Skip to content
Snippets Groups Projects
  1. Nov 26, 2024
  2. Nov 17, 2024
    • Linus Torvalds's avatar
      Linux 6.12 · adc21867
      Linus Torvalds authored
      adc21867
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f66d6acc
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
      
       - Make sure a kdump kernel with CONFIG_IMA_KEXEC enabled and booted on
         an AMD SME enabled hardware properly decrypts the ima_kexec buffer
         information passed to it from the previous kernel
      
       - Fix building the kernel with Clang where a non-TLS definition of the
         stack protector guard cookie leads to bogus code generation
      
       - Clear a wrongly advertised virtualized VMLOAD/VMSAVE feature flag on
         some Zen4 client systems as those insns are not supported on client
      
      * tag 'x86_urgent_for_v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
        x86/stackprotector: Work around strict Clang TLS symbol requirements
        x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
      f66d6acc
    • Linus Torvalds's avatar
      Merge tag 'mm-hotfixes-stable-2024-11-16-15-33' of... · 4a5df379
      Linus Torvalds authored
      Merge tag 'mm-hotfixes-stable-2024-11-16-15-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
      
      Pull hotfixes from Andrew Morton:
       "10 hotfixes, 7 of which are cc:stable. All singletons, please see the
        changelogs for details"
      
      * tag 'mm-hotfixes-stable-2024-11-16-15-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
        mm: revert "mm: shmem: fix data-race in shmem_getattr()"
        ocfs2: uncache inode which has failed entering the group
        mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
        mm, doc: update read_ahead_kb for MADV_HUGEPAGE
        fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()
        sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
        crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32
        mm/mremap: fix address wraparound in move_page_tables()
        tools/mm: fix compile error
        mm, swap: fix allocation and scanning race with swapoff
      4a5df379
  3. Nov 16, 2024
  4. Nov 15, 2024
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · e8bdb3c8
      Linus Torvalds authored
      Pull RISC-V fix from Palmer Dabbelt:
      
       - A fix for the CPU perf driver that avoids leaking CPU ID references
         on systems without snapshot support.
      
      * tag 'riscv-for-linus-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        drivers: perf: Fix wrong put_cpu() placement
      e8bdb3c8
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-11-16' of https://gitlab.freedesktop.org/drm/kernel · f868cd25
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Final week of fixes, lots of small amdgpu fixes, some i915 and xe
        fixes, the nouveau changes fix a recent regression and some laptop
        panel black screens, then a couple of other misc ones.
      
        It's probably a little busier than I'd like, but each fix seems fine.
      
        amdgpu:
         - PSR fix
         - Panel replay fixes
         - DML fix
         - vblank power fix
         - Fix video caps
         - SMU 14.0 fix
         - GPUVM fix
         - MES 12 fix
         - APU carve out fix
         - DC vbios fix
         - NBIO fix
      
        i915:
         - Don't load GSC on ARL-H and ARL-U if too old FW
         - Avoid potential OOPS in enabling/disabling TV output
      
        xe:
         - Fix unlock on exec ioctl error path
         - Fix hibernation on LNL due to ggtt getting lost
         - Fix missing runtime PM in OA release
      
        bridge:
         - tc358768: Fix DSI command tx
      
        nouveau:
         - Fix GSP AUX error handling
         - dp: Handle retires for AUX CH transfers with GSP
         - fw: Sync DMA after setup
      
        panthor:
         - Fix partial BO mappings to GPU
      
        rockchip:
         - vop: Avoid null-ptr deref in plane-state check
      
        vmwgfx:
         - Avoid null-ptr deref in surface creation"
      
      * tag 'drm-fixes-2024-11-16' of https://gitlab.freedesktop.org/drm/kernel: (27 commits)
        drm/bridge: tc358768: Fix DSI command tx
        drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
        nouveau/dp: handle retries for AUX CH transfers with GSP.
        nouveau: handle EBUSY and EAGAIN for GSP aux errors.
        nouveau: fw: sync dma after setup is called.
        drm/xe/oa: Fix "Missing outer runtime PM protection" warning
        drm/xe: handle flat ccs during hibernation on igpu
        drm/xe: improve hibernation on igpu
        drm/xe: Restore system memory GGTT mappings
        drm/xe: Ensure all locks released in exec IOCTL
        drm/panthor: Fix handling of partial GPU mapping of BOs
        drm/amd: Fix initialization mistake for NBIO 7.7.0
        Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
        drm/amd/display: Fix failure to read vram info due to static BP_RESULT
        drm/amdgpu: enable GTT fallback handling for dGPUs only
        drm/i915: Grab intel_display from the encoder to avoid potential oopsies
        drm/i915/gsc: ARL-H and ARL-U need a newer GSC FW.
        drm/amdgpu/mes12: correct kiq unmap latency
        drm/amdgpu: fix check in gmc_v9_0_get_vm_pte()
        drm/amd/pm: print pp_dpm_mclk in ascending order on SMU v14.0.0
        ...
      f868cd25
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · f5395732
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
      
       - Revert a change to the VLAN logic, this broke previously working ROCE
         configurations
      
       - Fix a memory leak on error unwinding in bnxt_re
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan"
        RDMA/bnxt_re: Remove some dead code
        RDMA/bnxt_re: Fix some error handling paths in bnxt_re_probe()
      f5395732
    • Dave Airlie's avatar
      Merge tag 'drm-xe-fixes-2024-11-14' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes · 21c1c6c7
      Dave Airlie authored
      
      Driver Changes:
      - Fix unlock on exec ioctl error path (Matthew Brost)
      - Fix hibernation on LNL due to ggtt getting lost
        (Matthew Brost / Matthew Auld)
      - Fix missing runtime PM in OA release (Ashutosh)
      
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Lucas De Marchi <lucas.demarchi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/5ntcf2ssmmvo5dsf2mdcee4guwwmpbm3xrlufgt2pdfmznzjo3@62ygo3bxkock
      21c1c6c7
    • Linus Torvalds's avatar
      Merge tag 'pmdomain-v6.12-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm · 1b597e1c
      Linus Torvalds authored
      Pull pmdomain fixes from Ulf Hansson:
       "pmdomain core:
         - Add GENPD_FLAG_DEV_NAME_FW flag to generate unique names
      
        pmdomain providers:
         - arm: Use FLAG_DEV_NAME_FW to ensure unique names
         - imx93-blk-ctrl: Fix the remove path
      
        arm_scmi/qcom-cpucp:
         - Report duplicate OPPs as firmware bugs for arm_scmi
         - Skip OPP duplicates for arm_scmi
         - Mark the qcom-cpucp mailbox irq with IRQF_NO_SUSPEND flag"
      
      * tag 'pmdomain-v6.12-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
        mailbox: qcom-cpucp: Mark the irq with IRQF_NO_SUSPEND flag
        firmware: arm_scmi: Report duplicate opps as firmware bugs
        firmware: arm_scmi: Skip opp duplicates
        pmdomain: imx93-blk-ctrl: correct remove path
        pmdomain: arm: Use FLAG_DEV_NAME_FW to ensure unique names
        pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag
      1b597e1c
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.12-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · aa35f544
      Linus Torvalds authored
      Pull MMC host fixes from Ulf Hansson:
      
       - dw_mmc: Revert fix for IDMAC operation with pages bigger than 4K
      
       - sunxi-mmc: Fix A100 compatible description
      
      * tag 'mmc-v6.12-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
        mmc: sunxi-mmc: Fix A100 compatible description
      aa35f544
    • Linus Torvalds's avatar
      Merge tag 'sound-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · eeae5ef6
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A few last-minute fixes. All changes are device-specific small fixes
        that should be pretty safe to apply"
      
      * tag 'sound-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318
        ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10
        ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
        ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
        ASoC: max9768: Fix event generation for playback mute
        ASoC: intel: sof_sdw: add quirk for Dell SKU
        ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
      eeae5ef6
    • Linus Torvalds's avatar
      Merge tag 'v6.12-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 842c7e58
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "Fix a regression in the MIPS CRC32C code"
      
      * tag 'v6.12-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: mips/crc32 - fix the CRC32C implementation
      842c7e58
    • Linus Torvalds's avatar
      Merge tag 'sched_ext-for-6.12-rc7-fixes-2' of... · d79944b0
      Linus Torvalds authored
      Merge tag 'sched_ext-for-6.12-rc7-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext
      
      Pull sched_ext fix from Tejun Heo:
       "One more fix for v6.12-rc7
      
        ops.cpu_acquire() was being invoked with the wrong kfunc mask allowing
        the operation to call kfuncs which shouldn't be allowed. Fix it by
        using SCX_KF_REST instead, which is trivial and low risk"
      
      * tag 'sched_ext-for-6.12-rc7-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext:
        sched_ext: ops.cpu_acquire() should be called with SCX_KF_REST
      d79944b0
    • Linus Torvalds's avatar
      Merge tag 'for-6.12-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · c9dd4571
      Linus Torvalds authored
      Pull btrfs fix from David Sterba:
       "One more fix that seems urgent and good to have in 6.12 final.
      
        It could potentially lead to unexpected transaction aborts, due to
        wrong comparison and order of processing of delayed refs"
      
      * tag 'for-6.12-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix incorrect comparison for delayed refs
      c9dd4571
    • Dmitry Antipov's avatar
      ocfs2: uncache inode which has failed entering the group · 737f3413
      Dmitry Antipov authored
      Syzbot has reported the following BUG:
      
      kernel BUG at fs/ocfs2/uptodate.c:509!
      ...
      Call Trace:
       <TASK>
       ? __die_body+0x5f/0xb0
       ? die+0x9e/0xc0
       ? do_trap+0x15a/0x3a0
       ? ocfs2_set_new_buffer_uptodate+0x145/0x160
       ? do_error_trap+0x1dc/0x2c0
       ? ocfs2_set_new_buffer_uptodate+0x145/0x160
       ? __pfx_do_error_trap+0x10/0x10
       ? handle_invalid_op+0x34/0x40
       ? ocfs2_set_new_buffer_uptodate+0x145/0x160
       ? exc_invalid_op+0x38/0x50
       ? asm_exc_invalid_op+0x1a/0x20
       ? ocfs2_set_new_buffer_uptodate+0x2e/0x160
       ? ocfs2_set_new_buffer_uptodate+0x144/0x160
       ? ocfs2_set_new_buffer_uptodate+0x145/0x160
       ocfs2_group_add+0x39f/0x15a0
       ? __pfx_ocfs2_group_add+0x10/0x10
       ? __pfx_lock_acquire+0x10/0x10
       ? mnt_get_write_access+0x68/0x2b0
       ? __pfx_lock_release+0x10/0x10
       ? rcu_read_lock_any_held+0xb7/0x160
       ? __pfx_rcu_read_lock_any_held+0x10/0x10
       ? smack_log+0x123/0x540
       ? mnt_get_write_access+0x68/0x2b0
       ? mnt_get_write_access+0x68/0x2b0
       ? mnt_get_write_access+0x226/0x2b0
       ocfs2_ioctl+0x65e/0x7d0
       ? __pfx_ocfs2_ioctl+0x10/0x10
       ? smack_file_ioctl+0x29e/0x3a0
       ? __pfx_smack_file_ioctl+0x10/0x10
       ? lockdep_hardirqs_on_prepare+0x43d/0x780
       ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
       ? __pfx_ocfs2_ioctl+0x10/0x10
       __se_sys_ioctl+0xfb/0x170
       do_syscall_64+0xf3/0x230
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      ...
       </TASK>
      
      When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular
      inode in 'ocfs2_verify_group_and_input()', corresponding buffer head
      remains cached and subsequent call to the same 'ioctl()' for the same
      inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying
      to cache the same buffer head of that inode). Fix this by uncaching
      the buffer head with 'ocfs2_remove_from_cache()' on error path in
      'ocfs2_group_add()'.
      
      Link: https://lkml.kernel.org/r/20241114043844.111847-1-dmantipov@yandex.ru
      
      
      Fixes: 7909f2bf ("[PATCH 2/2] ocfs2: Implement group add for online resize")
      Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
      Reported-by: default avatar <syzbot+453873f1588c2d75b447@syzkaller.appspotmail.com>
      Closes: https://syzkaller.appspot.com/bug?extid=453873f1588c2d75b447
      
      
      Reviewed-by: default avatarJoseph Qi <joseph.qi@linux.alibaba.com>
      Cc: Dmitry Antipov <dmantipov@yandex.ru>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Mark Fasheh <mark@fasheh.com>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Cc: Changwei Ge <gechangwei@live.cn>
      Cc: Jun Piao <piaojun@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      737f3413
    • Jinjiang Tu's avatar
      mm: fix NULL pointer dereference in alloc_pages_bulk_noprof · 8ce41b0f
      Jinjiang Tu authored
      We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in
      alloc_pages_bulk_noprof() when the task is migrated between cpusets.
      
      When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be
      &current->mems_allowed.  when first_zones_zonelist() is called to find
      preferred_zoneref, the ac->nodemask may be modified concurrently if the
      task is migrated between different cpusets.  Assuming we have 2 NUMA Node,
      when traversing Node1 in ac->zonelist, the nodemask is 2, and when
      traversing Node2 in ac->zonelist, the nodemask is 1.  As a result, the
      ac->preferred_zoneref points to NULL zone.
      
      In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a
      allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading
      to NULL pointer dereference.
      
      __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit
      ea57485a ("mm, page_alloc: fix check for NULL preferred_zone") and
      commit df76cee6 ("mm, page_alloc: remove redundant checks from alloc
      fastpath").
      
      To fix it, check NULL pointer for preferred_zoneref->zone.
      
      Link: https://lkml.kernel.org/r/20241113083235.166798-1-tujinjiang@huawei.com
      
      
      Fixes: 387ba26f ("mm/page_alloc: add a bulk page allocator")
      Signed-off-by: default avatarJinjiang Tu <tujinjiang@huawei.com>
      Reviewed-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: Alexander Lobakin <alobakin@pm.me>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Mel Gorman <mgorman@techsingularity.net>
      Cc: Nanyong Sun <sunnanyong@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8ce41b0f
    • Yafang Shao's avatar
      mm, doc: update read_ahead_kb for MADV_HUGEPAGE · 0740e543
      Yafang Shao authored
      MADV_HUGEPAGE is a new addition to readahead with behavior distinct from
      normal pages.  To prevent confusion, we should update the documentation
      accordingly.
      
      Link: https://lkml.kernel.org/r/20241113150711.1685-1-laoar.shao@gmail.com
      
      
      Signed-off-by: default avatarYafang Shao <laoar.shao@gmail.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      0740e543
    • Dan Carpenter's avatar
      fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() · 669b0cb8
      Dan Carpenter authored
      The "arg->vec_len" variable is a u64 that comes from the user at the start
      of the function.  The "arg->vec_len * sizeof(struct page_region))"
      multiplication can lead to integer wrapping.  Use size_mul() to avoid
      that.
      
      Also the size_add/mul() functions work on unsigned long so for 32bit
      systems we need to ensure that "arg->vec_len" fits in an unsigned long.
      
      Link: https://lkml.kernel.org/r/39d41335-dd4d-48ed-8a7f-402c57d8ea84@stanley.mountain
      
      
      Fixes: 52526ca7 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Cc: Andrei Vagin <avagin@google.com>
      Cc: Andrii Nakryiko <andrii@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michał Mirosław <mirq-linux@rere.qmqm.pl>
      Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Peter Xu <peterx@redhat.com>
      Cc: Ryan Roberts <ryan.roberts@arm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      669b0cb8
    • Qun-Wei Lin's avatar
      sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers · fd7b4f9f
      Qun-Wei Lin authored
      When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the
      object_is_on_stack() function may produce incorrect results due to the
      presence of tags in the obj pointer, while the stack pointer does not have
      tags.  This discrepancy can lead to incorrect stack object detection and
      subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled.
      
      Example of the warning:
      
      ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.
      ------------[ cut here ]------------
      WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364
      Modules linked in:
      CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4
      Hardware name: linux,dummy-virt (DT)
      pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
      pc : __debug_object_init+0x330/0x364
      lr : __debug_object_init+0x330/0x364
      sp : ffff800082ea7b40
      x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534
      x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0
      x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418
      x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000
      x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e
      x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e
      x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800
      x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001
      x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4
      x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050
      Call trace:
       __debug_object_init+0x330/0x364
       debug_object_init_on_stack+0x30/0x3c
       schedule_hrtimeout_range_clock+0xac/0x26c
       schedule_hrtimeout+0x1c/0x30
       wait_task_inactive+0x1d4/0x25c
       kthread_bind_mask+0x28/0x98
       init_rescuer+0x1e8/0x280
       workqueue_init+0x1a0/0x3cc
       kernel_init_freeable+0x118/0x200
       kernel_init+0x28/0x1f0
       ret_from_fork+0x10/0x20
      ---[ end trace 0000000000000000 ]---
      ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.
      ------------[ cut here ]------------
      
      Link: https://lkml.kernel.org/r/20241113042544.19095-1-qun-wei.lin@mediatek.com
      
      
      Signed-off-by: default avatarQun-Wei Lin <qun-wei.lin@mediatek.com>
      Cc: Andrew Yang <andrew.yang@mediatek.com>
      Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
      Cc: Casper Li <casper.li@mediatek.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Chinwen Chang <chinwen.chang@mediatek.com>
      Cc: Kent Overstreet <kent.overstreet@linux.dev>
      Cc: Matthias Brugger <matthias.bgg@gmail.com>
      Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
      Cc: Shakeel Butt <shakeel.butt@linux.dev>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      fd7b4f9f
    • Dave Vasilevsky's avatar
      crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32 · 31daa343
      Dave Vasilevsky authored
      Fixes boot failures on 6.9 on PPC_BOOK3S_32 machines using Open Firmware. 
      On these machines, the kernel refuses to boot from non-zero
      PHYSICAL_START, which occurs when CRASH_DUMP is on.
      
      Since most PPC_BOOK3S_32 machines boot via Open Firmware, it should
      default to off for them.  Users booting via some other mechanism can still
      turn it on explicitly.
      
      Does not change the default on any other architectures for the
      time being.
      
      Link: https://lkml.kernel.org/r/20240917163720.1644584-1-dave@vasilevsky.ca
      
      
      Fixes: 75bc255a ("crash: clean up kdump related config items")
      Signed-off-by: default avatarDave Vasilevsky <dave@vasilevsky.ca>
      Reported-by: default avatarReimar Döffinger <Reimar.Doeffinger@gmx.de>
      Closes: https://lists.debian.org/debian-powerpc/2024/07/msg00001.html
      
      
      Acked-by: Michael Ellerman <mpe@ellerman.id.au>	[powerpc]
      Acked-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
      Cc: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      31daa343
    • Jann Horn's avatar
      mm/mremap: fix address wraparound in move_page_tables() · a4a282da
      Jann Horn authored
      On 32-bit platforms, it is possible for the expression `len + old_addr <
      old_end` to be false-positive if `len + old_addr` wraps around. 
      `old_addr` is the cursor in the old range up to which page table entries
      have been moved; so if the operation succeeded, `old_addr` is the *end* of
      the old region, and adding `len` to it can wrap.
      
      The overflow causes mremap() to mistakenly believe that PTEs have been
      copied; the consequence is that mremap() bails out, but doesn't move the
      PTEs back before the new VMA is unmapped, causing anonymous pages in the
      region to be lost.  So basically if userspace tries to mremap() a
      private-anon region and hits this bug, mremap() will return an error and
      the private-anon region's contents appear to have been zeroed.
      
      The idea of this check is that `old_end - len` is the original start
      address, and writing the check that way also makes it easier to read; so
      fix the check by rearranging the comparison accordingly.
      
      (An alternate fix would be to refactor this function by introducing an
      "orig_old_start" variable or such.)
      
      
      Tested in a VM with a 32-bit X86 kernel; without the patch:
      
      ```
      user@horn:~/big_mremap$ cat test.c
      #define _GNU_SOURCE
      #include <stdlib.h>
      #include <stdio.h>
      #include <err.h>
      #include <sys/mman.h>
      
      #define ADDR1 ((void*)0x60000000)
      #define ADDR2 ((void*)0x10000000)
      #define SIZE          0x50000000uL
      
      int main(void) {
        unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE,
            MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0);
        if (p1 == MAP_FAILED)
          err(1, "mmap 1");
        unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE,
            MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0);
        if (p2 == MAP_FAILED)
          err(1, "mmap 2");
        *p1 = 0x41;
        printf("first char is 0x%02hhx\n", *p1);
        unsigned char *p3 = mremap(p1, SIZE, SIZE,
            MREMAP_MAYMOVE|MREMAP_FIXED, p2);
        if (p3 == MAP_FAILED) {
          printf("mremap() failed; first char is 0x%02hhx\n", *p1);
        } else {
          printf("mremap() succeeded; first char is 0x%02hhx\n", *p3);
        }
      }
      user@horn:~/big_mremap$ gcc -static -o test test.c
      user@horn:~/big_mremap$ setarch -R ./test
      first char is 0x41
      mremap() failed; first char is 0x00
      ```
      
      With the patch:
      
      ```
      user@horn:~/big_mremap$ setarch -R ./test
      first char is 0x41
      mremap() succeeded; first char is 0x41
      ```
      
      Link: https://lkml.kernel.org/r/20241111-fix-mremap-32bit-wrap-v1-1-61d6be73b722@google.com
      
      
      Fixes: af8ca1c1 ("mm/mremap: optimize the start addresses in move_page_tables()")
      Signed-off-by: default avatarJann Horn <jannh@google.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Reviewed-by: default avatarLorenzo Stoakes <lorenzo.stoakes@oracle.com>
      Acked-by: default avatarQi Zheng <zhengqi.arch@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@Oracle.com>
      Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      a4a282da
    • Motiejus JakÅ`tys's avatar
      tools/mm: fix compile error · a3932676
      Motiejus JakÅ`tys authored
      Add a missing semicolon.
      
      Link: https://lkml.kernel.org/r/20241112171655.1662670-1-motiejus@jakstys.lt
      
      
      Fixes: ece5897e ("tools/mm: -Werror fixes in page-types/slabinfo")
      Signed-off-by: default avatarMotiejus JakÅ`tys <motiejus@jakstys.lt>
      Closes: https://github.com/NixOS/nixpkgs/issues/355369
      
      
      Reviewed-by: default avatarSeongJae Park <sj@kernel.org>
      Reviewed-by: default avatarVishal Moola (Oracle) <vishal.moola@gmail.com>
      Acked-by: default avatarOleksandr Natalenko <oleksandr@natalenko.name>
      Cc: Wladislav Wiebe <wladislav.kw@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      a3932676
  5. Nov 14, 2024
    • Kairui Song's avatar
      mm, swap: fix allocation and scanning race with swapoff · 0ec8bc9e
      Kairui Song authored
      There are two flags used to synchronize allocation and scanning with
      swapoff: SWP_WRITEOK and SWP_SCANNING.
      
      SWP_WRITEOK: Swapoff will first unset this flag, at this point any further
      swap allocation or scanning on this device should just abort so no more
      new entries will be referencing this device.  Swapoff will then unuse all
      existing swap entries.
      
      SWP_SCANNING: This flag is set when device is being scanned.  Swapoff will
      wait for all scanner to stop before the final release of the swap device
      structures to avoid UAF.  Note this flag is the highest used bit of
      si->flags so it could be added up arithmetically, if there are multiple
      scanner.
      
      commit 5f843a9a ("mm: swap: separate SSD allocation from
      scan_swap_map_slots()") ignored SWP_SCANNING and SWP_WRITEOK flags while
      separating cluster allocation path from the old allocation path.  Add the
      flags back to fix swapoff race.  The race is hard to trigger as si->lock
      prevents most parallel operations, but si->lock could be dropped for
      reclaim or discard.  This issue is found during code review.
      
      This commit fixes this problem.  For SWP_SCANNING, Just like before, set
      the flag before scan and remove it afterwards.
      
      For SWP_WRITEOK, there are several places where si->lock could be dropped,
      it will be error-prone and make the code hard to follow if we try to cover
      these places one by one.  So just do one check before the real allocation,
      which is also very similar like before.  With new cluster allocator it may
      waste a bit of time iterating the clusters but won't take long, and
      swapoff is not performance sensitive.
      
      Link: https://lkml.kernel.org/r/20241112083414.78174-1-ryncsn@gmail.com
      
      
      Fixes: 5f843a9a ("mm: swap: separate SSD allocation from scan_swap_map_slots()")
      Reported-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Closes: https://lore.kernel.org/linux-mm/87a5es3f1f.fsf@yhuang6-desk2.ccr.corp.intel.com/
      
      
      Signed-off-by: default avatarKairui Song <kasong@tencent.com>
      Cc: Barry Song <v-songbaohua@oppo.com>
      Cc: Chris Li <chrisl@kernel.org>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Kalesh Singh <kaleshsingh@google.com>
      Cc: Ryan Roberts <ryan.roberts@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      0ec8bc9e
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-6.12-2024-11-14' of... · 1eb0de89
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-6.12-2024-11-14' of https://gitlab.freedesktop.org/agd5f/linux
      
       into drm-fixes
      
      amd-drm-fixes-6.12-2024-11-14:
      
      amdgpu:
      - PSR fix
      - Panel replay fixes
      - DML fix
      - vblank power fix
      - Fix video caps
      - SMU 14.0 fix
      - GPUVM fix
      - MES 12 fix
      - APU carve out fix
      - DC vbios fix
      - NBIO fix
      
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20241114143401.448210-1-alexander.deucher@amd.com
      1eb0de89
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2024-11-14' of... · 99d051c4
      Dave Airlie authored
      Merge tag 'drm-misc-fixes-2024-11-14' of https://gitlab.freedesktop.org/drm/misc/kernel
      
       into drm-fixes
      
      Short summary of fixes pull:
      
      bridge:
      - tc358768: Fix DSI command tx
      
      nouveau:
      - Fix GSP AUX error handling
      - dp: Handle retires for AUX CH transfers with GSP
      - fw: Sync DMA after setup
      
      panthor:
      - Fix partial BO mappings to GPU
      
      rockchip:
      - vop: Avoid null-ptr deref in plane-state check
      
      vmwgfx:
      - Avoid null-ptr deref in surface creation
      
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thomas Zimmermann <tzimmermann@suse.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/20241114142256.GA86810@2a02-2454-fd5e-fd00-4ce-489-4b34-bd1a.dyn6.pyur.net
      99d051c4
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2024-11-14' of... · 6b76bf8f
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2024-11-14' of https://gitlab.freedesktop.org/drm/i915/kernel
      
       into drm-fixes
      
      - Don't load GSC on ARL-H and ARL-U if too old FW
      - Avoid potential OOPS in enabling/disabling TV output
      
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/ZzWksU6CMGLPfjkT@jlahtine-mobl.ger.corp.intel.com
      6b76bf8f
    • Tejun Heo's avatar
      sched_ext: ops.cpu_acquire() should be called with SCX_KF_REST · a4af89cc
      Tejun Heo authored
      
      ops.cpu_acquire() is currently called with 0 kf_maks which is interpreted as
      SCX_KF_UNLOCKED which allows all unlocked kfuncs, but ops.cpu_acquire() is
      called from balance_one() under the rq lock and should only be allowed call
      kfuncs that are safe under the rq lock. Update it to use SCX_KF_REST.
      
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Cc: David Vernet <void@manifault.com>
      Cc: Zhao Mengmeng <zhaomzhao@126.com>
      Link: http://lkml.kernel.org/r/ZzYvf2L3rlmjuKzh@slm.duckdns.org
      Fixes: 245254f7 ("sched_ext: Implement sched_ext_ops.cpu_acquire/release()")
      a4af89cc
    • Linus Torvalds's avatar
      Merge tag 'net-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · cfaaa7d0
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from bluetooth.
      
        Quite calm week. No new regression under investigation.
      
        Current release - regressions:
      
         - eth: revert "igb: Disable threaded IRQ for igb_msix_other"
      
        Current release - new code bugs:
      
         - bluetooth: btintel: direct exception event to bluetooth stack
      
        Previous releases - regressions:
      
         - core: fix data-races around sk->sk_forward_alloc
      
         - netlink: terminate outstanding dump on socket close
      
         - mptcp: error out earlier on disconnect
      
         - vsock: fix accept_queue memory leak
      
         - phylink: ensure PHY momentary link-fails are handled
      
         - eth: mlx5:
            - fix null-ptr-deref in add rule err flow
            - lock FTE when checking if active
      
         - eth: dwmac-mediatek: fix inverted handling of mediatek,mac-wol
      
        Previous releases - always broken:
      
         - sched: fix u32's systematic failure to free IDR entries for hnodes.
      
         - sctp: fix possible UAF in sctp_v6_available()
      
         - eth: bonding: add ns target multicast address to slave device
      
         - eth: mlx5: fix msix vectors to respect platform limit
      
         - eth: icssg-prueth: fix 1 PPS sync"
      
      * tag 'net-6.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (38 commits)
        net: sched: u32: Add test case for systematic hnode IDR leaks
        selftests: bonding: add ns multicast group testing
        bonding: add ns target multicast address to slave device
        net: ti: icssg-prueth: Fix 1 PPS sync
        stmmac: dwmac-intel-plat: fix call balance of tx_clk handling routines
        net: Make copy_safe_from_sockptr() match documentation
        net: stmmac: dwmac-mediatek: Fix inverted handling of mediatek,mac-wol
        ipmr: Fix access to mfc_cache_list without lock held
        samples: pktgen: correct dev to DEV
        net: phylink: ensure PHY momentary link-fails are handled
        mptcp: pm: use _rcu variant under rcu_read_lock
        mptcp: hold pm lock when deleting entry
        mptcp: update local address flags when setting it
        net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes.
        MAINTAINERS: Re-add cancelled Renesas driver sections
        Revert "igb: Disable threaded IRQ for igb_msix_other"
        Bluetooth: btintel: Direct exception event to bluetooth stack
        Bluetooth: hci_core: Fix calling mgmt_device_connected
        virtio/vsock: Improve MSG_ZEROCOPY error handling
        vsock: Fix sk_error_queue memory leak
        ...
      cfaaa7d0
    • Linus Torvalds's avatar
      Merge tag 'bcachefs-2024-11-13' of git://evilpiepirate.org/bcachefs · 4abcd80f
      Linus Torvalds authored
      Pull bcachefs fixes from Kent Overstreet:
       "This fixes one minor regression from the btree cache fixes (in the
        scan_for_btree_nodes repair path) - and the shutdown path fix is the
        big one here, in terms of bugs closed:
      
         - Assorted tiny syzbot fixes
      
         - Shutdown path fix: "bch2_btree_write_buffer_flush_going_ro()"
      
           The shutdown path wasn't flushing the btree write buffer, leading
           to shutting down while we still had operations in flight. This
           fixes a whole slew of syzbot bugs, and undoubtedly other strange
           heisenbugs.
      
      * tag 'bcachefs-2024-11-13' of git://evilpiepirate.org/bcachefs:
        bcachefs: Fix assertion pop in bch2_ptr_swab()
        bcachefs: Fix journal_entry_dev_usage_to_text() overrun
        bcachefs: Allow for unknown key types in backpointers fsck
        bcachefs: Fix assertion pop in topology repair
        bcachefs: Fix hidden btree errors when reading roots
        bcachefs: Fix validate_bset() repair path
        bcachefs: Fix missing validation for bch_backpointer.level
        bcachefs: Fix bch_member.btree_bitmap_shift validation
        bcachefs: bch2_btree_write_buffer_flush_going_ro()
      4abcd80f
    • Steven Rostedt's avatar
      tracing/ring-buffer: Clear all memory mapped CPU ring buffers on first recording · 09663753
      Steven Rostedt authored
      
      The events of a memory mapped ring buffer from the previous boot should
      not be mixed in with events from the current boot. There's meta data that
      is used to handle KASLR so that function names can be shown properly.
      
      Also, since the timestamps of the previous boot have no meaning to the
      timestamps of the current boot, having them intermingled in a buffer can
      also cause confusion because there could possibly be events in the future.
      
      When a trace is activated the meta data is reset so that the pointers of
      are now processed for the new address space. The trace buffers are reset
      when tracing starts for the first time. The problem here is that the reset
      only happens on online CPUs. If a CPU is offline, it does not get reset.
      
      To demonstrate the issue, a previous boot had tracing enabled in the boot
      mapped ring buffer on reboot. On the following boot, tracing has not been
      started yet so the function trace from the previous boot is still visible.
      
       # trace-cmd show -B boot_mapped -c 3 | tail
                <idle>-0       [003] d.h2.   156.462395: __rcu_read_lock <-cpu_emergency_disable_virtualization
                <idle>-0       [003] d.h2.   156.462396: vmx_emergency_disable_virtualization_cpu <-cpu_emergency_disable_virtualization
                <idle>-0       [003] d.h2.   156.462396: __rcu_read_unlock <-__sysvec_reboot
                <idle>-0       [003] d.h2.   156.462397: stop_this_cpu <-__sysvec_reboot
                <idle>-0       [003] d.h2.   156.462397: set_cpu_online <-stop_this_cpu
                <idle>-0       [003] d.h2.   156.462397: disable_local_APIC <-stop_this_cpu
                <idle>-0       [003] d.h2.   156.462398: clear_local_APIC <-disable_local_APIC
                <idle>-0       [003] d.h2.   156.462574: mcheck_cpu_clear <-stop_this_cpu
                <idle>-0       [003] d.h2.   156.462575: mce_intel_feature_clear <-stop_this_cpu
                <idle>-0       [003] d.h2.   156.462575: lmce_supported <-mce_intel_feature_clear
      
      Now, if CPU 3 is taken offline, and tracing is started on the memory
      mapped ring buffer, the events from the previous boot in the CPU 3 ring
      buffer is not reset. Now those events are using the meta data from the
      current boot and produces just hex values.
      
       # echo 0 > /sys/devices/system/cpu/cpu3/online
       # trace-cmd start -B boot_mapped -p function
       # trace-cmd show -B boot_mapped -c 3 | tail
                <idle>-0       [003] d.h2.   156.462395: 0xffffffff9a1e3194 <-0xffffffff9a0f655e
                <idle>-0       [003] d.h2.   156.462396: 0xffffffff9a0a1d24 <-0xffffffff9a0f656f
                <idle>-0       [003] d.h2.   156.462396: 0xffffffff9a1e6bc4 <-0xffffffff9a0f7323
                <idle>-0       [003] d.h2.   156.462397: 0xffffffff9a0d12b4 <-0xffffffff9a0f732a
                <idle>-0       [003] d.h2.   156.462397: 0xffffffff9a1458d4 <-0xffffffff9a0d12e2
                <idle>-0       [003] d.h2.   156.462397: 0xffffffff9a0faed4 <-0xffffffff9a0d12e7
                <idle>-0       [003] d.h2.   156.462398: 0xffffffff9a0faaf4 <-0xffffffff9a0faef2
                <idle>-0       [003] d.h2.   156.462574: 0xffffffff9a0e3444 <-0xffffffff9a0d12ef
                <idle>-0       [003] d.h2.   156.462575: 0xffffffff9a0e4964 <-0xffffffff9a0d12ef
                <idle>-0       [003] d.h2.   156.462575: 0xffffffff9a0e3fb0 <-0xffffffff9a0e496f
      
      Reset all CPUs when starting a boot mapped ring buffer for the first time,
      and not just the online CPUs.
      
      Fixes: 7a1d1e4b ("tracing/ring-buffer: Add last_boot_info file to boot instance")
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      09663753
    • Takashi Iwai's avatar
      Merge tag 'asoc-fix-v6.12-rc7' of... · 5ec23a1b
      Takashi Iwai authored
      Merge tag 'asoc-fix-v6.12-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
      
      ASoC: Fixes for v6.12
      
      Some last updates for v6.12, one quirk plus a couple of fixes.  One is a
      minor fix for a relatively obscure driver and the other is a relatively
      important fix for boot hangs with some audio graph based cards.
      5ec23a1b
    • Josef Bacik's avatar
      btrfs: fix incorrect comparison for delayed refs · 7d493a5e
      Josef Bacik authored
      
      When I reworked delayed ref comparison in cf4f0432 ("btrfs: move
      ->parent and ->ref_root into btrfs_delayed_ref_node"), I made a mistake
      and returned -1 for the case where ref1->ref_root was > than
      ref2->ref_root.  This is a subtle bug that can result in improper
      delayed ref running order, which can result in transaction aborts.
      
      Fixes: cf4f0432 ("btrfs: move ->parent and ->ref_root into btrfs_delayed_ref_node")
      CC: stable@vger.kernel.org # 6.10+
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      7d493a5e