1. 05 Oct, 2024 7 commits
  2. 04 Oct, 2024 30 commits
    • Baokun Li's avatar
      ext4: fix off by one issue in alloc_flex_gd() · 6121258c
      Baokun Li authored
      Wesley reported an issue:
      
      ==================================================================
      EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks
      ------------[ cut here ]------------
      kernel BUG at fs/ext4/resize.c:324!
      CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27
      RIP: 0010:ext4_resize_fs+0x1212/0x12d0
      Call Trace:
       __ext4_ioctl+0x4e0/0x1800
       ext4_ioctl+0x12/0x20
       __x64_sys_ioctl+0x99/0xd0
       x64_sys_call+0x1206/0x20d0
       do_syscall_64+0x72/0x110
       entry_SYSCALL_64_after_hwframe+0x76/0x7e
      ==================================================================
      
      While reviewing the patch, Honza found that when adjusting resize_bg in
      alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than
      flexbg_size.
      
      The reproduction of the problem requires the following:
      
       o_group = flexbg_size * 2 * n;
       o_size = (o_group + 1) * group_size;
       n_group: [o_group + flexbg_size, o_group + flexbg_size * 2)
       o_size = (n_group + 1) * group_size;
      
      Take n=0,flexbg_size=16 as an example:
      
                    last:15
      |o---------------|--------------n-|
      o_group:0    resize to      n_group:30
      
      The corresponding reproducer is:
      
      img=test.img
      rm -f $img
      truncate -s 600M $img
      mkfs.ext4 -F $img -b 1024 -G 16 8M
      dev=`losetup -f --show $img`
      mkdir -p /tmp/test
      mount $dev /tmp/test
      resize2fs $dev 248M
      
      Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE()
      to prevent the issue from happening again.
      
      [ Note: another reproucer which this commit fixes is:
      
        img=test.img
        rm -f $img
        truncate -s 25MiB $img
        mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img
        truncate -s 3GiB $img
        dev=`losetup -f --show $img`
        mkdir -p /tmp/test
        mount $dev /tmp/test
        resize2fs $dev 3G
        umount $dev
        losetup -d $dev
      
        -- TYT ]
      Reported-by: default avatarWesley Hershberger <wesley.hershberger@canonical.com>
      Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2081231Reported-by: default avatarStéphane Graber <stgraber@stgraber.org>
      Closes: https://lore.kernel.org/all/20240925143325.518508-1-aleksandr.mikhalitsyn@canonical.com/Tested-by: default avatarAlexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
      Tested-by: default avatarEric Sandeen <sandeen@redhat.com>
      Fixes: 665d3e0a ("ext4: reduce unnecessary memory allocation in alloc_flex_gd()")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarBaokun Li <libaokun1@huawei.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Link: https://patch.msgid.link/20240927133329.1015041-1-libaokun@huaweicloud.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      6121258c
    • Luis Henriques (SUSE)'s avatar
      ext4: mark fc as ineligible using an handle in ext4_xattr_set() · 04e6ce8f
      Luis Henriques (SUSE) authored
      Calling ext4_fc_mark_ineligible() with a NULL handle is racy and may result
      in a fast-commit being done before the filesystem is effectively marked as
      ineligible.  This patch moves the call to this function so that an handle
      can be used.  If a transaction fails to start, then there's not point in
      trying to mark the filesystem as ineligible, and an error will eventually be
      returned to user-space.
      Suggested-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarLuis Henriques (SUSE) <luis.henriques@linux.dev>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Link: https://patch.msgid.link/20240923104909.18342-3-luis.henriques@linux.devSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Cc: stable@kernel.org
      04e6ce8f
    • Luis Henriques (SUSE)'s avatar
      ext4: use handle to mark fc as ineligible in __track_dentry_update() · faab35a0
      Luis Henriques (SUSE) authored
      Calling ext4_fc_mark_ineligible() with a NULL handle is racy and may result
      in a fast-commit being done before the filesystem is effectively marked as
      ineligible.  This patch fixes the calls to this function in
      __track_dentry_update() by adding an extra parameter to the callback used in
      ext4_fc_track_template().
      Suggested-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarLuis Henriques (SUSE) <luis.henriques@linux.dev>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Link: https://patch.msgid.link/20240923104909.18342-2-luis.henriques@linux.devSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Cc: stable@kernel.org
      faab35a0
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · ac308609
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
       "A couple of build/config issues and expanding the speculative SSBS
        workaround to more CPUs:
      
         - Expand the speculative SSBS workaround to cover Cortex-A715,
           Neoverse-N3 and Microsoft Azure Cobalt 100
      
         - Force position-independent veneers - in some kernel configurations,
           the LLD linker generates position-dependent veneers for otherwise
           position-independent code, resulting in early boot-time failures
      
         - Fix Kconfig selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS so that it
           is not enabled when not supported by the combination of clang and
           GNU ld"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386
        arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS
        arm64: errata: Expand speculative SSBS workaround once more
        arm64: cputype: Add Neoverse-N3 definitions
        arm64: Force position-independent veneers
      ac308609
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 7943f06c
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - PERF_TYPE_BREAKPOINT now returns -EOPNOTSUPP instead of -ENOENT,
         which aligns to other ports and is a saner value
      
       - The KASAN-related stack size increasing logic has been moved to a C
         header, to avoid dependency issues
      
      * tag 'riscv-for-linus-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Fix kernel stack size when KASAN is enabled
        drivers/perf: riscv: Align errno for unsupported perf event
      7943f06c
    • Linus Torvalds's avatar
      Merge tag 'trace-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · 622a3ed1
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix tp_printk command line option crashing the kernel
      
         With the code that can handle a buffer from a previous boot, the
         trace_check_vprintf() needed access to the delta of the address space
         used by the old buffer and the current buffer. To do so, the
         trace_array (tr) parameter was used. But when tp_printk is enabled on
         the kernel command line, no trace buffer is used and the trace event
         is sent directly to printk(). That meant the tr field of the iterator
         descriptor was NULL, and since tp_printk still uses
         trace_check_vprintf() it caused a NULL dereference.
      
       - Add ptrace.h include to x86 ftrace file for completeness
      
       - Fix rtla installation when done with out-of-tree build
      
       - Fix the help messages in rtla that were incorrect
      
       - Several fixes to fix races with the timerlat and hwlat code
      
         Several locking issues were discovered with the coordination between
         timerlat kthread creation and hotplug. As timerlat has callbacks from
         hotplug code to start kthreads when CPUs come online. There are also
         locking issues with grabbing the cpu_read_lock() and the locks within
         timerlat.
      
      * tag 'trace-v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        tracing/hwlat: Fix a race during cpuhp processing
        tracing/timerlat: Fix a race during cpuhp processing
        tracing/timerlat: Drop interface_lock in stop_kthread()
        tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline
        x86/ftrace: Include <asm/ptrace.h>
        rtla: Fix the help text in osnoise and timerlat top tools
        tools/rtla: Fix installation from out-of-tree build
        tracing: Fix trace_check_vprintf() when tp_printk is used
      622a3ed1
    • Linus Torvalds's avatar
      Merge tag 'slab-for-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab · f6785e0c
      Linus Torvalds authored
      Pull slab fixes from Vlastimil Babka:
       "Fixes for issues introduced in this merge window: kobject memory leak,
        unsupressed warning and possible lockup in new slub_kunit tests,
        misleading code in kvfree_rcu_queue_batch()"
      
      * tag 'slab-for-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab:
        slub/kunit: skip test_kfree_rcu when the slub kunit test is built-in
        mm, slab: suppress warnings in test_leak_destroy kunit test
        rcu/kvfree: Refactor kvfree_rcu_queue_batch()
        mm, slab: fix use of SLAB_SUPPORTS_SYSFS in kmem_cache_release()
      f6785e0c
    • Linus Torvalds's avatar
      Merge tag 'acpi-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · e1043b67
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix up the ACPI IRQ override quirk list and add two new entries
        to it, add a new quirk to the ACPI backlight (video) driver, and fix
        the ACPI battery driver.
      
        Specifics:
      
         - Add a quirk for Dell OptiPlex 5480 AIO to the ACPI backlight
           (video) driver (Hans de Goede)
      
         - Prevent the ACPI battery driver from crashing when unregistering a
           battery hook and simplify battery hook locking in it (Armin Wolf)
      
         - Fix up the ACPI IRQ override quirk list and add quirks for Asus
           Vivobook X1704VAP and Asus ExpertBook B2502CVA to it (Hans de
           Goede)"
      
      * tag 'acpi-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: battery: Fix possible crash when unregistering a battery hook
        ACPI: battery: Simplify battery hook locking
        ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO
        ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
        ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
        ACPI: resource: Loosen the Asus E1404GAB DMI match to also cover the E1404GA
        ACPI: resource: Remove duplicate Asus E1504GAB IRQ override
      e1043b67
    • Linus Torvalds's avatar
      Merge tag 'pm-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 5d18081d
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix two cpufreq issues, one in the core and one in the
        intel_pstate driver:
      
         - Fix CPU device node reference counting in the cpufreq core (Miquel
           Sabaté Solà)
      
         - Turn the spinlock used by the intel_pstate driver in hard IRQ
           context into a raw one to prevent the driver from crashing when
           PREEMPT_RT is enabled (Uwe Kleine-König)"
      
      * tag 'pm-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: Avoid a bad reference count on CPU node
        cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
      5d18081d
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · cc70ce8f
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - fix a potential NULL-pointer dereference in gpiolib core
      
       - fix a probe() regression from the v6.12 merge window and an older bug
         leading to missed interrupts in gpio-davinci
      
      * tag 'gpio-fixes-for-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
        gpio: davinci: Fix condition for irqchip registration
        gpio: davinci: fix lazy disable
      cc70ce8f
    • Linus Torvalds's avatar
      Merge tag 'sound-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 2f91ff27
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Slightly high amount of changes in this round, partly because of my
        vacation in the last weeks. But all changes are small and nothing
        looks worrisome.
      
        The biggest LOCs is MAINTAINERS updates, and there is a core change
        for card-ID string creation for non-ASCII inputs. Others are rather
        device-specific, such as new quirks and device IDs for ASoC, usual
        HD-audio and USB-audio quirks and fixes, as well as regression fixes
        in HD-audio HDMI audio and Conexant codec"
      
      * tag 'sound-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (39 commits)
        ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
        ALSA: line6: add hw monitor volume control to POD HD500X
        ALSA: gus: Fix some error handling paths related to get_bpos() usage
        ALSA: hda: Add missing parameter description for snd_hdac_stream_timecounter_init()
        ALSA: usb-audio: Add native DSD support for Luxman D-08u
        ALSA: core: add isascii() check to card ID generator
        MAINTAINERS: ALSA: use linux-sound@vger.kernel.org list
        Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
        ASoC: intel: sof_sdw: Add check devm_kasprintf() returned value
        ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
        ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
        ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
        ASoC: dt-bindings: qcom,sm8250: add qrb4210-rb2-sndcard
        ALSA: hda: fix trigger_tstamp_latched
        ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
        ALSA: hda/generic: Drop obsoleted obey_preferred_dacs flag
        ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
        ALSA: silence integer wrapping warning
        ASoC: Intel: soc-acpi: arl: Fix some missing empty terminators
        ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item
        ...
      2f91ff27
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-10-04' of https://gitlab.freedesktop.org/drm/kernel · fe6fcece
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Weekly fixes, xe and amdgpu lead the way, with panthor, and few core
        components getting various fixes. Nothing seems too out of the
        ordinary.
      
        atomic:
         - Use correct type when reading damage rectangles
      
        display:
         - Fix kernel docs
      
        dp-mst:
         - Fix DSC decompression detection
      
        hdmi:
         - Fix infoframe size
      
        sched:
         - Update maintainers
         - Fix race condition whne queueing up jobs
         - Fix locking in drm_sched_entity_modify_sched()
         - Fix pointer deref if entity queue changes
      
        sysfb:
         - Disable sysfb if framebuffer parent device is unknown
      
        amdgpu:
         - DML2 fix
         - DSC fix
         - Dispclk fix
         - eDP HDR fix
         - IPS fix
         - TBT fix
      
        i915:
         - One fix for bitwise and logical "and" mixup in PM code
      
        xe:
         - Restore pci state on resume
         - Fix locking on submission, queue and vm
         - Fix UAF on queue destruction
         - Fix resource release on freq init error path
         - Use rw_semaphore to reduce contention on ASID->VM lookup
         - Fix steering for media on Xe2_HPM
         - Tuning updates to Xe2
         - Resume TDR after GT reset to prevent jobs running forever
         - Move id allocation to avoid userspace using a guessed number to
           trigger UAF
         - Fix OA stream close preventing pbatch buffers to complete
         - Fix NPD when migrating memory on LNL
         - Fix memory leak when aborting binds
      
        panthor:
         - Fix locking
         - Set FOP_UNSIGNED_OFFSET in fops instance
         - Acquire lock in panthor_vm_prepare_map_op_ctx()
         - Avoid uninitialized variable in tick_ctx_cleanup()
         - Do not block scheduler queue if work is pending
         - Do not add write fences to the shared BOs
      
        vbox:
         - Fix VLA handling"
      
      * tag 'drm-fixes-2024-10-04' of https://gitlab.freedesktop.org/drm/kernel: (41 commits)
        drm/xe: Fix memory leak when aborting binds
        drm/xe: Prevent null pointer access in xe_migrate_copy
        drm/xe/oa: Don't reset OAC_CONTEXT_ENABLE on OA stream close
        drm/xe/queue: move xa_alloc to prevent UAF
        drm/xe/vm: move xa_alloc to prevent UAF
        drm/xe: Clean up VM / exec queue file lock usage.
        drm/xe: Resume TDR after GT reset
        drm/xe/xe2: Add performance tuning for L3 cache flushing
        drm/xe/xe2: Extend performance tuning to media GT
        drm/xe/mcr: Use Xe2_LPM steering tables for Xe2_HPM
        drm/xe: Use helper for ASID -> VM in GPU faults and access counters
        drm/xe: Convert to USM lock to rwsem
        drm/xe: use devm_add_action_or_reset() helper
        drm/xe: fix UAF around queue destruction
        drm/xe/guc_submit: add missing locking in wedged_fini
        drm/xe: Restore pci state upon resume
        drm/amd/display: Fix system hang while resume with TBT monitor
        drm/amd/display: Enable idle workqueue for more IPS modes
        drm/amd/display: Add HDR workaround for specific eDP
        drm/amd/display: avoid set dispclk to 0
        ...
      fe6fcece
    • Linus Torvalds's avatar
      Merge tag 'block-6.12-20241004' of git://git.kernel.dk/linux · 360c1f1f
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Fix another use-after-free in aoe
      
       - Fixup wrong nested non-saving irq disable/restore in blk-iocost
      
       - Fixup a kerneldoc complaint introduced by a merge window patch
      
      * tag 'block-6.12-20241004' of git://git.kernel.dk/linux:
        aoe: fix the potential use-after-free problem in more places
        blk_iocost: remove some duplicate irq disable/enables
        block: fix blk_rq_map_integrity_sg kernel-doc
      360c1f1f
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.12-20241004' of git://git.kernel.dk/linux · 43454e83
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Fix an error path memory leak, if one part fails to allocate.
         Obviously not something that'll generally hit without error
         injection.
      
       - Fix an io_req_flags_t cast to make sparse happier.
      
       - Improve the recv multishot termination. Not a bug now, but could be
         one in the future. This makes it do the same thing that recvmsg does
         in terms of when to terminate a request or not.
      
      * tag 'io_uring-6.12-20241004' of git://git.kernel.dk/linux:
        io_uring/net: harden multishot termination case for recv
        io_uring: fix casts to io_req_flags_t
        io_uring: fix memory leak when cache init fail
      43454e83
    • Linus Torvalds's avatar
      Merge tag 'fsnotify_for_v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · e02f08e2
      Linus Torvalds authored
      Pull fsnotify fixes from Jan Kara:
       "Fixes for an inotify deadlock and a data race in fsnotify"
      
      * tag 'fsnotify_for_v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        inotify: Fix possible deadlock in fsnotify_destroy_mark
        fsnotify: Avoid data race between fsnotify_recalc_mask() and fsnotify_object_watched()
      e02f08e2
    • Linus Torvalds's avatar
      Merge tag 'fs_for_v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 4770119d
      Linus Torvalds authored
      Pull UDF fixes from Jan Kara:
       "A couple of UDF error handling fixes for issues spotted by syzbot"
      
      * tag 'fs_for_v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        udf: fix uninit-value use in udf_get_fileshortad
        udf: refactor inode_bmap() to handle error
        udf: refactor udf_next_aext() to handle error
        udf: refactor udf_current_aext() to handle error
      4770119d
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-6.12-rc2' of https://github.com/ceph/ceph-client · a3a37691
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "A fix from Patrick for a variety of CephFS lockup scenarios caused by
        a regression in cap handling which sneaked in through the netfs helper
        library in 5.18 (marked for stable) and an unrelated one-line cleanup"
      
      * tag 'ceph-for-6.12-rc2' of https://github.com/ceph/ceph-client:
        ceph: fix cap ref leak via netfs init_request
        ceph: use struct_size() helper in __ceph_pool_perm_get()
      a3a37691
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-video' and 'acpi-battery' · 3be5c171
      Rafael J. Wysocki authored
      Merge an ACPI backlight (video) quirk and ACPI battery driver fix and
      cleanup for 6.12-rc2:
      
       - Add a quirk for Dell OptiPlex 5480 AIO to the ACPI backlight (video)
         driver (Hans de Goede).
      
       - Prevent the ACPI battery driver from crashing when unregistering a
         battery hook and simplify battery hook locking in it (Armin Wolf).
      
      * acpi-video:
        ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO
      
      * acpi-battery:
        ACPI: battery: Fix possible crash when unregistering a battery hook
        ACPI: battery: Simplify battery hook locking
      3be5c171
    • Linus Torvalds's avatar
      Merge tag 'for-6.12-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 79eb2c07
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
      
       - in incremental send, fix invalid clone operation for file that got
         its size decreased
      
       - fix __counted_by() annotation of send path cache entries, we do not
         store the terminating NUL
      
       - fix a longstanding bug in relocation (and quite hard to hit by
         chance), drop back reference cache that can get out of sync after
         transaction commit
      
       - wait for fixup worker kthread before finishing umount
      
       - add missing raid-stripe-tree extent for NOCOW files, zoned mode
         cannot have NOCOW files but RST is meant to be a standalone feature
      
       - handle transaction start error during relocation, avoid potential
         NULL pointer dereference of relocation control structure (reported by
         syzbot)
      
       - disable module-wide rate limiting of debug level messages
      
       - minor fix to tracepoint definition (reported by checkpatch.pl)
      
      * tag 'for-6.12-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: disable rate limiting when debug enabled
        btrfs: wait for fixup workers before stopping cleaner kthread during umount
        btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
        btrfs: send: fix invalid clone operation for file that got its size decreased
        btrfs: tracepoints: end assignment with semicolon at btrfs_qgroup_extent event class
        btrfs: drop the backref cache during relocation if we commit
        btrfs: also add stripe entries for NOCOW writes
        btrfs: send: fix buffer overflow detection when copying path to cache entry
      79eb2c07
    • Linus Torvalds's avatar
      Merge tag 'v6.12-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · b7a838ee
      Linus Torvalds authored
      Pull smb client fixes from Steve French:
      
       - statfs fix (e.g. when limited access to root directory of share)
      
       - special file handling fixes: fix packet validation to avoid buffer
         overflow for reparse points, fixes for symlink path parsing (one for
         reparse points, and one for SFU use case), and fix for cleanup after
         failed SET_REPARSE operation.
      
       - fix for SMB2.1 signing bug introduced by recent patch to NFS symlink
         path, and NFS reparse point validation
      
       - comment cleanup
      
      * tag 'v6.12-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: Do not convert delimiter when parsing NFS-style symlinks
        cifs: Validate content of NFS reparse point buffer
        cifs: Fix buffer overflow when parsing NFS reparse points
        smb: client: Correct typos in multiple comments across various files
        smb: client: use actual path when queryfs
        cifs: Remove intermediate object of failed create reparse call
        Revert "smb: client: make SHA-512 TFM ephemeral"
        smb: Update comments about some reparse point tags
        cifs: Check for UTF-16 null codepoint in SFU symlink target location
      b7a838ee
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 6cca1195
      Linus Torvalds authored
      Pull close_range() fix from Al Viro:
       "Fix the logic in descriptor table trimming"
      
      * tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        close_range(): fix the logics in descriptor table trimming
      6cca1195
    • Wolfram Sang's avatar
      Merge tag 'i2c-host-fixes-6.12-rc2' of... · 3689245d
      Wolfram Sang authored
      Merge tag 'i2c-host-fixes-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/andi.shyti/linux into i2c/for-current
      
      i2c-host fixes for v6.12-rc2
      
      In the stm32f7 a potential deadlock is fixed during runtime
      suspend and resume.
      3689245d
    • Paul Moore's avatar
      tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support · c5e3cdbf
      Paul Moore authored
      This patch reverts two TOMOYO patches that were merged into Linus' tree
      during the v6.12 merge window:
      
      8b985bbf ("tomoyo: allow building as a loadable LSM module")
      268225a1 ("tomoyo: preparation step for building as a loadable LSM module")
      
      Together these two patches introduced the CONFIG_SECURITY_TOMOYO_LKM
      Kconfig build option which enabled a TOMOYO specific dynamic LSM loading
      mechanism (see the original commits for more details).  Unfortunately,
      this approach was widely rejected by the LSM community as well as some
      members of the general kernel community.  Objections included concerns
      over setting a bad precedent regarding individual LSMs managing their
      LSM callback registrations as well as general kernel symbol exporting
      practices.  With little to no support for the CONFIG_SECURITY_TOMOYO_LKM
      approach outside of Tetsuo, and multiple objections, we need to revert
      these changes.
      
      Link: https://lore.kernel.org/all/0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jp
      Link: https://lore.kernel.org/all/CAHC9VhR=QjdoHG3wJgHFJkKYBg7vkQH2MpffgVzQ0tAByo_wRg@mail.gmail.comAcked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      c5e3cdbf
    • Easwar Hariharan's avatar
      arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 · 3eddb108
      Easwar Hariharan authored
      Add the Microsoft Azure Cobalt 100 CPU to the list of CPUs suffering
      from erratum 3194386 added in commit 75b3c43e ("arm64: errata:
      Expand speculative SSBS workaround")
      
      CC: Mark Rutland <mark.rutland@arm.com>
      CC: James More <james.morse@arm.com>
      CC: Will Deacon <will@kernel.org>
      CC: stable@vger.kernel.org # 6.6+
      Signed-off-by: default avatarEaswar Hariharan <eahariha@linux.microsoft.com>
      Link: https://lore.kernel.org/r/20241003225239.321774-1-eahariha@linux.microsoft.comSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      3eddb108
    • Takashi Iwai's avatar
      ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin · b3ebb007
      Takashi Iwai authored
      We received a regression report for System76 Pangolin (pang14) due to
      the recent fix for Tuxedo Sirius devices to support the top speaker.
      The reason was the conflicting PCI SSID, as often seen.
      
      As a workaround, now the codec SSID is checked and the quirk is
      applied conditionally only to Sirius devices.
      
      Fixes: 4178d78c ("ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices")
      Reported-by: default avatarChristian Heusel <christian@heusel.eu>
      Reported-by: default avatarJerry <jerryluo225@gmail.com>
      Closes: https://lore.kernel.org/c930b6a6-64e5-498f-b65a-1cd5e0a1d733@heusel.eu
      Link: https://patch.msgid.link/20241004082602.29016-1-tiwai@suse.deSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      b3ebb007
    • Hans P. Moller's avatar
      ALSA: line6: add hw monitor volume control to POD HD500X · 703235a2
      Hans P. Moller authored
      Add hw monitor volume control for POD HD500X. This is done adding
      LINE6_CAP_HWMON_CTL to the capabilities
      Signed-off-by: default avatarHans P. Moller <hmoller@uc.cl>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Link: https://patch.msgid.link/20241003232828.5819-1-hmoller@uc.cl
      703235a2
    • Christophe JAILLET's avatar
      ALSA: gus: Fix some error handling paths related to get_bpos() usage · 9df39a87
      Christophe JAILLET authored
      If get_bpos() fails, it is likely that the corresponding error code should
      be returned.
      
      Fixes: a6970bb1 ("ALSA: gus: Convert to the new PCM ops")
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Link: https://patch.msgid.link/d9ca841edad697154afa97c73a5d7a14919330d9.1727984008.git.christophe.jaillet@wanadoo.frSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      9df39a87
    • Dave Airlie's avatar
      Merge tag 'drm-xe-fixes-2024-10-03' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes · 5b272bf7
      Dave Airlie authored
      Driver Changes:
      - Restore pci state on resume (Rodrigo Vivi)
      - Fix locking on submission, queue and vm (Matthew Auld, Matthew Brost)
      - Fix UAF on queue destruction (Matthew Auld)
      - Fix resource release on freq init error path (He Lugang)
      - Use rw_semaphore to reduce contention on ASID->VM lookup (Matthew Brost)
      - Fix steering for media on Xe2_HPM (Gustavo Sousa)
      - Tuning updates to Xe2 (Gustavo Sousa)
      - Resume TDR after GT reset to prevent jobs running forever (Matthew Brost)
      - Move id allocation to avoid userspace using a guessed number
        to trigger UAF (Matthew Auld, Matthew Brost)
      - Fix OA stream close preventing pbatch buffers to complete (José)
      - Fix NPD when migrating memory on LNL (Zhanjun Dong)
      - Fix memory leak when aborting binds (Matthew Brost)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Lucas De Marchi <lucas.demarchi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/2fiv63yanlal5mpw3mxtotte6yvkvtex74c7mkjxca4bazlyja@o4iejcfragxy
      5b272bf7
    • Linus Torvalds's avatar
      Merge tag 'rust-fixes-6.12' of https://github.com/Rust-for-Linux/linux · 0c559323
      Linus Torvalds authored
      Pull Rust fixes from Miguel Ojeda:
       "Toolchain and infrastructure:
      
         - Fix/improve a couple 'depends on' on the newly added CFI/KASAN
           suppport to avoid build errors/warnings
      
         - Fix ARCH_SLAB_MINALIGN multiple definition error for RISC-V under
           !CONFIG_MMU
      
         - Clean upcoming (Rust 1.83.0) Clippy warnings
      
        'kernel' crate:
      
         - 'sync' module: fix soundness issue by requiring 'T: Sync' for
           'LockedBy::access'; and fix helpers build error under PREEMPT_RT
      
         - Fix trivial sorting issue ('rustfmtcheck') on the v6.12 Rust merge"
      
      * tag 'rust-fixes-6.12' of https://github.com/Rust-for-Linux/linux:
        rust: kunit: use C-string literals to clean warning
        cfi: encode cfi normalized integers + kasan/gcov bug in Kconfig
        rust: KASAN+RETHUNK requires rustc 1.83.0
        rust: cfi: fix `patchable-function-entry` starting version
        rust: mutex: fix __mutex_init() usage in case of PREEMPT_RT
        rust: fix `ARCH_SLAB_MINALIGN` multiple definition error
        rust: sync: require `T: Sync` for `LockedBy::access`
        rust: kernel: sort Rust modules
      0c559323
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes.ufs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 263a25de
      Linus Torvalds authored
      Pull ufs fix from Al Viro:
       "Fix ufs_rename() braino introduced this cycle.
      
        The 'folio_release_kmap(dir_folio, new_dir)' in ufs_rename() part of
        folio conversion should've been getting a pointer to ufs directory
        entry within the page, rather than a pointer to directory struct
        inode..."
      
      * tag 'pull-fixes.ufs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        ufs_rename(): fix bogus argument of folio_release_kmap()
      263a25de
  3. 03 Oct, 2024 3 commits
    • Johannes Weiner's avatar
      sched: psi: fix bogus pressure spikes from aggregation race · 3840cbe2
      Johannes Weiner authored
      Brandon reports sporadic, non-sensical spikes in cumulative pressure
      time (total=) when reading cpu.pressure at a high rate. This is due to
      a race condition between reader aggregation and tasks changing states.
      
      While it affects all states and all resources captured by PSI, in
      practice it most likely triggers with CPU pressure, since scheduling
      events are so frequent compared to other resource events.
      
      The race context is the live snooping of ongoing stalls during a
      pressure read. The read aggregates per-cpu records for stalls that
      have concluded, but will also incorporate ad-hoc the duration of any
      active state that hasn't been recorded yet. This is important to get
      timely measurements of ongoing stalls. Those ad-hoc samples are
      calculated on-the-fly up to the current time on that CPU; since the
      stall hasn't concluded, it's expected that this is the minimum amount
      of stall time that will enter the per-cpu records once it does.
      
      The problem is that the path that concludes the state uses a CPU clock
      read that is not synchronized against aggregators; the clock is read
      outside of the seqlock protection. This allows aggregators to race and
      snoop a stall with a longer duration than will actually be recorded.
      
      With the recorded stall time being less than the last snapshot
      remembered by the aggregator, a subsequent sample will underflow and
      observe a bogus delta value, resulting in an erratic jump in pressure.
      
      Fix this by moving the clock read of the state change into the seqlock
      protection. This ensures no aggregation can snoop live stalls past the
      time that's recorded when the state concludes.
      Reported-by: default avatarBrandon Duffany <brandon@buildbuddy.io>
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=219194
      Link: https://lore.kernel.org/lkml/20240827121851.GB438928@cmpxchg.org/
      Fixes: df774306 ("psi: Reduce calls to sched_clock() in psi")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reviewed-by: default avatarChengming Zhou <chengming.zhou@linux.dev>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3840cbe2
    • Wei Li's avatar
      tracing/hwlat: Fix a race during cpuhp processing · 2a13ca2e
      Wei Li authored
      The cpuhp online/offline processing race also exists in percpu-mode hwlat
      tracer in theory, apply the fix too. That is:
      
          T1                       | T2
          [CPUHP_ONLINE]           | cpu_device_down()
           hwlat_hotplug_workfn()  |
                                   |     cpus_write_lock()
                                   |     takedown_cpu(1)
                                   |     cpus_write_unlock()
          [CPUHP_OFFLINE]          |
              cpus_read_lock()     |
              start_kthread(1)     |
              cpus_read_unlock()   |
      
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Link: https://lore.kernel.org/20240924094515.3561410-5-liwei391@huawei.com
      Fixes: ba998f7d ("trace/hwlat: Support hotplug operations")
      Signed-off-by: default avatarWei Li <liwei391@huawei.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      2a13ca2e
    • Wei Li's avatar
      tracing/timerlat: Fix a race during cpuhp processing · 829e0c9f
      Wei Li authored
      There is another found exception that the "timerlat/1" thread was
      scheduled on CPU0, and lead to timer corruption finally:
      
      ```
      ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220
      WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0
      Modules linked in:
      CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
      RIP: 0010:debug_print_object+0x7d/0xb0
      ...
      Call Trace:
       <TASK>
       ? __warn+0x7c/0x110
       ? debug_print_object+0x7d/0xb0
       ? report_bug+0xf1/0x1d0
       ? prb_read_valid+0x17/0x20
       ? handle_bug+0x3f/0x70
       ? exc_invalid_op+0x13/0x60
       ? asm_exc_invalid_op+0x16/0x20
       ? debug_print_object+0x7d/0xb0
       ? debug_print_object+0x7d/0xb0
       ? __pfx_timerlat_irq+0x10/0x10
       __debug_object_init+0x110/0x150
       hrtimer_init+0x1d/0x60
       timerlat_main+0xab/0x2d0
       ? __pfx_timerlat_main+0x10/0x10
       kthread+0xb7/0xe0
       ? __pfx_kthread+0x10/0x10
       ret_from_fork+0x2d/0x40
       ? __pfx_kthread+0x10/0x10
       ret_from_fork_asm+0x1a/0x30
       </TASK>
      ```
      
      After tracing the scheduling event, it was discovered that the migration
      of the "timerlat/1" thread was performed during thread creation. Further
      analysis confirmed that it is because the CPU online processing for
      osnoise is implemented through workers, which is asynchronous with the
      offline processing. When the worker was scheduled to create a thread, the
      CPU may has already been removed from the cpu_online_mask during the offline
      process, resulting in the inability to select the right CPU:
      
      T1                       | T2
      [CPUHP_ONLINE]           | cpu_device_down()
      osnoise_hotplug_workfn() |
                               |     cpus_write_lock()
                               |     takedown_cpu(1)
                               |     cpus_write_unlock()
      [CPUHP_OFFLINE]          |
          cpus_read_lock()     |
          start_kthread(1)     |
          cpus_read_unlock()   |
      
      To fix this, skip online processing if the CPU is already offline.
      
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Link: https://lore.kernel.org/20240924094515.3561410-4-liwei391@huawei.com
      Fixes: c8895e27 ("trace/osnoise: Support hotplug operations")
      Signed-off-by: default avatarWei Li <liwei391@huawei.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      829e0c9f