commit 5d515ee40cb57ea5331998f27df7946a69f14dc3 upstream.
The kernel warning message is triggered, when SPR MCC is used.
[ 17.945331] ------------[ cut here ]------------
[ 17.946305] WARNING: CPU: 65 PID: 1 at
arch/x86/events/intel/uncore_discovery.c:184
intel_uncore_has_discovery_tables+0x4c0/0x65c
[ 17.946305] Modules linked in:
[ 17.946305] CPU: 65 PID: 1 Comm: swapper/0 Not tainted
5.4.17-2136.313.1-X10-2c+ #4
It's caused by the broken discovery table of UPI.
The discovery tables are from hardware. Except for dropping the broken
information, there is nothing Linux can do. Using WARN_ON_ONCE() is
overkilled.
Use the pr_info() to replace WARN_ON_ONCE(), and specify what uncore unit
is dropped and the reason.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Michael Petlan <mpetlan@redhat.com>
Link: https://lore.kernel.org/r/20230112200105.733466-6-kan.liang@linux.intel.com
Cc: Mahmoud Adam <mngyadam@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This catches the android14-6.1-lts branch up with the latest changes and
abi updates. Included in here are the following commits:
07775f9683 ANDROID: GKI: Add symbols for rockchip sata
f44d373b32 ANDROID: sched: Add trace_android_rvh_setscheduler
efa8f34b5a ANDROID: Update the ABI symbol list
cee8ebf7c5 ANDROID: GKI: build damon for monitoring virtual address spaces
31c59d59c7 UPSTREAM: mm/damon/sysfs-schemes: handle tried region directory allocation failure
1cedfc05e9 UPSTREAM: mm/damon/sysfs-schemes: handle tried regions sysfs directory allocation failure
7fbeab3c65 UPSTREAM: mm/damon/sysfs: check error from damon_sysfs_update_target()
606444fd06 UPSTREAM: mm/damon/sysfs: eliminate potential uninitialized variable warning
c132d077eb UPSTREAM: mm/damon/sysfs: update monitoring target regions for online input commit
6b7c4cc262 UPSTREAM: mm/damon/sysfs: remove requested targets when online-commit inputs
1e19db10e7 UPSTREAM: mm/damon/sysfs: avoid empty scheme tried regions for large apply interval
c194e597cb UPSTREAM: mm/damon/sysfs-schemes: do not update tried regions more than one DAMON snapshot
f5a0a8bc43 UPSTREAM: mm/damon/sysfs: check DAMOS regions update progress from before_terminate()
b46391e092 UPSTREAM: mm/damon/sysfs: implement a command for updating only schemes tried total bytes
7d48e19f74 UPSTREAM: mm/damon/sysfs-schemes: implement DAMOS tried total bytes file
a548d90994 UPSTREAM: mm/damon/ops-common: refactor to use {pte|pmd}p_clear_young_notify()
ea215c9a10 UPSTREAM: mm/damon/core: skip apply schemes if empty
3ca21ef5fa UPSTREAM: mm/damon: use kstrtobool() instead of strtobool()
5bf7b56860 UPSTREAM: mm/damon/sysfs-schemes: implement DAMOS-tried regions clear command
80ccab9b0e UPSTREAM: mm/damon/sysfs: implement DAMOS tried regions update command
3421250b35 UPSTREAM: mm/damon/sysfs-schemes: implement scheme region directory
b4c34cc168 UPSTREAM: mm/damon/sysfs-schemes: implement schemes/tried_regions directory
b5d1f3576b UPSTREAM: mm/damon/core: add a callback for scheme target regions check
6547a97f32 UPSTREAM: mm/damon/lru_sort: enable and disable synchronously
540e9b850d UPSTREAM: mm/damon/reclaim: enable and disable synchronously
4e2d3f8e31 UPSTREAM: mm/damon/{reclaim,lru_sort}: remove unnecessarily included headers
3c0bc73f6e UPSTREAM: mm/damon/modules: deduplicate init steps for DAMON context setup
67ef7b0f42 UPSTREAM: mm/damon/sysfs: split out schemes directory implementation to separate file
0b17df8a4f UPSTREAM: mm/damon/sysfs: split out kdamond-independent schemes stats update logic into a new function
a45dff567c UPSTREAM: mm/damon/sysfs: move unsigned long range directory to common module
c5038d80ce UPSTREAM: mm/damon/sysfs: move sysfs_lock to common module
b7fc8d59a5 UPSTREAM: mm/damon/sysfs: remove parameters of damon_sysfs_region_alloc()
19364f11a4 UPSTREAM: mm/damon/sysfs: use damon_addr_range for region's start and end values
b6e6b1dbf8 UPSTREAM: mm/damon/core: split out scheme quota adjustment logic into a new function
43475d9708 UPSTREAM: mm/damon/core: split out scheme stat update logic into a new function
0b0a43029e UPSTREAM: mm/damon/core: split damos application logic into a new function
6c7495f04a UPSTREAM: mm/damon/core: split out DAMOS-charged region skip logic into a new function
ac1031618a ANDROID: Snapshot Mainline's version of checkpatch.pl
4fa87d4d8f ANDROID: KVM: arm64: Skip prefaulting ptes which will be modified later
fbc707442c ANDROID: KVM: arm64: Introduce module_change_host_prot_range
fd720ebc6a ANDROID: KVM: arm64: Relax checks in module_change_host_page_prot
f082d22541 ANDROID: KVM: arm64: Optimise module_change_host_page_prot
01dd8c280b ANDROID: KVM: arm64: Prefault entries when splitting a block mapping
cc653d701f ANDROID: virt: gunyah: Zero state_data after vcpu_run
cc294d9503 ANDROID: Update the ABI symbol list
956a0d3998 ANDROID: fs: Add vendor hooks for ep_create_wakeup_source & timerfd_create
d8d2b95fd0 ANDROID: ABI: update symbol list for galaxy
bcc758eed7 Reapply "binder: fix UAF caused by faulty buffer cleanup"
b2b3a1e6d1 UPSTREAM: x86/sev: Check for user-space IOIO pointing to kernel space
62b97630d4 UPSTREAM: x86/sev: Check IOBM for IOIO exceptions from user-space
071c14698c FROMGIT: usb: typec: tcpm: skip checking port->send_discover in PD3.0
a9567a35d0 ANDROID: arm64: Disable workaround for CPU errata 2441007 and 2441009
Change-Id: Icbda2fae389ea4c2e7230821c59ac0380a35d756
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVyywAACgkQONu9yGCS
aT420Q//RK1ZeDdGWqAEH84PtuOzFA7gl5aXjmt1r9I1sDFr06ktk9rc67BNo87b
Ugubto1UUpM/ZJfpezH1M4DMQ5f67thkRhCv5qvolh80v21duD7G7i1kX3rJsWk1
daJ76RcYXH63/Qv59uT+ADjSIIAH7yF/FGnUSShyznDRwDh/TqujEoh0e25X4YlV
MhcCGBS0NE9Rcuwv2XPp84D4psXhPhmOuUVEPVnPLVnXg09XqOVjMV5uW+X4Sqft
sc/bzveBmHoPOVtkz71qo1oxsVkKNMcdmD88+Xn9rSBgAkti5MpV/ZCAxRSVZbwF
wyBh23gzRQzHXTn45Bf/1wS5zzQ+PIkadCo7hlPbQHguOMGXkdqTgNJf9EwB09I2
DEAWnCNH5orNk0Sltbfo/7Ja2oJtSHkiaUWk4nP1fZN9Vt9yt1xnRkpkaoBh0L7q
NmXBFuvrylC44cfQNXIZSqAXduwCvMPyQDm1txSxYDZVrOy82/zVRWcOrytb0PnO
zfqSuQKZPoF29ESq2Ti65Zk5e47EjSjYca91gzOlSVBNXx+xTuSoXCL0RXYclT7H
umxK5/wmDSQX6wJzd+JNy7H86U753DuSIzA1112IC1GdWNlWWsjca5omEMgt+lqu
Xc9q13vg3Ox+tv0MRv+P398b7NwzuMVcLbMoHE+1EzMH0JS636E=
=p/en
-----END PGP SIGNATURE-----
Merge 6.1.66 into android14-6.1-lts
Changes in 6.1.66
cifs: Fix FALLOC_FL_ZERO_RANGE by setting i_size if EOF moved
cifs: Fix FALLOC_FL_INSERT_RANGE by setting i_size after EOF moved
smb: client: report correct st_size for SMB and NFS symlinks
pinctrl: avoid reload of p state in list iteration
firewire: core: fix possible memory leak in create_units()
mmc: sdhci-pci-gli: Disable LPM during initialization
mmc: cqhci: Increase recovery halt timeout
mmc: cqhci: Warn of halt or task clear failure
mmc: cqhci: Fix task clearing in CQE error recovery
mmc: block: Retry commands in CQE error recovery
mmc: block: Do not lose cache flush during CQE error recovery
mmc: block: Be sure to wait while busy in CQE error recovery
ALSA: hda: Disable power-save on KONTRON SinglePC
ALSA: hda/realtek: Headset Mic VREF to 100%
ALSA: hda/realtek: Add supported ALC257 for ChromeOS
dm-verity: align struct dm_verity_fec_io properly
scsi: Change SCSI device boolean fields to single bit flags
scsi: sd: Fix system start for ATA devices
drm/amd: Enable PCIe PME from D3
drm/amdgpu: Force order between a read and write to the same address
drm/amd/display: Include udelay when waiting for INBOX0 ACK
drm/amd/display: Remove min_dst_y_next_start check for Z8
drm/amd/display: Use DRAM speed from validation for dummy p-state
drm/amd/display: Update min Z8 residency time to 2100 for DCN314
drm/amd/display: fix ABM disablement
dm verity: initialize fec io before freeing it
dm verity: don't perform FEC for failed readahead IO
nvme: check for valid nvme_identify_ns() before using it
powercap: DTPM: Fix unneeded conversions to micro-Watts
cpufreq/amd-pstate: Fix the return value of amd_pstate_fast_switch()
dma-buf: fix check in dma_resv_add_fence
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
iommu/vt-d: Add MTL to quirk list to skip TE disabling
KVM: PPC: Book3S HV: Fix KVM_RUN clobbering FP/VEC user registers
powerpc: Don't clobber f0/vs0 during fp|altivec register save
parisc: Mark ex_table entries 32-bit aligned in assembly.h
parisc: Mark ex_table entries 32-bit aligned in uaccess.h
parisc: Use natural CPU alignment for bug_table
parisc: Mark lock_aligned variables 16-byte aligned on SMP
parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
parisc: Mark jump_table naturally aligned
parisc: Ensure 32-bit alignment on parisc unwind section
parisc: Mark altinstructions read-only and 32-bit aligned
btrfs: add dmesg output for first mount and last unmount of a filesystem
btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
btrfs: fix off-by-one when checking chunk map includes logical address
btrfs: send: ensure send_fd is writable
btrfs: make error messages more clear when getting a chunk map
btrfs: fix 64bit compat send ioctl arguments not initializing version member
Input: xpad - add HyperX Clutch Gladiate Support
auxdisplay: hd44780: move cursor home after clear display command
serial: sc16is7xx: Put IOControl register into regmap_volatile
serial: sc16is7xx: add missing support for rs485 devicetree properties
wifi: cfg80211: fix CQM for non-range use
USB: xhci-plat: fix legacy PHY double init
USB: core: Change configuration warnings to notices
usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
dpaa2-eth: increase the needed headroom to account for alignment
uapi: propagate __struct_group() attributes to the container union
selftests/net: ipsec: fix constant out of range
selftests/net: fix a char signedness issue
selftests/net: unix: fix unused variable compiler warning
selftests/net: mptcp: fix uninitialized variable warnings
octeontx2-af: Fix possible buffer overflow
net: stmmac: xgmac: Disable FPE MMC interrupts
octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
octeontx2-af: Install TC filter rules in hardware based on priority
octeontx2-pf: Restore TC ingress police rules when interface is up
r8169: prevent potential deadlock in rtl8169_close
ravb: Fix races between ravb_tx_timeout_work() and net related ops
net: ravb: Check return value of reset_control_deassert()
net: ravb: Use pm_runtime_resume_and_get()
net: ravb: Make write access to CXR35 first before accessing other EMAC registers
net: ravb: Start TX queues after HW initialization succeeded
net: ravb: Stop DMA in case of failures on ravb_open()
net: ravb: Keep reverse order of operations in ravb_remove()
KVM: x86: Fix lapic timer interrupt lost after loading a snapshot.
PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card
octeontx2-af: Initialize 'cntr_val' to fix uninitialized symbol error
PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers
fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
spi: Fix null dereference on suspend
drm/amd/display: Restore rptr/wptr for DMCUB as workaround
drm/amd/display: Guard against invalid RPTR/WPTR being set
cpufreq: imx6q: don't warn for disabling a non-existing frequency
cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
iommu/vt-d: Omit devTLB invalidation requests when TES=0
iommu/vt-d: Allocate pasid table in device probe path
iommu/vt-d: Add device_block_translation() helper
iommu/vt-d: Disable PCI ATS in legacy passthrough mode
iommu/vt-d: Make context clearing consistent with context mapping
drm/amd/pm: fix a memleak in aldebaran_tables_init
mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
drm/amd/display: Expand kernel doc for DC
drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut
drm/amd/display: Fix the delta clamping for shaper LUT
drm/amd/display: Fix MPCC 1DLUT programming
r8169: disable ASPM in case of tx timeout
r8169: fix deadlock on RTL8125 in jumbo mtu mode
xen: Allow platform PCI interrupt to be shared
xen: simplify evtchn_do_upcall() call maze
x86/xen: fix percpu vcpu_info allocation
x86/apic/msi: Fix misconfigured non-maskable MSI quirk
iomap: update ki_pos a little later in iomap_dio_complete
Linux 6.1.66
Note, this merge point merges out the following two scsi changes due to
them needing to be reverted due to abi breakage and reliance on previous
commits that we have already reverted:
cebccbe801 ("scsi: sd: Fix system start for ATA devices")
181fd67dc5 ("scsi: Change SCSI device boolean fields to single bit flags")
Also the following commit was manually reverted as part of the merge
point due to it conflicting with other changes in the tree AND it being
automatically reverted in later LTS releases due to it being broken:
307a6525c8 ("wifi: cfg80211: fix CQM for non-range use")
Change-Id: I37b08dcf2259de8b2a29a5afc5cbc4bbd08e739a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4cdf351d3630a640ab6a05721ef055b9df62277f upstream.
In general, activating long mode involves setting the EFER_LME bit in
the EFER register and then enabling the X86_CR0_PG bit in the CR0
register. At this point, the EFER_LMA bit will be set automatically by
hardware.
In the case of SVM/SEV guests where writes to CR0 are intercepted, it's
necessary for the host to set EFER_LMA on behalf of the guest since
hardware does not see the actual CR0 write.
In the case of SEV-ES guests where writes to CR0 are trapped instead of
intercepted, the hardware *does* see/record the write to CR0 before
exiting and passing the value on to the host, so as part of enabling
SEV-ES support commit f1c6366e30 ("KVM: SVM: Add required changes to
support intercepts under SEV-ES") dropped special handling of the
EFER_LMA bit with the understanding that it would be set automatically.
However, since the guest never explicitly sets the EFER_LMA bit, the
host never becomes aware that it has been set. This becomes problematic
when userspace tries to get/set the EFER values via
KVM_GET_SREGS/KVM_SET_SREGS, since the EFER contents tracked by the host
will be missing the EFER_LMA bit, and when userspace attempts to pass
the EFER value back via KVM_SET_SREGS it will fail a sanity check that
asserts that EFER_LMA should always be set when X86_CR0_PG and EFER_LME
are set.
Fix this by always inferring the value of EFER_LMA based on X86_CR0_PG
and EFER_LME, regardless of whether or not SEV-ES is enabled.
Fixes: f1c6366e30 ("KVM: SVM: Add required changes to support intercepts under SEV-ES")
Reported-by: Peter Gonda <pgonda@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210507165947.2502412-2-seanjc@google.com>
[A two year old patch that was revived after we noticed the failure in
KVM_SET_SREGS and a similar patch was posted by Michael Roth. This is
Sean's patch, but with Michael's more complete commit message. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9b8493dc43044376716d789d07699f17d538a7c4 upstream.
Commit in Fixes added an AMD-specific microcode callback. However, it
didn't check the CPU vendor the kernel runs on explicitly.
The only reason the Zenbleed check in it didn't run on other x86 vendors
hardware was pure coincidental luck:
if (!cpu_has_amd_erratum(c, amd_zenbleed))
return;
gives true on other vendors because they don't have those families and
models.
However, with the removal of the cpu_has_amd_erratum() in
05f5f73936fa ("x86/CPU/AMD: Drop now unused CPU erratum checking function")
that coincidental condition is gone, leading to the zenbleed check
getting executed on other vendors too.
Add the explicit vendor check for the whole callback as it should've
been done in the first place.
Fixes: 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix")
Cc: <stable@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20231201184226.16749-1-bp@alien8.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 27d25348d42161837be08fc63b04a2559d2e781c ]
A write-access violation page fault kernel crash was observed while running
cpuhotplug LTP testcases on SEV-ES enabled systems. The crash was
observed during hotplug, after the CPU was offlined and the process
was migrated to different CPU. setup_ghcb() is called again which
tries to update ghcb_version in sev_es_negotiate_protocol(). Ideally this
is a read_only variable which is initialised during booting.
Trying to write it results in a pagefault:
BUG: unable to handle page fault for address: ffffffffba556e70
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
[ ...]
Call Trace:
<TASK>
? __die_body.cold+0x1a/0x1f
? __die+0x2a/0x35
? page_fault_oops+0x10c/0x270
? setup_ghcb+0x71/0x100
? __x86_return_thunk+0x5/0x6
? search_exception_tables+0x60/0x70
? __x86_return_thunk+0x5/0x6
? fixup_exception+0x27/0x320
? kernelmode_fixup_or_oops+0xa2/0x120
? __bad_area_nosemaphore+0x16a/0x1b0
? kernel_exc_vmm_communication+0x60/0xb0
? bad_area_nosemaphore+0x16/0x20
? do_kern_addr_fault+0x7a/0x90
? exc_page_fault+0xbd/0x160
? asm_exc_page_fault+0x27/0x30
? setup_ghcb+0x71/0x100
? setup_ghcb+0xe/0x100
cpu_init_exception_handling+0x1b9/0x1f0
The fix is to call sev_es_negotiate_protocol() only in the BSP boot phase,
and it only needs to be done once in any case.
[ mingo: Refined the changelog. ]
Fixes: 95d33bfaa3 ("x86/sev: Register GHCB memory when SEV-SNP is active")
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Co-developed-by: Bo Gan <bo.gan@broadcom.com>
Signed-off-by: Bo Gan <bo.gan@broadcom.com>
Signed-off-by: Ashwin Dayanand Kamat <ashwin.kamat@broadcom.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/1701254429-18250-1-git-send-email-kashwindayan@vmware.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ upstream commit f4116bfc44621882556bbf70f5284fbf429a5cf6 ]
32-bit emulation was disabled on TDX to prevent a possible attack by
a VMM injecting an interrupt on vector 0x80.
Now that int80_emulation() has a check for external interrupts the
limitation can be lifted.
To distinguish software interrupts from external ones, int80_emulation()
checks the APIC ISR bit relevant to the 0x80 vector. For
software interrupts, this bit will be 0.
On TDX, the VAPIC state (including ISR) is protected and cannot be
manipulated by the VMM. The ISR bit is set by the microcode flow during
the handling of posted interrupts.
[ dhansen: more changelog tweaks ]
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@vger.kernel.org> # v6.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ upstream commit 55617fb991df535f953589586468612351575704 ]
The INT 0x80 instruction is used for 32-bit x86 Linux syscalls. The
kernel expects to receive a software interrupt as a result of the INT
0x80 instruction. However, an external interrupt on the same vector
also triggers the same codepath.
An external interrupt on vector 0x80 will currently be interpreted as a
32-bit system call, and assuming that it was a user context.
Panic on external interrupts on the vector.
To distinguish software interrupts from external ones, the kernel checks
the APIC ISR bit relevant to the 0x80 vector. For software interrupts,
this bit will be 0.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@vger.kernel.org> # v6.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ upstream commit be5341eb0d43b1e754799498bd2e8756cc167a41 ]
There is no real reason to have a separate ASM entry point implementation
for the legacy INT 0x80 syscall emulation on 64-bit.
IDTENTRY provides all the functionality needed with the only difference
that it does not:
- save the syscall number (AX) into pt_regs::orig_ax
- set pt_regs::ax to -ENOSYS
Both can be done safely in the C code of an IDTENTRY before invoking any of
the syscall related functions which depend on this convention.
Aside of ASM code reduction this prepares for detecting and handling a
local APIC injected vector 0x80.
[ kirill.shutemov: More verbose comments ]
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@vger.kernel.org> # v6.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ upstream commit b82a8dbd3d2f4563156f7150c6f2ecab6e960b30 ]
The INT 0x80 instruction is used for 32-bit x86 Linux syscalls. The
kernel expects to receive a software interrupt as a result of the INT
0x80 instruction. However, an external interrupt on the same vector
triggers the same handler.
The kernel interprets an external interrupt on vector 0x80 as a 32-bit
system call that came from userspace.
A VMM can inject external interrupts on any arbitrary vector at any
time. This remains true even for TDX and SEV guests where the VMM is
untrusted.
Put together, this allows an untrusted VMM to trigger int80 syscall
handling at any given point. The content of the guest register file at
that moment defines what syscall is triggered and its arguments. It
opens the guest OS to manipulation from the VMM side.
Disable 32-bit emulation by default for TDX and SEV. User can override
it with the ia32_emulation=y command line option.
[ dhansen: reword the changelog ]
Reported-by: Supraja Sridhara <supraja.sridhara@inf.ethz.ch>
Reported-by: Benedict Schlüter <benedict.schlueter@inf.ethz.ch>
Reported-by: Mark Kuhne <mark.kuhne@inf.ethz.ch>
Reported-by: Andrin Bertschi <andrin.bertschi@inf.ethz.ch>
Reported-by: Shweta Shinde <shweta.shinde@inf.ethz.ch>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@vger.kernel.org> # 6.0+: 1da5c9b x86: Introduce ia32_enabled()
Cc: <stable@vger.kernel.org> # 6.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ upstream commit 1da5c9bc119d3a749b519596b93f9b2667e93c4a ]
IA32 support on 64bit kernels depends on whether CONFIG_IA32_EMULATION
is selected or not. As it is a compile time option it doesn't
provide the flexibility to have distributions set their own policy for
IA32 support and give the user the flexibility to override it.
As a first step introduce ia32_enabled() which abstracts whether IA32
compat is turned on or off. Upcoming patches will implement
the ability to set IA32 compat state at boot time.
Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20230623111409.3047467-2-nik.borisov@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmHpsACgkQONu9yGCS
aT5uvw//SzcE0GImnHnfeN7iXtpFE9O0fhTxsjZCi8/HTXmGWPtQgWscd9y81bAd
EHBVr456GXqd6KuIF+03g/r/FYinwWqK375meLfaybw1vSBP+fZttrEGqz6nTnYD
yqOxw2bqgz8Xjp63UeNHD6mifpBvVtuAvzrfO1E2Ie/U1OU2uKdjRRv0iijKNeWN
liOYTXaddIkVfZR0z6dVTl0hb5dPWsxNmF77kfVpKz4ALIHJcO13DlUuKtQz6Sb6
0ElmJpuonHuUxHzb8e9LLsFy3IvbBqomSscwcd0tngtdUTzhMYFIZLjg2+WQ9Ovq
raMGqvS/bKsoyoTBNKL83QB2NyXQb3vkfL0NgLsq9IwDl+r96mP9ctANYGwSjhND
o/4sa/fbMFzeInA8Rzh7i56RCNstOBKApJPhBzWuY0f/6b1BZpvZaONyX3fFksWO
dMeYT16GgO4lhQXnG3O6mtDT8eoZ1fLf7ZdGEZ2NktcOzXYelNc4aXJke7qdlIop
CVxM+Ur+juj+DJymo59a6baXjEgIROdHq83N3CZwetGviPHneGqgYc0K7ETtA33H
sH/0KGYAT8SzzjMlnXB0lpjp68WViJfzzo9Wxdf2aDZbL3SdI14GPKMUeDqqeSyU
8bB2Hb4ItccRFW9RriiE3BPGnLGu7PDTkn5TgXDG/bDX54Cb5DQ=
=YPzI
-----END PGP SIGNATURE-----
Merge 6.1.64 into android14-6.1-lts
Changes in 6.1.64
locking/ww_mutex/test: Fix potential workqueue corruption
lib/generic-radix-tree.c: Don't overflow in peek()
perf/core: Bail out early if the request AUX area is out of bound
srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
smp,csd: Throw an error if a CSD lock is stuck for too long
cpu/hotplug: Don't offline the last non-isolated CPU
workqueue: Provide one lock class key per work_on_cpu() callsite
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
wifi: plfxlc: fix clang-specific fortify warning
wifi: mac80211_hwsim: fix clang-specific fortify warning
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
atl1c: Work around the DMA RX overflow issue
bpf: Detect IP == ksym.end as part of BPF program
wifi: ath9k: fix clang-specific fortify warnings
wifi: ath10k: fix clang-specific fortify warning
net: annotate data-races around sk->sk_tx_queue_mapping
net: annotate data-races around sk->sk_dst_pending_confirm
wifi: ath10k: Don't touch the CE interrupt registers after power up
vsock: read from socket's error queue
bpf: Ensure proper register state printing for cond jumps
Bluetooth: btusb: Add date->evt_skb is NULL check
Bluetooth: Fix double free in hci_conn_cleanup
ACPI: EC: Add quirk for HP 250 G7 Notebook PC
tsnep: Fix tsnep_request_irq() format-overflow warning
platform/chrome: kunit: initialize lock for fake ec_dev
platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
drm/gma500: Fix call trace when psb_gem_mm_init() fails
drm/komeda: drop all currently held locks if deadlock happens
drm/amdgpu: not to save bo in the case of RAS err_event_athub
drm/amdkfd: Fix a race condition of vram buffer unref in svm code
drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
drm/amd/display: use full update for clip size increase of large plane source
string.h: add array-wrappers for (v)memdup_user()
kernel: kexec: copy user-array safely
kernel: watch_queue: copy user-array safely
drm_lease.c: copy user-array safely
drm: vmwgfx_surface.c: copy user-array safely
drm/msm/dp: skip validity check for DP CTS EDID checksum
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
drm/amdgpu: Fix potential null pointer derefernce
drm/panel: fix a possible null pointer dereference
drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
drm/radeon: fix a possible null pointer dereference
drm/amdgpu/vkms: fix a possible null pointer dereference
drm/panel: st7703: Pick different reset sequence
drm/amdkfd: Fix shift out-of-bounds issue
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size
selftests/efivarfs: create-read: fix a resource leak
ASoC: soc-card: Add storage for PCI SSID
ASoC: SOF: Pass PCI SSID to machine driver
crypto: pcrypt - Fix hungtask for PADATA_RESET
ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware
RDMA/hfi1: Use FIELD_GET() to extract Link Width
scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
fs/jfs: Add check for negative db_l2nbperpage
fs/jfs: Add validity check for db_maxag and db_agpref
jfs: fix array-index-out-of-bounds in dbFindLeaf
jfs: fix array-index-out-of-bounds in diAlloc
HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
ARM: 9320/1: fix stack depot IRQ stack filter
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
PCI: mvebu: Use FIELD_PREP() with Link Width
atm: iphase: Do PCI error checks on own line
PCI: Do error check on own line to split long "if" conditions
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
PCI: Use FIELD_GET() to extract Link Width
PCI: Extract ATS disabling to a helper function
PCI: Disable ATS for specific Intel IPU E2000 devices
misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk
crypto: hisilicon/qm - prevent soft lockup in receive loop
HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
exfat: support handle zero-size directory
mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs
iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()
thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager
tty: vcc: Add check for kstrdup() in vcc_probe()
usb: dwc3: core: configure TX/RX threshold for DWC3_IP
soundwire: dmi-quirks: update HP Omen match
f2fs: fix error handling of __get_node_page
usb: gadget: f_ncm: Always set current gadget in ncm_bind()
9p/trans_fd: Annotate data-racy writes to file::f_flags
9p: v9fs_listxattr: fix %s null argument warning
i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
i2c: fix memleak in i2c_new_client_device()
i2c: sun6i-p2wi: Prevent potential division by zero
virtio-blk: fix implicit overflow on virtio_max_dma_size
i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
media: gspca: cpia1: shift-out-of-bounds in set_flicker
media: vivid: avoid integer overflow
gfs2: ignore negated quota changes
gfs2: fix an oops in gfs2_permission
media: cobalt: Use FIELD_GET() to extract Link Width
media: ccs: Fix driver quirk struct documentation
media: imon: fix access to invalid resource for the second interface
drm/amd/display: Avoid NULL dereference of timing generator
kgdb: Flush console before entering kgdb on panic
i2c: dev: copy userspace array safely
ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
drm/qxl: prevent memory leak
ALSA: hda/realtek: Add quirk for ASUS UX7602ZM
drm/amdgpu: fix software pci_unplug on some chips
pwm: Fix double shift bug
mtd: rawnand: tegra: add missing check for platform_get_irq()
wifi: iwlwifi: Use FW rate for non-data frames
sched/core: Optimize in_task() and in_interrupt() a bit
SUNRPC: ECONNRESET might require a rebind
mtd: rawnand: intel: check return value of devm_kasprintf()
mtd: rawnand: meson: check return value of devm_kasprintf()
NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking
SUNRPC: Add an IS_ERR() check back to where it was
NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
vhost-vdpa: fix use after free in vhost_vdpa_probe()
net: set SOCK_RCU_FREE before inserting socket into hashtable
ipvlan: add ipvlan_route_v6_outbound() helper
tty: Fix uninit-value access in ppp_sync_receive()
net: hns3: fix add VLAN fail issue
net: hns3: add barrier in vf mailbox reply process
net: hns3: fix incorrect capability bit display for copper port
net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs
net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
net: hns3: fix VF reset fail issue
net: hns3: fix VF wrong speed and duplex issue
tipc: Fix kernel-infoleak due to uninitialized TLV value
net: mvneta: fix calls to page_pool_get_stats
ppp: limit MRU to 64K
xen/events: fix delayed eoi list handling
ptp: annotate data-race around q->head and q->tail
bonding: stop the device in bond_setup_by_slave()
net: ethernet: cortina: Fix max RX frame define
net: ethernet: cortina: Handle large frames
net: ethernet: cortina: Fix MTU max setting
af_unix: fix use-after-free in unix_stream_read_actor()
netfilter: nf_conntrack_bridge: initialize err to 0
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
net: stmmac: fix rx budget limit check
net: stmmac: avoid rx queue overrun
net/mlx5e: fix double free of encap_header
net/mlx5e: fix double free of encap_header in update funcs
net/mlx5e: Fix pedit endianness
net/mlx5e: Reduce the size of icosq_str
net/mlx5e: Check return value of snprintf writing to fw_version buffer
net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors
macvlan: Don't propagate promisc change to lower dev in passthru
tools/power/turbostat: Fix a knl bug
tools/power/turbostat: Enable the C-state Pre-wake printing
cifs: spnego: add ';' in HOST_KEY_LEN
cifs: fix check of rc in function generate_smb3signingkey
i915/perf: Fix NULL deref bugs with drm_dbg() calls
media: venus: hfi: add checks to perform sanity on queue pointers
perf intel-pt: Fix async branch flags
powerpc/perf: Fix disabling BHRB and instruction sampling
randstruct: Fix gcc-plugin performance mode to stay in group
bpf: Fix check_stack_write_fixed_off() to correctly spill imm
bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
scsi: mpt3sas: Fix loop logic
scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers
scsi: qla2xxx: Fix system crash due to bad pointer access
crypto: x86/sha - load modules based on CPU features
x86/cpu/hygon: Fix the CPU topology evaluation for real
KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
KVM: x86: Ignore MSR_AMD64_TW_CFG access
KVM: x86: Clear bit12 of ICR after APIC-write VM-exit
audit: don't take task_lock() in audit_exe_compare() code path
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
proc: sysctl: prevent aliased sysctls from getting passed to init
tty/sysrq: replace smp_processor_id() with get_cpu()
tty: serial: meson: fix hard LOCKUP on crtscts mode
hvc/xen: fix console unplug
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
hvc/xen: fix event channel handling for secondary consoles
PCI/sysfs: Protect driver's D3cold preference from user space
mm/damon/sysfs: remove requested targets when online-commit inputs
mm/damon/sysfs: update monitoring target regions for online input commit
watchdog: move softlockup_panic back to early_param
mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation
mm/damon/ops-common: avoid divide-by-zero during region hotness calculation
mm/damon: implement a function for max nr_accesses safe calculation
mm/damon/sysfs: check error from damon_sysfs_update_target()
ACPI: resource: Do IRQ override on TongFang GMxXGxx
regmap: Ensure range selector registers are updated after cache sync
wifi: ath11k: fix temperature event locking
wifi: ath11k: fix dfs radar event locking
wifi: ath11k: fix htt pktlog locking
wifi: ath11k: fix gtk offload status event locking
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
KEYS: trusted: tee: Refactor register SHM usage
KEYS: trusted: Rollback init_trusted() consistently
PCI: keystone: Don't discard .remove() callback
PCI: keystone: Don't discard .probe() callback
arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
parisc/pdc: Add width field to struct pdc_model
parisc/power: Add power soft-off when running on qemu
clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data
clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
ksmbd: handle malformed smb1 message
ksmbd: fix slab out of bounds write in smb_inherit_dacl()
mmc: vub300: fix an error code
mmc: sdhci_am654: fix start loop index for TAP value parsing
mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A
PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
PCI: kirin: Don't discard .remove() callback
PCI: exynos: Don't discard .remove() callback
wifi: wilc1000: use vmm_table as array in wilc struct
svcrdma: Drop connection after an RDMA Read error
rcu/tree: Defer setting of jiffies during stall reset
arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
PM: hibernate: Use __get_safe_page() rather than touching the list
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
btrfs: don't arbitrarily slow down delalloc if we're committing
arm64: dts: qcom: ipq8074: Fix hwlock index for SMEM
firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
ACPI: FPDT: properly handle invalid FPDT subtables
arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
mfd: qcom-spmi-pmic: Fix reference leaks in revid helper
mfd: qcom-spmi-pmic: Fix revid implementation
ima: annotate iint mutex to avoid lockdep false positive warnings
ima: detect changes to the backing overlay file
netfilter: nf_tables: remove catchall element in GC sync path
netfilter: nf_tables: split async and sync catchall in two functions
selftests/resctrl: Remove duplicate feature check from CMT test
selftests/resctrl: Move _GNU_SOURCE define into Makefile
selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
hid: lenovo: Resend all settings on reset_resume for compact keyboards
ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
quota: explicitly forbid quota files from being encrypted
kernel/reboot: emergency_restart: Set correct system_state
i2c: core: Run atomic i2c xfer when !preemptible
tracing: Have the user copy of synthetic event address use correct context
driver core: Release all resources during unbind before updating device links
mcb: fix error handling for different scenarios when parsing
dmaengine: stm32-mdma: correct desc prep when channel running
s390/cmma: fix detection of DAT pages
mm/cma: use nth_page() in place of direct struct page manipulation
mm/memory_hotplug: use pfn math in place of direct struct page manipulation
mtd: cfi_cmdset_0001: Byte swap OTP info
i3c: master: cdns: Fix reading status register
i3c: master: svc: fix race condition in ibi work thread
i3c: master: svc: fix wrong data return when IBI happen during start frame
i3c: master: svc: fix ibi may not return mandatory data byte
i3c: master: svc: fix check wrong status register in irq handler
i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
parisc: Prevent booting 64-bit kernels on PA1.x machines
parisc/pgtable: Do not drop upper 5 address bits of physical address
parisc/power: Fix power soft-off when running on qemu
xhci: Enable RPM on controllers that support low-power states
fs: add ctime accessors infrastructure
smb3: fix creating FIFOs when mounting with "sfu" mount option
smb3: fix touch -h of symlink
smb3: fix caching of ctime on setxattr
smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
smb: client: fix potential deadlock when releasing mids
cifs: reconnect helper should set reconnect for the right channel
cifs: force interface update before a fresh session setup
cifs: do not reset chan_max if multichannel is not supported at mount
xfs: recovery should not clear di_flushiter unconditionally
btrfs: zoned: wait for data BG to be finished on direct IO allocation
ALSA: info: Fix potential deadlock at disconnection
ALSA: hda/realtek: Enable Mute LED on HP 255 G8
ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
ALSA: hda/realtek: Enable Mute LED on HP 255 G10
ALSA: hda/realtek: Add quirks for HP Laptops
pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable
pmdomain: imx: Make imx pgc power domain also set the fwnode
cpufreq: stats: Fix buffer overflow detection in trans_stats()
clk: visconti: remove unused visconti_pll_provider::regmap
clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
bluetooth: Add device 0bda:887b to device tables
bluetooth: Add device 13d3:3571 to device tables
Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
drm/amd/display: enable dsc_clk even if dsc_pg disabled
cxl/region: Validate region mode vs decoder mode
cxl/region: Cleanup target list on attach error
cxl/region: Move region-position validation to a helper
cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
i3c: master: svc: add NACK check after start byte sent
i3c: master: svc: fix random hot join failure since timeout error
cxl: Unify debug messages when calling devm_cxl_add_port()
cxl/mem: Move devm_cxl_add_endpoint() from cxl_core to cxl_mem
tools/testing/cxl: Define a fixed volatile configuration to parse
cxl/region: Fix x1 root-decoder granularity calculations
Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
Revert "i2c: pxa: move to generic GPIO recovery"
lsm: fix default return value for vm_enough_memory
lsm: fix default return value for inode_getsecctx
sbsa_gwdt: Calculate timeout with 64-bit math
i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
s390/ap: fix AP bus crash on early config change callback invocation
net: ethtool: Fix documentation of ethtool_sprintf()
net: dsa: lan9303: consequently nested-lock physical MDIO
net: phylink: initialize carrier state at creation
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
f2fs: do not return EFSCORRUPTED, but try to run online repair
f2fs: avoid format-overflow warning
media: lirc: drop trailing space from scancode transmit
media: sharp: fix sharp encoding
media: venus: hfi_parser: Add check to keep the number of codecs within range
media: venus: hfi: fix the check to handle session buffer requirement
media: venus: hfi: add checks to handle capabilities from firmware
media: ccs: Correctly initialise try compose rectangle
drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection
drm/mediatek/dp: fix memory leak on ->get_edid callback error path
dm-verity: don't use blocking calls from tasklets
nfsd: fix file memleak on client_opens_release
LoongArch: Mark __percpu functions as always inline
riscv: mm: Update the comment of CONFIG_PAGE_OFFSET
riscv: correct pt_level name via pgtable_l5/4_enabled
riscv: kprobes: allow writing to x0
mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
mm: fix for negative counter: nr_file_hugepages
mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
mptcp: deal with large GSO size
mptcp: add validity check for sending RM_ADDR
mptcp: fix setsockopt(IP_TOS) subflow locking
r8169: fix network lost after resume on DASH systems
r8169: add handling DASH when DASH is disabled
mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
media: qcom: camss: Fix pm_domain_on sequence in probe
media: qcom: camss: Fix vfe_get() error jump
media: qcom: camss: Fix VFE-17x vfe_disable_output()
media: qcom: camss: Fix VFE-480 vfe_disable_output()
media: qcom: camss: Fix missing vfe_lite clocks check
media: qcom: camss: Fix invalid clock enable bit disjunction
media: qcom: camss: Fix csid-gen2 for test pattern generator
Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
ext4: apply umask if ACL support is disabled
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: mark buffer new if it is unwritten to avoid stale data exposure
ext4: correct return value of ext4_convert_meta_bg
ext4: correct the start block of counting reserved clusters
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
ext4: add missed brelse in update_backups
ext4: properly sync file size update after O_SYNC direct IO
drm/amd/pm: Handle non-terminated overdrive commands.
drm/i915: Bump GLK CDCLK frequency when driving multiple pipes
drm/i915: Fix potential spectre vulnerability
drm/amd/pm: Fix error of MACO flag setting code
drm/amdgpu/smu13: drop compute workload workaround
drm/amdgpu: don't use pci_is_thunderbolt_attached()
drm/amdgpu: don't use ATRM for external devices
drm/amdgpu: fix error handling in amdgpu_bo_list_get()
drm/amdgpu: lower CS errors to debug severity
drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()
drm/amd/display: Enable fast plane updates on DCN3.2 and above
drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
powerpc/powernv: Fix fortify source warnings in opal-prd.c
tracing: Have trace_event_file have ref counters
Input: xpad - add VID for Turtle Beach controllers
mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER
cxl/port: Fix NULL pointer access in devm_cxl_add_port()
RISC-V: drop error print from riscv_hartid_to_cpuid()
Linux 6.1.64
Change-Id: I9284282aeae5d0f9da957a58147efe0114f8e60a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Upstream commit: 63e44bc52047f182601e7817da969a105aa1f721
Check the memory operand of INS/OUTS before emulating the instruction.
The #VC exception can get raised from user-space, but the memory operand
can be manipulated to access kernel memory before the emulation actually
begins and after the exception handler has run.
[ bp: Massage commit message. ]
Bug: 309733863
Fixes: 597cfe4821 ("x86/boot/compressed/64: Setup a GHCB-based VC Exception handler")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57d0639f60)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Iac1c2f15cc922ab215d57654b004d020a0b65e53
Upstream commit: b9cb9c45583b911e0db71d09caa6b56469eb2bdf
Check the IO permission bitmap (if present) before emulating IOIO #VC
exceptions for user-space. These permissions are checked by hardware
already before the #VC is raised, but due to the VC-handler decoding
race it needs to be checked again in software.
Bug: 309733863
Fixes: 25189d08e5 ("x86/sev-es: Add support for handling IOIO exceptions")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Dohrmann <erbse.13@gmx.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit def94eb9a8)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ia520acc67da21353148fd07a3a8e48ee8a97d364
commit b56ebe7c896dc78b5865ec2c4b1dae3c93537517 upstream.
commit ef8dd01538 ("genirq/msi: Make interrupt allocation less
convoluted"), reworked the code so that the x86 specific quirk for affinity
setting of non-maskable PCI/MSI interrupts is not longer activated if
necessary.
This could be solved by restoring the original logic in the core MSI code,
but after a deeper analysis it turned out that the quirk flag is not
required at all.
The quirk is only required when the PCI/MSI device cannot mask the MSI
interrupts, which in turn also prevents reservation mode from being enabled
for the affected interrupt.
This allows ot remove the NOMASK quirk bit completely as msi_set_affinity()
can instead check whether reservation mode is enabled for the interrupt,
which gives exactly the same answer.
Even in the momentary non-existing case that the reservation mode would be
not set for a maskable MSI interrupt this would not cause any harm as it
just would cause msi_set_affinity() to go needlessly through the
functionaly equivalent slow path, which works perfectly fine with maskable
interrupts as well.
Rework msi_set_affinity() to query the reservation mode and remove all
NOMASK quirk logic from the core code.
[ tglx: Massaged changelog ]
Fixes: ef8dd01538 ("genirq/msi: Make interrupt allocation less convoluted")
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Koichiro Den <den@valinux.co.jp>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20231026032036.2462428-1-den@valinux.co.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit db2832309a82b9acc4b8cc33a1831d36507ec13e ]
Today the percpu struct vcpu_info is allocated via DEFINE_PER_CPU(),
meaning that it could cross a page boundary. In this case registering
it with the hypervisor will fail, resulting in a panic().
This can easily be fixed by using DEFINE_PER_CPU_ALIGNED() instead,
as struct vcpu_info is guaranteed to have a size of 64 bytes, matching
the cache line size of x86 64-bit processors (Xen doesn't support
32-bit processors).
Fixes: 5ead97c84f ("xen: Core Xen implementation")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.con>
Link: https://lore.kernel.org/r/20231124074852.25161-1-jgross@suse.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 37510dd566bdbff31a769cde2fa6654bccdb8b24 ]
There are several functions involved for performing the functionality
of evtchn_do_upcall():
- __xen_evtchn_do_upcall() doing the real work
- xen_hvm_evtchn_do_upcall() just being a wrapper for
__xen_evtchn_do_upcall(), exposed for external callers
- xen_evtchn_do_upcall() calling __xen_evtchn_do_upcall(), too, but
without any user
Simplify this maze by:
- removing the unused xen_evtchn_do_upcall()
- removing xen_hvm_evtchn_do_upcall() as the only left caller of
__xen_evtchn_do_upcall(), while renaming __xen_evtchn_do_upcall() to
xen_evtchn_do_upcall()
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Juergen Gross <jgross@suse.com>
Stable-dep-of: db2832309a82 ("x86/xen: fix percpu vcpu_info allocation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 9cfec6d097c607e36199cf0cfbb8cf5acbd8e9b2 ]
When running android emulator (which is based on QEMU 2.12) on
certain Intel hosts with kernel version 6.3-rc1 or above, guest
will freeze after loading a snapshot. This is almost 100%
reproducible. By default, the android emulator will use snapshot
to speed up the next launching of the same android guest. So
this breaks the android emulator badly.
I tested QEMU 8.0.4 from Debian 12 with an Ubuntu 22.04 guest by
running command "loadvm" after "savevm". The same issue is
observed. At the same time, none of our AMD platforms is impacted.
More experiments show that loading the KVM module with
"enable_apicv=false" can workaround it.
The issue started to show up after commit 8e6ed96cdd50 ("KVM: x86:
fire timer when it is migrated and expired, and in oneshot mode").
However, as is pointed out by Sean Christopherson, it is introduced
by commit 967235d320 ("KVM: vmx: clear pending interrupts on
KVM_SET_LAPIC"). commit 8e6ed96cdd50 ("KVM: x86: fire timer when
it is migrated and expired, and in oneshot mode") just makes it
easier to hit the issue.
Having both commits, the oneshot lapic timer gets fired immediately
inside the KVM_SET_LAPIC call when loading the snapshot. On Intel
platforms with APIC virtualization and posted interrupt processing,
this eventually leads to setting the corresponding PIR bit. However,
the whole PIR bits get cleared later in the same KVM_SET_LAPIC call
by apicv_post_state_restore. This leads to timer interrupt lost.
The fix is to move vmx_apicv_post_state_restore to the beginning of
the KVM_SET_LAPIC call and rename to vmx_apicv_pre_state_restore.
What vmx_apicv_post_state_restore does is actually clearing any
former apicv state and this behavior is more suitable to carry out
in the beginning.
Fixes: 967235d320 ("KVM: vmx: clear pending interrupts on KVM_SET_LAPIC")
Cc: stable@vger.kernel.org
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Haitao Shan <hshan@google.com>
Link: https://lore.kernel.org/r/20230913000215.478387-1-hshan@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 629d3698f6958ee6f8131ea324af794f973b12ac upstream.
When IPI virtualization is enabled, a WARN is triggered if bit12 of ICR
MSR is set after APIC-write VM-exit. The reason is kvm_apic_send_ipi()
thinks the APIC_ICR_BUSY bit should be cleared because KVM has no delay,
but kvm_apic_write_nodecode() doesn't clear the APIC_ICR_BUSY bit.
Under the x2APIC section, regarding ICR, the SDM says:
It remains readable only to aid in debugging; however, software should
not assume the value returned by reading the ICR is the last written
value.
I.e. the guest is allowed to set bit 12. However, the SDM also gives KVM
free reign to do whatever it wants with the bit, so long as KVM's behavior
doesn't confuse userspace or break KVM's ABI.
Clear bit 12 so that it reads back as '0'. This approach is safer than
"do nothing" and is consistent with the case where IPI virtualization is
disabled or not supported, i.e.,
handle_fastpath_set_x2apic_icr_irqoff() -> kvm_x2apic_icr_write()
Opportunistically replace the TODO with a comment calling out that eating
the write is likely faster than a conditional branch around the busy bit.
Link: https://lore.kernel.org/all/ZPj6iF0Q7iynn62p@google.com/
Fixes: 5413bcba7e ("KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode")
Cc: stable@vger.kernel.org
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Tested-by: Yi Lai <yi1.lai@intel.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Link: https://lore.kernel.org/r/20230914055504.151365-1-tao1.su@linux.intel.com
[sean: tweak changelog, replace TODO with comment, drop local "val"]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2770d4722036d6bd24bcb78e9cd7f6e572077d03 upstream.
Hyper-V enabled Windows Server 2022 KVM VM cannot be started on Zen1 Ryzen
since it crashes at boot with SYSTEM_THREAD_EXCEPTION_NOT_HANDLED +
STATUS_PRIVILEGED_INSTRUCTION (in other words, because of an unexpected #GP
in the guest kernel).
This is because Windows tries to set bit 8 in MSR_AMD64_TW_CFG and can't
handle receiving a #GP when doing so.
Give this MSR the same treatment that commit 2e32b71906
("x86, kvm: Add MSR_AMD64_BU_CFG2 to the list of ignored MSRs") gave
MSR_AMD64_BU_CFG2 under justification that this MSR is baremetal-relevant
only.
Although apparently it was then needed for Linux guests, not Windows as in
this case.
With this change, the aforementioned guest setup is able to finish booting
successfully.
This issue can be reproduced either on a Summit Ridge Ryzen (with
just "-cpu host") or on a Naples EPYC (with "-cpu host,stepping=1" since
EPYC is ordinarily stepping 2).
Alternatively, userspace could solve the problem by using MSR filters, but
forcing every userspace to define a filter isn't very friendly and doesn't
add much, if any, value. The only potential hiccup is if one of these
"baremetal-only" MSRs ever requires actual emulation and/or has F/M/S
specific behavior. But if that happens, then KVM can still punt *that*
handling to userspace since userspace MSR filters "win" over KVM's default
handling.
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/1ce85d9c7c9e9632393816cf19c902e0a3f411f1.1697731406.git.maciej.szmigiero@oracle.com
[sean: call out MSR filtering alternative]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d6800af51c76b6dae20e6023bbdc9b3da3ab5121 upstream.
Don't apply the stimer's counter side effects when modifying its
value from user-space, as this may trigger spurious interrupts.
For example:
- The stimer is configured in auto-enable mode.
- The stimer's count is set and the timer enabled.
- The stimer expires, an interrupt is injected.
- The VM is live migrated.
- The stimer config and count are deserialized, auto-enable is ON, the
stimer is re-enabled.
- The stimer expires right away, and injects an unwarranted interrupt.
Cc: stable@vger.kernel.org
Fixes: 1f4b34f825 ("kvm/x86: Hyper-V SynIC timers")
Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: https://lore.kernel.org/r/20231017155101.40677-1-nsaenz@amazon.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ee545b94d39a00c93dc98b1dbcbcf731d2eadeb4 upstream.
Hygon processors with a model ID > 3 have CPUID leaf 0xB correctly
populated and don't need the fixed package ID shift workaround. The fixup
is also incorrect when running in a guest.
Fixes: e0ceeae708 ("x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors")
Signed-off-by: Pu Wen <puwen@hygon.cn>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/tencent_594804A808BD93A4EBF50A994F228E3A7F07@qq.com
Link: https://lore.kernel.org/r/20230814085112.089607918@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1c43c0f1f84aa59dfc98ce66f0a67b2922aa7f9d upstream.
x86 optimized crypto modules are built as modules rather than build-in and
they are not loaded when the crypto API is initialized, resulting in the
generic builtin module (sha1-generic) being used instead.
It was discovered when creating a sha1/sha256 checksum of a 2Gb file by
using kcapi-tools because it would take significantly longer than creating
a sha512 checksum of the same file. trace-cmd showed that for sha1/256 the
generic module was used, whereas for sha512 the optimized module was used
instead.
Add module aliases() for these x86 optimized crypto modules based on CPU
feature bits so udev gets a chance to load them later in the boot
process. This resulted in ~3x decrease in the real-time execution of
kcapi-dsg.
Fix is inspired from commit
aa031b8f70 ("crypto: x86/sha512 - load based on CPU features")
where a similar fix was done for sha512.
Cc: stable@vger.kernel.org # 5.15+
Suggested-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Suggested-by: Julian Andres Klode <julian.klode@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit a1e2b8b36820d8c91275f207e77e91645b7c6836 ]
Qi Zheng reported crashes in a production environment and provided a
simplified example as a reproducer:
| For example, if we use Qemu to start a two NUMA node kernel,
| one of the nodes has 2M memory (less than NODE_MIN_SIZE),
| and the other node has 2G, then we will encounter the
| following panic:
|
| BUG: kernel NULL pointer dereference, address: 0000000000000000
| <...>
| RIP: 0010:_raw_spin_lock_irqsave+0x22/0x40
| <...>
| Call Trace:
| <TASK>
| deactivate_slab()
| bootstrap()
| kmem_cache_init()
| start_kernel()
| secondary_startup_64_no_verify()
The crashes happen because of inconsistency between the nodemask that
has nodes with less than 4MB as memoryless, and the actual memory fed
into the core mm.
The commit:
9391a3f9c7 ("[PATCH] x86_64: Clear more state when ignoring empty node in SRAT parsing")
... that introduced minimal size of a NUMA node does not explain why
a node size cannot be less than 4MB and what boot failures this
restriction might fix.
Fixes have been submitted to the core MM code to tighten up the
memory topologies it accepts and to not crash on weird input:
mm: page_alloc: skip memoryless nodes entirely
mm: memory_hotplug: drop memoryless node from fallback lists
Andrew has accepted them into the -mm tree, but there are no
stable SHA1's yet.
This patch drops the limitation for minimal node size on x86:
- which works around the crash without the fixes to the core MM.
- makes x86 topologies less weird,
- removes an arbitrary and undocumented limitation on NUMA topologies.
[ mingo: Improved changelog clarity. ]
Reported-by: Qi Zheng <zhengqi.arch@bytedance.com>
Tested-by: Mario Casquero <mcasquer@redhat.com>
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Rik van Riel <riel@surriel.com>
Link: https://lore.kernel.org/r/ZS+2qqjEO5/867br@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVbOmsACgkQONu9yGCS
aT5m1RAAx7hgbFDnLHCGh4YVBbNy8JngItsUBaJcI/67Mk5toNi0x8pqcS8mq7ED
GTwRnRcKaIR2bTyco5Ed2OZn4jMCyHC4oiyBZnHWg6AMuQjSCYzIgm7DzlTCVYZ7
2r8uRbt/uXADTILJ2kwR2mtVpGcwrXa+lsHrMqvt+MvNwRoSVHBHVVYCrAc+JXwR
GXCopzV/RFGS6w4SBsX0K+8pV7GO+bhpxJ1lPz1T/xeLYfT4C3EwSTWDbUXPbez7
IpJ+5yKJXXT9Xn9m/pekwZ/aOirLqtEbDxneEctsjvw140lCoQiEZn6ZRscgNEns
3H+J3Asgc2zXqPzfZFH02TebPj31B8HZ43Upu0okr0hr4A4/4JL9pjXEhm1bON/Z
x3jlTF4dyay4vOGGIEYOAuJSUbn6AqpZ318uBWCd3BSPocihEDMJz2aoazVHcb6k
83MVxfFfEL6s9utcoSXB8VjHa4FQmpMYsozegloUSJJCsizgdzmih0buJYhBB9sI
HbEohW+YAh3cACSn6arXUJIMH5F5xsfD89od2Pj+6UrapdlPz5gCaggA1RZplCho
bjGc1k61Rp2qSdfMEcx+h4ypgoOdhgqZI0YhYDCgBSRcWOXnGrDjFvnnumatcT+H
6vqyX6zlNt6U1NpE56Jtf7gt1Ds6PeoadD0L6B8vjXrkdeXOlUU=
=AZ9s
-----END PGP SIGNATURE-----
Merge 6.1.63 into android14-6.1-lts
Changes in 6.1.63
hwmon: (nct6775) Fix incorrect variable reuse in fan_div calculation
sched/fair: Fix cfs_rq_is_decayed() on !SMP
iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user()
sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0
objtool: Propagate early errors
sched: Fix stop_one_cpu_nowait() vs hotplug
vfs: fix readahead(2) on block devices
writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs
x86/srso: Fix SBPB enablement for (possible) future fixed HW
futex: Don't include process MM in futex key on no-MMU
x86/numa: Introduce numa_fill_memblks()
ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
x86/boot: Fix incorrect startup_gdt_descr.size
drivers/clocksource/timer-ti-dm: Don't call clk_get_rate() in stop function
pstore/platform: Add check for kstrdup
string: Adjust strtomem() logic to allow for smaller sources
genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
wifi: cfg80211: add flush functions for wiphy work
wifi: mac80211: move radar detect work to wiphy work
wifi: mac80211: move scan work to wiphy work
wifi: mac80211: move offchannel works to wiphy work
wifi: mac80211: move sched-scan stop work to wiphy work
wifi: mac80211: fix # of MSDU in A-MSDU calculation
wifi: iwlwifi: honor the enable_ini value
i40e: fix potential memory leaks in i40e_remove()
iavf: Fix promiscuous mode configuration flow messages
selftests/bpf: Correct map_fd to data_fd in tailcalls
udp: add missing WRITE_ONCE() around up->encap_rcv
tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
gve: Use size_add() in call to struct_size()
mlxsw: Use size_mul() in call to struct_size()
tls: Only use data field in crypto completion function
tls: Use size_add() in call to struct_size()
tipc: Use size_add() in calls to struct_size()
net: spider_net: Use size_add() in call to struct_size()
net: ethernet: mtk_wed: fix EXT_INT_STATUS_RX_FBUF definitions for MT7986 SoC
wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
wifi: ath11k: fix boot failure with one MSI vector
wifi: mt76: mt7603: rework/fix rx pse hang check
wifi: mt76: mt7603: improve watchdog reset reliablity
wifi: mt76: mt7603: improve stuck beacon handling
wifi: mt76: mt7915: fix beamforming availability check
wifi: ath: dfs_pattern_detector: Fix a memory initialization issue
tcp_metrics: add missing barriers on delete
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: do not create an entry from tcp_init_metrics()
wifi: rtlwifi: fix EDCA limit set by BT coexistence
ACPI: property: Allow _DSD buffer data only for byte accessors
ACPI: video: Add acpi_backlight=vendor quirk for Toshiba Portégé R100
wifi: ath11k: fix Tx power value during active CAC
can: dev: can_restart(): don't crash kernel if carrier is OK
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds
PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
wifi: wfx: fix case where rates are out of order
netfilter: nf_tables: Drop pointless memset when dumping rules
thermal: core: prevent potential string overflow
r8169: use tp_to_dev instead of open code
r8169: fix rare issue with broken rx after link-down on RTL8125
selftests: netfilter: test for sctp collision processing in nf_conntrack
net: skb_find_text: Ignore patterns extending past 'to'
chtls: fix tp->rcv_tstamp initialization
tcp: fix cookie_init_timestamp() overflows
wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues
wifi: iwlwifi: pcie: synchronize IRQs before NAPI
wifi: iwlwifi: empty overflow queue during flush
Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err
bpf: Fix unnecessary -EBUSY from htab_lock_bucket
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
ipv6: avoid atomic fragment on GSO packets
net: add DEV_STATS_READ() helper
ipvlan: properly track tx_errors
regmap: debugfs: Fix a erroneous check after snprintf()
spi: tegra: Fix missing IRQ check in tegra_slink_probe()
clk: qcom: gcc-msm8996: Remove RPM bus clocks
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks
clk: qcom: mmcc-msm8998: Fix the SMMU GDSC
clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
regulator: mt6358: Fail probe on unknown chip ID
clk: imx: Select MXC_CLK for CLK_IMX8QXP
clk: imx: imx8mq: correct error handling path
clk: imx: imx8qxp: Fix elcdif_pll clock
clk: renesas: rcar-gen3: Extend SDnH divider table
clk: renesas: rzg2l: Wait for status bit of SD mux before continuing
clk: renesas: rzg2l: Lock around writes to mux register
clk: renesas: rzg2l: Trust value returned by hardware
clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields
clk: renesas: rzg2l: Fix computation formula
clk: linux/clk-provider.h: fix kernel-doc warnings and typos
spi: nxp-fspi: use the correct ioremap function
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: ti: change ti_clk_register[_omap_hw]() API
clk: ti: fix double free in of_ti_divider_clk_setup()
clk: npcm7xx: Fix incorrect kfree
clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
platform/x86: wmi: Fix probe failure when failing to register WMI devices
platform/x86: wmi: Fix opening of char device
hwmon: (axi-fan-control) Fix possible NULL pointer dereference
hwmon: (coretemp) Fix potentially truncated sysfs attribute name
Revert "hwmon: (sch56xx-common) Add DMI override table"
Revert "hwmon: (sch56xx-common) Add automatic module loading on supported devices"
hwmon: (sch5627) Use bit macros when accessing the control register
hwmon: (sch5627) Disallow write access if virtual registers are locked
hte: tegra: Fix missing error code in tegra_hte_test_probe()
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
drm/rockchip: vop: Fix call to crtc reset helper
drm/rockchip: vop2: Don't crash for invalid duplicate_state
drm/rockchip: vop2: Add missing call to crtc reset helper
drm/radeon: possible buffer overflow
drm: bridge: it66121: Fix invalid connector dereference
drm/bridge: lt8912b: Add hot plug detection
drm/bridge: lt8912b: Fix bridge_detach
drm/bridge: lt8912b: Fix crash on bridge detach
drm/bridge: lt8912b: Manually disable HPD only if it was enabled
drm/bridge: lt8912b: Add missing drm_bridge_attach call
drm/bridge: tc358768: Fix use of uninitialized variable
drm/bridge: tc358768: Fix bit updates
drm/bridge: tc358768: remove unused variable
drm/bridge: tc358768: Use struct videomode
drm/bridge: tc358768: Print logical values, not raw register values
drm/bridge: tc358768: Use dev for dbg prints, not priv->dev
drm/bridge: tc358768: Rename dsibclk to hsbyteclk
drm/bridge: tc358768: Clean up clock period code
drm/bridge: tc358768: Fix tc358768_ns_to_cnt()
drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
drm/amd/display: Check all enabled planes in dm_check_crtc_cursor
drm/amd/display: Refactor dm_get_plane_scale helper
drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change
io_uring/kbuf: Fix check of BID wrapping in provided buffers
io_uring/kbuf: Allow the full buffer id space for provided buffers
drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
drm/mediatek: Fix iommu fault during crtc enabling
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
gpu: host1x: Correct allocated size for contexts
drm/bridge: lt9611uxc: fix the race in the error path
arm64/arm: xen: enlighten: Fix KPTI checks
drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
xenbus: fix error exit in xenbus_init()
xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
drm/msm/dsi: use msm_gem_kernel_put to free TX buffer
drm/msm/dsi: free TX buffer in unbind
clocksource/drivers/arm_arch_timer: limit XGene-1 workaround
drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling
drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process
perf/arm-cmn: Revamp model detection
perf/arm-cmn: Fix DTC domain detection
drivers/perf: hisi_pcie: Check the type first in pmu::event_init()
perf: hisi: Fix use-after-free when register pmu fails
ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name
arm64: dts: qcom: sdm845: cheza doesn't support LMh node
arm64: dts: qcom: sc7280: link usb3_phy_wrapper_gcc_usb30_pipe_clk
arm64: dts: qcom: msm8916: Fix iommu local address range
arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory
arm64: dts: qcom: sc7280: Add missing LMH interrupts
arm64: dts: qcom: sm8150: add ref clock to PCIe PHYs
arm64: dts: qcom: sm8350: fix pinctrl for UART18
arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins
arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
soc: qcom: llcc: Handle a second device without data corruption
kunit: Fix missed memory release in kunit_free_suite_set()
firmware: ti_sci: Mark driver as non removable
arm64: dts: ti: k3-am62a7-sk: Drop i2c-1 to 100Khz
firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device
firmware: arm_ffa: Allow the FF-A drivers to use 32bit mode of messaging
ARM: dts: am3517-evm: Fix LED3/4 pinmux
clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry
arm64: dts: imx8mm: Add sound-dai-cells to micfil node
arm64: dts: imx8mn: Add sound-dai-cells to micfil node
arm64: tegra: Use correct interrupts for Tegra234 TKE
selftests/pidfd: Fix ksft print formats
selftests/resctrl: Ensure the benchmark commands fits to its array
module/decompress: use vmalloc() for gzip decompression workspace
ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler
ASoC: cs35l41: Undo runtime PM changes at driver exit time
ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get()
ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
KEYS: Include linux/errno.h in linux/verification.h
crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
hwrng: bcm2835 - Fix hwrng throughput regression
hwrng: geode - fix accessing registers
RDMA/core: Use size_{add,sub,mul}() in calls to struct_size()
crypto: qat - ignore subsequent state up commands
crypto: qat - relocate bufferlist logic
crypto: qat - rename bufferlist functions
crypto: qat - change bufferlist logic interface
crypto: qat - generalize crypto request buffers
crypto: qat - extend buffer list interface
crypto: qat - fix unregistration of crypto algorithms
scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code
libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value
nd_btt: Make BTT lanes preemptible
crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
crypto: qat - increase size of buffers
PCI: vmd: Correct PCI Header Type Register's multi-function check
hid: cp2112: Fix duplicate workqueue initialization
crypto: hisilicon/qm - delete redundant null assignment operations
crypto: hisilicon/qm - modify the process of regs dfx
crypto: hisilicon/qm - split a debugfs.c from qm
crypto: hisilicon/qm - fix PF queue parameter issue
ARM: 9321/1: memset: cast the constant byte to unsigned char
ext4: move 'ix' sanity check to corrent position
ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described
IB/mlx5: Fix rdma counter binding for RAW QP
RDMA/hns: Fix printing level of asynchronous events
RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()
RDMA/hns: Fix signed-unsigned mixed comparisons
RDMA/hns: Add check for SL
RDMA/hns: The UD mode can only be configured with DCQCN
ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran.
ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
scsi: ufs: core: Leave space for '\0' in utf8 desc string
RDMA/hfi1: Workaround truncation compilation error
HID: cp2112: Make irq_chip immutable
hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip
sh: bios: Revive earlyprintk support
Revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures"
HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only
HID: logitech-hidpp: Revert "Don't restart communication if not necessary"
HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event()
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
padata: Fix refcnt handling in padata_free_shell()
crypto: qat - fix deadlock in backlog processing
ASoC: ams-delta.c: use component after check
IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF
mfd: core: Un-constify mfd_cell.of_reg
mfd: core: Ensure disabled devices are skipped without aborting
mfd: dln2: Fix double put in dln2_probe
dt-bindings: mfd: mt6397: Add binding for MT6357
dt-bindings: mfd: mt6397: Split out compatible for MediaTek MT6366 PMIC
mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs
leds: turris-omnia: Drop unnecessary mutex locking
leds: turris-omnia: Do not use SMBUS calls
leds: pwm: Don't disable the PWM when the LED should be off
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
kunit: add macro to allow conditionally exposing static symbols to tests
apparmor: test: make static symbols visible during kunit testing
apparmor: fix invalid reference on profile->disconnected
perf stat: Fix aggr mode initialization
iio: frequency: adf4350: Use device managed functions and fix power down issue.
perf kwork: Fix incorrect and missing free atom in work_push_atom()
perf kwork: Add the supported subcommands to the document
perf kwork: Set ordered_events to true in 'struct perf_tool'
filemap: add filemap_get_folios_tag()
f2fs: convert f2fs_write_cache_pages() to use filemap_get_folios_tag()
f2fs: compress: fix deadloop in f2fs_write_cache_pages()
f2fs: compress: fix to avoid use-after-free on dic
f2fs: compress: fix to avoid redundant compress extension
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
livepatch: Fix missing newline character in klp_resolve_symbols()
pinctrl: renesas: rzg2l: Make reverse order of enable() for disable()
perf record: Fix BTF type checks in the off-cpu profiling
dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
usb: chipidea: Fix DMA overwrite for Tegra
usb: chipidea: Simplify Tegra DMA alignment code
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
tools: iio: iio_generic_buffer ensure alignment
USB: usbip: fix stub_dev hub disconnect
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
interconnect: qcom: sc7180: Retire DEFINE_QBCM
interconnect: qcom: sc7180: Set ACV enable_mask
interconnect: qcom: sc7280: Set ACV enable_mask
interconnect: qcom: sc8180x: Set ACV enable_mask
interconnect: qcom: sc8280xp: Set ACV enable_mask
interconnect: qcom: sdm845: Retire DEFINE_QBCM
interconnect: qcom: sdm845: Set ACV enable_mask
interconnect: qcom: sm6350: Retire DEFINE_QBCM
interconnect: qcom: sm6350: Set ACV enable_mask
interconnect: move ignore_list out of of_count_icc_providers()
interconnect: qcom: sm8150: Drop IP0 interconnects
interconnect: qcom: sm8150: Retire DEFINE_QBCM
interconnect: qcom: sm8150: Set ACV enable_mask
interconnect: qcom: sm8350: Retire DEFINE_QBCM
interconnect: qcom: sm8350: Set ACV enable_mask
powerpc: Only define __parse_fpscr() when required
modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
modpost: fix ishtp MODULE_DEVICE_TABLE built on big-endian host
powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
powerpc/xive: Fix endian conversion size
powerpc/vas: Limit open window failure messages in log bufffer
powerpc/imc-pmu: Use the correct spinlock initializer.
powerpc/pseries: fix potential memory leak in init_cpu_associativity()
xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
usb: host: xhci-plat: fix possible kernel oops while resuming
perf machine: Avoid out of bounds LBR memory read
perf hist: Add missing puts to hist__account_cycles
9p/net: fix possible memory leak in p9_check_errors()
i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
cxl/mem: Fix shutdown order
crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL
x86/sev: Change snp_guest_issue_request()'s fw_err argument
virt: sevguest: Fix passing a stack buffer as a scatterlist target
rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
pcmcia: cs: fix possible hung task and memory leak pccardd()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
media: hantro: Check whether reset op is defined before use
media: verisilicon: Do not enable G2 postproc downscale if source is narrower than destination
media: ov5640: Drop dead code using frame_interval
media: ov5640: fix vblank unchange issue when work at dvp mode
media: i2c: max9286: Fix some redundant of_node_put() calls
media: ov5640: Fix a memory leak when ov5640_probe fails
media: bttv: fix use after free error due to btv->timeout timer
media: amphion: handle firmware debug message
media: mtk-jpegenc: Fix bug in JPEG encode quality selection
media: s3c-camif: Avoid inappropriate kfree()
media: vidtv: psi: Add check for kstrdup
media: vidtv: mux: Add check and kfree for kstrdup
media: cedrus: Fix clock/reset sequence
media: cadence: csi2rx: Unregister v4l2 async notifier
media: dvb-usb-v2: af9035: fix missing unlock
media: cec: meson: always include meson sub-directory in Makefile
regmap: prevent noinc writes from clobbering cache
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
watchdog: ixp4xx: Make sure restart always works
llc: verify mac len before reading mac header
hsr: Prevent use after free in prp_create_tagged_frame()
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
bpf: Check map->usercnt after timer->timer is assigned
inet: shrink struct flowi_common
octeontx2-pf: Fix error codes
octeontx2-pf: Fix holes in error code
net: page_pool: add missing free_percpu when page_pool_init fail
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
net: r8169: Disable multicast filter for RTL8168H and RTL8107E
Fix termination state for idr_for_each_entry_ul()
net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
selftests: pmtu.sh: fix result checking
octeontx2-pf: Rename tot_tx_queues to non_qos_queues
octeontx2-pf: qos send queues management
octeontx2-pf: Free pending and dropped SQEs
net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc
net/smc: put sk reference if close work was canceled
nvme: fix error-handling for io_uring nvme-passthrough
tg3: power down device only on SYSTEM_POWER_OFF
nbd: fix uaf in nbd_open
blk-core: use pr_warn_ratelimited() in bio_check_ro()
virtio/vsock: replace virtio_vsock_pkt with sk_buff
vsock/virtio: remove socket from connected/bound list on shutdown
r8169: respect userspace disabling IFF_MULTICAST
i2c: iproc: handle invalid slave state
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
RISC-V: Don't fail in riscv_of_parent_hartid() for disabled HARTs
drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
ASoC: mediatek: mt8186_mt6366_rt1019_rt5682s: trivial: fix error messages
ASoC: hdmi-codec: register hpd callback on component probe
ASoC: dapm: fix clock get name
spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
fbdev: imsttfb: Fix error path of imsttfb_probe()
fbdev: imsttfb: fix a resource leak in probe
fbdev: fsl-diu-fb: mark wr_reg_wa() static
tracing/kprobes: Fix the order of argument descriptions
io_uring/net: ensure socket is marked connected on connect retry
x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
btrfs: use u64 for buffer sizes in the tree search ioctls
wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush()
virtio/vsock: don't use skbuff state to account credit
virtio/vsock: remove redundant 'skb_pull()' call
virtio/vsock: don't drop skbuff on copy failure
vsock/loopback: use only sk_buff_head.lock to protect the packet queue
virtio/vsock: fix leaks due to missing skb owner
virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
virtio/vsock: fix header length on skb merging
Linux 6.1.63
Change-Id: I87b7a539b11c90cfaf16edb07d613f74d54458a4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.62
ASoC: simple-card: fixup asoc_simple_probe() error handling
coresight: tmc-etr: Disable warnings for allocation failures
ASoC: tlv320adc3xxx: BUG: Correct micbias setting
net: sched: cls_u32: Fix allocation size in u32_init()
irqchip/riscv-intc: Mark all INTC nodes as initialized
irqchip/stm32-exti: add missing DT IRQ flag translation
dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
powerpc/85xx: Fix math emulation exception
Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
fbdev: atyfb: only use ioremap_uc() on i386 and ia64
fs/ntfs3: Add ckeck in ni_update_parent()
fs/ntfs3: Write immediately updated ntfs state
fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN)
fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr()
fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame()
fs/ntfs3: Fix directory element type detection
fs/ntfs3: Avoid possible memory leak
spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
netfilter: nfnetlink_log: silence bogus compiler warning
efi: fix memory leak in krealloc failure handling
ASoC: rt5650: fix the wrong result of key button
ASoC: codecs: tas2780: Fix log of failed reset via I2C.
drm/ttm: Reorder sys manager cleanup step
fbdev: omapfb: fix some error codes
fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
scsi: mpt3sas: Fix in error path
drm/amdgpu: Unset context priority is now invalid
gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET
LoongArch: Export symbol invalid_pud_table for modules building
LoongArch: Replace kmap_atomic() with kmap_local_page() in copy_user_highpage()
netfilter: nf_tables: audit log object reset once per table
platform/mellanox: mlxbf-tmfifo: Fix a warning message
drm/amdgpu: Reserve fences for VM update
net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
r8152: Check for unplug in rtl_phy_patch_request()
r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en()
powerpc/mm: Fix boot crash with FLATMEM
io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter() failed
ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock
power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint
perf evlist: Avoid frequency mode for the dummy event
x86: KVM: SVM: always update the x2avic msr interception
mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer
mmap: fix error paths with dup_anon_vma()
ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices
PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
usb: raw-gadget: properly handle interrupted requests
tty: n_gsm: fix race condition in status line change on dead connections
tty: 8250: Remove UC-257 and UC-431
tty: 8250: Add support for additional Brainboxes UC cards
tty: 8250: Add support for Brainboxes UP cards
tty: 8250: Add support for Intashield IS-100
tty: 8250: Fix port count of PX-257
tty: 8250: Fix up PX-803/PX-857
tty: 8250: Add support for additional Brainboxes PX cards
tty: 8250: Add support for Intashield IX cards
tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks
misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
ASoC: SOF: sof-pci-dev: Fix community key quirk detection
Linux 6.1.62
Change-Id: I2f696c88b48e82eb0d925a26ce6716693595d421
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 2a565258b3f4bbdc7a3c09cd02082cb286a7bffc upstream.
Three PCI IDs for DF Function 4 were defined but not used.
Add them to the "link" list.
Fixes: f8faf34966 ("x86/amd_nb: Add AMD PCI IDs for SMN communication")
Fixes: 23a5b8bb022c ("x86/amd_nb: Add PCI ID for family 19h model 78h")
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230803150430.3542854-1-yazen.ghannam@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 0144e3b85d7b42e8a4cda991c0e81f131897457a ]
The GHCB specification declares that the firmware error value for
a guest request will be stored in the lower 32 bits of EXIT_INFO_2. The
upper 32 bits are for the VMM's own error code. The fw_err argument to
snp_guest_issue_request() is thus a misnomer, and callers will need
access to all 64 bits.
The type of unsigned long also causes problems, since sw_exit_info2 is
u64 (unsigned long long) vs the argument's unsigned long*. Change this
type for issuing the guest request. Pass the ioctl command struct's error
field directly instead of in a local variable, since an incomplete guest
request may not set the error code, and uninitialized stack memory would
be written back to user space.
The firmware might not even be called, so bookend the call with the no
firmware call error and clear the error.
Since the "fw_err" field is really exitinfo2 split into the upper bits'
vmm error code and lower bits' firmware error code, convert the 64 bit
value to a union.
[ bp:
- Massage commit message
- adjust code
- Fix a build issue as
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202303070609.vX6wp2Af-lkp@intel.com
- print exitinfo2 in hex
Tom:
- Correct -EIO exit case. ]
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230214164638.1189804-5-dionnaglaze@google.com
Link: https://lore.kernel.org/r/20230307192449.24732-12-bp@alien8.de
Stable-dep-of: db10cb9b5746 ("virt: sevguest: Fix passing a stack buffer as a scatterlist target")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 001470fed5959d01faecbd57fcf2f60294da0de1 ]
Since the size value is added to the base address to yield the last valid
byte address of the GDT, the current size value of startup_gdt_descr is
incorrect (too large by one), fix it.
[ mingo: This probably never mattered, because startup_gdt[] is only used
in a very controlled fashion - but make it consistent nevertheless. ]
Fixes: 866b556efa ("x86/head/64: Install startup GDT")
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lore.kernel.org/r/20230807084547.217390-1-ytcoode@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f79936545fb122856bd78b189d3c7ee59928c751 ]
Previously, if copy_from_kernel_nofault() was called before
boot_cpu_data.x86_virt_bits was set up, then it would trigger undefined
behavior due to a shift by 64.
This ended up causing boot failures in the latest version of ubuntu2204
in the gcp project when using SEV-SNP.
Specifically, this function is called during an early #VC handler which
is triggered by a CPUID to check if NX is implemented.
Fixes: 1aa9aa8ee5 ("x86/sev-es: Setup GHCB-based boot #VC handler")
Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Adam Dunlap <acdunlap@google.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Jacob Xu <jacobhxu@google.com>
Link: https://lore.kernel.org/r/20230912002703.3924521-2-acdunlap@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8f012db27c9516be1a7aca93ea4a6ca9c75056c9 ]
numa_fill_memblks() fills in the gaps in numa_meminfo memblks
over an physical address range.
The ACPI driver will use numa_fill_memblks() to implement a new Linux
policy that prescribes extending proximity domains in a portion of a
CFMWS window to the entire window.
Dan Williams offered this explanation of the policy:
A CFWMS is an ACPI data structure that indicates *potential* locations
where CXL memory can be placed. It is the playground where the CXL
driver has free reign to establish regions. That space can be populated
by BIOS created regions, or driver created regions, after hotplug or
other reconfiguration.
When BIOS creates a region in a CXL Window it additionally describes
that subset of the Window range in the other typical ACPI tables SRAT,
SLIT, and HMAT. The rationale for BIOS not pre-describing the entire
CXL Window in SRAT, SLIT, and HMAT is that it can not predict the
future. I.e. there is nothing stopping higher or lower performance
devices being placed in the same Window. Compare that to ACPI memory
hotplug that just onlines additional capacity in the proximity domain
with little freedom for dynamic performance differentiation.
That leaves the OS with a choice, should unpopulated window capacity
match the proximity domain of an existing region, or should it allocate
a new one? This patch takes the simple position of minimizing proximity
domain proliferation by reusing any proximity domain intersection for
the entire Window. If the Window has no intersections then allocate a
new proximity domain. Note that SRAT, SLIT and HMAT information can be
enumerated dynamically in a standard way from device provided data.
Think of CXL as the end of ACPI needing to describe memory attributes,
CXL offers a standard discovery model for performance attributes, but
Linux still needs to interoperate with the old regime.
Reported-by: Derick Marks <derick.w.marks@intel.com>
Suggested-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Tested-by: Derick Marks <derick.w.marks@intel.com>
Link: https://lore.kernel.org/all/ef078a6f056ca974e5af85997013c0fda9e3326d.1689018477.git.alison.schofield%40intel.com
Stable-dep-of: 8f1004679987 ("ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1d1142ac51307145dbb256ac3535a1d43a1c9800 ]
Make the SBPB check more robust against the (possible) case where future
HW has SRSO fixed but doesn't have the SRSO_NO bit set.
Fixes: 1b5277c0ea0b ("x86/srso: Add SRSO_NO support")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/cee5050db750b391c9f35f5334f8ff40e66c01b9.1693889988.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 066baf92bed934c9fb4bcee97a193f47aa63431c ]
copy_mc_to_user() has the destination marked __user on powerpc, but not on
x86; the latter results in a sparse warning in lib/iov_iter.c.
Fix this by applying the tag on x86 too.
Fixes: ec6347bb43 ("x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}()")
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20230925120309.1731676-3-dhowells@redhat.com
cc: Dan Williams <dan.j.williams@intel.com>
cc: Thomas Gleixner <tglx@linutronix.de>
cc: Ingo Molnar <mingo@redhat.com>
cc: Borislav Petkov <bp@alien8.de>
cc: Dave Hansen <dave.hansen@linux.intel.com>
cc: "H. Peter Anvin" <hpa@zytor.com>
cc: Alexander Viro <viro@zeniv.linux.org.uk>
cc: Jens Axboe <axboe@kernel.dk>
cc: Christoph Hellwig <hch@lst.de>
cc: Christian Brauner <christian@brauner.io>
cc: Matthew Wilcox <willy@infradead.org>
cc: Linus Torvalds <torvalds@linux-foundation.org>
cc: David Laight <David.Laight@ACULAB.COM>
cc: x86@kernel.org
cc: linux-block@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
cc: linux-mm@kvack.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b65235f6e102354ccafda601eaa1c5bef5284d21 upstream.
The following problem exists since x2avic was enabled in the KVM:
svm_set_x2apic_msr_interception is called to enable the interception of
the x2apic msrs.
In particular it is called at the moment the guest resets its apic.
Assuming that the guest's apic was in x2apic mode, the reset will bring
it back to the xapic mode.
The svm_set_x2apic_msr_interception however has an erroneous check for
'!apic_x2apic_mode()' which prevents it from doing anything in this case.
As a result of this, all x2apic msrs are left unintercepted, and that
exposes the bare metal x2apic (if enabled) to the guest.
Oops.
Remove the erroneous '!apic_x2apic_mode()' check to fix that.
This fixes CVE-2023-5090
Fixes: 4d1d7942e3 ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928173354.217464-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 6.1.61
KVM: x86/pmu: Truncate counter value to allowed width on write
mmc: core: Align to common busy polling behaviour for mmc ioctls
mmc: block: ioctl: do write error check for spi
mmc: core: Fix error propagation for some ioctl commands
ASoC: codecs: wcd938x: Convert to platform remove callback returning void
ASoC: codecs: wcd938x: Simplify with dev_err_probe
ASoC: codecs: wcd938x: fix regulator leaks on probe errors
ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
pinctrl: qcom: lpass-lpi: fix concurrent register updates
mcb: Return actual parsed size when reading chameleon table
mcb-lpc: Reallocate memory region to avoid memory overlapping
virtio_balloon: Fix endless deflation and inflation on arm64
virtio-mmio: fix memory leak of vm_dev
virtio-crypto: handle config changed by work queue
virtio_pci: fix the common cfg map size
vsock/virtio: initialize the_virtio_vsock before using VQs
vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399
arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards
mm: fix vm_brk_flags() to not bail out while holding lock
hugetlbfs: clear resv_map pointer if mmap fails
mm/page_alloc: correct start page when guard page debug is enabled
mm/migrate: fix do_pages_move for compat pointers
hugetlbfs: extend hugetlb_vma_lock to private VMAs
maple_tree: add GFP_KERNEL to allocations in mas_expected_entries()
nfsd: lock_rename() needs both directories to live on the same fs
drm/i915/pmu: Check if pmu is closed before stopping event
drm/amd: Disable ASPM for VI w/ all Intel systems
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
ARM: OMAP: timer32K: fix all kernel-doc warnings
firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
clk: ti: Fix missing omap4 mcbsp functional clock and aliases
clk: ti: Fix missing omap5 mcbsp functional clock and aliases
r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
iavf: initialize waitqueues before starting watchdog_task
i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value
treewide: Spelling fix in comment
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
neighbour: fix various data-races
igc: Fix ambiguity in the ethtool advertising
net: ethernet: adi: adin1110: Fix uninitialized variable
net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show()
net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
r8152: Increase USB control msg timeout to 5000ms as per spec
r8152: Run the unload routine if we have errors during probe
r8152: Cancel hw_phy_work if we have an error in probe
r8152: Release firmware if we have an error in probe
tcp: fix wrong RTO timeout when received SACK reneging
gtp: uapi: fix GTPA_MAX
gtp: fix fragmentation needed check with gso
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO
iavf: in iavf_down, disable queues when removing the driver
scsi: sd: Introduce manage_shutdown device flag
blk-throttle: check for overflow in calculate_bytes_allowed
kasan: print the original fault addr when access invalid shadow
io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
iio: afe: rescale: Accept only offset channels
iio: exynos-adc: request second interupt only when touchscreen mode is used
iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds
iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
i2c: aspeed: Fix i2c bus hang in slave read
tracing/kprobes: Fix the description of variable length arguments
misc: fastrpc: Reset metadata buffer to avoid incorrect free
misc: fastrpc: Free DMA handles for RPC calls with no arguments
misc: fastrpc: Clean buffers on remote invocation failures
misc: fastrpc: Unmap only if buffer is unmapped from DSP
nvmem: imx: correct nregs for i.MX6ULL
nvmem: imx: correct nregs for i.MX6SLL
nvmem: imx: correct nregs for i.MX6UL
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
x86/cpu: Add model number for Intel Arrow Lake mobile processor
perf/core: Fix potential NULL deref
sparc32: fix a braino in fault handling in csum_and_copy_..._user()
clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name
platform/x86: Add s2idle quirk for more Lenovo laptops
ext4: add two helper functions extent_logical_end() and pa_logical_end()
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
ext4: avoid overlapping preallocations due to overflow
objtool/x86: add missing embedded_insn check
Linux 6.1.61
Note, this merge point also reverts commit
bb20a245df which is commit
24eca2dce0f8d19db808c972b0281298d0bafe99 upstream, as it conflicts with
the previous reverts for ABI issues, AND is an ABI break in itself. If
it is needed in the future, it can be brought back in an abi-safe way.
Change-Id: I425bfa3be6d65328e23affd52d10b827aea6e44a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.60
lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default
igc: remove I226 Qbv BaseTime restriction
igc: enable Qbv configuration for 2nd GCL
igc: Remove reset adapter task for i226 during disable tsn config
igc: Add qbv_config_change_errors counter
igc: Add condition for qbv_config_change_errors counter
igc: Fix race condition in PTP tx code
Bluetooth: hci_event: Ignore NULL link key
Bluetooth: Reject connection with the device which has same BD_ADDR
Bluetooth: Fix a refcnt underflow problem for hci_conn
Bluetooth: vhci: Fix race when opening vhci device
Bluetooth: hci_event: Fix coding style
Bluetooth: avoid memcmp() out of bounds warning
ice: fix over-shifted variable
ice: reset first in crash dump kernels
net/smc: return the right falback reason when prefix checks fail
btrfs: fix stripe length calculation for non-zoned data chunk allocation
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
regmap: fix NULL deref on lookup
KVM: x86: Mask LVTPC when handling a PMI
x86/sev: Disable MMIO emulation from user mode
x86/sev: Check IOBM for IOIO exceptions from user-space
x86/sev: Check for user-space IOIO pointing to kernel space
x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
x86: KVM: SVM: add support for Invalid IPI Vector interception
x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested()
audit,io_uring: io_uring openat triggers audit reference count underflow
tcp: check mptcp-level constraints for backlog coalescing
mptcp: more conservative check for zero probes
fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e()
fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea()
fs/ntfs3: fix deadlock in mark_as_free_ex
netfilter: nft_payload: fix wrong mac header matching
nvmet-tcp: Fix a possible UAF in queue intialization setup
drm/i915: Retry gtt fault when out of fence registers
drm/mediatek: Correctly free sg_table in gem prime vmap
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx
ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors
ASoC: codecs: wcd938x: drop bogus bind error handling
ASoC: codecs: wcd938x: fix unbind tear down order
ASoC: codecs: wcd938x: fix resource leaks on bind errors
qed: fix LL2 RX buffer allocation
xfrm: fix a data-race in xfrm_lookup_with_ifid()
xfrm: fix a data-race in xfrm_gen_index()
xfrm: interface: use DEV_STATS_INC()
wifi: cfg80211: use system_unbound_wq for wiphy work
net: ipv4: fix return value check in esp_remove_trailer
net: ipv6: fix return value check in esp_remove_trailer
net: rfkill: gpio: prevent value glitch during probe
tcp: fix excessive TLP and RACK timeouts from HZ rounding
tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
tcp: Fix listen() warning with v4-mapped-v6 address.
tun: prevent negative ifindex
ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
octeon_ep: update BQL sent bytes before ringing doorbell
i40e: prevent crash on probe if hw registers have invalid values
net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
bonding: Return pointer to data after pull on skb
net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
selftests: openvswitch: Catch cases where the tests are killed
selftests: netfilter: Run nft_audit.sh in its own netns
netfilter: nft_set_rbtree: .deactivate fails if element has expired
netlink: Correct offload_xstats size
netfilter: nf_tables: do not remove elements if set backend implements .abort
netfilter: nf_tables: revert do not remove elements if set backend implements .abort
net: phy: bcm7xxx: Add missing 16nm EPHY statistics
net: pktgen: Fix interface flags printing
net: avoid UAF on deleted altname
net: fix ifname in netlink ntf during netns move
net: check for altname conflicts when changing netdev's netns
selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error
usb: misc: onboard_usb_hub: add Genesys Logic GL850G hub support
usb: misc: onboard_usb_hub: add Genesys Logic GL852G hub support
usb: misc: onboard_usb_hub: add Genesys Logic GL3523 hub support
usb: misc: onboard_hub: add support for Microchip USB2412 USB 2.0 hub
serial: Move uart_change_speed() earlier
serial: Rename uart_change_speed() to uart_change_line_settings()
serial: Reduce spinlocked portion of uart_rs485_config()
serial: 8250: omap: Fix imprecise external abort for omap_8250_pm()
serial: 8250_omap: Fix errors with no_console_suspend
iio: core: introduce iio_device_{claim|release}_buffer_mode() APIs
iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data()
iio: adc: ad7192: Simplify using devm_regulator_get_enable()
iio: adc: ad7192: Correct reference voltage
pwr-mlxbf: extend Kconfig to include gpio-mlxbf3 dependency
ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
fs-writeback: do not requeue a clean inode having skipped pages
btrfs: prevent transaction block reserve underflow when starting transaction
btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
btrfs: initialize start_slot in btrfs_log_prealloc_extents
i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
overlayfs: set ctime when setting mtime and atime
gpio: timberdale: Fix potential deadlock on &tgpio->lock
ata: libata-core: Fix compilation warning in ata_dev_config_ncq()
ata: libata-eh: Fix compilation warning in ata_eh_link_report()
tracing: relax trace_event_eval_update() execution with cond_resched()
wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
wifi: iwlwifi: Ensure ack flag is properly cleared.
HID: logitech-hidpp: Add Bluetooth ID for the Logitech M720 Triathlon mouse
HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
Bluetooth: btusb: add shutdown function for QCA6174
Bluetooth: Avoid redundant authentication
Bluetooth: hci_core: Fix build warnings
wifi: cfg80211: Fix 6GHz scan configuration
wifi: mac80211: work around Cisco AP 9115 VHT MPDU length
wifi: mac80211: allow transmitting EAPOL frames with tainted key
wifi: cfg80211: avoid leaking stack data into trace
regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()"
sky2: Make sure there is at least one frag_addr available
ipv4/fib: send notify when delete source address routes
drm: panel-orientation-quirks: Add quirk for One Mix 2S
btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
btrfs: error out when COWing block using a stale transaction
btrfs: error when COWing block from a root that is being deleted
btrfs: error out when reallocating block for defrag using a stale transaction
drm/amd/pm: add unique_id for gc 11.0.3
HID: multitouch: Add required quirk for Synaptics 0xcd7e device
HID: nintendo: reinitialize USB Pro Controller after resuming from suspend
platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
cpufreq: schedutil: Update next_freq when cpufreq_limits change
fprobe: Pass entry_data to handlers
fprobe: Add nr_maxactive to specify rethook_node pool size
fprobe: Fix to ensure the number of active retprobes is not zero
net: xfrm: skip policies marked as dead while reinserting policies
xfrm6: fix inet6_dev refcount underflow problem
net/mlx5: E-switch, register event handler before arming the event
net/mlx5: Handle fw tracer change ownership event based on MTRC
net/mlx5e: Don't offload internal port if filter device is out device
net/tls: split tls_rx_reader_lock
tcp: allow again tcp_disconnect() when threads are waiting
ice: Remove redundant pci_enable_pcie_error_reporting()
Bluetooth: hci_event: Fix using memcmp when comparing keys
selftests: openvswitch: Add version check for pyroute2
tcp_bpf: properly release resources on error paths
net/smc: fix smc clc failed issue when netdevice not in init_net
mtd: rawnand: qcom: Unmap the right resource upon probe failure
mtd: rawnand: pl353: Ensure program page operations are successful
mtd: rawnand: marvell: Ensure program page operations are successful
mtd: rawnand: arasan: Ensure program page operations are successful
mtd: spinand: micron: correct bitmask for ecc status
mtd: physmap-core: Restore map_rom fallback
dt-bindings: mmc: sdhci-msm: correct minimum number of clocks
mmc: sdhci-pci-gli: fix LPM negotiation so x86/S0ix SoCs can suspend
mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
mmc: core: sdio: hold retuning if sdio in 1-bit mode
mmc: core: Capture correct oemid-bits for eMMC cards
Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
pNFS: Fix a hang in nfs4_evict_inode()
pNFS/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats
NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server
ACPI: irq: Fix incorrect return value in acpi_register_gsi()
nfs42: client needs to strip file mode's suid/sgid bit after ALLOCATE op
nvme: sanitize metadata bounce buffer for reads
nvme-pci: add BOGUS_NID for Intel 0a54 device
nvmet-auth: complete a request only after freeing the dhchap pointers
nvme-rdma: do not try to stop unallocated queues
KVM: x86/mmu: Stop zapping invalidated TDP MMU roots asynchronously
HID: input: map battery system charging
USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
USB: serial: option: add entry for Sierra EM9191 with new firmware
USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
perf: Disallow mis-matched inherited group reads
s390/pci: fix iommu bitmap allocation
selftests/ftrace: Add new test case which checks non unique symbol
s390/cio: fix a memleak in css_alloc_subchannel
platform/surface: platform_profile: Propagate error if profile registration fails
platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
platform/x86: asus-wmi: Only map brightness codes when using asus-wmi backlight control
platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
gpio: vf610: set value before the direction to avoid a glitch
ASoC: pxa: fix a memory leak in probe()
drm/bridge: ti-sn65dsi86: Associate DSI device lifetime with auxiliary device
serial: 8250: omap: Move uart_write() inside PM section
serial: 8250: omap: convert to modern PM ops
kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[]
kallsyms: Add helper kallsyms_on_each_match_symbol()
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
gpio: vf610: make irq_chip immutable
gpio: vf610: mask the gpio irq in system suspend and support wakeup
phy: mapphone-mdm6600: Fix runtime disable on probe
phy: mapphone-mdm6600: Fix runtime PM for remove
phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
net: move altnames together with the netdevice
Bluetooth: hci_sock: fix slab oob read in create_monitor_event
Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
mptcp: avoid sending RST when closing the initial subflow
selftests: mptcp: join: correctly check for no RST
selftests: mptcp: join: no RST when rm subflow/addr
Linux 6.1.60
Change-Id: I85a246fd8800df019794b531f5befe0a84a3e138
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUxmvQACgkQONu9yGCS
aT79txAAsdMG7H4n6wai9EsZa6fpenp5MaQdice97FinKvS3El1hmlNOJPY2idAC
hFnfhebrWsyStCUcUs2KeiosZwKoKSRuIZ2l43P9o4tNbAoaJfp7EOihCKSJyl1K
qcu1P7AJZH2GfR3wS86grRjlembwxYNaFVS+n4a9X3XfoMOTM9TLwIPyKzXmruUv
4FjTH6clfQbg7lu80nPBeps1FKd2XXhiLfFH21ilnSY8ESQEKo0x10Vbi0/LqE/F
QxvP2bFRMXyKl9HHQMAkIIjpQH+hZDzpbGx1hoC2I0xc92dTERHzzZxWkuUt2e/Y
zGrgQ3gQR8VkpuhPuFRrSu3bZUlEr74zRyp3sXBG0RSOpK13xSYgcdRzBac/L0zT
aSqvmIYuLnjf6qE85LEp/NAQAgKxQ2S2nGwSoN+cePb/zB0qlyXNfSsPg2mptOTi
MOxgldZg10oNh0VXEayhtoJGUCJBjk1XUor0bAFj4u4GCiBbFfAt3e5fF0jauMva
9b2s89qE5444dr98kdAcd79mEI0xkX9SbjCTY9lwTzA7xk+7iw+vOchLC7fQWoyf
gspg7PdzCaFnDAS3WiIR3NqkSlGpv426Kr3kd/8jrLA3VB81Rb6bFX+E7iRzVJsd
/YShEGesDA16aZ5BDnOMXMHzFbTEgfNDH1AiJoJcjq/V5cIuSc0=
=Dwcv
-----END PGP SIGNATURE-----
Merge 6.1.59 into android14-6.1-lts
Changes in 6.1.59
net: mana: Fix TX CQE error handling
mptcp: fix delegated action races
drm/i915: Don't set PIPE_CONTROL_FLUSH_L3 for aux inval
RDMA/cxgb4: Check skb value for failure to allocate
perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
platform/x86: think-lmi: Fix reference leak
platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning
scsi: Do not rescan devices with a suspended queue
HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
quota: Fix slow quotaoff
ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM
ata: libata-scsi: Disable scsi device manage_system_start_stop
net: prevent address rewrite in kernel_bind()
arm64: dts: qcom: sm8150: extend the size of the PDC resource
dt-bindings: interrupt-controller: renesas,rzg2l-irqc: Update description for '#interrupt-cells' property
irqchip: renesas-rzg2l: Fix logic to clear TINT interrupt source
KEYS: trusted: Remove redundant static calls usage
ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
ALSA: hda/realtek: Change model for Intel RVP board
ASoC: SOF: amd: fix for firmware reload failure after playback
ASoC: simple-card-utils: fixup simple_util_startup() error handling
ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in MTL match table
ASoC: Intel: sof_sdw: add support for SKU 0B14
ASoC: Intel: soc-acpi: Add entry for sof_es8336 in MTL match table.
ASoC: Use of_property_read_bool() for boolean properties
ASoC: fsl_sai: MCLK bind with TX/RX enable bit
ASoC: fsl_sai: Don't disable bitclock for i.MX8MP
ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED
ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx
ALSA: hda/realtek - ALC287 I2S speaker platform support
ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP
pinctrl: nuvoton: wpcm450: fix out of bounds write
drm/msm/dp: do not reinitialize phy unless retry during link training
drm/msm/dsi: skip the wait for video mode done if not applicable
drm/msm/dsi: fix irq_of_parse_and_map() error checking
drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
drm/msm/dp: Add newlines to debug printks
phy: lynx-28g: cancel the CDR check work item on the remove path
phy: lynx-28g: lock PHY while performing CDR lock workaround
phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers
net: dsa: qca8k: fix potential MDIO bus conflict when accessing internal PHYs via management frames
can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
can: sun4i_can: Only show Kconfig if ARCH_SUNXI is set
arm64: dts: mediatek: mt8195: Set DSU PMU status to fail
ravb: Fix up dma_free_coherent() call in ravb_remove()
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
xen-netback: use default TX queue size for vifs
riscv, bpf: Factor out emit_call for kernel and bpf context
riscv, bpf: Sign-extend return values
drm/vmwgfx: fix typo of sizeof argument
bpf: Fix verifier log for async callback return values
net: refine debug info in skb_checksum_help()
net: macsec: indicate next pn update when offloading
net: phy: mscc: macsec: reject PN update requests
net/mlx5e: macsec: use update_pn flag instead of PN comparation
ixgbe: fix crash with empty VF macvlan list
net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
net/smc: Fix pos miscalculation in statistics
pinctrl: renesas: rzn1: Enable missing PINMUX
nfc: nci: assert requested protocol is valid
workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
tcp: enforce receive buffer memory limits by allowing the tcp window to shrink
dmaengine: stm32-mdma: abort resume if no ongoing transfer
dmaengine: stm32-dma: fix stm32_dma_prep_slave_sg in case of MDMA chaining
dmaengine: stm32-dma: fix residue in case of MDMA chaining
dmaengine: stm32-mdma: use Link Address Register to compute residue
dmaengine: stm32-mdma: set in_flight_bytes in case CRQA flag is set
usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
usb: dwc3: Soft reset phy on probe for host
usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled
usb: hub: Guard against accesses to uninitialized BOS descriptors
usb: musb: Get the musb_qh poniter after musb_giveback
usb: musb: Modify the "HWVers" register address
iio: pressure: bmp280: Fix NULL pointer exception
iio: imu: bno055: Fix missing Kconfig dependencies
iio: adc: imx8qxp: Fix address for command buffer registers
iio: dac: ad3552r: Correct device IDs
iio: admv1013: add mixer_vgate corner cases
iio: pressure: dps310: Adjust Timeout Settings
iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
iio: addac: Kconfig: update ad74413r selections
arm64: dts: mediatek: mt8195-demo: fix the memory size to 8GB
arm64: dts: mediatek: mt8195-demo: update and reorder reserved memory regions
drm/atomic-helper: relax unregistered connector check
drm/amdgpu: add missing NULL check
drm/amd/display: Don't set dpms_off for seamless boot
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
ACPI: EC: Add quirk for the HP Pavilion Gaming 15-dk1xxx
ksmbd: not allow to open file if delelete on close bit is set
perf/x86/lbr: Filter vsyscall addresses
x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
mcb: remove is_added flag from mcb_device struct
thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge
thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding
thunderbolt: Restart XDomain discovery handshake after failure
powerpc/47x: Fix 47x syscall return crash
libceph: use kernel_connect()
ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
ceph: fix type promotion bug on 32bit systems
Input: powermate - fix use-after-free in powermate_config_complete
Input: psmouse - fix fast_reconnect function for PS/2 mode
Input: xpad - add PXN V900 support
Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case
tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
mctp: perform route lookups under a RCU read-side lock
nfp: flower: avoid rmmod nfp crash issues
usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope
cgroup: Remove duplicates in cgroup v1 tasks file
dma-buf: add dma_fence_timestamp helper
pinctrl: avoid unsafe code pattern in find_pinctrl()
scsi: ufs: core: Correct clear TM error log
counter: chrdev: fix getting array extensions
counter: microchip-tcb-capture: Fix the use of internal GCLK logic
usb: typec: altmodes/displayport: Signal hpd low when exiting mode
usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
usb: cdnsp: Fixes issue with dequeuing not queued requests
x86/alternatives: Disable KASAN in apply_alternatives()
dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq
dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
ALSA: hda/realtek - Fixed two speaker platform
Linux 6.1.59
Change-Id: Iaae6736993c003cc47f495f275591bbb924f986e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b99d70c0d1380f1368fd4a82271280c4fd28558b upstream.
For "reasons" Intel has code-named this CPU with a "_H" suffix.
[ dhansen: As usual, apply this and send it upstream quickly to
make it easier for anyone who is doing work that
consumes this. ]
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/all/20231025202513.12358-1-tony.luck%40intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 128b0c9781c9f2651bea163cb85e52a6c7be0f9e upstream.
David and a few others reported that on certain newer systems some legacy
interrupts fail to work correctly.
Debugging revealed that the BIOS of these systems leaves the legacy PIC in
uninitialized state which makes the PIC detection fail and the kernel
switches to a dummy implementation.
Unfortunately this fallback causes quite some code to fail as it depends on
checks for the number of legacy PIC interrupts or the availability of the
real PIC.
In theory there is no reason to use the PIC on any modern system when
IO/APIC is available, but the dependencies on the related checks cannot be
resolved trivially and on short notice. This needs lots of analysis and
rework.
The PIC detection has been added to avoid quirky checks and force selection
of the dummy implementation all over the place, especially in VM guest
scenarios. So it's not an option to revert the relevant commit as that
would break a lot of other scenarios.
One solution would be to try to initialize the PIC on detection fail and
retry the detection, but that puts the burden on everything which does not
have a PIC.
Fortunately the ACPI/MADT table header has a flag field, which advertises
in bit 0 that the system is PCAT compatible, which means it has a legacy
8259 PIC.
Evaluate that bit and if set avoid the detection routine and keep the real
PIC installed, which then gets initialized (for nothing) and makes the rest
of the code with all the dependencies work again.
Fixes: e179f69141 ("x86, irq, pic: Probe for legacy PIC and set legacy_pic appropriately")
Reported-by: David Lazar <dlazar@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: David Lazar <dlazar@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Cc: stable@vger.kernel.org
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218003
Link: https://lore.kernel.org/r/875y2u5s8g.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b29a2acd36dd7a33c63f260df738fb96baa3d4f8 ]
Performance counters are defined to have width less than 64 bits. The
vPMU code maintains the counters in u64 variables but assumes the value
to fit within the defined width. However, for Intel non-full-width
counters (MSR_IA32_PERFCTRx) the value receieved from the guest is
truncated to 32 bits and then sign-extended to full 64 bits. If a
negative value is set, it's sign-extended to 64 bits, but then in
kvm_pmu_incr_counter() it's incremented, truncated, and compared to the
previous value for overflow detection.
That previous value is not truncated, so it always evaluates bigger than
the truncated new one, and a PMI is injected. If the PMI handler writes
a negative counter value itself, the vCPU never quits the PMI loop.
Turns out that Linux PMI handler actually does write the counter with
the value just read with RDPMC, so when no full-width support is exposed
via MSR_IA32_PERF_CAPABILITIES, and the guest initializes the counter to
a negative value, it locks up.
This has been observed in the field, for example, when the guest configures
atop to use perfevents and runs two instances of it simultaneously.
To address the problem, maintain the invariant that the counter value
always fits in the defined bit width, by truncating the received value
in the respective set_msr methods. For better readability, factor the
out into a helper function, pmc_write_counter(), shared by vmx and svm
parts.
Fixes: 9cd803d496 ("KVM: x86: Update vPMCs when retiring instructions")
Cc: stable@vger.kernel.org
Signed-off-by: Roman Kagan <rkagan@amazon.de>
Link: https://lore.kernel.org/all/20230504120042.785651-1-rkagan@amazon.de
Tested-by: Like Xu <likexu@tencent.com>
[sean: tweak changelog, s/set/write in the helper]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUlrb4ACgkQONu9yGCS
aT4b+hAAgvFC6P+XmyyNXJ9ISHLkgSlcIAdatb+qeOCUtdiWHqfxIha13FdnCdhL
WS2c/O9ORfAzjFwnYWF6LBwH8ArxRSkAXrGCMuCkEFBP3cG/j2HD+XLAAYEuBjjb
sf1fw8e8VSgaPEOnwXie5rTfAY4VnZKEtZjAxjyIQnJKVVKfxQRb8CyaWDPzPD0Z
tL/iABt7UWNHZayHTHsh0YhF2UhXtOjHinWigEarcZQEvOB2qRQtFl71cnqosi+t
3ZRZzepH7/Fx3v6/H/6PNq+GSI/ZzhOiCQolVV5YcMGHXsW9cP6arjLUxco5pzpk
pEg0vdMq47JOZYQ2pIewG4t7+NLmFIxCRFnKQVbxeFNSY9c1jhd8g5lhx9YEXwjT
BzMtV5DnZoaoMdq2P1STw/+RVYrDI1Lm6jqfgw/D27b7LzQ13VsGM9BJ1rCs8Hm7
UhWyjwFcgo0vhpfML1RF0RtT9Mo5SOnpGPfpbFdjg8jdXlGknNH0QsH+EY/BpF8l
h77P5BvoNIjsIN3B1YunfXtFXhx3h0sI8zZrqHR+zhOeWGsXcqQ5mZ/lYdYKkKuH
R8LRB7shPndF4xdRX0uRXwomcXhs+60eA5xEvE9u0CqqdpXfQN5oTwixfCm2C8MS
O5Fc7hfvK11XtR3ja+y3KRhiNG3YsfW2PXnlOfZxMZ6iPqXtA/o=
=5/pn
-----END PGP SIGNATURE-----
Merge 6.1.57 into android14-6.1-lts
Changes in 6.1.57
spi: zynqmp-gqspi: fix clock imbalance on probe failure
ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
mptcp: rename timer related helper to less confusing names
mptcp: fix dangling connection hang-up
mptcp: annotate lockless accesses to sk->sk_err
mptcp: move __mptcp_error_report in protocol.c
mptcp: process pending subflow error on close
ata,scsi: do not issue START STOP UNIT on resume
scsi: sd: Differentiate system and runtime start/stop management
scsi: sd: Do not issue commands to suspended disks on shutdown
scsi: core: Improve type safety of scsi_rescan_device()
scsi: Do not attempt to rescan suspended devices
ata: libata-scsi: Fix delayed scsi_rescan_device() execution
NFS: Cleanup unused rpc_clnt variable
NFS: rename nfs_client_kset to nfs_kset
NFSv4: Fix a state manager thread deadlock regression
mm/memory: add vm_normal_folio()
mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()
mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified
mm/page_alloc: always remove pages from temporary list
mm/page_alloc: leave IRQs enabled for per-cpu page allocations
mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
ring-buffer: remove obsolete comment for free_buffer_page()
ring-buffer: Fix bytes info in per_cpu buffer stats
btrfs: use struct qstr instead of name and namelen pairs
btrfs: setup qstr from dentrys using fscrypt helper
btrfs: use struct fscrypt_str instead of struct qstr
Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
net: add sysctl accept_ra_min_rtr_lft
net: change accept_ra_min_rtr_lft to affect all RA lifetimes
net: release reference to inet6_dev pointer
arm64: cpufeature: Fix CLRBHB and BC detection
drm/amd/display: Adjust the MST resume flow
iommu/arm-smmu-v3: Set TTL invalidation hint better
iommu/arm-smmu-v3: Avoid constructing invalid range commands
rbd: move rbd_dev_refresh() definition
rbd: decouple header read-in from updating rbd_dev->header
rbd: decouple parent info read-in from updating rbd_dev
rbd: take header_rwsem in rbd_dev_refresh() only when updating
block: fix use-after-free of q->q_usage_counter
hwmon: (nzxt-smart2) Add device id
hwmon: (nzxt-smart2) add another USB ID
i40e: fix the wrong PTP frequency calculation
scsi: zfcp: Fix a double put in zfcp_port_enqueue()
iommu/vt-d: Avoid memory allocation in iommu_suspend()
vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
net: ethernet: mediatek: disable irq before schedule napi
mptcp: userspace pm allow creating id 0 subflow
qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
Bluetooth: hci_codec: Fix leaking content of local_codecs
Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
wifi: mwifiex: Fix tlv_buf_left calculation
md/raid5: release batch_last before waiting for another stripe_head
PCI: qcom: Fix IPQ8074 enumeration
net: replace calls to sock->ops->connect() with kernel_connect()
net: prevent rewrite of msg_name in sock_sendmsg()
drm/amd: Fix detection of _PR3 on the PCIe root port
drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
arm64: Add Cortex-A520 CPU part definition
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
HID: sony: Fix a potential memory leak in sony_probe()
ubi: Refuse attaching if mtd's erasesize is 0
erofs: fix memory leak of LZMA global compressed deduplication
wifi: iwlwifi: dbg_ini: fix structure packing
wifi: iwlwifi: mvm: Fix a memory corruption issue
wifi: cfg80211: hold wiphy lock in auto-disconnect
wifi: cfg80211: move wowlan disable under locks
wifi: cfg80211: add a work abstraction with special semantics
wifi: cfg80211: fix cqm_config access race
wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
bpf: Fix tr dereferencing
regulator: mt6358: Drop *_SSHUB regulators
regulator: mt6358: Use linear voltage helpers for single range regulators
regulator: mt6358: split ops for buck and linear range LDO regulators
Bluetooth: Delete unused hci_req_prepare_suspend() declaration
Bluetooth: ISO: Fix handling of listen for unicast
drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
perf/x86/amd/core: Fix overflow reset on hotplug
regmap: rbtree: Fix wrong register marked as in-cache when creating new node
wifi: mac80211: fix potential key use-after-free
perf/x86/amd: Do not WARN() on every IRQ
iommu/mediatek: Fix share pgtable for iova over 4GB
regulator/core: regulator_register: set device->class earlier
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
scsi: target: core: Fix deadlock due to recursive locking
ima: rework CONFIG_IMA dependency block
NFSv4: Fix a nfs4_state_manager() race
bpf: tcp_read_skb needs to pop skb regardless of seq
bpf, sockmap: Do not inc copied_seq when PEEK flag set
bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
modpost: add missing else to the "of" check
net: fix possible store tearing in neigh_periodic_work()
bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
neighbour: annotate lockless accesses to n->nud_state
neighbour: switch to standard rcu, instead of rcu_bh
neighbour: fix data-races around n->output
ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
ptp: ocp: Fix error handling in ptp_ocp_device_init
net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling
net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
net: nfc: llcp: Add lock when modifying device list
net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns()
ibmveth: Remove condition to recompute TCP header checksum.
netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
selftests: netfilter: Test nf_tables audit logging
selftests: netfilter: Extend nft_audit.sh
netfilter: nf_tables: Deduplicate nft_register_obj audit logs
netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
ipv4: Set offload_failed flag in fibmatch results
net: stmmac: dwmac-stm32: fix resume on STM32 MCU
tipc: fix a potential deadlock on &tx->lock
tcp: fix quick-ack counting to count actual ACKs of new data
tcp: fix delayed ACKs for MSS boundary condition
sctp: update transport state when processing a dupcook packet
sctp: update hb timer immediately after users change hb_interval
netlink: split up copies in the ack construction
netlink: Fix potential skb memleak in netlink_ack
netlink: annotate data-races around sk->sk_err
HID: sony: remove duplicate NULL check before calling usb_free_urb()
HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
intel_idle: add Emerald Rapids Xeon support
smb: use kernel_connect() and kernel_bind()
parisc: Fix crash with nr_cpus=1 option
dm zoned: free dmz->ddev array in dmz_put_zoned_devices
RDMA/core: Require admin capabilities to set system parameters
of: dynamic: Fix potential memory leak in of_changeset_action()
IB/mlx4: Fix the size of a buffer in add_port_entries()
gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
gpio: pxa: disable pinctrl calls for MMP_GPIO
RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
RDMA/cma: Fix truncation compilation warning in make_cma_ports
RDMA/uverbs: Fix typo of sizeof argument
RDMA/srp: Do not call scsi_done() from srp_abort()
RDMA/siw: Fix connection failure handling
RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
RDMA/mlx5: Fix NULL string error
x86/sev: Use the GHCB protocol when available for SNP CPUID requests
ksmbd: fix race condition between session lookup and expire
ksmbd: fix uaf in smb20_oplock_break_ack
parisc: Restore __ldcw_align for PA-RISC 2.0 processors
ipv6: remove nexthop_fib6_nh_bh()
vrf: Fix lockdep splat in output path
btrfs: fix an error handling path in btrfs_rename()
btrfs: fix fscrypt name leak after failure to join log transaction
netlink: remove the flex array from struct nlmsghdr
btrfs: file_remove_privs needs an exclusive lock in direct io write
ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh()
xen/events: replace evtchn_rwlock with RCU
Linux 6.1.57
Change-Id: I2c200264df72a9043d91d31479c91b0d7f94863e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.56
NFS: Fix error handling for O_DIRECT write scheduling
NFS: Fix O_DIRECT locking issues
NFS: More O_DIRECT accounting fixes for error paths
NFS: Use the correct commit info in nfs_join_page_group()
NFS: More fixes for nfs_direct_write_reschedule_io()
NFS/pNFS: Report EINVAL errors from connect() to the server
SUNRPC: Mark the cred for revalidation if the server rejects it
NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server
NFSv4.1: fix pnfs MDS=DS session trunking
media: v4l: Use correct dependency for camera sensor drivers
media: via: Use correct dependency for camera sensor drivers
netfs: Only call folio_start_fscache() one time for each folio
dm: fix a race condition in retrieve_deps
btrfs: improve error message after failure to add delayed dir index item
btrfs: remove BUG() after failure to insert delayed dir index item
ext4: replace the traditional ternary conditional operator with with max()/min()
ext4: move setting of trimmed bit into ext4_try_to_trim_range()
ext4: do not let fstrim block system suspend
netfilter: nf_tables: don't skip expired elements during walk
netfilter: nf_tables: GC transaction API to avoid race with control plane
netfilter: nf_tables: adapt set backend to use GC transaction API
netfilter: nft_set_hash: mark set element as dead when deleting from packet path
netfilter: nf_tables: remove busy mark and gc batch API
netfilter: nf_tables: don't fail inserts if duplicate has expired
netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
netfilter: nf_tables: GC transaction race with netns dismantle
netfilter: nf_tables: GC transaction race with abort path
netfilter: nf_tables: use correct lock to protect gc_list
netfilter: nf_tables: defer gc run if previous batch is still pending
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
netfilter: nf_tables: fix memleak when more than 255 elements expired
ASoC: meson: spdifin: start hw on dai probe
netfilter: nf_tables: disallow element removal on anonymous sets
bpf: Avoid deadlock when using queue and stack maps from NMI
ASoC: rt5640: Revert "Fix sleep in atomic context"
ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode
ALSA: hda/realtek: Splitting the UX3402 into two separate models
netfilter: conntrack: fix extension size table
selftests: tls: swap the TX and RX sockets in some tests
net/core: Fix ETH_P_1588 flow dissector
ASoC: hdaudio.c: Add missing check for devm_kstrdup
ASoC: imx-audmix: Fix return error with devm_clk_get()
octeon_ep: fix tx dma unmap len values in SG
iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set
ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful
iavf: add iavf_schedule_aq_request() helper
iavf: schedule a request immediately after add/delete vlan
i40e: Fix VF VLAN offloading when port VLAN is configured
netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry()
ionic: fix 16bit math issue when PAGE_SIZE >= 64KB
igc: Fix infinite initialization loop with early XDP redirect
ipv4: fix null-deref in ipv4_link_failure
scsi: iscsi_tcp: restrict to TCP sockets
powerpc/perf/hv-24x7: Update domain value check
dccp: fix dccp_v4_err()/dccp_v6_err() again
x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
net: hsr: Properly parse HSRv1 supervisor frames.
platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt()
platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command()
platform/x86: intel_scu_ipc: Fail IPC send if still busy
x86/srso: Fix srso_show_state() side effect
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
net: hns3: add cmdq check for vf periodic service task
net: hns3: fix GRE checksum offload issue
net: hns3: only enable unicast promisc when mac table full
net: hns3: fix fail to delete tc flower rules during reset issue
net: hns3: add 5ms delay before clear firmware reset irq source
net: bridge: use DEV_STATS_INC()
team: fix null-ptr-deref when team device type is changed
net: rds: Fix possible NULL-pointer dereference
netfilter: nf_tables: disable toggling dormant table state more than once
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
i915/pmu: Move execlist stats initialization to execlist specific setup
locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested()
net: ena: Flush XDP packets on error.
bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
octeontx2-pf: Do xdp_do_flush() after redirects.
igc: Expose tx-usecs coalesce setting to user
proc: nommu: /proc/<pid>/maps: release mmap read lock
proc: nommu: fix empty /proc/<pid>/maps
cifs: Fix UAF in cifs_demultiplex_thread()
gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
i2c: mux: gpio: Add missing fwnode_handle_put()
i2c: xiic: Correct return value check for xiic_reinit()
ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size
ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen
ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names
ARM: dts: qcom: msm8974pro-castor: correct touchscreen syna,nosleep-mode
f2fs: optimize iteration over sparse directories
f2fs: get out of a repeat loop when getting a locked data page
s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL
arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
wifi: ath11k: fix tx status reporting in encap offload mode
wifi: ath11k: Cleanup mac80211 references on failure during tx_complete
scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called
scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
drm/amdkfd: Insert missing TLB flush on GFX10 and later
btrfs: reset destination buffer when read_extent_buffer() gets invalid range
vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
spi: spi-gxp: BUG: Correct spi write return value
drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet
bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset()
bus: ti-sysc: Fix missing AM35xx SoC matching
firmware: arm_scmi: Harden perf domain info access
firmware: arm_scmi: Fixup perf power-cost/microwatt support
power: supply: mt6370: Fix missing error code in mt6370_chg_toggle_cfo()
clk: sprd: Fix thm_parents incorrect configuration
clk: tegra: fix error return case for recalc_rate
ARM: dts: omap: correct indentation
ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4
ARM: dts: Unify pwm-omap-dmtimer node names
ARM: dts: Unify pinctrl-single pin group nodes for omap4
ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
power: supply: ucs1002: fix error code in ucs1002_get_property()
firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
xtensa: add default definition for XCHAL_HAVE_DIV32
xtensa: iss/network: make functions static
xtensa: boot: don't add include-dirs
xtensa: umulsidi3: fix conditional expression
xtensa: boot/lib: fix function prototypes
power: supply: rk817: Fix node refcount leak
selftests/powerpc: Use CLEAN macro to fix make warning
selftests/powerpc: Pass make context to children
selftests/powerpc: Fix emit_tests to work with run_kselftest.sh
soc: imx8m: Enable OCOTP clock for imx8mm before reading registers
arm64: dts: imx: Add imx8mm-prt8mm.dtb to build
firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND
gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
i2c: npcm7xx: Fix callback completion ordering
x86/reboot: VMCLEAR active VMCSes before emergency reboot
ceph: drop messages from MDS when unmounting
dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
bpf: Annotate bpf_long_memcpy with data_race
spi: sun6i: reduce DMA RX transfer width to single byte
spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
parisc: sba: Fix compile warning wrt list of SBA devices
parisc: iosapic.c: Fix sparse warnings
parisc: drivers: Fix sparse warning
parisc: irq: Make irq_stack_union static to avoid sparse warning
scsi: qedf: Add synchronization between I/O completions and abort
scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock
scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command
selftests/ftrace: Correctly enable event in instance-event.tc
ring-buffer: Avoid softlockup in ring_buffer_resize()
btrfs: assert delayed node locked when removing delayed item
selftests: fix dependency checker script
ring-buffer: Do not attempt to read past "commit"
net/smc: bugfix for smcr v2 server connect success statistic
ata: sata_mv: Fix incorrect string length computation in mv_dump_mem()
platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig
platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode
thermal/of: add missing of_node_put()
drm/amd/display: Don't check registers, if using AUX BL control
drm/amdgpu/soc21: don't remap HDP registers for SR-IOV
drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
drm/amdgpu: Handle null atom context in VBIOS info ioctl
riscv: errata: fix T-Head dcache.cva encoding
scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP
ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
spi: nxp-fspi: reset the FLSHxCR1 registers
spi: stm32: add a delay before SPI disable
ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
spi: intel-pci: Add support for Granite Rapids SPI serial flash
bpf: Clarify error expectations from bpf_clone_redirect
ALSA: hda: intel-sdw-acpi: Use u8 type for link index
ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width.
ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low
firmware: cirrus: cs_dsp: Only log list of algorithms in debug build
memblock tests: fix warning: "__ALIGN_KERNEL" redefined
memblock tests: fix warning ‘struct seq_file’ declared inside parameter list
ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
media: vb2: frame_vector.c: replace WARN_ONCE with a comment
NFSv4.1: fix zero value filehandle in post open getattr
ASoC: SOF: Intel: MTL: Reduce the DSP init timeout
powerpc/watchpoints: Disable preemption in thread_change_pc()
powerpc/watchpoint: Disable pagefaults when getting user instruction
powerpc/watchpoints: Annotate atomic context in more places
ncsi: Propagate carrier gain/loss events to the NCSI controller
net: hsr: Add __packed to struct hsr_sup_tlv.
tsnep: Fix NAPI scheduling
tsnep: Fix NAPI polling with budget 0
LoongArch: Set all reserved memblocks on Node#0 at initialization
fbdev/sh7760fb: Depend on FB=y
perf build: Define YYNOMEM as YYNOABORT for bison < 3.81
nvme-pci: factor the iod mempool creation into a helper
nvme-pci: factor out a nvme_pci_alloc_dev helper
nvme-pci: do not set the NUMA node of device if it has none
wifi: ath11k: Don't drop tx_status when peer cannot be found
scsi: qla2xxx: Fix NULL pointer dereference in target mode
nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
smack: Record transmuting in smk_transmuted
smack: Retrieve transmuting information in smack_inode_getsecurity()
iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
x86/srso: Add SRSO mitigation for Hygon processors
KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway
KVM: SVM: Fix TSC_AUX virtualization setup
KVM: x86/mmu: Open code leaf invalidation from mmu_notifier
KVM: x86/mmu: Do not filter address spaces in for_each_tdp_mmu_root_yield_safe()
mptcp: fix bogus receive window shrinkage with multiple subflows
misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to probe
Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
serial: 8250_port: Check IRQ data before use
nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
netfilter: nf_tables: disallow rule removal from chain binding
ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
LoongArch: Define relocation types for ABI v2.10
LoongArch: numa: Fix high_memory calculation
ata: libata-scsi: link ata port and scsi device
ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
io_uring/fs: remove sqe->rw_flags checking from LINKAT
i2c: i801: unregister tco_pdev in i801_probe() error path
ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG
kernel/sched: Modify initial boot task idle setup
sched/rt: Fix live lock between select_fallback_rq() and RT push
netfilter: nf_tables: fix kdoc warnings after gc rework
Revert "SUNRPC dont update timeout value on connection reset"
timers: Tag (hr)timer softirq as hotplug safe
drm/tests: Fix incorrect argument in drm_test_mm_insert_range
arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y
mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement
ring-buffer: Update "shortest_full" in polling
btrfs: properly report 0 avail for very full file systems
media: uvcvideo: Fix OOB read
bpf: Add override check to kprobe multi link attach
bpf: Fix BTF_ID symbol generation collision
bpf: Fix BTF_ID symbol generation collision in tools/
net: thunderbolt: Fix TCPv6 GSO checksum calculation
fs/smb/client: Reset password pointer to NULL
ata: libata-core: Fix ata_port_request_pm() locking
ata: libata-core: Fix port and device removal
ata: libata-core: Do not register PM operations for SAS ports
ata: libata-sata: increase PMP SRST timeout to 10s
drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
power: supply: rk817: Add missing module alias
power: supply: ab8500: Set typing and props
fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
drm/amdkfd: Use gpu_offset for user queue's wptr
drm/meson: fix memory leak on ->hpd_notify callback
memcg: drop kmem.limit_in_bytes
mm, memcg: reconsider kmem.limit_in_bytes deprecation
ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
Linux 6.1.56
Change-Id: Id110614d91d6d60fb6c7622c5af82f219a84a30f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.55
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
btrfs: output extra debug info if we failed to find an inline backref
locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
kernel/fork: beware of __put_task_struct() calling context
rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()
scftorture: Forgive memory-allocation failure if KASAN
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
perf/imx_ddr: speed up overflow frequency of cycle
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
selftests/nolibc: fix up kernel parameters support
devlink: remove reload failed checks in params get/set callbacks
crypto: lrw,xts - Replace strlcpy with strscpy
ice: Don't tx before switchdev is fully configured
wifi: ath9k: fix fortify warnings
wifi: ath9k: fix printk specifier
wifi: mwifiex: fix fortify warning
mt76: mt7921: don't assume adequate headroom for SDIO headers
wifi: wil6210: fix fortify warnings
can: sun4i_can: Add acceptance register quirk
can: sun4i_can: Add support for the Allwinner D1
net: Use sockaddr_storage for getsockopt(SO_PEERNAME).
net/ipv4: return the real errno instead of -EINVAL
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
Bluetooth: Fix hci_suspend_sync crash
netlink: convert nlk->flags to atomic flags
tpm_tis: Resend command to recover from data transfer errors
mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
alx: fix OOB-read compiler warning
wifi: mac80211: check S1G action frame size
netfilter: ebtables: fix fortify warnings in size_entry_mwt()
wifi: cfg80211: reject auth/assoc to AP with our address
wifi: cfg80211: ocb: don't leave if not joined
wifi: mac80211: check for station first in client probe
wifi: mac80211_hwsim: drop short frames
libbpf: Free btf_vmlinux when closing bpf_object
drm/bridge: tc358762: Instruct DSI host to generate HSE packets
drm/edid: Add quirk for OSVR HDK 2.0
arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size
arm64: dts: qcom: sm6350: correct ramoops pmsg-size
arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size
arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size
samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000'
drm/amd/display: Fix underflow issue on 175hz timing
ASoC: SOF: topology: simplify code to prevent static analysis warnings
ASoC: Intel: sof_sdw: Update BT offload config for soundwire config
ALSA: hda: intel-dsp-cfg: add LunarLake support
drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK
drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31
drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN314
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()
bus: ti-sysc: Configure uart quirks for k3 SoC
md: raid1: fix potential OOB in raid1_remove_disk()
ext2: fix datatype of block number in ext2_xattr_set2()
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
PCI: dwc: Provide deinit callback for i.MX
ARM: 9317/1: kexec: Make smp stop calls asynchronous
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
PCI: vmd: Disable bridge window for domain reset
PCI: fu740: Set the number of MSI vectors
media: mdp3: Fix resource leaks in of_find_device_by_node
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected
media: tuners: qt1010: replace BUG_ON with a regular error
media: pci: cx23885: replace BUG with error return
usb: cdns3: Put the cdns set active part outside the spin lock
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
tools: iio: iio_generic_buffer: Fix some integer type and calculation
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
serial: cpm_uart: Avoid suspicious locking
misc: open-dice: make OPEN_DICE depend on HAS_IOMEM
usb: ehci: add workaround for chipidea PORTSC.PEC bug
usb: chipidea: add workaround for chipidea PEC bug
media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
kobject: Add sanity check for kset->kobj.ktype in kset_register()
interconnect: Fix locking for runpm vs reclaim
printk: Keep non-panic-CPUs out of console lock
printk: Consolidate console deferred printing
dma-buf: Add unlocked variant of attachment-mapping functions
misc: fastrpc: Prepare to dynamic dma-buf locking specification
misc: fastrpc: Fix incorrect DMA mapping unmap request
MIPS: Use "grep -E" instead of "egrep"
btrfs: add a helper to read the superblock metadata_uuid
btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
block: factor out a bvec_set_page helper
nvmet: use bvec_set_page to initialize bvecs
nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
selftests: tracing: Fix to unmount tracefs for recovering environment
x86/ibt: Suppress spurious ENDBR
riscv: kexec: Align the kexeced kernel entry
scsi: target: core: Fix target_cmd_counter leak
scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
panic: Reenable preemption in WARN slowpath
x86/boot/compressed: Reserve more memory for page tables
x86/purgatory: Remove LTO flags
samples/hw_breakpoint: fix building without module unloading
md/raid1: fix error: ISO C90 forbids mixed declarations
Revert "SUNRPC: Fail faster on bad verifier"
attr: block mode changes of symlinks
ovl: fix failed copyup of fileattr on a symlink
ovl: fix incorrect fdput() on aio completion
io_uring/net: fix iter retargeting for selected buf
nvme: avoid bogus CRTO values
md: Put the right device in md_seq_next
Revert "drm/amd: Disable S/G for APUs when 64GB or more host memory"
dm: don't attempt to queue IO under RCU protection
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
btrfs: fix a compilation error if DEBUG is defined in btree_dirty_folio
btrfs: release path before inode lookup during the ino lookup ioctl
btrfs: check for BTRFS_FS_ERROR in pending ordered assert
tracing: Have tracing_max_latency inc the trace array ref count
tracing: Have event inject files inc the trace array ref count
tracing: Increase trace array ref count on enable and filter files
tracing: Have current_trace inc the trace array ref count
tracing: Have option files inc the trace array ref count
selinux: fix handling of empty opts in selinux_fs_context_submount()
nfsd: fix change_info in NFSv4 RENAME replies
tracefs: Add missing lockdown check to tracefs_create_dir()
i2c: aspeed: Reset the i2c controller when timeout occurs
ata: libata: disallow dev-initiated LPM transitions to unsupported states
ata: libahci: clear pending interrupt status
scsi: megaraid_sas: Fix deadlock on firmware crashdump
scsi: pm8001: Setup IRQs on resume
ext4: fix rec_len verify error
drm/amd/display: fix the white screen issue when >= 64GB DRAM
Revert "memcg: drop kmem.limit_in_bytes"
drm/amdgpu: fix amdgpu_cs_p1_user_fence
net/sched: Retire rsvp classifier
interconnect: Teach lockdep about icc_bw_lock order
Linux 6.1.55
Change-Id: I95193a57879a13b04b5ac8647a24e6d8304fcb0e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 0df9dab891ff0d9b646d82e4fe038229e4c02451 upstream.
Stop zapping invalidate TDP MMU roots via work queue now that KVM
preserves TDP MMU roots until they are explicitly invalidated. Zapping
roots asynchronously was effectively a workaround to avoid stalling a vCPU
for an extended during if a vCPU unloaded a root, which at the time
happened whenever the guest toggled CR0.WP (a frequent operation for some
guest kernels).
While a clever hack, zapping roots via an unbound worker had subtle,
unintended consequences on host scheduling, especially when zapping
multiple roots, e.g. as part of a memslot. Because the work of zapping a
root is no longer bound to the task that initiated the zap, things like
the CPU affinity and priority of the original task get lost. Losing the
affinity and priority can be especially problematic if unbound workqueues
aren't affined to a small number of CPUs, as zapping multiple roots can
cause KVM to heavily utilize the majority of CPUs in the system, *beyond*
the CPUs KVM is already using to run vCPUs.
When deleting a memslot via KVM_SET_USER_MEMORY_REGION, the async root
zap can result in KVM occupying all logical CPUs for ~8ms, and result in
high priority tasks not being scheduled in in a timely manner. In v5.15,
which doesn't preserve unloaded roots, the issues were even more noticeable
as KVM would zap roots more frequently and could occupy all CPUs for 50ms+.
Consuming all CPUs for an extended duration can lead to significant jitter
throughout the system, e.g. on ChromeOS with virtio-gpu, deleting memslots
is a semi-frequent operation as memslots are deleted and recreated with
different host virtual addresses to react to host GPU drivers allocating
and freeing GPU blobs. On ChromeOS, the jitter manifests as audio blips
during games due to the audio server's tasks not getting scheduled in
promptly, despite the tasks having a high realtime priority.
Deleting memslots isn't exactly a fast path and should be avoided when
possible, and ChromeOS is working towards utilizing MAP_FIXED to avoid the
memslot shenanigans, but KVM is squarely in the wrong. Not to mention
that removing the async zapping eliminates a non-trivial amount of
complexity.
Note, one of the subtle behaviors hidden behind the async zapping is that
KVM would zap invalidated roots only once (ignoring partial zaps from
things like mmu_notifier events). Preserve this behavior by adding a flag
to identify roots that are scheduled to be zapped versus roots that have
already been zapped but not yet freed.
Add a comment calling out why kvm_tdp_mmu_invalidate_all_roots() can
encounter invalid roots, as it's not at all obvious why zapping
invalidated roots shouldn't simply zap all invalid roots.
Reported-by: Pattara Teerapong <pteerapong@google.com>
Cc: David Stevens <stevensd@google.com>
Cc: Yiwei Zhang<zzyiwei@google.com>
Cc: Paul Hsia <paulhsia@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230916003916.2545000-4-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: David Matlack <dmatlack@google.com>
Tested-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3fdc6087df3be73a212a81ce5dd6516638568806 upstream.
svm_leave_nested() similar to a nested VM exit, get the vCPU out of nested
mode and thus should end the local inhibition of AVIC on this vCPU.
Failure to do so, can lead to hangs on guest reboot.
Raise the KVM_REQ_APICV_UPDATE request to refresh the AVIC state of the
current vCPU in this case.
Fixes: f44509f849 ("KVM: x86: SVM: allow AVIC to co-exist with a nested guest running")
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928173354.217464-4-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2dcf37abf9d3aab7f975002d29fc7c17272def38 upstream.
In later revisions of AMD's APM, there is a new 'incomplete IPI' exit code:
"Invalid IPI Vector - The vector for the specified IPI was set to an
illegal value (VEC < 16)"
Note that tests on Zen2 machine show that this VM exit doesn't happen and
instead AVIC just does nothing.
Add support for this exit code by doing nothing, instead of filling
the kernel log with errors.
Also replace an unthrottled 'pr_err()' if another unknown incomplete
IPI exit happens with vcpu_unimpl()
(e.g in case AMD adds yet another 'Invalid IPI' exit reason)
Cc: <stable@vger.kernel.org>
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928173354.217464-3-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8647c52e9504c99752a39f1d44f6268f82c40a5c upstream.
Mask off xfeatures that aren't exposed to the guest only when saving guest
state via KVM_GET_XSAVE{2} instead of modifying user_xfeatures directly.
Preserving the maximal set of xfeatures in user_xfeatures restores KVM's
ABI for KVM_SET_XSAVE, which prior to commit ad856280dd ("x86/kvm/fpu:
Limit guest user_xfeatures to supported bits of XCR0") allowed userspace
to load xfeatures that are supported by the host, irrespective of what
xfeatures are exposed to the guest.
There is no known use case where userspace *intentionally* loads xfeatures
that aren't exposed to the guest, but the bug fixed by commit ad856280dd
was specifically that KVM_GET_SAVE{2} would save xfeatures that weren't
exposed to the guest, e.g. would lead to userspace unintentionally loading
guest-unsupported xfeatures when live migrating a VM.
Restricting KVM_SET_XSAVE to guest-supported xfeatures is especially
problematic for QEMU-based setups, as QEMU has a bug where instead of
terminating the VM if KVM_SET_XSAVE fails, QEMU instead simply stops
loading guest state, i.e. resumes the guest after live migration with
incomplete guest state, and ultimately results in guest data corruption.
Note, letting userspace restore all host-supported xfeatures does not fix
setups where a VM is migrated from a host *without* commit ad856280dd,
to a target with a subset of host-supported xfeatures. However there is
no way to safely address that scenario, e.g. KVM could silently drop the
unsupported features, but that would be a clear violation of KVM's ABI and
so would require userspace to opt-in, at which point userspace could
simply be updated to sanitize the to-be-loaded XSAVE state.
Reported-by: Tyler Stachecki <stachecki.tyler@gmail.com>
Closes: https://lore.kernel.org/all/20230914010003.358162-1-tstachecki@bloomberg.net
Fixes: ad856280dd ("x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0")
Cc: stable@vger.kernel.org
Cc: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Message-Id: <20230928001956.924301-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 18164f66e6c59fda15c198b371fa008431efdb22 upstream.
Plumb an xfeatures mask into __copy_xstate_to_uabi_buf() so that KVM can
constrain which xfeatures are saved into the userspace buffer without
having to modify the user_xfeatures field in KVM's guest_fpu state.
KVM's ABI for KVM_GET_XSAVE{2} is that features that are not exposed to
guest must not show up in the effective xstate_bv field of the buffer.
Saving only the guest-supported xfeatures allows userspace to load the
saved state on a different host with a fewer xfeatures, so long as the
target host supports the xfeatures that are exposed to the guest.
KVM currently sets user_xfeatures directly to restrict KVM_GET_XSAVE{2} to
the set of guest-supported xfeatures, but doing so broke KVM's historical
ABI for KVM_SET_XSAVE, which allows userspace to load any xfeatures that
are supported by the *host*.
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928001956.924301-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Upstream commit: 63e44bc52047f182601e7817da969a105aa1f721
Check the memory operand of INS/OUTS before emulating the instruction.
The #VC exception can get raised from user-space, but the memory operand
can be manipulated to access kernel memory before the emulation actually
begins and after the exception handler has run.
[ bp: Massage commit message. ]
Fixes: 597cfe4821 ("x86/boot/compressed/64: Setup a GHCB-based VC Exception handler")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Upstream commit: b9cb9c45583b911e0db71d09caa6b56469eb2bdf
Check the IO permission bitmap (if present) before emulating IOIO #VC
exceptions for user-space. These permissions are checked by hardware
already before the #VC is raised, but due to the VC-handler decoding
race it needs to be checked again in software.
Fixes: 25189d08e5 ("x86/sev-es: Add support for handling IOIO exceptions")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Dohrmann <erbse.13@gmx.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Upstream commit: a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba
A virt scenario can be constructed where MMIO memory can be user memory.
When that happens, a race condition opens between when the hardware
raises the #VC and when the #VC handler gets to emulate the instruction.
If the MOVS is replaced with a MOVS accessing kernel memory in that
small race window, then write to kernel memory happens as the access
checks are not done at emulation time.
Disable MMIO emulation in user mode temporarily until a sensible use
case appears and justifies properly handling the race window.
Fixes: 0118b604c2 ("x86/sev-es: Handle MMIO String Instructions")
Reported-by: Tom Dohrmann <erbse.13@gmx.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Tom Dohrmann <erbse.13@gmx.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a upstream.
Per the SDM, "When the local APIC handles a performance-monitoring
counters interrupt, it automatically sets the mask flag in the LVT
performance counter register." Add this behavior to KVM's local APIC
emulation.
Failure to mask the LVTPC entry results in spurious PMIs, e.g. when
running Linux as a guest, PMI handlers that do a "late_ack" spew a large
number of "dazed and confused" spurious NMI warnings.
Fixes: f5132b0138 ("KVM: Expose a version 2 architectural PMU to a guests")
Cc: stable@vger.kernel.org
Signed-off-by: Jim Mattson <jmattson@google.com>
Tested-by: Mingwei Zhang <mizhang@google.com>
Signed-off-by: Mingwei Zhang <mizhang@google.com>
Link: https://lore.kernel.org/r/20230925173448.3518223-3-mizhang@google.com
[sean: massage changelog, correct Fixes]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d35652a5fc9944784f6f50a5c979518ff8dacf61 upstream.
Fei has reported that KASAN triggers during apply_alternatives() on
a 5-level paging machine:
BUG: KASAN: out-of-bounds in rcu_is_watching()
Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0
...
__asan_load4()
rcu_is_watching()
trace_hardirqs_on()
text_poke_early()
apply_alternatives()
...
On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)
gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on
__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().
KASAN gets confused when apply_alternatives() patches the
KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START
static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.
Fix it for real by disabling KASAN while the kernel is patching alternatives.
[ mingo: updated the changelog ]
Fixes: 6657fca06e ("x86/mm: Allow to boot without LA57 if CONFIG_X86_5LEVEL=y")
Reported-by: Fei Yang <fei.yang@intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20231012100424.1456-1-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f454b18e07f518bcd0c05af17a2239138bff52de upstream.
Fix erratum #1485 on Zen4 parts where running with STIBP disabled can
cause an #UD exception. The performance impact of the fix is negligible.
Reported-by: René Rebe <rene@exactcode.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: René Rebe <rene@exactcode.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/D99589F4-BC5D-430B-87B2-72C20370CF57@exactcode.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e53899771a02f798d436655efbd9d4b46c0f9265 upstream.
We found that a panic can occur when a vsyscall is made while LBR sampling
is active. If the vsyscall is interrupted (NMI) for perf sampling, this
call sequence can occur (most recent at top):
__insn_get_emulate_prefix()
insn_get_emulate_prefix()
insn_get_prefixes()
insn_get_opcode()
decode_branch_type()
get_branch_type()
intel_pmu_lbr_filter()
intel_pmu_handle_irq()
perf_event_nmi_handler()
Within __insn_get_emulate_prefix() at frame 0, a macro is called:
peek_nbyte_next(insn_byte_t, insn, i)
Within this macro, this dereference occurs:
(insn)->next_byte
Inspecting registers at this point, the value of the next_byte field is the
address of the vsyscall made, for example the location of the vsyscall
version of gettimeofday() at 0xffffffffff600000. The access to an address
in the vsyscall region will trigger an oops due to an unhandled page fault.
To fix the bug, filtering for vsyscalls can be done when
determining the branch type. This patch will return
a "none" branch if a kernel address if found to lie in the
vsyscall region.
Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: JP Kobryn <inwardvessel@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUJd8EACgkQONu9yGCS
aT7crQ//ZsUDeoTMsQBU6lB2g32LODO3jVPXdGdRjLvpLVMMnKXXwl3uTC20CQ23
mtlN1mku6OtyPHgorKK9nJoNVTG78v0wXL8iCe5GHEKri45FwmcKlCxtIqboGCcg
bpRkLqfZ/cNVFeV/81n7kMFI/GHST2qym/lJfUkK0BIewXOrJozHMyCriLhG5uc/
XPmXN3LlGmT7Gb2KwJeAgJ9IWrVu5ZEWH6CnpjnLPXMA3FGJiBiYPeGaWRsrdjth
MvACPXKPu5tKAmEs6eyAhB1YbXbswKviDuY+YHeTMoOVYCfJY29VQTI16F6HBGeM
XVCo1AovZV+B9OrgnzYA8x5iZIKCdk/PzUhBi+uUb3nLJhGpD8ha7wOuBjehINeo
22YY+7fmB7lZVSAe14hDH7GjKNdYpxntPVpWCMa1yoCUtqKB1O44/10mj0OjZ5j4
EXKXIe6ho+0Uatubd+3hWRXimz4jzlp7UY1QM9ge5MGp0wOmdLu5Q91T70CrCEJO
RxXZSkHDKGxokXubl4oF0bYYpB1kRVgsNEc4H5i2k+OheyDBmVv3vRPMzT/2yim/
BEqwX6x2sE7kvbsyCO5VxIIVsnAystJEKzdVlRxmrcqkV0FCdqHjwZ9cr0mpqOse
ogdnQgXQpaGUyhdYcpo4U9f+WGi5AHXs3IMbKQN4SDZGDgJHrss=
=XhWe
-----END PGP SIGNATURE-----
Merge 6.1.54 into android14-6.1-lts
Changes in 6.1.54
net/ipv6: SKB symmetric hash should incorporate transport ports
mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
Multi-gen LRU: fix per-zone reclaim
io_uring: always lock in io_apoll_task_func
io_uring: revert "io_uring fix multishot accept ordering"
io_uring/net: don't overflow multishot accept
io_uring: break out of iowq iopoll on teardown
io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used
io_uring: Don't set affinity on a dying sqpoll thread
drm/virtio: Conditionally allocate virtio_gpu_fence
scsi: qla2xxx: Adjust IOCB resource on qpair create
scsi: qla2xxx: Limit TMF to 8 per function
scsi: qla2xxx: Fix deletion race condition
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Fix command flush during TMF
scsi: qla2xxx: Fix erroneous link up failure
scsi: qla2xxx: Turn off noisy message log
scsi: qla2xxx: Fix session hang in gnl
scsi: qla2xxx: Fix TMF leak through
scsi: qla2xxx: Remove unsupported ql2xenabledif option
scsi: qla2xxx: Flush mailbox commands on chip reset
scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
scsi: qla2xxx: Error code did not return to upper layer
scsi: qla2xxx: Fix firmware resource tracking
null_blk: fix poll request timeout handling
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
clk: qcom: camcc-sc7180: fix async resume during probe
drm/ast: Fix DRAM init on AST2200
ASoC: tegra: Fix SFC conversion for few rates
clk: qcom: turingcc-qcs404: fix missing resume during probe
arm64: dts: renesas: rzg2l: Fix txdv-skew-psec typos
send channel sequence number in SMB3 requests after reconnects
memcg: drop kmem.limit_in_bytes
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
lib/test_meminit: allocate pages up to order MAX_ORDER
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
cifs: update desired access while requesting for directory lease
pinctrl: cherryview: fix address_space_handler() argument
dt-bindings: clock: xlnx,versal-clk: drop select:false
clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
clk: imx: pll14xx: align pdiv with reference manual
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
soc: qcom: qmi_encdec: Restrict string length in decode
clk: qcom: dispcc-sm8450: fix runtime PM imbalance on probe errors
clk: qcom: lpasscc-sc7280: fix missing resume during probe
clk: qcom: q6sstop-qcs404: fix missing resume during probe
clk: qcom: mss-sc7180: fix missing resume during probe
NFS: Fix a potential data corruption
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
bus: mhi: host: Skip MHI reset if device is in RDDM
net: add SKB_HEAD_ALIGN() helper
net: remove osize variable in __alloc_skb()
net: factorize code in kmalloc_reserve()
net: deal with integer overflows in kmalloc_reserve()
kbuild: rpm-pkg: define _arch conditionally
kbuild: do not run depmod for 'make modules_sign'
tpm_crb: Fix an error handling path in crb_acpi_add()
gfs2: Switch to wait_event in gfs2_logd
gfs2: low-memory forced flush fixes
mailbox: qcom-ipcc: fix incorrect num_chans counting
kconfig: fix possible buffer overflow
Input: iqs7222 - configure power mode before triggering ATI
perf trace: Use zfree() to reduce chances of use after free
perf trace: Really free the evsel->priv area
pwm: atmel-tcb: Convert to platform remove callback returning void
pwm: atmel-tcb: Harmonize resource allocation order
pwm: atmel-tcb: Fix resource freeing in error path and remove
backlight: gpio_backlight: Drop output GPIO direction check for initial power state
Input: tca6416-keypad - always expect proper IRQ number in i2c client
Input: tca6416-keypad - fix interrupt enable disbalance
perf annotate bpf: Don't enclose non-debug code with an assert()
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
perf vendor events: Update the JSON/events descriptions for power10 platform
perf vendor events: Drop some of the JSON/events for power10 platform
perf vendor events: Drop STORES_PER_INST metric event for power10 platform
perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
perf test stat_bpf_counters_cgrp: Fix shellcheck issue about logical operators
perf test stat_bpf_counters_cgrp: Enhance perf stat cgroup BPF counter test
drm/i915: mark requests for GuC virtual engines to avoid use-after-free
blk-throttle: use calculate_io/bytes_allowed() for throtl_trim_slice()
blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice()
cifs: use fs_context for automounts
smb: propagate error code of extract_sharename()
net/sched: fq_pie: avoid stalls in fq_pie_timer()
sctp: annotate data-races around sk->sk_wmem_queued
ipv4: annotate data-races around fi->fib_dead
net: read sk->sk_family once in sk_mc_loop()
net: fib: avoid warn splat in flow dissector
xsk: Fix xsk_diag use-after-free error during socket cleanup
drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page"
drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn()
drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
net: use sk_forward_alloc_get() in sk_get_meminfo()
net: annotate data-races around sk->sk_forward_alloc
mptcp: annotate data-races around msk->rmem_fwd_alloc
ipv4: ignore dst hint for multipath routes
ipv6: ignore dst hint for multipath routes
igb: disable virtualization features on 82580
gve: fix frag_list chaining
veth: Fixing transmit return status for dropped packets
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
net: phy: micrel: Correct bit assignments for phy_device flags
bpf, sockmap: Fix skb refcnt race after locking changes
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler
igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
s390/zcrypt: don't leak memory if dev_set_name() fails
idr: fix param name in idr_alloc_cyclic() doc
ip_tunnels: use DEV_STATS_INC()
net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload
net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
net: dsa: sja1105: complete tc-cbs offload support on SJA1110
bpf: Remove prog->active check for bpf_lsm and bpf_iter
bpf: Invoke __bpf_prog_exit_sleepable_recur() on recursion in kern_sys_bpf().
bpf: Assign bpf_tramp_run_ctx::saved_run_ctx before recursion check.
netfilter: nftables: exthdr: fix 4-byte stack OOB write
netfilter: nfnetlink_osf: avoid OOB read
net: hns3: fix tx timeout issue
net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read()
net: hns3: fix debugfs concurrency issue between kfree buffer and read
net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue
net: hns3: fix the port information display when sfp is absent
net: hns3: remove GSO partial feature bit
sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
Multi-gen LRU: avoid race in inc_min_seq()
net/mlx5: Free IRQ rmap and notifier on kernel shutdown
ARC: atomics: Add compiler barrier to atomic operations...
clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL
dmaengine: sh: rz-dmac: Fix destination and source data size setting
jbd2: fix checkpoint cleanup performance regression
jbd2: check 'jh->b_transaction' before removing it from checkpoint
jbd2: correct the end of the journal recovery scan range
ext4: add correct group descriptors and reserved GDT blocks to system zone
ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
f2fs: flush inode if atomic file is aborted
f2fs: avoid false alarm of circular locking
lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix()
hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation
ata: ahci: Add Elkhart Lake AHCI controller
ata: pata_falcon: fix IO base selection for Q40
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
fuse: nlookup missing decrement in fuse_direntplus_link
btrfs: zoned: do not zone finish data relocation block group
btrfs: fix start transaction qgroup rsv double free
btrfs: free qgroup rsv on io failure
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
btrfs: set page extent mapped after read_folio in relocate_one_page
btrfs: zoned: re-enable metadata over-commit for zoned mode
btrfs: use the correct superblock to compare fsid in btrfs_validate_super
drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: spi-nor: Correct flags for Winbond w25q128
mtd: rawnand: brcmnand: Fix potential false time out warning
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma
drm/amd/display: prevent potential division by zero errors
KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
KVM: nSVM: Check instead of asserting on nested TSC scaling support
KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS `modules_install' regression
perf hists browser: Fix hierarchy mode header
perf test shell stat_bpf_counters: Fix test on Intel
perf tools: Handle old data in PERF_RECORD_ATTR
perf hists browser: Fix the number of entries for 'e' key
drm/amd/display: always switch off ODM before committing more streams
drm/amd/display: Remove wait while locked
drm/amdgpu: register a dirty framebuffer callback for fbcon
kunit: Fix wild-memory-access bug in kunit_free_suite_set()
net: ipv4: fix one memleak in __inet_del_ifa()
kselftest/runner.sh: Propagate SIGTERM to runner child
selftests: Keep symlinks, when possible
net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
net: stmmac: fix handling of zero coalescing tx-usecs
net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
hsr: Fix uninit-value access in fill_frame_info()
net: ethernet: adi: adin1110: use eth_broadcast_addr() to assign broadcast address
net:ethernet:adi:adin1110: Fix forwarding offload
net: dsa: sja1105: hide all multicast addresses from "bridge fdb show"
net: dsa: sja1105: propagate exact error code from sja1105_dynamic_config_poll_valid()
net: dsa: sja1105: fix multicast forwarding working only for last added mdb entry
net: dsa: sja1105: serialize sja1105_port_mcast_flood() with other FDB accesses
net: dsa: sja1105: block FDB accesses that are concurrent with a switch reset
r8152: check budget for r8152_poll()
kcm: Fix memory leak in error path of kcm_sendmsg()
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
platform/mellanox: NVSW_SN2201 should depend on ACPI
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
net: macb: Enable PTP unicast
net: macb: fix sleep inside spinlock
ipv6: fix ip6_sock_set_addr_preferences() typo
ipv6: Remove in6addr_any alternatives.
tcp: Factorise sk_family-independent comparison in inet_bind2_bucket_match(_addr_any).
tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
MIPS: Only fiddle with CHECKFLAGS if `need-compiler'
drm/amd/display: Fix a bug when searching for insert_above_mpcc
Linux 6.1.54
Change-Id: I42dc80e7b812eb2bdd28575280b7b88169eb6d58
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* changes:
ANDROID: GKI: update .stg due to internal zswap and tracing changes
ANDROID: GKI: db845c: add pcie_capability_clear_and_set_word to the symbol list
ANDROID: GKI: sched: put back the cpu_capacity_inverted variable
Revert "ipv4: fix data-races around inet->inet_id"
Revert "usb: typec: bus: verify partner exists in typec_altmode_attention"
Revert "scsi: core: Use 32-bit hostnum in scsi_host_lookup()"
Revert "media: cec: core: add adap_nb_transmit_canceled() callback"
Revert "media: cec: core: add adap_unconfigured() callback"
Revert "tracing: Introduce pipe_cpumask to avoid race on trace_pipes"
Revert "tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY"
Revert "PCI: Allow drivers to request exclusive config regions"
Revert "PCI: Add locking to RMW PCI Express Capability Register accessors"
Revert "crypto: api - Use work queue in crypto_destroy_instance"
Revert "media: uapi: HEVC: Add num_delta_pocs_of_ref_rps_idx field"
ANDROID: GKI: Fix firmware: smccc build error
ANDROID: GKI: fix up merge issue in drivers/scsi/storvsc_drv.c
Merge 6.1.53 into android14-6.1-lts
Merge 6.1.52 into android14-6.1-lts
Merge 6.1.51 into android14-6.1-lts
Merge 6.1.50 into android14-6.1-lts
Merge 6.1.49 into android14-6.1-lts
Merge 6.1.48 into android14-6.1-lts
Merge 6.1.47 into android14-6.1-lts
Merge 6.1.46 into android14-6.1-lts
Merge 6.1.45 into android14-6.1-lts
Merge 6.1.44 into android14-6.1-lts
commit 6bc6f7d9d7ac3cdbe9e8b0495538b4a0cc11f032 upstream.
SNP retrieves the majority of CPUID information from the SNP CPUID page.
But there are times when that information needs to be supplemented by the
hypervisor, for example, obtaining the initial APIC ID of the vCPU from
leaf 1.
The current implementation uses the MSR protocol to retrieve the data from
the hypervisor, even when a GHCB exists. The problem arises when an NMI
arrives on return from the VMGEXIT. The NMI will be immediately serviced
and may generate a #VC requiring communication with the hypervisor.
Since a GHCB exists in this case, it will be used. As part of using the
GHCB, the #VC handler will write the GHCB physical address into the GHCB
MSR and the #VC will be handled.
When the NMI completes, processing resumes at the site of the VMGEXIT
which is expecting to read the GHCB MSR and find a CPUID MSR protocol
response. Since the NMI handling overwrote the GHCB MSR response, the
guest will see an invalid reply from the hypervisor and self-terminate.
Fix this problem by using the GHCB when it is available. Any NMI
received is properly handled because the GHCB contents are copied into
a backup page and restored on NMI exit, thus preserving the active GHCB
request or result.
[ bp: Touchups. ]
Fixes: ee0bfa08a3 ("x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/a5856fa1ebe3879de91a8f6298b6bbd901c61881.1690578565.git.thomas.lendacky@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 599522d9d2e19d6240e4312577f1c5f3ffca22f6 ]
Zen 4 systems running buggy microcode can hit a WARN_ON() in the PMI
handler, as shown below, several times while perf runs. A simple
`perf top` run is enough to render the system unusable:
WARNING: CPU: 18 PID: 20608 at arch/x86/events/amd/core.c:944 amd_pmu_v2_handle_irq+0x1be/0x2b0
This happens because the Performance Counter Global Status Register
(PerfCntGlobalStatus) has one or more bits set which are considered
reserved according to the "AMD64 Architecture Programmer’s Manual,
Volume 2: System Programming, 24593":
https://www.amd.com/system/files/TechDocs/24593.pdf
To make this less intrusive, warn just once if any reserved bit is set
and prompt the user to update the microcode. Also sanitize the value to
what the code is handling, so that the overflow events continue to be
handled for the number of counters that are known to be sane.
Going forward, the following microcode patch levels are recommended
for Zen 4 processors in order to avoid such issues with reserved bits:
Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e
Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e
Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116
Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212
Commit f2eb058afc57 ("linux-firmware: Update AMD cpu microcode") from
the linux-firmware tree has binaries that meet the minimum required
patch levels.
[ sandipan: - add message to prompt users to update microcode
- rework commit message and call out required microcode levels ]
Fixes: 7685665c39 ("perf/x86/amd/core: Add PerfMonV2 overflow handling")
Reported-by: Jirka Hladky <jhladky@redhat.com>
Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Sandipan Das <sandipan.das@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/all/3540f985652f41041e54ee82aa53e7dbd55739ae.1694696888.git.sandipan.das@amd.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 23d2626b841c2adccdeb477665313c02dff02dc3 ]
Kernels older than v5.19 do not support PerfMonV2 and the PMI handler
does not clear the overflow bits of the PerfCntrGlobalStatus register.
Because of this, loading a recent kernel using kexec from an older
kernel can result in inconsistent register states on Zen 4 systems.
The PMI handler of the new kernel gets confused and shows a warning when
an overflow occurs because some of the overflow bits are set even if the
corresponding counters are inactive. These are remnants from overflows
that were handled by the older kernel.
During CPU hotplug, the PerfCntrGlobalCtl and PerfCntrGlobalStatus
registers should always be cleared for PerfMonV2-capable processors.
However, a condition used for NB event constaints applicable only to
older processors currently prevents this from happening. Move the reset
sequence to an appropriate place and also clear the LBR Freeze bit.
Fixes: 21d59e3e2c ("perf/x86/amd/core: Detect PerfMonV2 support")
Signed-off-by: Sandipan Das <sandipan.das@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/882a87511af40792ba69bb0e9026f19a2e71e8a3.1694696888.git.sandipan.das@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 441a5dfcd96854cbcb625709e2694a9c60adfaab upstream.
All callers except the MMU notifier want to process all address spaces.
Remove the address space ID argument of for_each_tdp_mmu_root_yield_safe()
and switch the MMU notifier to use __for_each_tdp_mmu_root_yield_safe().
Extracted out of a patch by Sean Christopherson <seanjc@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 50107e8b2a8a59d8cec7e8454e27c1f8e365acdb upstream.
The mmu_notifier path is a bit of a special snowflake, e.g. it zaps only a
single address space (because it's per-slot), and can't always yield.
Because of this, it calls kvm_tdp_mmu_zap_leafs() in ways that no one
else does.
Iterate manually over the leafs in response to an mmu_notifier
invalidation, instead of invoking kvm_tdp_mmu_zap_leafs(). Drop the
@can_yield param from kvm_tdp_mmu_zap_leafs() as its sole remaining
caller unconditionally passes "true".
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230916003916.2545000-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e0096d01c4fcb8c96c05643cfc2c20ab78eae4da upstream.
The checks for virtualizing TSC_AUX occur during the vCPU reset processing
path. However, at the time of initial vCPU reset processing, when the vCPU
is first created, not all of the guest CPUID information has been set. In
this case the RDTSCP and RDPID feature support for the guest is not in
place and so TSC_AUX virtualization is not established.
This continues for each vCPU created for the guest. On the first boot of
an AP, vCPU reset processing is executed as a result of an APIC INIT
event, this time with all of the guest CPUID information set, resulting
in TSC_AUX virtualization being enabled, but only for the APs. The BSP
always sees a TSC_AUX value of 0 which probably went unnoticed because,
at least for Linux, the BSP TSC_AUX value is 0.
Move the TSC_AUX virtualization enablement out of the init_vmcb() path and
into the vcpu_after_set_cpuid() path to allow for proper initialization of
the support after the guest CPUID information has been set.
With the TSC_AUX virtualization support now in the vcpu_set_after_cpuid()
path, the intercepts must be either cleared or set based on the guest
CPUID input.
Fixes: 296d5a17e7 ("KVM: SEV-ES: Use V_TSC_AUX if available instead of RDTSC/MSR_TSC_AUX intercepts")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <4137fbcb9008951ab5f0befa74a0399d2cce809a.1694811272.git.thomas.lendacky@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e8d93d5d93f85949e7299be289c6e7e1154b2f78 upstream.
svm_recalc_instruction_intercepts() is always called at least once
before the vCPU is started, so the setting or clearing of the RDTSCP
intercept can be dropped from the TSC_AUX virtualization support.
Extracted from a patch by Tom Lendacky.
Cc: stable@vger.kernel.org
Fixes: 296d5a17e7 ("KVM: SEV-ES: Use V_TSC_AUX if available instead of RDTSC/MSR_TSC_AUX intercepts")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c6c2adcba50c2622ed25ba5d5e7f05f584711358 upstream.
The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an
enclave and set secs.epc_page to NULL. The SECS page is used for EAUG
and ELDU in the SGX page fault handler. However, the NULL check for
secs.epc_page is only done for ELDU, not EAUG before being used.
Fix this by doing the same NULL check and reloading of the SECS page as
needed for both EAUG and ELDU.
The SECS page holds global enclave metadata. It can only be reclaimed
when there are no other enclave pages remaining. At that point,
virtually nothing can be done with the enclave until the SECS page is
paged back in.
An enclave can not run nor generate page faults without a resident SECS
page. But it is still possible for a #PF for a non-SECS page to race
with paging out the SECS page: when the last resident non-SECS page A
triggers a #PF in a non-resident page B, and then page A and the SECS
both are paged out before the #PF on B is handled.
Hitting this bug requires that race triggered with a #PF for EAUG.
Following is a trace when it happens.
BUG: kernel NULL pointer dereference, address: 0000000000000000
RIP: 0010:sgx_encl_eaug_page+0xc7/0x210
Call Trace:
? __kmem_cache_alloc_node+0x16a/0x440
? xa_load+0x6e/0xa0
sgx_vma_fault+0x119/0x230
__do_fault+0x36/0x140
do_fault+0x12f/0x400
__handle_mm_fault+0x728/0x1110
handle_mm_fault+0x105/0x310
do_user_addr_fault+0x1ee/0x750
? __this_cpu_preempt_check+0x13/0x20
exc_page_fault+0x76/0x180
asm_exc_page_fault+0x27/0x30
Fixes: 5a90d2c3f5 ("x86/sgx: Support adding of pages to an initialized enclave")
Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Cc:stable@vger.kernel.org
Link: https://lore.kernel.org/all/20230728051024.33063-1-haitao.huang%40linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b23c83ad2c638420ec0608a9de354507c41bec29 ]
VMCLEAR active VMCSes before any emergency reboot, not just if the kernel
may kexec into a new kernel after a crash. Per Intel's SDM, the VMX
architecture doesn't require the CPU to flush the VMCS cache on INIT. If
an emergency reboot doesn't RESET CPUs, cached VMCSes could theoretically
be kept and only be written back to memory after the new kernel is booted,
i.e. could effectively corrupt memory after reboot.
Opportunistically remove the setting of the global pointer to NULL to make
checkpatch happy.
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
Link: https://lore.kernel.org/r/20230721201859.2307736-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a8cf700c17d9ca6cb8ee7dc5c9330dbac3948237 ]
Reading the 'spec_rstack_overflow' sysfs file can trigger an unnecessary
MSR write, and possibly even a (handled) exception if the microcode
hasn't been updated.
Avoid all that by just checking X86_FEATURE_IBPB_BRTYPE instead, which
gets set by srso_select_mitigation() if the updated microcode exists.
Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/27d128899cb8aee9eb2b57ddc996742b0c1d776b.1693889988.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 34cf99c250d5cd2530b93a57b0de31d3aaf8685b ]
The code calling ima_free_kexec_buffer() runs long after the memblock
allocator has already been torn down, potentially resulting in a use
after free in memblock_isolate_range().
With KASAN or KFENCE, this use after free will result in a BUG
from the idle task, and a subsequent kernel panic.
Switch ima_free_kexec_buffer() over to memblock_free_late() to avoid
that bug.
Fixes: fee3ff99bc ("powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c")
Suggested-by: Mike Rappoport <rppt@kernel.org>
Signed-off-by: Rik van Riel <riel@surriel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20230817135558.67274c83@imladris.surriel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Prepare for supporting I/O priority in the storage stack.
Bug: 186902601
Change-Id: I387ac4792c89d88d131c5146b116a0393c01b096
Signed-off-by: Bart Van Assche <bvanassche@google.com>
They don't have device-specific modules. They are just generic configs
that are different from GKI.
Bug: 301852599
Bug: 302301911
Test: run following commands
tools/bazel run //common:kernel_aarch64_microdroid_dist
tools/bazel run //common:kernel_x86_64_microdroid_dist
tools/bazel run //common:kernel_aarch64_microdroid_config -- menuconfig
tools/bazel run //common:kernel_x86_64_microdroid_config -- menuconfig
tools/bazel run //common:kernel_aarch64_crashdump_dist
tools/bazel run //common:kernel_x86_64_crashdump_dist
tools/bazel run //common:kernel_aarch64_crashdump_config -- menuconfig
tools/bazel run //common:kernel_x86_64_crashdump_config -- menuconfig
Change-Id: I8908a7499451ace0740979b694eb5fcc68398c61
Signed-off-by: Jiyong Park <jiyong@google.com>
(cherry picked from commit ae5ea9043d)
They don't have device-specific modules. They are just generic configs
that are different from GKI.
Bug: 301852599
Test: run following commands
tools/bazel run //common:kernel_aarch64_microdroid_dist
tools/bazel run //common:kernel_x86_64_microdroid_dist
tools/bazel run //common:kernel_aarch64_microdroid_config -- menuconfig
tools/bazel run //common:kernel_x86_64_microdroid_config -- menuconfig
tools/bazel run //common:kernel_aarch64_crashdump_dist
tools/bazel run //common:kernel_x86_64_crashdump_dist
tools/bazel run //common:kernel_aarch64_crashdump_config -- menuconfig
tools/bazel run //common:kernel_x86_64_crashdump_config -- menuconfig
Change-Id: I8908a7499451ace0740979b694eb5fcc68398c61
Signed-off-by: Jiyong Park <jiyong@google.com>
[ Upstream commit 75b2f7e4c9e0fd750a5a27ca9736d1daa7a3762a ]
-flto* implies -ffunction-sections. With LTO enabled, ld.lld generates
multiple .text sections for purgatory.ro:
$ readelf -S purgatory.ro | grep " .text"
[ 1] .text PROGBITS 0000000000000000 00000040
[ 7] .text.purgatory PROGBITS 0000000000000000 000020e0
[ 9] .text.warn PROGBITS 0000000000000000 000021c0
[13] .text.sha256_upda PROGBITS 0000000000000000 000022f0
[15] .text.sha224_upda PROGBITS 0000000000000000 00002be0
[17] .text.sha256_fina PROGBITS 0000000000000000 00002bf0
[19] .text.sha224_fina PROGBITS 0000000000000000 00002cc0
This causes WARNING from kexec_purgatory_setup_sechdrs():
WARNING: CPU: 26 PID: 110894 at kernel/kexec_file.c:919
kexec_load_purgatory+0x37f/0x390
Fix this by disabling LTO for purgatory.
[ AFAICT, x86 is the only arch that supports LTO and purgatory. ]
We could also fix this with an explicit linker script to rejoin .text.*
sections back into .text. However, given the benefit of LTOing purgatory
is small, simply disable the production of more .text.* sections for now.
Fixes: b33fff07e3 ("x86, build: allow LTO to be selected")
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20230914170138.995606-1-song@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f530ee95b72e77b09c141c4b1a4b94d1199ffbd9 ]
The decompressor has a hard limit on the number of page tables it can
allocate. This limit is defined at compile-time and will cause boot
failure if it is reached.
The kernel is very strict and calculates the limit precisely for the
worst-case scenario based on the current configuration. However, it is
easy to forget to adjust the limit when a new use-case arises. The
worst-case scenario is rarely encountered during sanity checks.
In the case of enabling 5-level paging, a use-case was overlooked. The
limit needs to be increased by one to accommodate the additional level.
This oversight went unnoticed until Aaron attempted to run the kernel
via kexec with 5-level paging and unaccepted memory enabled.
Update wost-case calculations to include 5-level paging.
To address this issue, let's allocate some extra space for page tables.
128K should be sufficient for any use-case. The logic can be simplified
by using a single value for all kernel configurations.
[ Also add a warning, should this memory run low - by Dave Hansen. ]
Fixes: 34bbb0009f ("x86/boot/compressed: Enable 5-level paging during decompression stage")
Reported-by: Aaron Lu <aaron.lu@intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20230915070221.10266-1-kirill.shutemov@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 25e73b7e3f72a25aa30cbb2eecb49036e0acf066 ]
It was reported that under certain circumstances GCC emits ENDBR
instructions for _THIS_IP_ usage. Specifically, when it appears at the
start of a basic block -- but not elsewhere.
Since _THIS_IP_ is never used for control flow, these ENDBR
instructions are completely superfluous. Override the _THIS_IP_
definition for x86_64 to avoid this.
Less ENDBR instructions is better.
Fixes: 156ff4a544 ("x86/ibt: Base IBT bits")
Reported-by: David Kaplan <David.Kaplan@amd.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20230802110323.016197440@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 1952e74da96fb3e48b72a2d0ece78c688a5848c1 upstream.
Skip initializing the VMSA physical address in the VMCB if the VMSA is
NULL, which occurs during intrahost migration as KVM initializes the VMCB
before copying over state from the source to the destination (including
the VMSA and its physical address).
In normal builds, __pa() is just math, so the bug isn't fatal, but with
CONFIG_DEBUG_VIRTUAL=y, the validity of the virtual address is verified
and passing in NULL will make the kernel unhappy.
Fixes: 6defa24d3b ("KVM: SEV: Init target VMCBs in sev_migrate_from")
Cc: stable@vger.kernel.org
Cc: Peter Gonda <pgonda@google.com>
Reviewed-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@amd.com>
Link: https://lore.kernel.org/r/20230825022357.2852133-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f3cebc75e7425d6949d726bb8e937095b0aef025 upstream.
Update the target pCPU for IOMMU doorbells when updating IRTE routing if
KVM is actively running the associated vCPU. KVM currently only updates
the pCPU when loading the vCPU (via avic_vcpu_load()), and so doorbell
events will be delayed until the vCPU goes through a put+load cycle (which
might very well "never" happen for the lifetime of the VM).
To avoid inserting a stale pCPU, e.g. due to racing between updating IRTE
routing and vCPU load/put, get the pCPU information from the vCPU's
Physical APIC ID table entry (a.k.a. avic_physical_id_cache in KVM) and
update the IRTE while holding ir_list_lock. Add comments with --verbose
enabled to explain exactly what is and isn't protected by ir_list_lock.
Fixes: 411b44ba80 ("svm: Implements update_pi_irte hook to setup posted interrupt")
Reported-by: dengqiao.joey <dengqiao.joey@bytedance.com>
Cc: stable@vger.kernel.org
Cc: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Cc: Joao Martins <joao.m.martins@oracle.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Tested-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Link: https://lore.kernel.org/r/20230808233132.2499764-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0c94e2468491cbf0754f49a5136ab51294a96b69 upstream.
When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired
ratio doesn't match the current ratio, not if the ratio L1 is using for
L2 diverges from the default. Functionally, the end result is the same
as KVM will run L2 with L1's multiplier if L2's multiplier is the default,
i.e. checking that L1's multiplier is loaded is equivalent to checking if
L2 has a non-default multiplier.
However, the assertion that TSC scaling is exposed to L1 is flawed, as
userspace can trigger the WARN at will by writing the MSR and then
updating guest CPUID to hide the feature (modifying guest CPUID is
allowed anytime before KVM_RUN). E.g. hacking KVM's state_test
selftest to do
vcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);
vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);
after restoring state in a new VM+vCPU yields an endless supply of:
------------[ cut here ]------------
WARNING: CPU: 10 PID: 206939 at arch/x86/kvm/svm/nested.c:1105
nested_svm_vmexit+0x6af/0x720 [kvm_amd]
Call Trace:
nested_svm_exit_handled+0x102/0x1f0 [kvm_amd]
svm_handle_exit+0xb9/0x180 [kvm_amd]
kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]
kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]
? trace_hardirqs_off+0x4d/0xa0
__se_sys_ioctl+0x7a/0xc0
__x64_sys_ioctl+0x21/0x30
do_syscall_64+0x41/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Unlike the nested VMRUN path, hoisting the svm->tsc_scaling_enabled check
into the if-statement is wrong as KVM needs to ensure L1's multiplier is
loaded in the above scenario. Alternatively, the WARN_ON() could simply
be deleted, but that would make KVM's behavior even more subtle, e.g. it's
not immediately obvious why it's safe to write MSR_AMD64_TSC_RATIO when
checking only tsc_ratio_msr.
Fixes: 5228eb96a4 ("KVM: x86: nSVM: implement nested TSC scaling")
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230729011608.1065019-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7cafe9b8e22bb3d77f130c461aedf6868c4aaf58 upstream.
Check for nested TSC scaling support on nested SVM VMRUN instead of
asserting that TSC scaling is exposed to L1 if L1's MSR_AMD64_TSC_RATIO
has diverged from KVM's default. Userspace can trigger the WARN at will
by writing the MSR and then updating guest CPUID to hide the feature
(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking
KVM's state_test selftest to do
vcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);
vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);
after restoring state in a new VM+vCPU yields an endless supply of:
------------[ cut here ]------------
WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699
nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]
Call Trace:
<TASK>
enter_svm_guest_mode+0x114/0x560 [kvm_amd]
nested_svm_vmrun+0x260/0x330 [kvm_amd]
vmrun_interception+0x29/0x30 [kvm_amd]
svm_invoke_exit_handler+0x35/0x100 [kvm_amd]
svm_handle_exit+0xe7/0x180 [kvm_amd]
kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]
kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]
__se_sys_ioctl+0x7a/0xc0
__x64_sys_ioctl+0x21/0x30
do_syscall_64+0x41/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x45ca1b
Note, the nested #VMEXIT path has the same flaw, but needs a different
fix and will be handled separately.
Fixes: 5228eb96a4 ("KVM: x86: nSVM: implement nested TSC scaling")
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230729011608.1065019-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cb49631ad111570f1bad37702c11c2ae07fa2e3c upstream.
Don't inject a #UD if KVM attempts to "emulate" to skip an instruction
for an SEV guest, and instead resume the guest and hope that it can make
forward progress. When commit 04c40f344d ("KVM: SVM: Inject #UD on
attempted emulation for SEV guest w/o insn buffer") added the completely
arbitrary #UD behavior, there were no known scenarios where a well-behaved
guest would induce a VM-Exit that triggered emulation, i.e. it was thought
that injecting #UD would be helpful.
However, now that KVM (correctly) attempts to re-inject INT3/INTO, e.g. if
a #NPF is encountered when attempting to deliver the INT3/INTO, an SEV
guest can trigger emulation without a buffer, through no fault of its own.
Resuming the guest and retrying the INT3/INTO is architecturally wrong,
e.g. the vCPU will incorrectly re-hit code #DBs, but for SEV guests there
is literally no other option that has a chance of making forward progress.
Drop the #UD injection for all "skip" emulation, not just those related to
INT3/INTO, even though that means that the guest will likely end up in an
infinite loop instead of getting a #UD (the vCPU may also crash, e.g. if
KVM emulated everything about an instruction except for advancing RIP).
There's no evidence that suggests that an unexpected #UD is actually
better than hanging the vCPU, e.g. a soft-hung vCPU can still respond to
IRQs and NMIs to generate a backtrace.
Reported-by: Wu Zongyo <wuzongyo@mail.ustc.edu.cn>
Closes: https://lore.kernel.org/all/8eb933fd-2cf3-d7a9-32fe-2a1d82eac42a@mail.ustc.edu.cn
Fixes: 6ef88d6e36 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction")
Cc: stable@vger.kernel.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20230825013621.2845700-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4c08e737f056fec930b416a2bd37ed266d724f95 upstream.
Hoist the acquisition of ir_list_lock from avic_update_iommu_vcpu_affinity()
to its two callers, avic_vcpu_load() and avic_vcpu_put(), specifically to
encapsulate the write to the vCPU's entry in the AVIC Physical ID table.
This will allow a future fix to pull information from the Physical ID entry
when updating the IRTE, without potentially consuming stale information,
i.e. without racing with the vCPU being (un)loaded.
Add a comment to call out that ir_list_lock does NOT protect against
multiple writers, specifically that reading the Physical ID entry in
avic_vcpu_put() outside of the lock is safe.
To preserve some semblance of independence from ir_list_lock, keep the
READ_ONCE() in avic_vcpu_load() even though acuiring the spinlock
effectively ensures the load(s) will be generated after acquiring the
lock.
Cc: stable@vger.kernel.org
Tested-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Link: https://lore.kernel.org/r/20230808233132.2499764-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 271de525e1d7f564e88a9d212c50998b49a54476 ]
The commit 64696c40d0 ("bpf: Add __bpf_prog_{enter,exit}_struct_ops for struct_ops trampoline")
removed prog->active check for struct_ops prog. The bpf_lsm
and bpf_iter is also using trampoline. Like struct_ops, the bpf_lsm
and bpf_iter have fixed hooks for the prog to attach. The
kernel does not call the same hook in a recursive way.
This patch also removes the prog->active check for
bpf_lsm and bpf_iter.
A later patch has a test to reproduce the recursion issue
for a sleepable bpf_lsm program.
This patch appends the '_recur' naming to the existing
enter and exit functions that track the prog->active counter.
New __bpf_prog_{enter,exit}[_sleepable] function are
added to skip the prog->active tracking. The '_struct_ops'
version is also removed.
It also moves the decision on picking the enter and exit function to
the new bpf_trampoline_{enter,exit}(). It returns the '_recur' ones
for all tracing progs to use. For bpf_lsm, bpf_iter,
struct_ops (no prog->active tracking after 64696c40d0), and
bpf_lsm_cgroup (no prog->active tracking after 69fd337a97),
it will return the functions that don't track the prog->active.
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://lore.kernel.org/r/20221025184524.3526117-2-martin.lau@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Stable-dep-of: 7645629f7dc8 ("bpf: Invoke __bpf_prog_exit_sleepable_recur() on recursion in kern_sys_bpf().")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5df8ecfe3632d5879d1f154f7aa8de441b5d1c89 ]
Drop the explicit check on the extended CPUID level in cpu_has_svm(), the
kernel's cached CPUID info will leave the entire SVM leaf unset if said
leaf is not supported by hardware. Prior to using cached information,
the check was needed to avoid false positives due to Intel's rather crazy
CPUID behavior of returning the values of the maximum supported leaf if
the specified leaf is unsupported.
Fixes: 682a810887 ("x86/kvm/svm: Simplify cpu_has_svm()")
Link: https://lore.kernel.org/r/20230721201859.2307736-13-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUBaBUACgkQONu9yGCS
aT6OkBAArqBSUyCYQJrhoUlFYBnBqF7BLSkj0GwINGSUOlt5ilJ3kZwH9ftjvpWp
ZtO0Rp/1yH2H5PpcsaLljPl055Sf30e0oCkz6vX16vy17NGnzI4rJi55+nRZbFRH
tBMhMjblgIJoTiTPEQPSGghENok+QzJ9Imffo4/Wru3w5ytkBnGcPPXreHJw+8V5
Pjhzg5tcjhz23rk2wzVtR4VfEqWaHQaapv49rKB1Yls578WYn4QXl4jgUyB7rCo7
9vBB7xy77H1hr9m8ifB/9v1ToV/vw6L1xGPWWWbhsSikFAMBoq34SCsq+6RdeURo
43CCcFsx1s5acM7NQWvxkoV5Hgl8Hc3WgFsx5eVBlNd+vS6ezkgdYuGmN76t+dF/
hZ7XGEoEFuoz9NKQC/5rKjdBd2p/IQYx6vf8EpK0IxFPD4h+DY9pn0FvwuAmxAcA
M41xLYGbXX5l/QJR016B1AYiB3DqVxRRRyQT0yNip+PDAh2N06MOJ84KgMSR9lg7
jyeFKZM2vQ619RopMIspuHTWxNiMw7x94aUhBnY1oD+fDzaRn+VNL8po6QYHLK8U
QTDhrWplTbTuGIF72h+1IyX1aUj6ozoCewl9Y9ry1u9jBb7LZoupVd0s1dwqORIk
2OSo74pDu5F2BT+4hEcCpDRcYvWlfKbZWBunRrMqvHN8BON0Mks=
=aFyS
-----END PGP SIGNATURE-----
Merge 6.1.53 into android14-6.1-lts
Changes in 6.1.53
Revert "bridge: Add extack warning when enabling STP in netns."
Partially revert "drm/amd/display: Fix possible underflow for displays with large vblank"
scsi: ufs: Try harder to change the power mode
Revert "Revert drm/amd/display: Enable Freesync Video Mode by default"
ARM: dts: imx: Set default tuning step for imx7d usdhc
ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform
powerpc/boot: Disable power10 features after BOOTAFLAGS assignment
media: uapi: HEVC: Add num_delta_pocs_of_ref_rps_idx field
Revert "MIPS: unhide PATA_PLATFORM"
phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code
media: amphion: use dev_err_probe
media: pulse8-cec: handle possible ping error
media: pci: cx23885: fix error handling for cx23885 ATSC boards
9p: virtio: fix unlikely null pointer deref in handle_rerror
9p: virtio: make sure 'offs' is initialized in zc_request
ksmbd: fix out of bounds in smb3_decrypt_req()
ksmbd: validate session id and tree id in compound request
ksmbd: no response from compound read
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
ASoC: da7219: Flush pending AAD IRQ when suspending
ASoC: da7219: Check for failure reading AAD IRQ events
ASoC: nau8821: Add DMI quirk mechanism for active-high jack-detect
ethernet: atheros: fix return value check in atl1c_tso_csum()
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
s390/dasd: fix hanging device after request requeue
fs/nls: make load_nls() take a const parameter
ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
ASoc: codecs: ES8316: Fix DMIC config
ASoC: rt711: fix for JD event handling in ClockStop Mode0
ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
ASoC: atmel: Fix the 8K sample parameter in I2SC master
ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
platform/x86: intel: hid: Always call BTNL ACPI method
platform/x86/intel/hid: Add HP Dragonfly G2 to VGBS DMI quirks
platform/x86: think-lmi: Use kfree_sensitive instead of kfree
platform/x86: asus-wmi: Fix setting RGB mode on some TUF laptops
platform/x86: huawei-wmi: Silence ambient light sensor
drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock
drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family
drm/amd/display: Exit idle optimizations before attempt to access PHY
ovl: Always reevaluate the file signature for IMA
ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer()
ALSA: usb-audio: Update for native DSD support quirks
staging: fbtft: ili9341: use macro FBTFT_REGISTER_SPI_DRIVER
security: keys: perform capable check only on privileged operations
kprobes: Prohibit probing on CFI preamble symbol
clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM
vmbus_testing: fix wrong python syntax for integer value comparison
Revert "wifi: ath6k: silence false positive -Wno-dangling-pointer warning on GCC 12"
net: dsa: microchip: KSZ9477 register regmap alignment to 32 bit boundaries
net: annotate data-races around sk->sk_{rcv|snd}timeo
net: usb: qmi_wwan: add Quectel EM05GV2
wifi: brcmfmac: Fix field-spanning write in brcmf_scan_params_v2_to_v1()
powerpc/powermac: Use early_* IO variants in via_calibrate_decr()
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
platform/x86/amd/pmf: Fix unsigned comparison with less than zero
scsi: lpfc: Remove reftag check in DIF paths
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
net: hns3: restore user pause configure when disable autoneg
drm/amdgpu: Match against exact bootloader status
wifi: cfg80211: remove links only on AP
wifi: mac80211: Use active_links instead of valid_links in Tx
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
cifs: fix sockaddr comparison in iface_cmp
cifs: fix max_credits implementation
sctp: handle invalid error codes without calling BUG()
scsi: aacraid: Reply queue mapping to CPUs based on IRQ affinity
scsi: storvsc: Always set no_report_opcodes
scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path
LoongArch: Let pmd_present() return true when splitting pmd
LoongArch: Fix the write_fcsr() macro
ALSA: seq: oss: Fix racy open/close of MIDI devices
net: sfp: handle 100G/25G active optical cables in sfp_parse_support
tracing: Introduce pipe_cpumask to avoid race on trace_pipes
platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications
of: property: Simplify of_link_to_phandle()
cpufreq: intel_pstate: set stale CPU frequency to minimum
crypto: rsa-pkcs1pad - Use helper to set reqsize
tpm: Enable hwrng only for Pluton on AMD CPUs
KVM: x86/mmu: Use kstrtobool() instead of strtobool()
KVM: x86/mmu: Add "never" option to allow sticky disabling of nx_huge_pages
net: Avoid address overwrite in kernel_connect
drm/amd/display: ensure async flips are only accepted for fast updates
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
Revert "PCI: tegra194: Enable support for 256 Byte payload"
Revert "net: macsec: preserve ingress frame ordering"
tools lib subcmd: Add install target
tools lib subcmd: Make install_headers clearer
tools lib subcmd: Add dependency test to install_headers
tools/resolve_btfids: Use pkg-config to locate libelf
tools/resolve_btfids: Install subcmd headers
tools/resolve_btfids: Alter how HOSTCC is forced
tools/resolve_btfids: Compile resolve_btfids as host program
tools/resolve_btfids: Tidy HOST_OVERRIDES
tools/resolve_btfids: Pass HOSTCFLAGS as EXTRA_CFLAGS to prepare targets
tools/resolve_btfids: Fix setting HOSTCFLAGS
reiserfs: Check the return value from __getblk()
eventfd: prevent underflow for eventfd semaphores
fs: Fix error checking for d_hash_and_lookup()
iomap: Remove large folio handling in iomap_invalidate_folio()
tmpfs: verify {g,u}id mount options correctly
selftests/harness: Actually report SKIP for signal tests
vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing
ARM: ptrace: Restore syscall restart tracing
ARM: ptrace: Restore syscall skipping for tracers
refscale: Fix uninitalized use of wait_queue_head_t
OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
selftests/resctrl: Add resctrl.h into build deps
selftests/resctrl: Don't leak buffer in fill_cache()
selftests/resctrl: Unmount resctrl FS if child fails to run benchmark
selftests/resctrl: Close perf value read fd on errors
arm64/ptrace: Clean up error handling path in sve_set_common()
sched/psi: Select KERNFS as needed
x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved
arm64/sme: Don't use streaming mode to probe the maximum SME VL
arm64/fpsimd: Only provide the length to cpufeature for xCR registers
sched/rt: Fix sysctl_sched_rr_timeslice intial value
perf/imx_ddr: don't enable counter0 if none of 4 counters are used
selftests/futex: Order calls to futex_lock_pi
s390/pkey: fix/harmonize internal keyblob headers
s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_GENSECK2 IOCTL
s390/pkey: fix PKEY_TYPE_EP11_AES handling for sysfs attributes
s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs
irqchip/loongson-eiointc: Fix return value checking of eiointc_index
ACPI: x86: s2idle: Post-increment variables when getting constraints
ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table
thermal/of: Fix potential uninitialized value access
cpufreq: amd-pstate-ut: Remove module parameter access
cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver
x86/efistub: Fix PCI ROM preservation in mixed mode
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
selftests/bpf: Fix bpf_nf failure upon test rerun
bpftool: use a local copy of perf_event to fix accessing :: Bpf_cookie
bpftool: Define a local bpf_perf_link to fix accessing its fields
bpftool: Use a local copy of BPF_LINK_TYPE_PERF_EVENT in pid_iter.bpf.c
bpftool: Use a local bpf_perf_event_value to fix accessing its fields
libbpf: Fix realloc API handling in zero-sized edge cases
bpf: Clear the probe_addr for uprobe
bpf: Fix an error in verifying a field in a union
crypto: qat - change value of default idle filter
tcp: tcp_enter_quickack_mode() should be static
hwrng: nomadik - keep clock enabled while hwrng is registered
hwrng: pic32 - use devm_clk_get_enabled
regmap: rbtree: Use alloc_flags for memory allocations
wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set()
wifi: mt76: mt7921: fix non-PSC channel scan fail
udp: re-score reuseport groups when connected sockets are present
bpf: reject unhashed sockets in bpf_sk_assign
wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mt76: mt7915: fix power-limits while chan_switch
wifi: mwifiex: Fix OOB and integer underflow when rx packets
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
selftests/bpf: fix static assert compilation issue for test_cls_*.c
kbuild: rust_is_available: remove -v option
kbuild: rust_is_available: fix version check when CC has multiple arguments
kbuild: rust_is_available: add check for `bindgen` invocation
kbuild: rust_is_available: fix confusion when a version appears in the path
crypto: stm32 - Properly handle pm_runtime_get failing
crypto: api - Use work queue in crypto_destroy_instance
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
Bluetooth: Fix potential use-after-free when clear keys
Bluetooth: hci_sync: Don't double print name in add/remove adv_monitor
Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()
net: tcp: fix unexcepted socket die when snd_wnd is 0
selftests/bpf: Fix repeat option when kfunc_call verification fails
selftests/bpf: Clean up fmod_ret in bench_rename test script
net-memcg: Fix scope of sockmem pressure indicators
ice: ice_aq_check_events: fix off-by-one check when filling buffer
crypto: caam - fix unchecked return value error
hwrng: iproc-rng200 - Implement suspend and resume calls
lwt: Fix return values of BPF xmit ops
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
net: annotate data-races around sk->sk_lingertime
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
ARM: dts: Add .dts files missing from the build
samples/bpf: fix bio latency check with tracepoint
samples/bpf: fix broken map lookup probe
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute
mac80211: make ieee80211_tx_info padding explicit
wifi: mwifiex: avoid possible NULL skb pointer dereference
Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave()
arm64: mm: use ptep_clear() instead of pte_clear() in clear_flush()
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
ice: avoid executing commands on other ports when driving sync
net: arcnet: Do not call kfree_skb() under local_irq_disable()
mlxsw: i2c: Fix chunk size setting in output mailbox buffer
mlxsw: i2c: Limit single transaction buffer size
mlxsw: core_hwmon: Adjust module label names based on MTCAP sensor counter
hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
octeontx2-pf: Refactor schedular queue alloc/free calls
octeontx2-pf: Fix PFC TX scheduler free
cteonxt2-pf: Fix backpressure config for multiple PFC priorities to work simultaneously
sfc: Check firmware supports Ethernet PTP filter
net/sched: sch_hfsc: Ensure inner classes have fsc curve
netrom: Deny concurrent connect().
drm/bridge: tc358764: Fix debug print parameter order
ASoC: cs43130: Fix numerator/denominator mixup
quota: factor out dquot_write_dquot()
quota: rename dquot_active() to inode_quota_active()
quota: add new helper dquot_active()
quota: fix dqput() to follow the guarantees dquot_srcu should provide
drm/amd/display: Do not set drr on pipe commit
drm/hyperv: Fix a compilation issue because of not including screen_info.h
ASoC: stac9766: fix build errors with REGMAP_AC97
soc: qcom: ocmem: Add OCMEM hardware version print
soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros
arm64: dts: qcom: sm6350: Fix ZAP region
arm64: dts: qcom: sm8250: correct dynamic power coefficients
arm64: dts: qcom: msm8916-l8150: correct light sensor VDDIO supply
arm64: dts: qcom: sm8250-edo: Add gpio line names for TLMM
arm64: dts: qcom: sm8250-edo: Add GPIO line names for PMIC GPIOs
arm64: dts: qcom: sm8250-edo: Rectify gpio-keys
arm64: dts: qcom: sc8280xp-crd: Correct vreg_misc_3p3 GPIO
arm64: dts: qcom: sc8280xp: Add missing SCM interconnect
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
arm64: dts: qcom: sdm845-tama: Set serial indices and stdout-path
arm64: dts: qcom: sm8350: Fix CPU idle state residency times
arm64: dts: qcom: sm8350: Add missing LMH interrupts to cpufreq
arm64: dts: qcom: sm8350: Use proper CPU compatibles
arm64: dts: qcom: pm8350: fix thermal zone name
arm64: dts: qcom: pm8350b: fix thermal zone name
arm64: dts: qcom: pmr735b: fix thermal zone name
arm64: dts: qcom: pmk8350: fix ADC-TM compatible string
arm64: dts: qcom: sm8250: Mark PCIe hosts as DMA coherent
ARM: dts: stm32: Rename mdio0 to mdio
ARM: dts: stm32: YAML validation fails for Argon Boards
ARM: dts: stm32: adopt generic iio bindings for adc channels on emstamp-argon
ARM: dts: stm32: Add missing detach mailbox for emtrion emSBC-Argon
ARM: dts: stm32: YAML validation fails for Odyssey Boards
ARM: dts: stm32: Add missing detach mailbox for Odyssey SoM
ARM: dts: stm32: Update to generic ADC channel binding on DHSOM systems
ARM: dts: stm32: Add missing detach mailbox for DHCOM SoM
firmware: ti_sci: Use system_state to determine polling
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
arm64: tegra: Fix HSUART for Jetson AGX Orin
arm64: dts: qcom: sm8250-sony-xperia: correct GPIO keys wakeup again
arm64: dts: qcom: pm6150l: Add missing short interrupt
arm64: dts: qcom: pm660l: Add missing short interrupt
arm64: dts: qcom: pmi8994: Add missing OVP interrupt
arm64: tegra: Fix HSUART for Smaug
drm/etnaviv: fix dumping of active MMU context
block: cleanup queue_wc_store
block: don't allow enabling a cache on devices that don't support it
x86/mm: Fix PAT bit missing from page protection modify mask
drm/bridge: anx7625: Use common macros for DP power sequencing commands
drm/bridge: anx7625: Use common macros for HDCP capabilities
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC
arm64: dts: qcom: sdm845: Fix the min frequency of "ice_core_clk"
arm64: dts: qcom: msm8996-gemini: fix touchscreen VIO supply
drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
md: Factor out is_md_suspended helper
md: Change active_io to percpu
md: restore 'noio_flag' for the last mddev_resume()
md/raid10: factor out dereference_rdev_and_rrdev()
md/raid10: use dereference_rdev_and_rrdev() to get devices
md/md-bitmap: remove unnecessary local variable in backlog_store()
md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
drm/msm: Update dev core dump to not print backwards
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
arm64: dts: qcom: sm8150: Fix the I2C7 interrupt
ARM: dts: BCM53573: Fix Tenda AC9 switch CPU port
drm/armada: Fix off-by-one error in armada_overlay_get_property()
drm/repaper: Reduce temporary buffer size in repaper_fb_dirty()
drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
soc: qcom: smem: Fix incompatible types in comparison
drm/msm/mdp5: Don't leak some plane state
firmware: meson_sm: fix to avoid potential NULL pointer dereference
drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done
smackfs: Prevent underflow in smk_set_cipso()
drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create()
drm/msm/a2xx: Call adreno_gpu_init() earlier
audit: fix possible soft lockup in __audit_inode_child()
block/mq-deadline: use correct way to throttling write requests
io_uring: fix drain stalls by invalid SQE
drm/mediatek: dp: Add missing error checks in mtk_dp_parse_capabilities
bus: ti-sysc: Fix build warning for 64-bit build
drm/mediatek: Remove freeing not dynamic allocated memory
ARM: dts: qcom: ipq4019: correct SDHCI XO clock
drm/mediatek: Fix potential memory leak if vmap() fail
arm64: dts: qcom: apq8016-sbc: Fix ov5640 regulator supply names
arm64: dts: qcom: msm8998: Drop bus clock reference from MMSS SMMU
arm64: dts: qcom: msm8998: Add missing power domain to MMSS SMMU
arm64: dts: qcom: msm8996: Fix dsi1 interrupts
arm64: dts: qcom: sc8280xp-x13s: Unreserve NC pins
bus: ti-sysc: Fix cast to enum warning
md/raid5-cache: fix a deadlock in r5l_exit_log()
md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()
firmware: cs_dsp: Fix new control name check
md: add error_handlers for raid0 and linear
md/raid0: Factor out helper for mapping and submitting a bio
md/raid0: Fix performance regression for large sequential writes
md: raid0: account for split bio in iostat accounting
ASoC: SOF: amd: clear dsp to host interrupt status
of: overlay: Call of_changeset_init() early
of: unittest: Fix overlay type in apply/revert check
ALSA: ac97: Fix possible error value of *rac97
ipmi:ssif: Add check for kstrdup
ipmi:ssif: Fix a memory leak when scanning for an adapter
clk: qcom: gpucc-sm6350: Introduce index-based clk lookup
clk: qcom: gpucc-sm6350: Fix clock source names
clk: qcom: gcc-sc8280xp: Add EMAC GDSCs
clk: qcom: gcc-sc8280xp: Add missing GDSC flags
dt-bindings: clock: qcom,gcc-sc8280xp: Add missing GDSCs
clk: qcom: gcc-sc8280xp: Add missing GDSCs
clk: rockchip: rk3568: Fix PLL rate setting for 78.75MHz
PCI: apple: Initialize pcie->nvecs before use
PCI: qcom-ep: Switch MHI bus master clock off during L1SS
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
PCI/DOE: Fix destroy_work_on_stack() race
clk: sunxi-ng: Modify mismatched function name
clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
EDAC/igen6: Fix the issue of no error events
ext4: correct grp validation in ext4_mb_good_group
ext4: avoid potential data overflow in next_linear_group
clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src
kvm/vfio: Prepare for accepting vfio device fd
kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add()
clk: qcom: reset: Use the correct type of sleep/delay based on length
clk: qcom: gcc-sm6350: Fix gcc_sdcc2_apps_clk_src
PCI: microchip: Correct the DED and SEC interrupt bit offsets
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
pinctrl: mcp23s08: check return value of devm_kasprintf()
PCI: Allow drivers to request exclusive config regions
PCI: Add locking to RMW PCI Express Capability Register accessors
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI/ASPM: Use RMW accessors for changing LNKCTL
clk: qcom: gcc-sm8450: Use floor ops for SDCC RCGs
clk: imx: pllv4: Fix SPLL2 MULT range
clk: imx: imx8ulp: update SPLL2 type
clk: imx8mp: fix sai4 clock
clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE
vfio/type1: fix cap_migration information leak
nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()
nvdimm: Fix dereference after free in register_nvdimm_pmu()
powerpc/fadump: reset dump area size if fadump memory reserve fails
powerpc/perf: Convert fsl_emb notifier to state machine callbacks
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/radeon: Use RMW accessors for changing LNKCTL
net/mlx5: Use RMW accessors for changing LNKCTL
wifi: ath11k: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
NFSv4.2: Rework scratch handling for READ_PLUS
NFSv4.2: Fix READ_PLUS smatch warnings
NFSv4.2: Fix up READ_PLUS alignment
NFSv4.2: Fix READ_PLUS size calculations
powerpc: Don't include lppaca.h in paca.h
powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
nfs/blocklayout: Use the passed in gfp flags
powerpc/pseries: Fix hcall tracepoints with JUMP_LABEL=n
powerpc/mpc5xxx: Add missing fwnode_handle_put()
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
ext4: fix unttached inode after power cut with orphan file feature enabled
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ
pNFS: Fix assignment of xprtdata.cred
cgroup/cpuset: Inherit parent's load balance state in v2
RDMA/qedr: Remove a duplicate assignment in irdma_query_ah()
media: ov5640: fix low resolution image abnormal issue
media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables
media: i2c: tvp5150: check return value of devm_kasprintf()
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind
iommu: rockchip: Fix directory table address encoding
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
RDMA/siw: Fabricate a GID on tun and loopback devices
scsi: hisi_sas: Fix warnings detected by sparse
scsi: hisi_sas: Fix normally completed I/O analysed as failed
dt-bindings: extcon: maxim,max77843: restrict connector properties
media: amphion: reinit vpu if reqbufs output 0
media: amphion: add helper function to get id name
media: mtk-jpeg: Fix use after free bug due to uncanceled work
media: rkvdec: increase max supported height for H.264
media: amphion: fix CHECKED_RETURN issues reported by coverity
media: amphion: fix REVERSE_INULL issues reported by coverity
media: amphion: fix UNINIT issues reported by coverity
media: amphion: fix UNUSED_VALUE issue reported by coverity
media: amphion: ensure the bitops don't cross boundaries
media: mediatek: vcodec: Return NULL if no vdec_fb is found
media: mediatek: vcodec: fix potential double free
media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init()
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: RDMA/srp: Fix residual handling
scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param()
scsi: iscsi: Add length check for nlattr payload
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
iio: accel: adxl313: Fix adxl313_i2c_id[] table
serial: sprd: Assign sprd_port after initialized to avoid wrong access
serial: sprd: Fix DMA buffer leak issue
x86/APM: drop the duplicate APM_MINOR_DEV macro
RDMA/rxe: Split rxe_run_task() into two subroutines
RDMA/rxe: Fix incomplete state save in rxe_requester
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
RDMA/irdma: Replace one-element array with flexible-array member
coresight: tmc: Explicit type conversions to prevent integer overflow
interconnect: qcom: qcm2290: Enable sync state
dma-buf/sync_file: Fix docs syntax
driver core: test_async: fix an error code
driver core: Call dma_cleanup() on the test_remove path
kernfs: add stub helper for kernfs_generic_poll()
extcon: cht_wc: add POWER_SUPPLY dependency
iommu/mediatek: Remove unused "mapping" member from mtk_iommu_data
iommu/mediatek: Fix two IOMMU share pagetable issue
iommu/sprd: Add missing force_aperture
RDMA/hns: Fix port active speed
RDMA/hns: Fix incorrect post-send with direct wqe of wr-list
RDMA/hns: Fix inaccurate error label name in init instance
RDMA/hns: Fix CQ and QP cache affinity
IB/uverbs: Fix an potential error pointer dereference
fsi: aspeed: Reset master errors after CFAM reset
iommu/qcom: Disable and reset context bank before programming
iommu/vt-d: Fix to flush cache of PASID directory table
platform/x86: dell-sysman: Fix reference leak
media: cec: core: add adap_nb_transmit_canceled() callback
media: cec: core: add adap_unconfigured() callback
media: go7007: Remove redundant if statement
media: venus: hfi_venus: Only consider sys_idle_indicator on V1
docs: ABI: fix spelling/grammar in SBEFIFO timeout interface
USB: gadget: core: Add missing kerneldoc for vbus_work
USB: gadget: f_mass_storage: Fix unused variable warning
drivers: base: Free devm resources when unregistering a device
HID: input: Support devices sending Eraser without Invert
media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
media: ov5640: Fix initial RESETB state and annotate timings
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
media: ov2680: Remove auto-gain and auto-exposure controls
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s
media: ov2680: Don't take the lock for try_fmt calls
media: ov2680: Add ov2680_fill_format() helper function
media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
media: i2c: rdacm21: Fix uninitialized value
f2fs: fix to avoid mmap vs set_compress_option case
f2fs: judge whether discard_unit is section only when have CONFIG_BLK_DEV_ZONED
f2fs: Only lfs mode is allowed with zoned block device feature
Revert "f2fs: fix to do sanity check on extent cache correctly"
cgroup:namespace: Remove unused cgroup_namespaces_init()
coresight: trbe: Fix TRBE potential sleep in atomic context
RDMA/irdma: Prevent zero-length STAG registration
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
interconnect: qcom: sm8450: Enable sync_state
interconnect: qcom: bcm-voter: Improve enable_mask handling
interconnect: qcom: bcm-voter: Use enable_maks for keepalive voting
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
RDMA/siw: Balance the reference of cep->kref in the error path
RDMA/siw: Correct wrong debug message
RDMA/efa: Fix wrong resources deallocation order
HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
HID: uclogic: Correct devm device reference for hidinput input_dev name
HID: multitouch: Correct devm device reference for hidinput input_dev name
platform/x86/amd/pmf: Fix a missing cleanup path
tick/rcu: Fix false positive "softirq work is pending" messages
x86/speculation: Mark all Skylake CPUs as vulnerable to GDS
tracing: Remove extra space at the end of hwlat_detector/mode
tracing: Fix race issue between cpu buffer write and swap
mtd: rawnand: brcmnand: Fix mtd oobsize
dmaengine: idxd: Modify the dependence of attribute pasid_enabled
phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate
phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write
rpmsg: glink: Add check for kstrdup
leds: pwm: Fix error code in led_pwm_create_fwnode()
leds: multicolor: Use rounded division when calculating color components
leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false
leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead
mtd: spi-nor: Check bus width while setting QE bit
mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume()
um: Fix hostaudio build errors
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
Drivers: hv: vmbus: Don't dereference ACPI root object handle
cpufreq: Fix the race condition while updating the transition_task of policy
virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: nft_exthdr: Fix non-linear header modification
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
skbuff: skb_segment, Call zero copy functions before using skbuff frags
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
rcu: dump vmalloc memory info safely
printk: ringbuffer: Fix truncating buffer size min_t cast
scsi: core: Fix the scsi_set_resid() documentation
mm/vmalloc: add a safer version of find_vm_area() for debug
cpu/hotplug: Prevent self deadlock on CPU hot-unplug
media: i2c: ccs: Check rules is non-NULL
media: i2c: Add a camera sensor top level menu
PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address
ipmi_si: fix a memleak in try_smi_init()
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
XArray: Do not return sibling entries from xa_load()
io_uring: break iopolling on signal
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
drm/amd/display: register edp_backlight_control() for DCN301
xtensa: PMU: fix base address for the newer hardware
LoongArch: mm: Add p?d_leaf() definitions
i3c: master: svc: fix probe failure when no i3c device exist
arm64: csum: Fix OoB access in IP checksum code for negative lengths
ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs.
media: dvb: symbol fixup for dvb_attach()
media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts
Revert "scsi: qla2xxx: Fix buffer overrun"
scsi: mpt3sas: Perform additional retries if doorbell read returns 0
PCI: Free released resource after coalescing
PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation
PCI/PM: Only read PCI_PM_CTRL register when available
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
block: don't add or resize partition on the disk with GENHD_FL_NO_PART
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
drm/amd/display: Add smu write msg id fail retry process
bpf: Fix issue in verifying allow_ptr_leaks
dlm: fix plock lookup when using multiple lockspaces
dccp: Fix out of bounds access in DCCP error handler
x86/sev: Make enc_dec_hypercall() accept a size instead of npages
r8169: fix ASPM-related issues on a number of systems with NIC version from RTL8168h
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
fsverity: skip PKCS#7 parser when keyring is empty
x86/MCE: Always save CS register on AMD Zen IF Poison errors
platform/chrome: chromeos_acpi: print hex string for ACPI_TYPE_BUFFER
mmc: renesas_sdhi: register irqs before registering controller
pstore/ram: Check start of empty przs during init
arm64: sdei: abort running SDEI handlers during crash
s390/dcssblk: fix kernel crash with list_add corruption
s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
s390/dasd: fix string length handling
crypto: stm32 - fix loop iterating through scatterlist for DMA
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
of: property: fw_devlink: Add a devlink for panel followers
usb: typec: tcpm: set initial svdm version based on pd revision
usb: typec: bus: verify partner exists in typec_altmode_attention
USB: core: Unite old scheme and new scheme descriptor reads
USB: core: Change usb_get_device_descriptor() API
USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
USB: core: Fix oversight in SuperSpeed initialization
x86/sgx: Break up long non-preemptible delays in sgx_vepc_release()
perf/x86/uncore: Correct the number of CHAs on EMR
serial: sc16is7xx: remove obsolete out_thread label
serial: sc16is7xx: fix regression with GPIO configuration
tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY
Revert "drm/amd/display: Do not set drr on pipe commit"
md: Free resources in __md_stop
NFSv4.2: Fix a potential double free with READ_PLUS
NFSv4.2: Rework scratch handling for READ_PLUS (again)
md: fix regression for null-ptr-deference in __md_stop()
clk: Mark a fwnode as initialized when using CLK_OF_DECLARE() macro
treewide: Fix probing of devices in DT overlays
clk: Avoid invalid function names in CLK_OF_DECLARE()
udf: initialize newblock to 0
Linux 6.1.53
Change-Id: I6f5858bce0f20963ae42515eac36ac14cb686f24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.51
ACPI: thermal: Drop nocrt parameter
module: Expose module_init_layout_section()
arm64: module-plts: inline linux/moduleloader.h
arm64: module: Use module_init_layout_section() to spot init sections
ARM: module: Use module_init_layout_section() to spot init sections
lockdep: fix static memory detection even more
parisc: Cleanup mmap implementation regarding color alignment
parisc: sys_parisc: parisc_personality() is called from asm code
io_uring/parisc: Adjust pgoff in io_uring mmap() for parisc
kallsyms: Fix kallsyms_selftest failure
thunderbolt: Fix a backport error for display flickering issue
Linux 6.1.51
Change-Id: I8bc79fc29ebf10ba654c16b771af1519eea39b38
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.50
NFSv4.2: fix error handling in nfs42_proc_getxattr
NFSv4: fix out path in __nfs4_get_acl_uncached
xprtrdma: Remap Receive buffers after a reconnect
drm/ast: Use drm_aperture_remove_conflicting_pci_framebuffers
fbdev/radeon: use pci aperture helpers
drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers
drm/aperture: Remove primary argument
video/aperture: Only kick vgacon when the pdev is decoding vga
video/aperture: Move vga handling to pci function
PCI: acpiphp: Reassign resources on bridge if necessary
MIPS: cpu-features: Enable octeon_cache by cpu_type
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
jbd2: remove t_checkpoint_io_list
jbd2: remove journal_clean_one_cp_list()
jbd2: fix a race when checking checkpoint buffer busy
can: raw: fix receiver memory leak
can: raw: fix lockdep issue in raw_release()
s390/zcrypt: remove unnecessary (void *) conversions
s390/zcrypt: fix reply buffer calculations for CCA replies
drm/i915: Add the gen12_needs_ccs_aux_inv helper
drm/i915/gt: Ensure memory quiesced before invalidation
drm/i915/gt: Poll aux invalidation register bit on invalidation
drm/i915/gt: Support aux invalidation on all engines
tracing: Fix cpu buffers unavailable due to 'record_disabled' missed
tracing: Fix memleak due to race between current_tracer and trace
octeontx2-af: SDP: fix receive link config
devlink: move code to a dedicated directory
devlink: add missing unregister linecard notification
net: dsa: felix: fix oversize frame dropping for always closed tc-taprio gates
sock: annotate data-races around prot->memory_pressure
dccp: annotate data-races in dccp_poll()
ipvlan: Fix a reference count leak warning in ipvlan_ns_exit()
mlxsw: pci: Set time stamp fields also when its type is MIRROR_UTC
mlxsw: reg: Fix SSPR register layout
mlxsw: Fix the size of 'VIRT_ROUTER_MSB'
selftests: mlxsw: Fix test failure on Spectrum-4
net: dsa: mt7530: fix handling of 802.1X PAE frames
net: bgmac: Fix return value check for fixed_phy_register()
net: bcmgenet: Fix return value check for fixed_phy_register()
net: validate veth and vxcan peer ifindexes
ipv4: fix data-races around inet->inet_id
ice: fix receive buffer size miscalculation
Revert "ice: Fix ice VF reset during iavf initialization"
ice: Fix NULL pointer deref during VF reset
selftests: bonding: do not set port down before adding to bond
can: isotp: fix support for transmission of SF without flow control
igb: Avoid starting unnecessary workqueues
igc: Fix the typo in the PTM Control macro
net/sched: fix a qdisc modification with ambiguous command request
i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters()
netfilter: nf_tables: flush pending destroy work before netlink notifier
netfilter: nf_tables: fix out of memory error handling
rtnetlink: Reject negative ifindexes in RTM_NEWLINK
bonding: fix macvlan over alb bond support
KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated
KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs
io_uring: get rid of double locking
io_uring: extract a io_msg_install_complete helper
io_uring/msg_ring: move double lock/unlock helpers higher up
io_uring/msg_ring: fix missing lock on overflow for IOPOLL
ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
ASoC: cs35l41: Correct amp_gain_tlv values
ibmveth: Use dcbf rather than dcbfl
wifi: mac80211: limit reorder_buf_filtered to avoid UBSAN warning
platform/x86: ideapad-laptop: Add support for new hotkeys found on ThinkBook 14s Yoga ITL
NFSv4: Fix dropped lock for racing OPEN and delegation return
clk: Fix slab-out-of-bounds error in devm_clk_release()
mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer
shmem: fix smaps BUG sleeping while atomic
ALSA: ymfpci: Fix the missing snd_card_free() call at probe error
mm/gup: handle cont-PTE hugetlb pages correctly in gup_must_unshare() via GUP-fast
mm: add a call to flush_cache_vmap() in vmap_pfn()
mm: memory-failure: fix unexpected return value in soft_offline_page()
NFS: Fix a use after free in nfs_direct_join_group()
nfsd: Fix race to FREE_STATEID and cl_revoked
selinux: set next pointer before attaching to list
batman-adv: Trigger events for auto adjusted MTU
batman-adv: Don't increase MTU when set by user
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Hold rtnl lock during MTU update via netlink
lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
riscv: Handle zicsr/zifencei issue between gcc and binutils
riscv: Fix build errors using binutils2.37 toolchains
radix tree: remove unused variable
of: unittest: Fix EXPECT for parse_phandle_with_args_map() test
of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock
pinctrl: amd: Mask wake bits on probe again
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
drm/vmwgfx: Fix shader stage validation
drm/i915/dgfx: Enable d3cold at s2idle
drm/display/dp: Fix the DP DSC Receiver cap size
x86/fpu: Invalidate FPU state correctly on exec()
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
hwmon: (aquacomputer_d5next) Add selective 200ms delay after sending ctrl report
selftests/net: mv bpf/nat6to4.c to net folder
nfs: use vfs setgid helper
nfsd: use vfs setgid helper
cgroup/cpuset: Rename functions dealing with DEADLINE accounting
sched/cpuset: Bring back cpuset_mutex
sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets
cgroup/cpuset: Iterate only if DEADLINE tasks are present
sched/deadline: Create DL BW alloc, free & check overflow interface
cgroup/cpuset: Free DL BW in case can_attach() fails
thunderbolt: Fix Thunderbolt 3 display flickering issue on 2nd hot plug onwards
ublk: remove check IO_URING_F_SQE128 in ublk_ch_uring_cmd
can: raw: add missing refcount for memory leak fix
madvise:madvise_free_pte_range(): don't use mapcount() against large folio for sharing check
scsi: snic: Fix double free in snic_tgt_create()
scsi: core: raid_class: Remove raid_component_add()
clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
pinctrl: renesas: rzg2l: Fix NULL pointer dereference in rzg2l_dt_subnode_to_map()
pinctrl: renesas: rzv2m: Fix NULL pointer dereference in rzv2m_dt_subnode_to_map()
pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function}
dma-buf/sw_sync: Avoid recursive lock during fence signal
gpio: sim: dispose of irq mappings before destroying the irq_sim domain
gpio: sim: pass the GPIO device's software node to irq domain
ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ
maple_tree: disable mas_wr_append() when other readers are possible
ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
Linux 6.1.50
Change-Id: I9b8e3da5baa106b08b2b90974c19128141817580
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.48
x86/cpu: Fix __x86_return_thunk symbol type
x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
x86/alternative: Make custom return thunk unconditional
x86/cpu: Clean up SRSO return thunk mess
x86/cpu: Rename original retbleed methods
x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
x86/cpu: Cleanup the untrain mess
x86/srso: Explain the untraining sequences a bit more
x86/static_call: Fix __static_call_fixup()
x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
x86/CPU/AMD: Fix the DIV(0) initial fix attempt
x86/srso: Disable the mitigation on unaffected configurations
x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
objtool/x86: Fixup frame-pointer vs rethunk
x86/srso: Correct the mitigation status when SMT is disabled
Linux 6.1.48
Change-Id: I9e2a6d887a9041b0203fdf8ad3d3ebc8177e2d24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.46
gcc-plugins: Reorganize gimple includes for GCC 13
Revert "loongarch/cpu: Switch to arch_cpu_finalize_init()"
tpm: Disable RNG for all AMD fTPMs
tpm: Add a helper for checking hwrng enabled
ksmbd: validate command request size
ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
KVM: SEV: snapshot the GHCB before accessing it
KVM: SEV: only access GHCB fields once
wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()
wifi: rtw89: fix 8852AE disconnection caused by RX full flags
selftests: forwarding: Set default IPv6 traceroute utility
wireguard: allowedips: expand maximum node depth
mmc: moxart: read scr register without changing byte order
ipv6: adjust ndisc_is_useropt() to also return true for PIO
selftests: mptcp: join: fix 'delete and re-add' test
selftests: mptcp: join: fix 'implicit EP' test
mptcp: avoid bogus reset on fallback close
mptcp: fix disconnect vs accept race
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
net: mana: Fix MANA VF unload when hardware is unresponsive
riscv/kexec: load initrd high in available memory
riscv,mmio: Fix readX()-to-delay() ordering
riscv/kexec: handle R_RISCV_CALL_PLT relocation type
nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM9B1 256G and 512G
drm/nouveau/gr: enable memory loads on helper invocation on all channels
drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues
drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap()
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
drm/amd/display: check attr flag before set cursor degamma on DCN3+
drm/amdgpu: add S/G display parameter
drm/amd: Disable S/G for APUs when 64GB or more host memory
drm/amd/display: limit DPIA link rate to HBR3
cpuidle: dt_idle_genpd: Add helper function to remove genpd topology
hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100
radix tree test suite: fix incorrect allocation size for pthreads
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings
drm/amd/pm: expose swctf threshold setting for legacy powerplay
drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings
drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation
drm/amd/display: Handle virtual hardware detect
drm/amd/display: Add function for validate and update new stream
drm/amd/display: Handle seamless boot stream
drm/amd/display: Update OTG instance in the commit stream
drm/amd/display: Avoid ABM when ODM combine is enabled for eDP
drm/amd/display: Use update plane and stream routine for DCN32x
drm/amd/display: Disable phantom OTG after enable for plane disable
drm/amd/display: Retain phantom plane/stream if validation fails
drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set
drm/amd/display: trigger timing sync only if TG is running
io_uring: correct check for O_TMPFILE
iio: cros_ec: Fix the allocation size for cros_ec_command
iio: frequency: admv1013: propagate errors from regulator_get_voltage()
iio: adc: ad7192: Fix ac excitation feature
iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
binder: fix memory leak in binder_init()
misc: rtsx: judge ASPM Mode to set PETXCFG Reg
usb-storage: alauda: Fix uninit-value in alauda_check_media()
usb: dwc3: Properly handle processing of pending events
USB: Gadget: core: Help prevent panic during UVC unconfigure
usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
usb: typec: tcpm: Fix response to vsafe0V event
usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment
x86/srso: Fix build breakage with the LLVM linker
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/sev: Do not try to parse for the CC blob on non-AMD hardware
x86/speculation: Add cpu_show_gds() prototype
x86: Move gds_ucode_mitigated() declaration to header
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
iio: core: Prevent invalid memory access when there is no parent
interconnect: qcom: Add support for mask-based BCMs
interconnect: qcom: sm8450: add enable_mask for bcm nodes
selftests/rseq: Fix build with undefined __weak
selftests: forwarding: Add a helper to skip test when using veth pairs
selftests: forwarding: ethtool: Skip when using veth pairs
selftests: forwarding: ethtool_extended_state: Skip when using veth pairs
selftests: forwarding: hw_stats_l3_gre: Skip when using veth pairs
selftests: forwarding: Skip test when no interfaces are specified
selftests: forwarding: Switch off timeout
selftests: forwarding: tc_flower: Relax success criterion
net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
bpf, sockmap: Fix map type error in sock_map_del_link
bpf, sockmap: Fix bug that strp_done cannot be called
mISDN: Update parameter type of dsp_cmx_send()
macsec: use DEV_STATS_INC()
mptcp: fix the incorrect judgment for msk->cb_flags
net/packet: annotate data-races around tp->status
net/smc: Use correct buffer sizes when switching between TCP and SMC
tcp: add missing family to tcp_set_ca_state() tracepoint
tunnels: fix kasan splat when generating ipv4 pmtu error
xsk: fix refcount underflow in error path
bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
dccp: fix data-race around dp->dccps_mss_cache
drivers: net: prevent tun_build_skb() to exceed the packet size limit
drivers: vxlan: vnifilter: free percpu vni stats on error path
iavf: fix potential races for FDIR filters
IB/hfi1: Fix possible panic during hotplug remove
drm/rockchip: Don't spam logs in atomic check
wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
RDMA/umem: Set iova in ODP flow
net: tls: avoid discarding data on record close
net: marvell: prestera: fix handling IPv4 routes with nhid
net: phy: at803x: remove set/get wol callbacks for AR8032
net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove
net: hns3: refactor hclge_mac_link_status_wait for interface reuse
net: hns3: add wait until mac link down
net: hns3: fix deadlock issue when externel_lb and reset are executed together
nexthop: Fix infinite nexthop dump when using maximum nexthop ID
nexthop: Make nexthop bucket dump more efficient
nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID
net: hns3: fix strscpy causing content truncation issue
dmaengine: mcf-edma: Fix a potential un-allocated memory access
dmaengine: owl-dma: Modify mismatched function name
net/mlx5: Allow 0 for total host VFs
net/mlx5: LAG, Check correct bucket when modifying LAG
net/mlx5: Skip clock update work when device is in error state
net/mlx5: Reload auxiliary devices in pci error handlers
ibmvnic: Enforce stronger sanity checks on login response
ibmvnic: Unmap DMA login rsp buffer on send login fail
ibmvnic: Handle DMA unmapping of login buffs in release functions
ibmvnic: Do partial reset on login failure
ibmvnic: Ensure login failure recovery is safe from other resets
gpio: ws16c48: Fix off-by-one error in WS16C48 resource region extent
gpio: sim: mark the GPIO chip as a one that can sleep
btrfs: wait for actual caching progress during allocation
btrfs: don't stop integrity writeback too early
btrfs: properly clear end of the unreserved range in cow_file_range
btrfs: exit gracefully if reloc roots don't match
btrfs: reject invalid reloc tree root keys with stack dump
btrfs: set cache_block_group_error if we find an error
nvme-tcp: fix potential unbalanced freeze & unfreeze
nvme-rdma: fix potential unbalanced freeze & unfreeze
netfilter: nf_tables: report use refcount overflow
scsi: core: Fix legacy /proc parsing buffer overflow
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
scsi: ufs: renesas: Fix private allocation
scsi: 53c700: Check that command slot is not NULL
scsi: snic: Fix possible memory leak if device_add() fails
scsi: core: Fix possible memory leak if device_add() fails
scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
scsi: qedi: Fix firmware halt over suspend and resume
scsi: qedf: Fix firmware halt over suspend and resume
platform/x86: serial-multi-instantiate: Auto detect IRQ resource for CSC3551
ACPI: scan: Create platform device for CS35L56
alpha: remove __init annotation from exported page_is_ram()
sch_netem: fix issues in netem_change() vs get_dist_table()
drm/amd/pm/smu7: move variables to where they are used
Linux 6.1.46
Change-Id: I679c85c2fa9609364ba40c4d6e665447a67a87fd
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 6.1.45
io_uring: gate iowait schedule on having pending requests
perf: Fix function pointer case
net/mlx5: Free irqs only on shutdown callback
net: ipa: only reset hashed tables when supported
iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
iommu/arm-smmu-v3: Add explicit feature for nesting
iommu/arm-smmu-v3: Document nesting-related errata
arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl
arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl
arm64: dts: phycore-imx8mm: Label typo-fix of VPU
arm64: dts: phycore-imx8mm: Correction in gpio-line-names
arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
arm64: dts: freescale: Fix VPU G2 clock
firmware: smccc: Fix use of uninitialised results structure
lib/bitmap: workaround const_eval test build failure
firmware: arm_scmi: Fix chan_free cleanup on SMC
word-at-a-time: use the same return type for has_zero regardless of endianness
KVM: s390: fix sthyi error handling
erofs: fix wrong primary bvec selection on deduplicated extents
wifi: cfg80211: Fix return value in scan logic
net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups
net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set
net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
net: dsa: fix value check in bcm_sf2_sw_probe()
perf test uprobe_from_different_cu: Skip if there is no gcc
net: sched: cls_u32: Fix match key mis-addressing
mISDN: hfcpci: Fix potential deadlock on &hc->lock
qed: Fix scheduling in a tasklet while getting stats
net: annotate data-races around sk->sk_reserved_mem
net: annotate data-race around sk->sk_txrehash
net: annotate data-races around sk->sk_max_pacing_rate
net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
net: add missing READ_ONCE(sk->sk_sndbuf) annotation
net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
net: annotate data-races around sk->sk_mark
net: add missing data-race annotations around sk->sk_peek_off
net: add missing data-race annotation for sk_ll_usec
net: annotate data-races around sk->sk_priority
net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
ice: Fix RDMA VSI removal during queue rebuild
bpf, cpumap: Handle skb as well when clean up ptr_ring
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
net: ll_temac: fix error checking of irq_of_parse_and_map()
net: korina: handle clk prepare error in korina_probe()
net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
bnxt_en: Fix page pool logic for page size >= 64K
bnxt_en: Fix max_mtu setting for multi-buf XDP
net: dcb: choose correct policy to parse DCB_ATTR_BCN
s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
vxlan: Fix nexthop hash size
net/mlx5: fs_core: Make find_closest_ft more generic
net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
prestera: fix fallback to previous version on same major version
tcp_metrics: fix addr_same() helper
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
rust: allocator: Prevent mis-aligned allocation
scsi: zfcp: Defer fc_rport blocking until after ADISC response
scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
libceph: fix potential hang in ceph_osdc_notify()
USB: zaurus: Add ID for A-300/B-500/C-700
ceph: defer stopping mdsc delayed_work
firmware: arm_scmi: Drop OF node reference in the transport channel setup
exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
exfat: release s_lock before calling dir_emit()
mtd: spinand: toshiba: Fix ecc_get_status
mtd: rawnand: meson: fix OOB available bytes for ECC
bpf: Disable preemption in bpf_perf_event_output
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
net: tun_chr_open(): set sk_uid from current_fsuid()
net: tap_open(): set sk_uid from current_fsuid()
wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction
rbd: prevent busy loop when requesting exclusive lock
bpf: Disable preemption in bpf_event_output
powerpc/ftrace: Create a dummy stackframe to fix stack unwind
arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE
arm64/fpsimd: Clear SME state in the target task when setting the VL
arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems
open: make RESOLVE_CACHED correctly test for O_TMPFILE
drm/ttm: check null pointer before accessing when swapping
drm/i915: Fix premature release of request's reusable memory
drm/i915/gt: Cleanup aux invalidation registers
clk: imx93: Propagate correct error in imx93_clocks_probe()
bpf, cpumap: Make sure kthread is running before map update returns
file: reinstate f_pos locking optimization for regular files
mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
fs/sysv: Null check to prevent null-ptr-deref bug
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
debugobjects: Recheck debug_objects_enabled before reporting
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
fs: Protect reconfiguration of sb read-write from racing writes
ext2: Drop fragment support
btrfs: remove BUG_ON()'s in add_new_free_space()
f2fs: fix to do sanity check on direct node in truncate_dnode()
io_uring: annotate offset timeout races
mtd: rawnand: omap_elm: Fix incorrect type in assignment
mtd: rawnand: rockchip: fix oobfree offset and description
mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
powerpc/mm/altmap: Fix altmap boundary check
drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
drm/amd/display: Ensure that planes are in the same order
drm/amd/display: skip CLEAR_PAYLOAD_ID_TABLE if device mst_en is 0
selftests/rseq: Play nice with binaries statically linked against glibc 2.35+
f2fs: fix to set flush_merge opt and show noflush_merge
f2fs: don't reset unchangable mount option in f2fs_remount()
exfat: check if filename entries exceeds max filename length
arm64/ptrace: Don't enable SVE when setting streaming SVE
drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2
drm/amdgpu: Remove unnecessary domain argument
drm/amdgpu: Use apt name for FW reserved region
Revert "drm/i915: Disable DC states for all commits"
x86/CPU/AMD: Do not leak quotient data after a division by 0
Linux 6.1.45
Change-Id: Ic63af3f07f26c867c9fc361b2f7055dbc04143d2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6f7f984fa85b305799076a1bcec941b9377587de upstream.
Starting from SPR, the basic uncore PMON information is retrieved from
the discovery table (resides in an MMIO space populated by BIOS). It is
called the discovery method. The existing value of the type->num_boxes
is from the discovery table.
On some SPR variants, there is a firmware bug that makes the value from the
discovery table incorrect. We use the value from the
SPR_MSR_UNC_CBO_CONFIG MSR to replace the one from the discovery table:
38776cc45eb7 ("perf/x86/uncore: Correct the number of CHAs on SPR")
Unfortunately, the SPR_MSR_UNC_CBO_CONFIG isn't available for the EMR
XCC (Always returns 0), but the above firmware bug doesn't impact the
EMR XCC.
Don't let the value from the MSR replace the existing value from the
discovery table.
Fixes: 38776cc45eb7 ("perf/x86/uncore: Correct the number of CHAs on SPR")
Reported-by: Stephane Eranian <eranian@google.com>
Reported-by: Yunying Sun <yunying.sun@intel.com>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Yunying Sun <yunying.sun@intel.com>
Link: https://lore.kernel.org/r/20230905134248.496114-1-kan.liang@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3d7d72a34e05b23e21bafc8bfb861e73c86b31f3 upstream.
On large enclaves we hit the softlockup warning with following call trace:
xa_erase()
sgx_vepc_release()
__fput()
task_work_run()
do_exit()
The latency issue is similar to the one fixed in:
8795359e35 ("x86/sgx: Silence softlockup detection when releasing large enclaves")
The test system has 64GB of enclave memory, and all is assigned to a single VM.
Release of 'vepc' takes a longer time and causes long latencies, which triggers
the softlockup warning.
Add cond_resched() to give other tasks a chance to run and reduce
latencies, which also avoids the softlockup detector.
[ mingo: Rewrote the changelog. ]
Fixes: 540745ddbc ("x86/sgx: Introduce virtual EPC for use by KVM guests")
Reported-by: Yu Zhang <yu.zhang@ionos.com>
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Yu Zhang <yu.zhang@ionos.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Acked-by: Haitao Huang <haitao.huang@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4240e2ebe67941ce2c4f5c866c3af4b5ac7a0c67 upstream.
The Instruction Fetch (IF) units on current AMD Zen-based systems do not
guarantee a synchronous #MC is delivered for poison consumption errors.
Therefore, MCG_STATUS[EIPV|RIPV] will not be set. However, the
microarchitecture does guarantee that the exception is delivered within
the same context. In other words, the exact rIP is not known, but the
context is known to not have changed.
There is no architecturally-defined method to determine this behavior.
The Code Segment (CS) register is always valid on such IF unit poison
errors regardless of the value of MCG_STATUS[EIPV|RIPV].
Add a quirk to save the CS register for poison consumption from the IF
unit banks.
This is needed to properly determine the context of the error.
Otherwise, the severity grading function will assume the context is
IN_KERNEL due to the m->cs value being 0 (the initialized value). This
leads to unnecessary kernel panics on data poison errors due to the
kernel believing the poison consumption occurred in kernel context.
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230814200853.29258-1-yazen.ghannam@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ac3f9c9f1b37edaa7d1a9b908bc79d843955a1a2 upstream.
enc_dec_hypercall() accepted a page count instead of a size, which
forced its callers to round up. As a result, non-page aligned
vaddrs caused pages to be spuriously marked as decrypted via the
encryption status hypercall, which in turn caused consistent
corruption of pages during live migration. Live migration requires
accurate encryption status information to avoid migrating pages
from the wrong perspective.
Fixes: 064ce6c550 ("mm: x86: Invoke hypercall when page encryption status is changed")
Signed-off-by: Steve Rutherford <srutherford@google.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@amd.com>
Tested-by: Ben Hillier <bhillier@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230824223731.2055016-1-srutherford@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit c9f4c45c8ec3f07f4f083f9750032a1ec3eab6b2 ]
The Gather Data Sampling (GDS) vulnerability is common to all Skylake
processors. However, the "client" Skylakes* are now in this list:
https://www.intel.com/content/www/us/en/support/articles/000022396/processors.html
which means they are no longer included for new vulnerabilities here:
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
or in other GDS documentation. Thus, they were not included in the
original GDS mitigation patches.
Mark SKYLAKE and SKYLAKE_L as vulnerable to GDS to match all the
other Skylake CPUs (which include Kaby Lake). Also group the CPUs
so that the ones that share the exact same vulnerabilities are next
to each other.
Last, move SRBDS to the end of each line. This makes it clear at a
glance that SKYLAKE_X is unique. Of the five Skylakes, it is the
only "server" CPU and has a different implementation from the
clients of the "special register" hardware, making it immune to SRBDS.
This makes the diff much harder to read, but the resulting table is
worth it.
I very much appreciate the report from Michael Zhivich about this
issue. Despite what level of support a hardware vendor is providing,
the kernel very much needs an accurate and up-to-date list of
vulnerable CPUs. More reports like this are very welcome.
* Client Skylakes are CPUID 406E3/506E3 which is family 6, models
0x4E and 0x5E, aka INTEL_FAM6_SKYLAKE and INTEL_FAM6_SKYLAKE_L.
Reported-by: Michael Zhivich <mzhivich@akamai.com>
Fixes: 8974eb588283 ("x86/speculation: Add Gather Data Sampling mitigation")
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4ba2909638a29630a346d6c4907a3105409bee7d ]
This source file already includes <linux/miscdevice.h>, which contains
the same macro. It doesn't need to be defined here again.
Fixes: 874bcd00f5 ("apm-emulation: move APM_MINOR_DEV to include/linux/miscdevice.h")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: x86@kernel.org
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Corentin Labbe <clabbe.montjoie@gmail.com>
Reviewed-by: Sohil Mehta <sohil.mehta@intel.com>
Link: https://lore.kernel.org/r/20230728011120.759-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kan Liang
Greg Kroah-Hartman
cuiyangpei
Sean Christopherson
Borislav Petkov (AMD)
Ashwin Dayanand Kamat
Kirill A. Shutemov
Thomas Gleixner
Nikolay Borisov
Joerg Roedel
Koichiro Den
Juergen Gross
Haitao Shan
Tao Su
Maciej S. Szmigiero
Nicolas Saenz Julienne
Pu Wen
Roxana Nicolescu
Mike Rapoport (IBM)
Yazen Ghannam
Dionna Glaze
Yuntao Wang
Adam Dunlap
Alison Schofield
Josh Poimboeuf
David Howells
Maxim Levitsky
Tony Luck
Roman Kagan
Jim Mattson
JP Kobryn
Matthias Männich
Tom Lendacky
Breno Leitao
Sandipan Das
Paolo Bonzini
Haitao Huang
Rik van Riel
Bart Van Assche
Jiyong Park
Song Liu
Peter Zijlstra
Martin KaFai Lau
Jack Wang
Steve Rutherford
Dave Hansen
Randy Dunlap