: https://lore.kernel.org/r/20221110003744.201414-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-11-10 16:28:50 -08:00
Wei Yongjun de91b3197d eth: sp7021: drop free_netdev() from spl2sw_init_netdev()
It's not necessary to free netdev allocated with devm_alloc_etherdev()
and using free_netdev() leads to double free.

Fixes: fd3040b939 ("net: ethernet: Add driver for Sunplus SP7021")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20221109150116.2988194-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-11-10 16:27:33 -08:00
Dave Airlie b7ffd9d9ee Merge tag 'drm-intel-fixes-2022-11-10' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Fix sg_table handling in map_dma_buf (Matthew Auld)
- Send PSR update also on invalidate (Jouni Högander)
- Do not set cache_dirty for DGFX (Niranjana Vishwanathapura)
- Restore userptr probe_range behaviour (Matthew Auld)

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/Y2zCy5q85qE9W0J8@tursulin-desk
2022-11-11 10:20:11 +10:00
Nathan Chancellor fcae44fd36
RISC-V: vdso: Do not add missing symbols to version section in linker script
Recently, ld.lld moved from '--undefined-version' to
'--no-undefined-version' as the default, which breaks the compat vDSO
build:

  ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_gettimeofday' failed: symbol not defined
  ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_gettime' failed: symbol not defined
  ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_getres' failed: symbol not defined

These symbols are not present in the compat vDSO or the regular vDSO for
32-bit but they are unconditionally included in the version section of
the linker script, which is prohibited with '--no-undefined-version'.

Fix this issue by only including the symbols that are actually exported
in the version section of the linker script.

Link: https://github.com/ClangBuiltLinux/linux/issues/1756
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20221108171324.3377226-1-nathan@kernel.org/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-11-10 15:06:14 -08:00
Conor Dooley 50e63dd8ed
riscv: fix reserved memory setup
Currently, RISC-V sets up reserved memory using the "early" copy of the
device tree. As a result, when trying to get a reserved memory region
using of_reserved_mem_lookup(), the pointer to reserved memory regions
is using the early, pre-virtual-memory address which causes a kernel
panic when trying to use the buffer's name:

 Unable to handle kernel paging request at virtual address 00000000401c31ac
 Oops [#1]
 Modules linked in:
 CPU: 0 PID: 0 Comm: swapper Not tainted 6.0.0-rc1-00001-g0d9d6953d834 #1
 Hardware name: Microchip PolarFire-SoC Icicle Kit (DT)
 epc : string+0x4a/0xea
  ra : vsnprintf+0x1e4/0x336
 epc : ffffffff80335ea0 ra : ffffffff80338936 sp : ffffffff81203be0
  gp : ffffffff812e0a98 tp : ffffffff8120de40 t0 : 0000000000000000
  t1 : ffffffff81203e28 t2 : 7265736572203a46 s0 : ffffffff81203c20
  s1 : ffffffff81203e28 a0 : ffffffff81203d22 a1 : 0000000000000000
  a2 : ffffffff81203d08 a3 : 0000000081203d21 a4 : ffffffffffffffff
  a5 : 00000000401c31ac a6 : ffff0a00ffffff04 a7 : ffffffffffffffff
  s2 : ffffffff81203d08 s3 : ffffffff81203d00 s4 : 0000000000000008
  s5 : ffffffff000000ff s6 : 0000000000ffffff s7 : 00000000ffffff00
  s8 : ffffffff80d9821a s9 : ffffffff81203d22 s10: 0000000000000002
  s11: ffffffff80d9821c t3 : ffffffff812f3617 t4 : ffffffff812f3617
  t5 : ffffffff812f3618 t6 : ffffffff81203d08
 status: 0000000200000100 badaddr: 00000000401c31ac cause: 000000000000000d
 [<ffffffff80338936>] vsnprintf+0x1e4/0x336
 [<ffffffff80055ae2>] vprintk_store+0xf6/0x344
 [<ffffffff80055d86>] vprintk_emit+0x56/0x192
 [<ffffffff80055ed8>] vprintk_default+0x16/0x1e
 [<ffffffff800563d2>] vprintk+0x72/0x80
 [<ffffffff806813b2>] _printk+0x36/0x50
 [<ffffffff8068af48>] print_reserved_mem+0x1c/0x24
 [<ffffffff808057ec>] paging_init+0x528/0x5bc
 [<ffffffff808031ae>] setup_arch+0xd0/0x592
 [<ffffffff8080070e>] start_kernel+0x82/0x73c

early_init_fdt_scan_reserved_mem() takes no arguments as it operates on
initial_boot_params, which is populated by early_init_dt_verify(). On
RISC-V, early_init_dt_verify() is called twice. Once, directly, in
setup_arch() if CONFIG_BUILTIN_DTB is not enabled and once indirectly,
very early in the boot process, by parse_dtb() when it calls
early_init_dt_scan_nodes().

This first call uses dtb_early_va to set initial_boot_params, which is
not usable later in the boot process when
early_init_fdt_scan_reserved_mem() is called. On arm64 for example, the
corresponding call to early_init_dt_scan_nodes() uses fixmap addresses
and doesn't suffer the same fate.

Move early_init_fdt_scan_reserved_mem() further along the boot sequence,
after the direct call to early_init_dt_verify() in setup_arch() so that
the names use the correct virtual memory addresses. The above supposed
that CONFIG_BUILTIN_DTB was not set, but should work equally in the case
where it is - unflatted_and_copy_device_tree() also updates
initial_boot_params.

Reported-by: Valentina Fernandez <valentina.fernandezalanis@microchip.com>
Reported-by: Evgenii Shatokhin <e.shatokhin@yadro.com>
Link: https://lore.kernel.org/linux-riscv/f8e67f82-103d-156c-deb0-d6d6e2756f5e@microchip.com/
Fixes: 922b0375fc ("riscv: Fix memblock reservation for device tree blob")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Evgenii Shatokhin <e.shatokhin@yadro.com>
Link: https://lore.kernel.org/r/20221107151524.3941467-1-conor.dooley@microchip.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-11-10 14:46:33 -08:00
Dave Airlie 42bf3ce70f R-Car DSI Kconfig dependency fix
-----BEGIN PGP SIGNATURE-----
 
 iJgEABYKAEAWIQTAnvhxs4J7QT+XHKnMPy2AAyfeZAUCY2u6WiIcbGF1cmVudC5w
 aW5jaGFydEBpZGVhc29uYm9hcmQuY29tAAoJEMw/LYADJ95k4YkBALQFtJ2A7Kym
 87W+Kj5IwQIB+NrUknx+Xo7Dadol+wKxAP9tQSiesS1BIFRU7uitxZBSGI7KLu4a
 FpEz94CZnJqWCg==
 =UyDH
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-20221109' of git://linuxtv.org/pinchartl/media into drm-fixes

R-Car DSI Kconfig dependency fix

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/Y2u8+uM4A006XRPh@pendragon.ideasonboard.com
2022-11-11 08:11:26 +10:00
Jisheng Zhang 50f4dd657a
riscv: vdso: fix build with llvm
Even after commit 89fd4a1df8 ("riscv: jump_label: mark arguments as
const to satisfy asm constraints"), building with CC_OPTIMIZE_FOR_SIZE
+ LLVM=1 can reproduce below build error:

  CC      arch/riscv/kernel/vdso/vgettimeofday.o
In file included from <built-in>:4:
In file included from lib/vdso/gettimeofday.c:5:
In file included from include/vdso/datapage.h:17:
In file included from include/vdso/processor.h:10:
In file included from arch/riscv/include/asm/vdso/processor.h:7:
In file included from include/linux/jump_label.h:112:
arch/riscv/include/asm/jump_label.h:42:3: error:
invalid operand for inline asm constraint 'i'
                "       .option push                            \n\t"
                ^
1 error generated.

I think the problem is when "-Os" is passed as CFLAGS, it's removed by
"CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os" which is
introduced in commit e05d57dcb8 ("riscv: Fixup __vdso_gettimeofday
broke dynamic ftrace"), thus no optimization at all for vgettimeofday.c
arm64 does remove "-Os" as well, but it forces "-O2" after removing
"-Os".

I compared the generated vgettimeofday.o with "-O2" and "-Os",
I think no big performance difference. So let's tell the kbuild not
to remove "-Os" rather than follow arm64 style.

vdso related performance can be improved a lot when building kernel with
CC_OPTIMIZE_FOR_SIZE after this commit, ("-Os" VS no optimization)

Fixes: e05d57dcb8 ("riscv: Fixup __vdso_gettimeofday broke dynamic ftrace")
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20221031182943.2453-1-jszhang@kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-11-10 13:58:36 -08:00
Florian Fainelli 6ce3df596b MAINTAINERS: Move Vivien to CREDITS
Last patch from Vivien was nearly 3 years ago and he has not reviewed or
responded to DSA patches since then, move to CREDITS.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20221109231907.621678-1-f.fainelli@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-11-10 13:53:53 -08:00
Jisheng Zhang 6510c78490
riscv: process: fix kernel info leakage
thread_struct's s[12] may contain random kernel memory content, which
may be finally leaked to userspace. This is a security hole. Fix it
by clearing the s[12] array in thread_struct when fork.

As for kthread case, it's better to clear the s[12] array as well.

Fixes: 7db91e57a0 ("RISC-V: Task implementation")
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Tested-by: Guo Ren <guoren@kernel.org>
Link: https://lore.kernel.org/r/20221029113450.4027-1-jszhang@kernel.org
Reviewed-by: Guo Ren <guoren@kernel.org>
Link: https://lore.kernel.org/r/CAJF2gTSdVyAaM12T%2B7kXAdRPGS4VyuO08X1c7paE-n4Fr8OtRA@mail.gmail.com/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-11-10 13:43:15 -08:00
Dave Airlie 2e4b294576 Merge tag 'drm-misc-fixes-2022-11-09' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
drm-misc-fixes for v6.1-rc5:
- HDMI fixes to vc4.
- Make panfrost's uapi header compile with C++.
- Add rotation quirks for 2 panels.
- Fix s/r in amdgpu_vram_mgr_new
- Handle 1 gb boundary correctly in panfrost mmu code.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/e02de501-4b85-28a0-3f6e-751ca13f5f9d@linux.intel.com
2022-11-11 06:31:38 +10:00
Jens Axboe 3851d25c75 io_uring: check for rollover of buffer ID when providing buffers
We already check if the chosen starting offset for the buffer IDs fit
within an unsigned short, as 65535 is the maximum value for a provided
buffer. But if the caller asks to add N buffers at offset M, and M + N
would exceed the size of the unsigned short, we simply add buffers with
wrapping around the ID.

This is not necessarily a bug and could in fact be a valid use case, but
it seems confusing and inconsistent with the initial check for starting
offset. Let's check for wrap consistently, and error the addition if we
do need to wrap.

Reported-by: Olivier Langlois <olivier@trillion01.com>
Link: https://github.com/axboe/liburing/issues/726
Cc: stable@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-11-10 11:07:41 -07:00
Linus Torvalds 1767a722a7 for-6.1-rc4-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmNtDwoACgkQxWXV+ddt
 WDtcBQ/9HA9lLySbgveEj8taIbe6hXZ3Ry+1dSB/r0btb9e/tlcE7Md1ir3ewcIH
 ICfjWkbltE5Xqo50Ll+cdbEt0kgMwP+2jISPUG4bikTprLRPp1q4Gl8H9frYotJL
 76xC8rgmITC4ZR/PkYisauC3UJTv8EBnB19GzU+5SFh82ZfxF+XHmHFc5Wzdl8Q8
 OObFOiVy28dTYubJc0cId39XceVbqv/uj+F/y5tQSZvhPhDRPZfPWBdW3LHIAMSP
 xB4E9Qhbk9NAhFUHjvMwBBRao0q2D6ZO4IViB7y5qAIQOIfk6RJK11hAkeybqO+1
 E8ADPY6XBEfM6SA3Bf7X4kz1gjTm/eF8l4lnLZdGT1husbBY4O3Biey0qUjZs+oP
 LJTUtS3MJMEnTVoW/saUG3iTTDFFxJA+fbn6hKdNLqpKM6jjDgRx2MavbCNoUcCw
 nnEVbCh+Z44xXE9+N7SH4E+ygoiwJwvkLLgYQ+ZaAHd7Wmpzmwnf9yWEiy1t1iv2
 dj5bTv9jlZTacK8u/NUl6F/nqAIg5lcbNKAs1bPJ2m34ye5FKD2RPANgdqshNYFC
 il7TgQjcnyVw17y0qYpqtLZrDsvTreQgUXeCprTPiTenJ1f72zyF7kHxjk12lHWd
 /x22sNoX+uWlpJSW1niutVRdupVPqbwED+Qp0E5UkNaC3GeV/Bw=
 =1+3V
 -----END PGP SIGNATURE-----

Merge tag 'for-6.1-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:

 - revert memory optimization for scrub blocks, this misses errors in
   2nd and following blocks

 - add exception for ENOMEM as reason for transaction abort to not print
   stack trace, syzbot has reported many

 - zoned fixes:
      - fix locking imbalance during scrub
      - initialize zones for seeding device
      - initialize zones for cloned device structures

 - when looking up device, change assertion to a real check as some of
   the search parameters can be passed by ioctl, reported by syzbot

 - fix error pointer check in self tests

* tag 'for-6.1-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: zoned: fix locking imbalance on scrub
  btrfs: zoned: initialize device's zone info for seeding
  btrfs: zoned: clone zoned device info when cloning a device
  Revert "btrfs: scrub: use larger block size for data extent scrub"
  btrfs: don't print stack trace when transaction is aborted due to ENOMEM
  btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
  btrfs: fix match incorrectly in dev_args_match_device
2022-11-10 08:58:29 -08:00
Linus Torvalds f014699cca soundwire fixes for v6.1
This contains two qcom driver fixes for broadcast completion reinit and
 check for outanding writes. Lone Intel driver fix for clock stop timeout
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmNsxxUACgkQfBQHDyUj
 g0e5LhAAvRjhbkuFXn5NMSltWPKdDb8Gt8d8X2uKClr/1MK/tKu5dDkllY3eVn23
 HboWeOObJZE5bBhpyOtKBUZbbOis5BPgUisF+7lIrVlVnkDVsLoE6svwrWokbRSr
 QtsSULfWTWOge1lNZx1DCyxpoAQoznYFSJ2cDfb8O1yeWCWGmiaNbQfs1ZPb4UKB
 VYQsvLfjDkI9PY4y1IQAQMpvPSqFLTadiKgpZRzMBAyy+5oH9dqxmhMDVAg1g3sa
 kOMJPHwv5nXPeWciRwUiKyeEj4Hd792qHSFZD73CQRXbmq8zB+PtGnFGr/CkH8n9
 mu9u8TlSGJ3wGG4m/Sdx4ulihrQZFmbwsQlYZqwTH2aOQvZnJRobn6SX8qZu3nQJ
 u/yClRn4ELw/ABuHKAMaRb1YJFRm0Qh9/KyKKSomOgFUTPs99Cs9CkO+rQrLOSrv
 xbzVVrqvom+r1k7Nw5qpeNwtLg/6pnW1NoY1bImKFEUoNDWejv/k61MErhpdrMdV
 gBJbLPgVxjOU3RTsUsaafzJ3iNHCVGOrzu+X6QWki63yIEC/WimiVFIsu2fjbyer
 vdD5Ue8K/3tXMs63VjNaQlG/mhFWofQsQfT85wT6NuyFeHDsJeyo0yBWMdVB/BOO
 x+6roGY7dID2h7NUr6tmTfEXGcE15wGsQA//dEnKN/AXLMdufXs=
 =rEvh
 -----END PGP SIGNATURE-----

Merge tag 'soundwire-6.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire

Pull soundwire fixes from Vinod Koul:
 "Two qcom driver fixes for broadcast completion reinit and check for
  outanding writes. And a lone Intel driver fix for clock stop timeout"

* tag 'soundwire-6.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire:
  soundwire: qcom: check for outanding writes before doing a read
  soundwire: qcom: reinit broadcast completion
  soundwire: intel: Initialize clock stop timeout
2022-11-10 08:42:59 -08:00
Linus Torvalds 8395ee62b1 phy: fixes for 6.1
- Update Kishon's email
 - Fixes in drivers:
   - stms32 error code fix in driver probe
   - tegra: fix for checking valid pointer
   - qcom_qmp: null deref fix
   - sunplus: error check fix
   - ralink: add missing sentinel to table
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmNsxbYACgkQfBQHDyUj
 g0dLWg//YKY9hM07ObGHuAOH5RNQx/udNGAhlXEg996D3cUrX+KasmLxxLi60S/2
 dyWovcvLepftuNhLzyesHBSYTw8dUUmnpVFOPTm6a3fYycEzSNewwD0XhIqHnxso
 zem3HMNyzpwk7ZpdXJKuNJWul4OyhLf87nlmOmRZaGYSmrwol2T2I6baKisNGphc
 RExTe914AuTtSdHqjRopFlAmxk0f+0j9PDt+UbPhv77S/aDpO+sLGl6sRb985YQw
 +/f75GL6pEQpzgemz5p/w4rQwGNLZiBWaZNA/LoTtXwYqmw5sLJYhRRxiTakHBPE
 XfTpeCwqD7ugF1aQyokLo2+rQd51zCON0fc8RNGkCzhtNx9bhrN7qp8NXbY0abC7
 mc43j/ckLKaFyIQOEk3DADAQf7xw3EEbscV8MOOdPzpKGxcTwbYLrplHuHJCZdQo
 UugCwR+0UR/MfFNL9Sl7cGYL8QiR+oqJk3LRMvVQxtM/fz4geSgQWSgBEG2QwCmZ
 CJdFqBMvOeT665u0dDBxjvr6do/8Dak1CHPzHV/3lTDSw20gJOisoJl6CacC0bWo
 9VL7ZCdj7SLRbOW1boNLDr548ftRs9EqhFdcU5IBo5RYl8lxpfZWQJj3q+DyyCCG
 HMVK1UfWxyWw5rZmxSJna8y1kA8Iy/ivFeFk3oUkqnw9Njvgszo=
 =6AL7
 -----END PGP SIGNATURE-----

Merge tag 'phy-fixes-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy

Pull phy fixes from Vinod Koul:
 "A bunch of odd driver fixes and a MAINTAINER email update:

   - Update Kishon's email

   - stms32 error code fix in driver probe

   - tegra: fix for checking valid pointer

   - qcom_qmp: null deref fix

   - sunplus: error check fix

   - ralink: add missing sentinel to table"

* tag 'phy-fixes-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy:
  phy: ralink: mt7621-pci: add sentinel to quirks table
  phy: sunplus: Fix an IS_ERR() vs NULL bug in sp_usb_phy_probe
  phy: qcom-qmp-combo: fix NULL-deref on runtime resume
  phy: tegra: xusb: Fix crash during pad power on/down
  phy: stm32: fix an error code in probe
  MAINTAINERS: Update Kishon's email address in GENERIC PHY FRAMEWORK
2022-11-10 08:36:42 -08:00
Linus Torvalds 179228654d hwspinlock updates for v6.1
This extends the DeviceTree binding and implementation for the Qualcomm
 hardware spinlock on some older platforms to follow the style of the
 newer ones where the DeviceTree representation does not rely on an
 intermediate syscon node.
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCAAzFiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAmNsIzwVHGFuZGVyc3Nv
 bkBrZXJuZWwub3JnAAoJEAsfOT8Nma3FFv4QANbpxio9ZzXRlMyc2WXK+oLJVf10
 goQjIUr32Oi5Gk6qvJopnIytFeQ8j6I6bTgspH/oJ8MV9/uv8Oc1KBWhHlyZB6mi
 9kvUlZUxIo0H9tFcI1GgQHG9HBzSTeGj7tU+Fvs9RYIeYxDmGX7PnrLOzbCQ7aJ1
 4girw/Q8ebwH3xW3W2XG1e2kepYryTZ4bxFh5Y2qeW8fQl5b6wV4o30HDsxR70RT
 Ffijhivoi+oxIMygzuAhEcB90xGA7+rXA5xpTxcBt1X4iGnPI6UnU57LGyHBh/B1
 BkaVNhTSsavsgRhzeDMWxlzXBd5xTkZrbM/H5354Oaf4jSTOY07jkauryoLKn/6E
 4gaIQjhCpBsYCKfiiqRlRVvc7oINXSWFTDJ27XF4V863tomshoDwdVYmABrU0hcl
 6Inc/xE/Qqwe6g+BC4N+v8+FR+Li0lnDuLiJey/D9lPkeTLwQihRHFT/ZxKrJcsG
 rIUod9457n90zWPcTQFoI1QzpmLo5o++g74wj3lUUX7fa2wknaYxu0JWrILN1Fy2
 qoqMktI0TbVNpxvmZ0ljTDdTyRmTuXOzZ01vOHMRxG/y6r6sAzTbelu/ImWbYzxB
 eCu+S+hDnUDwh0QwUhTmt6WXZSASwO6VEYfhXrmOhm9HPHPTjERgjnjQPbqw9mcN
 YuJNonpDRqD9h89n
 =bNeC
 -----END PGP SIGNATURE-----

Merge tag 'hwlock-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux

Pull hwspinlock updates from Bjorn Andersson:
 "I apparently had missed tagging and sending this set of changes out
  during the 6.1 merge window. But did get the associated dts changes
  depending on this merged. The result is a regression in 6.1-rc on the
  affected, older, Qualcomm platforms - in for form of them not booting.

  So while these weren't regression fixes originally, they are now. It's
  not introducing new beahavior, but simply extending the existing new
  Devicetree model, to cover remaining platforms:

   - extend the DeviceTree binding and implementation for the Qualcomm
     hardware spinlock on some older platforms to follow the style of
     the newer ones where the DeviceTree representation does not rely on
     an intermediate syscon node"

* tag 'hwlock-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux:
  dt-bindings: hwlock: qcom-hwspinlock: add syscon to MSM8974
  hwspinlock: qcom: add support for MMIO on older SoCs
  hwspinlock: qcom: correct MMIO max register for newer SoCs
  dt-bindings: hwlock: qcom-hwspinlock: correct example indentation
  dt-bindings: hwlock: qcom-hwspinlock: add support for MMIO on older SoCs
2022-11-10 08:28:20 -08:00
Chuang Wang 23569b5652 net: macvlan: fix memory leaks of macvlan_common_newlink
kmemleak reports memory leaks in macvlan_common_newlink, as follows:

 ip link add link eth0 name .. type macvlan mode source macaddr add
 <MAC-ADDR>

kmemleak reports:

unreferenced object 0xffff8880109bb140 (size 64):
  comm "ip", pid 284, jiffies 4294986150 (age 430.108s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff  ..........Z.....
    80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b  ..............kk
  backtrace:
    [<ffffffff813e06a7>] kmem_cache_alloc_trace+0x1c7/0x300
    [<ffffffff81b66025>] macvlan_hash_add_source+0x45/0xc0
    [<ffffffff81b66a67>] macvlan_changelink_sources+0xd7/0x170
    [<ffffffff81b6775c>] macvlan_common_newlink+0x38c/0x5a0
    [<ffffffff81b6797e>] macvlan_newlink+0xe/0x20
    [<ffffffff81d97f8f>] __rtnl_newlink+0x7af/0xa50
    [<ffffffff81d98278>] rtnl_newlink+0x48/0x70
    ...

In the scenario where the macvlan mode is configured as 'source',
macvlan_changelink_sources() will be execured to reconfigure list of
remote source mac addresses, at the same time, if register_netdevice()
return an error, the resource generated by macvlan_changelink_sources()
is not cleaned up.

Using this patch, in the case of an error, it will execute
macvlan_flush_sources() to ensure that the resource is cleaned up.

Fixes: aa5fd0fb77 ("driver: macvlan: Destroy new macvlan port if macvlan_common_newlink failed.")
Signed-off-by: Chuang Wang <nashuiliang@gmail.com>
Link: https://lore.kernel.org/r/20221109090735.690500-1-nashuiliang@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-11-10 15:59:06 +01:00
Zhengchao Shao acce400370 ethernet: tundra: free irq when alloc ring failed in tsi108_open()
When alloc tx/rx ring failed in tsi108_open(), it doesn't free irq. Fix
it.

Fixes: 5e123b844a ("[PATCH] Add tsi108/9 On Chip Ethernet device driver support")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Link: https://lore.kernel.org/r/20221109044016.126866-1-shaozhengchao@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-11-10 15:39:08 +01:00
Ye Bin 9a5523f72b ALSA: hda: fix potential memleak in 'add_widget_node'
As 'kobject_add' may allocated memory for 'kobject->name' when return error.
And in this function, if call 'kobject_add' failed didn't free kobject.
So call 'kobject_put' to recycling resources.

Signed-off-by: Ye Bin <yebin10@huawei.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221110144539.2989354-1-yebin@huaweicloud.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-11-10 15:28:12 +01:00
Jens Axboe df24560d05 nvme fixes for Linux 6.1
- quiet user passthrough command errors (Keith Busch)
  - fix memory leak in nvmet_subsys_attr_model_store_locked
  - fix a memory leak in nvmet-auth (Sagi Grimberg)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAmNsyxULHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYMBJQ//TYcXZBz+lFatba1hAkZMr5d1ZCSQK+JToK5YyKWG
 vpp8DPDHRZZmBD0lAi7MTuH5ZwS3TmhQQ2dQ3Y+27zOdMCRJft2coz6BXVi/Phm2
 tIX3Q0P1DRYML+qr57Fr2woxqRTtE2yHKoMhp8NHECCSGOd/9LvqT1T5Nrpqa/fN
 CoQxqMrAMMWVxBAPviHAAtvNzVaF3zPpoRYe6t6Py5SU1VNnbrJnbPKFO/1RHn0r
 86jIV8iRN/CvUpJ4C43x8QvtDoU5hUTUbQs4Jt3treWJIl9DEk18jHmCzAu4FsVd
 8KsjmQVxMal7WDULfC+r4XtxZQ/Bg9VRGE60mclEef3E696xY45QQu322fzaa5sU
 IliF4mN3RrnF37PQ7Rw7MdZPSB6J3/PYgtxGmXp7KWAnYDtuC6TfH5vYaui0PzdM
 icuJ9L+jak4yaEAbCUTl6bJgeG725/kQ45LMwPs85WHAxZ3X55my9wpVY/Tk2+9s
 NPL5FZcAmwOsUQjqYbDZChNZQhiD/Q4K33565ofDQ6iRaPTC15lA2lrJbwpRw/Gv
 YikZ73HygDUgLuToYLTYhKLRY3VsTy/Z9lIRHbR05IWhKb6PkDvDsEb4URKKfpFb
 gfsJ8xYw9n7Y1kEfyCU/EVezqoftTVDLW8L9wifjtc4EpHA4ydN88S68H0b8rnJR
 5X0=
 =Cpi6
 -----END PGP SIGNATURE-----

Merge tag 'nvme-6.1-2022-11-10' of git://git.infradead.org/nvme into block-6.1

Pull NVMe fixes from Christoph:

"nvme fixes for Linux 6.1

 - quiet user passthrough command errors (Keith Busch)
 - fix memory leak in nvmet_subsys_attr_model_store_locked
 - fix a memory leak in nvmet-auth (Sagi Grimberg)"

* tag 'nvme-6.1-2022-11-10' of git://git.infradead.org/nvme:
  nvmet: fix a memory leak
  nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  nvme: quiet user passthrough command errors
2022-11-10 06:55:02 -07:00