722f6cc09c
41626 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Zhuguangqing
|
632ec01905 |
ANDROID: freezer: export the freezer_cgrp_subsys for GKI purpose.
Exporting the symbol freezer_cgrp_subsys, in that vendor module can add can_attach & cancel_attach member function. It is vendor-specific tuning. Bug: 182496370 Bug: 281920779 Signed-off-by: Zhuguangqing <zhuguangqing@xiaomi.com> Change-Id: I153682b9d1015eed3f048b45ea6495ebb8f3c261 (cherry picked from commit ee3f4d2821f5b2a794f0a1f5ed423f561a01adae) (cherry picked from commit 8a90e4d4e555dd5484213c6fec5061958016a194) |
||
|
Zhuguangqing
|
bf4922727c |
ANDROID: Add vendor hooks to signal.
This hook will allow us to get signal messages so that we can set limitations for certain tasks and restore them when receiving important signals. Bug: 184898838 Bug: 281920779 Signed-off-by: Zhuguangqing <zhuguangqing@xiaomi.com> Change-Id: I83a28b0a6eb413976f4c57f2314d008ad792fa0d (cherry picked from commit 58e3f869fc3fe84fb7062496ccd049db47f3ed7f) |
||
Greg Kroah-Hartman
|
dec77ff4b5 |
Merge b1644a0031 ("drm/rockchip: vop2: Use regcache_sync() to fix suspend/resume") into android14-6.1
Steps on the way to 6.1.26 Change-Id: I76647cf6aaf4db218b2013de08a01cd9d11b0bb3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Liujie Xie
|
44337937b1 |
ANDROID: vendor_hooks: Export the tracepoints sched_stat_sleep
and sched_waking to let module probe them Get task info about sleep and waking Bug: 190422437 Signed-off-by: Liujie Xie <xieliujie@oppo.com> Change-Id: I828c93f531f84e6133c2c3a7f8faada51683afcf (cherry picked from commit 13af062abf9b3586623adf7c3cdc5ced7bb5caed) (cherry picked from commit 869954e72dac700580d0ea5734d07b574e41afe9) (cherry picked from commit b7f527071c7716c1cc8dfea79353a0f00cec89d8) |
||
|
Liujie Xie
|
527ffd22ad |
ANDROID: vendor_hooks: Export the tracepoints sched_stat_iowait, sched_stat_blocked, sched_stat_wait to let modules probe them
Get task info about scheduling delay, iowait, and block time. It is used to get thread scheduling info when thread happened abnormal situation. Bug: 189415303 Change-Id: Ib6b548f8a78de5b26d555e9a89e3cc79ea2d1024 Signed-off-by: Liujie Xie <xieliujie@oppo.com> (cherry picked from commit a6bb1af39d11ef0360cb34bb31b7224ca4db031f) (cherry picked from commit 6d8d2ab52facfd6d5de2715e2470872e6a70cf22) (cherry picked from commit c3c29177681354b815763c3592e227b2288f341d) |
||
zhengding chen
|
1ffd1a1c55 |
ANDROID: workqueue: export symbol of the function wq_worker_comm()
Export symbol of the function wq_worker_comm() in kernel/workqueue.c for dlkm to get the description of the kworker process. It is used to get the description when kworker thread happened abnormal situation. Bug: 208394207 Signed-off-by: zhengding chen <chenzhengding@oppo.com> Change-Id: I2e7ddd52a15e22e99e6596f16be08243af1bb473 (cherry picked from commit 28de74186185e339123c86984729818d0d2d7f43) (cherry picked from commit 87e0e98c25ba8e121975708943335e3abad651d9) (cherry picked from commit 38a713dc80959bd855580a51b75654fb6fe9a5dd) |
||
John Stultz
|
da126f8d02 |
FROMGIT: locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers
Apparently despite it being marked inline, the compiler
may not inline __down_read_common() which makes it difficult
to identify the cause of lock contention, as the blocked
function in traceevents will always be listed as
__down_read_common().
So this patch adds __always_inline annotation to the common
function (as well as the inlined helper callers) to force it to
be inlined so the blocking function will be listed (via Wchan)
in traceevents.
Fixes:
|
||
lijianzhong
|
8947e06ff7 |
ANDROID: cgroup: Add vendor hook for cpuset.
This hook allows us to capture information when a process is forked so that we can stat and set some key task's CPU affinity in the ko module later. This patch, along with aosp/2548175, is necessary for our affinity settings. Bug: 183674818 Signed-off-by: lijianzhong <lijianzhong@xiaomi.com> Change-Id: Ib93e05e5f6c338c5f7ada56bfebdd705f87f1f66 (cherry picked from commit a188361628461c58a4dfc72869d9acb1dfa2542f) |
||
|
lijianzhong
|
2e85c6c0fa |
ANDROID: export cpuset_cpus_allowed()for GKI purpose.
Exporting the symbol cpuset_cpus_allowed() so that we can adjust a certain type of application's CPU affinity in vendor hooks according to our tuning policy. Related commit: aosp/2548175 Bug: 189725786 Signed-off-by: lijianzhong <lijianzhong@xiaomi.com> Change-Id: I7919a893ab64bb441ab43cbb0b16825ed76d802d (cherry picked from commit 5a7d01ed73e4fc812fda1d7288086dc73a283405) |
||
|
lijianzhong
|
8979a0b16a |
ANDROID: sched: Add vendor hooks for cpu affinity.
Add vendor hooks for CPU affinity to support OEM's tuning policy, where we can block or unblock a certain type of application's CPU affinity. Bug: 183674818 Signed-off-by: lijianzhong <lijianzhong@xiaomi.com> Change-Id: I3402abec4d9faa08f564409bfb8db8d7902f3aa2 (cherry picked from commit 7cf9646c245fdc63e2a3c9fad457c11fabdd2dfc) |
||
|
xieliujie
|
22fd6b3625 |
ANDROID: vendor_hooks: Add hooks for futex
We want to use this hook to record the sleeping time due to Futex Bug: 210947226 Signed-off-by: Liujie Xie <xieliujie@oppo.com> Change-Id: I637f889dce42937116d10979e0c40fddf96cd1a2 (cherry picked from commit a7ab784f601a93a78c1c22cd0aacc2af64d8e3c8) |
||
|
xieliujie
|
16f2ad77c7 |
ANDROID: vendor_hooks: Add hooks for oem futex optimization
If an important task is going to sleep through do_futex(),
find out it's futex-owner by the pid comes from userspace,
and boost the owner by some means to shorten the sleep time.
How to boost? Depends on these hooks:
commit 53e809978443 ("ANDROID: vendor_hooks: Add hooks for scheduler")
Bug: 243110112
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: I9a315cfb414fd34e0ef7a2cf9d57df50d4dd984f
(cherry picked from commit 548da5d23d98b796cf9a478675622a606b3307c8)
|
||
heshuai1
|
0ea0d6a7a2 |
ANDROID: power: Add vendor hook to qos for GKI purpose.
Add vendor hooks in add/update/remove frequency QoS request process to ensure that we can access the OEM's "frequency watchdog" logic for abnormal frequency monitoring. This is necessary for our power tuning policy. Bug: 187458531 Signed-off-by: heshuai1 <heshuai1@xiaomi.com> Change-Id: I1fb8fd6134432ecfb44ad242c66ccd8280ab9b43 (cherry picked from commit c445fe4dc67ad74dacfa548bc78876a7ce057086) |
||
|
lijianzhong
|
c22b82c2e4 |
ANDROID: export find_user() & free_uid()for GKI purpose.
Exporting the symbols find_user() & free_uid() to access user task information in ko module for monitoring and optimization purposes. This is a necessary component of our scheduling policy. Bug: 183674818 Signed-off-by: lijianzhong <lijianzhong@xiaomi.com> Change-Id: I12135c0af312904dd21b6f074beda086ad5ece98 (cherry picked from commit 16350016d8a3678da5012343ca00fa9918340c83) (cherry picked from commit eec2cd3df3aa2d92136658d3619dc5142155c7d4) |
||
|
heshuai1
|
4b87d7254b |
ANDROID: user: Add vendor hook to user for GKI purpose
In order to implement our scheduling tuning policy in certain cases, we need to initialize the variables that we have defined in the user_struct. To achieve this, we will add a vendor hook to user.c at alloc_uid, which will ensure that our own logic is executed during the initialization of the user_struct. Bug: 187458531 Signed-off-by: heshuai1 <heshuai1@xiaomi.com> Change-Id: I078484aac2c3d396aba5971d6d0f491652f3781c (cherry picked from commit c9b8fa644f45e9c99da85d8947f6c7e06771f205) (cherry picked from commit 9ac0923ef565e4de4e1f35edcba6fcb7e45948c9) |
||
|
lijianzhong
|
e273916482 |
ANDROID: sched: add trace_android_vh_map_util_freq parameter
Add "cpufreq_policy" and "need_freq_update" parameters to the vendor hook to enable frequency calculation in certain special cases related to OEM's frequency tuning policy. Bug: 183674818 Signed-off-by: lijianzhong <lijianzhong@xiaomi.com> Change-Id: I232d2e1ae885d6736eca9e4709870f4272b4873d |
||
Chun-Hung Wu
|
c451105379 |
FROMLIST: time/sched_clock: Export sched_clock_register()
clocksource driver may use sched_clock_register() to resigter itself as a sched_clock source. Export it to support building such driver as module, like timer-mediatek.c Link: https://lore.kernel.org/lkml/20230421034649.15247-5-walter.chang@mediatek.com/T/ Bug: 161675989 Change-Id: Ib052d1fd7ccf6a7422eb6f1755515e1236285e01 Signed-off-by: Chun-Hung Wu <chun-hung.wu@mediatek.com> |
||
|
Greg Kroah-Hartman
|
d31ed3d059 |
Merge 55fba69fbf ("rust: kernel: Mark rust_fmt_argument as extern "C"") into android14-6.1
Steps on the way to 6.1.26 Change-Id: Idedac255abf3273edfdc8e1c3a88cc97c7af1f41 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Liujie Xie
|
e80c937cd0 |
ANDROID: vendor_hooks: Add hooks for rwsem and mutex
Add hooks to apply oem's optimization of rwsem and mutex Bug: 182237112 Signed-off-by: xieliujie <xieliujie@oppo.com> (cherry picked from commit 80b4341d0520dce2ef1e33aef06c6a2bc8ada518) Signed-off-by: xieliujie <xieliujie@oppo.com> Change-Id: I36895c432e5b6d6bff8781b4a7872badb693284c Signed-off-by: Carlos Llamas <cmllamas@google.com> [cmllamas: completes the cherry-pick of original commit 80b4341d0520 since commit 0902cc73b793 was only partial] (cherry picked from commit d4528a28cb5be0c322031f333a6230fa3042931f) |
||
|
Liujie Xie
|
eb74e5b3fe |
ANDROID: vendor_hooks: Add hooks for mutex and rwsem optimistic spin
These hooks help us do the following things: a) Record the number of mutex and rwsem optimistic spin. b) Monitor the time of mutex and rwsem optimistic spin. c) Make it possible if oems don't want mutex and rwsem to optimistic spin for a long time. Bug: 267565260 Change-Id: I2bee30fb17946be85e026213b481aeaeaee2459f Signed-off-by: Liujie Xie <xieliujie@oppo.com> (cherry picked from commit d01f7e1269d2651768a0bd91a88f76339a1cb427) (cherry picked from commit 05b5ff11ad98c5896b352b4c376a84b63684e06c) |
||
|
xieliujie
|
86c4152970 |
ANDROID: vendor_hooks: Add hooks for rwsem and mutex
Add hooks to apply oem's optimization of rwsem and mutex Bug: 182237112 Signed-off-by: xieliujie <xieliujie@oppo.com> Change-Id: I6332623732e2d6826b8b61087ca74e55393e0c3d (cherry picked from commit 0902cc73b793f8b8cc2a80943d85d4ca9b98278b) Signed-off-by: Carlos Llamas <cmllamas@google.com> |
||
Peifeng Li
|
6c1c1552e6 |
ANDROID: vendor_hook: add hooks to protect locking-tsk in cpu scheduler
Providing vendor hooks to record the start time of holding the lock, which protects rwsem/mutex locking-process from being preemptedfor a short time in some cases. - android_vh_record_mutex_lock_starttime - android_vh_record_rtmutex_lock_starttime - android_vh_record_rwsem_lock_starttime - android_vh_record_pcpu_rwsem_starttime Bug: 241191475 Signed-off-by: Peifeng Li <lipeifeng@oppo.com> Change-Id: I0e967a1e8b77c32a1ad588acd54028fae2f90c4e (cherry picked from commit f7294947672eb6b786f3c16b49e71e6a239101ad) |
||
Sudarshan Rajagopalan
|
dd29657536 |
FROMLIST: ANDROID: GKI: psi: remove 500ms min window size limitation for triggers
Current 500ms min window size for psi triggers limits polling interval to 50ms to prevent polling threads from using too much cpu bandwidth by polling too frequently. However the number of cgroups with triggers is unlimited, so this protection can be defeated by creating multiple cgroups with psi triggers (triggers in each cgroup are served by a single "psimon" kernel thread). Instead of limiting min polling period, which also limits the latency of psi events, it's better to limit psi trigger creation to authorized users only, like we do for system-wide psi triggers (/proc/pressure/* files can be written only by processes with CAP_SYS_RESOURCE capability). This also makes access rules for cgroup psi files consistent with system-wide ones. Add a CAP_SYS_RESOURCE capability check for cgroup psi file writers and remove the psi window min size limitation. Bug: 269247660 Change-Id: I8876aa306cf2ba5acdf4daa5a5eff0665537bfeb Suggested-by: Sudarshan Rajagopalan <quic_sudaraja@quicinc.com> Link: https://lore.kernel.org/all/20230303011346.3342233-1-surenb@google.com/ Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Sudarshan Rajagopalan <quic_sudaraja@quicinc.com> Signed-off-by: Georgi Djakov <quic_c_gdjako@quicinc.com> |
||
Isaac J. Manjarres
|
0f690b56fe |
ANDROID: iommu/dma: Add support for DMA_ATTR_SYS_CACHE_NWA
IOMMU_SYS_CACHE_NWA allows buffers for non-coherent devices to be mapped with the correct memory attributes so that the buffers can be cached in the system cache, with a no write allocate cache policy. However, this property is only usable by drivers that invoke the IOMMU API directly; it is not usable by drivers that use the DMA API. Thus, introduce DMA_ATTR_SYS_CACHE_NWA, so that drivers for non-coherent devices that use the DMA API can use it to specify if they want a buffer to be cached in the system cache. Bug: 189339242 Change-Id: Ic812a1fb144a58deb4279c2bf121fc6cc4c3b208 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> Signed-off-by: Georgi Djakov <quic_c_gdjako@quicinc.com> |
||
|
Isaac J. Manjarres
|
ed46a5c09b |
ANDROID: iommu/dma: Add support for DMA_ATTR_SYS_CACHE
IOMMU_SYS_CACHE allows buffers for non-coherent devices to be mapped with the correct memory attributes so that the buffers can be cached in the system cache. However, this property is only usable by drivers that invoke the IOMMU API directly; it is not usable by drivers that use the DMA API. Thus, introduce DMA_ATTR_SYS_CACHE, so that drivers for non-coherent devices that use the DMA API can use it to specify if they want a buffer to be cached in the system cache. Bug: 189339242 Change-Id: I849d7a3f36b689afd2f6ee400507223fd6395158 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> Signed-off-by: Georgi Djakov <quic_c_gdjako@quicinc.com> |
||
Yun Hsiang
|
b77eeebb3c |
ANDROID: schedutil: add vendor hook for adjusting util to freq calculation
Currently, the frequency is calculated by max freq * 1.25 * util / max cap.
Add a vendor hook to adjust the frequency when the calculation
overestimate.
android_vh_map_util_freq
adjust util to freq calculation
Bug: 177845439
Signed-off-by: Yun Hsiang <yun.hsiang@mediatek.com>
Change-Id: I9aa9079f00af7d3380b19f2fe21b75cddd107d15
(cherry picked from commit 3122e3ec9672036384304fdeaa1b1815f60ba817)
(cherry picked from commit
|
||
|
Greg Kroah-Hartman
|
55e4f0c551 |
This is the 6.1.25 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRBFW0ACgkQONu9yGCS
aT7Jew//Ytw9+JQ71LT1TuJnQ1GayJOL1BW5hgxoYgnBFasWDwsGA9rzHs6KHqHb
0Vjk7MX7VZB+6zWakOxY5CFVM33J4fS7wY8WE2bj8X3QQhD/J0HQDMdELvSBi3qF
7xI6sghEQEwOuwAj2+CBqm/q7rA5FTnO1QgJuk/AKJ6PHGRiQeZ7q1zGpFvSaj7S
cyKvY99RsjnUN+PYk4LE2+u/6DVCqiWYVDQrdjalb9zsrXg4+nmPH6ZJzZX8+bbM
eM0xAR675V8TXqDi+8bj7tWmiS52XyjYF3Q/bu9BmU67DqslH9FFyVQxhgTHUZpN
qWXkojEU2djIc3qt7T/bpZS/vD8Kg3Px1CgyIRN8Y5SlZfhZyqVdTZ4AQCtJuLQJ
wDIdQCLlGzzDNFvbD+LdfJSjZt7Ig1sM/HwtPZhUA9yF0FN1XV3dcESzCOeI0/S7
ohRh8cs1sidnxrbvVwiVNENSqbJD7G9/9vVjIfyfcnt57q+fs6xCBhpOyNoVOp74
I5i6ALMcVZoAB50vDjnoGZsSRe9W2AmOV6UMIkVCvRCWYFqBpgVftMTAACNyljni
UlXmO7aDQj+nbHD/auclFtU02oHQbk62FSrwoWMFS090zWztQqUhgRY7Qnl13yCM
poEvrKlskXhvunsNtdVmI5O3N2GANWKgGwkyFIiXvgxKkw1qpUo=
=zeN9
-----END PGP SIGNATURE-----
Merge 6.1.25 into android14-6.1
Changes in 6.1.25
Revert "pinctrl: amd: Disable and mask interrupts on resume"
drm/amd/display: Pass the right info to drm_dp_remove_payload
ALSA: emu10k1: fix capture interrupt handler unlinking
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
ALSA: emu10k1: don't create old pass-through playback device on Audigy
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
ALSA: hda/hdmi: disable KAE for Intel DG2
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
Bluetooth: Fix race condition in hidp_session_thread
bluetooth: btbcm: Fix logic error in forming the board name.
Bluetooth: Free potentially unfreed SCO connection
Bluetooth: hci_conn: Fix possible UAF
btrfs: restore the thread_pool= behavior in remount for the end I/O workqueues
btrfs: fix fast csum implementation detection
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
mtdblock: tolerate corrected bit-flips
mtd: rawnand: meson: fix bitmask for length in command word
mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
KVM: arm64: PMU: Restore the guest's EL0 event counting after migration
fbcon: Fix error paths in set_con2fb_map
fbcon: set_con2fb_map needs to set con2fb_map!
drm/i915/dsi: fix DSS CTL register offsets for TGL+
clk: sprd: set max_register according to mapping range
RDMA/irdma: Do not generate SW completions for NOPs
RDMA/irdma: Fix memory leak of PBLE objects
RDMA/irdma: Increase iWARP CM default rexmit count
RDMA/irdma: Add ipv4 check to irdma_find_listener()
IB/mlx5: Add support for 400G_8X lane speed
RDMA/erdma: Update default EQ depth to 4096 and max_send_wr to 8192
RDMA/erdma: Inline mtt entries into WQE if supported
RDMA/erdma: Defer probing if netdevice can not be found
clk: rs9: Fix suspend/resume
RDMA/cma: Allow UD qp_type to join multicast only
bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp
LoongArch, bpf: Fix jit to skip speculation barrier opcode
dmaengine: apple-admac: Handle 'global' interrupt flags
dmaengine: apple-admac: Set src_addr_widths capability
dmaengine: apple-admac: Fix 'current_tx' not getting freed
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
bpf, arm64: Fixed a BTI error on returning to patched function
KVM: arm64: Initialise hypervisor copies of host symbols unconditionally
KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs
niu: Fix missing unwind goto in niu_alloc_channels()
tcp: restrict net.ipv4.tcp_app_win
bonding: fix ns validation on backup slaves
iavf: refactor VLAN filter states
iavf: remove active_cvlans and active_svlans bitmaps
net: openvswitch: fix race on port output
Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure
Bluetooth: Fix printing errors if LE Connection times out
Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt
Bluetooth: Set ISO Data Path on broadcast sink
drm/armada: Fix a potential double free in an error handling path
qlcnic: check pci_reset_function result
net: wwan: iosm: Fix error handling path in ipc_pcie_probe()
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
sctp: fix a potential overflow in sctp_ifwdtsn_skip
RDMA/core: Fix GID entry ref leak when create_ah fails
selftests: openvswitch: adjust datapath NL message declaration
udp6: fix potential access to stale information
net: macb: fix a memory corruption in extended buffer descriptor mode
skbuff: Fix a race between coalescing and releasing SKBs
libbpf: Fix single-line struct definition output in btf_dump
ARM: 9290/1: uaccess: Fix KASAN false-positives
ARM: dts: qcom: apq8026-lg-lenok: add missing reserved memory
power: supply: rk817: Fix unsigned comparison with less than zero
power: supply: cros_usbpd: reclassify "default case!" as debug
power: supply: axp288_fuel_gauge: Added check for negative values
selftests/bpf: Fix progs/find_vma_fail1.c build error.
wifi: mwifiex: mark OF related data as maybe unused
i2c: imx-lpi2c: clean rx/tx buffers upon new message
i2c: hisi: Avoid redundant interrupts
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
block: ublk_drv: mark device as LIVE before adding disk
ACPI: video: Add backlight=native DMI quirk for Acer Aspire 3830TG
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
hwmon: (peci/cputemp) Fix miscalculated DTS for SKX
hwmon: (xgene) Fix ioremap and memremap leak
verify_pefile: relax wrapper length check
asymmetric_keys: log on fatal failures in PE/pkcs7
nvme: send Identify with CNS 06h only to I/O controllers
wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
wifi: iwlwifi: mvm: protect TXQ list manipulation
drm/amdgpu: add mes resume when do gfx post soft reset
drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs
drm/amdgpu/gfx: set cg flags to enter/exit safe mode
ACPI: resource: Add Medion S17413 to IRQ override quirk
x86/hyperv: Move VMCB enlightenment definitions to hyperv-tlfs.h
KVM: selftests: Move "struct hv_enlightenments" to x86_64/svm.h
KVM: SVM: Add a proper field for Hyper-V VMCB enlightenments
x86/hyperv: KVM: Rename "hv_enlightenments" to "hv_vmcb_enlightenments"
KVM: SVM: Flush Hyper-V TLB when required
tracing: Add trace_array_puts() to write into instance
tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance
maple_tree: fix write memory barrier of nodes once dead for RCU mode
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
riscv: add icache flush for nommu sigreturn trampoline
HID: intel-ish-hid: Fix kernel panic during warm reset
net: sfp: initialize sfp->i2c_block_size at sfp allocation
net: phy: nxp-c45-tja11xx: add remove callback
net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
scsi: ses: Handle enclosure with just a primary component gracefully
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
cgroup: fix display of forceidle time at root
cgroup/cpuset: Fix partition root's cpuset.cpus update bug
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings
drm/amd/pm: correct SMU13.0.7 max shader clock reporting
mptcp: use mptcp_schedule_work instead of open-coding it
mptcp: stricter state check in mptcp_worker
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
ubi: Fix deadlock caused by recursively holding work_sem
i2c: mchp-pci1xxxx: Update Timing registers
powerpc/papr_scm: Update the NUMA distance table for the target node
sched/fair: Fix imbalance overflow
x86/rtc: Remove __init for runtime functions
i2c: ocores: generate stop condition after timeout in polling mode
cifs: fix negotiate context parsing
nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN
nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD
cgroup/cpuset: Skip spread flags update on v2
cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
Linux 6.1.25
Change-Id: Ib4d2c49ea9bacb8d8dbdb7b3a4eecce937016427
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Ondrej Mosnacek
|
ec90129b91 |
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
commit 659c0ce1cb9efc7f58d380ca4bb2a51ae9e30553 upstream.
Linux Security Modules (LSMs) that implement the "capable" hook will
usually emit an access denial message to the audit log whenever they
"block" the current task from using the given capability based on their
security policy.
The occurrence of a denial is used as an indication that the given task
has attempted an operation that requires the given access permission, so
the callers of functions that perform LSM permission checks must take care
to avoid calling them too early (before it is decided if the permission is
actually needed to perform the requested operation).
The __sys_setres[ug]id() functions violate this convention by first
calling ns_capable_setid() and only then checking if the operation
requires the capability or not. It means that any caller that has the
capability granted by DAC (task's capability set) but not by MAC (LSMs)
will generate a "denied" audit record, even if is doing an operation for
which the capability is not required.
Fix this by reordering the checks such that ns_capable_setid() is checked
last and -EPERM is returned immediately if it returns false.
While there, also do two small optimizations:
* move the capability check before prepare_creds() and
* bail out early in case of a no-op.
Link: https://lkml.kernel.org/r/20230217162154.837549-1-omosnace@redhat.com
Fixes:
|
||
Daniel Borkmann
|
89603f4c91 |
bpf: Fix incorrect verifier pruning due to missing register precision taints
[ Upstream commit 71b547f561247897a0a14f3082730156c0533fed ]
Juan Jose et al reported an issue found via fuzzing where the verifier's
pruning logic prematurely marks a program path as safe.
Consider the following program:
0: (b7) r6 = 1024
1: (b7) r7 = 0
2: (b7) r8 = 0
3: (b7) r9 = -2147483648
4: (97) r6 %= 1025
5: (05) goto pc+0
6: (bd) if r6 <= r9 goto pc+2
7: (97) r6 %= 1
8: (b7) r9 = 0
9: (bd) if r6 <= r9 goto pc+1
10: (b7) r6 = 0
11: (b7) r0 = 0
12: (63) *(u32 *)(r10 -4) = r0
13: (18) r4 = 0xffff888103693400 // map_ptr(ks=4,vs=48)
15: (bf) r1 = r4
16: (bf) r2 = r10
17: (07) r2 += -4
18: (85) call bpf_map_lookup_elem#1
19: (55) if r0 != 0x0 goto pc+1
20: (95) exit
21: (77) r6 >>= 10
22: (27) r6 *= 8192
23: (bf) r1 = r0
24: (0f) r0 += r6
25: (79) r3 = *(u64 *)(r0 +0)
26: (7b) *(u64 *)(r1 +0) = r3
27: (95) exit
The verifier treats this as safe, leading to oob read/write access due
to an incorrect verifier conclusion:
func#0 @0
0: R1=ctx(off=0,imm=0) R10=fp0
0: (b7) r6 = 1024 ; R6_w=1024
1: (b7) r7 = 0 ; R7_w=0
2: (b7) r8 = 0 ; R8_w=0
3: (b7) r9 = -2147483648 ; R9_w=-2147483648
4: (97) r6 %= 1025 ; R6_w=scalar()
5: (05) goto pc+0
6: (bd) if r6 <= r9 goto pc+2 ; R6_w=scalar(umin=18446744071562067969,var_off=(0xffffffff00000000; 0xffffffff)) R9_w=-2147483648
7: (97) r6 %= 1 ; R6_w=scalar()
8: (b7) r9 = 0 ; R9=0
9: (bd) if r6 <= r9 goto pc+1 ; R6=scalar(umin=1) R9=0
10: (b7) r6 = 0 ; R6_w=0
11: (b7) r0 = 0 ; R0_w=0
12: (63) *(u32 *)(r10 -4) = r0
last_idx 12 first_idx 9
regs=1 stack=0 before 11: (b7) r0 = 0
13: R0_w=0 R10=fp0 fp-8=0000????
13: (18) r4 = 0xffff8ad3886c2a00 ; R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
15: (bf) r1 = r4 ; R1_w=map_ptr(off=0,ks=4,vs=48,imm=0) R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
16: (bf) r2 = r10 ; R2_w=fp0 R10=fp0
17: (07) r2 += -4 ; R2_w=fp-4
18: (85) call bpf_map_lookup_elem#1 ; R0=map_value_or_null(id=1,off=0,ks=4,vs=48,imm=0)
19: (55) if r0 != 0x0 goto pc+1 ; R0=0
20: (95) exit
from 19 to 21: R0=map_value(off=0,ks=4,vs=48,imm=0) R6=0 R7=0 R8=0 R9=0 R10=fp0 fp-8=mmmm????
21: (77) r6 >>= 10 ; R6_w=0
22: (27) r6 *= 8192 ; R6_w=0
23: (bf) r1 = r0 ; R0=map_value(off=0,ks=4,vs=48,imm=0) R1_w=map_value(off=0,ks=4,vs=48,imm=0)
24: (0f) r0 += r6
last_idx 24 first_idx 19
regs=40 stack=0 before 23: (bf) r1 = r0
regs=40 stack=0 before 22: (27) r6 *= 8192
regs=40 stack=0 before 21: (77) r6 >>= 10
regs=40 stack=0 before 19: (55) if r0 != 0x0 goto pc+1
parent didn't have regs=40 stack=0 marks: R0_rw=map_value_or_null(id=1,off=0,ks=4,vs=48,imm=0) R6_rw=P0 R7=0 R8=0 R9=0 R10=fp0 fp-8=mmmm????
last_idx 18 first_idx 9
regs=40 stack=0 before 18: (85) call bpf_map_lookup_elem#1
regs=40 stack=0 before 17: (07) r2 += -4
regs=40 stack=0 before 16: (bf) r2 = r10
regs=40 stack=0 before 15: (bf) r1 = r4
regs=40 stack=0 before 13: (18) r4 = 0xffff8ad3886c2a00
regs=40 stack=0 before 12: (63) *(u32 *)(r10 -4) = r0
regs=40 stack=0 before 11: (b7) r0 = 0
regs=40 stack=0 before 10: (b7) r6 = 0
25: (79) r3 = *(u64 *)(r0 +0) ; R0_w=map_value(off=0,ks=4,vs=48,imm=0) R3_w=scalar()
26: (7b) *(u64 *)(r1 +0) = r3 ; R1_w=map_value(off=0,ks=4,vs=48,imm=0) R3_w=scalar()
27: (95) exit
from 9 to 11: R1=ctx(off=0,imm=0) R6=0 R7=0 R8=0 R9=0 R10=fp0
11: (b7) r0 = 0 ; R0_w=0
12: (63) *(u32 *)(r10 -4) = r0
last_idx 12 first_idx 11
regs=1 stack=0 before 11: (b7) r0 = 0
13: R0_w=0 R10=fp0 fp-8=0000????
13: (18) r4 = 0xffff8ad3886c2a00 ; R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
15: (bf) r1 = r4 ; R1_w=map_ptr(off=0,ks=4,vs=48,imm=0) R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
16: (bf) r2 = r10 ; R2_w=fp0 R10=fp0
17: (07) r2 += -4 ; R2_w=fp-4
18: (85) call bpf_map_lookup_elem#1
frame 0: propagating r6
last_idx 19 first_idx 11
regs=40 stack=0 before 18: (85) call bpf_map_lookup_elem#1
regs=40 stack=0 before 17: (07) r2 += -4
regs=40 stack=0 before 16: (bf) r2 = r10
regs=40 stack=0 before 15: (bf) r1 = r4
regs=40 stack=0 before 13: (18) r4 = 0xffff8ad3886c2a00
regs=40 stack=0 before 12: (63) *(u32 *)(r10 -4) = r0
regs=40 stack=0 before 11: (b7) r0 = 0
parent didn't have regs=40 stack=0 marks: R1=ctx(off=0,imm=0) R6_r=P0 R7=0 R8=0 R9=0 R10=fp0
last_idx 9 first_idx 9
regs=40 stack=0 before 9: (bd) if r6 <= r9 goto pc+1
parent didn't have regs=40 stack=0 marks: R1=ctx(off=0,imm=0) R6_rw=Pscalar() R7_w=0 R8_w=0 R9_rw=0 R10=fp0
last_idx 8 first_idx 0
regs=40 stack=0 before 8: (b7) r9 = 0
regs=40 stack=0 before 7: (97) r6 %= 1
regs=40 stack=0 before 6: (bd) if r6 <= r9 goto pc+2
regs=40 stack=0 before 5: (05) goto pc+0
regs=40 stack=0 before 4: (97) r6 %= 1025
regs=40 stack=0 before 3: (b7) r9 = -2147483648
regs=40 stack=0 before 2: (b7) r8 = 0
regs=40 stack=0 before 1: (b7) r7 = 0
regs=40 stack=0 before 0: (b7) r6 = 1024
19: safe
frame 0: propagating r6
last_idx 9 first_idx 0
regs=40 stack=0 before 6: (bd) if r6 <= r9 goto pc+2
regs=40 stack=0 before 5: (05) goto pc+0
regs=40 stack=0 before 4: (97) r6 %= 1025
regs=40 stack=0 before 3: (b7) r9 = -2147483648
regs=40 stack=0 before 2: (b7) r8 = 0
regs=40 stack=0 before 1: (b7) r7 = 0
regs=40 stack=0 before 0: (b7) r6 = 1024
from 6 to 9: safe
verification time 110 usec
stack depth 4
processed 36 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 2
The verifier considers this program as safe by mistakenly pruning unsafe
code paths. In the above func#0, code lines 0-10 are of interest. In line
0-3 registers r6 to r9 are initialized with known scalar values. In line 4
the register r6 is reset to an unknown scalar given the verifier does not
track modulo operations. Due to this, the verifier can also not determine
precisely which branches in line 6 and 9 are taken, therefore it needs to
explore them both.
As can be seen, the verifier starts with exploring the false/fall-through
paths first. The 'from 19 to 21' path has both r6=0 and r9=0 and the pointer
arithmetic on r0 += r6 is therefore considered safe. Given the arithmetic,
r6 is correctly marked for precision tracking where backtracking kicks in
where it walks back the current path all the way where r6 was set to 0 in
the fall-through branch.
Next, the pruning logics pops the path 'from 9 to 11' from the stack. Also
here, the state of the registers is the same, that is, r6=0 and r9=0, so
that at line 19 the path can be pruned as it is considered safe. It is
interesting to note that the conditional in line 9 turned r6 into a more
precise state, that is, in the fall-through path at the beginning of line
10, it is R6=scalar(umin=1), and in the branch-taken path (which is analyzed
here) at the beginning of line 11, r6 turned into a known const r6=0 as
r9=0 prior to that and therefore (unsigned) r6 <= 0 concludes that r6 must
be 0 (**):
[...] ; R6_w=scalar()
9: (bd) if r6 <= r9 goto pc+1 ; R6=scalar(umin=1) R9=0
[...]
from 9 to 11: R1=ctx(off=0,imm=0) R6=0 R7=0 R8=0 R9=0 R10=fp0
[...]
The next path is 'from 6 to 9'. The verifier considers the old and current
state equivalent, and therefore prunes the search incorrectly. Looking into
the two states which are being compared by the pruning logic at line 9, the
old state consists of R6_rwD=Pscalar() R9_rwD=0 R10=fp0 and the new state
consists of R1=ctx(off=0,imm=0) R6_w=scalar(umax=18446744071562067968)
R7_w=0 R8_w=0 R9_w=-2147483648 R10=fp0. While r6 had the reg->precise flag
correctly set in the old state, r9 did not. Both r6'es are considered as
equivalent given the old one is a superset of the current, more precise one,
however, r9's actual values (0 vs 0x80000000) mismatch. Given the old r9
did not have reg->precise flag set, the verifier does not consider the
register as contributing to the precision state of r6, and therefore it
considered both r9 states as equivalent. However, for this specific pruned
path (which is also the actual path taken at runtime), register r6 will be
0x400 and r9 0x80000000 when reaching line 21, thus oob-accessing the map.
The purpose of precision tracking is to initially mark registers (including
spilled ones) as imprecise to help verifier's pruning logic finding equivalent
states it can then prune if they don't contribute to the program's safety
aspects. For example, if registers are used for pointer arithmetic or to pass
constant length to a helper, then the verifier sets reg->precise flag and
backtracks the BPF program instruction sequence and chain of verifier states
to ensure that the given register or stack slot including their dependencies
are marked as precisely tracked scalar. This also includes any other registers
and slots that contribute to a tracked state of given registers/stack slot.
This backtracking relies on recorded jmp_history and is able to traverse
entire chain of parent states. This process ends only when all the necessary
registers/slots and their transitive dependencies are marked as precise.
The backtrack_insn() is called from the current instruction up to the first
instruction, and its purpose is to compute a bitmask of registers and stack
slots that need precision tracking in the parent's verifier state. For example,
if a current instruction is r6 = r7, then r6 needs precision after this
instruction and r7 needs precision before this instruction, that is, in the
parent state. Hence for the latter r7 is marked and r6 unmarked.
For the class of jmp/jmp32 instructions, backtrack_insn() today only looks
at call and exit instructions and for all other conditionals the masks
remain as-is. However, in the given situation register r6 has a dependency
on r9 (as described above in **), so also that one needs to be marked for
precision tracking. In other words, if an imprecise register influences a
precise one, then the imprecise register should also be marked precise.
Meaning, in the parent state both dest and src register need to be tracked
for precision and therefore the marking must be more conservative by setting
reg->precise flag for both. The precision propagation needs to cover both
for the conditional: if the src reg was marked but not the dst reg and vice
versa.
After the fix the program is correctly rejected:
func#0 @0
0: R1=ctx(off=0,imm=0) R10=fp0
0: (b7) r6 = 1024 ; R6_w=1024
1: (b7) r7 = 0 ; R7_w=0
2: (b7) r8 = 0 ; R8_w=0
3: (b7) r9 = -2147483648 ; R9_w=-2147483648
4: (97) r6 %= 1025 ; R6_w=scalar()
5: (05) goto pc+0
6: (bd) if r6 <= r9 goto pc+2 ; R6_w=scalar(umin=18446744071562067969,var_off=(0xffffffff80000000; 0x7fffffff),u32_min=-2147483648) R9_w=-2147483648
7: (97) r6 %= 1 ; R6_w=scalar()
8: (b7) r9 = 0 ; R9=0
9: (bd) if r6 <= r9 goto pc+1 ; R6=scalar(umin=1) R9=0
10: (b7) r6 = 0 ; R6_w=0
11: (b7) r0 = 0 ; R0_w=0
12: (63) *(u32 *)(r10 -4) = r0
last_idx 12 first_idx 9
regs=1 stack=0 before 11: (b7) r0 = 0
13: R0_w=0 R10=fp0 fp-8=0000????
13: (18) r4 = 0xffff9290dc5bfe00 ; R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
15: (bf) r1 = r4 ; R1_w=map_ptr(off=0,ks=4,vs=48,imm=0) R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
16: (bf) r2 = r10 ; R2_w=fp0 R10=fp0
17: (07) r2 += -4 ; R2_w=fp-4
18: (85) call bpf_map_lookup_elem#1 ; R0=map_value_or_null(id=1,off=0,ks=4,vs=48,imm=0)
19: (55) if r0 != 0x0 goto pc+1 ; R0=0
20: (95) exit
from 19 to 21: R0=map_value(off=0,ks=4,vs=48,imm=0) R6=0 R7=0 R8=0 R9=0 R10=fp0 fp-8=mmmm????
21: (77) r6 >>= 10 ; R6_w=0
22: (27) r6 *= 8192 ; R6_w=0
23: (bf) r1 = r0 ; R0=map_value(off=0,ks=4,vs=48,imm=0) R1_w=map_value(off=0,ks=4,vs=48,imm=0)
24: (0f) r0 += r6
last_idx 24 first_idx 19
regs=40 stack=0 before 23: (bf) r1 = r0
regs=40 stack=0 before 22: (27) r6 *= 8192
regs=40 stack=0 before 21: (77) r6 >>= 10
regs=40 stack=0 before 19: (55) if r0 != 0x0 goto pc+1
parent didn't have regs=40 stack=0 marks: R0_rw=map_value_or_null(id=1,off=0,ks=4,vs=48,imm=0) R6_rw=P0 R7=0 R8=0 R9=0 R10=fp0 fp-8=mmmm????
last_idx 18 first_idx 9
regs=40 stack=0 before 18: (85) call bpf_map_lookup_elem#1
regs=40 stack=0 before 17: (07) r2 += -4
regs=40 stack=0 before 16: (bf) r2 = r10
regs=40 stack=0 before 15: (bf) r1 = r4
regs=40 stack=0 before 13: (18) r4 = 0xffff9290dc5bfe00
regs=40 stack=0 before 12: (63) *(u32 *)(r10 -4) = r0
regs=40 stack=0 before 11: (b7) r0 = 0
regs=40 stack=0 before 10: (b7) r6 = 0
25: (79) r3 = *(u64 *)(r0 +0) ; R0_w=map_value(off=0,ks=4,vs=48,imm=0) R3_w=scalar()
26: (7b) *(u64 *)(r1 +0) = r3 ; R1_w=map_value(off=0,ks=4,vs=48,imm=0) R3_w=scalar()
27: (95) exit
from 9 to 11: R1=ctx(off=0,imm=0) R6=0 R7=0 R8=0 R9=0 R10=fp0
11: (b7) r0 = 0 ; R0_w=0
12: (63) *(u32 *)(r10 -4) = r0
last_idx 12 first_idx 11
regs=1 stack=0 before 11: (b7) r0 = 0
13: R0_w=0 R10=fp0 fp-8=0000????
13: (18) r4 = 0xffff9290dc5bfe00 ; R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
15: (bf) r1 = r4 ; R1_w=map_ptr(off=0,ks=4,vs=48,imm=0) R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
16: (bf) r2 = r10 ; R2_w=fp0 R10=fp0
17: (07) r2 += -4 ; R2_w=fp-4
18: (85) call bpf_map_lookup_elem#1
frame 0: propagating r6
last_idx 19 first_idx 11
regs=40 stack=0 before 18: (85) call bpf_map_lookup_elem#1
regs=40 stack=0 before 17: (07) r2 += -4
regs=40 stack=0 before 16: (bf) r2 = r10
regs=40 stack=0 before 15: (bf) r1 = r4
regs=40 stack=0 before 13: (18) r4 = 0xffff9290dc5bfe00
regs=40 stack=0 before 12: (63) *(u32 *)(r10 -4) = r0
regs=40 stack=0 before 11: (b7) r0 = 0
parent didn't have regs=40 stack=0 marks: R1=ctx(off=0,imm=0) R6_r=P0 R7=0 R8=0 R9=0 R10=fp0
last_idx 9 first_idx 9
regs=40 stack=0 before 9: (bd) if r6 <= r9 goto pc+1
parent didn't have regs=240 stack=0 marks: R1=ctx(off=0,imm=0) R6_rw=Pscalar() R7_w=0 R8_w=0 R9_rw=P0 R10=fp0
last_idx 8 first_idx 0
regs=240 stack=0 before 8: (b7) r9 = 0
regs=40 stack=0 before 7: (97) r6 %= 1
regs=40 stack=0 before 6: (bd) if r6 <= r9 goto pc+2
regs=240 stack=0 before 5: (05) goto pc+0
regs=240 stack=0 before 4: (97) r6 %= 1025
regs=240 stack=0 before 3: (b7) r9 = -2147483648
regs=40 stack=0 before 2: (b7) r8 = 0
regs=40 stack=0 before 1: (b7) r7 = 0
regs=40 stack=0 before 0: (b7) r6 = 1024
19: safe
from 6 to 9: R1=ctx(off=0,imm=0) R6_w=scalar(umax=18446744071562067968) R7_w=0 R8_w=0 R9_w=-2147483648 R10=fp0
9: (bd) if r6 <= r9 goto pc+1
last_idx 9 first_idx 0
regs=40 stack=0 before 6: (bd) if r6 <= r9 goto pc+2
regs=240 stack=0 before 5: (05) goto pc+0
regs=240 stack=0 before 4: (97) r6 %= 1025
regs=240 stack=0 before 3: (b7) r9 = -2147483648
regs=40 stack=0 before 2: (b7) r8 = 0
regs=40 stack=0 before 1: (b7) r7 = 0
regs=40 stack=0 before 0: (b7) r6 = 1024
last_idx 9 first_idx 0
regs=200 stack=0 before 6: (bd) if r6 <= r9 goto pc+2
regs=240 stack=0 before 5: (05) goto pc+0
regs=240 stack=0 before 4: (97) r6 %= 1025
regs=240 stack=0 before 3: (b7) r9 = -2147483648
regs=40 stack=0 before 2: (b7) r8 = 0
regs=40 stack=0 before 1: (b7) r7 = 0
regs=40 stack=0 before 0: (b7) r6 = 1024
11: R6=scalar(umax=18446744071562067968) R9=-2147483648
11: (b7) r0 = 0 ; R0_w=0
12: (63) *(u32 *)(r10 -4) = r0
last_idx 12 first_idx 11
regs=1 stack=0 before 11: (b7) r0 = 0
13: R0_w=0 R10=fp0 fp-8=0000????
13: (18) r4 = 0xffff9290dc5bfe00 ; R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
15: (bf) r1 = r4 ; R1_w=map_ptr(off=0,ks=4,vs=48,imm=0) R4_w=map_ptr(off=0,ks=4,vs=48,imm=0)
16: (bf) r2 = r10 ; R2_w=fp0 R10=fp0
17: (07) r2 += -4 ; R2_w=fp-4
18: (85) call bpf_map_lookup_elem#1 ; R0_w=map_value_or_null(id=3,off=0,ks=4,vs=48,imm=0)
19: (55) if r0 != 0x0 goto pc+1 ; R0_w=0
20: (95) exit
from 19 to 21: R0=map_value(off=0,ks=4,vs=48,imm=0) R6=scalar(umax=18446744071562067968) R7=0 R8=0 R9=-2147483648 R10=fp0 fp-8=mmmm????
21: (77) r6 >>= 10 ; R6_w=scalar(umax=18014398507384832,var_off=(0x0; 0x3fffffffffffff))
22: (27) r6 *= 8192 ; R6_w=scalar(smax=9223372036854767616,umax=18446744073709543424,var_off=(0x0; 0xffffffffffffe000),s32_max=2147475456,u32_max=-8192)
23: (bf) r1 = r0 ; R0=map_value(off=0,ks=4,vs=48,imm=0) R1_w=map_value(off=0,ks=4,vs=48,imm=0)
24: (0f) r0 += r6
last_idx 24 first_idx 21
regs=40 stack=0 before 23: (bf) r1 = r0
regs=40 stack=0 before 22: (27) r6 *= 8192
regs=40 stack=0 before 21: (77) r6 >>= 10
parent didn't have regs=40 stack=0 marks: R0_rw=map_value(off=0,ks=4,vs=48,imm=0) R6_r=Pscalar(umax=18446744071562067968) R7=0 R8=0 R9=-2147483648 R10=fp0 fp-8=mmmm????
last_idx 19 first_idx 11
regs=40 stack=0 before 19: (55) if r0 != 0x0 goto pc+1
regs=40 stack=0 before 18: (85) call bpf_map_lookup_elem#1
regs=40 stack=0 before 17: (07) r2 += -4
regs=40 stack=0 before 16: (bf) r2 = r10
regs=40 stack=0 before 15: (bf) r1 = r4
regs=40 stack=0 before 13: (18) r4 = 0xffff9290dc5bfe00
regs=40 stack=0 before 12: (63) *(u32 *)(r10 -4) = r0
regs=40 stack=0 before 11: (b7) r0 = 0
parent didn't have regs=40 stack=0 marks: R1=ctx(off=0,imm=0) R6_rw=Pscalar(umax=18446744071562067968) R7_w=0 R8_w=0 R9_w=-2147483648 R10=fp0
last_idx 9 first_idx 0
regs=40 stack=0 before 9: (bd) if r6 <= r9 goto pc+1
regs=240 stack=0 before 6: (bd) if r6 <= r9 goto pc+2
regs=240 stack=0 before 5: (05) goto pc+0
regs=240 stack=0 before 4: (97) r6 %= 1025
regs=240 stack=0 before 3: (b7) r9 = -2147483648
regs=40 stack=0 before 2: (b7) r8 = 0
regs=40 stack=0 before 1: (b7) r7 = 0
regs=40 stack=0 before 0: (b7) r6 = 1024
math between map_value pointer and register with unbounded min value is not allowed
verification time 886 usec
stack depth 4
processed 49 insns (limit 1000000) max_states_per_insn 1 total_states 5 peak_states 5 mark_read 2
Fixes:
|
||
|
Greg Kroah-Hartman
|
0fff48d6fe |
Merge 6.1.24 into android14-6.1
Changes in 6.1.24
dm cache: Add some documentation to dm-cache-background-tracker.h
dm integrity: Remove bi_sector that's only used by commented debug code
dm: change "unsigned" to "unsigned int"
dm: fix improper splitting for abnormal bios
KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode
KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
Drivers: vmbus: Check for channel allocation before looking up relids
ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
pwm: Make .get_state() callback return an error code
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: meson: Explicitly set .polarity in .get_state()
ASoC: codecs: lpass: fix the order or clks turn off during suspend
KVM: s390: pv: fix external interruption loop not always detected
wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
net: phylink: add phylink_expects_phy() method
net: stmmac: check if MAC needs to attach to a PHY
net: stmmac: remove redundant fixup to support fixed-link mode
l2tp: generate correct module alias strings
wifi: brcmfmac: Fix SDIO suspend/resume regression
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
nfsd: call op_release, even when op_func returns an error
icmp: guard against too small mtu
ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
net: don't let netpoll invoke NAPI if in xmit context
net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
sctp: check send stream number after wait_for_sndbuf
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
platform/x86: think-lmi: Fix memory leak when showing current settings
platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
platform/x86: think-lmi: Clean up display of current_value on Thinkstation
gpio: davinci: Do not clear the bank intr enable bit in save_context
gpio: davinci: Add irq chip flag to skip set wake
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
net: stmmac: fix up RX flow hash indirection table when setting channels
sunrpc: only free unix grouplist after RCU settles
NFSD: callback request does not use correct credential for AUTH_SYS
ice: fix wrong fallback logic for FDIR
ice: Reset FDIR counter in FDIR init stage
raw: use net_hash_mix() in hash function
raw: Fix NULL deref in raw_get_next().
ping: Fix potentail NULL deref for /proc/net/icmp.
ethtool: reset #lanes when lanes is omitted
netlink: annotate lockless accesses to nlk->max_recvmsg_len
gve: Secure enough bytes in the first TX desc for all TCP pkts
arm64: compat: Work around uninitialized variable warning
net: stmmac: check fwnode for phy device before scanning for phy
cxl/pci: Fix CDAT retrieval on big endian
cxl/pci: Handle truncated CDAT header
cxl/pci: Handle truncated CDAT entries
cxl/pci: Handle excessive CDAT length
PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
usb: xhci: tegra: fix sleep in atomic call
xhci: Free the command allocated for setting LPM if we return early
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
usb: cdnsp: Fixes error: uninitialized symbol 'len'
usb: dwc3: pci: add support for the Intel Meteor Lake-S
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
drivers: iio: adc: ltc2497: fix LSB shift
iio: adis16480: select CONFIG_CRC32
iio: adc: qcom-spmi-adc5: Fix the channel name
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: buffer: correctly return bytes written in output buffers
iio: buffer: make sure O_NONBLOCK is respected
iio: light: cm32181: Unregister second I2C client if present
tty: serial: sh-sci: Fix transmit end interrupt handler
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
serial: 8250: Prevent starting up DMA Rx on THRI interrupt
ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
ALSA: hda/realtek: Add quirk for Clevo X370SNW
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
x86/acpi/boot: Correct acpi_is_processor_usable() check
x86/ACPI/boot: Use FADT version to check support for online capable
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
mm: kfence: fix PG_slab and memcg_data clearing
mm: kfence: fix handling discontiguous page
coresight: etm4x: Do not access TRCIDR1 for identification
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
counter: 104-quad-8: Fix Synapse action reported for Index signals
blk-mq: directly poll requests
iio: adc: ad7791: fix IRQ flags
io_uring: fix return value when removing provided buffers
io_uring: fix memory leak when removing provided buffers
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
nvme: fix discard support without oncs
cifs: sanitize paths in cifs_update_super_prepath.
block: ublk: make sure that block size is set correctly
block: don't set GD_NEED_PART_SCAN if scan partition failed
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
fs: drop peer group ids under namespace lock
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
can: isotp: fix race between isotp_sendsmg() and isotp_release()
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
ACPI: video: Make acpi_backlight=video work independent from GPU driver
ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
net: stmmac: Add queue reset into stmmac_xdp_open() function
tracing/synthetic: Fix races on freeing last_cmd
tracing/timerlat: Notify new max thread latency
tracing/osnoise: Fix notify new tracing_max_latency
tracing: Free error logs of tracing instances
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing/synthetic: Make lastcmd_mutex static
zsmalloc: document freeable stats
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
wifi: mt76: ignore key disable commands
ublk: read any SQE values upfront
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/i915: Fix context runtime accounting
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
mm/hugetlb: fix uffd wr-protection for CoW optimization path
maple_tree: fix get wrong data_end in mtree_lookup_walk()
maple_tree: fix a potential concurrency bug in RCU mode
blk-throttle: Fix that bps of child could exceed bps limited in parent
drm/amd/display: Clear MST topology if it fails to resume
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
drm/i915/dp_mst: Fix payload removal during output disabling
drm/bridge: lt9611: Fix PLL being unable to lock
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
mm: take a page reference when removing device exclusive entries
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
maple_tree: fix potential rcu issue
maple_tree: reduce user error potential
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
maple_tree: fix mas_prev() and mas_find() state handling
maple_tree: be more cautious about dead nodes
maple_tree: refine ma_state init from mas_start()
maple_tree: detect dead nodes in mas_start()
maple_tree: fix freeing of nodes in rcu mode
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
maple_tree: add smp_rmb() to dead node detection
maple_tree: add RCU lock checking to rcu callback functions
mm: enable maple tree RCU mode by default.
bpftool: Print newline before '}' for struct with padding only fields
Linux 6.1.24
Change-Id: I475408e1166927565c7788e7095bdf2cb236c4b2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Waiman Long
|
243d9f3a11 |
cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
[ Upstream commit eee87853794187f6adbe19533ed79c8b44b36a91 ]
In the case of CLONE_INTO_CGROUP, not all cpusets are ready to accept
new tasks. It is too late to check that in cpuset_fork(). So we need
to add the cpuset_can_fork() and cpuset_cancel_fork() methods to
pre-check it before we can allow attachment to a different cpuset.
We also need to set the attach_in_progress flag to alert other code
that a new task is going to be added to the cpuset.
Fixes:
|
||
|
Waiman Long
|
e33ab28395 |
cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
[ Upstream commit 42a11bf5c5436e91b040aeb04063be1710bb9f9c ] By default, the clone(2) syscall spawn a child process into the same cgroup as its parent. With the use of the CLONE_INTO_CGROUP flag introduced by commit |
||
|
Waiman Long
|
ff5a4fe259 |
cgroup/cpuset: Skip spread flags update on v2
[ Upstream commit 18f9a4d47527772515ad6cbdac796422566e6440 ]
Cpuset v2 has no spread flags to set. So we can skip spread
flags update if cpuset v2 is being used. Also change the name to
cpuset_update_task_spread_flags() to indicate that there are multiple
spread flags.
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Stable-dep-of: 42a11bf5c543 ("cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Vincent Guittot
|
31c5ad43bd |
sched/fair: Fix imbalance overflow
[ Upstream commit 91dcf1e8068e9a8823e419a7a34ff4341275fb70 ]
When local group is fully busy but its average load is above system load,
computing the imbalance will overflow and local group is not the best
target for pulling this load.
Fixes:
|
||
|
Waiman Long
|
a746ad276b |
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
commit ba9182a89626d5f83c2ee4594f55cb9c1e60f0e2 upstream.
After a successful cpuset_can_attach() call which increments the
attach_in_progress flag, either cpuset_cancel_attach() or cpuset_attach()
will be called later. In cpuset_attach(), tasks in cpuset_attach_wq,
if present, will be woken up at the end. That is not the case in
cpuset_cancel_attach(). So missed wakeup is possible if the attach
operation is somehow cancelled. Fix that by doing the wakeup in
cpuset_cancel_attach() as well.
Fixes:
|
||
|
Waiman Long
|
f06c9b0154 |
cgroup/cpuset: Fix partition root's cpuset.cpus update bug
commit 292fd843de26c551856e66faf134512c52dd78b4 upstream.
It was found that commit 7a2127e66a00 ("cpuset: Call
set_cpus_allowed_ptr() with appropriate mask for task") introduced a bug
that corrupted "cpuset.cpus" of a partition root when it was updated.
It is because the tmp->new_cpus field of the passed tmp parameter
of update_parent_subparts_cpumask() should not be used at all as
it contains important cpumask data that should not be overwritten.
Fix it by using tmp->addmask instead.
Also update update_cpumask() to make sure that trialcs->cpu_allowed
will not be corrupted until it is no longer needed.
Fixes: 7a2127e66a00 ("cpuset: Call set_cpus_allowed_ptr() with appropriate mask for task")
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: stable@vger.kernel.org # v6.2+
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Josh Don
|
53244494bf |
cgroup: fix display of forceidle time at root
commit fcdb1eda5302599045bb366e679cccb4216f3873 upstream.
We need to reset forceidle_sum to 0 when reading from root, since the
bstat we accumulate into is stack allocated.
To make this more robust, just replace the existing cputime reset with a
memset of the overall bstat.
Signed-off-by: Josh Don <joshdon@google.com>
Fixes:
|
||
Steven Rostedt (Google)
|
f58574f238 |
tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance
[ Upstream commit 9d52727f8043cfda241ae96896628d92fa9c50bb ]
If a trace instance has a failure with its snapshot code, the error
message is to be written to that instance's buffer. But currently, the
message is written to the top level buffer. Worse yet, it may also disable
the top level buffer and not the instance that had the issue.
Link: https://lkml.kernel.org/r/20230405022341.688730321@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ross Zwisler <zwisler@google.com>
Fixes:
|
||
|
Steven Rostedt (Google)
|
5620eeb379 |
tracing: Add trace_array_puts() to write into instance
[ Upstream commit d503b8f7474fe7ac616518f7fc49773cbab49f36 ] Add a generic trace_array_puts() that can be used to "trace_puts()" into an allocated trace_array instance. This is just another variant of trace_array_printk(). Link: https://lkml.kernel.org/r/20230207173026.584717290@goodmis.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Ross Zwisler <zwisler@google.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Stable-dep-of: 9d52727f8043 ("tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Tetsuo Handa
|
3756171b97 |
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
[ Upstream commit 57dcd64c7e036299ef526b400a8d12b8a2352f26 ] syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit |
||
Kuan-Ying Lee
|
b28620e7db |
ANDROID: module: Add vendor hooks
Add vendor hook for module init, so we can get memory type and use it to do memory type check for architecture dependent page table setting. To make sure the architecture dependent tables are created correctly, we need to know when module parts are initialized and their attributes. For releasing modules, corresponding tables and attributes should be destroyed and restored. These hooks may be invoked in non-atomic context, so it's necessary to use restricted ones. Bug: 248994334 Change-Id: Ie9f415c36bca1fb98e021522b627e562d27cdef4 Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> |
||
|
Kuan-Ying Lee
|
05b36413b6 |
ANDROID: kernel: Add restricted vendor hook in creds
Add restricted vendor hook for creds, so we get the creds information to monitor cred lifetime. During the lifetime, we store the creds information in a standalone protected memory and keep track of integrity. These hooks may be invoked in non-atomic context, so it's necessary to use restricted ones. Bug: 248994334 Change-Id: I57fbb759452302fa1ba1e720c76bfe671eab96b5 Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> |
||
Liam R. Howlett
|
1c87a6f82a |
mm: enable maple tree RCU mode by default.
commit 3dd4432549415f3c65dd52d5c687629efbf4ece1 upstream.
Use the maple tree in RCU mode for VMA tracking.
The maple tree tracks the stack and is able to update the pivot
(lower/upper boundary) in-place to allow the page fault handler to write
to the tree while holding just the mmap read lock. This is safe as the
writes to the stack have a guard VMA which ensures there will always be
a NULL in the direction of the growth and thus will only update a pivot.
It is possible, but not recommended, to have VMAs that grow up/down
without guard VMAs. syzbot has constructed a testcase which sets up a
VMA to grow and consume the empty space. Overwriting the entire NULL
entry causes the tree to be altered in a way that is not safe for
concurrent readers; the readers may see a node being rewritten or one
that does not match the maple state they are using.
Enabling RCU mode allows the concurrent readers to see a stable node and
will return the expected result.
Link: https://lkml.kernel.org/r/20230227173632.3292573-9-surenb@google.com
Cc: stable@vger.kernel.org
Fixes:
|
||
Zheng Yejian
|
3663f5d5bb |
ring-buffer: Fix race while reader and writer are on the same page
commit 6455b6163d8c680366663cdb8c679514d55fc30c upstream.
When user reads file 'trace_pipe', kernel keeps printing following logs
that warn at "cpu_buffer->reader_page->read > rb_page_size(reader)" in
rb_get_reader_page(). It just looks like there's an infinite loop in
tracing_read_pipe(). This problem occurs several times on arm64 platform
when testing v5.10 and below.
Call trace:
rb_get_reader_page+0x248/0x1300
rb_buffer_peek+0x34/0x160
ring_buffer_peek+0xbc/0x224
peek_next_entry+0x98/0xbc
__find_next_entry+0xc4/0x1c0
trace_find_next_entry_inc+0x30/0x94
tracing_read_pipe+0x198/0x304
vfs_read+0xb4/0x1e0
ksys_read+0x74/0x100
__arm64_sys_read+0x24/0x30
el0_svc_common.constprop.0+0x7c/0x1bc
do_el0_svc+0x2c/0x94
el0_svc+0x20/0x30
el0_sync_handler+0xb0/0xb4
el0_sync+0x160/0x180
Then I dump the vmcore and look into the problematic per_cpu ring_buffer,
I found that tail_page/commit_page/reader_page are on the same page while
reader_page->read is obviously abnormal:
tail_page == commit_page == reader_page == {
.write = 0x100d20,
.read = 0x8f9f4805, // Far greater than 0xd20, obviously abnormal!!!
.entries = 0x10004c,
.real_end = 0x0,
.page = {
.time_stamp = 0x857257416af0,
.commit = 0xd20, // This page hasn't been full filled.
// .data[0...0xd20] seems normal.
}
}
The root cause is most likely the race that reader and writer are on the
same page while reader saw an event that not fully committed by writer.
To fix this, add memory barriers to make sure the reader can see the
content of what is committed. Since commit
|
||
|
Steven Rostedt (Google)
|
dc48648699 |
tracing/synthetic: Make lastcmd_mutex static
commit 31c683967174b487939efaf65e41f5ff1404e141 upstream. The lastcmd_mutex is only used in trace_events_synth.c and should be static. Link: https://lore.kernel.org/linux-trace-kernel/202304062033.cRStgOuP-lkp@intel.com/ Link: https://lore.kernel.org/linux-trace-kernel/20230406111033.6e26de93@gandalf.local.home Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Tze-nan Wu <Tze-nan.Wu@mediatek.com> Fixes: 4ccf11c4e8a8e ("tracing/synthetic: Fix races on freeing last_cmd") Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com> Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Steven Rostedt (Google)
|
c0cf0f55be |
tracing: Free error logs of tracing instances
commit 3357c6e429643231e60447b52ffbb7ac895aca22 upstream.
When a tracing instance is removed, the error messages that hold errors
that occurred in the instance needs to be freed. The following reports a
memory leak:
# cd /sys/kernel/tracing
# mkdir instances/foo
# echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger
# cat instances/foo/error_log
[ 117.404795] hist:sched:sched_switch: error: Couldn't find field
Command: hist:keys=x
^
# rmdir instances/foo
Then check for memory leaks:
# echo scan > /sys/kernel/debug/kmemleak
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff88810d8ec700 (size 192):
comm "bash", pid 869, jiffies 4294950577 (age 215.752s)
hex dump (first 32 bytes):
60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha....
a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&.......
backtrace:
[<00000000dae26536>] kmalloc_trace+0x2a/0xa0
[<00000000b2938940>] tracing_log_err+0x277/0x2e0
[<000000004a0e1b07>] parse_atom+0x966/0xb40
[<0000000023b24337>] parse_expr+0x5f3/0xdb0
[<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560
[<00000000293a9645>] trigger_process_regex+0x135/0x1a0
[<000000005c22b4f2>] event_trigger_write+0x87/0xf0
[<000000002cadc509>] vfs_write+0x162/0x670
[<0000000059c3b9be>] ksys_write+0xca/0x170
[<00000000f1cddc00>] do_syscall_64+0x3e/0xc0
[<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
unreferenced object 0xffff888170c35a00 (size 32):
comm "bash", pid 869, jiffies 4294950577 (age 215.752s)
hex dump (first 32 bytes):
0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist
3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x.........
backtrace:
[<000000006a747de5>] __kmalloc+0x4d/0x160
[<000000000039df5f>] tracing_log_err+0x29b/0x2e0
[<000000004a0e1b07>] parse_atom+0x966/0xb40
[<0000000023b24337>] parse_expr+0x5f3/0xdb0
[<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560
[<00000000293a9645>] trigger_process_regex+0x135/0x1a0
[<000000005c22b4f2>] event_trigger_write+0x87/0xf0
[<000000002cadc509>] vfs_write+0x162/0x670
[<0000000059c3b9be>] ksys_write+0xca/0x170
[<00000000f1cddc00>] do_syscall_64+0x3e/0xc0
[<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc
The problem is that the error log needs to be freed when the instance is
removed.
Link: https://lore.kernel.org/lkml/76134d9f-a5ba-6a0d-37b3-28310b4a1e91@alu.unizg.hr/
Link: https://lore.kernel.org/linux-trace-kernel/20230404194504.5790b95f@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: Ulf Hansson <ulf.hansson@linaro.org>
Cc: Eric Biggers <ebiggers@kernel.org>
Fixes:
|
||
Daniel Bristot de Oliveira
|
1ea5f8d1fa |
tracing/osnoise: Fix notify new tracing_max_latency
commit d3cba7f02cd82118c32651c73374d8a5a459d9a6 upstream.
osnoise/timerlat tracers are reporting new max latency on instances
where the tracing is off, creating inconsistencies between the max
reported values in the trace and in the tracing_max_latency. Thus
only report new tracing_max_latency on active tracing instances.
Link: https://lkml.kernel.org/r/ecd109fde4a0c24ab0f00ba1e9a144ac19a91322.1680104184.git.bristot@kernel.org
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Daniel Bristot de Oliveira
|
162e6e6ff2 |
tracing/timerlat: Notify new max thread latency
commit b9f451a9029a16eb7913ace09b92493d00f2e564 upstream.
timerlat is not reporting a new tracing_max_latency for the thread
latency. The reason is that it is not calling notify_new_max_latency()
function after the new thread latency is sampled.
Call notify_new_max_latency() after computing the thread latency.
Link: https://lkml.kernel.org/r/16e18d61d69073d0192ace07bf61e405cca96e9c.1680104184.git.bristot@kernel.org
Cc: stable@vger.kernel.org
Fixes:
|
||
Tze-nan Wu
|
9fe183f659 |
tracing/synthetic: Fix races on freeing last_cmd
commit 4ccf11c4e8a8e051499d53a12f502196c97a758e upstream.
Currently, the "last_cmd" variable can be accessed by multiple processes
asynchronously when multiple users manipulate synthetic_events node
at the same time, it could lead to use-after-free or double-free.
This patch add "lastcmd_mutex" to prevent "last_cmd" from being accessed
asynchronously.
================================================================
It's easy to reproduce in the KASAN environment by running the two
scripts below in different shells.
script 1:
while :
do
echo -n -e '\x88' > /sys/kernel/tracing/synthetic_events
done
script 2:
while :
do
echo -n -e '\xb0' > /sys/kernel/tracing/synthetic_events
done
================================================================
double-free scenario:
process A process B
------------------- ---------------
1.kstrdup last_cmd
2.free last_cmd
3.free last_cmd(double-free)
================================================================
use-after-free scenario:
process A process B
------------------- ---------------
1.kstrdup last_cmd
2.free last_cmd
3.tracing_log_err(use-after-free)
================================================================
Appendix 1. KASAN report double-free:
BUG: KASAN: double-free in kfree+0xdc/0x1d4
Free of addr ***** by task sh/4879
Call trace:
...
kfree+0xdc/0x1d4
create_or_delete_synth_event+0x60/0x1e8
trace_parse_run_command+0x2bc/0x4b8
synth_events_write+0x20/0x30
vfs_write+0x200/0x830
...
Allocated by task 4879:
...
kstrdup+0x5c/0x98
create_or_delete_synth_event+0x6c/0x1e8
trace_parse_run_command+0x2bc/0x4b8
synth_events_write+0x20/0x30
vfs_write+0x200/0x830
...
Freed by task 5464:
...
kfree+0xdc/0x1d4
create_or_delete_synth_event+0x60/0x1e8
trace_parse_run_command+0x2bc/0x4b8
synth_events_write+0x20/0x30
vfs_write+0x200/0x830
...
================================================================
Appendix 2. KASAN report use-after-free:
BUG: KASAN: use-after-free in strlen+0x5c/0x7c
Read of size 1 at addr ***** by task sh/5483
sh: CPU: 7 PID: 5483 Comm: sh
...
__asan_report_load1_noabort+0x34/0x44
strlen+0x5c/0x7c
tracing_log_err+0x60/0x444
create_or_delete_synth_event+0xc4/0x204
trace_parse_run_command+0x2bc/0x4b8
synth_events_write+0x20/0x30
vfs_write+0x200/0x830
...
Allocated by task 5483:
...
kstrdup+0x5c/0x98
create_or_delete_synth_event+0x80/0x204
trace_parse_run_command+0x2bc/0x4b8
synth_events_write+0x20/0x30
vfs_write+0x200/0x830
...
Freed by task 5480:
...
kfree+0xdc/0x1d4
create_or_delete_synth_event+0x74/0x204
trace_parse_run_command+0x2bc/0x4b8
synth_events_write+0x20/0x30
vfs_write+0x200/0x830
...
Link: https://lore.kernel.org/linux-trace-kernel/20230321110444.1587-1-Tze-nan.Wu@mediatek.com
Fixes:
|
||
|
Zheng Yejian
|
3caa693781 |
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
commit 2a2d8c51defb446e8d89a83f42f8e5cd529111e9 upstream.
Syzkaller report a WARNING: "WARN_ON(!direct)" in modify_ftrace_direct().
Root cause is 'direct->addr' was changed from 'old_addr' to 'new_addr' but
not restored if error happened on calling ftrace_modify_direct_caller().
Then it can no longer find 'direct' by that 'old_addr'.
To fix it, restore 'direct->addr' to 'old_addr' explicitly in error path.
Link: https://lore.kernel.org/linux-trace-kernel/20230330025223.1046087-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Cc: <mhiramat@kernel.org>
Cc: <mark.rutland@arm.com>
Cc: <ast@kernel.org>
Cc: <daniel@iogearbox.net>
Fixes:
|
||
Kan Liang
|
023036e389 |
perf/core: Fix the same task check in perf_event_set_output
[ Upstream commit 24d3ae2f37d8bc3c14b31d353c5d27baf582b6a6 ] The same task check in perf_event_set_output has some potential issues for some usages. For the current perf code, there is a problem if using of perf_event_open() to have multiple samples getting into the same mmap’d memory when they are both attached to the same process. https://lore.kernel.org/all/92645262-D319-4068-9C44-2409EF44888E@gmail.com/ Because the event->ctx is not ready when the perf_event_set_output() is invoked in the perf_event_open(). Besides the above issue, before the commit bd2756811766 ("perf: Rewrite core context handling"), perf record can errors out when sampling with a hardware event and a software event as below. $ perf record -e cycles,dummy --per-thread ls failed to mmap with 22 (Invalid argument) That's because that prior to the commit a hardware event and a software event are from different task context. The problem should be a long time issue since commit |
||
|
Greg Kroah-Hartman
|
a0f3313ef9 |
This is the 6.1.23 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQumsIACgkQONu9yGCS aT4yfBAAwaDPXomEa+DY6pkQEE7WPVtIkeO+sQIo7bWHunTDilTLRFeDUJ4THydT CnhhlGsBUt8KGeWgSR6hHeTl/c+b+AcBan5k5BBufUGrsDn/XV8QIEyKWhbLIEja qWehpogs7BJLg2dFRqTfHQEOhLht1jCmC99tfEozEG4zRudmdS3Z2DbRypfEHshc oGOC1Jzg4MLPfB+lCwKNrVMBlR2n/73P7mTUCu/Dc9+DUbm+GtqvsPuGT2LxVyY7 kkNgGzvdxQQCqtK5X6zyoU61gepsobf6c6kHjBucn8mhaYURT5ndfV9VqLWkDYE7 71iH0oY5fg2NgbMtQpbA10MokjijFp46I4QxzG/RVl2ZN2pbCFNm5aNIBCwBbF2k lN6hwJc1nbTi696o29o1osm+yju3347HCAWC8s+DAszXiquihiUeJBwuCfa1c+Gy GhdATa3nNQ/8D0gWULr/kl7DvlgpSpYrbEQGVG2gH6tdsAZt2iKYUtGLFjvDN+fw CoMpq2OZTX5afM7AxTX00f5lGmbXhD+T9a+pS9AXhPqKcGv1tt0Gso8dn7cpWpj5 LxhIE9dK5F1/tI+wPE+8t80CukqQHfoCQ24YO8mfUKmlInwjGd1Hque+ihKJo7ZW W5CXlZJJVvpVk9BxMNaYHKfSE+U6G7hYabEAzJXR3fz9vGfoTII= =rz/i -----END PGP SIGNATURE----- Merge 6.1.23 into android14-6.1 Changes in 6.1.23 thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers cifs: update ip_addr for ses only for primary chan setup cifs: prevent data race in cifs_reconnect_tcon() cifs: avoid race conditions with parallel reconnects zonefs: Reorganize code zonefs: Simplify IO error handling zonefs: Reduce struct zonefs_inode_info size zonefs: Separate zone information from inode information zonefs: Fix error message in zonefs_file_dio_append() fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY kernel: kcsan: kcsan_test: build without structleak plugin kcsan: avoid passing -g for test btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING btrfs: zoned: count fresh BG region as zone unusable net: ethernet: ti: am65-cpsw/cpts: Fix CPTS release action riscv: ftrace: Fixup panic by disabling preemption ARM: dts: aspeed: p10bmc: Update battery node name drm/msm/dpu: Refactor sc7280_pp location drm/msm/dpu: correct sm8250 and sm8350 scaler drm/msm/disp/dpu: fix sc7280_pp base offset tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API tty: serial: fsl_lpuart: fix race on RX DMA shutdown tracing: Add .percent suffix option to histogram values tracing: Add .graph suffix option to histogram value tracing: Do not let histogram values have some modifiers net: mscc: ocelot: fix stats region batching arm64: efi: Set NX compat flag in PE/COFF header cifs: fix missing unload_nls() in smb2_reconnect() xfrm: Zero padding when dumping algos and encap ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds ASoC: Intel: avs: max98357a: Explicitly define codec format ASoC: Intel: avs: da7219: Explicitly define codec format ASoC: Intel: avs: ssm4567: Remove nau8825 bits ASoC: Intel: avs: nau8825: Adjust clock control zstd: Fix definition of assert() ACPI: video: Add backlight=native DMI quirk for Dell Vostro 15 3535 ASoC: SOF: ipc3: Check for upper size limit for the received message ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit ASoC: SOF: Intel: pci-tng: revert invalid bar size setting ASoC: SOF: IPC4: update gain ipc msg definition to align with fw md: avoid signed overflow in slot_store() x86/PVH: obtain VGA console info in Dom0 drm/amdkfd: Fix BO offset for multi-VMA page migration drm/amdkfd: fix a potential double free in pqm_create_queue drm/amdkfd: fix potential kgd_mem UAFs net: hsr: Don't log netdev_err message on unknown prp dst node ALSA: asihpi: check pao in control_message() ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() fbdev: tgafb: Fix potential divide by zero ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range sched_getaffinity: don't assume 'cpumask_size()' is fully initialized nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620 drm/amdkfd: Fixed kfd_process cleanup on module exit. net/mlx5e: Lower maximum allowed MTU in XSK to match XDP prerequisites fbdev: nvidia: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: au1200fb: Fix potential divide by zero tools/power turbostat: Fix /dev/cpu_dma_latency warnings tools/power turbostat: fix decoding of HWP_STATUS tracing: Fix wrong return in kprobe_event_gen_test.c btrfs: fix uninitialized variable warning in btrfs_update_block_group btrfs: use temporary variable for space_info in btrfs_update_block_group mtd: rawnand: meson: initialize struct with zeroes mtd: nand: mxic-ecc: Fix mxic_ecc_data_xfer_wait_for_completion() when irq is used ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() riscv/kvm: Fix VM hang in case of timer delta being zero. mips: bmips: BCM6358: disable RAC flush for TP1 ALSA: usb-audio: Fix recursive locking at XRUN during syncing PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled platform/x86: think-lmi: add missing type attribute platform/x86: think-lmi: use correct possible_values delimiters platform/x86: think-lmi: only display possible_values if available platform/x86: think-lmi: Add possible_values for ThinkStation platform/surface: aggregator: Add missing fwnode_handle_put() mtd: rawnand: meson: invalidate cache on polling ECC bit SUNRPC: fix shutdown of NFS TCP client socket sfc: ef10: don't overwrite offload features at NIC reset scsi: megaraid_sas: Fix crash after a double completion scsi: mpt3sas: Don't print sense pool info twice net: dsa: realtek: fix out-of-bounds access ptp_qoriq: fix memory leak in probe() net: dsa: microchip: ksz8: fix ksz8_fdb_dump() net: dsa: microchip: ksz8: fix ksz8_fdb_dump() to extract all 1024 entries net: dsa: microchip: ksz8: fix offset for the timestamp filed net: dsa: microchip: ksz8: ksz8_fdb_dump: avoid extracting ghost entry from empty dynamic MAC table. net: dsa: microchip: ksz8863_smi: fix bulk access net: dsa: microchip: ksz8: fix MDB configuration with non-zero VID r8169: fix RTL8168H and RTL8107E rx crc error regulator: Handle deferred clk net/net_failover: fix txq exceeding warning net: stmmac: don't reject VLANs when IFF_PROMISC is set drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write s390/vfio-ap: fix memory leak in vfio_ap device driver ACPI: bus: Rework system-level device notification handling loop: LOOP_CONFIGURE: send uevents for partitions net: mvpp2: classifier flow fix fragmentation flags net: mvpp2: parser fix QinQ net: mvpp2: parser fix PPPoE smsc911x: avoid PHY being resumed when interface is not up ice: Fix ice_cfg_rdma_fltr() to only update relevant fields ice: add profile conflict check for AVF FDIR ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() ALSA: ymfpci: Create card with device-managed snd_devm_card_new() ALSA: ymfpci: Fix BUG_ON in probe function net: ipa: compute DMA pool size properly i40e: fix registers dump after run ethtool adapter self test bnxt_en: Fix reporting of test result in ethtool selftest bnxt_en: Fix typo in PCI id to device description string mapping bnxt_en: Add missing 200G link speed reporting net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only net: ethernet: mtk_eth_soc: fix flow block refcounting logic net: ethernet: mtk_eth_soc: add missing ppe cache flush when deleting a flow pinctrl: ocelot: Fix alt mode for ocelot Input: xpad - fix incorrectly applied patch for MAP_PROFILE_BUTTON iommu/vt-d: Allow zero SAGAW if second-stage not supported Input: i8042 - add TUXEDO devices to i8042 quirk tables for partial fix Input: alps - fix compatibility with -funsigned-char Input: focaltech - use explicitly signed char type cifs: prevent infinite recursion in CIFSGetDFSRefer() cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL Input: i8042 - add quirk for Fujitsu Lifebook A574/H Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table btrfs: fix deadlock when aborting transaction during relocation with scrub btrfs: fix race between quota disable and quota assign ioctls btrfs: scan device in non-exclusive mode zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space block/io_uring: pass in issue_flags for uring_cmd task_work handling io_uring/poll: clear single/double poll flags on poll arming io_uring/rsrc: fix rogue rsrc node grabbing io_uring: fix poll/netmsg alloc caches vmxnet3: use gro callback when UPT is enabled zonefs: Always invalidate last cached page on append write dm: fix __send_duplicate_bios() to always allow for splitting IO can: j1939: prevent deadlock by moving j1939_sk_errqueue() xen/netback: don't do grant copy across page boundary net: phy: dp83869: fix default value for tx-/rx-internal-delay modpost: Fix processing of CRCs on 32-bit build machines pinctrl: amd: Disable and mask interrupts on resume pinctrl: at91-pio4: fix domain name assignment platform/x86: ideapad-laptop: Stop sending KEY_TOUCHPAD_TOGGLE powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled powerpc/64s: Fix __pte_needs_flush() false positive warning NFSv4: Fix hangs when recovering open state after a server reboot ALSA: hda/conexant: Partial revert of a quirk for Lenovo ALSA: usb-audio: Fix regression on detection of Roland VS-100 ALSA: hda/realtek: Add quirks for some Clevo laptops ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z xtensa: fix KASAN report for show_stack rcu: Fix rcu_torture_read ftrace event dt-bindings: mtd: jedec,spi-nor: Document CPOL/CPHA support s390/uaccess: add missing earlyclobber annotations to __clear_user() s390: reintroduce expoline dependence to scripts drm/etnaviv: fix reference leak when mmaping imported buffer drm/amdgpu: allow more APUs to do mode2 reset when go to S4 drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub drm/amd/display: Take FEC Overhead into Timeslot Calculation drm/i915/gem: Flush lmem contents after construction drm/i915/dpt: Treat the DPT BO as a framebuffer drm/i915: Disable DC states for all commits drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk KVM: arm64: PMU: Fix GET_ONE_REG for vPMC regs to return the current value KVM: arm64: Disable interrupts while walking userspace PTs net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: replace VTU violation prints with trace points selftests/bpf: Test btf dump for struct with padding only fields libbpf: Fix BTF-to-C converter's padding logic selftests/bpf: Add few corner cases to test padding handling of btf_dump libbpf: Fix btf_dump's packed struct determination usb: ucsi: Fix ucsi->connector race drm/amdkfd: Get prange->offset after svm_range_vram_node_new hsr: ratelimit only when errors are printed x86/PVH: avoid 32-bit build warning when obtaining VGA console info Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*" Linux 6.1.23 Change-Id: I15af3697170567c4678bcc9c2380d80e7cef5bc9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Anton Gusev
|
089d656992 |
tracing: Fix wrong return in kprobe_event_gen_test.c
[ Upstream commit bc4f359b3b607daac0290d0038561237a86b38cb ]
Overwriting the error code with the deletion result may cause the
function to return 0 despite encountering an error. Commit
|
||
Linus Torvalds
|
c8943cf3ab |
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
[ Upstream commit 6015b1aca1a233379625385feb01dd014aca60b5 ] The getaffinity() system call uses 'cpumask_size()' to decide how big the CPU mask is - so far so good. It is indeed the allocation size of a cpumask. But the code also assumes that the whole allocation is initialized without actually doing so itself. That's wrong, because we might have fixed-size allocations (making copying and clearing more efficient), but not all of it is then necessarily used if 'nr_cpu_ids' is smaller. Having checked other users of 'cpumask_size()', they all seem to be ok, either using it purely for the allocation size, or explicitly zeroing the cpumask before using the size in bytes to copy it. See for example the ublk_ctrl_get_queue_affinity() function that uses the proper 'zalloc_cpumask_var()' to make sure that the whole mask is cleared, whether the storage is on the stack or if it was an external allocation. Fix this by just zeroing the allocation before using it. Do the same for the compat version of sched_getaffinity(), which had the same logic. Also, for consistency, make sched_getaffinity() use 'cpumask_bits()' to access the bits. For a cpumask_var_t, it ends up being a pointer to the same data either way, but it's just a good idea to treat it like you would a 'cpumask_t'. The compat case already did that. Reported-by: Ryan Roberts <ryan.roberts@arm.com> Link: https://lore.kernel.org/lkml/7d026744-6bd6-6827-0471-b5e8eae0be3f@arm.com/ Cc: Yury Norov <yury.norov@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Steven Rostedt (Google)
|
39cd75f2f3 |
tracing: Do not let histogram values have some modifiers
[ Upstream commit e0213434fe3e4a0d118923dc98d31e7ff1cd9e45 ]
Histogram values can not be strings, stacktraces, graphs, symbols,
syscalls, or grouped in buckets or log. Give an error if a value is set to
do so.
Note, the histogram code was not prepared to handle these modifiers for
histograms and caused a bug.
Mark Rutland reported:
# echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events
# echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger
# cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist
[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 143.695190] Mem abort info:
[ 143.695362] ESR = 0x0000000096000004
[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits
[ 143.695889] SET = 0, FnV = 0
[ 143.696077] EA = 0, S1PTW = 0
[ 143.696302] FSC = 0x04: level 0 translation fault
[ 143.702381] Data abort info:
[ 143.702614] ISV = 0, ISS = 0x00000004
[ 143.702832] CM = 0, WnR = 0
[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000
[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 143.704714] Modules linked in:
[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3
[ 143.706138] Hardware name: linux,dummy-virt (DT)
[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 143.707120] pc : hist_field_name.part.0+0x14/0x140
[ 143.707504] lr : hist_field_name.part.0+0x104/0x140
[ 143.707774] sp : ffff800008333a30
[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0
[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800
[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001
[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000
[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023
[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c
[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c
[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d
[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000
[ 143.711746] Call trace:
[ 143.712115] hist_field_name.part.0+0x14/0x140
[ 143.712642] hist_field_name.part.0+0x104/0x140
[ 143.712925] hist_field_print+0x28/0x140
[ 143.713125] event_hist_trigger_print+0x174/0x4d0
[ 143.713348] hist_show+0xf8/0x980
[ 143.713521] seq_read_iter+0x1bc/0x4b0
[ 143.713711] seq_read+0x8c/0xc4
[ 143.713876] vfs_read+0xc8/0x2a4
[ 143.714043] ksys_read+0x70/0xfc
[ 143.714218] __arm64_sys_read+0x24/0x30
[ 143.714400] invoke_syscall+0x50/0x120
[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100
[ 143.714807] do_el0_svc+0x44/0xd0
[ 143.714970] el0_svc+0x2c/0x84
[ 143.715134] el0t_64_sync_handler+0xbc/0x140
[ 143.715334] el0t_64_sync+0x190/0x194
[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)
[ 143.716510] ---[ end trace 0000000000000000 ]---
Segmentation fault
Link: https://lkml.kernel.org/r/20230302020810.559462599@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
Masami Hiramatsu (Google)
|
8ebeea1052 |
tracing: Add .graph suffix option to histogram value
[ Upstream commit a2c54256dec7510477e2b4f4db187e638f7cac37 ]
Add the .graph suffix which shows the bar graph of the histogram value.
For example, the below example shows that the bar graph
of the histogram of the runtime for each tasks.
------
# cd /sys/kernel/debug/tracing/
# echo hist:keys=pid:vals=runtime.graph:sort=pid > \
events/sched/sched_stat_runtime/trigger
# sleep 10
# cat events/sched/sched_stat_runtime/hist
# event histogram
#
# trigger info: hist:keys=pid:vals=hitcount,runtime.graph:sort=pid:size=2048 [active]
#
{ pid: 14 } hitcount: 2 runtime:
{ pid: 16 } hitcount: 8 runtime:
{ pid: 26 } hitcount: 1 runtime:
{ pid: 57 } hitcount: 3 runtime:
{ pid: 61 } hitcount: 20 runtime: ###
{ pid: 66 } hitcount: 2 runtime:
{ pid: 70 } hitcount: 3 runtime:
{ pid: 72 } hitcount: 2 runtime:
{ pid: 145 } hitcount: 14 runtime: ####################
{ pid: 152 } hitcount: 5 runtime: #######
{ pid: 153 } hitcount: 2 runtime: ####
Totals:
Hits: 62
Entries: 11
Dropped: 0
-------
Link: https://lore.kernel.org/linux-trace-kernel/166610813953.56030.10944148382315789485.stgit@devnote2
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Tested-by: Tom Zanussi <zanussi@kernel.org>
Stable-dep-of: e0213434fe3e ("tracing: Do not let histogram values have some modifiers")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Masami Hiramatsu (Google)
|
93454d1a30 |
tracing: Add .percent suffix option to histogram values
[ Upstream commit abaa5258ce5e5887a9de049f50a85dc023391a1c ]
Add .percent suffix option to show the histogram values in percentage.
This feature is useful when we need yo undersntand the overall trend
for the histograms of large values.
E.g. this shows the runtime percentage for each tasks.
------
# cd /sys/kernel/debug/tracing/
# echo hist:keys=pid:vals=hitcount,runtime.percent:sort=pid > \
events/sched/sched_stat_runtime/trigger
# sleep 10
# cat events/sched/sched_stat_runtime/hist
# event histogram
#
# trigger info: hist:keys=pid:vals=hitcount,runtime.percent:sort=pid:size=2048 [active]
#
{ pid: 8 } hitcount: 7 runtime (%): 4.14
{ pid: 14 } hitcount: 5 runtime (%): 3.69
{ pid: 16 } hitcount: 11 runtime (%): 3.41
{ pid: 61 } hitcount: 41 runtime (%): 19.75
{ pid: 65 } hitcount: 4 runtime (%): 1.48
{ pid: 70 } hitcount: 6 runtime (%): 3.60
{ pid: 72 } hitcount: 2 runtime (%): 1.10
{ pid: 144 } hitcount: 10 runtime (%): 32.01
{ pid: 151 } hitcount: 8 runtime (%): 22.66
{ pid: 152 } hitcount: 2 runtime (%): 8.10
Totals:
Hits: 96
Entries: 10
Dropped: 0
-----
Link: https://lore.kernel.org/linux-trace-kernel/166610813077.56030.4238090506973562347.stgit@devnote2
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Tested-by: Tom Zanussi <zanussi@kernel.org>
Stable-dep-of: e0213434fe3e ("tracing: Do not let histogram values have some modifiers")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Marco Elver
|
bae092f587 |
kcsan: avoid passing -g for test
[ Upstream commit 5eb39cde1e2487ba5ec1802dc5e58a77e700d99e ]
Nathan reported that when building with GNU as and a version of clang that
defaults to DWARF5, the assembler will complain with:
Error: non-constant .uleb128 is not supported
This is because `-g` defaults to the compiler debug info default. If the
assembler does not support some of the directives used, the above errors
occur. To fix, remove the explicit passing of `-g`.
All the test wants is that stack traces print valid function names, and
debug info is not required for that. (I currently cannot recall why I
added the explicit `-g`.)
Link: https://lkml.kernel.org/r/20230316224705.709984-2-elver@google.com
Fixes:
|
||
Anders Roxell
|
01f3150cc7 |
kernel: kcsan: kcsan_test: build without structleak plugin
[ Upstream commit 6fcd4267a840d0536b8e5334ad5f31e4105fce85 ] Building kcsan_test with structleak plugin enabled makes the stack frame size to grow. kernel/kcsan/kcsan_test.c:704:1: error: the frame size of 3296 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] Turn off the structleak plugin checks for kcsan_test. Link: https://lkml.kernel.org/r/20221128104358.2660634-1-anders.roxell@linaro.org Signed-off-by: Anders Roxell <anders.roxell@linaro.org> Suggested-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Marco Elver <elver@google.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: David Gow <davidgow@google.com> Cc: Jason A. Donenfeld <Jason@zx2c4.com> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: 5eb39cde1e24 ("kcsan: avoid passing -g for test") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
7f4246b044 |
Revert "ANDROID: kernel: Add restricted vendor hook in creds"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
db50ac4d0a |
Merge 6.1.22 into android14-6.1
Changes in 6.1.22 interconnect: qcom: osm-l3: fix icc_onecell_data allocation interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output perf: fix perf_event_context->time tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr drm/amd/display: Include virtual signal to set k1 and k2 values drm/amd/display: fix k1 k2 divider programming for phantom streams drm/amd/display: Remove OTG DIV register write for Virtual signals. mptcp: refactor passive socket initialization mptcp: use the workqueue to destroy unaccepted sockets mptcp: fix UaF in listener shutdown drm/amd/display: Fix DP MST sinks removal issue arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes NFS: Fix /proc/PID/io read_bytes for buffered reads xsk: Add missing overflow check in xdp_umem_reg iavf: fix inverted Rx hash condition leading to disabled hash iavf: fix non-tunneled IPv6 UDP packet type and hashing iavf: do not track VLAN 0 filters intel/igbvf: free irq on the error path in igbvf_request_msix() igbvf: Regard vf reset nack as success igc: fix the validation logic for taprio's gate list i2c: imx-lpi2c: check only for enabled interrupt flags i2c: mxs: ensure that DMA buffers are safe for DMA i2c: hisi: Only use the completion interrupt to finish the transfer scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() nfsd: don't replace page in rq_pages if it's a continuation of last page net: dsa: b53: mmap: fix device tree support net: usb: smsc95xx: Limit packet length to skb->len efi/libstub: smbios: Use length member instead of record struct size qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info xirc2ps_cs: Fix use after free bug in xirc2ps_detach net: phy: Ensure state transitions are processed from phy_stop() net: mdio: fix owner field for mdio buses registered using device-tree net: mdio: fix owner field for mdio buses registered using ACPI net: stmmac: Fix for mismatched host/device DMA address width thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function mlxsw: core_thermal: Fix fan speed in maximum cooling state drm/i915: Print return value on error drm/i915/fbdev: lock the fbdev obj before vma pin drm/i915/guc: Rename GuC register state capture node to be more obvious drm/i915/guc: Fix missing ecodes drm/i915/gt: perform uc late init after probe error injection net: qcom/emac: Fix use after free bug in emac_remove due to race condition net: usb: lan78xx: Limit packet length to skb->len net/ps3_gelic_net: Fix RX sk_buff length net/ps3_gelic_net: Use dma_mapping_error octeontx2-vf: Add missing free for alloc_percpu bootconfig: Fix testcase to increase max node keys: Do not cache key in task struct if key is requested from kernel thread ice: check if VF exists before mode check iavf: fix hang on reboot with ice i40e: fix flow director packet filter programming bpf: Adjust insufficient default bpf_jit_limit net/mlx5e: Set uplink rep as NETNS_LOCAL net/mlx5e: Block entering switchdev mode with ns inconsistency net/mlx5: Fix steering rules cleanup net/mlx5e: Overcome slow response for first macsec ASO WQE net/mlx5: Read the TC mapping of all priorities on ETS query net/mlx5: E-Switch, Fix an Oops in error handling code net: dsa: tag_brcm: legacy: fix daisy-chained switches atm: idt77252: fix kmemleak when rmmod idt77252 erspan: do not use skb_mac_header() in ndo_start_xmit() net/sonic: use dma_mapping_error() for error check nvme-tcp: fix nvme_tcp_term_pdu to match spec mlxsw: spectrum_fid: Fix incorrect local port type hvc/xen: prevent concurrent accesses to the shared ring ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES ksmbd: fix possible refcount leak in smb2_open() Bluetooth: hci_sync: Resume adv with no RPA when active scan Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet Bluetooth: btusb: Remove detection of ISO packets over bulk Bluetooth: ISO: fix timestamped HCI ISO data packet parsing Bluetooth: Remove "Power-on" check from Mesh feature gve: Cache link_speed value from device net: asix: fix modprobe "sysfs: cannot create duplicate filename" net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case net: mdio: thunder: Add missing fwnode_handle_put() drm/amd/display: Set dcn32 caps.seamless_odm Bluetooth: btqcomsmd: Fix command timeout after setting BD address Bluetooth: L2CAP: Fix responding with wrong PDU type Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work Bluetooth: mgmt: Fix MGMT add advmon with RSSI command Bluetooth: HCI: Fix global-out-of-bounds platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl entry: Fix noinstr warning in __enter_from_user_mode() perf/x86/amd/core: Always clear status for idx entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up hwmon: fix potential sensor registration fail if of_node is missing hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs scsi: qla2xxx: Synchronize the IOCB count to be in order scsi: qla2xxx: Perform lockless command completion in abort path smb3: lower default deferred close timeout to address perf regression smb3: fix unusable share after force unmount failure uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 thunderbolt: Use scale field when allocating USB3 bandwidth thunderbolt: Call tb_check_quirks() after initializing adapters thunderbolt: Add quirk to disable CLx thunderbolt: Fix memory leak in margining thunderbolt: Disable interrupt auto clear for rings thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access thunderbolt: Use const qualifier for `ring_interrupt_index` thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) ACPI: x86: Drop quirk for HP Elitebook ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable riscv: Bump COMMAND_LINE_SIZE value to 1024 drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded ca8210: fix mac_len negative array access HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse HID: intel-ish-hid: ipc: Fix potential use-after-free in work function m68k: mm: Fix systems with memory at end of 32-bit address space m68k: Only force 030 bus error if PC not in exception table selftests/bpf: check that modifier resolves after pointer scsi: target: iscsi: Fix an error message in iscsi_check_key() scsi: qla2xxx: Add option to disable FC2 Target support scsi: hisi_sas: Check devm_add_action() return value scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() scsi: lpfc: Avoid usage of list iterator variable after loop scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled scsi: mpi3mr: Wait for diagnostic save during controller init scsi: mpi3mr: NVMe command size greater than 8K fails scsi: mpi3mr: Bad drive in topology results kernel crash scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file platform/x86: int3472: Add GPIOs to Surface Go 3 Board data net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 net: usb: qmi_wwan: add Telit 0x1080 composition drm/amd/display: Update clock table to include highest clock setting sh: sanitize the flags on sigreturn drm/amdgpu: Fix call trace warning and hang when removing amdgpu device drm/amd: Fix initialization mistake for NBIO 7.3.0 net/sched: act_mirred: better wording on protection against excessive stack growth act_mirred: use the backlog for nested calls to mirred ingress cifs: lock chan_lock outside match_session cifs: append path to open_enter trace event cifs: do not poll server interfaces too regularly cifs: empty interface list when server doesn't support query interfaces cifs: dump pending mids for all channels in DebugData cifs: print session id while listing open files cifs: fix dentry lookups in directory handle cache x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() selftests/x86/amx: Add a ptrace test scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host" usb: dwc2: fix a devres leak in hw_enable upon suspend resume usb: gadget: u_audio: don't let userspace block driver unbind btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile Bluetooth: Fix race condition in hci_cmd_sync_clear efi: sysfb_efi: Fix DMI quirks not working for simpledrm mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP fscrypt: destroy keyring after security_sb_delete() fsverity: Remove WQ_UNBOUND from fsverity read workqueue lockd: set file_lock start and end when decoding nlm4 testargs arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name igb: revert rtnl_lock() that causes deadlock dm thin: fix deadlock when swapping to thin device usb: typec: tcpm: fix create duplicate source-capabilities file usb: typec: tcpm: fix warning when handle discover_identity message usb: cdns3: Fix issue with using incorrect PCI device function usb: cdnsp: Fixes issue with redundant Status Stage usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: chipidea: core: fix possible concurrent when switch role usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() usb: ucsi_acpi: Increase the command completion timeout mm: kfence: fix using kfence_metadata without initialization in show_object() kfence: avoid passing -g for test io_uring/net: avoid sending -ECONNABORTED on repeated connection requests io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare" test_maple_tree: add more testing for mas_empty_area() maple_tree: fix mas_skip_node() end slot detection ksmbd: fix wrong signingkey creation when encryption is AES256 ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION ksmbd: don't terminate inactive sessions after a few seconds ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect ksmbd: return unsupported error on smb1 mount wifi: mac80211: fix qos on mesh interfaces nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk drm/meson: fix missing component unbind on bind errors drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi drm/i915/active: Fix missing debug object activation drm/i915: Preserve crtc_state->inherited during state clearing drm/amdgpu: skip ASIC reset for APUs when go to S4 drm/amdgpu: reposition the gpu reset checking for reuse riscv: mm: Fix incorrect ASID argument when flushing TLB riscv: Handle zicsr/zifencei issues between clang and binutils tee: amdtee: fix race condition in amdtee_open_session firmware: arm_scmi: Fix device node validation for mailbox transport arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers soc: qcom: llcc: Fix slice configuration values for SC8280XP mm/ksm: fix race with VMA iteration and mm_struct teardown bus: imx-weim: fix branch condition evaluates to a garbage value i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() dm stats: check for and propagate alloc_percpu failure dm crypt: add cond_resched() to dmcrypt_write() dm crypt: avoid accessing uninitialized tasklet sched/fair: sanitize vruntime of entity being placed sched/fair: Sanitize vruntime of entity being migrated drm/amdkfd: introduce dummy cache info for property asic drm/amdkfd: Fix the warning of array-index-out-of-bounds drm/amdkfd: add GC 11.0.4 KFD support drm/amdkfd: Fix the memory overrun Linux 6.1.22 Change-Id: Id13b4655dbfb59c29a0b8953e5e0cda3703f1879 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Vincent Guittot
|
388c4c1d12 |
sched/fair: Sanitize vruntime of entity being migrated
commit a53ce18cacb477dd0513c607f187d16f0fa96f71 upstream.
Commit 829c1651e9c4 ("sched/fair: sanitize vruntime of entity being placed")
fixes an overflowing bug, but ignore a case that se->exec_start is reset
after a migration.
For fixing this case, we delay the reset of se->exec_start after
placing the entity which se->exec_start to detect long sleeping task.
In order to take into account a possible divergence between the clock_task
of 2 rqs, we increase the threshold to around 104 days.
Fixes: 829c1651e9c4 ("sched/fair: sanitize vruntime of entity being placed")
Originally-by: Zhang Qiao <zhangqiao22@huawei.com>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Zhang Qiao <zhangqiao22@huawei.com>
Link: https://lore.kernel.org/r/20230317160810.107988-1-vincent.guittot@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Zhang Qiao
|
e427be6889 |
sched/fair: sanitize vruntime of entity being placed
commit 829c1651e9c4a6f78398d3e67651cef9bb6b42cc upstream. When a scheduling entity is placed onto cfs_rq, its vruntime is pulled to the base level (around cfs_rq->min_vruntime), so that the entity doesn't gain extra boost when placed backwards. However, if the entity being placed wasn't executed for a long time, its vruntime may get too far behind (e.g. while cfs_rq was executing a low-weight hog), which can inverse the vruntime comparison due to s64 overflow. This results in the entity being placed with its original vruntime way forwards, so that it will effectively never get to the cpu. To prevent that, ignore the vruntime of the entity being placed if it didn't execute for much longer than the characteristic sheduler time scale. [rkagan: formatted, adjusted commit log, comments, cutoff value] Signed-off-by: Zhang Qiao <zhangqiao22@huawei.com> Co-developed-by: Roman Kagan <rkagan@amazon.de> Signed-off-by: Roman Kagan <rkagan@amazon.de> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20230130122216.3555094-1-rkagan@amazon.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Frederic Weisbecker
|
d716ea059c |
entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up
[ Upstream commit b416514054810cf2d2cc348ae477cea619b64da7 ]
RCU sometimes needs to perform a delayed wake up for specific kthreads
handling offloaded callbacks (RCU_NOCB). These wakeups are performed
by timers and upon entry to idle (also to guest and to user on nohz_full).
However the delayed wake-up on kernel exit is actually performed after
the thread flags are fetched towards the fast path check for work to
do on exit to user. As a result, and if there is no other pending work
to do upon that kernel exit, the current task will resume to userspace
with TIF_RESCHED set and the pending wake up ignored.
Fix this with fetching the thread flags _after_ the delayed RCU-nocb
kthread wake-up.
Fixes:
|
||
Josh Poimboeuf
|
adfc7aaa0d |
entry: Fix noinstr warning in __enter_from_user_mode()
[ Upstream commit f87d28673b71b35b248231a2086f9404afbb7f28 ]
__enter_from_user_mode() is triggering noinstr warnings with
CONFIG_DEBUG_PREEMPT due to its call of preempt_count_add() via
ct_state().
The preemption disable isn't needed as interrupts are already disabled.
And the context_tracking_enabled() check in ct_state() also isn't needed
as that's already being done by the CT_WARN_ON().
Just use __ct_state() instead.
Fixes the following warnings:
vmlinux.o: warning: objtool: enter_from_user_mode+0xba: call to preempt_count_add() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode+0xf9: call to preempt_count_add() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode_prepare+0xc7: call to preempt_count_add() leaves .noinstr.text section
vmlinux.o: warning: objtool: irqentry_enter_from_user_mode+0xba: call to preempt_count_add() leaves .noinstr.text section
Fixes:
|
||
|
Daniel Borkmann
|
9cda812c76 |
bpf: Adjust insufficient default bpf_jit_limit
[ Upstream commit 10ec8ca8ec1a2f04c4ed90897225231c58c124a7 ]
We've seen recent AWS EKS (Kubernetes) user reports like the following:
After upgrading EKS nodes from v20230203 to v20230217 on our 1.24 EKS
clusters after a few days a number of the nodes have containers stuck
in ContainerCreating state or liveness/readiness probes reporting the
following error:
Readiness probe errored: rpc error: code = Unknown desc = failed to
exec in container: failed to start exec "4a11039f730203ffc003b7[...]":
OCI runtime exec failed: exec failed: unable to start container process:
unable to init seccomp: error loading seccomp filter into kernel:
error loading seccomp filter: errno 524: unknown
However, we had not been seeing this issue on previous AMIs and it only
started to occur on v20230217 (following the upgrade from kernel 5.4 to
5.10) with no other changes to the underlying cluster or workloads.
We tried the suggestions from that issue (sysctl net.core.bpf_jit_limit=452534528)
which helped to immediately allow containers to be created and probes to
execute but after approximately a day the issue returned and the value
returned by cat /proc/vmallocinfo | grep bpf_jit | awk '{s+=$2} END {print s}'
was steadily increasing.
I tested bpf tree to observe bpf_jit_charge_modmem, bpf_jit_uncharge_modmem
their sizes passed in as well as bpf_jit_current under tcpdump BPF filter,
seccomp BPF and native (e)BPF programs, and the behavior all looks sane
and expected, that is nothing "leaking" from an upstream perspective.
The bpf_jit_limit knob was originally added in order to avoid a situation
where unprivileged applications loading BPF programs (e.g. seccomp BPF
policies) consuming all the module memory space via BPF JIT such that loading
of kernel modules would be prevented. The default limit was defined back in
2018 and while good enough back then, we are generally seeing far more BPF
consumers today.
Adjust the limit for the BPF JIT pool from originally 1/4 to now 1/2 of the
module memory space to better reflect today's needs and avoid more users
running into potentially hard to debug issues.
Fixes:
|
||
Costa Shulyupin
|
a1f4880655 |
tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
[ Upstream commit 71c7a30442b724717a30d5e7d1662ba4904eb3d4 ]
There is a problem with the behavior of hwlat in a container,
resulting in incorrect output. A warning message is generated:
"cpumask changed while in round-robin mode, switching to mode none",
and the tracing_cpumask is ignored. This issue arises because
the kernel thread, hwlatd, is not a part of the container, and
the function sched_setaffinity is unable to locate it using its PID.
Additionally, the task_struct of hwlatd is already known.
Ultimately, the function set_cpus_allowed_ptr achieves
the same outcome as sched_setaffinity, but employs task_struct
instead of PID.
Test case:
# cd /sys/kernel/tracing
# echo 0 > tracing_on
# echo round-robin > hwlat_detector/mode
# echo hwlat > current_tracer
# unshare --fork --pid bash -c 'echo 1 > tracing_on'
# dmesg -c
Actual behavior:
[573502.809060] hwlat_detector: cpumask changed while in round-robin mode, switching to mode none
Link: https://lore.kernel.org/linux-trace-kernel/20230316144535.1004952-1-costa.shul@redhat.com
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes:
|
||
Song Liu
|
d496185c25 |
perf: fix perf_event_context->time
[ Upstream commit baf1b12a67f5b24f395baca03e442ce27cab0c18 ]
Time readers rely on perf_event_context->[time|timestamp|timeoffset] to get
accurate time_enabled and time_running for an event. The difference between
ctx->timestamp and ctx->time is the among of time when the context is not
enabled. __update_context_time(ctx, false) is used to increase timestamp,
but not time. Therefore, it should only be called in ctx_sched_in() when
EVENT_TIME was not enabled.
Fixes:
|
||
Yang Jihong
|
ff8137727a |
perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
[ Upstream commit eb81a2ed4f52be831c9fb879752d89645a312c13 ] syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 worker_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit |
||
|
Greg Kroah-Hartman
|
345103eb06 |
Revert "Revert "wait: Return number of exclusive waiters awaken""
This reverts commit
|
||
Ramji Jiyani
|
0d5b95acb6 |
ANDROID: GKI: Multi arch exports protection support
ABI is being implemented for x86_64, making it necessary to support protected exports header file generation for the GKI modules for multiple architecture. Enable support to select required inputs based on the ARCH to generate gki_module_protected_exports.h during kernel build. Inputs for generating gki_module_protected_exports.h are: ARCH = arm64: ABI Protected exports list: abi_gki_protected_exports_aarch64 Protected GKI modules list: gki_aarch64_protected_modules ARCH = x86_64: ABI Protected exports list: abi_gki_protected_exports_x86_64 Protected GKI modules list: gki_x86_64_protected_modules Test: TH Test: Manual verification of the generated header file Test: bazel run //common:kernel_aarch64_abi_update_protected_exports Bug: 151893768 Change-Id: Ic4bcb2732199b71a7973b5ce4c852bcd95d37131 Signed-off-by: Ramji Jiyani <ramjiyani@google.com> |
||
|
Greg Kroah-Hartman
|
88df355018 |
Revert "ANDROID: module: Add vendor hooks"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
d14ac9ddc6 |
Merge 6.1.21 into android14-6.1
Changes in 6.1.21
xfrm: Allow transport-mode states with AF_UNSPEC selector
drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
drm/msm/gem: Prevent blocking within shrinker loop
drm/panfrost: Don't sync rpm suspension after mmu flushing
fbdev: chipsfb: Fix error codes in chipsfb_pci_init()
cifs: Move the in_send statistic to __smb_send_rqst()
drm/meson: fix 1px pink line on GXM when scaling video overlay
clk: HI655X: select REGMAP instead of depending on it
ASoC: SOF: Intel: MTL: Fix the device description
ASoC: SOF: Intel: HDA: Fix device description
ASoC: SOF: Intel: SKL: Fix device description
ASOC: SOF: Intel: pci-tgl: Fix device description
ASoC: SOF: ipc4-topology: set dmic dai index from copier
docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
scsi: mpi3mr: Fix throttle_groups memory leak
scsi: mpi3mr: Fix config page DMA memory leak
scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
scsi: mpi3mr: Return proper values for failures in firmware init path
scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt
scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
netfilter: nft_nat: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_redir: correct value of inet type `.maxattrs`
scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
scsi: core: Fix a procfs host directory removal regression
ftrace,kcfi: Define ftrace_stub_graph conditionally
tcp: tcp_make_synack() can be called from process context
vdpa/mlx5: should not activate virtq object when suspended
wifi: nl80211: fix NULL-ptr deref in offchan check
wifi: cfg80211: fix MLO connection ownership
selftests: fix LLVM build for i386 and x86_64
nfc: pn533: initialize struct pn533_out_arg properly
ipvlan: Make skb->skb_iif track skb->dev for l3s mode
i40e: Fix kernel crash during reboot when adapter is in recovery mode
vhost-vdpa: free iommu domain after last use during cleanup
vdpa_sim: not reset state in vdpasim_queue_ready
vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
drm/i915/psr: Use calculated io and fast wake lines
drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
qed/qed_dev: guard against a possible division by zero
net: dsa: mt7530: remove now incorrect comment regarding port 5
net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
block: do not reverse request order when flushing plug list
loop: Fix use-after-free issues
net: tunnels: annotate lockless accesses to dev->needed_headroom
net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
tcp: Fix bind() conflict check for dual-stack wildcard address.
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
mlxsw: spectrum: Fix incorrect parsing depth after reload
net/smc: fix deadlock triggered by cancel_delayed_work_syn()
net: usb: smsc75xx: Limit packet length to skb->len
drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
powerpc/mm: Fix false detection of read faults
block: null_blk: Fix handling of fake timeout request
nvme: fix handling single range discard request
nvmet: avoid potential UAF in nvmet_req_complete()
block: sunvdc: add check for mdesc_grab() returning NULL
net/mlx5e: Fix macsec ASO context alignment
net/mlx5e: Don't cache tunnel offloads capability
net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
net/mlx5: Disable eswitch before waiting for VF pages
net/mlx5e: Support Geneve and GRE with VF tunnel offload
net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port
net/mlx5e: Fix cleanup null-ptr deref on encap lock
net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
veth: Fix use after free in XDP_REDIRECT
ice: xsk: disable txq irq before flushing hw
net: dsa: don't error out when drivers return ETH_DATA_LEN in .port_max_mtu()
net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
ravb: avoid PHY being resumed when interface is not up
sh_eth: avoid PHY being resumed when interface is not up
ipv4: Fix incorrect table ID in IOCTL path
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
net: atlantic: Fix crash when XDP is enabled but no program is loaded
net/iucv: Fix size of interrupt data
i825xx: sni_82596: use eth_hw_addr_set()
selftests: net: devlink_port_split.py: skip test if no suitable device available
qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
net: dsa: microchip: fix RGMII delay configuration on KSZ8765/KSZ8794/KSZ8795
ethernet: sun: add check for the mdesc_grab()
bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
hwmon: (adt7475) Display smoothing attributes in correct order
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (ina3221) return prober error code
hwmon: (ucd90320) Add minimum delay between bus accesses
hwmon: tmp512: drop of_match_ptr for ID table
kconfig: Update config changed flag before calling callback
hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
media: m5mols: fix off-by-one loop termination error
mmc: atmel-mci: fix race between stop command and start of next command
soc: mediatek: mtk-svs: keep svs alive if CONFIG_DEBUG_FS not supported
jffs2: correct logic when creating a hole in jffs2_write_begin
rust: arch/um: Disable FP/SIMD instruction to match x86
ext4: fail ext4_iget if special inode unallocated
ext4: update s_journal_inum if it changes after journal replay
ext4: fix task hung in ext4_xattr_delete_inode
drm/amdkfd: Fix an illegal memory access
net/9p: fix bug in client create for .L
LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
sh: intc: Avoid spurious sizeof-pointer-div warning
drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
ext4: fix possible double unlock when moving a directory
Revert "tty: serial: fsl_lpuart: adjust SERIAL_FSL_LPUART_CONSOLE config dependency"
tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
serial: 8250_em: Fix UART port type
serial: 8250_fsl: fix handle_irq locking
serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
firmware: xilinx: don't make a sleepable memory allocation from an atomic context
memory: tegra: fix interconnect registration race
memory: tegra20-emc: fix interconnect registration race
memory: tegra124-emc: fix interconnect registration race
memory: tegra30-emc: fix interconnect registration race
drm/ttm: Fix a NULL pointer dereference
s390/ipl: add missing intersection check to ipl_report handling
interconnect: fix icc_provider_del() error handling
interconnect: fix provider registration API
interconnect: imx: fix registration race
interconnect: fix mem leak when freeing nodes
interconnect: qcom: osm-l3: fix registration race
interconnect: qcom: rpm: fix probe child-node error handling
interconnect: qcom: rpm: fix registration race
interconnect: qcom: rpmh: fix probe child-node error handling
interconnect: qcom: rpmh: fix registration race
interconnect: qcom: msm8974: fix registration race
interconnect: exynos: fix node leak in probe PM QoS error path
interconnect: exynos: fix registration race
md: select BLOCK_LEGACY_AUTOLOAD
cifs: generate signkey for the channel that's reconnecting
tracing: Make splice_read available again
tracing: Check field value in hist_field_name()
tracing: Make tracepoint lockdep check actually test something
cifs: Fix smb2_set_path_size()
KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
KVM: nVMX: add missing consistency checks for CR0 and CR4
ALSA: hda: intel-dsp-config: add MTL PCI id
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform
Revert "riscv: mm: notify remote harts about mmu cache updates"
riscv: asid: Fixup stale TLB entry cause application crash
drm/shmem-helper: Remove another errant put in error path
drm/sun4i: fix missing component unbind on bind errors
drm/i915/active: Fix misuse of non-idle barriers as fence trackers
drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
drm/amdgpu: Don't resume IOMMU after incomplete init
drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
drm/amd/pm: bump SMU 13.0.4 driver_if header version
drm/amd/display: Do not set DRR on pipe Commit
drm/amd/display: disconnect MPCC only on OTG change
mptcp: fix possible deadlock in subflow_error_report
mptcp: add ro_after_init for tcp{,v6}_prot_override
mptcp: avoid setting TCP_CLOSE state twice
mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
ftrace: Fix invalid address access in lookup_rec() when index is 0
ocfs2: fix data corruption after failed write
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
vp_vdpa: fix the crash in hot unplug with vp_vdpa
mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
mm: teach mincore_hugetlb about pte markers
powerpc/64: Set default CPU in Kconfig
powerpc/boot: Don't always pass -mcpu=powerpc when building 32-bit uImage
mmc: sdhci_am654: lower power-on failed message severity
fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
trace/hwlat: Do not wipe the contents of per-cpu thread data
trace/hwlat: Do not start per-cpu thread if it is already running
ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent
net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
cpuidle: psci: Iterate backwards over list in psci_pd_remove()
ASoC: Intel: soc-acpi: fix copy-paste issue in topology names
ASoC: qcom: q6prm: fix incorrect clk_root passed to ADSP
x86/mce: Make sure logged MCEs are processed after sysfs update
x86/mm: Fix use of uninitialized buffer in sme_enable()
x86/resctrl: Clear staged_config[] before and after it is used
powerpc: Pass correct CPU reference to assembler
virt/coco/sev-guest: Check SEV_SNP attribute at probe time
virt/coco/sev-guest: Simplify extended guest request handling
virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request()
virt/coco/sev-guest: Carve out the request issuing logic into a helper
virt/coco/sev-guest: Do some code style cleanups
virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
virt/coco/sev-guest: Add throttling awareness
io_uring/msg_ring: let target know allocated index
perf: Fix check before add_event_to_groups() in perf_group_detach()
powerpc: Disable CPU unknown by CLANG when CC_IS_CLANG
powerpc/64: Replace -mcpu=e500mc64 by -mcpu=e5500
Linux 6.1.21
Change-Id: I4b7f6e01381c0c121c9e89e51071ea60f1f7e29a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
a22c3a8790 |
Merge 6.1.20 into android14-6.1
Changes in 6.1.20
fs: prevent out-of-bounds array speculation when closing a file descriptor
btrfs: fix unnecessary increment of read error stat on write error
btrfs: fix percent calculation for bg reclaim message
io_uring/uring_cmd: ensure that device supports IOPOLL
erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
perf inject: Fix --buildid-all not to eat up MMAP2
fork: allow CLONE_NEWTIME in clone3 flags
RISC-V: Stop emitting attributes
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv
drm/display: Don't block HDR_OUTPUT_METADATA on unknown EOTF
drm/connector: print max_requested_bpc in state debugfs
staging: rtl8723bs: Fix key-store index handling
staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
ext4: fix cgroup writeback accounting with fs-layer encryption
ext4: fix RENAME_WHITEOUT handling for inline directories
ext4: fix another off-by-one fsmap error on 1k block filesystems
ext4: move where set the MAY_INLINE_DATA flag is set
ext4: fix WARNING in ext4_update_inline_data
ext4: zero i_disksize when initializing the bootloader inode
HID: core: Provide new max_buffer_size attribute to over-ride the default
HID: uhid: Over-ride the default maximum data buffer value with our own
nfc: change order inside nfc_se_io error path
KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
KVM: VMX: Don't bother disabling eVMCS static key on module exit
KVM: x86: Move guts of kvm_arch_init() to standalone helper
KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
fs: dlm: fix log of lowcomms vs midcomms
fs: dlm: add midcomms init/start functions
fs: dlm: start midcomms before scand
fs: dlm: remove send repeat remove handling
fs: dlm: use packet in dlm_mhandle
fd: dlm: trace send/recv of dlm message and rcom
fs: dlm: fix use after free in midcomms commit
fs: dlm: use WARN_ON_ONCE() instead of WARN_ON()
fs: dlm: be sure to call dlm_send_queue_flush()
fs: dlm: fix race setting stop tx flag
udf: Fix off-by-one error when discarding preallocation
bus: mhi: ep: Power up/down MHI stack during MHI RESET
bus: mhi: ep: Change state_lock to mutex
Input: exc3000 - properly stop timer on shutdown
ipmi:ssif: Remove rtc_us_timer
ipmi:ssif: Increase the message retry time
ipmi:ssif: Add a timer between request retries
spi: intel: Check number of chip selects after reading the descriptor
drm/i915: Introduce intel_panel_init_alloc()
drm/i915: Do panel VBT init early if the VBT declares an explicit panel type
drm/i915: Populate encoder->devdata for DSI on icl+
block: Revert "block: Do not reread partition table on exclusively open device"
block: fix scan partition for exclusively open device again
riscv: Add header include guards to insn.h
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
ext4: Fix possible corruption when moving a directory
cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID
drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
drm/msm: Fix potential invalid ptr free
drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
drm/msm/a5xx: fix highest bank bit for a530
drm/msm/a5xx: fix the emptyness check in the preempt code
drm/msm/a5xx: fix context faults during ring switch
bgmac: fix *initial* chip reset to support BCM5358
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
powerpc: dts: t1040rdb: fix compatible string for Rev A boards
tls: rx: fix return value for async crypto
drm/msm/dpu: disable features unsupported by QCM2290
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
net: lan966x: Fix port police support using tc-matchall
selftests: nft_nat: ensuring the listening side is up before starting the client
netfilter: nft_last: copy content when cloning expression
netfilter: nft_quota: copy content when cloning expression
net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
net: use indirect calls helpers for sk_exit_memory_pressure()
perf stat: Fix counting when initial delay configured
net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver
net: caif: Fix use-after-free in cfusbl_device_notify()
ice: copy last block omitted in ice_get_module_eeprom()
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
drm/msm/dpu: fix len of sc7180 ctl blocks
drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK
drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks
drm/msm/dpu: clear DSPP reservations in rm release
net: stmmac: add to set device wake up flag when stmmac init phy
net: phylib: get rid of unnecessary locking
bnxt_en: Avoid order-5 memory allocation for TPA data
netfilter: ctnetlink: revert to dumping mark regardless of event type
netfilter: tproxy: fix deadlock due to missing BH disable
m68k: mm: Move initrd phys_to_virt handling after paging_init()
btrfs: fix extent map logging bit not cleared for split maps after dropping range
bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES
btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
net: phy: smsc: fix link up detection in forced irq mode
net: ethernet: mtk_eth_soc: fix RX data corruption issue
net: tls: fix device-offloaded sendpage straddling records
scsi: megaraid_sas: Update max supported LD IDs to 240
scsi: sd: Fix wrong zone_write_granularity value during revalidate
netfilter: conntrack: adopt safer max chain length
platform: mellanox: select REGMAP instead of depending on it
platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
block: fix wrong mode for blkdev_put() from disk_scan_partitions()
NFSD: Protect against filesystem freezing
ice: Fix DSCP PFC TLV creation
ethernet: ice: avoid gcc-9 integer overflow warning
net/smc: fix fallback failed while sendmsg with fastopen
octeontx2-af: Unlock contexts in the queue context cache in case of fault detection
SUNRPC: Fix a server shutdown leak
net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
af_unix: fix struct pid leaks in OOB support
erofs: Revert "erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
RISC-V: Don't check text_mutex during stop_machine
drm/amdgpu: fix return value check in kfd
ext4: Fix deadlock during directory rename
drm/amdgpu/soc21: don't expose AV1 if VCN0 is harvested
drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4
adreno: Shutdown the GPU properly
drm/msm/adreno: fix runtime PM imbalance at unbind
watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
MIPS: Fix a compilation issue
powerpc/64: Don't recurse irq replay
powerpc/iommu: fix memory leak with using debugfs_lookup()
clk: renesas: rcar-gen3: Disable R-Car H3 ES1.*
powerpc/bpf/32: Only set a stack frame when necessary
powerpc/64: Fix task_cpu in early boot when booting non-zero cpuid
powerpc/64: Move paca allocation to early_setup()
powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
alpha: fix R_ALPHA_LITERAL reloc for large modules
macintosh: windfarm: Use unsigned type for 1-bit bitfields
PCI: Add SolidRun vendor ID
scripts: handle BrokenPipeError for python scripts
media: ov5640: Fix analogue gain control
media: rc: gpio-ir-recv: add remove function
drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60
drm/amd/display: adjust MALL size available for DCN32 and DCN321
filelocks: use mount idmapping for setlease permission check
Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES"
UML: define RUNTIME_DISCARD_EXIT
Linux 6.1.20
Change-Id: I2f92629ce02bc07295fea17b16f9bb567916a285
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Budimir Markovic
|
529546ea28 |
perf: Fix check before add_event_to_groups() in perf_group_detach()
commit fd0815f632c24878e325821943edccc7fde947a2 upstream.
Events should only be added to a groups rb tree if they have not been
removed from their context by list_del_event(). Since remove_on_exec
made it possible to call list_del_event() on individual events before
they are detached from their group, perf_group_detach() should check each
sibling's attach_state before calling add_event_to_groups() on it.
Fixes:
|
||
Tero Kristo
|
ac1d15d58d |
trace/hwlat: Do not start per-cpu thread if it is already running
commit 08697bca9bbba15f2058fdbd9f970bd5f6a8a2e8 upstream.
The hwlatd tracer will end up starting multiple per-cpu threads with
the following script:
#!/bin/sh
cd /sys/kernel/debug/tracing
echo 0 > tracing_on
echo hwlat > current_tracer
echo per-cpu > hwlat_detector/mode
echo 100000 > hwlat_detector/width
echo 200000 > hwlat_detector/window
echo 1 > tracing_on
To fix the issue, check if the hwlatd thread for the cpu is already
running, before starting a new one. Along with the previous patch, this
avoids running multiple instances of the same CPU thread on the system.
Link: https://lore.kernel.org/all/20230302113654.2984709-1-tero.kristo@linux.intel.com/
Link: https://lkml.kernel.org/r/20230310100451.3948583-3-tero.kristo@linux.intel.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Tero Kristo
|
a78eab86e2 |
trace/hwlat: Do not wipe the contents of per-cpu thread data
commit 4c42f5f0d1dd20bddd9f940beb1e6ccad60c4498 upstream.
Do not wipe the contents of the per-cpu kthread data when starting the
tracer, as this will completely forget about already running instances
and can later start new additional per-cpu threads.
Link: https://lore.kernel.org/all/20230302113654.2984709-1-tero.kristo@linux.intel.com/
Link: https://lkml.kernel.org/r/20230310100451.3948583-2-tero.kristo@linux.intel.com
Cc: stable@vger.kernel.org
Fixes:
|
||
Chen Zhongjin
|
4f84f31f63 |
ftrace: Fix invalid address access in lookup_rec() when index is 0
commit ee92fa443358f4fc0017c1d0d325c27b37802504 upstream.
KASAN reported follow problem:
BUG: KASAN: use-after-free in lookup_rec
Read of size 8 at addr ffff000199270ff0 by task modprobe
CPU: 2 Comm: modprobe
Call trace:
kasan_report
__asan_load8
lookup_rec
ftrace_location
arch_check_ftrace_location
check_kprobe_address_safe
register_kprobe
When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a
pg which is newly added to ftrace_pages_start in ftrace_process_locs().
Before the first pg->index++, index is 0 and accessing pg->records[-1].ip
will cause this problem.
Don't check the ip when pg->index is 0.
Link: https://lore.kernel.org/linux-trace-kernel/20230309080230.36064-1-chenzhongjin@huawei.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (Google)
|
3968bb946a |
tracing: Check field value in hist_field_name()
commit 9f116f76fa8c04c81aef33ad870dbf9a158e5b70 upstream.
The function hist_field_name() cannot handle being passed a NULL field
parameter. It should never be NULL, but due to a previous bug, NULL was
passed to the function and the kernel crashed due to a NULL dereference.
Mark Rutland reported this to me on IRC.
The bug was fixed, but to prevent future bugs from crashing the kernel,
check the field and add a WARN_ON() if it is NULL.
Link: https://lkml.kernel.org/r/20230302020810.762384440@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Reported-by: Mark Rutland <mark.rutland@arm.com>
Fixes:
|
||
Sung-hun Kim
|
192dcbf573 |
tracing: Make splice_read available again
commit e400be674a1a40e9dcb2e95f84d6c1fd2d88f31d upstream. Since the commit |
||
Matthias Männich
|
a58297e0d2 | Merge "Merge 6.1.18 into android14-6.1" into android14-6.1 | ||
|
Greg Kroah-Hartman
|
d956976040 |
Merge 6.1.18 into android14-6.1
Changes in 6.1.18 net/sched: Retire tcindex classifier auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() fs/jfs: fix shift exponent db_agl2size negative driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin f2fs: fix to avoid potential deadlock objtool: Fix memory leak in create_static_call_sections() soc: mediatek: mtk-pm-domains: Allow mt8186 ADSP default power on memory: renesas-rpc-if: Split-off private data from struct rpcif memory: renesas-rpc-if: Move resource acquisition to .probe() soc: mediatek: mtk-svs: Enable the IRQ later pwm: sifive: Always let the first pwm_apply_state succeed pwm: stm32-lp: fix the check on arr and cmp registers update f2fs: introduce trace_f2fs_replace_atomic_write_block f2fs: correct i_size change for atomic writes f2fs: clear atomic_write_task in f2fs_abort_atomic_write() soc: mediatek: mtk-svs: restore default voltages when svs_init02() fail soc: mediatek: mtk-svs: reset svs when svs_resume() fail soc: mediatek: mtk-svs: Use pm_runtime_resume_and_get() in svs_init01() fs: f2fs: initialize fsdata in pagecache_write() f2fs: allow set compression option of files without blocks f2fs: fix to abort atomic write only during do_exist() um: vector: Fix memory leak in vector_config ubi: ensure that VID header offset + VID header size <= alloc, size ubifs: Fix build errors as symbol undefined ubifs: Fix memory leak in ubifs_sysfs_init() ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubifs: Rectify space budget for ubifs_xrename() ubifs: Fix wrong dirty space budget for dirty inode ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Reserve one leb for each journal head while doing budget ubi: Fix use-after-free when volume resizing failed ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubifs: Fix memory leak in alloc_wbufs() ubi: Fix possible null-ptr-deref in ubi_free_volume() ubifs: Re-statistic cleaned znode count if commit failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed f2fs: fix to avoid potential memory corruption in __update_iostat_latency() soc: qcom: stats: Populate all subsystem debugfs files ext4: use ext4_fc_tl_mem in fast-commit replay path ext4: don't show commit interval if it is zero netfilter: nf_tables: allow to fetch set elements when table has an owner x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list um: virtio_uml: free command if adding to virtqueue failed um: virtio_uml: mark device as unregistered when breaking it um: virtio_uml: move device breaking into workqueue um: virt-pci: properly remove PCI device from bus f2fs: synchronize atomic write aborts watchdog: rzg2l_wdt: Issue a reset before we put the PM clocks watchdog: rzg2l_wdt: Handle TYPE-B reset for RZ/V2M watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path watchdog: Fix kmemleak in watchdog_cdev_register watchdog: pcwd_usb: Fix attempting to access uninitialized memory watchdog: sbsa_wdog: Make sure the timeout programming is within the limits netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() netfilter: conntrack: fix rmmod double-free race netfilter: ip6t_rpfilter: Fix regression with VRF interfaces netfilter: ebtables: fix table blob use-after-free netfilter: xt_length: use skb len to match in length_mt6 netfilter: ctnetlink: make event listener tracking global netfilter: x_tables: fix percpu counter block leak on error path when creating new netns ptp: vclock: use mutex to fix "sleep on atomic" bug drm/i915: move a Kconfig symbol to unbreak the menu presentation ipv6: Add lwtunnel encap size of all siblings in nexthop calculation octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet net: sunhme: Fix region request sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop octeontx2-pf: Use correct struct reference in test condition net: fix __dev_kfree_skb_any() vs drop monitor 9p/xen: fix version parsing 9p/xen: fix connection sequence 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() spi: tegra210-quad: Fix validate combined sequence mlx5: fix skb leak while fifo resync and push mlx5: fix possible ptp queue fifo use-after-free net/mlx5: ECPF, wait for VF pages only after disabling host PFs net/mlx5e: Verify flow_source cap before using it net/mlx5: Geneve, Fix handling of Geneve object id as error code ext4: fix incorrect options show of original mount_opt and extend mount_opt2 nfc: fix memory leak of se_io context in nfc_genl_se_io net/sched: transition act_pedit to rcu and percpu stats net/sched: act_pedit: fix action bind logic net/sched: act_mpls: fix action bind logic net/sched: act_sample: fix action bind logic net: dsa: seville: ignore mscc-miim read errors from Lynx PCS net: dsa: felix: fix internal MDIO controller resource length ARM: dts: spear320-hmi: correct STMPE GPIO compatible tcp: tcp_check_req() can be called from process context vc_screen: modify vcs_size() handling in vcs_read() spi: tegra210-quad: Fix iterator outside loop rtc: sun6i: Always export the internal oscillator genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() scsi: ipr: Work around fortify-string warning scsi: mpi3mr: Fix an issue found by KASAN scsi: mpi3mr: Use number of bits to manage bitmap sizes rtc: allow rtc_read_alarm without read_alarm callback io_uring: fix size calculation when registering buf ring loop: loop_set_status_from_info() check before assignment ASoC: adau7118: don't disable regulators on device unbind ASoC: apple: mca: Fix final status read on SERDES reset ASoC: apple: mca: Fix SERDES reset sequence ASoC: apple: mca: Improve handling of unavailable DMA channels nvme: bring back auto-removal of deleted namespaces during sequential scan nvme-tcp: don't access released socket during error recovery nvme-fabrics: show well known discovery name ASoC: zl38060 add gpiolib dependency ASoC: mediatek: mt8195: add missing initialization thermal: intel: quark_dts: fix error pointer dereference thermal: intel: BXT_PMIC: select REGMAP instead of depending on it tracing: Add NULL checks for buffer in ring_buffer_free_read_page() kernel/printk/index.c: fix memory leak with using debugfs_lookup() firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak IB/hfi1: Update RMT size calculation iommu/amd: Fix error handling for pdev_pri_ats_enable() PCI/ACPI: Account for _S0W of the target bridge in acpi_pci_bridge_d3() media: uvcvideo: Remove format descriptions media: uvcvideo: Handle cameras with invalid descriptors media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 media: uvcvideo: Silence memcpy() run-time false positive warnings USB: fix memory leak with using debugfs_lookup() cacheinfo: Fix shared_cpu_map to handle shared caches at different levels staging: emxx_udc: Add checks for dma_alloc_coherent() tty: fix out-of-bounds access in tty_driver_lookup_tty() tty: serial: fsl_lpuart: disable the CTS when send break signal serial: sc16is7xx: setup GPIO controller later in probe mei: bus-fixup:upon error print return values of send and receive tools/iio/iio_utils:fix memory leak bus: mhi: ep: Fix the debug message for MHI_PKT_TYPE_RESET_CHAN_CMD cmd iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() media: uvcvideo: Add GUID for BGRA/X 8:8:8:8 soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() PCI: loongson: Prevent LS7A MRRS increases staging: pi433: fix memory leak with using debugfs_lookup() USB: dwc3: fix memory leak with using debugfs_lookup() USB: chipidea: fix memory leak with using debugfs_lookup() USB: ULPI: fix memory leak with using debugfs_lookup() USB: uhci: fix memory leak with using debugfs_lookup() USB: sl811: fix memory leak with using debugfs_lookup() USB: fotg210: fix memory leak with using debugfs_lookup() USB: isp116x: fix memory leak with using debugfs_lookup() USB: isp1362: fix memory leak with using debugfs_lookup() USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math USB: ene_usb6250: Allocate enough memory for full object usb: uvc: Enumerate valid values for color matching usb: gadget: uvc: Make bSourceID read/write PCI: Align extra resources for hotplug bridges properly PCI: Take other bus devices into account when distributing resources PCI: Distribute available resources for root buses, too tty: pcn_uart: fix memory leak with using debugfs_lookup() misc: vmw_balloon: fix memory leak with using debugfs_lookup() drivers: base: component: fix memory leak with using debugfs_lookup() drivers: base: dd: fix memory leak with using debugfs_lookup() kernel/fail_function: fix memory leak with using debugfs_lookup() PCI: loongson: Add more devices that need MRRS quirk PCI: Add ACS quirk for Wangxun NICs PCI: pciehp: Add Qualcomm quirk for Command Completed erratum phy: rockchip-typec: Fix unsigned comparison with less than zero RDMA/cma: Distinguish between sockaddr_in and sockaddr_in6 by size iommu: Attach device group to old domain in error path soundwire: cadence: Remove wasted space in response_buf soundwire: cadence: Drain the RX FIFO after an IO timeout net: tls: avoid hanging tasks on the tx_lock x86/resctl: fix scheduler confusion with 'current' vDPA/ifcvf: decouple hw features manipulators from the adapter vDPA/ifcvf: decouple config space ops from the adapter vDPA/ifcvf: alloc the mgmt_dev before the adapter vDPA/ifcvf: decouple vq IRQ releasers from the adapter vDPA/ifcvf: decouple config IRQ releaser from the adapter vDPA/ifcvf: decouple vq irq requester from the adapter vDPA/ifcvf: decouple config/dev IRQ requester and vectors allocator from the adapter vDPA/ifcvf: ifcvf_request_irq works on ifcvf_hw vDPA/ifcvf: manage ifcvf_hw in the mgmt_dev vDPA/ifcvf: allocate the adapter in dev_add() drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() drm/display/dp_mst: Fix down/up message handling after sink disconnect drm/display/dp_mst: Fix down message handling after a packet reception error drm/display/dp_mst: Fix payload addition on a disconnected sink drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs drm/i915: Fix system suspend without fbdev being initialized media: uvcvideo: Fix race condition with usb_kill_urb io_uring: fix two assignments in if conditions io_uring/poll: allow some retries for poll triggering spuriously arm64: efi: Make efi_rt_lock a raw_spinlock arm64: mte: Fix/clarify the PG_mte_tagged semantics arm64: Reset KASAN tag in copy_highpage with HW tags only usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails Linux 6.1.18 Change-Id: Icb8e56528d481a17780bdd517c69efa9e76b94c0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Suren Baghdasaryan
|
ac86382170 |
ANDROID: Revert "psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files"
This reverts commit
|
||
David Disseldorp
|
587a6fda90 |
watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
[ Upstream commit 03e1d60e177eedbd302b77af4ea5e21b5a7ade31 ]
The watch_queue_set_size() allocation error paths return the ret value
set via the prior pipe_resize_ring() call, which will always be zero.
As a result, IOC_WATCH_QUEUE_SET_SIZE callers such as "keyctl watch"
fail to detect kernel wqueue->notes allocation failures and proceed to
KEYCTL_WATCH_KEY, with any notifications subsequently lost.
Fixes:
|
||
Lorenz Bauer
|
f0c8306c1a |
btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
[ Upstream commit 9b459804ff9973e173fabafba2a1319f771e85fa ]
btf_datasec_resolve contains a bug that causes the following BTF
to fail loading:
[1] DATASEC a size=2 vlen=2
type_id=4 offset=0 size=1
type_id=7 offset=1 size=1
[2] INT (anon) size=1 bits_offset=0 nr_bits=8 encoding=(none)
[3] PTR (anon) type_id=2
[4] VAR a type_id=3 linkage=0
[5] INT (anon) size=1 bits_offset=0 nr_bits=8 encoding=(none)
[6] TYPEDEF td type_id=5
[7] VAR b type_id=6 linkage=0
This error message is printed during btf_check_all_types:
[1] DATASEC a size=2 vlen=2
type_id=7 offset=1 size=1 Invalid type
By tracing btf_*_resolve we can pinpoint the problem:
btf_datasec_resolve(depth: 1, type_id: 1, mode: RESOLVE_TBD) = 0
btf_var_resolve(depth: 2, type_id: 4, mode: RESOLVE_TBD) = 0
btf_ptr_resolve(depth: 3, type_id: 3, mode: RESOLVE_PTR) = 0
btf_var_resolve(depth: 2, type_id: 4, mode: RESOLVE_PTR) = 0
btf_datasec_resolve(depth: 1, type_id: 1, mode: RESOLVE_PTR) = -22
The last invocation of btf_datasec_resolve should invoke btf_var_resolve
by means of env_stack_push, instead it returns EINVAL. The reason is that
env_stack_push is never executed for the second VAR.
if (!env_type_is_resolve_sink(env, var_type) &&
!env_type_is_resolved(env, var_type_id)) {
env_stack_set_next_member(env, i + 1);
return env_stack_push(env, var_type, var_type_id);
}
env_type_is_resolve_sink() changes its behaviour based on resolve_mode.
For RESOLVE_PTR, we can simplify the if condition to the following:
(btf_type_is_modifier() || btf_type_is_ptr) && !env_type_is_resolved()
Since we're dealing with a VAR the clause evaluates to false. This is
not sufficient to trigger the bug however. The log output and EINVAL
are only generated if btf_type_id_size() fails.
if (!btf_type_id_size(btf, &type_id, &type_size)) {
btf_verifier_log_vsi(env, v->t, vsi, "Invalid type");
return -EINVAL;
}
Most types are sized, so for example a VAR referring to an INT is not a
problem. The bug is only triggered if a VAR points at a modifier. Since
we skipped btf_var_resolve that modifier was also never resolved, which
means that btf_resolved_type_id returns 0 aka VOID for the modifier.
This in turn causes btf_type_id_size to return NULL, triggering EINVAL.
To summarise, the following conditions are necessary:
- VAR pointing at PTR, STRUCT, UNION or ARRAY
- Followed by a VAR pointing at TYPEDEF, VOLATILE, CONST, RESTRICT or
TYPE_TAG
The fix is to reset resolve_mode to RESOLVE_TBD before attempting to
resolve a VAR from a DATASEC.
Fixes:
|
||
Tobias Klauser
|
120f7a9287 |
fork: allow CLONE_NEWTIME in clone3 flags
commit a402f1e35313fc7ce2ca60f543c4402c2c7c3544 upstream. Currently, calling clone3() with CLONE_NEWTIME in clone_args->flags fails with -EINVAL. This is because CLONE_NEWTIME intersects with CSIGNAL. However, CSIGNAL was deprecated when clone3 was introduced in commit |
||
|
Greg Kroah-Hartman
|
9154eb052f |
Revert "Revert "sched/psi: Stop relying on timer_pending() for poll_work rescheduling""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
5b483d8a04 |
Merge changes I95ce33fb,I03723a9f,I4b1cf7f1,I6e17c9b3,I446172f8, ... into android14-6.1
* changes: Merge 6.1.17 into android14-6.1 ANDROID: update abi definition due to io_uring changes. UPSTREAM: Revert "blk-cgroup: dropping parent refcount after pd_free_fn() is done" UPSTREAM: Revert "blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()" Revert "kobject: modify kobject_get_path() to take a const *" Revert "wait: Return number of exclusive waiters awaken" Revert "sbitmap: Use single per-bitmap counting to wake up queued tags" Revert "sbitmap: correct wake_batch recalculation to avoid potential IO hung" Revert "sbitmap: Advance the queue index before waking up a queue" Revert "sbitmap: Try each queue to wake up at least one waiter" Revert "HID: retain initial quirks set up when creating HID devices" Merge 6.1.16 into android14-6.1 |
||
Sangmoon Kim
|
c5ea4db533 |
ANDROID: power: add vendor hooks for try_to_freeze fail
Add hooks to gather data of unfrozen tasks and summarize it with other information. Bug: 273189923 Signed-off-by: Sangmoon Kim <sangmoon.kim@samsung.com> Change-Id: I61da3d253bd9959c6f06e09c9a35c4b242cedafe (cherry picked from commit 2232e3fc85534a176e7f8bdfe8c56820d10dc111) |
||
|
Sangmoon Kim
|
8635a09118 |
ANDROID: softlockup: add vendor hook for a softlockup task
Add hook to gather data of softlockup and summarize it with other information. Bug: 273189923 Signed-off-by: Sangmoon Kim <sangmoon.kim@samsung.com> Change-Id: I5263bbd573c3fa4b4c981ac26c943721ce09506d (cherry picked from commit 5cc613a916fdd4285ba5118a0d3063a32c31fbcb) |
||
|
Greg Kroah-Hartman
|
2b47e2bee0 |
Revert "wait: Return number of exclusive waiters awaken"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
2cb73a87e4 |
Merge 6.1.16 into android14-6.1
Changes in 6.1.16
HID: asus: use spinlock to protect concurrent accesses
HID: asus: use spinlock to safely schedule workers
powerpc/mm: Rearrange if-else block to avoid clang warning
ata: ahci: Revert "ata: ahci: Add Tiger Lake UP{3,4} AHCI controller"
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
arm64: dts: qcom: qcs404: use symbol names for PCIe resets
arm64: dts: qcom: msm8996-tone: Fix USB taking 6 minutes to wake up
arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k
arm64: dts: qcom: sm6350: Fix up the ramoops node
arm64: dts: qcom: sm6125: Reorder HSUSB PHY clocks to match bindings
arm64: dts: qcom: sm6125-seine: Clean up gpio-keys (volume down)
arm64: dts: imx8m: Align SoC unique ID node unit address
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
arm64: dts: mediatek: mt8195: Add power domain to U3PHY1 T-PHY
arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8192: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8195: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8186: Fix systimer 13 MHz clock description
arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC
arm64: dts: qcom: sc7180: correct SPMI bus address cells
arm64: dts: qcom: sc7280: correct SPMI bus address cells
arm64: dts: qcom: sc8280xp: correct SPMI bus address cells
arm64: dts: qcom: sc8280xp: Vote for CX in USB controllers
arm64: dts: meson-gxl: jethub-j80: Fix WiFi MAC address node
arm64: dts: meson-gxl: jethub-j80: Fix Bluetooth MAC node name
arm64: dts: meson-axg: jethub-j1xx: Fix MAC address node names
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*
arm64: dts: ti: k3-am62: Enable SPI nodes at the board level
arm64: dts: ti: k3-am62-main: Fix clocks for McSPI
arm64: tegra: Fix duplicate regulator on Jetson TX1
arm64: dts: msm8992-bullhead: add memory hole region
arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem size
arm64: dts: qcom: msm8992-bullhead: Disable dfps_data_mem
arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: mediatek: mt8192: Mark scp_adsp clock as broken
ARM: bcm2835_defconfig: Enable the framebuffer
ARM: s3c: fix s3c64xx_set_timer_source prototype
arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: imx: Call ida_simple_remove() for ida_simple_get
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix supply name of USB controller node
arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gxl-s905w-jethome-jethub-j80: fix invalid rtc node name
arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix invalid rtc node name
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names
arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip
locking/rwsem: Disable preemption in all down_read*() and up_read() code paths
arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
arm64: dts: meson: radxa-zero: allow usb otg mode
arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
ublk_drv: remove nr_aborted_queues from ublk_device
ublk_drv: don't probe partitions if the ubq daemon isn't trusted
ARM: dts: imx7s: correct iomuxc gpr mux controller cells
sbitmap: remove redundant check in __sbitmap_queue_get_batch
sbitmap: Use single per-bitmap counting to wake up queued tags
sbitmap: correct wake_batch recalculation to avoid potential IO hung
arm64: dts: mt8195: Fix CPU map for single-cluster SoC
arm64: dts: mt8192: Fix CPU map for single-cluster SoC
arm64: dts: mt8186: Fix CPU map for single-cluster SoC
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
arm64: dts: mediatek: mt8186: Fix watchdog compatible
arm64: dts: mediatek: mt8195: Fix watchdog compatible
arm64: dts: mediatek: mt7986: Fix watchdog compatible
ARM: dts: stm32: Update part number NVMEM description on stm32mp131
blk-mq: avoid sleep in blk_mq_alloc_request_hctx
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
blk-mq: Fix potential io hung for shared sbitmap per tagset
blk-mq: correct stale comment of .get_budget
arm64: dts: qcom: msm8996: support using GPLL0 as kryocc input
arm64: dts: qcom: msm8996 switch from RPM_SMD_BB_CLK1 to RPM_SMD_XO_CLK_SRC
arm64: dts: qcom: sm8350: drop incorrect cells from serial
arm64: dts: qcom: sm8450: drop incorrect cells from serial
arm64: dts: qcom: msm8992-lg-bullhead: Correct memory overlaps with the SMEM and MPSS memory regions
arm64: dts: qcom: msm8953: correct TLMM gpio-ranges
arm64: dts: qcom: msm8992-*: Fix up comments
arm64: dts: qcom: msm8992-lg-bullhead: Enable regulators
s390/dasd: Fix potential memleak in dasd_eckd_init()
sched/rt: pick_next_rt_entity(): check list_entry
perf/x86/intel/ds: Fix the conversion from TSC to perf time
x86/perf/zhaoxin: Add stepping check for ZXC
KEYS: asymmetric: Fix ECDSA use via keyctl uapi
block: ublk: check IO buffer based on flag need_get_data
arm64: dts: qcom: pmk8350: Specify PBS register for PON
arm64: dts: qcom: pmk8350: Use the correct PON compatible
erofs: relinquish volume with mutex held
block: sync mixed merged request's failfast with 1st bio's
block: Fix io statistics for cgroup in throttle path
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
block: use proper return value from bio_failfast()
wifi: mt76: mt7915: add missing of_node_put()
wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
wifi: mt76: mt7915: check return value before accessing free_block_num
wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr()
wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read()
wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()
wifi: rsi: Fix memory leak in rsi_coex_attach()
wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: rtw89: 8852c: rfk: correct DACK setting
wifi: rtw89: 8852c: rfk: correct DPK settings
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
libbpf: Fix btf__align_of() by taking into account field offsets
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
libbpf: Fix invalid return address register in s390
crypto: x86/ghash - fix unaligned access in ghash_setkey()
ACPICA: Drop port I/O validation for some regions
genirq: Fix the return type of kstat_cpu_irqs_sum()
rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
lib/mpi: Fix buffer overrun when SG is too long
crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
platform/chrome: cros_ec_typec: Update port DP VDO
ACPICA: nsrepair: handle cases without a return value correctly
selftests/xsk: print correct payload for packet dump
selftests/xsk: print correct error codes when exiting
arm64/cpufeature: Fix field sign for DIT hwcap detection
kselftest/arm64: Fix syscall-abi for systems without 128 bit SME
workqueue: Protects wq_unbound_cpumask with wq_pool_attach_mutex
s390/early: fix sclp_early_sccb variable lifetime
s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue()
x86/signal: Fix the value returned by strict_sas_size()
thermal/drivers/tsens: Drop msm8976-specific defines
thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
thermal/drivers/tsens: fix slope values for msm8939
thermal/drivers/tsens: limit num_sensors to 9 for msm8939
wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()
wifi: rtw89: Add missing check for alloc_workqueue
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
wifi: orinoco: check return value of hermes_write_wordrec()
thermal/drivers/imx_sc_thermal: Drop empty platform remove function
thermal/drivers/imx_sc_thermal: Fix the loop condition
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
ACPI: battery: Fix missing NUL-termination with large strings
selftests/bpf: Fix build errors if CONFIG_NF_CONNTRACK=m
crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
crypto: essiv - Handle EBUSY correctly
crypto: seqiv - Handle EBUSY correctly
powercap: fix possible name leak in powercap_register_zone()
x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
x86/microcode: Check CPU capabilities after late microcode update correctly
x86/microcode: Adjust late loading result reporting message
selftests/bpf: Use consistent build-id type for liburandom_read.so
selftests/bpf: Fix vmtest static compilation error
crypto: xts - Handle EBUSY correctly
leds: led-class: Add missing put_device() to led_put()
s390/bpf: Add expoline to tail calls
wifi: iwlwifi: mei: fix compilation errors in rfkill()
kselftest/arm64: Fix enumeration of systems without 128 bit SME
can: rcar_canfd: Fix R-Car V3U GAFLCFG field accesses
selftests/bpf: Initialize tc in xdp_synproxy
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
bpftool: profile online CPUs instead of possible
wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work
wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
wifi: mt76: mt7915: fix WED TxS reporting
wifi: mt76: add memory barrier to SDIO queue kick
wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read
net/mlx5: Enhance debug print in page allocation failure
irqchip: Fix refcount leak in platform_irqchip_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
s390/mem_detect: fix detect_memory() error handling
s390/vmem: fix empty page tables cleanup under KASAN
s390/boot: cleanup decompressor header files
s390/mem_detect: rely on diag260() if sclp_early_get_memsize() fails
s390/boot: fix mem_detect extended area allocation
net: add sock_init_data_uid()
tun: tun_chr_open(): correctly initialize socket uid
tap: tap_open(): correctly initialize socket uid
OPP: fix error checking in opp_migrate_dentry()
cpufreq: davinci: Fix clk use after free
Bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds
Bluetooth: L2CAP: Fix potential user-after-free
Bluetooth: hci_qca: get wakeup status from serdev device handle
net: ipa: generic command param fix
s390: vfio-ap: tighten the NIB validity check
s390/ap: fix status returned by ap_aqic()
s390/ap: fix status returned by ap_qact()
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
xen/grant-dma-iommu: Implement a dummy probe_device() callback
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
crypto: rsa-pkcs1pad - Use akcipher_request_complete
m68k: /proc/hardware should depend on PROC_FS
RISC-V: time: initialize hrtimer based broadcast clock event device
clocksource/drivers/riscv: Patch riscv_clock_next_event() jump before first use
wifi: iwl3945: Add missing check for create_singlethread_workqueue
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
selftests/bpf: Fix out-of-srctree build
ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models
ACPI: resource: Do IRQ override on all TongFang GMxRGxx
crypto: octeontx2 - Fix objects shared between several modules
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mac80211: move color collision detection report in a delayed work
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
wifi: mac80211: fix non-MLO station association
wifi: mac80211: Don't translate MLD addresses for multicast
wifi: mac80211: avoid u32_encode_bits() warning
wifi: mac80211: fix off-by-one link setting
tools/lib/thermal: Fix thermal_sampling_exit()
thermal/drivers/hisi: Drop second sensor hi3660
selftests/bpf: Fix map_kptr test.
wifi: mac80211: pass 'sta' to ieee80211_rx_data_set_sta()
bpf: Zeroing allocated object from slab in bpf memory allocator
selftests/bpf: Fix xdp_do_redirect on s390x
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
can: esd_usb: Make use of can_change_state() and relocate checking skb for NULL
xsk: check IFF_UP earlier in Tx path
LoongArch, bpf: Use 4 instructions for function address in JIT
bpf: Fix global subprog context argument resolution logic
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
net/smc: fix application data exception
selftests/net: Interpret UDP_GRO cmsg data as an int value
l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
net: bcmgenet: fix MoCA LED control
net: lan966x: Fix possible deadlock inside PTP
net/mlx4_en: Introduce flexible array to silence overflow warning
selftest: fib_tests: Always cleanup before exit
sefltests: netdevsim: wait for devlink instance after netns removal
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec
drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm/vkms: Fix memory leak in vkms_init()
drm/vkms: Fix null-ptr-deref in vkms_release()
drm/vc4: dpi: Fix format mapping for RGB565
drm: tidss: Fix pixel format definition
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/vc4: drop all currently held locks if deadlock happens
hwmon: (ftsteutates) Fix scaling of measurements
drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init()
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
drm/vc4: hvs: Set AXI panic modes
drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4
drm/vc4: hvs: Correct interrupt masking bit assignment for HVS5
drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
drm/vc4: hdmi: Correct interlaced timings again
drm/msm: clean event_thread->worker in case of an error
drm/panel-edp: fix name for IVO product id 854b
scsi: qla2xxx: Fix exchange oversubscription
scsi: qla2xxx: Fix exchange oversubscription for management commands
scsi: qla2xxx: edif: Fix clang warning
ASoC: fsl_sai: initialize is_dsp_mode flag
drm/bridge: tc358767: Set default CLRSIPO count
drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
ALSA: hda/ca0132: minor fix for allocation size
drm/amdgpu: Use the sched from entity for amdgpu_cs trace
drm/msm/gem: Add check for kmalloc
drm/msm/dpu: Disallow unallocated resources to be returned
drm/bridge: lt9611: fix sleep mode setup
drm/bridge: lt9611: fix HPD reenablement
drm/bridge: lt9611: fix polarity programming
drm/bridge: lt9611: fix programming of video modes
drm/bridge: lt9611: fix clock calculation
drm/bridge: lt9611: pass a pointer to the of node
regulator: tps65219: use IS_ERR() to detect an error pointer
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags
drm/msm/dsi: Allow 2 CTRLs on v2.5.0
scsi: ufs: exynos: Fix DMA alignment for PAGE_SIZE != 4096
drm/msm/dpu: sc7180: add missing WB2 clock control
drm/msm: use strscpy instead of strncpy
drm/msm/dpu: Add check for cstate
drm/msm/dpu: Add check for pstates
drm/msm/mdp5: Add check for kzalloc
habanalabs: bugs fixes in timestamps buff alloc
pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
pinctrl: mediatek: Initialize variable pullen and pullup to zero
pinctrl: mediatek: Initialize variable *buf to zero
gpu: host1x: Fix mask for syncpoint increment register
gpu: host1x: Don't skip assigning syncpoints to channels
drm/tegra: firewall: Check for is_addr_reg existence in IMM check
pinctrl: renesas: rzg2l: Fix configuring the GPIO pins as interrupts
drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update()
drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
drm/mediatek: Use NULL instead of 0 for NULL pointer
drm/mediatek: Drop unbalanced obj unref
drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
drm/mediatek: Clean dangling pointer on bind error path
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
dt-bindings: display: mediatek: Fix the fallback for mediatek,mt8186-disp-ccorr
gpio: vf610: connect GPIO label to dev name
ASoC: topology: Properly access value coming from topology file
spi: dw_bt1: fix MUX_MMIO dependencies
ASoC: mchp-spdifrx: fix controls which rely on rsr register
ASoC: mchp-spdifrx: fix return value in case completion times out
ASoC: mchp-spdifrx: fix controls that works with completion mechanism
ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
dm: improve shrinker debug names
regmap: apply reg_base and reg_downshift for single register ops
ASoC: rsnd: fixup #endif position
ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
ASoC: dt-bindings: meson: fix gx-card codec node regex
regulator: tps65219: use generic set_bypass()
hwmon: (asus-ec-sensors) add missing mutex path
hwmon: (ltc2945) Handle error case in ltc2945_value_store
ALSA: hda: Fix the control element identification for multiple codecs
drm/amdgpu: fix enum odm_combine_mode mismatch
scsi: mpt3sas: Fix a memory leak
scsi: aic94xx: Add missing check for dma_map_single()
HID: multitouch: Add quirks for flipped axes
HID: retain initial quirks set up when creating HID devices
ASoC: qcom: q6apm-lpass-dai: unprepare stream if its already prepared
ASoC: qcom: q6apm-dai: fix race condition while updating the position pointer
ASoC: qcom: q6apm-dai: Add SNDRV_PCM_INFO_BATCH flag
ASoC: codecs: lpass: register mclk after runtime pm
ASoC: codecs: lpass: fix incorrect mclk rate
drm/amd/display: don't call dc_interrupt_set() for disabled crtcs
HID: logitech-hidpp: Hard-code HID++ 1.0 fast scroll support
spi: bcm63xx-hsspi: Fix multi-bit mode setting
hwmon: (mlxreg-fan) Return zero speed for broken fan
ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
dm: remove flush_scheduled_work() during local_exit()
nfs4trace: fix state manager flag printing
NFS: fix disabling of swap
spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
HID: bigben: use spinlock to protect concurrent accesses
HID: bigben_worker() remove unneeded check on report_field
HID: bigben: use spinlock to safely schedule workers
hid: bigben_probe(): validate report count
ALSA: hda/hdmi: Register with vga_switcheroo on Dual GPU Macbooks
drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()
NFSD: enhance inter-server copy cleanup
NFSD: fix leaked reference count of nfsd4_ssc_umount_item
nfsd: fix race to check ls_layouts
nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
NFSD: fix problems with cleanup on errors in nfsd4_copy
nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
nfsd: don't fsync nfsd_files on last close
NFSD: copy the whole verifier in nfsd_copy_write_verifier
cifs: Fix lost destroy smbd connection when MR allocate failed
cifs: Fix warning and UAF when destroy the MR list
cifs: use tcon allocation functions even for dummy tcon
gfs2: jdata writepage fix
perf llvm: Fix inadvertent file creation
leds: led-core: Fix refcount leak in of_led_get()
leds: is31fl319x: Wrap mutex_destroy() for devm_add_action_or_rest()
leds: simatic-ipc-leds-gpio: Make sure we have the GPIO providing driver
tools/tracing/rtla: osnoise_hist: use total duration for average calculation
perf inject: Use perf_data__read() for auxtrace
perf intel-pt: Do not try to queue auxtrace data on pipe
perf test bpf: Skip test if kernel-debuginfo is not present
perf tools: Fix auto-complete on aarch64
sparc: allow PM configs for sparc32 COMPILE_TEST
selftests: find echo binary to use -ne options
selftests/ftrace: Fix bash specific "==" operator
selftests: use printf instead of echo -ne
perf record: Fix segfault with --overwrite and --max-size
printf: fix errname.c list
perf tests stat_all_metrics: Change true workload to sleep workload for system wide check
objtool: add UACCESS exceptions for __tsan_volatile_read/write
mfd: cs5535: Don't build on UML
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
RDMA/erdma: Fix refcount leak in erdma_mmap
dmaengine: HISI_DMA should depend on ARCH_HISI
RDMA/hns: Fix refcount leak in hns_roce_mmap
iio: light: tsl2563: Do not hardcode interrupt trigger type
usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe()
i2c: designware: fix i2c_dw_clk_rate() return size to be u32
soundwire: cadence: Don't overflow the command FIFOs
driver core: fix potential null-ptr-deref in device_add()
kobject: modify kobject_get_path() to take a const *
kobject: Fix slab-out-of-bounds in fill_kobj_path()
alpha/boot/tools/objstrip: fix the check for ELF header
media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
media: uvcvideo: Implement mask for V4L2_CTRL_TYPE_MENU
media: uvcvideo: Refactor uvc_ctrl_mappings_uvcXX
media: uvcvideo: Refactor power_line_frequency_controls_limited
coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR
coresight: cti: Prevent negative values of enable count
coresight: cti: Add PM runtime call in enable_store
usb: typec: intel_pmc_mux: Don't leak the ACPI device reference count
PCI/IOV: Enlarge virtfn sysfs name buffer
PCI: switchtec: Return -EFAULT for copy_to_user() errors
PCI: endpoint: pci-epf-vntb: Clean up kernel_doc warning
PCI: endpoint: pci-epf-vntb: Add epf_ntb_mw_bar_clear() num_mws kernel-doc
hwtracing: hisi_ptt: Only add the supported devices to the filters list
tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown()
tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown()
serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init()
Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol"
eeprom: idt_89hpesx: Fix error handling in idt_init()
applicom: Fix PCI device refcount leak in applicom_init()
firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe()
firmware: stratix10-svc: fix error handle while alloc/add device failed
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
mei: pxp: Use correct macros to initialize uuid_le
misc/mei/hdcp: Use correct macros to initialize uuid_le
misc: fastrpc: Fix an error handling path in fastrpc_rpmsg_probe()
driver core: fix resource leak in device_add()
driver core: location: Free struct acpi_pld_info *pld before return false
drivers: base: transport_class: fix possible memory leak
drivers: base: transport_class: fix resource leak when transport_add_device() fails
firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
fotg210-udc: Add missing completion handler
dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers
fpga: microchip-spi: move SPI I/O buffers out of stack
fpga: microchip-spi: rewrite status polling in a time measurable way
usb: early: xhci-dbc: Fix a potential out-of-bound memory access
tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case
RDMA/cxgb4: add null-ptr-check after ip_dev_find()
usb: musb: mediatek: don't unregister something that wasn't registered
usb: gadget: configfs: Restrict symlink creation is UDC already binded
phy: mediatek: remove temporary variable @mask_
PCI: mt7621: Delay phy ports initialization
iommu: dart: Add suspend/resume support
iommu: dart: Support >64 stream IDs
iommu/dart: Fix apple_dart_device_group for PCI groups
iommu/vt-d: Set No Execute Enable bit in PASID table entry
power: supply: remove faulty cooling logic
RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()
usb: max-3421: Fix setting of I/O pins
RDMA/irdma: Cap MSIX used to online CPUs + 1
serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
tty: serial: imx: Handle RS485 DE signal active high
tty: serial: imx: disable Ageing Timer interrupt request irq
driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links
driver core: fw_devlink: Don't purge child fwnode's consumer links
driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle
driver core: fw_devlink: Consolidate device link flag computation
driver core: fw_devlink: Improve check for fwnode with no device/driver
driver core: fw_devlink: Make cycle detection more robust
mtd: mtdpart: Don't create platform device that'll never probe
usb: host: fsl-mph-dr-of: reuse device_set_of_node_from_dev
dmaengine: dw-edma: Fix readq_ch() return value truncation
PCI: Fix dropping valid root bus resources with .end = zero
phy: rockchip-typec: fix tcphy_get_mode error case
PCI: qcom: Fix host-init error handling
iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()
iommu: Fix error unwind in iommu_group_alloc()
iommu/amd: Do not identity map v2 capable device when snp is enabled
dmaengine: sf-pdma: pdma_desc memory leak fix
dmaengine: dw-axi-dmac: Do not dereference NULL structure
dmaengine: ptdma: check for null desc before calling pt_cmd_callback
iommu/vt-d: Fix error handling in sva enable/disable paths
iommu/vt-d: Allow to use flush-queue when first level is default
RDMA/rxe: cleanup some error handling in rxe_verbs.c
RDMA/rxe: Fix missing memory barriers in rxe_queue.h
IB/hfi1: Fix math bugs in hfi1_can_pin_pages()
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
Revert "remoteproc: qcom_q6v5_mss: map/unmap metadata region before/after use"
remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
media: ti: cal: fix possible memory leak in cal_ctx_create()
media: platform: ti: Add missing check for devm_regulator_get
media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init()
powerpc: Remove linker flag from KBUILD_AFLAGS
s390/vdso: Drop '-shared' from KBUILD_CFLAGS_64
builddeb: clean generated package content
media: max9286: Fix memleak in max9286_v4l2_register()
media: ov2740: Fix memleak in ov2740_init_controls()
media: ov5675: Fix memleak in ov5675_init_controls()
media: ov5640: Fix soft reset sequence and timings
media: ov5640: Handle delays when no reset_gpio set
media: mc: Get media_device directly from pad
media: i2c: ov772x: Fix memleak in ov772x_probe()
media: i2c: imx219: Split common registers from mode tables
media: i2c: imx219: Fix binning for RAW8 capture
media: platform: mtk-mdp3: Fix return value check in mdp_probe()
media: camss: csiphy-3ph: avoid undefined behavior
media: platform: mtk-mdp3: remove unused VIDEO_MEDIATEK_VPU config
media: platform: mtk-mdp3: fix Kconfig dependencies
media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data
media: v4l2-jpeg: ignore the unknown APP14 marker
media: hantro: Fix JPEG encoder ENUM_FRMSIZE on RK3399
media: imx-jpeg: Apply clk_bulk api instead of operating specific clk
media: amphion: correct the unspecified color space
media: drivers/media/v4l2-core/v4l2-h264 : add detection of null pointers
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: atomisp: Only set default_run_mode on first open of a stream/asd
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: saa7134: Use video_unregister_device for radio_dev
rpmsg: glink: Avoid infinite loop on intent for missing channel
rpmsg: glink: Release driver_override
ARM: OMAP2+: omap4-common: Fix refcount leak bug
arm64: dts: qcom: msm8996: Add additional A2NoC clocks
udf: Define EFSCORRUPTED error code
context_tracking: Fix noinstr vs KASAN
exit: Detect and fix irq disabled state in oops
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected
blk-iocost: fix divide by 0 error in calc_lcoefs()
blk-cgroup: dropping parent refcount after pd_free_fn() is done
blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()
trace/blktrace: fix memory leak with using debugfs_lookup()
btrfs: scrub: improve tree block error reporting
arm64: zynqmp: Enable hs termination flag for USB dwc3 controller
cpuidle, intel_idle: Fix CPUIDLE_FLAG_INIT_XSTATE
x86/fpu: Don't set TIF_NEED_FPU_LOAD for PF_IO_WORKER threads
cpuidle: drivers: firmware: psci: Dont instrument suspend code
cpuidle: lib/bug: Disable rcu_is_watching() during WARN/BUG
perf/x86/intel/uncore: Add Meteor Lake support
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
wifi: ath11k: fix monitor mode bringup crash
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
rcu-tasks: Handle queue-shrink/callback-enqueue race condition
wifi: ath11k: debugfs: fix to work with multiple PCI devices
thermal: intel: Fix unsigned comparison with less than zero
timers: Prevent union confusion from unexpected restart_syscall()
x86/bugs: Reset speculation control settings on init
bpftool: Always disable stack protection for BPF objects
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
wifi: mt7601u: fix an integer underflow
inet: fix fast path in __inet_hash_connect()
ice: restrict PTP HW clock freq adjustments to 100, 000, 000 PPB
ice: add missing checks for PF vsi type
ACPI: Don't build ACPICA with '-Os'
bpf, docs: Fix modulo zero, division by zero, overflow, and underflow
thermal: intel: intel_pch: Add support for Wellsburg PCH
clocksource: Suspend the watchdog temporarily when high read latency detected
crypto: hisilicon: Wipe entire pool on error
net: bcmgenet: Add a check for oversized packets
m68k: Check syscall_trace_enter() return code
s390/mm,ptdump: avoid Kasan vs Memcpy Real markers swapping
netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj()
can: isotp: check CAN address family in isotp_bind()
gcc-plugins: drop -std=gnu++11 to fix GCC 13 build
tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
net/mlx5: fw_tracer: Fix debug print
coda: Avoid partial allocation of sig_inputArgs
uaccess: Add minimum bounds check on kernel buffer size
s390/idle: mark arch_cpu_idle() noinstr
time/debug: Fix memory leak with using debugfs_lookup()
PM: domains: fix memory leak with using debugfs_lookup()
PM: EM: fix memory leak with using debugfs_lookup()
Bluetooth: Fix issue with Actions Semi ATS2851 based devices
Bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
wifi: rtw89: debug: avoid invalid access on RTW89_DBG_SEL_MAC_30
hv_netvsc: Check status in SEND_RNDIS_PKT completion message
s390/kfence: fix page fault reporting
devlink: Fix TP_STRUCT_entry in trace of devlink health report
scm: add user copy checks to put_cmsg()
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F
drm: panel-orientation-quirks: Add quirk for DynaBook K50
drm/amd/display: Reduce expected sdp bandwidth for dcn321
drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write
drm/amd/display: Fix potential null-deref in dm_resume
drm/omap: dsi: Fix excessive stack usage
HID: Add Mapping for System Microphone Mute
drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
drm/amd/display: Defer DIG FIFO disable after VID stream enable
drm/radeon: free iio for atombios when driver shutdown
drm/amd: Avoid BUG() for case of SRIOV missing IP version
drm/amdkfd: Page aligned memory reserve size
scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write
Revert "fbcon: don't lose the console font across generic->chip driver switch"
drm/amd: Avoid ASSERT for some message failures
drm: amd: display: Fix memory leakage
drm/amd/display: fix mapping to non-allocated address
HID: uclogic: Add frame type quirk
HID: uclogic: Add battery quirk
HID: uclogic: Add support for XP-PEN Deco Pro SW
HID: uclogic: Add support for XP-PEN Deco Pro MW
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
drm: rcar-du: Add quirk for H3 ES1.x pclk workaround
drm: rcar-du: Fix setting a reserved bit in DPLLCR
drm/drm_print: correct format problem
drm/amd/display: Set hvm_enabled flag for S/G mode
habanalabs: extend fatal messages to contain PCI info
habanalabs: fix bug in timestamps registration code
docs/scripts/gdb: add necessary make scripts_gdb step
drm/msm/dpu: Add DSC hardware blocks to register snapshot
ASoC: soc-compress: Reposition and add pcm_mutex
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
regulator: max77802: Bounds check regulator id against opmode
regulator: s5m8767: Bounds check id indexing into arrays
Revert "drm/amdgpu: TA unload messages are not actually sent to psp when amdgpu is uninstalled"
drm/amd/display: fix FCLK pstate change underflow
gfs2: Improve gfs2_make_fs_rw error handling
hwmon: (coretemp) Simplify platform device handling
hwmon: (nct6775) Directly call ASUS ACPI WMI method
hwmon: (nct6775) B650/B660/X670 ASUS boards support
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
drm/amd/display: Do not commit pipe when updating DRR
scsi: snic: Fix memory leak with using debugfs_lookup()
scsi: ufs: core: Fix device management cmd timeout flow
HID: logitech-hidpp: Don't restart communication if not necessary
drm/amd/display: Enable P-state validation checks for DCN314
drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
drm/amd/display: Disable HUBP/DPP PG on DCN314 for now
dm thin: add cond_resched() to various workqueue loops
dm cache: add cond_resched() to various workqueue loops
nfsd: zero out pointers after putting nfsd_files on COPY setup error
nfsd: don't hand out delegation on setuid files being opened for write
cifs: prevent data race in smb2_reconnect()
drm/shmem-helper: Revert accidental non-GPL export
driver core: fw_devlink: Avoid spurious error message
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
block: don't allow multiple bios for IOCB_NOWAIT issue
block: clear bio->bi_bdev when putting a bio back in the cache
block: be a bit more careful in checking for NULL bdev while polling
rtc: pm8xxx: fix set-alarm race
ipmi: ipmb: Fix the MODULE_PARM_DESC associated to 'retry_time_ms'
ipmi:ssif: resend_msg() cannot fail
ipmi_ssif: Rename idle state and check
io_uring: Replace 0-length array with flexible array
io_uring: use user visible tail in io_uring_poll()
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
io_uring: add reschedule point to handle_tw_list()
io_uring/rsrc: disallow multi-source reg buffers
io_uring: remove MSG_NOSIGNAL from recvmsg
io_uring: fix fget leak when fs don't support nowait buffered read
s390/extmem: return correct segment type in __segment_load()
s390: discard .interp section
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
KVM: s390: disable migration mode when dirty tracking is disabled
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
cifs: Fix uninitialized memory reads for oparms.mode
cifs: fix mount on old smb servers
cifs: introduce cifs_io_parms in smb2_async_writev()
cifs: split out smb3_use_rdma_offload() helper
cifs: don't try to use rdma offload on encrypted connections
cifs: Check the lease context if we actually got a lease
cifs: return a single-use cfid if we did not get a lease
scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi
btrfs: hold block group refcount during async discard
locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath
ksmbd: fix wrong data area length for smb2 lock request
ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length
ksmbd: fix possible memory leak in smb2_lock()
torture: Fix hang during kthread shutdown phase
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
io_uring: mark task TASK_RUNNING before handling resume/task work
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
fs: hfsplus: fix UAF issue in hfsplus_put_super
exfat: fix reporting fs error when reading dir beyond EOF
exfat: fix unexpected EOF while reading dir
exfat: redefine DIR_DELETED as the bad cluster number
exfat: fix inode->i_blocks for non-512 byte sector size device
fs: dlm: don't set stop rx flag after node reset
fs: dlm: move sending fin message into state change handling
fs: dlm: send FIN ack back in right cases
f2fs: fix information leak in f2fs_move_inline_dirents()
f2fs: retry to update the inode page given data corruption
f2fs: fix cgroup writeback accounting with fs-layer encryption
f2fs: fix kernel crash due to null io->bio
ocfs2: fix defrag path triggering jbd2 ASSERT
ocfs2: fix non-auto defrag path not working issue
fs/cramfs/inode.c: initialize file_ra_state
selftests/landlock: Skip overlayfs tests when not supported
selftests/landlock: Test ptrace as much as possible with Yama
udf: Truncate added extents on failed expansion
udf: Do not bother merging very long extents
udf: Do not update file length for failed writes to inline files
udf: Preserve link count of system files
udf: Detect system inodes linked into directory hierarchy
udf: Fix file corruption when appending just after end of preallocated extent
md: don't update recovery_cp when curr_resync is ACTIVE
RDMA/siw: Fix user page pinning accounting
KVM: Destroy target device if coalesced MMIO unregistration fails
KVM: VMX: Fix crash due to uninitialized current_vmcs
KVM: Register /dev/kvm as the _very_ last thing during initialization
KVM: x86: Purge "highest ISR" cache when updating APICv state
KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps
KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled
KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
KVM: SVM: Flush the "current" TLB when activating AVIC
KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target
KVM: SVM: Don't put/load AVIC when setting virtual APIC mode
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
KVM: SVM: Fix potential overflow in SEV's send|receive_update_data()
KVM: SVM: hyper-v: placate modpost section mismatch error
selftests: x86: Fix incorrect kernel headers search path
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/AMD: Fix mixed steppings support
x86/speculation: Allow enabling STIBP with legacy IBRS
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
virt/sev-guest: Return -EIO if certificate buffer is not large enough
brd: mark as nowait compatible
brd: return 0/-error from brd_insert_page()
brd: check for REQ_NOWAIT and set correct page allocation mask
ima: fix error handling logic when file measurement failed
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
selftests/powerpc: Fix incorrect kernel headers search path
selftests/ftrace: Fix eprobe syntax test case to check filter support
selftests: sched: Fix incorrect kernel headers search path
selftests: core: Fix incorrect kernel headers search path
selftests: pid_namespace: Fix incorrect kernel headers search path
selftests: arm64: Fix incorrect kernel headers search path
selftests: clone3: Fix incorrect kernel headers search path
selftests: pidfd: Fix incorrect kernel headers search path
selftests: membarrier: Fix incorrect kernel headers search path
selftests: kcmp: Fix incorrect kernel headers search path
selftests: media_tests: Fix incorrect kernel headers search path
selftests: gpio: Fix incorrect kernel headers search path
selftests: filesystems: Fix incorrect kernel headers search path
selftests: user_events: Fix incorrect kernel headers search path
selftests: ptp: Fix incorrect kernel headers search path
selftests: sync: Fix incorrect kernel headers search path
selftests: rseq: Fix incorrect kernel headers search path
selftests: move_mount_set_group: Fix incorrect kernel headers search path
selftests: mount_setattr: Fix incorrect kernel headers search path
selftests: perf_events: Fix incorrect kernel headers search path
selftests: ipc: Fix incorrect kernel headers search path
selftests: futex: Fix incorrect kernel headers search path
selftests: drivers: Fix incorrect kernel headers search path
selftests: dmabuf-heaps: Fix incorrect kernel headers search path
selftests: vm: Fix incorrect kernel headers search path
selftests: seccomp: Fix incorrect kernel headers search path
irqdomain: Fix association race
irqdomain: Fix disassociation race
irqdomain: Look for existing mapping only once
irqdomain: Drop bogus fwspec-mapping error handling
irqdomain: Refactor __irq_domain_alloc_irqs()
irqdomain: Fix mapping-creation race
irqdomain: Fix domain registration race
crypto: qat - fix out-of-bounds read
mm/damon/paddr: fix missing folio_put()
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
jbd2: fix data missing when reusing bh which is ready to be checkpointed
ext4: optimize ea_inode block expansion
ext4: refuse to create ea block when umounted
cxl/pmem: Fix nvdimm registration races
mtd: spi-nor: sfdp: Fix index value for SCCR dwords
mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
dm: send just one event on resize, not two
dm: add cond_resched() to dm_wq_work()
dm: add cond_resched() to dm_wq_requeue_work()
wifi: rtw88: use RTW_FLAG_POWERON flag to prevent to power on/off twice
wifi: rtl8xxxu: Use a longer retry limit of 48
wifi: ath11k: allow system suspend to survive ath11k
wifi: cfg80211: Fix use after free for wext
wifi: cfg80211: Set SSID if it is not already set
cpuidle: add ARCH_SUSPEND_POSSIBLE dependencies
qede: fix interrupt coalescing configuration
thermal: intel: powerclamp: Fix cur_state for multi package system
dm flakey: fix logic when corrupting a bio
dm cache: free background tracker's queued work in btracker_destroy
dm flakey: don't corrupt the zero page
dm flakey: fix a bug with 32-bit highmem systems
hwmon: (peci/cputemp) Fix off-by-one in coretemp_label allocation
hwmon: (nct6775) Fix incorrect parenthesization in nct6775_write_fan_div()
ARM: dts: qcom: sdx65: Add Qcom SMMU-500 as the fallback for IOMMU node
ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node
ARM: dts: exynos: correct TMU phandle in Exynos4210
ARM: dts: exynos: correct TMU phandle in Exynos4
ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
ARM: dts: exynos: correct TMU phandle in Exynos5250
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Odroid HC1
arm64: mm: hugetlb: Disable HUGETLB_PAGE_OPTIMIZE_VMEMMAP
fuse: add inode/permission checks to fileattr_get/fileattr_set
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
ceph: update the time stamps and try to drop the suid/sgid
regulator: core: Use ktime_get_boottime() to determine how long a regulator was off
panic: fix the panic_print NMI backtrace setting
mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON
alpha: fix FEN fault handling
dax/kmem: Fix leak of memory-hotplug resources
mips: fix syscall_get_nr
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
remoteproc/mtk_scp: Move clk ops outside send_lock
docs: gdbmacros: print newest record
mm: memcontrol: deprecate charge moving
mm/thp: check and bail out if page in deferred queue already
ktest.pl: Give back console on Ctrt^C on monitor
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Add RUN_TIMEOUT option with default unlimited
memory tier: release the new_memtier in find_create_memory_tier()
ring-buffer: Handle race between rb_move_tail and rb_check_pages
tools/bootconfig: fix single & used for logical condition
tracing/eprobe: Fix to add filter on eprobe description in README file
iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
iommu/amd: Improve page fault error reporting
scsi: aacraid: Allocate cmd_priv with scsicmd
scsi: qla2xxx: Fix link failure in NPIV environment
scsi: qla2xxx: Check if port is online before sending ELS
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
scsi: qla2xxx: Remove unintended flag clearing
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Remove increment of interface err cnt
scsi: ses: Don't attach if enclosure has no components
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
RISC-V: add a spin_shadow_stack declaration
riscv: Avoid enabling interrupts in die()
riscv: mm: fix regression due to update_mmu_cache change
riscv: jump_label: Fixup unaligned arch_static_branch function
riscv, mm: Perform BPF exhandler fixup on page fault
riscv: ftrace: Remove wasted nops for !RISCV_ISA_C
riscv: ftrace: Reduce the detour code size to half
MIPS: DTS: CI20: fix otg power gpio
PCI/PM: Observe reset delay irrespective of bridge_d3
PCI: Unify delay handling for reset and resume
PCI: hotplug: Allow marking devices as disconnected during bind/unbind
PCI: Avoid FLR for AMD FCH AHCI adapters
PCI/DPC: Await readiness of secondary bus after reset
bus: mhi: ep: Only send -ENOTCONN status if client driver is available
bus: mhi: ep: Move chan->lock to the start of processing queued ch ring
bus: mhi: ep: Save channel state locally during suspend and resume
iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode
iommu/vt-d: Fix PASID directory pointer coherency
vfio/type1: exclude mdevs from VFIO_UPDATE_VADDR
vfio/type1: prevent underflow of locked_vm via exec()
vfio/type1: track locked_vm per dma
vfio/type1: restore locked_vm
drm/amd: Fix initialization for nbio 7.5.1
drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
drm/radeon: Fix eDP for single-display iMac11,2
drm/i915: Don't use stolen memory for ring buffers with LLC
drm/i915: Don't use BAR mappings for ring buffers with LLC
drm/gud: Fix UBSAN warning
drm/edid: fix AVI infoframe aspect ratio handling
drm/edid: fix parsing of 3D modes from HDMI VSDB
qede: avoid uninitialized entries in coal_entry array
brd: use radix_tree_maybe_preload instead of radix_tree_preload
sbitmap: Advance the queue index before waking up a queue
wait: Return number of exclusive waiters awaken
sbitmap: Try each queue to wake up at least one waiter
kbuild: Port silent mode detection to future gnu make.
net: avoid double iput when sock_alloc_file fails
Linux 6.1.16
Change-Id: I705caf70ee547e6d55f38d133bdcd50713aed745
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Vincent Donnefort
|
34411786c7 |
ANDROID: ring-buffer: Fix ring_buffer_read_page for external writers
No shortcut is possible for reading a page without removing it from the ring-buffer. The reader needs to be moved and its timestamp updated. Bug: 249050813 Change-Id: I80fbc1e265500e419278346e2973df2488b7e8b3 Signed-off-by: Vincent Donnefort <vdonnefort@google.com> |
||
Greg Kroah-Hartman
|
29d53c4c5a |
kernel/fail_function: fix memory leak with using debugfs_lookup()
[ Upstream commit 2bb3669f576559db273efe49e0e69f82450efbca ] When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. Cc: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Yang Yingliang <yangyingliang@huawei.com> Link: https://lore.kernel.org/r/20230202151633.2310897-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
c578a68ffc |
kernel/printk/index.c: fix memory leak with using debugfs_lookup()
[ Upstream commit 55bf243c514553e907efcf2bda92ba090eca8c64 ] When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. Cc: Chris Down <chris@chrisdown.name> Cc: Petr Mladek <pmladek@suse.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: John Ogness <john.ogness@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Reviewed-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Petr Mladek <pmladek@suse.com> Signed-off-by: Petr Mladek <pmladek@suse.com> Link: https://lore.kernel.org/r/20230202151411.2308576-1-gregkh@linuxfoundation.org Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Jia-Ju Bai
|
2072332c04 |
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
[ Upstream commit 3e4272b9954094907f16861199728f14002fcaf6 ]
In a previous commit
|
||
Sergey Shtylyov
|
926aef60ea |
genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()
[ Upstream commit feabecaff5902f896531dde90646ca5dfa9d4f7d ]
If ipi_send_{mask|single}() is called with an invalid interrupt number, all
the local variables there will be NULL. ipi_send_verify() which is invoked
from these functions does verify its 'data' parameter, resulting in a
kernel oops in irq_data_get_affinity_mask() as the passed NULL pointer gets
dereferenced.
Add a missing NULL pointer check in ipi_send_verify()...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Fixes:
|
||
|
Sangmoon Kim
|
1e6d82d241 |
ANDROID: Re-apply vendor hooks for information of blocked tasks
This reverts commit
|
||
Gabriel Krisman Bertazi
|
d710b1e91b |
wait: Return number of exclusive waiters awaken
commit ee7dc86b6d3e3b86c2c487f713eda657850de238 upstream. Sbitmap code will need to know how many waiters were actually woken for its batched wakeups implementation. Return the number of woken exclusive waiters from __wake_up() to facilitate that. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20221115224553.23594-3-krisman@suse.de Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Masami Hiramatsu (Google)
|
4aa7389400 |
tracing/eprobe: Fix to add filter on eprobe description in README file
commit 133921530c42960c07d25d12677f9e131a2b0cdf upstream.
Fix to add a description of the filter on eprobe in README file. This
is required to identify the kernel supports the filter on eprobe or not.
Link: https://lore.kernel.org/all/167309833728.640500.12232259238201433587.stgit@devnote3/
Fixes:
|