1. 12 Dec, 2022 13 commits
    • Linus Torvalds's avatar
      Merge tag 'hyperv-next-signed-20221208' of... · 7d621599
      Linus Torvalds authored
      Merge tag 'hyperv-next-signed-20221208' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull hyperv updates from Wei Liu:
      
       - Drop unregister syscore from hyperv_cleanup to avoid hang (Gaurav
         Kohli)
      
       - Clean up panic path for Hyper-V framebuffer (Guilherme G. Piccoli)
      
       - Allow IRQ remapping to work without x2apic (Nuno Das Neves)
      
       - Fix comments (Olaf Hering)
      
       - Expand hv_vp_assist_page definition (Saurabh Sengar)
      
       - Improvement to page reporting (Shradha Gupta)
      
       - Make sure TSC clocksource works when Linux runs as the root partition
         (Stanislav Kinsburskiy)
      
      * tag 'hyperv-next-signed-20221208' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
        iommu/hyper-v: Allow hyperv irq remapping without x2apic
        clocksource: hyper-v: Add TSC page support for root partition
        clocksource: hyper-v: Use TSC PFN getter to map vvar page
        clocksource: hyper-v: Introduce TSC PFN getter
        clocksource: hyper-v: Introduce a pointer to TSC page
        x86/hyperv: Expand definition of struct hv_vp_assist_page
        PCI: hv: update comment in x86 specific hv_arch_irq_unmask
        hv: fix comment typo in vmbus_channel/low_latency
        drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers
        video: hyperv_fb: Avoid taking busy spinlock on panic path
        hv_balloon: Add support for configurable order free page reporting
        mm/page_reporting: Add checks for page_reporting_order param
      7d621599
    • Linus Torvalds's avatar
      Merge tag 'tpmdd-next-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd · 43686598
      Linus Torvalds authored
      Pull tpm updates from Jarkko Sakkinen:
       "A random collection of TPM fixes and one bug fix for trusted keys"
      
      * tag 'tpmdd-next-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
        tpm: st33zp24: remove pointless checks on probe
        tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
        tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init()
        tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
        tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
        tpm: acpi: Call acpi_put_table() to fix memory leak
        tpm: Add flag to use default cancellation policy
        tpm: tis_i2c: Fix sanity check interrupt enable mask
        KEYS: trusted: tee: Make registered shm dependency explicit
        tpm: Avoid function type cast of put_device()
        tpm: st33zp24: switch to using gpiod API
        tpm: st33zp24: drop support for platform data
      43686598
    • Linus Torvalds's avatar
      Merge tag 'slab-for-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab · 893660b0
      Linus Torvalds authored
      Pull slab updates from Vlastimil Babka:
      
       - SLOB deprecation and SLUB_TINY
      
         The SLOB allocator adds maintenance burden and stands in the way of
         API improvements [1]. Deprecate it by renaming the config option (to
         make users notice) to CONFIG_SLOB_DEPRECATED with updated help text.
         SLUB should be used instead as SLAB will be the next on the removal
         list.
      
         Based on reports from a riscv k210 board with 8MB RAM, add a
         CONFIG_SLUB_TINY option to minimize SLUB's memory usage at the
         expense of scalability. This has resolved the k210 regression [2] so
         in case there are no others (that wouldn't be resolvable by further
         tweaks to SLUB_TINY) plan is to remove SLOB in a few cycles.
      
         Existing defconfigs with CONFIG_SLOB are converted to
         CONFIG_SLUB_TINY.
      
       - kmalloc() slub_debug redzone improvements
      
         A series from Feng Tang that builds on the tracking or requested size
         for kmalloc() allocations (for caches with debugging enabled) added
         in 6.1, to make redzone checks consider the requested size and not
         the rounded up one, in order to catch more subtle buffer overruns.
         Includes new slub_kunit test.
      
       - struct slab fields reordering to accomodate larger rcu_head
      
         RCU folks would like to grow rcu_head with debugging options, which
         breaks current struct slab layout's assumptions, so reorganize it to
         make this possible.
      
       - Miscellaneous improvements/fixes:
           - __alloc_size checking compiler workaround (Kees Cook)
           - Optimize and cleanup SLUB's sysfs init (Rasmus Villemoes)
           - Make SLAB compatible with PROVE_RAW_LOCK_NESTING (Jiri Kosina)
           - Correct SLUB's percpu allocation estimates (Baoquan He)
           - Re-enableS LUB's run-time failslab sysfs control (Alexander Atanasov)
           - Make tools/vm/slabinfo more user friendly when not run as root (Rong Tao)
           - Dead code removal in SLUB (Hyeonggon Yoo)
      
      * tag 'slab-for-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab: (31 commits)
        mm, slob: rename CONFIG_SLOB to CONFIG_SLOB_DEPRECATED
        mm, slub: don't aggressively inline with CONFIG_SLUB_TINY
        mm, slub: remove percpu slabs with CONFIG_SLUB_TINY
        mm, slub: split out allocations from pre/post hooks
        mm/slub, kunit: Add a test case for kmalloc redzone check
        mm/slub, kunit: add SLAB_SKIP_KFENCE flag for cache creation
        mm, slub: refactor free debug processing
        mm, slab: ignore SLAB_RECLAIM_ACCOUNT with CONFIG_SLUB_TINY
        mm, slub: don't create kmalloc-rcl caches with CONFIG_SLUB_TINY
        mm, slub: lower the default slub_max_order with CONFIG_SLUB_TINY
        mm, slub: retain no free slabs on partial list with CONFIG_SLUB_TINY
        mm, slub: disable SYSFS support with CONFIG_SLUB_TINY
        mm, slub: add CONFIG_SLUB_TINY
        mm, slab: ignore hardened usercopy parameters when disabled
        slab: Remove special-casing of const 0 size allocations
        slab: Clean up SLOB vs kmalloc() definition
        mm/sl[au]b: rearrange struct slab fields to allow larger rcu_head
        mm/migrate: make isolate_movable_page() skip slab pages
        mm/slab: move and adjust kernel-doc for kmem_cache_alloc
        mm/slub, percpu: correct the calculation of early percpu allocation size
        ...
      893660b0
    • Linus Torvalds's avatar
      Merge tag 'printk-for-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux · 98d0052d
      Linus Torvalds authored
      Pull printk updates from Petr Mladek:
      
       - Add NMI-safe SRCU reader API. It uses atomic_inc() instead of
         this_cpu_inc() on strong load-store architectures.
      
       - Introduce new console_list_lock to synchronize a manipulation of the
         list of registered consoles and their flags.
      
         This is a first step in removing the big-kernel-lock-like behavior of
         console_lock(). This semaphore still serializes console->write()
         calbacks against:
      
            - each other. It primary prevents potential races between early
              and proper console drivers using the same device.
      
            - suspend()/resume() callbacks and init() operations in some
              drivers.
      
            - various other operations in the tty/vt and framebufer
              susbsystems. It is likely that console_lock() serializes even
              operations that are not directly conflicting with the
              console->write() callbacks here. This is the most complicated
              big-kernel-lock aspect of the console_lock() that will be hard
              to untangle.
      
       - Introduce new console_srcu lock that is used to safely iterate and
         access the registered console drivers under SRCU read lock.
      
         This is a prerequisite for introducing atomic console drivers and
         console kthreads. It will reduce the complexity of serialization
         against normal consoles and console_lock(). Also it should remove the
         risk of deadlock during critical situations, like Oops or panic, when
         only atomic consoles are registered.
      
       - Check whether the console is registered instead of enabled on many
         locations. It was a historical leftover.
      
       - Cleanly force a preferred console in xenfb code instead of a dirty
         hack.
      
       - A lot of code and comment clean ups and improvements.
      
      * tag 'printk-for-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux: (47 commits)
        printk: htmldocs: add missing description
        tty: serial: sh-sci: use setup() callback for early console
        printk: relieve console_lock of list synchronization duties
        tty: serial: kgdboc: use console_list_lock to trap exit
        tty: serial: kgdboc: synchronize tty_find_polling_driver() and register_console()
        tty: serial: kgdboc: use console_list_lock for list traversal
        tty: serial: kgdboc: use srcu console list iterator
        proc: consoles: use console_list_lock for list iteration
        tty: tty_io: use console_list_lock for list synchronization
        printk, xen: fbfront: create/use safe function for forcing preferred
        netconsole: avoid CON_ENABLED misuse to track registration
        usb: early: xhci-dbc: use console_is_registered()
        tty: serial: xilinx_uartps: use console_is_registered()
        tty: serial: samsung_tty: use console_is_registered()
        tty: serial: pic32_uart: use console_is_registered()
        tty: serial: earlycon: use console_is_registered()
        tty: hvc: use console_is_registered()
        efi: earlycon: use console_is_registered()
        tty: nfcon: use console_is_registered()
        serial_core: replace uart_console_enabled() with uart_console_registered()
        ...
      98d0052d
    • Linus Torvalds's avatar
      Merge tag 'locks-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux · 73fa58dc
      Linus Torvalds authored
      Pull file locking updates from Jeff Layton:
       "The main change here is to add the new locks_inode_context helper, and
        convert all of the places that dereference inode->i_flctx directly to
        use that instead.
      
        There is a new helper to indicate whether any locks are held on an
        inode. This is mostly for Ceph but may be usable elsewhere too.
      
        Andi Kleen requested that we print the PID when the LOCK_MAND warning
        fires, to help track down applications trying to use it.
      
        Finally, we added some new warnings to some of the file locking
        functions that fire when the ->fl_file and filp arguments differ. This
        helped us find some long-standing bugs in lockd. Patches for those are
        in Chuck Lever's tree and should be in his v6.2 PR. After that patch,
        people using NFSv2/v3 locking may see some warnings fire until those
        go in.
      
        Happy Holidays!"
      
      * tag 'locks-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
        Add process name and pid to locks warning
        nfsd: use locks_inode_context helper
        nfs: use locks_inode_context helper
        lockd: use locks_inode_context helper
        ksmbd: use locks_inode_context helper
        cifs: use locks_inode_context helper
        ceph: use locks_inode_context helper
        filelock: add a new locks_inode_context accessor function
        filelock: new helper: vfs_inode_has_locks
        filelock: WARN_ON_ONCE when ->fl_file and filp don't match
      73fa58dc
    • Linus Torvalds's avatar
      Merge tag 'execve-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 7fc03505
      Linus Torvalds authored
      Pull execve updates from Kees Cook:
       "Most are small refactorings and bug fixes, but three things stand out:
        switching timens (which got reverted before) looks solid now,
        FOLL_FORCE has been removed (no failures seen yet across several weeks
        in -next), and some whitespace cleanups (which are long overdue).
      
         - Add timens support (when switching mm). This version has survived
           in -next for the entire cycle (Andrei Vagin)
      
         - Various small bug fixes, refactoring, and readability improvements
           (Bernd Edlinger, Rolf Eike Beer, Bo Liu, Li Zetao Liu Shixin)
      
         - Remove FOLL_FORCE for stack setup (Kees Cook)
      
         - Whitespace cleanups (Rolf Eike Beer, Kees Cook)"
      
      * tag 'execve-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        binfmt_misc: fix shift-out-of-bounds in check_special_flags
        binfmt: Fix error return code in load_elf_fdpic_binary()
        exec: Remove FOLL_FORCE for stack setup
        binfmt_elf: replace IS_ERR() with IS_ERR_VALUE()
        binfmt_elf: simplify error handling in load_elf_phdrs()
        binfmt_elf: fix documented return value for load_elf_phdrs()
        exec: simplify initial stack size expansion
        binfmt: Fix whitespace issues
        exec: Add comments on check_unsafe_exec() fs counting
        ELF uapi: add spaces before '{'
        selftests/timens: add a test for vfork+exit
        fs/exec: switch timens when a task gets a new mm
      7fc03505
    • Linus Torvalds's avatar
      Merge tag 'seccomp-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 667161ba
      Linus Torvalds authored
      Pull seccomp updates from Kees Cook:
      
       - Add missing kerndoc parameter (Randy Dunlap)
      
       - Improve seccomp selftest to check CAP_SYS_ADMIN (Gautam Menghani)
      
       - Fix allocation leak when cloned thread immediately dies (Kuniyuki
         Iwashima)
      
      * tag 'seccomp-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        seccomp: document the "filter_count" field
        seccomp: Move copy_seccomp() to no failure path.
        selftests/seccomp: Check CAP_SYS_ADMIN capability in the test mode_filter_without_nnp
      667161ba
    • Linus Torvalds's avatar
      Merge tag 'pstore-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 059c4a34
      Linus Torvalds authored
      Pull pstore updates from Kees Cook:
       "A small collection of bug fixes, refactorings, and general
        improvements:
      
         - Reporting improvements and return path fixes (Guilherme G. Piccoli,
           Wang Yufen, Kees Cook)
      
         - Clean up kmsg_bytes module parameter usage (Guilherme G. Piccoli)
      
         - Add Guilherme to pstore MAINTAINERS entry
      
         - Choose friendlier allocation flags (Qiujun Huang, Stephen Boyd)"
      
      * tag 'pstore-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
        pstore/ram: Fix error return code in ramoops_probe()
        pstore: Alert on backend write error
        MAINTAINERS: Update pstore maintainers
        pstore/ram: Set freed addresses to NULL
        pstore/ram: Move internal definitions out of kernel-wide include
        pstore/ram: Move pmsg init earlier
        pstore/ram: Consolidate kfree() paths
        efi: pstore: Follow convention for the efi-pstore backend name
        pstore: Inform unregistered backend names as well
        pstore: Expose kmsg_bytes as a module parameter
        pstore: Improve error reporting in case of backend overlap
        pstore/zone: Use GFP_ATOMIC to allocate zone buffer
      059c4a34
    • Linus Torvalds's avatar
      Merge tag 'unsigned-char-6.2-for-linus' of... · 3a28c2c8
      Linus Torvalds authored
      Merge tag 'unsigned-char-6.2-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux
      
      Pull unsigned-char conversion from Jason Donenfeld:
       "Enable -funsigned-char and fix code affected by that flag.
      
        During the 6.1 cycle, several patches already made it into the tree,
        which were for code that was already broken on at least one
        architecture, where the naked char had a different sign than the code
        author anticipated, or were part of some bug fix for an existing bug
        that this initiative unearthed.
      
        These 6.1-era fixes are:
      
          64806090 ("MIPS: pic32: treat port as signed integer")
          5c26159c ("ipvs: use explicitly signed chars")
          e6cb8769 ("wifi: airo: do not assign -1 to unsigned char")
          937ec9f7 ("staging: rtl8192e: remove bogus ssid character sign test")
          67704738 ("misc: sgi-gru: use explicitly signed char")
          50895a55 ("ALSA: rme9652: use explicitly signed char")
          ee03c0f2 ("ALSA: au88x0: use explicitly signed char")
          835bed1b ("fbdev: sisfb: use explicitly signed char")
          50f19697 ("parisc: Use signed char for hardware path in pdc.h")
          66063033 ("wifi: rt2x00: use explicitly signed or unsigned types")
      
        Regarding patches in this pull:
      
         - There is one patch in this pull that should have made it to you
           during 6.1 ("media: stv0288: use explicitly signed char"), but the
           maintainer was MIA during the cycle, so it's in here instead.
      
         - Two patches fix single architecture code affected by unsigned char
           ("perf/x86: Make struct p4_event_bind::cntr signed array" and
           "sparc: sbus: treat CPU index as integer"), while one patch fixes
           an unused typedef, in case it's ever used in the future ("media:
           atomisp: make hive_int8 explictly signed").
      
         - Finally, there's the change to actually enable -funsigned-char
           ("kbuild: treat char as always unsigned") and then the removal of
           some no longer useful !__CHAR_UNSIGNED__ selftest code ("lib:
           assume char is unsigned").
      
        The various fixes were found with a combination of diffing objdump
        output, a large variety of Coccinelle scripts, and plain old grep. In
        the end, things didn't seem as bad as I feared they would. But of
        course, it's also possible I missed things.
      
        However, this has been in linux-next for basically an entire cycle
        now, so I'm not overly worried. I've also been daily driving this on
        my laptop for all of 6.1. Still, this series, and the ones sent for
        6.1 don't total in quantity to what I thought it'd be, so I will be on
        the lookout for breakage.
      
        We could receive a few reports that are quickly fixable. Hopefully we
        won't receive a barrage of reports that would result in a revert. And
        just maybe we won't receive any reports at all and nobody will even
        notice. Knock on wood"
      
      * tag 'unsigned-char-6.2-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux:
        lib: assume char is unsigned
        kbuild: treat char as always unsigned
        media: atomisp: make hive_int8 explictly signed
        media: stv0288: use explicitly signed char
        sparc: sbus: treat CPU index as integer
        perf/x86: Make struct p4_event_bind::cntr signed array
      3a28c2c8
    • Linus Torvalds's avatar
      Merge tag 'nolibc.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu · 74dc488b
      Linus Torvalds authored
      Pull nolibc updates from Paul McKenney:
      
       - Further improvements to nolibc testing
      
      * tag 'nolibc.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu:
        selftests/nolibc: Always rebuild the sysroot when running a test
        selftests/nolibc: Add 7 tests for memcmp()
      74dc488b
    • Linus Torvalds's avatar
      Merge tag 'kcsan.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu · f433cf21
      Linus Torvalds authored
      Pull KCSAN updates from Paul McKenney:
      
       - Add instrumentation for memcpy(), memset(), and memmove() for Clang
         v16+'s new function names that are used when the -fsanitize=thread
         argument is given
      
       - Fix objtool warnings from KCSAN's volatile instrumentation, and typos
         in a pair of Kconfig options' help clauses
      
      * tag 'kcsan.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu:
        kcsan: Fix trivial typo in Kconfig help comments
        objtool, kcsan: Add volatile read/write instrumentation to whitelist
        kcsan: Instrument memcpy/memset/memmove with newer Clang
      f433cf21
    • Linus Torvalds's avatar
      Merge tag 'lkmm.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu · 5517a2ea
      Linus Torvalds authored
      Pull kernel memory model documentation updates from Paul McKenney:
      
       - Update the LKMM documentation, both in English and in Korean
      
      * tag 'lkmm.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu:
        docs/memory-barriers.txt/kokr: Fix confusing name of 'data dependency barrier'
        docs/memory-barriers.txt/kokr: Add memory barrier dma_mb()
        docs/memory-barriers.txt/kokr: introduce io_stop_wc() and add implementation for ARM64
        docs/memory-barriers.txt: Add a missed closing parenthesis
        tools/memory-model: Weaken ctrl dependency definition in explanation.txt
      5517a2ea
    • Linus Torvalds's avatar
      Merge tag 'rcu.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu · 1fab45ab
      Linus Torvalds authored
      Pull RCU updates from Paul McKenney:
      
       - Documentation updates. This is the second in a series from an ongoing
         review of the RCU documentation.
      
       - Miscellaneous fixes.
      
       - Introduce a default-off Kconfig option that depends on RCU_NOCB_CPU
         that, on CPUs mentioned in the nohz_full or rcu_nocbs boot-argument
         CPU lists, causes call_rcu() to introduce delays.
      
         These delays result in significant power savings on nearly idle
         Android and ChromeOS systems. These savings range from a few percent
         to more than ten percent.
      
         This series also includes several commits that change call_rcu() to a
         new call_rcu_hurry() function that avoids these delays in a few
         cases, for example, where timely wakeups are required. Several of
         these are outside of RCU and thus have acks and reviews from the
         relevant maintainers.
      
       - Create an srcu_read_lock_nmisafe() and an srcu_read_unlock_nmisafe()
         for architectures that support NMIs, but which do not provide
         NMI-safe this_cpu_inc(). These NMI-safe SRCU functions are required
         by the upcoming lockless printk() work by John Ogness et al.
      
       - Changes providing minor but important increases in torture test
         coverage for the new RCU polled-grace-period APIs.
      
       - Changes to torturescript that avoid redundant kernel builds, thus
         providing about a 30% speedup for the torture.sh acceptance test.
      
      * tag 'rcu.2022.12.02a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu: (49 commits)
        net: devinet: Reduce refcount before grace period
        net: Use call_rcu_hurry() for dst_release()
        workqueue: Make queue_rcu_work() use call_rcu_hurry()
        percpu-refcount: Use call_rcu_hurry() for atomic switch
        scsi/scsi_error: Use call_rcu_hurry() instead of call_rcu()
        rcu/rcutorture: Use call_rcu_hurry() where needed
        rcu/rcuscale: Use call_rcu_hurry() for async reader test
        rcu/sync: Use call_rcu_hurry() instead of call_rcu
        rcuscale: Add laziness and kfree tests
        rcu: Shrinker for lazy rcu
        rcu: Refactor code a bit in rcu_nocb_do_flush_bypass()
        rcu: Make call_rcu() lazy to save power
        rcu: Implement lockdep_rcu_enabled for !CONFIG_DEBUG_LOCK_ALLOC
        srcu: Debug NMI safety even on archs that don't require it
        srcu: Explain the reason behind the read side critical section on GP start
        srcu: Warn when NMI-unsafe API is used in NMI
        arch/s390: Add ARCH_HAS_NMI_SAFE_THIS_CPU_OPS Kconfig option
        arch/loongarch: Add ARCH_HAS_NMI_SAFE_THIS_CPU_OPS Kconfig option
        rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
        rcu-tasks: Make grace-period-age message human-readable
        ...
      1fab45ab
  2. 11 Dec, 2022 3 commits
  3. 10 Dec, 2022 10 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 296a7b7e
      Linus Torvalds authored
      Pull ARM fix from Russell King:
       "One further ARM fix for 6.1 from Wang Kefeng, fixing up the handling
        for kfence faults"
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9278/1: kfence: only handle translation faults
      296a7b7e
    • Tejun Heo's avatar
      memcg: fix possible use-after-free in memcg_write_event_control() · 4a7ba45b
      Tejun Heo authored
      memcg_write_event_control() accesses the dentry->d_name of the specified
      control fd to route the write call.  As a cgroup interface file can't be
      renamed, it's safe to access d_name as long as the specified file is a
      regular cgroup file.  Also, as these cgroup interface files can't be
      removed before the directory, it's safe to access the parent too.
      
      Prior to 347c4a87 ("memcg: remove cgroup_event->cft"), there was a
      call to __file_cft() which verified that the specified file is a regular
      cgroupfs file before further accesses.  The cftype pointer returned from
      __file_cft() was no longer necessary and the commit inadvertently dropped
      the file type check with it allowing any file to slip through.  With the
      invarients broken, the d_name and parent accesses can now race against
      renames and removals of arbitrary files and cause use-after-free's.
      
      Fix the bug by resurrecting the file type check in __file_cft().  Now that
      cgroupfs is implemented through kernfs, checking the file operations needs
      to go through a layer of indirection.  Instead, let's check the superblock
      and dentry type.
      
      Link: https://lkml.kernel.org/r/Y5FRm/cfcKPGzWwl@slm.duckdns.org
      Fixes: 347c4a87 ("memcg: remove cgroup_event->cft")
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Reported-by: default avatarJann Horn <jannh@google.com>
      Acked-by: default avatarRoman Gushchin <roman.gushchin@linux.dev>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Muchun Song <songmuchun@bytedance.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: <stable@vger.kernel.org>	[3.14+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4a7ba45b
    • Muchun Song's avatar
      MAINTAINERS: update Muchun Song's email · a501788a
      Muchun Song authored
      I'm moving to the @linux.dev account.  Map my old addresses and update it
      to my new address.
      
      Link: https://lkml.kernel.org/r/20221208115548.85244-1-songmuchun@bytedance.comSigned-off-by: default avatarMuchun Song <songmuchun@bytedance.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      a501788a
    • John Starks's avatar
      mm/gup: fix gup_pud_range() for dax · fcd0ccd8
      John Starks authored
      For dax pud, pud_huge() returns true on x86. So the function works as long
      as hugetlb is configured. However, dax doesn't depend on hugetlb.
      Commit 414fd080 ("mm/gup: fix gup_pmd_range() for dax") fixed
      devmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as
      well.
      
      This fixes the below kernel panic:
      
      general protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP
      	< snip >
      Call Trace:
      <TASK>
      get_user_pages_fast+0x1f/0x40
      iov_iter_get_pages+0xc6/0x3b0
      ? mempool_alloc+0x5d/0x170
      bio_iov_iter_get_pages+0x82/0x4e0
      ? bvec_alloc+0x91/0xc0
      ? bio_alloc_bioset+0x19a/0x2a0
      blkdev_direct_IO+0x282/0x480
      ? __io_complete_rw_common+0xc0/0xc0
      ? filemap_range_has_page+0x82/0xc0
      generic_file_direct_write+0x9d/0x1a0
      ? inode_update_time+0x24/0x30
      __generic_file_write_iter+0xbd/0x1e0
      blkdev_write_iter+0xb4/0x150
      ? io_import_iovec+0x8d/0x340
      io_write+0xf9/0x300
      io_issue_sqe+0x3c3/0x1d30
      ? sysvec_reschedule_ipi+0x6c/0x80
      __io_queue_sqe+0x33/0x240
      ? fget+0x76/0xa0
      io_submit_sqes+0xe6a/0x18d0
      ? __fget_light+0xd1/0x100
      __x64_sys_io_uring_enter+0x199/0x880
      ? __context_tracking_enter+0x1f/0x70
      ? irqentry_exit_to_user_mode+0x24/0x30
      ? irqentry_exit+0x1d/0x30
      ? __context_tracking_exit+0xe/0x70
      do_syscall_64+0x3b/0x90
      entry_SYSCALL_64_after_hwframe+0x61/0xcb
      RIP: 0033:0x7fc97c11a7be
      	< snip >
      </TASK>
      ---[ end trace 48b2e0e67debcaeb ]---
      RIP: 0010:internal_get_user_pages_fast+0x340/0x990
      	< snip >
      Kernel panic - not syncing: Fatal exception
      Kernel Offset: disabled
      
      Link: https://lkml.kernel.org/r/1670392853-28252-1-git-send-email-ssengar@linux.microsoft.com
      Fixes: 414fd080 ("mm/gup: fix gup_pmd_range() for dax")
      Signed-off-by: default avatarJohn Starks <jostarks@microsoft.com>
      Signed-off-by: default avatarSaurabh Sengar <ssengar@linux.microsoft.com>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Yu Zhao <yuzhao@google.com>
      Cc: Jason Gunthorpe <jgg@nvidia.com>
      Cc: John Hubbard <jhubbard@nvidia.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Alistair Popple <apopple@nvidia.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      fcd0ccd8
    • Liam Howlett's avatar
      mmap: fix do_brk_flags() modifying obviously incorrect VMAs · 6c28ca64
      Liam Howlett authored
      Add more sanity checks to the VMA that do_brk_flags() will expand.  Ensure
      the VMA matches basic merge requirements within the function before
      calling can_vma_merge_after().
      
      Drop the duplicate checks from vm_brk_flags() since they will be enforced
      later.
      
      The old code would expand file VMAs on brk(), which is functionally
      wrong and also dangerous in terms of locking because the brk() path
      isn't designed for file VMAs and therefore doesn't lock the file
      mapping.  Checking can_vma_merge_after() ensures that new anonymous
      VMAs can't be merged into file VMAs.
      
      See https://lore.kernel.org/linux-mm/CAG48ez1tJZTOjS_FjRZhvtDA-STFmdw8PEizPDwMGFd_ui0Nrw@mail.gmail.com/
      
      Link: https://lkml.kernel.org/r/20221205192304.1957418-1-Liam.Howlett@oracle.com
      Fixes: 2e7ce7d3 ("mm/mmap: change do_brk_flags() to expand existing VMA and add do_brk_munmap()")
      Signed-off-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Suggested-by: default avatarJann Horn <jannh@google.com>
      Cc: Jason A. Donenfeld <Jason@zx2c4.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: SeongJae Park <sj@kernel.org>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Yu Zhao <yuzhao@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      6c28ca64
    • David Hildenbrand's avatar
      mm/swap: fix SWP_PFN_BITS with CONFIG_PHYS_ADDR_T_64BIT on 32bit · 630dc25e
      David Hildenbrand authored
      We use "unsigned long" to store a PFN in the kernel and phys_addr_t to
      store a physical address.
      
      On a 64bit system, both are 64bit wide.  However, on a 32bit system, the
      latter might be 64bit wide.  This is, for example, the case on x86 with
      PAE: phys_addr_t and PTEs are 64bit wide, while "unsigned long" only spans
      32bit.
      
      The current definition of SWP_PFN_BITS without MAX_PHYSMEM_BITS misses
      that case, and assumes that the maximum PFN is limited by an 32bit
      phys_addr_t.  This implies, that SWP_PFN_BITS will currently only be able
      to cover 4 GiB - 1 on any 32bit system with 4k page size, which is wrong.
      
      Let's rely on the number of bits in phys_addr_t instead, but make sure to
      not exceed the maximum swap offset, to not make the BUILD_BUG_ON() in
      is_pfn_swap_entry() unhappy.  Note that swp_entry_t is effectively an
      unsigned long and the maximum swap offset shares that value with the swap
      type.
      
      For example, on an 8 GiB x86 PAE system with a kernel config based on
      Debian 11.5 (-> CONFIG_FLATMEM=y, CONFIG_X86_PAE=y), we will currently
      fail removing migration entries (remove_migration_ptes()), because
      mm/page_vma_mapped.c:check_pte() will fail to identify a PFN match as
      swp_offset_pfn() wrongly masks off PFN bits.  For example,
      split_huge_page_to_list()->...->remap_page() will leave migration entries
      in place and continue to unlock the page.
      
      Later, when we stumble over these migration entries (e.g., via
      /proc/self/pagemap), pfn_swap_entry_to_page() will BUG_ON() because these
      migration entries shouldn't exist anymore and the page was unlocked.
      
      [   33.067591] kernel BUG at include/linux/swapops.h:497!
      [   33.067597] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
      [   33.067602] CPU: 3 PID: 742 Comm: cow Tainted: G            E      6.1.0-rc8+ #16
      [   33.067605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014
      [   33.067606] EIP: pagemap_pmd_range+0x644/0x650
      [   33.067612] Code: 00 00 00 00 66 90 89 ce b9 00 f0 ff ff e9 ff fb ff ff 89 d8 31 db e8 48 c6 52 00 e9 23 fb ff ff e8 61 83 56 00 e9 b6 fe ff ff <0f> 0b bf 00 f0 ff ff e9 38 fa ff ff 3e 8d 74 26 00 55 89 e5 57 31
      [   33.067615] EAX: ee394000 EBX: 00000002 ECX: ee394000 EDX: 00000000
      [   33.067617] ESI: c1b0ded4 EDI: 00024a00 EBP: c1b0ddb4 ESP: c1b0dd68
      [   33.067619] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
      [   33.067624] CR0: 80050033 CR2: b7a00000 CR3: 01bbbd20 CR4: 00350ef0
      [   33.067625] Call Trace:
      [   33.067628]  ? madvise_free_pte_range+0x720/0x720
      [   33.067632]  ? smaps_pte_range+0x4b0/0x4b0
      [   33.067634]  walk_pgd_range+0x325/0x720
      [   33.067637]  ? mt_find+0x1d6/0x3a0
      [   33.067641]  ? mt_find+0x1d6/0x3a0
      [   33.067643]  __walk_page_range+0x164/0x170
      [   33.067646]  walk_page_range+0xf9/0x170
      [   33.067648]  ? __kmem_cache_alloc_node+0x2a8/0x340
      [   33.067653]  pagemap_read+0x124/0x280
      [   33.067658]  ? default_llseek+0x101/0x160
      [   33.067662]  ? smaps_account+0x1d0/0x1d0
      [   33.067664]  vfs_read+0x90/0x290
      [   33.067667]  ? do_madvise.part.0+0x24b/0x390
      [   33.067669]  ? debug_smp_processor_id+0x12/0x20
      [   33.067673]  ksys_pread64+0x58/0x90
      [   33.067675]  __ia32_sys_ia32_pread64+0x1b/0x20
      [   33.067680]  __do_fast_syscall_32+0x4c/0xc0
      [   33.067683]  do_fast_syscall_32+0x29/0x60
      [   33.067686]  do_SYSENTER_32+0x15/0x20
      [   33.067689]  entry_SYSENTER_32+0x98/0xf1
      
      Decrease the indentation level of SWP_PFN_BITS and SWP_PFN_MASK to keep it
      readable and consistent.
      
      [david@redhat.com: rely on sizeof(phys_addr_t) and min_t() instead]
        Link: https://lkml.kernel.org/r/20221206105737.69478-1-david@redhat.com
      [david@redhat.com: use "int" for comparison, as we're only comparing numbers < 64]
        Link: https://lkml.kernel.org/r/1f157500-2676-7cef-a84e-9224ed64e540@redhat.com
      Link: https://lkml.kernel.org/r/20221205150857.167583-1-david@redhat.com
      Fixes: 0d206b5d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")
      Signed-off-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarPeter Xu <peterx@redhat.com>
      Reviewed-by: default avatarYang Shi <shy828301@gmail.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      630dc25e
    • Hugh Dickins's avatar
      tmpfs: fix data loss from failed fallocate · 44bcabd7
      Hugh Dickins authored
      Fix tmpfs data loss when the fallocate system call is interrupted by a
      signal, or fails for some other reason.  The partial folio handling in
      shmem_undo_range() forgot to consider this unfalloc case, and was liable
      to erase or truncate out data which had already been committed earlier.
      
      It turns out that none of the partial folio handling there is appropriate
      for the unfalloc case, which just wants to proceed to removal of whole
      folios: which find_get_entries() provides, even when partially covered.
      
      Original patch by Rui Wang.
      
      Link: https://lore.kernel.org/linux-mm/33b85d82.7764.1842e9ab207.Coremail.chenguoqic@163.com/
      Link: https://lkml.kernel.org/r/a5dac112-cf4b-7af-a33-f386e347fd38@google.com
      Fixes: b9a8a419 ("truncate,shmem: Handle truncates that split large folios")
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Reported-by: default avatarGuoqi Chen <chenguoqic@163.com>
        Link: https://lore.kernel.org/all/20221101032248.819360-1-kernel@hev.cc/
      Cc: Rui Wang <kernel@hev.cc>
      Cc: Huacai Chen <chenhuacai@loongson.cn>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Vishal Moola (Oracle) <vishal.moola@gmail.com>
      Cc: <stable@vger.kernel.org>	[5.17+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      44bcabd7
    • Michal Hocko's avatar
      kselftests: cgroup: update kmem test precision tolerance · de16d6e4
      Michal Hocko authored
      1813e51e ("memcg: increase MEMCG_CHARGE_BATCH to 64") has changed
      the batch size while this test case has been left behind. This has led
      to a test failure reported by test bot:
      not ok 2 selftests: cgroup: test_kmem # exit=1
      
      Update the tolerance for the pcp charges to reflect the
      MEMCG_CHARGE_BATCH change to fix this.
      
      [akpm@linux-foundation.org: update comments, per Roman]
      Link: https://lkml.kernel.org/r/Y4m8Unt6FhWKC6IH@dhcp22.suse.cz
      Fixes: 1813e51e ("memcg: increase MEMCG_CHARGE_BATCH to 64")
      Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reported-by: default avatarkernel test robot <yujie.liu@intel.com>
        Link: https://lore.kernel.org/oe-lkp/202212010958.c1053bd3-yujie.liu@intel.comAcked-by: default avatarShakeel Butt <shakeelb@google.com>
      Acked-by: default avatarRoman Gushchin <roman.gushchin@linux.dev>
      Tested-by: default avatarYujie Liu <yujie.liu@intel.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Feng Tang <feng.tang@intel.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: "Michal Koutný" <mkoutny@suse.com>
      Cc: Muchun Song <songmuchun@bytedance.com>
      Cc: Soheil Hassas Yeganeh <soheil@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      de16d6e4
    • Jason A. Donenfeld's avatar
      mm: do not BUG_ON missing brk mapping, because userspace can unmap it · f5ad5083
      Jason A. Donenfeld authored
      The following program will trigger the BUG_ON that this patch removes,
      because the user can munmap() mm->brk:
      
        #include <sys/syscall.h>
        #include <sys/mman.h>
        #include <assert.h>
        #include <unistd.h>
      
        static void *brk_now(void)
        {
          return (void *)syscall(SYS_brk, 0);
        }
      
        static void brk_set(void *b)
        {
          assert(syscall(SYS_brk, b) != -1);
        }
      
        int main(int argc, char *argv[])
        {
          void *b = brk_now();
          brk_set(b + 4096);
          assert(munmap(b - 4096, 4096 * 2) == 0);
          brk_set(b);
          return 0;
        }
      
      Compile that with musl, since glibc actually uses brk(), and then
      execute it, and it'll hit this splat:
      
        kernel BUG at mm/mmap.c:229!
        invalid opcode: 0000 [#1] PREEMPT SMP
        CPU: 12 PID: 1379 Comm: a.out Tainted: G S   U             6.1.0-rc7+ #419
        RIP: 0010:__do_sys_brk+0x2fc/0x340
        Code: 00 00 4c 89 ef e8 04 d3 fe ff eb 9a be 01 00 00 00 4c 89 ff e8 35 e0 fe ff e9 6e ff ff ff 4d 89 a7 20>
        RSP: 0018:ffff888140bc7eb0 EFLAGS: 00010246
        RAX: 0000000000000000 RBX: 00000000007e7000 RCX: ffff8881020fe000
        RDX: ffff8881020fe001 RSI: ffff8881955c9b00 RDI: ffff8881955c9b08
        RBP: 0000000000000000 R08: ffff8881955c9b00 R09: 00007ffc77844000
        R10: 0000000000000000 R11: 0000000000000001 R12: 00000000007e8000
        R13: 00000000007e8000 R14: 00000000007e7000 R15: ffff8881020fe000
        FS:  0000000000604298(0000) GS:ffff88901f700000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 0000000000603fe0 CR3: 000000015ba9a005 CR4: 0000000000770ee0
        PKRU: 55555554
        Call Trace:
         <TASK>
         do_syscall_64+0x2b/0x50
         entry_SYSCALL_64_after_hwframe+0x46/0xb0
        RIP: 0033:0x400678
        Code: 10 4c 8d 41 08 4c 89 44 24 10 4c 8b 01 8b 4c 24 08 83 f9 2f 77 0a 4c 8d 4c 24 20 4c 01 c9 eb 05 48 8b>
        RSP: 002b:00007ffc77863890 EFLAGS: 00000212 ORIG_RAX: 000000000000000c
        RAX: ffffffffffffffda RBX: 000000000040031b RCX: 0000000000400678
        RDX: 00000000004006a1 RSI: 00000000007e6000 RDI: 00000000007e7000
        RBP: 00007ffc77863900 R08: 0000000000000000 R09: 00000000007e6000
        R10: 00007ffc77863930 R11: 0000000000000212 R12: 00007ffc77863978
        R13: 00007ffc77863988 R14: 0000000000000000 R15: 0000000000000000
         </TASK>
      
      Instead, just return the old brk value if the original mapping has been
      removed.
      
      [akpm@linux-foundation.org: fix changelog, per Liam]
      Link: https://lkml.kernel.org/r/20221202162724.2009-1-Jason@zx2c4.com
      Fixes: 2e7ce7d3 ("mm/mmap: change do_brk_flags() to expand existing VMA and add do_brk_munmap()")
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Reviewed-by: default avatarSeongJae Park <sj@kernel.org>
      Cc: Yu Zhao <yuzhao@google.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Will Deacon <will@kernel.org>
      Cc: Jann Horn <jannh@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      f5ad5083
    • Matti Vaittinen's avatar
      mailmap: update Matti Vaittinen's email address · 38f1d4ae
      Matti Vaittinen authored
      The email backend used by ROHM keeps labeling patches as spam.  This can
      result in missing the patches.
      
      Switch my mail address from a company mail to a personal one.
      
      Link: https://lkml.kernel.org/r/8f4498b66fedcbded37b3b87e0c516e659f8f583.1669912977.git.mazziesaccount@gmail.comSigned-off-by: default avatarMatti Vaittinen <mazziesaccount@gmail.com>
      Suggested-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
      Cc: Anup Patel <anup@brainfault.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Atish Patra <atishp@atishpatra.org>
      Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
      Cc: Ben Widawsky <bwidawsk@kernel.org>
      Cc: Bjorn Andersson <andersson@kernel.org>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Colin Ian King <colin.i.king@gmail.com>
      Cc: Kirill Tkhai <tkhai@ya.ru>
      Cc: Qais Yousef <qyousef@layalina.io>
      Cc: Vasily Averin <vasily.averin@linux.dev>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      38f1d4ae
  4. 09 Dec, 2022 5 commits
  5. 08 Dec, 2022 9 commits
    • Linus Torvalds's avatar
      Merge tag 'block-6.1-2022-12-08' of git://git.kernel.dk/linux · 859c73d4
      Linus Torvalds authored
      Pull block fix from Jens Axboe:
       "A small fix for initializing the NVMe quirks before initializing the
        subsystem"
      
      * tag 'block-6.1-2022-12-08' of git://git.kernel.dk/linux:
        nvme initialize core quirks before calling nvme_init_subsystem
      859c73d4
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.1-2022-12-08' of git://git.kernel.dk/linux · af145500
      Linus Torvalds authored
      Pull io_uring fix from Jens Axboe:
       "A single small fix for an issue related to ordering between
        cancelation and current->io_uring teardown"
      
      * tag 'io_uring-6.1-2022-12-08' of git://git.kernel.dk/linux:
        io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
      af145500
    • Linus Torvalds's avatar
      Merge tag 'net-6.1-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 010b6761
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bluetooth, can and netfilter.
      
        Current release - new code bugs:
      
         - bonding: ipv6: correct address used in Neighbour Advertisement
           parsing (src vs dst typo)
      
         - fec: properly scope IRQ coalesce setup during link up to supported
           chips only
      
        Previous releases - regressions:
      
         - Bluetooth fixes for fake CSR clones (knockoffs):
             - re-add ERR_DATA_REPORTING quirk
             - fix crash when device is replugged
      
         - Bluetooth:
             - silence a user-triggerable dmesg error message
             - L2CAP: fix u8 overflow, oob access
             - correct vendor codec definition
             - fix support for Read Local Supported Codecs V2
      
         - ti: am65-cpsw: fix RGMII configuration at SPEED_10
      
         - mana: fix race on per-CQ variable NAPI work_done
      
        Previous releases - always broken:
      
         - af_unix: diag: fetch user_ns from in_skb in unix_diag_get_exact(),
           avoid null-deref
      
         - af_can: fix NULL pointer dereference in can_rcv_filter
      
         - can: slcan: fix UAF with a freed work
      
         - can: can327: flush TX_work on ldisc .close()
      
         - macsec: add missing attribute validation for offload
      
         - ipv6: avoid use-after-free in ip6_fragment()
      
         - nft_set_pipapo: actually validate intervals in fields after the
           first one
      
         - mvneta: prevent oob access in mvneta_config_rss()
      
         - ipv4: fix incorrect route flushing when table ID 0 is used, or when
           source address is deleted
      
         - phy: mxl-gpy: add workaround for IRQ bug on GPY215B and GPY215C"
      
      * tag 'net-6.1-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (77 commits)
        net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
        s390/qeth: fix use-after-free in hsci
        macsec: add missing attribute validation for offload
        net: mvneta: Fix an out of bounds check
        net: thunderbolt: fix memory leak in tbnet_open()
        ipv6: avoid use-after-free in ip6_fragment()
        net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
        net: phy: mxl-gpy: add MDINT workaround
        net: dsa: mv88e6xxx: accept phy-mode = "internal" for internal PHY ports
        xen/netback: don't call kfree_skb() under spin_lock_irqsave()
        dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
        ethernet: aeroflex: fix potential skb leak in greth_init_rings()
        tipc: call tipc_lxc_xmit without holding node_read_lock
        can: esd_usb: Allow REC and TEC to return to zero
        can: can327: flush TX_work on ldisc .close()
        can: slcan: fix freed work crash
        can: af_can: fix NULL pointer dereference in can_rcv_filter
        net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
        ipv4: Fix incorrect route flushing when table ID 0 is used
        ipv4: Fix incorrect route flushing when source address is deleted
        ...
      010b6761
    • Linus Torvalds's avatar
      Merge tag 'for-linus-2022120801' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid · ce19275f
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
       "A regression fix for handling Logitech HID++ devices and memory
        corruption fixes:
      
         - regression fix (revert) for catch-all handling of Logitech HID++
           Bluetooth devices; there are devices that turn out not to work with
           this, and the root cause is yet to be properly understood. So we
           are dropping it for now, and it will be revisited for 6.2 or 6.3
           (Benjamin Tissoires)
      
         - memory corruption fix in HID core (ZhangPeng)
      
         - memory corruption fix in hid-lg4ff (Anastasia Belova)
      
         - Kconfig fix for I2C_HID (Benjamin Tissoires)
      
         - a few device-id specific quirks that piggy-back on top of the
           important fixes above"
      
      * tag 'for-linus-2022120801' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        Revert "HID: logitech-hidpp: Enable HID++ for all the Logitech Bluetooth devices"
        Revert "HID: logitech-hidpp: Remove special-casing of Bluetooth devices"
        HID: usbhid: Add ALWAYS_POLL quirk for some mice
        HID: core: fix shift-out-of-bounds in hid_report_raw_event
        HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
        HID: fix I2C_HID not selected when I2C_HID_OF_ELAN is
        HID: hid-lg4ff: Add check for empty lbuf
        HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
        HID: uclogic: Fix frame templates for big endian architectures
      ce19275f
    • Linus Torvalds's avatar
      Merge tag 'soc-fixes-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · f3e84166
      Linus Torvalds authored
      Pull ARM SoC fix from Arnd Bergmann:
       "One last build fix came in, addressing a link failure when building
        without CONFIG_OUTER_CACHE"
      
      * tag 'soc-fixes-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: at91: fix build for SAMA5D3 w/o L2 cache
      f3e84166
    • Benjamin Tissoires's avatar
      Revert "HID: logitech-hidpp: Enable HID++ for all the Logitech Bluetooth devices" · a9d9e46c
      Benjamin Tissoires authored
      This reverts commit 532223c8.
      
      As reported in [0], hid-logitech-hidpp now binds on all bluetooth mice,
      but there are corner cases where hid-logitech-hidpp just gives up on
      the mouse. This leads the end user with a dead mouse.
      
      Given that we are at -rc8, we are definitively too late to find a proper
      fix. We already identified 2 issues less than 24 hours after the bug
      report. One in that ->match() was never designed to be used anywhere else
      than in hid-generic, and the other that hid-logitech-hidpp has corner
      cases where it gives up on devices it is not supposed to.
      
      So we have no choice but postpone this patch to the next kernel release.
      
      [0] https://lore.kernel.org/linux-input/CAJZ5v0g-_o4AqMgNwihCb0jrwrcJZfRrX=jv8aH54WNKO7QB8A@mail.gmail.com/Reported-by: default avatarRafael J . Wysocki <rjw@rjwysocki.net>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      a9d9e46c
    • Benjamin Tissoires's avatar
      Revert "HID: logitech-hidpp: Remove special-casing of Bluetooth devices" · 40f2432b
      Benjamin Tissoires authored
      This reverts commit 8544c812.
      
      We need to revert commit 532223c8 ("HID: logitech-hidpp: Enable HID++
      for all the Logitech Bluetooth devices") because that commit might make
      hid-logitech-hidpp bind on mice that are not well enough supported by
      hid-logitech-hidpp, and the end result is that the probe of those mice
      is now returning -ENODEV, leaving the end user with a dead mouse.
      
      Given that commit 8544c812 ("HID: logitech-hidpp: Remove special-casing
      of Bluetooth devices") is a direct dependency of 532223c8, revert it
      too.
      
      Note that this also adapt according to commit 908d325e ("HID:
      logitech-hidpp: Detect hi-res scrolling support") to re-add support of
      the devices that were removed from that commit too.
      
      I have locally an MX Master and I tested this device with that revert,
      ensuring we still have high-res scrolling.
      Reported-by: default avatarRafael J . Wysocki <rjw@rjwysocki.net>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      40f2432b
    • Linus Torvalds's avatar
      Merge tag 'loongarch-fixes-6.1-3' of... · 7f043b76
      Linus Torvalds authored
      Merge tag 'loongarch-fixes-6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
      
      Pull LoongArch fixes from Huacai Chen:
       "Export smp_send_reschedule() for modules use, fix a huge page entry
        update issue, and add documents for booting description"
      
      * tag 'loongarch-fixes-6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
        docs/zh_CN: Add LoongArch booting description's translation
        docs/LoongArch: Add booting description
        LoongArch: mm: Fix huge page entry update for virtual machine
        LoongArch: Export symbol for function smp_send_reschedule()
      7f043b76
    • Linus Torvalds's avatar
      Merge tag 'for-linus-xsa-6.1-rc9b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · a4c3a07e
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "A single fix for the recent security issue XSA-423"
      
      * tag 'for-linus-xsa-6.1-rc9b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/netback: fix build warning
      a4c3a07e