b548c046c7
7953 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Peng Zhang
|
66b5ad3507 |
BACKPORT: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()
commit cd00dd2585c4158e81fdfac0bbcc0446afbad26d upstream. Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the write extends to the last slot in the node, in which case the node maximum should be used as the end pivot. akpm: this doesn't affect any current callers, but new users of mapletree may encounter this problem if backported into earlier kernels, so let's fix it in -stable kernels in case of this. Link: https://lkml.kernel.org/r/20230506024752.2550-1-zhangpeng.00@bytedance.com Fixes: |
||
Liam R. Howlett
|
8f5a220975 |
FROMLIST: maple_tree: Adjust node allocation on mas_rebalance()
mas_rebalance() is called to rebalance an insufficient node into a single node or two sufficient nodes. The preallocation estimate is always too many in this case as the height of the tree will never grow and there is no possibility to have a three way split in this case, so revise the node allocation count. Change-Id: I04ba0674da381c06d4f8077f9f59d64b7d1a8312 Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/all/20230612203953.2093911-9-Liam.Howlett@oracle.com/ Bug: 274059236 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
e835ffdfbc |
FROMLIST: maple_tree: Reduce resets during store setup
mas_prealloc() may walk partially down the tree before finding that a split or spanning store is needed. When the write occurs, relax the logic on resetting the walk so that partial walks will not restart, but walks that have gone too far (a store that affects beyond the current node) should be restarted. Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/all/20230612203953.2093911-16-Liam.Howlett@oracle.com/ Bug: 274059236 Change-Id: I87dedebae085f067b08caeaf1bd19bb343ff305f Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
708234485a |
FROMLIST: BACKPORT: maple_tree: Refine mas_preallocate() node calculations
Calculate the number of nodes based on the pending write action instead of assuming the worst case. This addresses a performance regression introduced in platforms that have longer allocation timing. Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/all/20230612203953.2093911-15-Liam.Howlett@oracle.com/ [surenb: replace mas_wr_new_end with mas_wr_node_size] Bug: 274059236 Change-Id: I8fc22bca45fa005acf767722034a260242a4da52 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Suren Baghdasaryan
|
d766c8399b |
Revert "FROMLIST: BACKPORT: maple_tree: Refine mas_preallocate() node calculations"
This reverts commit
|
||
|
Peng Zhang
|
c3f3dc31f9 |
UPSTREAM: maple_tree: make maple state reusable after mas_empty_area()
Make mas->min and mas->max point to a node range instead of a leaf entry
range. This allows mas to still be usable after mas_empty_area() returns.
Users would get unexpected results from other operations on the maple
state after calling the affected function.
For example, x86 MAP_32BIT mmap() acts as if there is no suitable gap when
there should be one.
Link: https://lkml.kernel.org/r/20230505145829.74574-1-zhangpeng.00@bytedance.com
Fixes:
|
||
|
Liam R. Howlett
|
86d9de0898 |
FROMGIT: maple_tree: clear up index and last setting in single entry tree
When there is a single entry tree (range of 0-0 pointing to an entry), then ensure the limit is either 0-0 or 1-oo, depending on where the user walks. Ensure the correct node setting as well; either MAS_ROOT or MAS_NONE. Link: https://lkml.kernel.org/r/20230518145544.1722059-33-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c0b1bdd9011ef34b654fe62f2607bff0eb1ef0a8 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: I22a41c01e525fde88774b509cd5cbc60f56f6dc5 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
9288f53a31 |
FROMGIT: maple_tree: add mas_prev_range() and mas_find_range_rev interface
Some users of the maple tree may want to move to the previous range regardless of the value stored there. Add this interface as well as the 'find' variant to support walking to the first value, then iterating over the previous ranges. Link: https://lkml.kernel.org/r/20230518145544.1722059-32-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b8194567d8703df2ec488d5ace46b7435c936ba8 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: Ic0507e00818c94f43ed3d760422dfc4d52de5981 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
c4f5714056 |
FROMGIT: maple_tree: introduce mas_prev_slot() interface
Sometimes the user needs to revert to the previous slot, regardless of if it is empty or not. Add an interface to go to the previous slot. Since there can't be two consecutive NULLs in the tree, the mas_prev() function can be implemented by calling mas_prev_slot() a maximum of 2 times. Change the underlying interface to use mas_prev_slot() to align the code. Link: https://lkml.kernel.org/r/20230518145544.1722059-31-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 20ea986f0b783cf38e7fbcc6887b24c28b02c189 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: Ib5a677ee01f5d9b88cd9dede943d70c14f0ffb96 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
dbc16cc86a |
FROMGIT: maple_tree: relocate mas_rewalk() and mas_rewalk_if_dead()
These functions need to move for future use. Link: https://lkml.kernel.org/r/20230518145544.1722059-30-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 0cfc564131d7a63bdddb539a36a4374485df95e4 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: I6b60f2c67ad00e83a14b959c0006d6191cf57b31 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
b83cfb2dc4 |
FROMGIT: maple_tree: add mas_next_range() and mas_find_range() interfaces
Some users of the maple tree may want to move to the next range in the tree, even if it stores a NULL. This family of function provides that functionality by advancing one slot at a time and returning the result, while mas_contiguous() will iterate over the range and stop on encountering the first NULL. Link: https://lkml.kernel.org/r/20230518145544.1722059-29-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 727a78967bc89accbce230f7bc3eeba3c49ceb3f git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: Ie7b6d058f5e0cd3a011c3506d79f66d423b3a60b Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
84719794e0 |
FROMGIT: maple_tree: introduce mas_next_slot() interface
Sometimes, during a tree walk, the user needs the next slot regardless of if it is empty or not. Add an interface to get the next slot. Since there are no consecutive NULLs allowed in the tree, the mas_next() function can only advance two slots at most. So use the new mas_next_slot() interface to align both implementations. Use this method for mas_find() as well. Link: https://lkml.kernel.org/r/20230518145544.1722059-28-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit d0e70747bdb8f9cfc9ff48474e83171587ad94c1 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: I9efc69267859c26aae1b776d103dff584f1961ea Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
c5c507cfec |
FROMGIT: maple_tree: try harder to keep active node with mas_prev()
Keep a reference to the node when possible with mas_prev(). This will avoid re-walking the tree. In keeping a reference to the node, keep the last/index accurate to the range being referenced. This means the limit may be within the range, but the range may extend outside of the limit. Also fix the single entry tree to respect the range (of 0), or set the node to MAS_NONE in the case of shifting beyond 0. Link: https://lkml.kernel.org/r/20230518145544.1722059-25-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 20e9433710317ab0278c1d76821e213fb2d11e19 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: If0b40925884dac6e334474249098d03175ba6dd6 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
cb6d9fa6ad |
FROMGIT: maple_tree: try harder to keep active node after mas_next()
Clean up the mas_next() call to try and keep a node reference when possible. This will avoid re-walking the tree in most cases. Also clean up the single entry tree handling to ensure index/last are consistent with what one would expect. (returning NULL with limit of 1-oo). Link: https://lkml.kernel.org/r/20230518145544.1722059-24-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit f7741cbb138e4cd8586e45806313561cec44f9b6 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: I61c7e9e1575b5f5400f9fc2eec08ae4a1eaefa5e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
133fbad5bd |
FROMLIST: BACKPORT: maple_tree: Refine mas_preallocate() node calculations
Calculate the number of nodes based on the pending write action instead of assuming the worst case. This addresses a performance regression introduced in platforms that have longer allocation timing. Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/lkml/20230601021605.2823123-14-Liam.Howlett@oracle.com/ [surenb: adjust node_size calculation, allow to store a slot when possible] Bug: 274059236 Change-Id: I1db402fb463ee1e391081d2d81c34619f15713ac Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
ce9ebd83aa |
ANDROID: maple_tree: Move mas_wr_modify node size calculation to mas_wr_node_size()
Create a new function to get the size of the mas_wr_node_size() since it
will be used elsewhere soon.
Drop the incrementing of the node size if this is the left-most node.
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Link:
|
||
|
Liam R. Howlett
|
b6734cb2ce |
FROMLIST: BACKPORT: maple_tree: Move mas_wr_end_piv() below mas_wr_extend_null()
Relocate it and call mas_wr_extend_null() from within mas_wr_end_piv(). Extending the NULL may affect the end pivot value so call mas_wr_endtend_null() from within mas_wr_end_piv() to keep it all together. Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/lkml/20230601021605.2823123-12-Liam.Howlett@oracle.com/ [surenb: moved additional wr_mas->end_piv assignment missing in later kernel versions] Bug: 274059236 Change-Id: I55c5843273e7a679aef918e66d4b4ed034d493da Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
c3118993c9 |
FROMGIT: maple_tree: avoid unnecessary ascending
The maple tree node limits are implied by the parent. When walking up the tree, the limit may not be known until a slot that does not have implied limits are encountered. However, if the node is the left-most or right-most node, the walking up to find that limit can be skipped. This commit also fixes the debug/testing code that was not setting the limit on walking down the tree as that optimization is not compatible with this change. Link: https://lkml.kernel.org/r/20230518145544.1722059-4-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Reviewed-by: Peng Zhang <zhangpeng.00@bytedance.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 0f4e7f5fc2122534ae0573b37224ddfa367fa7ac git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: I4a5e852906692b27ea598fdf38eba8e1a69355d9 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Liujie Xie
|
573ba7b6e6 |
ANDROID: vendor_hooks: Add hooks for memory when debug
Add vendors hooks for recording memory used Vendor modules allocate and manages the memory itself. These memories might not be included in kernel memory statistics. Also, detailed references and vendor-specific information are managed only inside modules. When various problems such as memory leaks occurs, these information should be showed in real-time. Bug: 182443489 Bug: 234407991 Bug: 277799025 Signed-off-by: Liujie Xie <xieliujie@oppo.com> Change-Id: I62d8bb2b6650d8b187b433f97eb833ef0b784df1 Signed-off-by: Hyesoo Yu <hyesoo.yu@samsung.com> |
||
Kees Cook
|
467d3baa5d |
BACKPORT: overflow: Introduce overflows_type() and castable_to_type()
Implement a robust overflows_type() macro to test if a variable or constant value would overflow another variable or type. This can be used as a constant expression for static_assert() (which requires a constant expression[1][2]) when used on constant values. This must be constructed manually, since __builtin_add_overflow() does not produce a constant expression[3]. Additionally adds castable_to_type(), similar to __same_type(), but for checking if a constant value would overflow if cast to a given type. Add unit tests for overflows_type(), __same_type(), and castable_to_type() to the existing KUnit "overflow" test: [16:03:33] ================== overflow (21 subtests) ================== ... [16:03:33] [PASSED] overflows_type_test [16:03:33] [PASSED] same_type_test [16:03:33] [PASSED] castable_to_type_test [16:03:33] ==================== [PASSED] overflow ===================== [16:03:33] ============================================================ [16:03:33] Testing complete. Ran 21 tests: passed: 21 [16:03:33] Elapsed time: 24.022s total, 0.002s configuring, 22.598s building, 0.767s running [1] https://en.cppreference.com/w/c/language/_Static_assert [2] C11 standard (ISO/IEC 9899:2011): 6.7.10 Static assertions [3] https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html 6.56 Built-in Functions to Perform Arithmetic with Overflow Checking Built-in Function: bool __builtin_add_overflow (type1 a, type2 b, Cc: Luc Van Oostenryck <luc.vanoostenryck@gmail.com> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Tom Rix <trix@redhat.com> Cc: Daniel Latypov <dlatypov@google.com> Cc: Vitor Massaru Iha <vitor@massaru.org> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> Cc: Jani Nikula <jani.nikula@intel.com> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: linux-hardening@vger.kernel.org Cc: llvm@lists.linux.dev Co-developed-by: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com> Signed-off-by: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20221024201125.1416422-1-gwan-gyeong.mun@intel.com Bug: 279506910 (cherry picked from commit 4b21d25bf519c9487935a664886956bb18f04f6d) Change-Id: I20aff9de6b82a2f5203367d30555f904681a5b7b Signed-off-by: Elliot Berman <quic_eberman@quicinc.com> |
||
Greg Kroah-Hartman
|
c4cafbd0d4 |
Merge a3a93b4683 ("memstick: fix memory leak if card device is never registered") into android14-6.1
Steps on the way to 6.1.26 Change-Id: I068fdd73b1a29b954bef6931c144aa707d446482 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
55e4f0c551 |
This is the 6.1.25 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRBFW0ACgkQONu9yGCS
aT7Jew//Ytw9+JQ71LT1TuJnQ1GayJOL1BW5hgxoYgnBFasWDwsGA9rzHs6KHqHb
0Vjk7MX7VZB+6zWakOxY5CFVM33J4fS7wY8WE2bj8X3QQhD/J0HQDMdELvSBi3qF
7xI6sghEQEwOuwAj2+CBqm/q7rA5FTnO1QgJuk/AKJ6PHGRiQeZ7q1zGpFvSaj7S
cyKvY99RsjnUN+PYk4LE2+u/6DVCqiWYVDQrdjalb9zsrXg4+nmPH6ZJzZX8+bbM
eM0xAR675V8TXqDi+8bj7tWmiS52XyjYF3Q/bu9BmU67DqslH9FFyVQxhgTHUZpN
qWXkojEU2djIc3qt7T/bpZS/vD8Kg3Px1CgyIRN8Y5SlZfhZyqVdTZ4AQCtJuLQJ
wDIdQCLlGzzDNFvbD+LdfJSjZt7Ig1sM/HwtPZhUA9yF0FN1XV3dcESzCOeI0/S7
ohRh8cs1sidnxrbvVwiVNENSqbJD7G9/9vVjIfyfcnt57q+fs6xCBhpOyNoVOp74
I5i6ALMcVZoAB50vDjnoGZsSRe9W2AmOV6UMIkVCvRCWYFqBpgVftMTAACNyljni
UlXmO7aDQj+nbHD/auclFtU02oHQbk62FSrwoWMFS090zWztQqUhgRY7Qnl13yCM
poEvrKlskXhvunsNtdVmI5O3N2GANWKgGwkyFIiXvgxKkw1qpUo=
=zeN9
-----END PGP SIGNATURE-----
Merge 6.1.25 into android14-6.1
Changes in 6.1.25
Revert "pinctrl: amd: Disable and mask interrupts on resume"
drm/amd/display: Pass the right info to drm_dp_remove_payload
ALSA: emu10k1: fix capture interrupt handler unlinking
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
ALSA: emu10k1: don't create old pass-through playback device on Audigy
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
ALSA: hda/hdmi: disable KAE for Intel DG2
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
Bluetooth: Fix race condition in hidp_session_thread
bluetooth: btbcm: Fix logic error in forming the board name.
Bluetooth: Free potentially unfreed SCO connection
Bluetooth: hci_conn: Fix possible UAF
btrfs: restore the thread_pool= behavior in remount for the end I/O workqueues
btrfs: fix fast csum implementation detection
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
mtdblock: tolerate corrected bit-flips
mtd: rawnand: meson: fix bitmask for length in command word
mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
KVM: arm64: PMU: Restore the guest's EL0 event counting after migration
fbcon: Fix error paths in set_con2fb_map
fbcon: set_con2fb_map needs to set con2fb_map!
drm/i915/dsi: fix DSS CTL register offsets for TGL+
clk: sprd: set max_register according to mapping range
RDMA/irdma: Do not generate SW completions for NOPs
RDMA/irdma: Fix memory leak of PBLE objects
RDMA/irdma: Increase iWARP CM default rexmit count
RDMA/irdma: Add ipv4 check to irdma_find_listener()
IB/mlx5: Add support for 400G_8X lane speed
RDMA/erdma: Update default EQ depth to 4096 and max_send_wr to 8192
RDMA/erdma: Inline mtt entries into WQE if supported
RDMA/erdma: Defer probing if netdevice can not be found
clk: rs9: Fix suspend/resume
RDMA/cma: Allow UD qp_type to join multicast only
bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp
LoongArch, bpf: Fix jit to skip speculation barrier opcode
dmaengine: apple-admac: Handle 'global' interrupt flags
dmaengine: apple-admac: Set src_addr_widths capability
dmaengine: apple-admac: Fix 'current_tx' not getting freed
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
bpf, arm64: Fixed a BTI error on returning to patched function
KVM: arm64: Initialise hypervisor copies of host symbols unconditionally
KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs
niu: Fix missing unwind goto in niu_alloc_channels()
tcp: restrict net.ipv4.tcp_app_win
bonding: fix ns validation on backup slaves
iavf: refactor VLAN filter states
iavf: remove active_cvlans and active_svlans bitmaps
net: openvswitch: fix race on port output
Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure
Bluetooth: Fix printing errors if LE Connection times out
Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt
Bluetooth: Set ISO Data Path on broadcast sink
drm/armada: Fix a potential double free in an error handling path
qlcnic: check pci_reset_function result
net: wwan: iosm: Fix error handling path in ipc_pcie_probe()
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
sctp: fix a potential overflow in sctp_ifwdtsn_skip
RDMA/core: Fix GID entry ref leak when create_ah fails
selftests: openvswitch: adjust datapath NL message declaration
udp6: fix potential access to stale information
net: macb: fix a memory corruption in extended buffer descriptor mode
skbuff: Fix a race between coalescing and releasing SKBs
libbpf: Fix single-line struct definition output in btf_dump
ARM: 9290/1: uaccess: Fix KASAN false-positives
ARM: dts: qcom: apq8026-lg-lenok: add missing reserved memory
power: supply: rk817: Fix unsigned comparison with less than zero
power: supply: cros_usbpd: reclassify "default case!" as debug
power: supply: axp288_fuel_gauge: Added check for negative values
selftests/bpf: Fix progs/find_vma_fail1.c build error.
wifi: mwifiex: mark OF related data as maybe unused
i2c: imx-lpi2c: clean rx/tx buffers upon new message
i2c: hisi: Avoid redundant interrupts
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
block: ublk_drv: mark device as LIVE before adding disk
ACPI: video: Add backlight=native DMI quirk for Acer Aspire 3830TG
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
hwmon: (peci/cputemp) Fix miscalculated DTS for SKX
hwmon: (xgene) Fix ioremap and memremap leak
verify_pefile: relax wrapper length check
asymmetric_keys: log on fatal failures in PE/pkcs7
nvme: send Identify with CNS 06h only to I/O controllers
wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
wifi: iwlwifi: mvm: protect TXQ list manipulation
drm/amdgpu: add mes resume when do gfx post soft reset
drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs
drm/amdgpu/gfx: set cg flags to enter/exit safe mode
ACPI: resource: Add Medion S17413 to IRQ override quirk
x86/hyperv: Move VMCB enlightenment definitions to hyperv-tlfs.h
KVM: selftests: Move "struct hv_enlightenments" to x86_64/svm.h
KVM: SVM: Add a proper field for Hyper-V VMCB enlightenments
x86/hyperv: KVM: Rename "hv_enlightenments" to "hv_vmcb_enlightenments"
KVM: SVM: Flush Hyper-V TLB when required
tracing: Add trace_array_puts() to write into instance
tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance
maple_tree: fix write memory barrier of nodes once dead for RCU mode
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
riscv: add icache flush for nommu sigreturn trampoline
HID: intel-ish-hid: Fix kernel panic during warm reset
net: sfp: initialize sfp->i2c_block_size at sfp allocation
net: phy: nxp-c45-tja11xx: add remove callback
net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
scsi: ses: Handle enclosure with just a primary component gracefully
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
cgroup: fix display of forceidle time at root
cgroup/cpuset: Fix partition root's cpuset.cpus update bug
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings
drm/amd/pm: correct SMU13.0.7 max shader clock reporting
mptcp: use mptcp_schedule_work instead of open-coding it
mptcp: stricter state check in mptcp_worker
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
ubi: Fix deadlock caused by recursively holding work_sem
i2c: mchp-pci1xxxx: Update Timing registers
powerpc/papr_scm: Update the NUMA distance table for the target node
sched/fair: Fix imbalance overflow
x86/rtc: Remove __init for runtime functions
i2c: ocores: generate stop condition after timeout in polling mode
cifs: fix negotiate context parsing
nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN
nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD
cgroup/cpuset: Skip spread flags update on v2
cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
Linux 6.1.25
Change-Id: Ib4d2c49ea9bacb8d8dbdb7b3a4eecce937016427
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Peng Zhang
|
a1176791ab |
maple_tree: fix a potential memory leak, OOB access, or other unpredictable bug
commit 1f5f12ece722aacea1769fb644f27790ede339dc upstream.
In mas_alloc_nodes(), "node->node_count = 0" means to initialize the
node_count field of the new node, but the node may not be a new node. It
may be a node that existed before and node_count has a value, setting it
to 0 will cause a memory leak. At this time, mas->alloc->total will be
greater than the actual number of nodes in the linked list, which may
cause many other errors. For example, out-of-bounds access in
mas_pop_node(), and mas_pop_node() may return addresses that should not be
used. Fix it by initializing node_count only for new nodes.
Also, by the way, an if-else statement was removed to simplify the code.
Link: https://lkml.kernel.org/r/20230411041005.26205-1-zhangpeng.00@bytedance.com
Fixes:
|
||
|
Liam R. Howlett
|
66f13a1acf |
maple_tree: fix mas_empty_area() search
commit 06e8fd999334bcd76b4d72d7b9206d4aea89764e upstream.
The internal function of mas_awalk() was incorrectly skipping the last
entry in a node, which could potentially be NULL. This is only a problem
for the left-most node in the tree - otherwise that NULL would not exist.
Fix mas_awalk() by using the metadata to obtain the end of the node for
the loop and the logical pivot as apposed to the raw pivot value.
Link: https://lkml.kernel.org/r/20230414145728.4067069-2-Liam.Howlett@oracle.com
Fixes:
|
||
|
Liam R. Howlett
|
c51b9ef3f5 |
maple_tree: make maple state reusable after mas_empty_area_rev()
commit fad8e4291da5e3243e086622df63cb952db444d8 upstream.
Stop using maple state min/max for the range by passing through pointers
for those values. This will allow the maple state to be reused without
resetting.
Also add some logic to fail out early on searching with invalid
arguments.
Link: https://lkml.kernel.org/r/20230414145728.4067069-1-Liam.Howlett@oracle.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
0fff48d6fe |
Merge 6.1.24 into android14-6.1
Changes in 6.1.24
dm cache: Add some documentation to dm-cache-background-tracker.h
dm integrity: Remove bi_sector that's only used by commented debug code
dm: change "unsigned" to "unsigned int"
dm: fix improper splitting for abnormal bios
KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode
KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
Drivers: vmbus: Check for channel allocation before looking up relids
ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
pwm: Make .get_state() callback return an error code
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: meson: Explicitly set .polarity in .get_state()
ASoC: codecs: lpass: fix the order or clks turn off during suspend
KVM: s390: pv: fix external interruption loop not always detected
wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
net: phylink: add phylink_expects_phy() method
net: stmmac: check if MAC needs to attach to a PHY
net: stmmac: remove redundant fixup to support fixed-link mode
l2tp: generate correct module alias strings
wifi: brcmfmac: Fix SDIO suspend/resume regression
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
nfsd: call op_release, even when op_func returns an error
icmp: guard against too small mtu
ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
net: don't let netpoll invoke NAPI if in xmit context
net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
sctp: check send stream number after wait_for_sndbuf
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
platform/x86: think-lmi: Fix memory leak when showing current settings
platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
platform/x86: think-lmi: Clean up display of current_value on Thinkstation
gpio: davinci: Do not clear the bank intr enable bit in save_context
gpio: davinci: Add irq chip flag to skip set wake
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
net: stmmac: fix up RX flow hash indirection table when setting channels
sunrpc: only free unix grouplist after RCU settles
NFSD: callback request does not use correct credential for AUTH_SYS
ice: fix wrong fallback logic for FDIR
ice: Reset FDIR counter in FDIR init stage
raw: use net_hash_mix() in hash function
raw: Fix NULL deref in raw_get_next().
ping: Fix potentail NULL deref for /proc/net/icmp.
ethtool: reset #lanes when lanes is omitted
netlink: annotate lockless accesses to nlk->max_recvmsg_len
gve: Secure enough bytes in the first TX desc for all TCP pkts
arm64: compat: Work around uninitialized variable warning
net: stmmac: check fwnode for phy device before scanning for phy
cxl/pci: Fix CDAT retrieval on big endian
cxl/pci: Handle truncated CDAT header
cxl/pci: Handle truncated CDAT entries
cxl/pci: Handle excessive CDAT length
PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
usb: xhci: tegra: fix sleep in atomic call
xhci: Free the command allocated for setting LPM if we return early
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
usb: cdnsp: Fixes error: uninitialized symbol 'len'
usb: dwc3: pci: add support for the Intel Meteor Lake-S
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
drivers: iio: adc: ltc2497: fix LSB shift
iio: adis16480: select CONFIG_CRC32
iio: adc: qcom-spmi-adc5: Fix the channel name
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: buffer: correctly return bytes written in output buffers
iio: buffer: make sure O_NONBLOCK is respected
iio: light: cm32181: Unregister second I2C client if present
tty: serial: sh-sci: Fix transmit end interrupt handler
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
serial: 8250: Prevent starting up DMA Rx on THRI interrupt
ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
ALSA: hda/realtek: Add quirk for Clevo X370SNW
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
x86/acpi/boot: Correct acpi_is_processor_usable() check
x86/ACPI/boot: Use FADT version to check support for online capable
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
mm: kfence: fix PG_slab and memcg_data clearing
mm: kfence: fix handling discontiguous page
coresight: etm4x: Do not access TRCIDR1 for identification
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
counter: 104-quad-8: Fix Synapse action reported for Index signals
blk-mq: directly poll requests
iio: adc: ad7791: fix IRQ flags
io_uring: fix return value when removing provided buffers
io_uring: fix memory leak when removing provided buffers
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
nvme: fix discard support without oncs
cifs: sanitize paths in cifs_update_super_prepath.
block: ublk: make sure that block size is set correctly
block: don't set GD_NEED_PART_SCAN if scan partition failed
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
fs: drop peer group ids under namespace lock
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
can: isotp: fix race between isotp_sendsmg() and isotp_release()
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
ACPI: video: Make acpi_backlight=video work independent from GPU driver
ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
net: stmmac: Add queue reset into stmmac_xdp_open() function
tracing/synthetic: Fix races on freeing last_cmd
tracing/timerlat: Notify new max thread latency
tracing/osnoise: Fix notify new tracing_max_latency
tracing: Free error logs of tracing instances
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing/synthetic: Make lastcmd_mutex static
zsmalloc: document freeable stats
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
wifi: mt76: ignore key disable commands
ublk: read any SQE values upfront
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/i915: Fix context runtime accounting
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
mm/hugetlb: fix uffd wr-protection for CoW optimization path
maple_tree: fix get wrong data_end in mtree_lookup_walk()
maple_tree: fix a potential concurrency bug in RCU mode
blk-throttle: Fix that bps of child could exceed bps limited in parent
drm/amd/display: Clear MST topology if it fails to resume
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
drm/i915/dp_mst: Fix payload removal during output disabling
drm/bridge: lt9611: Fix PLL being unable to lock
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
mm: take a page reference when removing device exclusive entries
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
maple_tree: fix potential rcu issue
maple_tree: reduce user error potential
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
maple_tree: fix mas_prev() and mas_find() state handling
maple_tree: be more cautious about dead nodes
maple_tree: refine ma_state init from mas_start()
maple_tree: detect dead nodes in mas_start()
maple_tree: fix freeing of nodes in rcu mode
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
maple_tree: add smp_rmb() to dead node detection
maple_tree: add RCU lock checking to rcu callback functions
mm: enable maple tree RCU mode by default.
bpftool: Print newline before '}' for struct with padding only fields
Linux 6.1.24
Change-Id: I475408e1166927565c7788e7095bdf2cb236c4b2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Liam R. Howlett
|
2128f7c00f |
maple_tree: fix write memory barrier of nodes once dead for RCU mode
[ Upstream commit c13af03de46ba27674dd9fb31a17c0d480081139 ]
During the development of the maple tree, the strategy of freeing multiple
nodes changed and, in the process, the pivots were reused to store
pointers to dead nodes. To ensure the readers see accurate pivots, the
writers need to mark the nodes as dead and call smp_wmb() to ensure any
readers can identify the node as dead before using the pivot values.
There were two places where the old method of marking the node as dead
without smp_wmb() were being used, which resulted in RCU readers seeing
the wrong pivot value before seeing the node was dead. Fix this race
condition by using mte_set_node_dead() which has the smp_wmb() call to
ensure the race is closed.
Add a WARN_ON() to the ma_free_rcu() call to ensure all nodes being freed
are marked as dead to ensure there are no other call paths besides the two
updated paths.
This is necessary for the RCU mode of the maple tree.
Link: https://lkml.kernel.org/r/20230227173632.3292573-6-surenb@google.com
Fixes:
|
||
|
Liam R. Howlett
|
9b6627bc36 |
maple_tree: add RCU lock checking to rcu callback functions
commit 790e1fa86b340c2bd4a327e01c161f7a1ad885f6 upstream.
Dereferencing RCU objects within the RCU callback without the RCU check
has caused lockdep to complain. Fix the RCU dereferencing by using the
RCU callback lock to ensure the operation is safe.
Also stop creating a new lock to use for dereferencing during destruction
of the tree or subtree. Instead, pass through a pointer to the tree that
has the lock that is held for RCU dereferencing checking. It also does
not make sense to use the maple state in the freeing scenario as the tree
walk is a special case where the tree no longer has the normal encodings
and parent pointers.
Link: https://lkml.kernel.org/r/20230227173632.3292573-8-surenb@google.com
Fixes:
|
||
|
Liam R. Howlett
|
a29025a1b6 |
maple_tree: add smp_rmb() to dead node detection
commit 0a2b18d948838e16912b3b627b504ab062b7d02a upstream.
Add an smp_rmb() before reading the parent pointer to ensure that anything
read from the node prior to the parent pointer hasn't been reordered ahead
of this check.
The is necessary for RCU mode.
Link: https://lkml.kernel.org/r/20230227173632.3292573-7-surenb@google.com
Fixes:
|
||
|
Liam R. Howlett
|
d3af5f8a50 |
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
commit 8372f4d83f96f35915106093cde4565836587123 upstream.
The call to mte_set_dead_node() before the smp_wmb() already calls
smp_wmb() so this is not needed. This is an optimization for the RCU mode
of the maple tree.
Link: https://lkml.kernel.org/r/20230227173632.3292573-5-surenb@google.com
Fixes:
|
||
|
Liam R. Howlett
|
cc2f2507f3 |
maple_tree: fix freeing of nodes in rcu mode
commit 2e5b4921f8efc9e845f4f04741797d16f36847eb upstream.
The walk to destroy the nodes was not always setting the node type and
would result in a destroy method potentially using the values as nodes.
Avoid this by setting the correct node types. This is necessary for the
RCU mode of the maple tree.
Link: https://lkml.kernel.org/r/20230227173632.3292573-4-surenb@google.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
5f7c591264 |
maple_tree: detect dead nodes in mas_start()
commit a7b92d59c885018cb7bb88539892278e4fd64b29 upstream.
When initially starting a search, the root node may already be in the
process of being replaced in RCU mode. Detect and restart the walk if
this is the case. This is necessary for RCU mode of the maple tree.
Link: https://lkml.kernel.org/r/20230227173632.3292573-3-surenb@google.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
3825e4495b |
maple_tree: refine ma_state init from mas_start()
commit 46b345848261009477552d654cb2f65000c30e4d upstream.
If mas->node is an MAS_START, there are three cases, and they all assign
different values to mas->node and mas->offset. So there is no need to set
them to a default value before updating.
Update them directly to make them easier to understand and for better
readability.
Link: https://lkml.kernel.org/r/20221221060058.609003-7-vernon2gm@gmail.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
64cb480523 |
maple_tree: be more cautious about dead nodes
commit 39d0bd86c499ecd6abae42a9b7112056c5560691 upstream.
ma_pivots() and ma_data_end() may be called with a dead node. Ensure to
that the node isn't dead before using the returned values.
This is necessary for RCU mode of the maple tree.
Link: https://lkml.kernel.org/r/20230227173632.3292573-1-surenb@google.com
Link: https://lkml.kernel.org/r/20230227173632.3292573-2-surenb@google.com
Fixes:
|
||
|
Liam R. Howlett
|
0a0372d1d2 |
maple_tree: fix mas_prev() and mas_find() state handling
commit 17dc622c7b0f94e49bed030726df4db12ecaa6b5 upstream.
When mas_prev() does not find anything, set the state to MAS_NONE.
Handle the MAS_NONE in mas_find() like a MAS_START.
Link: https://lkml.kernel.org/r/20230120162650.984577-7-Liam.Howlett@oracle.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
19d8f782e3 |
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
commit 1202700c3f8cc5f7e4646c3cf05ee6f7c8bc6ccf upstream.
If an invalidated maple state is encountered during write, reset the maple
state to MAS_START. This will result in a re-walk of the tree to the
correct location for the write.
Link: https://lore.kernel.org/all/20230107020126.1627-1-sj@kernel.org/
Link: https://lkml.kernel.org/r/20230120162650.984577-6-Liam.Howlett@oracle.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
2c9bc4903b |
maple_tree: reduce user error potential
commit 50e81c82ad947045c7ed26ddc9acb17276b653b6 upstream.
When iterating, a user may operate on the tree and cause the maple state
to be altered and left in an unintuitive state. Detect this scenario and
correct it by setting to the limit and invalidating the state.
Link: https://lkml.kernel.org/r/20230120162650.984577-4-Liam.Howlett@oracle.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
f41e9e6927 |
maple_tree: fix potential rcu issue
commit 65be6f058b0eba98dc6c6f197ea9f62c9b6a519f upstream.
Ensure the node isn't dead after reading the node end.
Link: https://lkml.kernel.org/r/20230120162650.984577-3-Liam.Howlett@oracle.com
Cc: <Stable@vger.kernel.org>
Fixes:
|
||
|
Liam R. Howlett
|
edc5a4e880 |
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
commit 541e06b772c1aaffb3b6a245ccface36d7107af2 upstream.
Preallocations are common in the VMA code to avoid allocating under
certain locking conditions. The preallocations must also cover the
worst-case scenario. Removing the GFP_ZERO flag from the
kmem_cache_alloc() (and bulk variant) calls will reduce the amount of time
spent zeroing memory that may not be used. Only zero out the necessary
area to keep track of the allocations in the maple state. Zero the entire
node prior to using it in the tree.
This required internal changes to node counting on allocation, so the test
code is also updated.
This restores some micro-benchmark performance: up to +9% in mmtests mmap1
by my testing +10% to +20% in mmap, mmapaddr, mmapmany tests reported by
Red Hat
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2149636
Link: https://lkml.kernel.org/r/20230105160427.2988454-1-Liam.Howlett@oracle.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Peng Zhang
|
240bb94f35 |
maple_tree: fix a potential concurrency bug in RCU mode
commit c45ea315a602d45569b08b93e9ab30f6a63a38aa upstream.
There is a concurrency bug that may cause the wrong value to be loaded
when a CPU is modifying the maple tree.
CPU1:
mtree_insert_range()
mas_insert()
mas_store_root()
...
mas_root_expand()
...
rcu_assign_pointer(mas->tree->ma_root, mte_mk_root(mas->node));
ma_set_meta(node, maple_leaf_64, 0, slot); <---IP
CPU2:
mtree_load()
mtree_lookup_walk()
ma_data_end();
When CPU1 is about to execute the instruction pointed to by IP, the
ma_data_end() executed by CPU2 may return the wrong end position, which
will cause the value loaded by mtree_load() to be wrong.
An example of triggering the bug:
Add mdelay(100) between rcu_assign_pointer() and ma_set_meta() in
mas_root_expand().
static DEFINE_MTREE(tree);
int work(void *p) {
unsigned long val;
for (int i = 0 ; i< 30; ++i) {
val = (unsigned long)mtree_load(&tree, 8);
mdelay(5);
pr_info("%lu",val);
}
return 0;
}
mt_init_flags(&tree, MT_FLAGS_USE_RCU);
mtree_insert(&tree, 0, (void*)12345, GFP_KERNEL);
run_thread(work)
mtree_insert(&tree, 1, (void*)56789, GFP_KERNEL);
In RCU mode, mtree_load() should always return the value before or after
the data structure is modified, and in this example mtree_load(&tree, 8)
may return 56789 which is not expected, it should always return NULL. Fix
it by put ma_set_meta() before rcu_assign_pointer().
Link: https://lkml.kernel.org/r/20230314124203.91572-4-zhangpeng.00@bytedance.com
Fixes:
|
||
|
Peng Zhang
|
4f5760757f |
maple_tree: fix get wrong data_end in mtree_lookup_walk()
commit ec07967d7523adb3670f9dfee0232e3bc868f3de upstream.
if (likely(offset > end))
max = pivots[offset];
The above code should be changed to if (likely(offset < end)), which is
correct. This affects the correctness of ma_data_end(). Now it seems
that the final result will not be wrong, but it is best to change it.
This patch does not change the code as above, because it simplifies the
code by the way.
Link: https://lkml.kernel.org/r/20230314124203.91572-1-zhangpeng.00@bytedance.com
Link: https://lkml.kernel.org/r/20230314124203.91572-2-zhangpeng.00@bytedance.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
a0f3313ef9 |
This is the 6.1.23 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQumsIACgkQONu9yGCS aT4yfBAAwaDPXomEa+DY6pkQEE7WPVtIkeO+sQIo7bWHunTDilTLRFeDUJ4THydT CnhhlGsBUt8KGeWgSR6hHeTl/c+b+AcBan5k5BBufUGrsDn/XV8QIEyKWhbLIEja qWehpogs7BJLg2dFRqTfHQEOhLht1jCmC99tfEozEG4zRudmdS3Z2DbRypfEHshc oGOC1Jzg4MLPfB+lCwKNrVMBlR2n/73P7mTUCu/Dc9+DUbm+GtqvsPuGT2LxVyY7 kkNgGzvdxQQCqtK5X6zyoU61gepsobf6c6kHjBucn8mhaYURT5ndfV9VqLWkDYE7 71iH0oY5fg2NgbMtQpbA10MokjijFp46I4QxzG/RVl2ZN2pbCFNm5aNIBCwBbF2k lN6hwJc1nbTi696o29o1osm+yju3347HCAWC8s+DAszXiquihiUeJBwuCfa1c+Gy GhdATa3nNQ/8D0gWULr/kl7DvlgpSpYrbEQGVG2gH6tdsAZt2iKYUtGLFjvDN+fw CoMpq2OZTX5afM7AxTX00f5lGmbXhD+T9a+pS9AXhPqKcGv1tt0Gso8dn7cpWpj5 LxhIE9dK5F1/tI+wPE+8t80CukqQHfoCQ24YO8mfUKmlInwjGd1Hque+ihKJo7ZW W5CXlZJJVvpVk9BxMNaYHKfSE+U6G7hYabEAzJXR3fz9vGfoTII= =rz/i -----END PGP SIGNATURE----- Merge 6.1.23 into android14-6.1 Changes in 6.1.23 thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers cifs: update ip_addr for ses only for primary chan setup cifs: prevent data race in cifs_reconnect_tcon() cifs: avoid race conditions with parallel reconnects zonefs: Reorganize code zonefs: Simplify IO error handling zonefs: Reduce struct zonefs_inode_info size zonefs: Separate zone information from inode information zonefs: Fix error message in zonefs_file_dio_append() fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY kernel: kcsan: kcsan_test: build without structleak plugin kcsan: avoid passing -g for test btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING btrfs: zoned: count fresh BG region as zone unusable net: ethernet: ti: am65-cpsw/cpts: Fix CPTS release action riscv: ftrace: Fixup panic by disabling preemption ARM: dts: aspeed: p10bmc: Update battery node name drm/msm/dpu: Refactor sc7280_pp location drm/msm/dpu: correct sm8250 and sm8350 scaler drm/msm/disp/dpu: fix sc7280_pp base offset tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API tty: serial: fsl_lpuart: fix race on RX DMA shutdown tracing: Add .percent suffix option to histogram values tracing: Add .graph suffix option to histogram value tracing: Do not let histogram values have some modifiers net: mscc: ocelot: fix stats region batching arm64: efi: Set NX compat flag in PE/COFF header cifs: fix missing unload_nls() in smb2_reconnect() xfrm: Zero padding when dumping algos and encap ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds ASoC: Intel: avs: max98357a: Explicitly define codec format ASoC: Intel: avs: da7219: Explicitly define codec format ASoC: Intel: avs: ssm4567: Remove nau8825 bits ASoC: Intel: avs: nau8825: Adjust clock control zstd: Fix definition of assert() ACPI: video: Add backlight=native DMI quirk for Dell Vostro 15 3535 ASoC: SOF: ipc3: Check for upper size limit for the received message ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit ASoC: SOF: Intel: pci-tng: revert invalid bar size setting ASoC: SOF: IPC4: update gain ipc msg definition to align with fw md: avoid signed overflow in slot_store() x86/PVH: obtain VGA console info in Dom0 drm/amdkfd: Fix BO offset for multi-VMA page migration drm/amdkfd: fix a potential double free in pqm_create_queue drm/amdkfd: fix potential kgd_mem UAFs net: hsr: Don't log netdev_err message on unknown prp dst node ALSA: asihpi: check pao in control_message() ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() fbdev: tgafb: Fix potential divide by zero ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range sched_getaffinity: don't assume 'cpumask_size()' is fully initialized nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620 drm/amdkfd: Fixed kfd_process cleanup on module exit. net/mlx5e: Lower maximum allowed MTU in XSK to match XDP prerequisites fbdev: nvidia: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: au1200fb: Fix potential divide by zero tools/power turbostat: Fix /dev/cpu_dma_latency warnings tools/power turbostat: fix decoding of HWP_STATUS tracing: Fix wrong return in kprobe_event_gen_test.c btrfs: fix uninitialized variable warning in btrfs_update_block_group btrfs: use temporary variable for space_info in btrfs_update_block_group mtd: rawnand: meson: initialize struct with zeroes mtd: nand: mxic-ecc: Fix mxic_ecc_data_xfer_wait_for_completion() when irq is used ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() riscv/kvm: Fix VM hang in case of timer delta being zero. mips: bmips: BCM6358: disable RAC flush for TP1 ALSA: usb-audio: Fix recursive locking at XRUN during syncing PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled platform/x86: think-lmi: add missing type attribute platform/x86: think-lmi: use correct possible_values delimiters platform/x86: think-lmi: only display possible_values if available platform/x86: think-lmi: Add possible_values for ThinkStation platform/surface: aggregator: Add missing fwnode_handle_put() mtd: rawnand: meson: invalidate cache on polling ECC bit SUNRPC: fix shutdown of NFS TCP client socket sfc: ef10: don't overwrite offload features at NIC reset scsi: megaraid_sas: Fix crash after a double completion scsi: mpt3sas: Don't print sense pool info twice net: dsa: realtek: fix out-of-bounds access ptp_qoriq: fix memory leak in probe() net: dsa: microchip: ksz8: fix ksz8_fdb_dump() net: dsa: microchip: ksz8: fix ksz8_fdb_dump() to extract all 1024 entries net: dsa: microchip: ksz8: fix offset for the timestamp filed net: dsa: microchip: ksz8: ksz8_fdb_dump: avoid extracting ghost entry from empty dynamic MAC table. net: dsa: microchip: ksz8863_smi: fix bulk access net: dsa: microchip: ksz8: fix MDB configuration with non-zero VID r8169: fix RTL8168H and RTL8107E rx crc error regulator: Handle deferred clk net/net_failover: fix txq exceeding warning net: stmmac: don't reject VLANs when IFF_PROMISC is set drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write s390/vfio-ap: fix memory leak in vfio_ap device driver ACPI: bus: Rework system-level device notification handling loop: LOOP_CONFIGURE: send uevents for partitions net: mvpp2: classifier flow fix fragmentation flags net: mvpp2: parser fix QinQ net: mvpp2: parser fix PPPoE smsc911x: avoid PHY being resumed when interface is not up ice: Fix ice_cfg_rdma_fltr() to only update relevant fields ice: add profile conflict check for AVF FDIR ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() ALSA: ymfpci: Create card with device-managed snd_devm_card_new() ALSA: ymfpci: Fix BUG_ON in probe function net: ipa: compute DMA pool size properly i40e: fix registers dump after run ethtool adapter self test bnxt_en: Fix reporting of test result in ethtool selftest bnxt_en: Fix typo in PCI id to device description string mapping bnxt_en: Add missing 200G link speed reporting net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only net: ethernet: mtk_eth_soc: fix flow block refcounting logic net: ethernet: mtk_eth_soc: add missing ppe cache flush when deleting a flow pinctrl: ocelot: Fix alt mode for ocelot Input: xpad - fix incorrectly applied patch for MAP_PROFILE_BUTTON iommu/vt-d: Allow zero SAGAW if second-stage not supported Input: i8042 - add TUXEDO devices to i8042 quirk tables for partial fix Input: alps - fix compatibility with -funsigned-char Input: focaltech - use explicitly signed char type cifs: prevent infinite recursion in CIFSGetDFSRefer() cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL Input: i8042 - add quirk for Fujitsu Lifebook A574/H Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table btrfs: fix deadlock when aborting transaction during relocation with scrub btrfs: fix race between quota disable and quota assign ioctls btrfs: scan device in non-exclusive mode zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space block/io_uring: pass in issue_flags for uring_cmd task_work handling io_uring/poll: clear single/double poll flags on poll arming io_uring/rsrc: fix rogue rsrc node grabbing io_uring: fix poll/netmsg alloc caches vmxnet3: use gro callback when UPT is enabled zonefs: Always invalidate last cached page on append write dm: fix __send_duplicate_bios() to always allow for splitting IO can: j1939: prevent deadlock by moving j1939_sk_errqueue() xen/netback: don't do grant copy across page boundary net: phy: dp83869: fix default value for tx-/rx-internal-delay modpost: Fix processing of CRCs on 32-bit build machines pinctrl: amd: Disable and mask interrupts on resume pinctrl: at91-pio4: fix domain name assignment platform/x86: ideapad-laptop: Stop sending KEY_TOUCHPAD_TOGGLE powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled powerpc/64s: Fix __pte_needs_flush() false positive warning NFSv4: Fix hangs when recovering open state after a server reboot ALSA: hda/conexant: Partial revert of a quirk for Lenovo ALSA: usb-audio: Fix regression on detection of Roland VS-100 ALSA: hda/realtek: Add quirks for some Clevo laptops ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z xtensa: fix KASAN report for show_stack rcu: Fix rcu_torture_read ftrace event dt-bindings: mtd: jedec,spi-nor: Document CPOL/CPHA support s390/uaccess: add missing earlyclobber annotations to __clear_user() s390: reintroduce expoline dependence to scripts drm/etnaviv: fix reference leak when mmaping imported buffer drm/amdgpu: allow more APUs to do mode2 reset when go to S4 drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub drm/amd/display: Take FEC Overhead into Timeslot Calculation drm/i915/gem: Flush lmem contents after construction drm/i915/dpt: Treat the DPT BO as a framebuffer drm/i915: Disable DC states for all commits drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk KVM: arm64: PMU: Fix GET_ONE_REG for vPMC regs to return the current value KVM: arm64: Disable interrupts while walking userspace PTs net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: replace VTU violation prints with trace points selftests/bpf: Test btf dump for struct with padding only fields libbpf: Fix BTF-to-C converter's padding logic selftests/bpf: Add few corner cases to test padding handling of btf_dump libbpf: Fix btf_dump's packed struct determination usb: ucsi: Fix ucsi->connector race drm/amdkfd: Get prange->offset after svm_range_vram_node_new hsr: ratelimit only when errors are printed x86/PVH: avoid 32-bit build warning when obtaining VGA console info Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*" Linux 6.1.23 Change-Id: I15af3697170567c4678bcc9c2380d80e7cef5bc9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jonathan Neuschäfer
|
78b342f0cd |
zstd: Fix definition of assert()
[ Upstream commit 6906598f1ce93761716d780b6e3f171e13f0f4ce ] assert(x) should emit a warning if x is false. WARN_ON(x) emits a warning if x is true. Thus, assert(x) should be defined as WARN_ON(!x) rather than WARN_ON(x). Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by: Nick Terrell <terrelln@fb.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
db50ac4d0a |
Merge 6.1.22 into android14-6.1
Changes in 6.1.22 interconnect: qcom: osm-l3: fix icc_onecell_data allocation interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output perf: fix perf_event_context->time tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr drm/amd/display: Include virtual signal to set k1 and k2 values drm/amd/display: fix k1 k2 divider programming for phantom streams drm/amd/display: Remove OTG DIV register write for Virtual signals. mptcp: refactor passive socket initialization mptcp: use the workqueue to destroy unaccepted sockets mptcp: fix UaF in listener shutdown drm/amd/display: Fix DP MST sinks removal issue arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes NFS: Fix /proc/PID/io read_bytes for buffered reads xsk: Add missing overflow check in xdp_umem_reg iavf: fix inverted Rx hash condition leading to disabled hash iavf: fix non-tunneled IPv6 UDP packet type and hashing iavf: do not track VLAN 0 filters intel/igbvf: free irq on the error path in igbvf_request_msix() igbvf: Regard vf reset nack as success igc: fix the validation logic for taprio's gate list i2c: imx-lpi2c: check only for enabled interrupt flags i2c: mxs: ensure that DMA buffers are safe for DMA i2c: hisi: Only use the completion interrupt to finish the transfer scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() nfsd: don't replace page in rq_pages if it's a continuation of last page net: dsa: b53: mmap: fix device tree support net: usb: smsc95xx: Limit packet length to skb->len efi/libstub: smbios: Use length member instead of record struct size qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info xirc2ps_cs: Fix use after free bug in xirc2ps_detach net: phy: Ensure state transitions are processed from phy_stop() net: mdio: fix owner field for mdio buses registered using device-tree net: mdio: fix owner field for mdio buses registered using ACPI net: stmmac: Fix for mismatched host/device DMA address width thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function mlxsw: core_thermal: Fix fan speed in maximum cooling state drm/i915: Print return value on error drm/i915/fbdev: lock the fbdev obj before vma pin drm/i915/guc: Rename GuC register state capture node to be more obvious drm/i915/guc: Fix missing ecodes drm/i915/gt: perform uc late init after probe error injection net: qcom/emac: Fix use after free bug in emac_remove due to race condition net: usb: lan78xx: Limit packet length to skb->len net/ps3_gelic_net: Fix RX sk_buff length net/ps3_gelic_net: Use dma_mapping_error octeontx2-vf: Add missing free for alloc_percpu bootconfig: Fix testcase to increase max node keys: Do not cache key in task struct if key is requested from kernel thread ice: check if VF exists before mode check iavf: fix hang on reboot with ice i40e: fix flow director packet filter programming bpf: Adjust insufficient default bpf_jit_limit net/mlx5e: Set uplink rep as NETNS_LOCAL net/mlx5e: Block entering switchdev mode with ns inconsistency net/mlx5: Fix steering rules cleanup net/mlx5e: Overcome slow response for first macsec ASO WQE net/mlx5: Read the TC mapping of all priorities on ETS query net/mlx5: E-Switch, Fix an Oops in error handling code net: dsa: tag_brcm: legacy: fix daisy-chained switches atm: idt77252: fix kmemleak when rmmod idt77252 erspan: do not use skb_mac_header() in ndo_start_xmit() net/sonic: use dma_mapping_error() for error check nvme-tcp: fix nvme_tcp_term_pdu to match spec mlxsw: spectrum_fid: Fix incorrect local port type hvc/xen: prevent concurrent accesses to the shared ring ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES ksmbd: fix possible refcount leak in smb2_open() Bluetooth: hci_sync: Resume adv with no RPA when active scan Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet Bluetooth: btusb: Remove detection of ISO packets over bulk Bluetooth: ISO: fix timestamped HCI ISO data packet parsing Bluetooth: Remove "Power-on" check from Mesh feature gve: Cache link_speed value from device net: asix: fix modprobe "sysfs: cannot create duplicate filename" net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case net: mdio: thunder: Add missing fwnode_handle_put() drm/amd/display: Set dcn32 caps.seamless_odm Bluetooth: btqcomsmd: Fix command timeout after setting BD address Bluetooth: L2CAP: Fix responding with wrong PDU type Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work Bluetooth: mgmt: Fix MGMT add advmon with RSSI command Bluetooth: HCI: Fix global-out-of-bounds platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl entry: Fix noinstr warning in __enter_from_user_mode() perf/x86/amd/core: Always clear status for idx entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up hwmon: fix potential sensor registration fail if of_node is missing hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs scsi: qla2xxx: Synchronize the IOCB count to be in order scsi: qla2xxx: Perform lockless command completion in abort path smb3: lower default deferred close timeout to address perf regression smb3: fix unusable share after force unmount failure uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 thunderbolt: Use scale field when allocating USB3 bandwidth thunderbolt: Call tb_check_quirks() after initializing adapters thunderbolt: Add quirk to disable CLx thunderbolt: Fix memory leak in margining thunderbolt: Disable interrupt auto clear for rings thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access thunderbolt: Use const qualifier for `ring_interrupt_index` thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) ACPI: x86: Drop quirk for HP Elitebook ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable riscv: Bump COMMAND_LINE_SIZE value to 1024 drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded ca8210: fix mac_len negative array access HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse HID: intel-ish-hid: ipc: Fix potential use-after-free in work function m68k: mm: Fix systems with memory at end of 32-bit address space m68k: Only force 030 bus error if PC not in exception table selftests/bpf: check that modifier resolves after pointer scsi: target: iscsi: Fix an error message in iscsi_check_key() scsi: qla2xxx: Add option to disable FC2 Target support scsi: hisi_sas: Check devm_add_action() return value scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() scsi: lpfc: Avoid usage of list iterator variable after loop scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled scsi: mpi3mr: Wait for diagnostic save during controller init scsi: mpi3mr: NVMe command size greater than 8K fails scsi: mpi3mr: Bad drive in topology results kernel crash scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file platform/x86: int3472: Add GPIOs to Surface Go 3 Board data net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 net: usb: qmi_wwan: add Telit 0x1080 composition drm/amd/display: Update clock table to include highest clock setting sh: sanitize the flags on sigreturn drm/amdgpu: Fix call trace warning and hang when removing amdgpu device drm/amd: Fix initialization mistake for NBIO 7.3.0 net/sched: act_mirred: better wording on protection against excessive stack growth act_mirred: use the backlog for nested calls to mirred ingress cifs: lock chan_lock outside match_session cifs: append path to open_enter trace event cifs: do not poll server interfaces too regularly cifs: empty interface list when server doesn't support query interfaces cifs: dump pending mids for all channels in DebugData cifs: print session id while listing open files cifs: fix dentry lookups in directory handle cache x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() selftests/x86/amx: Add a ptrace test scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host" usb: dwc2: fix a devres leak in hw_enable upon suspend resume usb: gadget: u_audio: don't let userspace block driver unbind btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile Bluetooth: Fix race condition in hci_cmd_sync_clear efi: sysfb_efi: Fix DMI quirks not working for simpledrm mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP fscrypt: destroy keyring after security_sb_delete() fsverity: Remove WQ_UNBOUND from fsverity read workqueue lockd: set file_lock start and end when decoding nlm4 testargs arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name igb: revert rtnl_lock() that causes deadlock dm thin: fix deadlock when swapping to thin device usb: typec: tcpm: fix create duplicate source-capabilities file usb: typec: tcpm: fix warning when handle discover_identity message usb: cdns3: Fix issue with using incorrect PCI device function usb: cdnsp: Fixes issue with redundant Status Stage usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: chipidea: core: fix possible concurrent when switch role usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() usb: ucsi_acpi: Increase the command completion timeout mm: kfence: fix using kfence_metadata without initialization in show_object() kfence: avoid passing -g for test io_uring/net: avoid sending -ECONNABORTED on repeated connection requests io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare" test_maple_tree: add more testing for mas_empty_area() maple_tree: fix mas_skip_node() end slot detection ksmbd: fix wrong signingkey creation when encryption is AES256 ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION ksmbd: don't terminate inactive sessions after a few seconds ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect ksmbd: return unsupported error on smb1 mount wifi: mac80211: fix qos on mesh interfaces nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk drm/meson: fix missing component unbind on bind errors drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi drm/i915/active: Fix missing debug object activation drm/i915: Preserve crtc_state->inherited during state clearing drm/amdgpu: skip ASIC reset for APUs when go to S4 drm/amdgpu: reposition the gpu reset checking for reuse riscv: mm: Fix incorrect ASID argument when flushing TLB riscv: Handle zicsr/zifencei issues between clang and binutils tee: amdtee: fix race condition in amdtee_open_session firmware: arm_scmi: Fix device node validation for mailbox transport arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers soc: qcom: llcc: Fix slice configuration values for SC8280XP mm/ksm: fix race with VMA iteration and mm_struct teardown bus: imx-weim: fix branch condition evaluates to a garbage value i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() dm stats: check for and propagate alloc_percpu failure dm crypt: add cond_resched() to dmcrypt_write() dm crypt: avoid accessing uninitialized tasklet sched/fair: sanitize vruntime of entity being placed sched/fair: Sanitize vruntime of entity being migrated drm/amdkfd: introduce dummy cache info for property asic drm/amdkfd: Fix the warning of array-index-out-of-bounds drm/amdkfd: add GC 11.0.4 KFD support drm/amdkfd: Fix the memory overrun Linux 6.1.22 Change-Id: Id13b4655dbfb59c29a0b8953e5e0cda3703f1879 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
f61c12dabf |
Revert "Revert "sbitmap: Try each queue to wake up at least one waiter""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
7b05fba131 |
Revert "Revert "sbitmap: Advance the queue index before waking up a queue""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
d774f1e1f0 |
Revert "Revert "sbitmap: correct wake_batch recalculation to avoid potential IO hung""
This reverts commit
|
||
|
Greg Kroah-Hartman
|
02fb5b0cc5 |
Revert "Revert "sbitmap: Use single per-bitmap counting to wake up queued tags""
This reverts commit
|
||
|
Liam R. Howlett
|
0608b3da04 |
maple_tree: fix mas_skip_node() end slot detection
commit 0fa99fdfe1b38da396d0b2d1496a823bcd0ebea0 upstream.
Patch series "Fix mas_skip_node() for mas_empty_area()", v2.
mas_empty_area() was incorrectly returning an error when there was room.
The issue was tracked down to mas_skip_node() using the incorrect
end-of-slot count. Instead of using the nodes hard limit, the limit of
data should be used.
mas_skip_node() was also setting the min and max to that of the child
node, which was unnecessary. Within these limits being set, there was
also a bug that corrupted the maple state's max if the offset was set to
the maximum node pivot. The bug was without consequence unless there was
a sufficient gap in the next child node which would cause an error to be
returned.
This patch set fixes these errors by removing the limit setting from
mas_skip_node() and uses the mas_data_end() for slot limits, and adds
tests for all failures discovered.
This patch (of 2):
mas_skip_node() is used to move the maple state to the node with a higher
limit. It does this by walking up the tree and increasing the slot count.
Since slot count may not be able to be increased, it may need to walk up
multiple times to find room to walk right to a higher limit node. The
limit of slots that was being used was the node limit and not the last
location of data in the node. This would cause the maple state to be
shifted outside actual data and enter an error state, thus returning
-EBUSY.
The result of the incorrect error state means that mas_awalk() would
return an error instead of finding the allocation space.
The fix is to use mas_data_end() in mas_skip_node() to detect the nodes
data end point and continue walking the tree up until it is safe to move
to a node with a higher limit.
The walk up the tree also sets the maple state limits so remove the buggy
code from mas_skip_node(). Setting the limits had the unfortunate side
effect of triggering another bug if the parent node was full and the there
was no suitable gap in the second last child, but room in the next child.
mas_skip_node() may also be passed a maple state in an error state from
mas_anode_descend() when no allocations are available. Return on such an
error state immediately.
Link: https://lkml.kernel.org/r/20230307180247.2220303-1-Liam.Howlett@oracle.com
Link: https://lkml.kernel.org/r/20230307180247.2220303-2-Liam.Howlett@oracle.com
Fixes:
|
||
|
Liam R. Howlett
|
94f6b92bad |
test_maple_tree: add more testing for mas_empty_area()
commit 4bd6dded6318dc8e2514d74868c1f8fb38b61a60 upstream.
Test robust filling of an entire area of the tree, then test one beyond.
This is to test the walking back up the tree at the end of nodes and error
condition. Test inspired by the reproducer code provided by Snild Dolkow.
The last test in the function tests for the case of a corrupted maple
state caused by the incorrect limits set during mas_skip_node(). There
needs to be a gap in the second last child and last child, but the search
must rule out the second last child's gap. This would avoid correcting
the maple state to the correct max limit and return an error.
Link: https://lkml.kernel.org/r/20230307180247.2220303-3-Liam.Howlett@oracle.com
Cc: Snild Dolkow <snild@sony.com>
Link: https://lore.kernel.org/linux-mm/cb8dc31a-fef2-1d09-f133-e9f7b9f9e77a@sony.com/
Fixes:
|