Commit Graph

1153838 Commits

Author SHA1 Message Date
Ryusuke Konishi
7633355e5c nilfs2: fix general protection fault in nilfs_btree_insert()
If nilfs2 reads a corrupted disk image and tries to reads a b-tree node
block by calling __nilfs_btree_get_block() against an invalid virtual
block address, it returns -ENOENT because conversion of the virtual block
address to a disk block address fails.  However, this return value is the
same as the internal code that b-tree lookup routines return to indicate
that the block being searched does not exist, so functions that operate on
that b-tree may misbehave.

When nilfs_btree_insert() receives this spurious 'not found' code from
nilfs_btree_do_lookup(), it misunderstands that the 'not found' check was
successful and continues the insert operation using incomplete lookup path
data, causing the following crash:

 general protection fault, probably for non-canonical address
 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
 KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
 ...
 RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]
 RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]
 RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238
 Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89
 ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c
 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02
 ...
 Call Trace:
 <TASK>
  nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]
  nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147
  nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101
  __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991
  __block_write_begin fs/buffer.c:2041 [inline]
  block_write_begin+0x93/0x1e0 fs/buffer.c:2102
  nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261
  generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772
  __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900
  generic_file_write_iter+0xab/0x310 mm/filemap.c:3932
  call_write_iter include/linux/fs.h:2186 [inline]
  new_sync_write fs/read_write.c:491 [inline]
  vfs_write+0x7dc/0xc50 fs/read_write.c:584
  ksys_write+0x177/0x2a0 fs/read_write.c:637
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x63/0xcd
 ...
 </TASK>

This patch fixes the root cause of this problem by replacing the error
code that __nilfs_btree_get_block() returns on block address conversion
failure from -ENOENT to another internal code -EINVAL which means that the
b-tree metadata is corrupted.

By returning -EINVAL, it propagates without glitches, and for all relevant
b-tree operations, functions in the upper bmap layer output an error
message indicating corrupted b-tree metadata via
nilfs_bmap_convert_error(), and code -EIO will be eventually returned as
it should be.

Link: https://lkml.kernel.org/r/000000000000bd89e205f0e38355@google.com
Link: https://lkml.kernel.org/r/20230105055356.8811-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+ede796cecd5296353515@syzkaller.appspotmail.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:21 -08:00
Nhat Pham
1beb8ae302 Docs/admin-guide/mm/zswap: remove zsmalloc's lack of writeback warning
Writeback has been implemented for zsmalloc, so this warning no longer
holds.

Link: https://lkml.kernel.org/r/20230106220016.172303-1-nphamcs@gmail.com
Fixes: 9997bc0175 ("zsmalloc: implement writeback mechanism for zsmalloc")
Suggested-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Nhat Pham <nphamcs@gmail.com>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:21 -08:00
Peter Xu
fed15f1345 mm/hugetlb: pre-allocate pgtable pages for uffd wr-protects
Userfaultfd-wp uses pte markers to mark wr-protected pages for both shmem
and hugetlb.  Shmem has pre-allocation ready for markers, but hugetlb path
was overlooked.

Doing so by calling huge_pte_alloc() if the initial pgtable walk fails to
find the huge ptep.  It's possible that huge_pte_alloc() can fail with
high memory pressure, in that case stop the loop immediately and fail
silently.  This is not the most ideal solution but it matches with what we
do with shmem meanwhile it avoids the splat in dmesg.

Link: https://lkml.kernel.org/r/20230104225207.1066932-2-peterx@redhat.com
Fixes: 60dfaad65a ("mm/hugetlb: allow uffd wr-protect none ptes")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: James Houghton <jthoughton@google.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: James Houghton <jthoughton@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: <stable@vger.kernel.org>	[5.19+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:21 -08:00
James Houghton
b30c14cd61 hugetlb: unshare some PMDs when splitting VMAs
PMD sharing can only be done in PUD_SIZE-aligned pieces of VMAs; however,
it is possible that HugeTLB VMAs are split without unsharing the PMDs
first.

Without this fix, it is possible to hit the uffd-wp-related WARN_ON_ONCE
in hugetlb_change_protection [1].  The key there is that
hugetlb_unshare_all_pmds will not attempt to unshare PMDs in
non-PUD_SIZE-aligned sections of the VMA.

It might seem ideal to unshare in hugetlb_vm_op_open, but we need to
unshare in both the new and old VMAs, so unsharing in hugetlb_vm_op_split
seems natural.

[1]: https://lore.kernel.org/linux-mm/CADrL8HVeOkj0QH5VZZbRzybNE8CG-tEGFshnA+bG9nMgcWtBSg@mail.gmail.com/

Link: https://lkml.kernel.org/r/20230104231910.1464197-1-jthoughton@google.com
Fixes: 6dfeaff93b ("hugetlb/userfaultfd: unshare all pmds for hugetlbfs when register wp")
Signed-off-by: James Houghton <jthoughton@google.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Peter Xu <peterx@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:20 -08:00
Suren Baghdasaryan
a1193de562 mm: fix vma->anon_name memory leak for anonymous shmem VMAs
free_anon_vma_name() is missing a check for anonymous shmem VMA which
leads to a memory leak due to refcount not being dropped.  Fix this by
calling anon_vma_name_put() unconditionally.  It will free vma->anon_name
whenever it's non-NULL.

Link: https://lkml.kernel.org/r/20230105000241.1450843-1-surenb@google.com
Fixes: d09e8ca6cb ("mm: anonymous shared memory naming")
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Suggested-by: David Hildenbrand <david@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reported-by: syzbot+91edf9178386a07d06a7@syzkaller.appspotmail.com
Cc: Hugh Dickins <hughd@google.com>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:20 -08:00
Zach O'Keefe
3de0c269ad mm/shmem: restore SHMEM_HUGE_DENY precedence over MADV_COLLAPSE
SHMEM_HUGE_DENY is for emergency use by the admin, to disable allocation
of shmem huge pages if, for example, a dangerous bug is found in their
usage: see "deny" in Documentation/mm/transhuge.rst.  An app using
madvise(,,MADV_COLLAPSE) should not be allowed to override it: restore its
precedence over shmem_huge_force.

Restore SHMEM_HUGE_DENY precedence over MADV_COLLAPSE.

Link: https://lkml.kernel.org/r/20221224082035.3197140-2-zokeefe@google.com
Fixes: 7c6c6cc4d3 ("mm/shmem: add flag to enforce shmem THP in hugepage_vma_check()")
Signed-off-by: Zach O'Keefe <zokeefe@google.com>
Suggested-by: Hugh Dickins <hughd@google.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:20 -08:00
Zach O'Keefe
52dc031088 mm/MADV_COLLAPSE: don't expand collapse when vm_end is past requested end
MADV_COLLAPSE acts on one hugepage-aligned/sized region at a time, until
it has collapsed all eligible memory contained within the bounds supplied
by the user.

At the top of each hugepage iteration we (re)lock mmap_lock and
(re)validate the VMA for eligibility and update variables that might have
changed while mmap_lock was dropped.  One thing that might occur is that
the VMA could be resized, and as such, we refetch vma->vm_end to make sure
we don't collapse past the end of the VMA's new end.

However, it's possible that when refetching vma->vm_end that we expand the
region acted on by MADV_COLLAPSE if vma->vm_end is greater than size+len
supplied by the user.

The consequence here is that we may attempt to collapse more memory than
requested, possibly yielding either "too much success" or "false failure"
user-visible results.  An example of the former is if we MADV_COLLAPSE the
first 4MiB of a 2TiB mmap()'d file, the incorrect refetch would cause the
operation to block for much longer than anticipated as we attempt to
collapse the entire TiB region.  An example of the latter is that applying
MADV_COLLPSE to a 4MiB file mapped to the start of a 6MiB VMA will
successfully collapse the first 4MiB, then incorrectly attempt to collapse
the last hugepage-aligned/sized region -- fail (since readahead/page cache
lookup will fail) -- and report a failure to the user.

I don't believe there is a kernel stability concern here as we always
(re)validate the VMA / region accordingly.  Also as Hugh mentions, the
user-visible effects are: we try to collapse more memory than requested
by the user, and/or failing an operation that should have otherwise
succeeded.  An example is trying to collapse a 4MiB file contained
within a 12MiB VMA.

Don't expand the acted-on region when refetching vma->vm_end.

Link: https://lkml.kernel.org/r/20221224082035.3197140-1-zokeefe@google.com
Fixes: 4d24de9425 ("mm: MADV_COLLAPSE: refetch vm_end after reacquiring mmap_lock")
Signed-off-by: Zach O'Keefe <zokeefe@google.com>
Reported-by: Hugh Dickins <hughd@google.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:20 -08:00
David Hildenbrand
51d3d5eb74 mm/userfaultfd: enable writenotify while userfaultfd-wp is enabled for a VMA
Currently, we don't enable writenotify when enabling userfaultfd-wp on a
shared writable mapping (for now only shmem and hugetlb).  The consequence
is that vma->vm_page_prot will still include write permissions, to be set
as default for all PTEs that get remapped (e.g., mprotect(), NUMA hinting,
page migration, ...).

So far, vma->vm_page_prot is assumed to be a safe default, meaning that we
only add permissions (e.g., mkwrite) but not remove permissions (e.g.,
wrprotect).  For example, when enabling softdirty tracking, we enable
writenotify.  With uffd-wp on shared mappings, that changed.  More details
on vma->vm_page_prot semantics were summarized in [1].

This is problematic for uffd-wp: we'd have to manually check for a uffd-wp
PTEs/PMDs and manually write-protect PTEs/PMDs, which is error prone. 
Prone to such issues is any code that uses vma->vm_page_prot to set PTE
permissions: primarily pte_modify() and mk_pte().

Instead, let's enable writenotify such that PTEs/PMDs/...  will be mapped
write-protected as default and we will only allow selected PTEs that are
definitely safe to be mapped without write-protection (see
can_change_pte_writable()) to be writable.  In the future, we might want
to enable write-bit recovery -- e.g., can_change_pte_writable() -- at more
locations, for example, also when removing uffd-wp protection.

This fixes two known cases:

(a) remove_migration_pte() mapping uffd-wp'ed PTEs writable, resulting
    in uffd-wp not triggering on write access.
(b) do_numa_page() / do_huge_pmd_numa_page() mapping uffd-wp'ed PTEs/PMDs
    writable, resulting in uffd-wp not triggering on write access.

Note that do_numa_page() / do_huge_pmd_numa_page() can be reached even
without NUMA hinting (which currently doesn't seem to be applicable to
shmem), for example, by using uffd-wp with a PROT_WRITE shmem VMA.  On
such a VMA, userfaultfd-wp is currently non-functional.

Note that when enabling userfaultfd-wp, there is no need to walk page
tables to enforce the new default protection for the PTEs: we know that
they cannot be uffd-wp'ed yet, because that can only happen after enabling
uffd-wp for the VMA in general.

Also note that this makes mprotect() on ranges with uffd-wp'ed PTEs not
accidentally set the write bit -- which would result in uffd-wp not
triggering on later write access.  This commit makes uffd-wp on shmem
behave just like uffd-wp on anonymous memory in that regard, even though,
mixing mprotect with uffd-wp is controversial.

[1] https://lkml.kernel.org/r/92173bad-caa3-6b43-9d1e-9a471fdbc184@redhat.com

Link: https://lkml.kernel.org/r/20221209080912.7968-1-david@redhat.com
Fixes: b1f9e87686 ("mm/uffd: enable write protection for shmem & hugetlbfs")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reported-by: Ives van Hoorne <ives@codesandbox.io>
Debugged-by: Peter Xu <peterx@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:20 -08:00
Hugh Dickins
ab0c3f1251 mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
uprobe_write_opcode() uses collapse_pte_mapped_thp() to restore huge pmd,
when removing a breakpoint from hugepage text: vma->anon_vma is always set
in that case, so undo the prohibition.  And MADV_COLLAPSE ought to be able
to collapse some page tables in a vma which happens to have anon_vma set
from CoWing elsewhere.

Is anon_vma lock required?  Almost not: if any page other than expected
subpage of the non-anon huge page is found in the page table, collapse is
aborted without making any change.  However, it is possible that an anon
page was CoWed from this extent in another mm or vma, in which case a
concurrent lookup might look here: so keep it away while clearing pmd (but
perhaps we shall go back to using pmd_lock() there in future).

Note that collapse_pte_mapped_thp() is exceptional in freeing a page table
without having cleared its ptes: I'm uneasy about that, and had thought
pte_clear()ing appropriate; but exclusive i_mmap lock does fix the
problem, and we would have to move the mmu_notification if clearing those
ptes.

What this fixes is not a dangerous instability.  But I suggest Cc stable
because uprobes "healing" has regressed in that way, so this should follow
8d3c106e19 into those stable releases where it was backported (and may
want adjustment there - I'll supply backports as needed).

Link: https://lkml.kernel.org/r/b740c9fb-edba-92ba-59fb-7a5592e5dfc@google.com
Fixes: 8d3c106e19 ("mm/khugepaged: take the right locks for page table retraction")
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: Zach O'Keefe <zokeefe@google.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: <stable@vger.kernel.org>    [5.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:19 -08:00
David Hildenbrand
44f86392bd mm/hugetlb: fix uffd-wp handling for migration entries in hugetlb_change_protection()
We have to update the uffd-wp SWP PTE bit independent of the type of
migration entry.  Currently, if we're unlucky and we want to install/clear
the uffd-wp bit just while we're migrating a read-only mapped hugetlb
page, we would miss to set/clear the uffd-wp bit.

Further, if we're processing a readable-exclusive migration entry and
neither want to set or clear the uffd-wp bit, we could currently end up
losing the uffd-wp bit.  Note that the same would hold for writable
migrating entries, however, having a writable migration entry with the
uffd-wp bit set would already mean that something went wrong.

Note that the change from !is_readable_migration_entry ->
writable_migration_entry is harmless and actually cleaner, as raised by
Miaohe Lin and discussed in [1].

[1] https://lkml.kernel.org/r/90dd6a93-4500-e0de-2bf0-bf522c311b0c@huawei.com

Link: https://lkml.kernel.org/r/20221222205511.675832-3-david@redhat.com
Fixes: 60dfaad65a ("mm/hugetlb: allow uffd wr-protect none ptes")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Muchun Song <muchun.song@linux.dev>
Cc: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:19 -08:00
David Hildenbrand
0e678153f5 mm/hugetlb: fix PTE marker handling in hugetlb_change_protection()
Patch series "mm/hugetlb: uffd-wp fixes for hugetlb_change_protection()".

Playing with virtio-mem and background snapshots (using uffd-wp) on
hugetlb in QEMU, I managed to trigger a VM_BUG_ON().  Looking into the
details, hugetlb_change_protection() seems to not handle uffd-wp correctly
in all cases.

Patch #1 fixes my test case.  I don't have reproducers for patch #2, as it
requires running into migration entries.

I did not yet check in detail yet if !hugetlb code requires similar care.


This patch (of 2):

There are two problematic cases when stumbling over a PTE marker in
hugetlb_change_protection():

(1) We protect an uffd-wp PTE marker a second time using uffd-wp: we will
    end up in the "!huge_pte_none(pte)" case and mess up the PTE marker.

(2) We unprotect a uffd-wp PTE marker: we will similarly end up in the
    "!huge_pte_none(pte)" case even though we cleared the PTE, because
    the "pte" variable is stale. We'll mess up the PTE marker.

For example, if we later stumble over such a "wrongly modified" PTE marker,
we'll treat it like a present PTE that maps some garbage page.

This can, for example, be triggered by mapping a memfd backed by huge
pages, registering uffd-wp, uffd-wp'ing an unmapped page and (a)
uffd-wp'ing it a second time; or (b) uffd-unprotecting it; or (c)
unregistering uffd-wp. Then, ff we trigger fallocate(FALLOC_FL_PUNCH_HOLE)
on that file range, we will run into a VM_BUG_ON:

[  195.039560] page:00000000ba1f2987 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x0
[  195.039565] flags: 0x7ffffc0001000(reserved|node=0|zone=0|lastcpupid=0x1fffff)
[  195.039568] raw: 0007ffffc0001000 ffffe742c0000008 ffffe742c0000008 0000000000000000
[  195.039569] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  195.039569] page dumped because: VM_BUG_ON_PAGE(compound && !PageHead(page))
[  195.039573] ------------[ cut here ]------------
[  195.039574] kernel BUG at mm/rmap.c:1346!
[  195.039579] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[  195.039581] CPU: 7 PID: 4777 Comm: qemu-system-x86 Not tainted 6.0.12-200.fc36.x86_64 #1
[  195.039583] Hardware name: LENOVO 20WNS1F81N/20WNS1F81N, BIOS N35ET50W (1.50 ) 09/15/2022
[  195.039584] RIP: 0010:page_remove_rmap+0x45b/0x550
[  195.039588] Code: [...]
[  195.039589] RSP: 0018:ffffbc03c3633ba8 EFLAGS: 00010292
[  195.039591] RAX: 0000000000000040 RBX: ffffe742c0000000 RCX: 0000000000000000
[  195.039592] RDX: 0000000000000002 RSI: ffffffff8e7aac1a RDI: 00000000ffffffff
[  195.039592] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffbc03c3633a08
[  195.039593] R10: 0000000000000003 R11: ffffffff8f146328 R12: ffff9b04c42754b0
[  195.039594] R13: ffffffff8fcc6328 R14: ffffbc03c3633c80 R15: ffff9b0484ab9100
[  195.039595] FS:  00007fc7aaf68640(0000) GS:ffff9b0bbf7c0000(0000) knlGS:0000000000000000
[  195.039596] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  195.039597] CR2: 000055d402c49110 CR3: 0000000159392003 CR4: 0000000000772ee0
[  195.039598] PKRU: 55555554
[  195.039599] Call Trace:
[  195.039600]  <TASK>
[  195.039602]  __unmap_hugepage_range+0x33b/0x7d0
[  195.039605]  unmap_hugepage_range+0x55/0x70
[  195.039608]  hugetlb_vmdelete_list+0x77/0xa0
[  195.039611]  hugetlbfs_fallocate+0x410/0x550
[  195.039612]  ? _raw_spin_unlock_irqrestore+0x23/0x40
[  195.039616]  vfs_fallocate+0x12e/0x360
[  195.039618]  __x64_sys_fallocate+0x40/0x70
[  195.039620]  do_syscall_64+0x58/0x80
[  195.039623]  ? syscall_exit_to_user_mode+0x17/0x40
[  195.039624]  ? do_syscall_64+0x67/0x80
[  195.039626]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  195.039628] RIP: 0033:0x7fc7b590651f
[  195.039653] Code: [...]
[  195.039654] RSP: 002b:00007fc7aaf66e70 EFLAGS: 00000293 ORIG_RAX: 000000000000011d
[  195.039655] RAX: ffffffffffffffda RBX: 0000558ef4b7f370 RCX: 00007fc7b590651f
[  195.039656] RDX: 0000000018000000 RSI: 0000000000000003 RDI: 000000000000000c
[  195.039657] RBP: 0000000008000000 R08: 0000000000000000 R09: 0000000000000073
[  195.039658] R10: 0000000008000000 R11: 0000000000000293 R12: 0000000018000000
[  195.039658] R13: 00007fb8bbe00000 R14: 000000000000000c R15: 0000000000001000
[  195.039661]  </TASK>

Fix it by not going into the "!huge_pte_none(pte)" case if we stumble over
an exclusive marker.  spin_unlock() + continue would get the job done.

However, instead, make it clearer that there are no fall-through
statements: we process each case (hwpoison, migration, marker, !none,
none) and then unlock the page table to continue with the next PTE.  Let's
avoid "continue" statements and use a single spin_unlock() at the end.

Link: https://lkml.kernel.org/r/20221222205511.675832-1-david@redhat.com
Link: https://lkml.kernel.org/r/20221222205511.675832-2-david@redhat.com
Fixes: 60dfaad65a ("mm/hugetlb: allow uffd wr-protect none ptes")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Muchun Song <muchun.song@linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-01-11 16:14:19 -08:00
Linus Torvalds
b7bfaa761d Linux 6.2-rc3 2023-01-08 11:49:43 -06:00
Linus Torvalds
93928d485d powerpc fixes for 6.2 #2
- Three fixes for various bogosity in our linker script, revealed by the recent commit
    which changed discard behaviour with some toolchains.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmO6jPgTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgCF9D/470zmPnFsEbiMAq+rNCF3xF5kbWhrg
 z/SSaVVC00F6VmHguV6tEbur92j08XFlFE9JGZ3Gj2VW/w79q7Ix6HIBApHsqbOK
 7o6cojDF9KxsBNZf+eAAteFdUdFZC8gg1VX6rIc6xf7Ju9DA1ZaiRqGO+DFnRXSk
 tWngp2otZoUSLpWT9tGkwKHRw+jqtT/2baKG8PPBIBzKEbOEzBOxtraWdv5urm9B
 fTVolMkr/Nk2UuqpMHd+CutP09sQdmMburZWzaxoZ0crB824YoJjMQGEZdeQFzbD
 GERE55vST24iCDKu50o7j1adHdSP+5lkgM2UyFi4LEQYJZ2tKlOR+MhwBv3okNGo
 zFzOObgjbT24e5Bw58G952WR3+25JgZRGgjDH0JXdpVe6peyPx/X9J/GyVeXz/fW
 SnWCYLpLwbSm1jtBtF4TbezxxwHgtHjf7TIlyly6NDJMW3vmhZZy1H5mH+cy41BU
 wbMPhtfcGlPO+GB0ZxAg5pYQoLT6aP/p3n2rwv6fgaIPyLmbrRAGrJ3afZRGkWo0
 7/a11ShvFk1ahNg+kGh0q2ubLO0jlIh3EpwVHldpqWoHjCkiXdNCz3D+R0LUqkw6
 nQLwO4JD0JnhR3o2NtliGEXWhkBlTXdQn+CUC2V0tgvDg0mrRGy1Za9qSfWkd81k
 lYp9bJoBz32MVw==
 =QBMl
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Three fixes for various bogosity in our linker script, revealed
   by the recent commit which changed discard behaviour with some
   toolchains.

* tag 'powerpc-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/vmlinux.lds: Don't discard .comment
  powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
  powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT
2023-01-08 06:55:08 -07:00
Linus Torvalds
e9ffbf16ca memblock: small fixes in kernel-doc and tests
* Fix kernel-doc for memblock_phys_free() to use correct names for the
   counterpart allocation methods
 * Fix compilation error in memblock tests
 -----BEGIN PGP SIGNATURE-----
 
 iQFMBAABCAA2FiEEeOVYVaWZL5900a/pOQOGJssO/ZEFAmO6bMYYHG1pa2UucmFw
 b3BvcnRAZ21haWwuY29tAAoJEDkDhibLDv2RUt8H/Ayh8cO8kpKbJ2jH9eFwba6T
 JPOv5P3hjKHbY+NMGG9MfAUTMw6Lxa59EiC+xGyPFWrtt/ZpKgaaBznxSC7dkVYy
 XarzK3zulZmL4BdjBQearXXj5gSkZnuEHb9Pjs19GLDnGoRJczoHYG6rXlAWh1sg
 w4H4g4QyHKYqqUlnbDi0GTIaaKY76Uprw6x6w8xwtmdUw9+1edqnoN9fRJxY9AwM
 7ez7FR6rJ5g7AgcLfa/dTaCZgloLPKVdMI+q29lBXM5xDrUpxeEfXg5iU7Hax+rT
 4o43HXGVGyiuWYlgdWd9B18M4Xma55K1Q+cQ3cELsAvq7XACvQcA6xi0QnFfgpU=
 =DNKq
 -----END PGP SIGNATURE-----

Merge tag 'fixes-2023-01-08' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock

Pull memblock fixes from Mike Rapoport:
 "Small fixes in kernel-doc and tests:

   - Fix kernel-doc for memblock_phys_free() to use correct names for
     the counterpart allocation methods

   - Fix compilation error in memblock tests"

* tag 'fixes-2023-01-08' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
  memblock: Fix doc for memblock_phys_free
  memblock tests: Fix compilation error.
2023-01-08 02:54:24 -08:00
Linus Torvalds
9b43a525db NFS client fixes for Linux 6.2
Highlights include:
 
 Bugfixes
 - Fix a race in the RPCSEC_GSS upcall code that causes hung RPC calls
 - Fix a broken coalescing test in the pNFS file layout driver
 - Ensure that the access cache rcu path also applies the login test
 - Fix up for a sparse warning
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAmO5s6MACgkQZwvnipYK
 APJ8PA//aVnu+DqLTxeGnyr4HNIcm0su4TetghQabAf0S8nk69Ly8W+N+xCRwwCR
 /PvSe8j51tXVInpYQKSOTjDl8/0mq8cybf6N9DzDS0A+hKQfdK8jvPLU0yj/aZ6u
 D8x17ve7RjzLgw9minltq4eTvVIHpqSh/vVUyQhnj2A8qQlWrboXiQnLQAp5KBbq
 7NexvcajgfFHXm7S+edZ8NH5QZ20FNVskvzyrClp46DQLJcdNLHGJLp8tdeD31kE
 lsNBsLG0LxOFyBY28MbQptXalhBP8RRwYwxdSdIUnExzB7eKTLS6LgHuK9GV+EzL
 wSfRrnyM023momKmdFn3Fy/cRyeF1RwfQON+KAHo1cQ5fFiQS16p7lTELGkApyLc
 yOXGpAvaPJuuBJLM+Xi07ovhqpc7SjGmr7cjZslyasNtez60Le06oSihKnrgcKDx
 ZVh1pTc89O25GqGm161HaQJY9YU4XCtjxPv7rvdrlhO5Dkgxai293R5aXUFBz1dD
 tssv5a2DqIekrE29YaCi/RjIqkngCXHlwniFw/L3/aFRUyHqN9/MyxH5VeCRDI2T
 OJQRR056V1FXSBLH6Wuzs2Ixz2HnJCLR7LE0zAoPLm/RwW8CuNmEXu28jfU0Kcmt
 Hj5VyxYfnqEAGsUO0O2oNhOnxWY9OHvlvpb/9DWcke0ASpeScB4=
 =N6cT
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-6.2-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client fixes from Trond Myklebust:

 - Fix a race in the RPCSEC_GSS upcall code that causes hung RPC calls

 - Fix a broken coalescing test in the pNFS file layout driver

 - Ensure that the access cache rcu path also applies the login test

 - Fix up for a sparse warning

* tag 'nfs-for-6.2-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: Fix up a sparse warning
  NFS: Judge the file access cache's timestamp in rcu path
  pNFS/filelayout: Fix coalescing test for single DS
  SUNRPC: ensure the matching upcall is in-flight upon downcall
2023-01-07 10:38:11 -08:00
Linus Torvalds
f18fca98ac 6 cifs/smb3 client fixes
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmO5qQUACgkQiiy9cAdy
 T1GBZwwAtALssSrWRgPznzCkl6raXQ7YvmyVmxGDYC5IqsBV6XQrJT+PWfDrolYf
 VipXKKFZL9mZHNQnB29w4NkY+W9ygWh4M9jJRMK/q4ahprKHPSzFArXbfy2f7VGV
 CEu4o8JCUh+3Gr1b2m2SYY9lMrBMXnHrgp36GJHm1jmDb5HIdTN0pFrL0JtS1/T3
 T4lx/cwVXcZLrxVLGgbXnvO9ZreTrjVmRBR+g+ylSZqjw7+f9OCh1BtG8fh2LMQB
 VcAHxxQ7JkImw/d0UlaUwGPD8qDckNZHsUWZBxxQqRpk21bk1IRqMA2QQ4tZ9+0m
 NwX150PEOzCBw/lZHs/7TMdGPJVybFtLxS95nr/qYDQ8Mr/hZkIjUfu/uJ3zc86M
 BZIiY6vS6cU5QZ1Mntv5FN8ph3msS5AAshNRHmo5VBeLnC8B5yi2CNTt7dGtOkta
 iLq+6jPX5ZO55jYmQ2FGk+l6FniO3qh8uhWf1CwUQWPT5YVO5CxLVx92/SBEwI2S
 hIsBny9q
 =vofO
 -----END PGP SIGNATURE-----

Merge tag '6.2-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "cifs/smb3 client fixes:

   - two multichannel fixes

   - three reconnect fixes

   - unmap fix"

* tag '6.2-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: fix interface count calculation during refresh
  cifs: refcount only the selected iface during interface update
  cifs: protect access of TCP_Server_Info::{dstaddr,hostname}
  cifs: fix race in assemble_neg_contexts()
  cifs: ignore ipc reconnect failures during dfs failover
  cifs: Fix kmap_local_page() unmapping
2023-01-07 10:26:34 -08:00
Linus Torvalds
0007c04038 Devicetree fixes for v6.2:
- Fix DT memory scanning for some MIPS boards when memory is not
   specified in DT
 
 - Redo CONFIG_CMDLINE* handling for missing /chosen node. The first
   attempt broke PS3 (and possibly other PPC platforms).
 
 - Fix constraints in QCom Soundwire schema
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEktVUI4SxYhzZyEuo+vtdtY28YcMFAmO5jqUACgkQ+vtdtY28
 YcPxLQ//VIeelvp7U8HgdB13ZlWC1DXYTDZUgIev3R/sggws4swkCu5cZP3xbKnD
 88uW9Lbv5sSSfAXdr3hbr3z4sHLilX5mSc/1QvaIDrS0eECeFAUu8Me5Rx/Om806
 0k8/1OmCgCr0RFJgjtersfw3CFnOLAauxYIr4mGCD8kWnXMgKSK/JyiTDV3+g3U2
 Y6IgR+Hn8zt8DB1LkrRZJis5LQT1AxFtEzfKUEa+j/xG4z+B1vg8wENsYDr+/s9+
 LAq4QhrzAU/Ys+ZUF3HqkZxj6WR7aMq5MSBihs1AXjR772g+EY7Ob00hPdf2MdFz
 TEF0GFTHQjvzM2TGY+V4AWKLER5Oxq0AsT7n8qsnPCJBRrVp1EHpfQUfhpibB0GN
 TGQlskUWJW8ivjl54jX/wzJyx3ZlW4SmeD5c5RRaLOKHMhfIjsAdjQJIfNfPTE93
 oCU9GniXhWoQDRCheqy5LIY7+hm1nuYra0WUzjp1rmfcZ2xia70ZKdbJe5gIAJVr
 fmefpzyxY5TeaZPIBsLysN9QURk3C5GXGyKHofcQsC4TCn3qgzNoSmYkESAjTtkW
 kUzNraoIhY92HN0jDfYD1/iGTeOzAYnL4kqILKIoNtBEQmyFZqxLUk6TX7Cm8QJU
 BZTPuxzmMJMFx88FB/nPdNlyQcELSjrTAfFMd5i7/WBuY3OTYIE=
 =qIdA
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull devicetree fixes from Rob Herring:

 - Fix DT memory scanning for some MIPS boards when memory is not
   specified in DT

 - Redo CONFIG_CMDLINE* handling for missing /chosen node. The first
   attempt broke PS3 (and possibly other PPC platforms).

 - Fix constraints in QCom Soundwire schema

* tag 'devicetree-fixes-for-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  of: fdt: Honor CONFIG_CMDLINE* even without /chosen node, take 2
  Revert "of: fdt: Honor CONFIG_CMDLINE* even without /chosen node"
  dt-bindings: soundwire: qcom,soundwire: correct sizes related to number of ports
  of/fdt: run soc memory setup when early_init_dt_scan_memory fails
2023-01-07 10:20:33 -08:00
Linus Torvalds
c28bdeaf5d USB fixes for 6.2-rc3
Here are some small USB driver fixes for 6.2-rc3 that resolve some
 reported issues.  They include:
  - of-reported ulpi problem, so the offending commit is reverted
  - dwc3 driver bugfixes for recent changes
  - fotg210 fixes
 
 Most of these have been in linux-next for a while, the last few were on
 the mailing list for a long time and passed all the 0-day bot testing
 so all should be fine with them as well.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY7mSJQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yl2JACg2BSLmfVYhG6guZHq5KxerYG3/uYAoJx/qDgn
 PefqVtyFfd+LClygKdOS
 =Ax7a
 -----END PGP SIGNATURE-----

Merge tag 'usb-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some small USB driver fixes for 6.2-rc3 that resolve some
  reported issues. They include:

   - of-reported ulpi problem, so the offending commit is reverted

   - dwc3 driver bugfixes for recent changes

   - fotg210 fixes

  Most of these have been in linux-next for a while, the last few were
  on the mailing list for a long time and passed all the 0-day bot
  testing so all should be fine with them as well"

* tag 'usb-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: dwc3: gadget: Ignore End Transfer delay on teardown
  usb: dwc3: xilinx: include linux/gpio/consumer.h
  usb: fotg210-udc: fix error return code in fotg210_udc_probe()
  usb: fotg210: fix OTG-only build
  Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
2023-01-07 10:12:42 -08:00
Linus Torvalds
4a4dcea083 v6.2 first rc pull request
A big data corruption regression due to a change in the scatterlist
 
 - Fix compilation warnings on gcc 13
 
 - Oops when using some mlx5 stats
 
 - Bad enforcement of atomic responder resources in mlx5
 
 - Do not wrongly combine non-contiguous pages in scatterlist
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCY7izVgAKCRCFwuHvBreF
 YfOXAQC08HilnYdRjlVrxswOQIN1KzHQ63xDXM0Rv99XOcSKCgD+LeXkeCeJ0XWW
 kBtkPnhR194phADv4nWaaSrIc52DtA0=
 =HxxG
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:
 "Most noticeable is that Yishai found a big data corruption regression
  due to a change in the scatterlist:

   - Do not wrongly combine non-contiguous pages in scatterlist

   - Fix compilation warnings on gcc 13

   - Oops when using some mlx5 stats

   - Bad enforcement of atomic responder resources in mlx5"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  lib/scatterlist: Fix to merge contiguous pages into the last SG properly
  RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
  RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device
  RDMA/srp: Move large values to a new enum for gcc13
2023-01-07 10:06:47 -08:00
Linus Torvalds
a7c4127a29 Kbuild fixes for v6.2 (2nd)
- Fix single *.ko build
 
  - Fix module builds when vmlinux.o or Module.symver is missing
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmO5RV0VHG1hc2FoaXJv
 eUBrZXJuZWwub3JnAAoJED2LAQed4NsGrVMQAKtf/PJtnzz9miaeZjIPcowHTIYF
 a81fp5tSNDoG4oDjsaFxvjPwP0pBKQDccK7UFMnxv8tK81jOD8qp2gzleCF15ktz
 OJVHe4d23aZ/sYnroBN221sCdZRTgOLpD1W8zXF8dl/1eu6WtXEERe3MilJeytyf
 w3b9zRksZLIJz1JHv+R1Qz5sadO6pPR+hoSTvlzqJV8IPPz6vAswDzjaLihqUJSs
 J7ixjFOUTzWZnxFlbuI4bRlk2jFIGHDwR/Sbm7h4i854JGg1kcADILw+6fyKT89a
 4xMcrYDR1/oFA5pV9lE1HpVGEykntmefpx1znXApku/MZJRNXMuo+0TDtkReggGK
 HiF93pYckMQtvf2ZRmKMF6+42INehrJ6SyAqIykX1cNDzfNDpvajq/NFkZAK4YP3
 PhoMUTbl02jfqQTCpQzBx3ch5Kw5Nl3EOb48Rf7MFWxL5g4vicFQeke8CHB9MeVD
 Zppw2/C1/YtPdoxxNdS+JqXiRfTe8CGcYIYsbK/vewh3JMk+apfKbz7MiL1goh1+
 WBlJ7OlBxNPMEVyEHKOmjNGP89DWUku5QZPn2Tcv+O/o8X/RoCHH+Nvlpx5mn2vJ
 dl12gnqxHjWufXjm7uxy1Nln00LBgviyNkP3oyj7sQZ2/8SmwfdbF3x/jopsLAwj
 B8oWe5PSmY8nEB/n
 =O13V
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - Fix single *.ko build

 - Fix module builds when vmlinux.o or Module.symver is missing

* tag 'kbuild-fixes-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kbuild: readd -w option when vmlinux.o or Module.symver is missing
  kbuild: fix single *.ko build
2023-01-07 09:49:52 -08:00
Linus Torvalds
0a71553536 drm-fixes for 6.2-rc3
drivers:
 - i915-gvt fixes
 - amdgpu/kfd fixes
 - panfrost bo refcounting fix
 - meson afbc corruption fix
 - imx plane width fix
 
 core:
 - drm/sched fixes
 - drm/mm kunit test fix
 - dma-buf export error handling fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEb4nG6jLu8Y5XI+PfTA9ye/CYqnEFAmO4qI0ACgkQTA9ye/CY
 qnGr8hAAklp255Xvu+ZgqpZ7HNC7ARk9vmhpkksqgF5CD0AyHxmZiHsen+nNJXxs
 CuaIEBxbylJTDV+YZrSGXibU79JcyoIo3HyEH0yST1mkXsb/hrTfgWtrXheMiMKM
 Bbx0aqycd9nA0I+djOBoZT8A7hlixrs4kopO4I728DAK0pTXcT5eM+zQw2SLvP6g
 RYiEuilpqf+AAo1JJMzCZ913nqvX/ZWndFWqc9iK/GWm56LrrtQT6EZ0EJRhTcN+
 yQjj9YczdqRJ2EXV5O9M3NjNCnJf3Bu/v18yKAt+8qcn6isgFHzwnU76mCXoBZLk
 BWP1mws4n6l5r9sKPK8IesnjjGCsDk6qWdJJlWMEYECjMpEWUWRf+q4m3B3FljIi
 UfUZ0y1v3YphCmyhCkyzApGPcDPMIPUvlGtb/Zz/bCHF0WlGp1oR1ujfz26JflHD
 IAsjNNUay2LUgHd+7qjrBa0eSn3cN/0IKiNxxGvzq2uio6a1mlp3NHR3zFTa+/ZS
 aLBQth8S9Ttr30pPDshGaIngjvo91Vqc+GlcwFnuCkM+ZwaADkDfNvl6O32vXvkO
 SPKhqCxMa+/d2RxfyFahp7YLehQO6S0Ifr/EO7+063k8cRU9D2T5Fv2aPGd7HXXb
 Np6f4iG7xXwTDYvh5PjfJ8LL9HAI3dVBnO4NS82lB4DPVVJQ2Tw=
 =F/VA
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2023-01-06' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Daniel Vetter:
 "Still not much, but more than last week. Dave should be back next week
  from the beaching.

  drivers:
   - i915-gvt fixes
   - amdgpu/kfd fixes
   - panfrost bo refcounting fix
   - meson afbc corruption fix
   - imx plane width fix

  core:
   - drm/sched fixes
   - drm/mm kunit test fix
   - dma-buf export error handling fixes"

* tag 'drm-fixes-2023-01-06' of git://anongit.freedesktop.org/drm/drm:
  Revert "drm/amd/display: Enable Freesync Video Mode by default"
  drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
  drm/i915/gvt: use atomic operations to change the vGPU status
  drm/i915/gvt: fix vgpu debugfs clean in remove
  drm/i915/gvt: fix gvt debugfs destroy
  drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
  drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0
  drm/amdkfd: Fix kernel warning during topology setup
  drm/scheduler: Fix lockup in drm_sched_entity_kill()
  drm/imx: ipuv3-plane: Fix overlay plane width
  drm/scheduler: Fix lockup in drm_sched_entity_kill()
  drm/virtio: Fix memory leak in virtio_gpu_object_create()
  drm/meson: Reduce the FIFO lines held when AFBC is not used
  drm/tests: reduce drm_mm_test stack usage
  drm/panfrost: Fix GEM handle creation ref-counting
  drm/plane-helper: Add the missing declaration of drm_atomic_state
  dma-buf: fix dma_buf_export init order v2
2023-01-06 15:54:25 -08:00
Jason A. Donenfeld
1382999aa0 tpm: Allow system suspend to continue when TPM suspend fails
TPM 1 is sometimes broken across system suspends, due to races or
locking issues or something else that haven't been diagnosed or fixed
yet, most likely having to do with concurrent reads from the TPM's
hardware random number generator driver. These issues prevent the system
from actually suspending, with errors like:

  tpm tpm0: A TPM error (28) occurred continue selftest
  ...
  tpm tpm0: A TPM error (28) occurred attempting get random
  ...
  tpm tpm0: Error (28) sending savestate before suspend
  tpm_tis 00:08: PM: __pnp_bus_suspend(): tpm_pm_suspend+0x0/0x80 returns 28
  tpm_tis 00:08: PM: dpm_run_callback(): pnp_bus_suspend+0x0/0x10 returns 28
  tpm_tis 00:08: PM: failed to suspend: error 28
  PM: Some devices failed to suspend, or early wake event detected

This issue was partially fixed by 23393c6461 ("char: tpm: Protect
tpm_pm_suspend with locks"), in a last minute 6.1 commit that Linus took
directly because the TPM maintainers weren't available. However, it
seems like this just addresses the most common cases of the bug, rather
than addressing it entirely. So there are more things to fix still,
apparently.

In lieu of actually fixing the underlying bug, just allow system suspend
to continue, so that laptops still go to sleep fine. Later, this can be
reverted when the real bug is fixed.

Link: https://lore.kernel.org/lkml/7cbe96cf-e0b5-ba63-d1b4-f63d2e826efa@suse.cz/
Cc: stable@vger.kernel.org # 6.1+
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Luigi Semenzato <semenzato@chromium.org>
Cc: Peter Huewe <peterhuewe@gmx.de>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Johannes Altmanninger <aclopte@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-01-06 14:25:19 -08:00
Linus Torvalds
cb7a95af78 hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
Commit 55d1cbbbb2 ("hfs/hfsplus: use WARN_ON for sanity check") fixed
a build warning by turning a comment into a WARN_ON(), but it turns out
that syzbot then complains because it can trigger said warning with a
corrupted hfs image.

The warning actually does warn about a bad situation, but we are much
better off just handling it as the error it is.  So rather than warn
about us doing bad things, stop doing the bad things and return -EIO.

While at it, also fix a memory leak that was introduced by an earlier
fix for a similar syzbot warning situation, and add a check for one case
that historically wasn't handled at all (ie neither comment nor
subsequent WARN_ON).

Reported-by: syzbot+7bb7cd3595533513a9e7@syzkaller.appspotmail.com
Fixes: 55d1cbbbb2 ("hfs/hfsplus: use WARN_ON for sanity check")
Fixes: 8d824e69d9 ("hfs: fix OOB Read in __hfs_brec_find")
Link: https://lore.kernel.org/lkml/000000000000dbce4e05f170f289@google.com/
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-01-06 14:09:13 -08:00
Linus Torvalds
a689b938df block-2023-01-06
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmO4SiAQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpgc9D/0XJufUgHsLeFCF5G+q6iL5Bz+d7ymw+VFv
 xrNjOz8wUKYKXcJqxLrPdkmL1tcd1+fESNGgyBidn4P53BWoHB9dtbs8+Lova08t
 I4lQmZHgxgbAMhSOwGvHlOTkdlBIw/fBgQ6XdI+1qmpxzma5+gjImjyp7oH+pODP
 zqsg3DKRQmDApKWtvB6D5iItsWc1Jx5TEuOfU5/JjLuVZWl6O2qynNVUccF5T89O
 jkt624yO+r70CVfX3NAdFTm/mOEUiGH97l4l/8OkekJ40pf73xzvNRF/S8z8nHb/
 QUGY1tKvr08xfPusl3epmQ5aO938F0aFpKi2x6P+z3G6Uq+dqMMrjJl8XMDG+J+d
 +yBow5yRH7o6oBb0YPPz/6S5zBjslsHtuKFd/rs4mCDfjp9GHiIIiIpdLxZEWawJ
 WaYlc5WlzSdopT/IxfaRZ9HMHzscdKadjiFngSKdpEdCUw7wxdIey+/9xbKR+xh0
 Es13MzyCCurj4OnyDl5cnetGJUNNiL1JvQmIaFVndyxnMfvOaZBBmKW7h9RYBIU/
 nqi4vZwYoafnGUIfLFL6uq9F627lF/EhodDuLheqz0G2pWhmFJITOJUAakGNFf83
 22CiKY2GyTrOy5tKqkNzv7BG/KyJZGP+CxyyQ/7xm0k2C9wEjYSpZHKcjaNZygU5
 eswPKbZMkw==
 =LJ5Q
 -----END PGP SIGNATURE-----

Merge tag 'block-2023-01-06' of git://git.kernel.dk/linux

Pull block fixes from Jens Axboe:
 "The big change here is obviously the revert of the pktcdvd driver
  removal. Outside of that, just minor tweaks. In detail:

   - Re-instate the pktcdvd driver, which necessitates adding back
     bio_copy_data_iter() and the fops->devnode() hook for now (me)

   - Fix for splitting of a bio marked as NOWAIT, causing either nowait
     reads or writes to error with EAGAIN even if parts of the IO
     completed (me)

   - Fix for ublk, punting management commands to io-wq as they can all
     easily block for extended periods of time (Ming)

   - Removal of SRCU dependency for the block layer (Paul)"

* tag 'block-2023-01-06' of git://git.kernel.dk/linux:
  block: Remove "select SRCU"
  Revert "pktcdvd: remove driver."
  Revert "block: remove devnode callback from struct block_device_operations"
  Revert "block: bio_copy_data_iter"
  ublk: honor IO_URING_F_NONBLOCK for handling control command
  block: don't allow splitting of a REQ_NOWAIT bio
  block: handle bio_split_to_limits() NULL return
2023-01-06 13:12:42 -08:00
Linus Torvalds
ef1a4a7709 io_uring-2023-01-06
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmO4SgEQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpn68EADBgqDf55hufI9L1rP52oiRZpuwUuBeLFb/
 NPGRvQFGryEeLw7OxCYRukjnAxhokp5rS2n+uQtwXXxw5oH0PJIIUQYlnFA02I8y
 CyouVaDAx5rjVeEZ2DNxggLvEVr2ESreEWz4MTqhuBvFsCIpGvegu0JcrReXEDEm
 LROMsIV3JKEwemUrZbV/EPyjXzhf0GjyPjknuJuaR7LQaaaOgoXqewiRbclnfpto
 sF6rNeYE7VfY9cQt3nrd6kTdGXtEE21/GXlV6ZhWcq85nRAEA71I6j8IKidazUJA
 Vz74a4OpblQ6Glmux9SuGxCeAOZ5jawb8KrzHRD+tDJ/jTCRsnNOMoDwjAWYlEG0
 MVArYXuCnVpxNHWvDOjD2O5a1N+IDEGY1mTf7M2G1NBpJUUqEXekPI/3UwI2xgcD
 e3WRWWHGhLv8027s1xomSG0WqlrVVZulPlhrbSBM5cPMbCpA+AOndKVo+S9Fjoin
 iOWEL/ipI+JbPrH8xWgMHUVMez0CoJkHj6Wo3bOKTR6SjkO7IpV0Mb6vxRtrIzho
 BtcGhKiXDkJUqvClFlPMUtmPlFd2lFqlplIyFHUzJfNoecwZ/aRLVYOjYUUKN+pF
 KRknZncgpT7Rn2lrBYdQxhCHMqEBdNt108uY2/2rPi+FbsEHEry7soAKo6DgNPG0
 zxBVUJS1DA==
 =FJtc
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-2023-01-06' of git://git.kernel.dk/linux

Pull io_uring fixes from Jens Axboe:
 "A few minor fixes that should go into the 6.2 release:

   - Fix for a memory leak in io-wq worker creation, if we ultimately
     end up canceling the worker creation before it gets created (me)

   - lockdep annotations for the CQ locking (Pavel)

   - A regression fix for CQ timeout handling (Pavel)

   - Ring pinning around deferred task_work fix (Pavel)

   - A trivial member move in struct io_ring_ctx, saving us some memory
     (me)"

* tag 'io_uring-2023-01-06' of git://git.kernel.dk/linux:
  io_uring: fix CQ waiting timeout handling
  io_uring: move 'poll_multi_queue' bool in io_ring_ctx
  io_uring: lockdep annotate CQ locking
  io_uring: pin context while queueing deferred tw
  io_uring/io-wq: free worker if task_work creation is canceled
2023-01-06 13:05:13 -08:00
Linus Torvalds
93387d499e tif-notify-signal-2023-01-06
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmO4SfAQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgphRVD/0VTK0j4Cwbv8cptyDwJQ5LXxo9mLkG58j6
 +7H1Bx0MUOpajLHLnWtlUNOXNZ0ch9RwujeICAts0gCv7JKe/ky3QXA270+X64t3
 memAEpdMNhpMfGSlYm9OfTxPI7kvFvQZb2wtGfDttU41WEqILbo9GVSdONTMJ60i
 e72LZkdi1P1PMqfY4unP1Cm5jJY3tERjwfXGj8EvYl58m7x8+ybBrPPjDwuCgt1Y
 k92ub+sE88/i40lY77/hbQvjtvtxkrEIlmoMJv6kJKatDCF9yVh3U1lN3xD+VzF+
 XVK+zpFdRqgwYKdKMrR1JTSq91JdrlUWWQ31MJKXiHz9uRIjwaEVc9EpNqb3xiD/
 /cRF5jGt6PfHxOglpyUkO+I89+eijvGbWUdqpx9ArPBITTIiLqAZ6lS9dKFnGvFK
 ZoNeAWpa8WcGvZV0kOA0lKQsorvYvny0SKy23SEidcSRZi3tn6eywIZCcBdD/Cun
 iarweTsvnU+VVhkn2QXGPMvc8orXE04As1vrTlYXZeSml2OM1zRh5CU3cRjir863
 smj79Fc/HE8BF2twKx5/HTacoH5bH/MxiPVy+Cofq3Sm7tAMaQfbDg+IufeMYZlt
 KjzZM4IqqoS6Mb7zdUhobmbH5TjZBlUTbW/BTuBWBV51e0P7Yj1v/cVsFm856I05
 67JfzBs+HQ==
 =mDXf
 -----END PGP SIGNATURE-----

Merge tag 'tif-notify-signal-2023-01-06' of git://git.kernel.dk/linux

Pull arm TIF_NOTIFY_SIGNAL fixup from Jens Axboe:
 "Hui Tang reported a performance regressions with _TIF_WORK_MASK in
  newer kernels, which he tracked to a change that went into 5.11. After
  this change, we'll call do_work_pending() more often than we need to,
  because we're now testing bits 0..15 rather than just 0..7.

  Shuffle the bits around to avoid this"

* tag 'tif-notify-signal-2023-01-06' of git://git.kernel.dk/linux:
  ARM: renumber bits related to _TIF_WORK_MASK
2023-01-06 12:54:51 -08:00
Linus Torvalds
5c1a712f71 Two file locking fixes from Xiubo.
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmO4Z+YTHGlkcnlvbW92
 QGdtYWlsLmNvbQAKCRBKf944AhHzi1wBB/sFeiTptv/RhoNc7UDKvfXxAIY7nSQf
 drCg0Zb1ZgwTr5l7QmWLvJcohkUgzyk+F2XwQfe02F/epzaEC2d0tVW0H48HM5Pr
 3b0Lk6EProS8Nfs0Qd8ZaXraP+DNTTInDQfxCGYbl3pvOvtF060Ija0QrmdzWyWA
 38ZEVwVDNlxPJY7qn6bGEvGmw+oFGub4JJ+CvO3Z65b4Cf++8z0PWifbOtMOzUgX
 q5H6ORVrBB20bASVR9m+yX5YGLpZ+ZvdPPFWEhVrR4q7vgJsKDhKnWJXHafg0Vkt
 PfaPBOjgh+l5IWBNw5Ob7X/XdFxYzktF6REoHfBCToF+YUMd1NGJ5uSd
 =nuHc
 -----END PGP SIGNATURE-----

Merge tag 'ceph-for-6.2-rc3' of https://github.com/ceph/ceph-client

Pull ceph fixes from Ilya Dryomov:
 "Two file locking fixes from Xiubo"

* tag 'ceph-for-6.2-rc3' of https://github.com/ceph/ceph-client:
  ceph: avoid use-after-free in ceph_fl_release_lock()
  ceph: switch to vfs_inode_has_locks() to fix file lock bug
2023-01-06 12:11:41 -08:00
Linus Torvalds
7b8c854cfe \n
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAmO4OTYACgkQnJ2qBz9k
 QNmvZwgA0zeiQq1dY6fFHMn5Fil8FfsjfiD4Kam5L7iwNMF5i2cr8cKYBOack7pd
 aIcGHOHFj4Xmy0MzVW8rON2gDupJ9mUt9UKWajGsPd4hfPyzfBGD+VJCtPKZeXci
 aF0aPQ3Ee8ED3/3itIkGutR/t1obt86cUMpF01zsS2m2sxMyeqFWbijqUBRhsFsw
 tqMuGKJkOq3BdiAcwNahI33YikQxlj6xDQB4ngHrTF3v1XeOyM4d5nX3BCJ/jTLa
 iU1EGMj/Ga88+8AJvHl+yQ8i0MfrOTYOcjLFlksERbk+dSiDiY/WtVcz4C0N1Dhs
 AiAcgdKoj3qkf+XrfYBBAhMfO+43XA==
 =k3GO
 -----END PGP SIGNATURE-----

Merge tag 'fixes_for_v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

Pull UDF fixes from Jan Kara:
 "Two fixups of the UDF changes that went into 6.2-rc1"

* tag 'fixes_for_v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  udf: initialize newblock to 0
  udf: Fix extension of the last extent in the file
2023-01-06 12:07:00 -08:00
Linus Torvalds
fc7b76c4a4 for-6.2-rc2-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmO3GgQACgkQxWXV+ddt
 WDt23w/+M7YshE37i5NVRFsFQ4E2/kNQAnbUvSDg5xTmaWkQo/XOMbO9EGUoTLQW
 vT5LmUxn3ynfLu65jnbBREyqjT1JoFN47gTFud+Y7XayBZvq/EVwkkBu5vd/Xwu+
 bE/ms/mWvDNuBnNjBjjKCvMebUZFs2Yn4BGGGCor2zs+u2SL9yd8gHzaBABPr0jd
 Jt1XcmdlYzIJ/59oWZI9B9yP//3z/ad2cgI6aCcbALocWW3LtUATRgJt5O72IFdO
 HweiMw/Cvd2EFBmiur3NTsAi80vyV1VUImxMKD8yrWp5vdR4ZSAeMFd7vFQpfCco
 u/8LHE1xzq3Ael0yGSQIB+UhBTHxFp1lCKTtA1vC9Iv0APVjd2zJlqf18z+hdgr9
 ULU3wxVaN9rtHd2vttt+u/YikJYwFnYw+iNK2FNYIKU2q3pidoQHgEKOCJF7s1pY
 Yrpk6kYJNaS9nT71/sX57aLA/WmIx1KFkA16Yvi+RqnMQVYJtuEleRRp95ZdXAg/
 CzjkugN3gmQvsv43FQLiKHFd/8bDnhcft48tIVjikCpSar3VwFoV7A5mgWs18ULO
 g+vyjWm1P2UagXhjLl/rsULWNLVAYOKsKXEDnRV3993lCA+EXiQbFY8gA16dfKMJ
 ho1yspX+N2ItORT7lo6ZPmDIWZ37hUyo8Bfhk5RaUKpE/adEBwM=
 =xM0t
 -----END PGP SIGNATURE-----

Merge tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:
 "A few more regression and regular fixes:

   - regressions:
       - fix assertion condition using = instead of ==
       - fix false alert on bad tree level check
       - fix off-by-one error in delalloc search during lseek

   - fix compat ro feature check at read-write remount

   - handle case when read-repair happens with ongoing device replace

   - updated error messages"

* tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix compat_ro checks against remount
  btrfs: always report error in run_one_delayed_ref()
  btrfs: handle case when repair happens with dev-replace
  btrfs: fix off-by-one in delalloc search during lseek
  btrfs: fix false alert on bad tree level check
  btrfs: add error message for metadata level mismatch
  btrfs: fix ASSERT em->len condition in btrfs_get_extent
2023-01-06 12:01:49 -08:00
Linus Torvalds
a389e54642 RISC-V Fixes for 6.2-rc3
* A fix to use the correct mask for c.jr/c.jalr when decoding
   instructions.
 * A compile-time fix for get_user(), to avoid an sparse warning.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmO4Y8YTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiSTiD/9ytg9fOOxEvKdUaJhX/MT7uCOVEsEz
 jGdsI4Dg+b8FLrGtebw4+IQgczxuVZvs5EMYCBHjsFGmvlek7lTf0h2Gq00/lOyD
 mMzrX2lADggcALu1rFrdMT8sQDPhWCm7im97WHIybiTQXrkEyFHZtvlYBRAN8Mnt
 VjyAa1XKIHaXQW5yzgq5AeG39hVXXePi5+uIvSRWrEsAPdEOv74bGMA9h92YZQPa
 od6EoXOtpZvopCQvMzDtkK6BAKBcFoHlAJUGBSPJMxMDmBGzpw+FvDxJTgogT2R9
 zl5yCj0uWgGD9MZoRSMk+zvkcls83aN7shSo8PbGyGiPqqS1NOXWgHUFRvOium2f
 cwEKrKCBhzF8ogsS0HYMsk3yTl5XSNyc/S/y8eSNz7tccehvCs7xVkxpCjKxnKy6
 ujSoUGf38fdNbtt7xWXfkJWK48deZ+58lUMtt6AHl+02e+q7EDdvtkflLiOuIy2x
 yB4fCApesS5ctXnBhLA6eoCsfcTBc7YR1tcLFDdl6ifBiifaDgjRgf32b3MHKlJU
 xtndXtGQWpkHWoEY6a0LXE6o10Aqk/dFV2AhLxoeX0I/fDnaQ08jCOTZt0L+fI3w
 tmKtjGtEmDobkhit2E/csUHjuA7PvM8WrbHg2CdNnFcp36rOCQnTIeZTdDhs3a9C
 4vzonJxao9/rWQ==
 =Kl/L
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - use the correct mask for c.jr/c.jalr when decoding instructions

 - build fix for get_user() to avoid a sparse warning

* tag 'riscv-for-linus-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: uaccess: fix type of 0 variable on error in get_user()
  riscv, kprobes: Stricter c.jr/c.jalr decoding
2023-01-06 11:33:42 -08:00
Linus Torvalds
56f8145839 perf tools fixes for v6.2: 1st batch
- Fix segfault when trying to process tracepoints present in a perf.data file
   and not linked with libtraceevent.
 
 - Fix build on uClibc systems by adding missing sys/types.h include, that was
   being obtained indirectly which stopped being the case when tools/lib/traceevent
   was removed.
 
 - Don't show commands in 'perf help' that depend on linking with libtraceevent
   when not building with that library, which is now a possibility since we
   no longer ship a copy in tools/lib/traceevent.
 
 - Fix failure in 'perf test' entry testing the combination of 'perf probe' user
   space function + 'perf record' + 'perf script' where it expects a backtrace
   leading to glibc's inet_pton() from 'ping' that now happens more than once with
   glibc 2.35 for IPv6 addreses.
 
 - Fix for the inet_pton perf test on s/390 where 'text_to_binary_address' now
   appears on the backtrace.
 
 - Fix build error on riscv due to missing header for 'struct perf_sample'.
 
 - Fix 'make -C tools perf_install' install variant by not propagating the 'subdir'
   to submakes for the 'install_headers' targets.
 
 - Fix handling of unsupported cgroup events when using BPF counters in 'perf stat'.
 
 - Count all cgroups, not just the last one when using 'perf stat
   --for-each-cgroup' with --bpf-counters. This makes the output using BPF
   counters match the output without using it, which was the intention all along,
   the output should be the same using --bpf-counters or not.
 
 - Fix 'perf lock contention' core dump related to not finding the
   "__sched_text_end" symbol on s/390.
 
 - Fix build failure when HEAD is signed: exclude the signature from the version
   string.
 
 - Add missing closedir() calls to in perf_data__open_dir(), plugging a fd leak.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCY7hWpQAKCRCyPKLppCJ+
 J4UvAQDru5hkxelbwP0keDjfIn68Iz5HUOe7BTNNzexLUsEfDQD/YA31CuZzTxh3
 3qt8nyfFr1vwzgKAUFx2873jgi5+IQE=
 =n5PI
 -----END PGP SIGNATURE-----

Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix segfault when trying to process tracepoints present in a
   perf.data file and not linked with libtraceevent.

 - Fix build on uClibc systems by adding missing sys/types.h include,
   that was being obtained indirectly which stopped being the case when
   tools/lib/traceevent was removed.

 - Don't show commands in 'perf help' that depend on linking with
   libtraceevent when not building with that library, which is now a
   possibility since we no longer ship a copy in tools/lib/traceevent.

 - Fix failure in 'perf test' entry testing the combination of 'perf
   probe' user space function + 'perf record' + 'perf script' where it
   expects a backtrace leading to glibc's inet_pton() from 'ping' that
   now happens more than once with glibc 2.35 for IPv6 addreses.

 - Fix for the inet_pton perf test on s/390 where
   'text_to_binary_address' now appears on the backtrace.

 - Fix build error on riscv due to missing header for 'struct
   perf_sample'.

 - Fix 'make -C tools perf_install' install variant by not propagating
   the 'subdir' to submakes for the 'install_headers' targets.

 - Fix handling of unsupported cgroup events when using BPF counters in
   'perf stat'.

 - Count all cgroups, not just the last one when using 'perf stat' and
   combining --for-each-cgroup with --bpf-counters.

   This makes the output using BPF counters match the output without
   using it, which was the intention all along, the output should be the
   same using --bpf-counters or not.

 - Fix 'perf lock contention' core dump related to not finding the
   "__sched_text_end" symbol on s/390.

 - Fix build failure when HEAD is signed: exclude the signature from the
   version string.

 - Add missing closedir() calls to in perf_data__open_dir(), plugging a
   fd leak.

* tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf tools: Fix build on uClibc systems by adding missing sys/types.h include
  perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode
  perf stat: Fix handling of unsupported cgroup events when using BPF counters
  perf test record_probe_libc_inet_pton: Fix test on s/390 where 'text_to_binary_address' now appears on the backtrace
  perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390
  perf build: Don't propagate subdir to submakes for install_headers
  perf test record_probe_libc_inet_pton: Fix failure due to extra inet_pton() backtrace in glibc >= 2.35
  perf tools: Fix segfault when trying to process tracepoints in perf.data and not linked with libtraceevent
  perf tools: Don't include signature in version strings
  perf help: Use HAVE_LIBTRACEEVENT to filter out unsupported commands
  perf tools riscv: Fix build error on riscv due to missing header for 'struct perf_sample'
  perf tools: Fix resources leak in perf_data__open_dir()
2023-01-06 11:23:58 -08:00
Linus Torvalds
d7a0853d65 Intel RAPL updates for new model IDs.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmO4CGwRHG1pbmdvQGtl
 cm5lbC5vcmcACgkQEnMQ0APhK1gCjg//YdjAjNrJ9HkLfhmEtYSA1fCXef0f9nD7
 ddEY7FIHa+yTE5QJ3o3Ag4ZPVaHUHkD2t936pRMcZ6EOsbDldlS6R5c5P1ISpzvl
 SAPv19iWoVKqFjjFv0ftocb6yO6bVizyUea0TV8yp2+3ih3C5pj1KhRJ/IHJaClX
 ohyK6APMdYlffeb8VfLegM8Kr8E0bdn5FZyX8LmBuUi1PyYe4x/Bo3ZW3QhgtgI2
 Rnm8bXC1dFkwqNHUFbw8dwkCKQe9jePc2VBjwah251X+M3RSIEoF7RHmPjUS1zpc
 rn9o3elifV45D6g6A74wXJ+7eH2DRkDsXXyfeEB5dtrt5HBzhROfrw2PIyywAC91
 B01HLMDaB/jRux+7i2uj2KZO1hwEWT3a3Y+GunB2ZrPqD2WvqASKDcs9wfe6kfuv
 awOrip50sKZb6KmQgWq/xIDutpzBeK/smX49+rnY9ot/jXxBqsKgk9L6U7Qt6RiH
 MpbT5EnT5149bVp6sUqZk4SmWjYa3El0f4X93Weqfxx6rxsuZYq70QVMdktnI9A+
 VTeQE4525wQxu+oENQhB86iv63sRsk4i53LmyIkaV/KJxoAK1X1G9kNQ6fIrT7Ad
 7vwrmeA1sLst8H76WpDGuEk9rngAg7SS3IorS0QPupc494eCgs6vazAvUS5pAOu2
 ZdA365eMKe8=
 =5mg2
 -----END PGP SIGNATURE-----

Merge tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull perf fix from Ingo Molnar:
 "Intel RAPL updates for new model IDs"

* tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/rapl: Add support for Intel Emerald Rapids
  perf/x86/rapl: Add support for Intel Meteor Lake
  perf/x86/rapl: Treat Tigerlake like Icelake
2023-01-06 11:20:12 -08:00
Linus Torvalds
90bc52c525 This push fixes a CFI crash in arm64/sm4 as well as a regression
in the caam driver.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmOu/VkACgkQxycdCkmx
 i6erhw//dZ/ab8DNPiLxV1nwVlR8rQLqrdaZ1hOzi8LDqrCMFtNCdCuLTc9dujMa
 i4RQj1K4RJKLZld2N+mf8D0lGnDOCTBmNwAq9IKZgpYioKl5WRCh64OGj3DFUDnX
 9/6tfgHyrkEHXq+mOB7hhsMdsIV75xqrYoKAYq/6NpO4GWJB3LywF5Ug39gk4tNs
 R0Zv1LkjTa9toWg0YbmnNoO8Wl63OJYmEEhvxHSe+qlLIntTsPfgv977rDgkG/+J
 U5nxJa5hledkkCK0jfBOv3qr8TWNLgwh8zZaACsXLMWFhm7Jm7YM/ty9z4Uc8meD
 +rEFn3nxQitrQmA4G1S6wamvkMCcK8slOl268z390+APw3d6G5zpNf8SlHEnhYEP
 qkXgyEWzf7JgqQujwQ35sl62QLLMswRqwJcGwl+MHi4fDWt8cNT4QV65zPNhyhpM
 dZWQt29oWOdbMhDaz1UrW+F2n/GMFmlOYPlFt9Frl1Mhg/beFrrsF7Ccf52oxOvh
 ODRiJpSyP56kgvwgPpFwXraON0e/LW+jTiWgLKvd0GXRCwAZHMtSsT55NdKvN3uf
 A+9ovbmSsKLWMbPhS+kLfCBu57LdxJO6j86m18DSSEh55wGTMJ0YJkRJIK159BpW
 cIkwpHVqoKbMx6ihv8SfZ3aSTHJZ7QwXm1C+wwf87Gu6EkpHybw=
 =oWAu
 -----END PGP SIGNATURE-----

Merge tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
 "This fixes a CFI crash in arm64/sm4 as well as a regression in the
  caam driver"

* tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: arm64/sm4 - fix possible crash with CFI enabled
  crypto: caam - fix CAAM io mem access in blob_gen
2023-01-06 11:14:11 -08:00
Thinh Nguyen
c4e3ef5685 usb: dwc3: gadget: Ignore End Transfer delay on teardown
If we delay sending End Transfer for Setup TRB to be prepared, we need
to check if the End Transfer was in preparation for a driver
teardown/soft-disconnect. In those cases, just send the End Transfer
command without delay.

In the case of soft-disconnect, there's a very small chance the command
may not go through immediately. But should it happen, the Setup TRB will
be prepared during the polling of the controller halted state, allowing
the command to go through then.

In the case of disabling endpoint due to reconfiguration (e.g.
set_interface(alt-setting) or usb reset), then it's driven by the host.
Typically the host wouldn't immediately cancel the control request and
send another control transfer to trigger the End Transfer command
timeout.

Fixes: 4db0fbb601 ("usb: dwc3: gadget: Don't delay End Transfer on delayed_status")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/f1617a323e190b9cc408fb8b65456e32b5814113.1670546756.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-06 16:32:10 +01:00
Arnd Bergmann
e498a04443 usb: dwc3: xilinx: include linux/gpio/consumer.h
The newly added gpio consumer calls cause a build failure in configurations
that fail to include the right header implicitly:

drivers/usb/dwc3/dwc3-xilinx.c: In function 'dwc3_xlnx_init_zynqmp':
drivers/usb/dwc3/dwc3-xilinx.c:207:22: error: implicit declaration of function 'devm_gpiod_get_optional'; did you mean 'devm_clk_get_optional'? [-Werror=implicit-function-declaration]
  207 |         reset_gpio = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_LOW);
      |                      ^~~~~~~~~~~~~~~~~~~~~~~
      |                      devm_clk_get_optional

Fixes: ca05b38252 ("usb: dwc3: xilinx: Add gpio-reset support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20230103121755.956027-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-06 16:32:04 +01:00
Tom Rix
23970a1c94 udf: initialize newblock to 0
The clang build reports this error
fs/udf/inode.c:805:6: error: variable 'newblock' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
        if (*err < 0)
            ^~~~~~~~
newblock is never set before error handling jump.
Initialize newblock to 0 and remove redundant settings.

Fixes: d8b39db5fab8 ("udf: Handle error when adding extent to a file")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20221230175341.1629734-1-trix@redhat.com>
2023-01-06 15:44:32 +01:00
Jan Kara
83c7423d1e udf: Fix extension of the last extent in the file
When extending the last extent in the file within the last block, we
wrongly computed the length of the last extent. This is mostly a
cosmetical problem since the extent does not contain any data and the
length will be fixed up by following operations but still.

Fixes: 1f3868f068 ("udf: Fix extending file within last block")
Signed-off-by: Jan Kara <jack@suse.cz>
2023-01-06 15:44:07 +01:00
Daniel Vetter
5193326c4c Only gvt-fixes:
- debugfs fixes (Zhenyu)
      - fix up for vgpu status (Zhi)
      - double free fix in split_2MB_gtt_entry (Zheng)
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmO3LDMACgkQ+mJfZA7r
 E8oweQf/W0QdgkVB93YYw8KUqxjwBnBN/2ph0B2FYyiN7SiSJP6n6u6tCe5BS/Vr
 Pb95ibQXtHsQIqsXmhwxFvoXMICHXhbYx5QqhTZv3juvLhB9BVsc7Gr4SjjR0Pdb
 Si6fDXZLOLmEEgRu7edKfG7rY/n7ENCYGtnWSbKcXAGliH6OM/Z8HJzlKxdragqy
 YrKIeO1Nzv+cl2UT83Cyy+TPfNn57DwTadWCAFzKIjWCMyAELo5tJ5eMMPIsAw/j
 AdsMInWpqtpy326U5OhYtRksU2BhZJ7c1khphsi8zmGpR1UwcLRf+2HkFhLgYutN
 Ie1lIqlN9p2M4ucQ4FvNXyqgJohd/g==
 =zM/h
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2023-01-05' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

Only gvt-fixes:
     - debugfs fixes (Zhenyu)
     - fix up for vgpu status (Zhi)
     - double free fix in split_2MB_gtt_entry (Zheng)

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/Y7cszBkLRvAy6uao@intel.com
2023-01-06 10:16:49 +01:00
Yang Yingliang
1a5a23b9bd usb: fotg210-udc: fix error return code in fotg210_udc_probe()
After commit  5f217ccd52 ("fotg210-udc: Support optional external PHY"),
the error code is re-assigned to 0 in fotg210_udc_probe(), if allocate or
map memory fails after the assignment, it can't return an error code. Set
the error code to -ENOMEM to fix this problem.

Fixes: 5f217ccd52 ("fotg210-udc: Support optional external PHY")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20221230065427.944586-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-06 09:12:31 +01:00
Linus Torvalds
1f5abbd77e Thermal control fix for 6.2-rc3
Add a missing sysfs attribute to the int340x thermal driver (Srinivas
 Pandruvada).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmO3OwsSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxtXIQAJOJqfVJg9PbEyNMEmcRE/qy+DDithA3
 ANwsJUtl1JIRaty07ANX8I2HYbfbriocQ6WzsCbXSW1ELegzw6rh2u3BFwWTgeaI
 H5ER9Ppk9e7ZPEzxP5wKUvlH/gODa9OIURDQdC3jXx/FPslG92SJBXm2tH+C8YTK
 mcoLQTDxhttaVittfZ0buuXhVLo01tQRo0bqmbOMCNDyjt9NfZJPHZPKOz3sKRPT
 GuAlOi4AQCaMey2DPVSK6FqRm9BD1IqJnCoBCBGWnqzkVIiLvN8/bXrLfDKwt/SJ
 8B2jmG+L5Ka+sEwppVJtwQEhjYhDxma0AwnMcOcnRFS/zF3eHypAvgjeD1hpmjQ6
 KiBk8Pqu3YaHc85ubFX//xuJj415teBc3fGumPsvV5vSDZdRP1Fp9z1xBYR13Nw2
 esDPZp4UkGHkwhlxVRzb/7Go1hkX4bjfBh+CP5ykXjsQh9rk9l8TlYlSLWoY2tXt
 wmGzxqSDyyduL+0iqd1kv2wW46V9NlL5TUnohg3rekjWDU1KtrqBNU9r3AHMTaoB
 bZIlxGhTwhNCnVRar/6B0XKhOP4QOM3vBWYNLzm0VfMov1wQBvFdvWDKKcMc3HH+
 NfAYDL3co9y1wacsQ782+dDuzrA4BFhJ9/0dq4E4sOyIn66bzX017NiBvbuSHSaj
 k7f89xglkcWY
 =GfSo
 -----END PGP SIGNATURE-----

Merge tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull thermal control fix from Rafael Wysocki:
 "Add a missing sysfs attribute to the int340x thermal driver (Srinivas
  Pandruvada)"

* tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  thermal: int340x: Add missing attribute for data rate base
2023-01-05 13:48:49 -08:00
Linus Torvalds
50011c32f4 Including fixes from bpf, wifi, and netfilter.
Current release - regressions:
 
  - bpf: fix nullness propagation for reg to reg comparisons,
    avoid null-deref
 
  - inet: control sockets should not use current thread task_frag
 
  - bpf: always use maximal size for copy_array()
 
  - eth: bnxt_en: don't link netdev to a devlink port for VFs
 
 Current release - new code bugs:
 
  - rxrpc: fix a couple of potential use-after-frees
 
  - netfilter: conntrack: fix IPv6 exthdr error check
 
  - wifi: iwlwifi: fw: skip PPAG for JF, avoid FW crashes
 
  - eth: dsa: qca8k: various fixes for the in-band register access
 
  - eth: nfp: fix schedule in atomic context when sync mc address
 
  - eth: renesas: rswitch: fix getting mac address from device tree
 
  - mobile: ipa: use proper endpoint mask for suspend
 
 Previous releases - regressions:
 
  - tcp: add TIME_WAIT sockets in bhash2, fix regression caught
    by Jiri / python tests
 
  - net: tc: don't intepret cls results when asked to drop, fix
    oob-access
 
  - vrf: determine the dst using the original ifindex for multicast
 
  - eth: bnxt_en:
    - fix XDP RX path if BPF adjusted packet length
    - fix HDS (header placement) and jumbo thresholds for RX packets
 
  - eth: ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf,
    avoid memory corruptions
 
 Previous releases - always broken:
 
  - ulp: prevent ULP without clone op from entering the LISTEN status
 
  - veth: fix race with AF_XDP exposing old or uninitialized descriptors
 
  - bpf:
    - pull before calling skb_postpull_rcsum() (fix checksum support
      and avoid a WARN())
    - fix panic due to wrong pageattr of im->image (when livepatch
      and kretfunc coexist)
    - keep a reference to the mm, in case the task is dead
 
  - mptcp: fix deadlock in fastopen error path
 
  - netfilter:
    - nf_tables: perform type checking for existing sets
    - nf_tables: honor set timeout and garbage collection updates
    - ipset: fix hash:net,port,net hang with /0 subnet
    - ipset: avoid hung task warning when adding/deleting entries
 
  - selftests: net:
    - fix cmsg_so_mark.sh test hang on non-x86 systems
    - fix the arp_ndisc_evict_nocarrier test for IPv6
 
  - usb: rndis_host: secure rndis_query check against int overflow
 
  - eth: r8169: fix dmar pte write access during suspend/resume with WOL
 
  - eth: lan966x: fix configuration of the PCS
 
  - eth: sparx5: fix reading of the MAC address
 
  - eth: qed: allow sleep in qed_mcp_trace_dump()
 
  - eth: hns3:
    - fix interrupts re-initialization after VF FLR
    - fix handling of promisc when MAC addr table gets full
    - refine the handling for VF heartbeat
 
  - eth: mlx5:
    - properly handle ingress QinQ-tagged packets on VST
    - fix io_eq_size and event_eq_size params validation on big endian
    - fix RoCE setting at HCA level if not supported at all
    - don't turn CQE compression on by default for IPoIB
 
  - eth: ena:
    - fix toeplitz initial hash key value
    - account for the number of XDP-processed bytes in interface stats
    - fix rx_copybreak value update
 
 Misc:
 
  - ethtool: harden phy stat handling against buggy drivers
 
  - docs: netdev: convert maintainer's doc from FAQ to a normal document
 
 Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmO3MLcACgkQMUZtbf5S
 IrsEQBAAijPrpxsGMfX+VMqZ8RPKA3Qg8XF3ji2fSp4c0kiKv6lYI7PzPTR3u/fj
 CAlhQMHv7z53uM6Zd7FdUVl23paaEycu8YnlwSubg9z+wSeh/RQ6iq94mSk1PV+K
 LLVR/yop2N35Yp/oc5KZMb9fMLkxRG9Ci73QUVVYgvIrSd4Zdm13FjfVjL2C1MZH
 Yp003wigMs9IkIHOpHjNqwn/5s//0yXsb1PgKxCsaMdMQsG0yC+7eyDmxshCqsji
 xQm15mkGMjvWEYJaa4Tj4L3JW6lWbQzCu9nqPUX16KpmrnScr8S8Is+aifFZIBeW
 GZeDYgvjSxNWodeOrJnD3X+fnbrR9+qfx7T9y7XighfytAz5DNm1LwVOvZKDgPFA
 s+LlxOhzkDNEqbIsusK/LW+04EFc5gJyTI2iR6s4SSqmH3c3coJZQJeyRFWDZy/x
 1oqzcCcq8SwGUTJ9g6HAmDQoVkhDWDT/ZcRKhpWG0nJub972lB2iwM7LrAu+HoHI
 r8hyCkHpOi5S3WZKI9gPiGD+yOlpVAuG2wHg2IpjhKQvtd9DFUChGDhFeoB2rqJf
 9uI3RJBBYTDkeNu3kpfy5uMh2XhvbIZntK5kwpJ4VettZWFMaOAzn7KNqk8iT4gJ
 ASMrUrX59X0TAN0MgpJJm7uGtKbKZOu4lHNm74TUxH7V7bYn7dk=
 =TlcN
 -----END PGP SIGNATURE-----

Merge tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
 "Including fixes from bpf, wifi, and netfilter.

  Current release - regressions:

   - bpf: fix nullness propagation for reg to reg comparisons, avoid
     null-deref

   - inet: control sockets should not use current thread task_frag

   - bpf: always use maximal size for copy_array()

   - eth: bnxt_en: don't link netdev to a devlink port for VFs

  Current release - new code bugs:

   - rxrpc: fix a couple of potential use-after-frees

   - netfilter: conntrack: fix IPv6 exthdr error check

   - wifi: iwlwifi: fw: skip PPAG for JF, avoid FW crashes

   - eth: dsa: qca8k: various fixes for the in-band register access

   - eth: nfp: fix schedule in atomic context when sync mc address

   - eth: renesas: rswitch: fix getting mac address from device tree

   - mobile: ipa: use proper endpoint mask for suspend

  Previous releases - regressions:

   - tcp: add TIME_WAIT sockets in bhash2, fix regression caught by
     Jiri / python tests

   - net: tc: don't intepret cls results when asked to drop, fix
     oob-access

   - vrf: determine the dst using the original ifindex for multicast

   - eth: bnxt_en:
      - fix XDP RX path if BPF adjusted packet length
      - fix HDS (header placement) and jumbo thresholds for RX packets

   - eth: ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf,
     avoid memory corruptions

  Previous releases - always broken:

   - ulp: prevent ULP without clone op from entering the LISTEN status

   - veth: fix race with AF_XDP exposing old or uninitialized
     descriptors

   - bpf:
      - pull before calling skb_postpull_rcsum() (fix checksum support
        and avoid a WARN())
      - fix panic due to wrong pageattr of im->image (when livepatch and
        kretfunc coexist)
      - keep a reference to the mm, in case the task is dead

   - mptcp: fix deadlock in fastopen error path

   - netfilter:
      - nf_tables: perform type checking for existing sets
      - nf_tables: honor set timeout and garbage collection updates
      - ipset: fix hash:net,port,net hang with /0 subnet
      - ipset: avoid hung task warning when adding/deleting entries

   - selftests: net:
      - fix cmsg_so_mark.sh test hang on non-x86 systems
      - fix the arp_ndisc_evict_nocarrier test for IPv6

   - usb: rndis_host: secure rndis_query check against int overflow

   - eth: r8169: fix dmar pte write access during suspend/resume with
     WOL

   - eth: lan966x: fix configuration of the PCS

   - eth: sparx5: fix reading of the MAC address

   - eth: qed: allow sleep in qed_mcp_trace_dump()

   - eth: hns3:
      - fix interrupts re-initialization after VF FLR
      - fix handling of promisc when MAC addr table gets full
      - refine the handling for VF heartbeat

   - eth: mlx5:
      - properly handle ingress QinQ-tagged packets on VST
      - fix io_eq_size and event_eq_size params validation on big endian
      - fix RoCE setting at HCA level if not supported at all
      - don't turn CQE compression on by default for IPoIB

   - eth: ena:
      - fix toeplitz initial hash key value
      - account for the number of XDP-processed bytes in interface stats
      - fix rx_copybreak value update

  Misc:

   - ethtool: harden phy stat handling against buggy drivers

   - docs: netdev: convert maintainer's doc from FAQ to a normal
     document"

* tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (112 commits)
  caif: fix memory leak in cfctrl_linkup_request()
  inet: control sockets should not use current thread task_frag
  net/ulp: prevent ULP without clone op from entering the LISTEN status
  qed: allow sleep in qed_mcp_trace_dump()
  MAINTAINERS: Update maintainers for ptp_vmw driver
  usb: rndis_host: Secure rndis_query check against int overflow
  net: dpaa: Fix dtsec check for PCS availability
  octeontx2-pf: Fix lmtst ID used in aura free
  drivers/net/bonding/bond_3ad: return when there's no aggregator
  netfilter: ipset: Rework long task execution when adding/deleting entries
  netfilter: ipset: fix hash:net,port,net hang with /0 subnet
  net: sparx5: Fix reading of the MAC address
  vxlan: Fix memory leaks in error path
  net: sched: htb: fix htb_classify() kernel-doc
  net: sched: cbq: dont intepret cls results when asked to drop
  net: sched: atm: dont intepret cls results when asked to drop
  dt-bindings: net: marvell,orion-mdio: Fix examples
  dt-bindings: net: sun8i-emac: Add phy-supply property
  net: ipa: use proper endpoint mask for suspend
  selftests: net: return non-zero for failures reported in arp_ndisc_evict_nocarrier
  ...
2023-01-05 12:40:50 -08:00
Ben Dooks
b9b916aee6
riscv: uaccess: fix type of 0 variable on error in get_user()
If the get_user(x, ptr) has x as a pointer, then the setting
of (x) = 0 is going to produce the following sparse warning,
so fix this by forcing the type of 'x' when access_ok() fails.

fs/aio.c:2073:21: warning: Using plain integer as NULL pointer

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Link: https://lore.kernel.org/r/20221229170545.718264-1-ben-linux@fluff.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2023-01-05 12:30:41 -08:00
Björn Töpel
b2d473a601
riscv, kprobes: Stricter c.jr/c.jalr decoding
In the compressed instruction extension, c.jr, c.jalr, c.mv, and c.add
is encoded the following way (each instruction is 16b):

---+-+-----------+-----------+--
100 0 rs1[4:0]!=0       00000 10 : c.jr
100 1 rs1[4:0]!=0       00000 10 : c.jalr
100 0  rd[4:0]!=0 rs2[4:0]!=0 10 : c.mv
100 1  rd[4:0]!=0 rs2[4:0]!=0 10 : c.add

The following logic is used to decode c.jr and c.jalr:

  insn & 0xf007 == 0x8002 => instruction is an c.jr
  insn & 0xf007 == 0x9002 => instruction is an c.jalr

When 0xf007 is used to mask the instruction, c.mv can be incorrectly
decoded as c.jr, and c.add as c.jalr.

Correct the decoding by changing the mask from 0xf007 to 0xf07f.

Fixes: c22b0bcb1d ("riscv: Add kprobes supported")
Signed-off-by: Björn Töpel <bjorn@rivosinc.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Guo Ren <guoren@kernel.org>
Link: https://lore.kernel.org/r/20230102160748.1307289-1-bjorn@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2023-01-05 12:30:41 -08:00
Linus Torvalds
aa01a18392 gpio fixes for v6.2-rc3
- fix a reference leak in gpio-sifive
 - fix a potential use of an uninitialized variable in core gpiolib
 - fix a potential use of an uninitialized variable in gpio-pca953x
 - make GPIO irqchips immutable in gpio-pmic-eic-sprd, gpio-eic-sprd and
   gpio-sprd
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmO3EEQACgkQEacuoBRx
 13KPmg//Xu6/ng05VYSMtKr/3di1+8RD603+uLu5fCsJTzNHOezKX+Zumkf4eiZ5
 9ojvf/TGMWnCfKN5XAJ5YLqkCfAtSxBXMo0WLyZqDHtSGraBuOHdPpidSSkIcIyI
 BYql+lNtpEvUAG2JT0UjBnTiGgooNIYnmi18gecVzJ+xImP6pUrO41anfvLycOCH
 EqhpFZhegHm45XrQso6UH8T50QxL9avTnfwygVPR8s3M0pWmtJqogQYNjZasx0pf
 oRCSJ3eUZXWR69Z7IzRPJzBY88uL3MjcJfD4e8+rotR0/mTR55CdxbhS2i79Vc33
 zn80+5aWq1BtyAB+ZJrEd+211q5IVg+pnRQcdKDl86NSvQRVU57lCVpiTgc0DL4e
 kcktFWCoKEJ56p+ZtJDFnpSddetyEg+1mGPIBC9+MPANzkqggm0eq2o7ymqEEEGI
 gRe9kzBfN9oOKxtdfIrvttqrTKyifSJsbe6Sb6B+RG9nhJdE6eK6SdpS5m5WHXZW
 ATFj9c8yBCZzlXuJbviZUGedhCyLKI4z5EzgJj5TayQBuSZTYme/Iz2+++GjHbdD
 pylT/lSWbyGl1rrZ5YgQPeKN9U9/aknWEu1KHgx7iL9v8ulIRd3lVAqfFfwyf6Lt
 WPPHhlMznTQ/Wf6EhYb1U/yaCyAyWTxTh/KR6BMqp4FyKlQ9n/k=
 =vy5/
 -----END PGP SIGNATURE-----

Merge tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

Pull gpio fixes from Bartosz Golaszewski:
 "A reference leak fix, two fixes for using uninitialized variables and
  more drivers converted to using immutable irqchips:

   - fix a reference leak in gpio-sifive

   - fix a potential use of an uninitialized variable in core gpiolib

   - fix a potential use of an uninitialized variable in gpio-pca953x

   - make GPIO irqchips immutable in gpio-pmic-eic-sprd, gpio-eic-sprd
     and gpio-sprd"

* tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpio: sifive: Fix refcount leak in sifive_gpio_probe
  gpio: sprd: Make the irqchip immutable
  gpio: pmic-eic-sprd: Make the irqchip immutable
  gpio: eic-sprd: Make the irqchip immutable
  gpio: pca953x: avoid to use uninitialized value pinctrl
  gpiolib: Fix using uninitialized lookup-flags on ACPI platforms
2023-01-05 12:06:40 -08:00
Yishai Hadas
e95d50d74b lib/scatterlist: Fix to merge contiguous pages into the last SG properly
When sg_alloc_append_table_from_pages() calls to pages_are_mergeable() in
its 'sgt_append->prv' flow to check whether it can merge contiguous pages
into the last SG, it passes the page arguments in the wrong order.

The first parameter should be the next candidate page to be merged to
the last page and not the opposite.

The current code leads to a corrupted SG which resulted in OOPs and
unexpected errors when non-contiguous pages are merged wrongly.

Fix to pass the page parameters in the right order.

Fixes: 1567b49d1a ("lib/scatterlist: add check when merging zone device pages")
Link: https://lore.kernel.org/r/20230105112339.107969-1-yishaih@nvidia.com
Signed-off-by: Yishai Hadas <yishaih@nvidia.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2023-01-05 16:01:05 -04:00
Linus Torvalds
5e9af4b426 fbdev updates for kernel 6.2-rc3:
- Fix Matrox G200eW initialization failure
 - Fix build failure of offb driver when built as module
 - Optimize stack usage in omapfb
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCY7asbAAKCRD3ErUQojoP
 X3bKAQDARxChoZ3eBfkKd3MJXMrYorE/T4zX2stBIdU6p/WgPQEA4W1xx3B6yzIK
 XR+lRlhwUIUkmgzMG9JEyZQEd9nzSA8=
 =s+E8
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev

Pull fbdev fixes from Helge Deller:

 - Fix Matrox G200eW initialization failure

 - Fix build failure of offb driver when built as module

 - Optimize stack usage in omapfb

* tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
  fbdev: omapfb: avoid stack overflow warning
  fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
  fbdev: atyfb: use strscpy() to instead of strncpy()
  fbdev: omapfb: use strscpy() to instead of strncpy()
  fbdev: make offb driver tristate
2023-01-05 11:24:33 -08:00
Paul E. McKenney
b2b50d5721 block: Remove "select SRCU"
Now that the SRCU Kconfig option is unconditionally selected, there is
no longer any point in selecting it.  Therefore, remove the "select SRCU"
Kconfig statements.

Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: linux-block@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-01-05 08:50:10 -07:00
Pavel Begunkov
12521a5d5c io_uring: fix CQ waiting timeout handling
Jiffy to ktime CQ waiting conversion broke how we treat timeouts, in
particular we rearm it anew every time we get into
io_cqring_wait_schedule() without adjusting the timeout. Waiting for 2
CQEs and getting a task_work in the middle may double the timeout value,
or even worse in some cases task may wait indefinitely.

Cc: stable@vger.kernel.org
Fixes: 228339662b ("io_uring: don't convert to jiffies for waiting on timeouts")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/f7bffddd71b08f28a877d44d37ac953ddb01590d.1672915663.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-01-05 08:04:47 -07:00
Michael Ellerman
be5f95c877 powerpc/vmlinux.lds: Don't discard .comment
Although the powerpc linker script mentions .comment in the DISCARD
section, that has never actually caused it to be discarded, because the
earlier ELF_DETAILS macro (previously STABS_DEBUG) explicitly includes
.comment.

However commit 99cb0d917f ("arch: fix broken BuildID for arm64 and
riscv") introduced an earlier use of DISCARD as part of the RO_DATA
macro. With binutils < 2.36 that causes the DISCARD directives later in
the script to be applied earlier, causing .comment to actually be
discarded.

It's confusing to explicitly include and discard .comment, and even more
so if the behaviour depends on the toolchain version. So don't discard
.comment in order to maintain the existing behaviour in all cases.

Fixes: 83a092cf95 ("powerpc: Link warning for orphan sections")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230105132349.384666-3-mpe@ellerman.id.au
2023-01-06 00:25:12 +11:00
Michael Ellerman
07b050f929 powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
Relocatable kernels must not discard relocations, they need to be
processed at runtime. As such they are included for CONFIG_RELOCATABLE
builds in the powerpc linker script (line 340).

However they are also unconditionally discarded later in the
script (line 414). Previously that worked because the earlier inclusion
superseded the discard.

However commit 99cb0d917f ("arch: fix broken BuildID for arm64 and
riscv") introduced an earlier use of DISCARD as part of the RO_DATA
macro (line 137). With binutils < 2.36 that causes the DISCARD
directives later in the script to be applied earlier, causing .rela* to
actually be discarded at link time, leading to build warnings and a
kernel that doesn't boot:

  ld: warning: discarding dynamic section .rela.init.rodata

Fix it by conditionally discarding .rela* only when CONFIG_RELOCATABLE
is disabled.

Fixes: 99cb0d917f ("arch: fix broken BuildID for arm64 and riscv")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

Link: https://lore.kernel.org/r/20230105132349.384666-2-mpe@ellerman.id.au
2023-01-06 00:25:01 +11:00