Commit Graph

1137321 Commits

Author SHA1 Message Date
Govindarajulu Varadarajan 1208b93dd9 enic: MAINTAINERS: Update enic maintainers
Update enic maintainers.

Signed-off-by: Govindarajulu Varadarajan <govind.varadar@gmail.com>
Link: https://lore.kernel.org/r/20221028042159.735670-1-govind.varadar@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-10-28 20:20:06 -07:00
Jakub Kicinski e4ba455420 net: openvswitch: add missing .resv_start_op
I missed one of the families in OvS when annotating .resv_start_op.
This triggers the warning added in commit ce48ebdd56 ("genetlink:
limit the use of validation workarounds to old ops").

Reported-by: syzbot+40eb8c0447c0e47a7e9b@syzkaller.appspotmail.com
Fixes: 9c5d03d362 ("genetlink: start to validate reserved header bytes")
Link: https://lore.kernel.org/r/20221028032501.2724270-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-10-28 20:19:53 -07:00
Jakub Kicinski 7354c9024f netlink: hide validation union fields from kdoc
Mark the validation fields as private, users shouldn't set
them directly and they are too complicated to explain in
a more succinct way (there's already a long explanation
in the comment above).

The strict_start_type field is set directly and has a dedicated
comment so move that above the "private" section.

Link: https://lore.kernel.org/r/20221027212107.2639255-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-10-28 20:19:15 -07:00
Linus Torvalds 576e61cea1 s390 updates for 6.1-rc3
- Remove outdated linux390 link from MAINTAINERS.
 
 - Add few missing EX_TABLE entries to inline assemblies.
 
 - Fix raw data collection for pai_ext PMU.
 
 - Add kernel image secure boot trailer for future firmware versions.
 
 - Fix out-of-bounds access on cio_ignore free.
 
 - Fix memory allocation of mdev_types array in vfio-ap.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE3QHqV+H2a8xAv27vjYWKoQLXFBgFAmNcOhwACgkQjYWKoQLX
 FBgdXwgAjovmEDjZkA47z05Aiuc1yTxyHwJk85nb2j1jZ6mrKfuMawVmwGq8HtM9
 o8qnXZdG6xnLgy5OcP2QNGQIo9vY6o74s7ERALmYbVmOKEf1pxbWebaSQHuRK5Aj
 enGidXt9djwiHxscToVlT5y4XTAbn2nekseStREOhJ3aSLcsyUmUa7qF+UfyKrTy
 t7tnrOROXnS9GvvD7X89u6sWYl0nTIbV3QIcSpomCzY+3YQxkykvI55CnS53Lrn/
 bgOPo9OEsI/oojCdKTk0qRBYj+5CSpfXQeXpvp8CaqQshc+Yjzk1ND9YNTcaMg6P
 jO7Ny3tNzXk9ZPgG0qdEcr1W4vdn2w==
 =Mk7P
 -----END PGP SIGNATURE-----

Merge tag 's390-6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Vasily Gorbik:

 - Remove outdated linux390 link from MAINTAINERS

 - Add few missing EX_TABLE entries to inline assemblies

 - Fix raw data collection for pai_ext PMU

 - Add kernel image secure boot trailer for future firmware versions

 - Fix out-of-bounds access on cio_ignore free

 - Fix memory allocation of mdev_types array in vfio-ap

* tag 's390-6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/vfio-ap: Fix memory allocation for mdev_types array
  s390/cio: fix out-of-bounds access on cio_ignore free
  s390/pai: fix raw data collection for PMU pai_ext
  s390/boot: add secure boot trailer
  s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
  s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
  s390/uaccess: add missing EX_TABLE entries to __clear_user()
  MAINTAINERS: remove outdated linux390 link
2022-10-28 17:11:26 -07:00
Linus Torvalds 283f13d43b RISC-V Fixes for 6.1-rc3
* A fix for a build warning in the jump_label code.
 * One of the git://github -> https://github cleanups, for the SiFive
   drivers.
 * A fix for the kasan initialization code, this still likely warrants
   some cleanups but that's a bigger problem and at least this fixes the
   crashes in the short term.
 * A pair of fixes for extension support detection on mixed LLVM/GNU
   toolchains.
 * A fix for a runtime warning in the /proc/cpuinfo code.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmNcIeETHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiQooEAC23Pgmdp5A74VgmCxt1pLPuLwapHL+
 piAvzBx96GMajdWhzfBxwR8PTAAdiffpyFD+mal9MmmDAy+fduYQD76ge28Kx33y
 yJIIya+9vSHcCkMUfj8Kag93qAsXTwJIvuyrHJ8JGdnxgs4jywKPge6S4GYOiFD2
 8UALXgr/4Xi1WJnHvGPElLbVUqAcha2F4Wbl8P0dEUnuCFbiHQfDqWAx7OgC9zrZ
 CJhM3vQNADXO+7Yj8MDyeRQW2JVeBi1xNJ00fGgArUNHQqRMnEgZ4Hbfymf6j+yq
 1RP6sCjha3qIGofqD7B0pfcgThjRi8kpHL+RjiFrb4UigfxErdZDhBsOxTVB5slG
 oe4V7mrm3gdHPgW3ZytjmkXhHNzRRFfmuUwfqR/h9iumkpnNntuphPQVCtCBKDNx
 dZ6JGdVw7ljgp51t66vvJLy3lpYYcnhh64sCFYdWSY1+n0sJB6QfwnDPp8AFznCn
 9PafHYzEOM/e5PBlRqoORuRfkRmk54pJu+uKHh/FtcG3Z7q6htyF8QHDMaYizPna
 MDqcCl1DdKBh24D0E2KRNzhNTGNSFNKcSnXB6dF9wH4jLlglyIaNe0vqmfFxVWkV
 ufMcfXjxgl5zHJUf0IBuw57pVZddriRhVU+2YECnMgquuC9drjHa1sG71oYm/loY
 9XYPR12ckU7lqg==
 =In1r
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - A fix for a build warning in the jump_label code

 - One of the git://github -> https://github cleanups, for the SiFive
   drivers

 - A fix for the kasan initialization code, this still likely warrants
   some cleanups but that's a bigger problem and at least this fixes the
   crashes in the short term

 - A pair of fixes for extension support detection on mixed LLVM/GNU
   toolchains

 - A fix for a runtime warning in the /proc/cpuinfo code

* tag 'riscv-for-linus-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  RISC-V: Fix /proc/cpuinfo cpumask warning
  riscv: fix detection of toolchain Zihintpause support
  riscv: fix detection of toolchain Zicbom support
  riscv: mm: add missing memcpy in kasan_init
  MAINTAINERS: git://github.com -> https://github.com for sifive
  riscv: jump_label: mark arguments as const to satisfy asm constraints
2022-10-28 17:03:00 -07:00
Linus Torvalds 13f05fb219 ACPI and device properties fixes for 6.1-rc3
- Fix the documentation of the *_match_string() family of functions to
    properly cover the return value (Andy Shevchenko).
 
  - Fix a possible integer overflow during multiplication in the ACPI
    PCC code (Manank Patel).
 
  - Make the ACPI device resources code skip IRQ override on Asus
    Vivobook S5602ZA (Tamim Khan).
 
  - Add LATT2021 to the list of device IDs that are ignored when
    returned by _DEP, because there are no drivers for them in the
    kernel and no plans to add such drivers (Hans de Goede).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmNb7XoSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRx4AgP/1Q78/7GisCGmymtggxYqYwo7Zr0F6GO
 yZ/OA4+TQOHeYLjjDH3njlmQnQLyLm8xEwPw+9ThK3p35eVMy01UoQdC5nf2mz9o
 mzvR2Vh/7Ed0W58DP4KEyo5IAKGBYWD3SGSoKY0H8v0VBcQt2QLO0LFeZjulTFnb
 TsIXTMG/e5ymwYN1tDil/Fiwpr2HUq1D+/jL7bxjw5Pb/IkYCuQXv/5DPyi3TH6e
 d8d0CRoc8HKBOjyvAhuQ6bfVotYE/qSOz3gpVXcBwQGiTkPW6Ytk65sfXLEMO0Bz
 LTKyQTkduJHPiEMNw32iAwTCrRIfsu5s+98Z/gYCHDY1oojQBMoFQhELzL2/HnLu
 1Ab0v9sm8M6yPqVMC2F+wTQLAjkP4LZuTGt/xBkZ4VYlJnpr03ChyBlwut1AjHAs
 Xsspal6FDupGI6VY935QBOMwVF75WEFAoR/CfKFIJhkEGxN7VrxlXlLo6ks+06Bi
 85dLk0CiTxBcm3bfRaCgLt5AsQYYaDhRxEB70Hs0R4n9gkCTmuiMyZ+hdJYw5SCc
 t0sPFF1Fd2pqaZtTMchV7nH9oaAeM/K+6TztXcR5b4iuhoTPEorVR+3mJwb80HRl
 Y+Fhl/T7Q2kS+W5LxINsjkKyHBxkEdd0JadEfRlAESOfpwkIZIac0SHVPfv/KGt4
 RrV/T6dbzkfi
 =OG6y
 -----END PGP SIGNATURE-----

Merge tag 'acpi-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI and device properties fixes from Rafael Wysocki:
 "These fix device properties documentation and the ACPI PCC code, add a
  new IRQ override quirk for resource handling and add one more item to
  the list of device IDs to be ignored when returned by _DEP.

  Specifics:

   - Fix the documentation of the *_match_string() family of functions
     to properly cover the return value (Andy Shevchenko)

   - Fix a possible integer overflow during multiplication in the ACPI
     PCC code (Manank Patel)

   - Make the ACPI device resources code skip IRQ override on Asus
     Vivobook S5602ZA (Tamim Khan)

   - Add LATT2021 to the list of device IDs that are ignored when
     returned by _DEP, because there are no drivers for them in the
     kernel and no plans to add such drivers (Hans de Goede)"

* tag 'acpi-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
  ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
  ACPI: PCC: Fix unintentional integer overflow
  device property: Fix documentation for *_match_string() APIs
2022-10-28 16:48:29 -07:00
Linus Torvalds 6b872a5ece Power management fixes for 6.1-rc3
- Make intel_pstate use what is known about the hardware instead of
    relying on information from the platform firmware (ACPI CPPC in
    particular) to establish the relationship between the HWP CPU
    performance levels and frequencies on all hybrid platforms
    available to date (Rafael Wysocki).
 
  - Allow hybrid sleep to use suspend-to-idle as a system suspend method
    if it is the current suspend method of choice (Mario Limonciello).
 
  - Fix handling of unavailable/disabled idle states in the generic
    power domains code (Sudeep Holla).
 
  - Update the pm-graph suite of utilities to version 5.10 which is
    fixes-mostly and does not add any new features (Todd Brandt).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmNb7MoSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxfeMQAIHJ+nLjWGPfoW1WxVYuDECx121+zdXa
 zI0O2q6tREdT3YsvPjLG3UePXaTR5cI02JM+5CTgFylfHTRN3xe+L8LJwm2gDadd
 +0DC5Q+YLJFVzqo7jsgKPOb6KhjWI77qrFNhvQxac2N/xMEE5z2p7iosP3qewInd
 i43UzbfypGkIBin+HD5nM38lHuhp14geKEHocV6ftUzoPMcnuzQVkPIkbpfj7YOo
 XGsGz4Seei9raWgquBPUnaM/sOWEwSOb86HBsFTwdiepQJPsfmPO60yBbno7C5hX
 kx7b9vG+lh5rosTWructhkSPrLent0QiWd6J3B6glMt4rzlQf8h39hZrOgot7Ald
 txNjXhrBTa9tpJanB3lKelgQwj2+6mKhkcFo8uA44jlX0nhOaFTnNKDGj92si8xS
 Emj/M7jQozomE/4zXLpeb+Ovpk54svrCsKykE2aeo5sWsL7IZduzAk0ZvgItQ2a0
 oIuqxUbnx/JTYqpxzAyZAJtVDfcum12uXmXNk0IcXtI4ewW9mw3YRQpbB9uir5+y
 cMnyBgATt65f6I0tr+cJyQmiUxRRiAekZyeJtbF89iLM/nDeTCwI03LyNVAobw/R
 FF0ctXdIjZvnWUXyz68+J0a+kMeMwQeIw5TlE8kxfQfIiEubj2V9xIDOe3cn520R
 SzrO8xQXB/ay
 =1teO
 -----END PGP SIGNATURE-----

Merge tag 'pm-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These make the intel_pstate driver work as expected on all hybrid
  platforms to date (regardless of possible platform firmware issues),
  fix hybrid sleep on systems using suspend-to-idle by default, make the
  generic power domains code handle disabled idle states properly and
  update pm-graph.

  Specifics:

   - Make intel_pstate use what is known about the hardware instead of
     relying on information from the platform firmware (ACPI CPPC in
     particular) to establish the relationship between the HWP CPU
     performance levels and frequencies on all hybrid platforms
     available to date (Rafael Wysocki)

   - Allow hybrid sleep to use suspend-to-idle as a system suspend
     method if it is the current suspend method of choice (Mario
     Limonciello)

   - Fix handling of unavailable/disabled idle states in the generic
     power domains code (Sudeep Holla)

   - Update the pm-graph suite of utilities to version 5.10 which is
     fixes-mostly and does not add any new features (Todd Brandt)"

* tag 'pm-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PM: domains: Fix handling of unavailable/disabled idle states
  pm-graph v5.10
  cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
  cpufreq: intel_pstate: Read all MSRs on the target CPU
  PM: hibernate: Allow hybrid sleep to work with s2idle
2022-10-28 16:44:12 -07:00
Kees Cook 6f7630b1b5 fortify: Capture __bos() results in const temp vars
In two recent run-time memcpy() bound checking bug reports (NFS[1] and
JFS[2]), the _detection_ was working correctly (in the sense that the
requested copy size was larger than the destination field size), but
the _warning text_ was showing the destination field size as SIZE_MAX
("unknown size"). This should be impossible, since the detection function
will explicitly give up if the destination field size is unknown. For
example, the JFS warning was:

  memcpy: detected field-spanning write (size 132) of single field "ip->i_link" at fs/jfs/namei.c:950 (size 18446744073709551615)

Other cases of this warning (e.g.[3]) have reported correctly,
and the reproducer only happens under GCC (at least 10.2 and 12.1),
so this currently appears to be a GCC bug. Explicitly capturing the
__builtin_object_size() results in const temporary variables fixes the
report. For example, the JFS reproducer now correctly reports the field
size (128):

  memcpy: detected field-spanning write (size 132) of single field "ip->i_link" at fs/jfs/namei.c:950 (size 128)

Examination of the .text delta (which is otherwise identical), shows
the literal value used in the report changing:

-     mov    $0xffffffffffffffff,%rcx
+     mov    $0x80,%ecx

[1] https://lore.kernel.org/lkml/Y0zEzZwhOxTDcBTB@codemonkey.org.uk/
[2] https://syzkaller.appspot.com/bug?id=23d613df5259b977dac1696bec77f61a85890e3d
[3] https://lore.kernel.org/all/202210110948.26b43120-yujie.liu@intel.com/

Cc: "Dr. David Alan Gilbert" <linux@treblig.org>
Cc: llvm@lists.linux.dev
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2022-10-28 16:07:01 -07:00
Jean-Philippe Brucker f5e4ec155d random: use arch_get_random*_early() in random_init()
While reworking the archrandom handling, commit d349ab99ee ("random:
handle archrandom with multiple longs") switched to the non-early
archrandom helpers in random_init(), which broke initialization of the
entropy pool from the arm64 random generator.

Indeed at that point the arm64 CPU features, which verify that all CPUs
have compatible capabilities, are not finalized so arch_get_random_seed_longs()
is unsuccessful. Instead random_init() should use the _early functions,
which check only the boot CPU on arm64. On other architectures the
_early functions directly call the normal ones.

Fixes: d349ab99ee ("random: handle archrandom with multiple longs")
Cc: stable@vger.kernel.org
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-10-29 00:24:03 +02:00
Rasmus Villemoes b3f4f51ea6 tools/nolibc/string: Fix memcmp() implementation
The C standard says that memcmp() must treat the buffers as consisting
of "unsigned chars". If char happens to be unsigned, the casts are ok,
but then obviously the c1 variable can never contain a negative
value. And when char is signed, the casts are wrong, and there's still
a problem with using an 8-bit quantity to hold the difference, because
that can range from -255 to +255.

For example, assuming char is signed, comparing two 1-byte buffers,
one containing 0x00 and another 0x80, the current implementation would
return -128 for both memcmp(a, b, 1) and memcmp(b, a, 1), whereas one
of those should of course return something positive.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Fixes: 66b6f755ad ("rcutorture: Import a copy of nolibc")
Cc: stable@vger.kernel.org # v5.0+
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
2022-10-28 15:07:02 -07:00
Willy Tarreau bfc3b0f056 tools/nolibc: Fix missing strlen() definition and infinite loop with gcc-12
When built at -Os, gcc-12 recognizes an strlen() pattern in nolibc_strlen()
and replaces it with a jump to strlen(), which is not defined as a symbol
and breaks compilation. Worse, when the function is called strlen(), the
function is simply replaced with a jump to itself, hence becomes an
infinite loop.

One way to avoid this is to always set -ffreestanding, but the calling
code doesn't know this and there's no way (either via attributes or
pragmas) to globally enable it from include files, effectively leaving
a painful situation for the caller.

Alexey suggested to place an empty asm() statement inside the loop to
stop gcc from recognizing a well-known pattern, which happens to work
pretty fine. At least it allows us to make sure our local definition
is not replaced with a self jump.

The function only needs to be renamed back to strlen() so that the symbol
exists, which implies that nolibc_strlen() which is used on variable
strings has to be declared as a macro that points back to it before the
strlen() macro is redifined.

It was verified to produce valid code with gcc 3.4 to 12.1 at different
optimization levels, and both with constant and variable strings.

In case this problem surfaces again in the future, an alternate approach
consisting in adding an optimize("no-tree-loop-distribute-patterns")
function attribute for gcc>=12 worked as well but is less pretty.

Reported-by: kernel test robot <yujie.liu@intel.com>
Link: https://lore.kernel.org/r/202210081618.754a77db-yujie.liu@intel.com
Fixes: 66b6f755ad ("rcutorture: Import a copy of nolibc")
Fixes: 96980b833a ("tools/nolibc/string: do not use __builtin_strlen() at -O0")
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
2022-10-28 15:07:02 -07:00
Sebastian Andrzej Siewior dda1c41a07 mm: multi-gen LRU: move lru_gen_add_mm() out of IRQ-off region
lru_gen_add_mm() has been added within an IRQ-off region in the commit
mentioned below.  The other invocations of lru_gen_add_mm() are not within
an IRQ-off region.

The invocation within IRQ-off region is problematic on PREEMPT_RT because
the function is using a spin_lock_t which must not be used within
IRQ-disabled regions.

The other invocations of lru_gen_add_mm() occur while
task_struct::alloc_lock is acquired.  Move lru_gen_add_mm() after
interrupts are enabled and before task_unlock().

Link: https://lkml.kernel.org/r/20221026134830.711887-1-bigeasy@linutronix.de
Fixes: bd74fdaea1 ("mm: multi-gen LRU: support page table walks")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Yu Zhao <yuzhao@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Lukas Bulwahn 1b9c918318 lib: maple_tree: remove unneeded initialization in mtree_range_walk()
Before the do-while loop in mtree_range_walk(), the variables next, min,
max need to be initialized.  The variables last, prev_min and prev_max are
set within the loop body before they are eventually used after exiting the
loop body.

As it is a do-while loop, the loop body is executed at least once, so the
variables last, prev_min and prev_max do not need to be initialized before
the loop body.

Remove unneeded initialization of last and prev_min.

The needless initialization was reported by clang-analyzer as Dead Stores.

As the compiler already identifies these assignments as unneeded, it
optimizes the assignments away.  Hence:

No functional change. No change in object code.

Link: https://lkml.kernel.org/r/20221026120029.12555-2-lukas.bulwahn@gmail.com
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Liam Howlett 1db43d3f37 mmap: fix remap_file_pages() regression
When using the VMA iterator, the final execution will set the variable
'next' to NULL which causes the function to fail out.  Restore the break
in the loop to exit the VMA iterator early without clearing NULL fixes the
issue.

Link: https://lore.kernel.org/lkml/29344.1666681759@jrobl/
Link: https://lkml.kernel.org/r/20221025161222.2634030-1-Liam.Howlett@oracle.com
Fixes: 763ecb0350 (mm: remove the vma linked list)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Reported-by: "J. R. Okajima" <hooanon05g@gmail.com>
Tested-by: "J. R. Okajima" <hooanon05g@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Ira Weiny 5dc21f0c0b mm/shmem: ensure proper fallback if page faults
The kernel test robot flagged a recursive lock as a result of a conversion
from kmap_atomic() to kmap_local_folio()[Link]

The cause was due to the code depending on the kmap_atomic() side effect
of disabling page faults.  In that case the code expects the fault to fail
and take the fallback case.

git archaeology implied that the recursion may not be an actual bug.[1]
However, depending on the implementation of the mmap_lock and the
condition of the call there may still be a deadlock.[2] So this is not
purely a lockdep issue.  Considering a single threaded call stack there
are 3 options.

	1) Different mm's are in play (no issue)
	2) Readlock implementation is recursive and same mm is in play
	   (no issue)
	3) Readlock implementation is _not_ recursive (issue)

The mmap_lock is recursive so with a single thread there is no issue.

However, Matthew pointed out a deadlock scenario when you consider
additional process' and threads thusly.

"The readlock implementation is only recursive if nobody else has taken a
write lock.  If you have a multithreaded process, one of the other threads
can call mmap() and that will prevent recursion (due to fairness).  Even
if it's a different process that you're trying to acquire the mmap read
lock on, you can still get into a deadly embrace.  eg:

process A thread 1 takes read lock on own mmap_lock
process A thread 2 calls mmap, blocks taking write lock
process B thread 1 takes page fault, read lock on own mmap lock
process B thread 2 calls mmap, blocks taking write lock
process A thread 1 blocks taking read lock on process B
process B thread 1 blocks taking read lock on process A

Now all four threads are blocked waiting for each other."

Regardless using pagefault_disable() ensures that no matter what locking
implementation is used a deadlock will not occur.  Add an explicit
pagefault_disable() and a big comment to explain this for future souls
looking at this code.

[1] https://lore.kernel.org/all/Y1MymJ%2FINb45AdaY@iweiny-desk3/
[2] https://lore.kernel.org/lkml/Y1bXBtGTCym77%2FoD@casper.infradead.org/

Link: https://lkml.kernel.org/r/20221025220108.2366043-1-ira.weiny@intel.com
Link: https://lore.kernel.org/r/202210211215.9dc6efb5-yujie.liu@intel.com
Fixes: 7a7256d5f5 ("shmem: convert shmem_mfill_atomic_pte() to use a folio")
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reported-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reported-by: kernel test robot <yujie.liu@intel.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Peter Xu <peterx@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Ira Weiny 5521de7ddd mm/userfaultfd: replace kmap/kmap_atomic() with kmap_local_page()
kmap() and kmap_atomic() are being deprecated in favor of
kmap_local_page() which is appropriate for any thread local context.[1]

A recent locking bug report with userfaultfd showed that the conversion of
the kmap_atomic()'s in those code flows requires care with regard to the
prevention of deadlock.[2]

git archaeology implied that the recursion may not be an actual bug.[3]
However, depending on the implementation of the mmap_lock and the
condition of the call there may still be a deadlock.[4] So this is not
purely a lockdep issue.  Considering a single threaded call stack there
are 3 options.

	1) Different mm's are in play (no issue)
	2) Readlock implementation is recursive and same mm is in play
	   (no issue)
	3) Readlock implementation is _not_ recursive (issue)

The mmap_lock is recursive so with a single thread there is no issue.

However, Matthew pointed out a deadlock scenario when you consider
additional process' and threads thusly.

"The readlock implementation is only recursive if nobody else has taken a
write lock.  If you have a multithreaded process, one of the other threads
can call mmap() and that will prevent recursion (due to fairness).  Even
if it's a different process that you're trying to acquire the mmap read
lock on, you can still get into a deadly embrace.  eg:

process A thread 1 takes read lock on own mmap_lock
process A thread 2 calls mmap, blocks taking write lock
process B thread 1 takes page fault, read lock on own mmap lock
process B thread 2 calls mmap, blocks taking write lock
process A thread 1 blocks taking read lock on process B
process B thread 1 blocks taking read lock on process A

Now all four threads are blocked waiting for each other."

Regardless using pagefault_disable() ensures that no matter what locking
implementation is used a deadlock will not occur.

Complete kmap conversion in userfaultfd by replacing the kmap() and
kmap_atomic() calls with kmap_local_page().  When replacing the
kmap_atomic() call ensure page faults continue to be disabled to support
the correct fall back behavior and add a comment to inform future souls of
the requirement.

[1] https://lore.kernel.org/all/20220813220034.806698-1-ira.weiny@intel.com/
[2] https://lore.kernel.org/all/Y1Mh2S7fUGQ%2FiKFR@iweiny-desk3/
[3] https://lore.kernel.org/all/Y1MymJ%2FINb45AdaY@iweiny-desk3/
[4] https://lore.kernel.org/lkml/Y1bXBtGTCym77%2FoD@casper.infradead.org/

[ira.weiny@intel.com: v2]
  Link: https://lkml.kernel.org/r/20221025220136.2366143-1-ira.weiny@intel.com
Link: https://lkml.kernel.org/r/20221024043452.1491677-1-ira.weiny@intel.com
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Alexander Potapenko 78a498c3a2 x86: fortify: kmsan: fix KMSAN fortify builds
Ensure that KMSAN builds replace memset/memcpy/memmove calls with the
respective __msan_XXX functions, and that none of the macros are redefined
twice.  This should allow building kernel with both CONFIG_KMSAN and
CONFIG_FORTIFY_SOURCE.

Link: https://lkml.kernel.org/r/20221024212144.2852069-5-glider@google.com
Link: https://github.com/google/kmsan/issues/89
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: Tamas K Lengyel <tamas.lengyel@zentific.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Alexander Potapenko 59c8a02e24 x86: asm: make sure __put_user_size() evaluates pointer once
User access macros must ensure their arguments are evaluated only once if
they are used more than once in the macro body.  Adding
instrument_put_user() to __put_user_size() resulted in double evaluation
of the `ptr` argument, which led to correctness issues when performing
e.g.  unsafe_put_user(..., p++, ...).

To fix those issues, evaluate the `ptr` argument of __put_user_size() at
the beginning of the macro.

Link: https://lkml.kernel.org/r/20221024212144.2852069-4-glider@google.com
Fixes: 888f84a6da ("x86: asm: instrument usercopy in get_user() and put_user()")
Signed-off-by: Alexander Potapenko <glider@google.com>
Reported-by: youling257 <youling257@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Alexander Potapenko 921757bc9b Kconfig.debug: disable CONFIG_FRAME_WARN for KMSAN by default
KMSAN adds a lot of instrumentation to the code, which results in
increased stack usage (up to 2048 bytes and more in some cases).  It's
hard to predict how big the stack frames can be, so we disable the
warnings for KMSAN instead.

Link: https://lkml.kernel.org/r/20221024212144.2852069-3-glider@google.com
Link: https://github.com/google/kmsan/issues/89
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Alexander Potapenko 42855f588e x86/purgatory: disable KMSAN instrumentation
The stand-alone purgatory.ro does not contain the KMSAN runtime, therefore
it can't be built with KMSAN compiler instrumentation.

Link: https://lkml.kernel.org/r/20221024212144.2852069-2-glider@google.com
Link: https://github.com/google/kmsan/issues/89
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:23 -07:00
Alexander Potapenko f59a3ee691 mm: kmsan: export kmsan_copy_page_meta()
Certain modules call copy_user_highpage(), which calls
kmsan_copy_page_meta() under KMSAN, so we need to export the latter.

Link: https://lkml.kernel.org/r/20221024212144.2852069-1-glider@google.com
Link: https://github.com/google/kmsan/issues/89
Fixes: b073d7f8ae ("mm: kmsan: maintain KMSAN metadata for page operations")
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Baolin Wang 03e5f82ea6 mm: migrate: fix return value if all subpages of THPs are migrated successfully
During THP migration, if THPs are not migrated but they are split and all
subpages are migrated successfully, migrate_pages() will still return the
number of THP pages that were not migrated.  This will confuse the callers
of migrate_pages().  For example, the longterm pinning will failed though
all pages are migrated successfully.

Thus we should return 0 to indicate that all pages are migrated in this
case

Link: https://lkml.kernel.org/r/de386aa864be9158d2f3b344091419ea7c38b2f7.1666599848.git.baolin.wang@linux.alibaba.com
Fixes: b5bade978e ("mm: migrate: fix the return value of migrate_pages()")
Signed-off-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Reviewed-by: Alistair Popple <apopple@nvidia.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: Zi Yan <ziy@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Peter Xu 67eae54bc2 mm/uffd: fix vma check on userfault for wp
We used to have a report that pte-marker code can be reached even when
uffd-wp is not compiled in for file memories, here:

https://lore.kernel.org/all/YzeR+R6b4bwBlBHh@x1n/T/#u

I just got time to revisit this and found that the root cause is we simply
messed up with the vma check, so that for !PTE_MARKER_UFFD_WP system, we
will allow UFFDIO_REGISTER of MINOR & WP upon shmem as the check was
wrong:

    if (vm_flags & VM_UFFD_MINOR)
        return is_vm_hugetlb_page(vma) || vma_is_shmem(vma);

Where we'll allow anything to pass on shmem as long as minor mode is
requested.

Axel did it right when introducing minor mode but I messed it up in
b1f9e87686 when moving code around.  Fix it.

Link: https://lkml.kernel.org/r/20221024193336.1233616-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20221024193336.1233616-2-peterx@redhat.com
Fixes: b1f9e87686 ("mm/uffd: enable write protection for shmem & hugetlbfs")
Signed-off-by: Peter Xu <peterx@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Hugh Dickins 5aae9265ee mm: prep_compound_tail() clear page->private
Although page allocation always clears page->private in the first page or
head page of an allocation, it has never made a point of clearing
page->private in the tails (though 0 is often what is already there).

But now commit 71e2d666ef ("mm/huge_memory: do not clobber swp_entry_t
during THP split") issues a warning when page_tail->private is found to be
non-0 (unless it's swapcache).

Change that warning to dump page_tail (which also dumps head), instead of
just the head: so far we have seen dead000000000122, dead000000000003,
dead000000000001 or 0000000000000002 in the raw output for tail private.

We could just delete the warning, but today's consensus appears to want
page->private to be 0, unless there's a good reason for it to be set: so
now clear it in prep_compound_tail() (more general than just for THP; but
not for high order allocation, which makes no pass down the tails).

Link: https://lkml.kernel.org/r/1c4233bb-4e4d-5969-fbd4-96604268a285@google.com
Fixes: 71e2d666ef ("mm/huge_memory: do not clobber swp_entry_t during THP split")
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Rik van Riel 8ebe0a5eaa mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED on hugetlbfs
A common use case for hugetlbfs is for the application to create
memory pools backed by huge pages, which then get handed over to
some malloc library (eg. jemalloc) for further management.

That malloc library may be doing MADV_DONTNEED calls on memory
that is no longer needed, expecting those calls to happen on
PAGE_SIZE boundaries.

However, currently the MADV_DONTNEED code rounds up any such
requests to HPAGE_PMD_SIZE boundaries. This leads to undesired
outcomes when jemalloc expects a 4kB MADV_DONTNEED, but 2MB of
memory get zeroed out, instead.

Use of pre-built shared libraries means that user code does not
always know the page size of every memory arena in use.

Avoid unexpected data loss with MADV_DONTNEED by rounding up
only to PAGE_SIZE (in do_madvise), and rounding down to huge
page granularity.

That way programs will only get as much memory zeroed out as
they requested.

Link: https://lkml.kernel.org/r/20221021192805.366ad573@imladris.surriel.com
Fixes: 90e7e7f5ef ("mm: enable MADV_DONTNEED for hugetlb mappings")
Signed-off-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Maria Yu fba4eaf931 mm/page_isolation: fix clang deadcode warning
When !CONFIG_VM_BUG_ON, there is warning of
clang-analyzer-deadcode.DeadStores:
Value stored to 'mt' during its initialization is never read.

Link: https://lkml.kernel.org/r/20221021101555.7992-2-quic_aiquny@quicinc.com
Signed-off-by: Maria Yu <quic_aiquny@quicinc.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Doug Berger <opendmb@gmail.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Zi Yan <ziy@nvidia.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Andrew Morton bb2282cf01 fs/ext4/super.c: remove unused `deprecated_msg'
fs/ext4/super.c:1744:19: warning: 'deprecated_msg' defined but not used [-Wunused-const-variable=]

Reported-by: kernel test robot <lkp@intel.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Andrew Morton 64b4c411a6 ipc/msg.c: fix percpu_counter use after free
These percpu counters are referenced in free_ipcs->freeque, so destroy
them later.

Fixes: 72d1e61108 ("ipc/msg: mitigate the lock contention with percpu counter")
Reported-by: syzbot+96e659d35b9d6b541152@syzkaller.appspotmail.com
Tested-by: Mark Rutland <mark.rutland@arm.com>
Cc: Jiebin Sun <jiebin.sun@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Huang Ying 27d676a1c2 memory tier, sysfs: rename attribute "nodes" to "nodelist"
In sysfs, we use attribute name "cpumap" or "cpus" for cpu mask and
"cpulist" or "cpus_list" for cpu list.  For example, in my system,

 $ cat /sys/devices/system/node/node0/cpumap
 f,ffffffff
 $ cat /sys/devices/system/cpu/cpu2/topology/core_cpus
 0,00100004
 $ cat cat /sys/devices/system/node/node0/cpulist
 0-35
 $ cat /sys/devices/system/cpu/cpu2/topology/core_cpus_list
 2,20

It looks reasonable to use "nodemap" for node mask and "nodelist" for
node list.  So, rename the attribute to follow the naming convention.

Link: https://lkml.kernel.org/r/20221020015122.290097-1-ying.huang@intel.com
Fixes: 9832fb8783 ("mm/demotion: expose memory tier details via sysfs")
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Acked-by: Wei Xu <weixugc@google.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Bharata B Rao <bharata@amd.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Hesham Almatary <hesham.almatary@huawei.com>
Cc: Jagdish Gediya <jvgediya.oss@gmail.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Tim Chen <tim.c.chen@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Palmer Dabbelt b214fadff2 MAINTAINERS: git://github.com -> https://github.com for nilfs2
Github deprecated the git:// links about a year ago, so let's move to the
https:// URLs instead.

Link: https://lkml.kernel.org/r/20221020024255.5000-1-konishi.ryusuke@gmail.com
Link: https://github.blog/2021-09-01-improving-git-protocol-security-github/
Link: https://lkml.kernel.org/r/20221013214638.30933-1-palmer@rivosinc.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Waiman Long 984a608377 mm/kmemleak: prevent soft lockup in kmemleak_scan()'s object iteration loops
Commit 6edda04ccc ("mm/kmemleak: prevent soft lockup in first object
iteration loop of kmemleak_scan()") adds cond_resched() in the first
object iteration loop of kmemleak_scan().  However, it turns that the 2nd
objection iteration loop can still cause soft lockup to happen in some
cases.  So add a cond_resched() call in the 2nd and 3rd loops as well to
prevent that and for completeness.

Link: https://lkml.kernel.org/r/20221020175619.366317-1-longman@redhat.com
Fixes: 6edda04ccc ("mm/kmemleak: prevent soft lockup in first object iteration loop of kmemleak_scan()")
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:22 -07:00
Phillip Lougher e11c4e088b squashfs: fix buffer release race condition in readahead code
Fix a buffer release race condition, where the error value was used after
release.

Link: https://lkml.kernel.org/r/20221020223616.7571-4-phillip@squashfs.org.uk
Fixes: b09a7a036d ("squashfs: support reading fragments in readahead call")
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
Reported-by: Marc Miltenberger <marcmiltenberger@gmail.com>
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Cc: Slade Watkins <srw@sladewatkins.net>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:21 -07:00
Phillip Lougher c9199de82b squashfs: fix extending readahead beyond end of file
The readahead code will try to extend readahead to the entire size of the
Squashfs data block.

But, it didn't take into account that the last block at the end of the
file may not be a whole block.  In this case, the code would extend
readahead to beyond the end of the file, leaving trailing pages.

Fix this by only requesting the expected number of pages.

Link: https://lkml.kernel.org/r/20221020223616.7571-3-phillip@squashfs.org.uk
Fixes: 8fc78b6fe2 ("squashfs: implement readahead")
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
Reported-by: Marc Miltenberger <marcmiltenberger@gmail.com>
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Cc: Slade Watkins <srw@sladewatkins.net>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: <stable@vger.kernel.org>

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:21 -07:00
Phillip Lougher 9ef8eb6104 squashfs: fix read regression introduced in readahead code
Patch series "squashfs: fix some regressions introduced in the readahead
code".

This patchset fixes 3 regressions introduced by the recent readahead code
changes.  The first regression is causing "snaps" to randomly fail after a
couple of hours or days, which how the regression came to light.


This patch (of 3):

If a file isn't a whole multiple of the page size, the last page will have
trailing bytes unfilled.

There was a mistake in the readahead code which did this.  In particular
it incorrectly assumed that the last page in the readahead page array
(page[nr_pages - 1]) will always contain the last page in the block, which
if we're at file end, will be the page that needs to be zero filled.

But the readahead code may not return the last page in the block, which
means it is unmapped and will be skipped by the decompressors (a temporary
buffer used).

In this case the zero filling code will zero out the wrong page, leading
to data corruption.

Fix this by by extending the "page actor" to return the last page if
present, or NULL if a temporary buffer was used.

Link: https://lkml.kernel.org/r/20221020223616.7571-1-phillip@squashfs.org.uk
Link: https://lkml.kernel.org/r/20221020223616.7571-2-phillip@squashfs.org.uk
Fixes: 8fc78b6fe2 ("squashfs: implement readahead")
Link: https://lore.kernel.org/lkml/b0c258c3-6dcf-aade-efc4-d62a8b3a1ce2@alu.unizg.hr/
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Tested-by: Slade Watkins <srw@sladewatkins.net>
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
Reported-by: Marc Miltenberger <marcmiltenberger@gmail.com>
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-28 13:37:21 -07:00
Linus Torvalds fd7e2a2586 RTC fixes for 6.1
Drivers:
  - cmos: fix wakeup support
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEBqsFVZXh8s/0O5JiY6TcMGxwOjIFAmNb/UAACgkQY6TcMGxw
 OjLkWw/9E/OIGSiWK0qD7AiykXAdvXu7f4OFrOae7u+EupdsvAwiY8Ej3/FPTIMB
 m6xiy95Dho5tURPihTwsWNCdiKAjIjVTuuFELRVcpKRAw0D2KnP8Vl73iy1276u3
 3PufE+r3shdb0rmxacdCZk/fI266ypMUS+Exz/EUgYYafGp2EO0TV2Do6WrThRu+
 MYSXbUmZ7BDsuQHWQzAqq37uW3koHfHfnUWoTDtbdKappaTO7GDr+58ftCEHdML1
 qwo2VSE/BtSZC740N2traih7haVL/d8z11xBa5/eYBfnhNWUWqKh6HZuDsLpoVjT
 4nhx2js/nZ3zVz5ljXuvfuVXh0B5va9y7WEbv7iAZyM7OzUU7Gt3KLVuZ3J9UQBk
 3gYkDEtHX3U0UvkFOh+Uh8wPo4mFKnCZAjXVqVi4Za5XkVGFWbCNoGJd88Bw9r51
 FzKfWGcijW5cPTkKFcsV5EPX/eKBvonW4M21hpi3kZdfVPNbjFKRSITugjHAVbwv
 nu8wCJwtvZH8I83ugkhBJHDwJZ1BzSP5JEL0Fy+TRzDLU9Qr/mQJqg2DKklD7Pad
 8OpxzQFajAzD+8xy8yHXYmpDFXBhFKwEX+2XLQtYuHhcPpjd/202mQcFktKBE2r/
 wo19rpHgioIpdxudwOsG4OenkNItJzvIR3R8EUGvH0mR5ShvVYA=
 =BtHW
 -----END PGP SIGNATURE-----

Merge tag 'rtc-6.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux

Pull RTC fixes from Alexandre Belloni:
 "Fix wakeup support that broke on multiple platforms"

* tag 'rtc-6.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux:
  rtc: cmos: fix build on non-ACPI platforms
  rtc: cmos: Fix wake alarm breakage
2022-10-28 13:24:57 -07:00
Linus Torvalds 18937b0477 MMC core:
- Cancel recovery work on cleanup to avoid NULL pointer dereference
  - Fix error path in the read/write error recovery path
  - Fix kernel panic when remove non-standard SDIO card
  - Fix WRITE_ZEROES handling for CQE
 
 MMC host:
  - sdhci_am654: Fixup Kconfig dependency for REGMAP_MMIO
  - sdhci-esdhc-imx: Avoid warning of misconfigured bus-width
  - sdhci-pci: Disable broken HS400 ES mode for ASUS BIOS on Jasper Lake
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmNb3hcXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCmiqQ/7B5n7gwO8SNMBvv88DVtxeFGW
 BFtEGJmDnGTa3qrYzjEpmetPqgveoJyTP1AY+TpXzVOLIZGDcGL0Tp35yEBzgZ4W
 u/Cgt1QNJH33GHDn4RO5F7KJigAPiMPvN5FkjoxSFWc9xn1AyJEB53CmUKiDC27u
 VPQ8tMOElodj2E2p07DUuAIo8/RNarWMvqTafyYB0q26fUxCZbYWpOvJWtwy2vc+
 Sha+z5Ig4Qv+3y54d3lS9qnilbof226Ok6OZQe2rucCFKXfs4rydDXKu1Qjre3o5
 wbBUneFgZcNMTWIzsjxH0hZGOOil0IgW20kunfgYwdQp5VCvFxA5pmSqXIZCohu/
 sRkymtNNx5JMaHIa3cn16ly3hVWfNnTi5zywRzqNv9LW60uaPX9H/Id0JtxecX7F
 JNjC7mz8y6PW4YWh63JWiXvuPJwgbKO5hrqwLS/lkswU+iDXmcPMPxYK5AATKE7m
 I+JEkSxwuEfgOg9ey/QTxQN8/c+R+et2qpJrjRnXKt6+fCJUu/zMevj+MI9bUPbK
 Qc0sqTmsx38Snxu/VwvlbAmO1gUn3czD17fdiP0GFMdrl4uEzaE3OairjCsdD6U3
 B0HMx0jlBmgM7r2bPZVh1w6FywP93H5+VscT/BwNR4dFxwdZXcoNuUKSAVxnicXY
 jtRjSkT1JQFLDX7jLRk=
 =61FC
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:
 "MMC core:
   - Cancel recovery work on cleanup to avoid NULL pointer dereference
   - Fix error path in the read/write error recovery path
   - Fix kernel panic when remove non-standard SDIO card
   - Fix WRITE_ZEROES handling for CQE

  MMC host:
   - sdhci_am654: Fixup Kconfig dependency for REGMAP_MMIO
   - sdhci-esdhc-imx: Avoid warning of misconfigured bus-width
   - sdhci-pci: Disable broken HS400 ES mode for ASUS BIOS on Jasper
     Lake"

* tag 'mmc-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
  mmc: core: Fix WRITE_ZEROES CQE handling
  mmc: core: Fix kernel panic when remove non-standard SDIO card
  mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
  mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
  mmc: queue: Cancel recovery work on cleanup
  mmc: block: Remove error check of hw_reset on reset
2022-10-28 13:00:54 -07:00
Linus Torvalds 2eb824f68d MTD core:
* partitions: Add missing of_node_get() in dynamic partitions code
 
 Parser drivers:
 * bcm47xxpart: Fix halfblock reads
 
 Raw NAND controller drivers:
 * marvell: Use correct logic for nand-keep-config
 * tegra: Fix PM disable depth imbalance in probe
 * intel: Add missing of_node_put() in ebu_nand_probe()
 
 SPI-NOR core changes:
 * Ignore -ENOTSUPP in spi_nor_init()
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEE9HuaYnbmDhq/XIDIJWrqGEe9VoQFAmNboMYACgkQJWrqGEe9
 VoQmxgf9Eba2zrgntIVSQJS4oBo0HpafMYeSeLFDiFW0wRXUnR1AVgs8QtiqQL3C
 9kT91n9s2K47eRRZgI2cwUcPL/ia+MY+MhTuTkhhZfSgvysyzwac6Ln3mkT7QWMN
 V/+4T8zU4i6mGzYLxCJPvo83fSg7cmjKz7LVy/aBBjFwKNGAP0lpzr06H6TGnHtf
 22VU2KNTGbwlLaMB3Ru5a/rMfYSvwBxxtOqzFice97cE8Ne3Pwv8QzQm1bXDhmpB
 u4P18UpI5YGdjKn4vBkwbg62mqy4kawS2SGLoBzGBdN8ZZ/Z+YzTWPuSzXY/mZaJ
 LACvzwq/1Ji0EnMoKvtAjazJ44YSeg==
 =gAhh
 -----END PGP SIGNATURE-----

Merge tag 'mtd/fixes-for-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

Pull mtd fixes from Miquel Raynal:
 "MTD core:
   - partitions: Add missing of_node_get() in dynamic partitions code

  Parser drivers:
   - bcm47xxpart: Fix halfblock reads

  Raw NAND controller drivers:
   - marvell: Use correct logic for nand-keep-config
   - tegra: Fix PM disable depth imbalance in probe
   - intel: Add missing of_node_put() in ebu_nand_probe()

  SPI-NOR core changes:
   - Ignore -ENOTSUPP in spi_nor_init()"

* tag 'mtd/fixes-for-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
  mtd: parsers: bcm47xxpart: Fix halfblock reads
  mtd: rawnand: marvell: Use correct logic for nand-keep-config
  mtd: rawnand: tegra: Fix PM disable depth imbalance in probe
  mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe()
  mtd: core: add missing of_node_get() in dynamic partitions code
  mtd: spi-nor: core: Ignore -ENOTSUPP in spi_nor_init()
2022-10-28 12:24:19 -07:00
Linus Torvalds f186fd2f5a sound fixes for 6.1-rc3
A collection of small fixes:
 - A series of fixes for regressions by the recent ALSA control
   hash usages
 - Fixes for UAF with del_timer() at removals in a few drivers
 - Char signedness fixes
 - A few memory leak fixes at error paths
 - Device-specific fixes / quirks for Intel SOF, AMD, HD-audio,
   USB-audio, and various ASoC codecs
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNbn68OHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+3SQ/9HbZ1rbQH59Nl/a0IKnjcp+PS573fo9a2mQCp
 7LNcYf546mHPpQHD+kYpNiQrwbwdeoJiHAnDxbkvx3QabRGtwC9u6zE2qgYE1AzC
 sv84PGxe3trfKymyBFCvfkrjF9RGKPM3Kc8AlJB/UyiB9SghdG8giQUZ0x6LjhDb
 gDgZrldT5pTJ5KmBD0cR6L5PxGNT6NBxF8UQEsUSoQmSwSnw2voYq9zr2HFVIbSA
 CQtmRngGAA3Gqw1PczmCRIhVKneNt+RXncEsfrDTQYxPPu6l9ZhGydk33t6Ir0RF
 djEcvy6elIfRjhDSaOSXZmyfhQ/Lkjzs0euUHIiJYHkr7QR0duY0ruEd5tzcLC0o
 wAIsOWQjO/mqxmA1GtvmeRBM8fv33zPP/QJ6zp9JxwWzF2sbr4lp7LFB/NTcqIM9
 YwTjcaovN4p5M4AFUFKBwtE5eUdEf0r7CYKehUInhV9Y6BBn+jNIM3IZuoA9Q0vD
 VVRchwKJegs/W4EoxfWeinbLx1Sf6FBbTxry3FjCkcSkK13+JlcJfZ3RZIP46Ezq
 Rww0iRoWOdI5/lh39s6Zv+FHT6CR0KRhxg17WY7qk8JmbjJb4VmIrnfsyhHTqD3F
 kI9RTVKBvYn0SnwPC31XOkUvhew4QCHPAK0htrmohOJVvKj271U4ZC4N9kPKPvvN
 9mojVcU=
 =C0jD
 -----END PGP SIGNATURE-----

Merge tag 'sound-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of small fixes:

   - fixes for regressions by the recent ALSA control hash usages

   - fixes for UAF with del_timer() at removals in a few drivers

   - char signedness fixes

   - a few memory leak fixes in error paths

   - device-specific fixes / quirks for Intel SOF, AMD, HD-audio,
     USB-audio, and various ASoC codecs"

* tag 'sound-6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (50 commits)
  ALSA: aoa: Fix I2S device accounting
  ALSA: Use del_timer_sync() before freeing timer
  ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
  ALSA: rme9652: use explicitly signed char
  ALSA: au88x0: use explicitly signed char
  ALSA: hda/realtek: Add another HP ZBook G9 model quirks
  ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600
  ASoC: SOF: Intel: hda-codec: fix possible memory leak in hda_codec_device_init()
  ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table
  ASoC: Intel: Skylake: fix possible memory leak in skl_codec_device_init()
  ALSA: ac97: Use snd_ctl_rename() to rename a control
  ALSA: ca0106: Use snd_ctl_rename() to rename a control
  ALSA: emu10k1: Use snd_ctl_rename() to rename a control
  ALSA: hda/realtek: Use snd_ctl_rename() to rename a control
  ALSA: usb-audio: Use snd_ctl_rename() to rename a control
  ALSA: control: add snd_ctl_rename()
  ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
  ASoC: SOF: Intel: pci-tgl: fix ADL-N descriptor
  ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
  ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List
  ...
2022-10-28 12:20:31 -07:00
Linus Torvalds e3493d6825 drm fixes for 6.1-rc3
sched:
 - Stop leaking fences when killing a sched entity.
 
 aperture:
 - Avoid uninitialized read in aperture_remove_conflicting_pci_device()
 
 bridge:
 - Fix HPD on bridge/ps8640.
 
 msm:
 - Fix shrinker deadlock
 - Fix crash during suspend after unbind
 - Fix IRQ lifetime issues
 - Fix potential memory corruption with too many bridges
 - Fix memory corruption on GPU state capture
 
 amdgpu:
 - Stable pstate fix
 - SMU 13.x updates
 - SR-IOV fixes
 - PCI AER fix
 - GC 11.x fixes
 - Display fixes
 - Expose IMU firmware version for debugging
 - Plane modifier fix
 - S0i3 fix
 
 amdkfd:
 - Fix possible memory leak
 - Fix GC 10.x cache info reporting
 
 i915:
 - Extend Wa_1607297627 to Alderlake-P
 - Keep PCI autosuspend control 'on' by default on all dGPU
 - Reset frl trained flag before restarting FRL training
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmNbS0cACgkQDHTzWXnE
 hr6hyA/+IumEuknnfu3b6gniD/ZpJ3Hkak4kTl+RYdgpzsBMS7nIcmSueX2BTJdP
 YEIZ8GzjN6/ECuu8crO9NZEz5ly+7RwRBhNuJ3sH4uYf6LpVzRmJX6Na+77Pm3li
 FuG1IjX9ZPtGGmvzZ55iXlMDk1lHfVQ3fzPCRe16J0Ze8LVw1HOuDxj6GkOhA1YJ
 oMCFbzt4DfSSGxStR5xi91DmL8aOL+y1BXeEf4xT6Ec79XYq+akNfB+9Zj0EFt5I
 CDZyAPI1BtRi+QCrxAYw/h7w84RreReOMQq5iW43wSZmxBosj7gr6EO2ZJJO8wie
 fsvShC6bubCaElrMY78UKk7WgFqLFKH+/yeooAlI7R6xNbpkxIboJfCjLrb/5ggM
 JMltFAQBkT+TaOcUYPdbt+p35O2t2JM0fTWBevqNNQk3X3kvW9dkO4mZ6kchKFsE
 CzZKu1pLdcMB26XH0e0ANgxnI42eW9uONrHs4dZgiLr72tyOIyp7v19tN8JHnI2g
 UBuUmHN9hPIde8Cmja5apnqHhTstN6dbbeKwOSlZfwrKmPstZHr9tUAAueeP6MFy
 lbn+ZiSABdjemMi4+P5ou0U1Q9jUONjO7yWZWkxSgiUvqmq4RiVpVHmLSc7Y8hlr
 UCIAUvyIgr/e1ySaeJjsNQzTjizHvYtW1f2UP/m23U4P0ZfHqYk=
 =UZ/k
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2022-10-28' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Regularly scheduled fixes for drm, live from a Red Hat office for the
  first time in a while.

  The core has two fixes, one for scheduler leak and one for aperture
  uninit read.

  Otherwise a single bridge fix, and msm, amdgpu/kfd and i915 have a set
  of fixes each.

  sched:
   - Stop leaking fences when killing a sched entity.

  aperture:
   - Avoid uninitialized read in aperture_remove_conflicting_pci_device()

  bridge:
   - Fix HPD on bridge/ps8640.

  msm:
   - Fix shrinker deadlock
   - Fix crash during suspend after unbind
   - Fix IRQ lifetime issues
   - Fix potential memory corruption with too many bridges
   - Fix memory corruption on GPU state capture

  amdgpu:
   - Stable pstate fix
   - SMU 13.x updates
   - SR-IOV fixes
   - PCI AER fix
   - GC 11.x fixes
   - Display fixes
   - Expose IMU firmware version for debugging
   - Plane modifier fix
   - S0i3 fix

  amdkfd:
   - Fix possible memory leak
   - Fix GC 10.x cache info reporting

  i915:
   - Extend Wa_1607297627 to Alderlake-P
   - Keep PCI autosuspend control 'on' by default on all dGPU
   - Reset frl trained flag before restarting FRL training"

* tag 'drm-fixes-2022-10-28' of git://anongit.freedesktop.org/drm/drm: (39 commits)
  fbdev/core: Avoid uninitialized read in aperture_remove_conflicting_pci_device()
  drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume
  drm/scheduler: fix fence ref counting
  drm/amd/display: Revert logic for plane modifiers
  drm/amdkfd: correct the cache info for gfx1036
  drm/amdkfd: update gfx1037 Lx cache setting
  drm/amdgpu: skip mes self test for gc 11.0.3 in recover
  drm/amd: Add IMU fw version to fw version queries
  drm/amd/display: Don't return false if no stream
  drm/amd/display: Remove wrong pipe control lock
  drm/amd/pm: allow gfxoff on gc_11_0_3
  drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
  drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x
  drm/i915/dp: Reset frl trained flag before restarting FRL training
  drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU
  drm/i915: Extend Wa_1607297627 to Alderlake-P
  drm/amdgpu: Adjust MES polling timeout for sriov
  drm/amd/pm: update driver-if header for smu_v13_0_10
  drm/amdgpu: fix pstate setting issue
  drm/bridge: ps8640: Add back the 50 ms mystery delay after HPD
  ...
2022-10-28 12:10:43 -07:00
Linus Torvalds 05c31d25cc This push fixes an alignment crash in x86/polyval.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmNSgrAACgkQxycdCkmx
 i6e9lhAAk2pXbkjVx05aeeNY9hD8WhveNCuEgUEmuX3nn4/0u3gdRNMLlyADV+RN
 kUEhFZsgxszB/65od378A/PA/fOHKzO8QlNzFgcaZbOm1TnzqxfG2q4CIBdm//mx
 5MdogwSg5uLDzEiUFJb94cPv2YizuE2+Zer0goDesWAm7eXEf3PMb7WfLjqdWiM/
 rHnfE74l/cro8RIH7wTgCCNDIuIAI3wOrXULohhhJbzbQ89prOKgy1h5mL/b8N4x
 4MVXd5tTPL2se5JqgofLuddGIB+B7fNCHRyWDO35cI+xh5o9G0K2DslYW6azKWyZ
 LJc86UGSV6I7kNSSyyfMDH6N0u1eXjvQiTaOZubO7ql38Ob6hRuCE2UG8lZlWVfQ
 2j71+QzhF0wrQxIBrQmlvdOKZiL4NsBxz9lr27tj8gdJlPWbgsLFssBQGB921uSA
 0M4vKDQoK95M+TsoJjWYNHcGb+Uu6iFOgOrzCND/0hd73rRi1TSTtc3Q4SnAUthz
 eCyBVXtuI1k3VCWoelUKOSoh1jILaAjKcXz+5dpIBZgtbm17f55eAW3L6xmOGl/u
 /VbHpFDPai8A1gbk3gzUac+KWe96+A2jM/j8R/wWikhrLMhtAvToT2cDrAg9v9wk
 UpuSflSSOQcL9CBv4eJzJEdX/49qqjY4jeJ+i/V5PZzC3QSYWX8=
 =0tfg
 -----END PGP SIGNATURE-----

Merge tag 'v6.1-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fix from Herbert Xu:
 "Fix an alignment crash in x86/polyval"

* tag 'v6.1-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: x86/polyval - Fix crashes when keys are not 16-byte aligned
2022-10-28 09:53:30 -07:00
Ard Biesheuvel f11a74b45d efi: efivars: Fix variable writes with unsupported query_variable_store()
Commit 8a254d90a7 ("efi: efivars: Fix variable writes without
query_variable_store()") addressed an issue that was introduced during
the EFI variable store refactor, where alternative implementations of
the efivars layer that lacked query_variable_store() would no longer
work.

Unfortunately, there is another case to consider here, which was missed:
if the efivars layer is backed by the EFI runtime services as usual, but
the EFI implementation predates the introduction of QueryVariableInfo(),
we will return EFI_UNSUPPORTED, and this is no longer being dealt with
correctly.

So let's fix this, and while at it, clean up the code a bit, by merging
the check_var_size() routines as well as their callers.

Cc: <stable@vger.kernel.org> # v6.0
Fixes: bbc6d2c6ef ("efi: vars: Switch to new wrapper layer")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Aditya Garg <gargaditya08@live.com>
2022-10-28 18:26:30 +02:00
Dan Carpenter 7a47e077e5 RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
Add a check for if create_singlethread_workqueue() fails and also destroy
the work queue on failure paths.

Fixes: e411e0587e ("RDMA/qedr: Add iWARP connection management functions")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/Y1gBkDucQhhWj5YM@kili
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2022-10-28 12:59:40 -03:00
Chen Zhongjin 07c0d131cc RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
KASAN reported a null-ptr-deref error:

  KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
  CPU: 1 PID: 379
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
  RIP: 0010:destroy_workqueue+0x2f/0x740
  RSP: 0018:ffff888016137df8 EFLAGS: 00000202
  ...
  Call Trace:
   ib_core_cleanup+0xa/0xa1 [ib_core]
   __do_sys_delete_module.constprop.0+0x34f/0x5b0
   do_syscall_64+0x3a/0x90
   entry_SYSCALL_64_after_hwframe+0x63/0xcd
  RIP: 0033:0x7fa1a0d221b7
  ...

It is because the fail of roce_gid_mgmt_init() is ignored:

 ib_core_init()
   roce_gid_mgmt_init()
     gid_cache_wq = alloc_ordered_workqueue # fail
 ...
 ib_core_cleanup()
   roce_gid_mgmt_cleanup()
     destroy_workqueue(gid_cache_wq)
     # destroy an unallocated wq

Fix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().

Fixes: 03db3a2d81 ("IB/core: Add RoCE GID table management")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221025024146.109137-1-chenzhongjin@huawei.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2022-10-28 12:59:40 -03:00
Mario Limonciello 2124becad7 ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
commit 018d6711c2 ("ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1
for StorageD3Enable") introduced a quirk to allow a system with ambiguous
use of _ADR 0 to force StorageD3Enable.

Julius Brockmann reports that Inspiron 16 5625 suffers that same symptoms.
Add this other system to the list as well.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=216440
Reported-and-tested-by: Julius Brockmann <mail@juliusbrockmann.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2022-10-28 17:34:59 +02:00
Matti Vaittinen 9ed88fcfb1 MAINTAINERS: Change myself to a maintainer
After some off-list discussion with Marek Vasut and Geert Uytterhoeven
and finally a kx022a driver related discussion with Joe Perches
https://lore.kernel.org/lkml/92c3f72e60bc99bf4a21da259b4d78c1bdca447d.camel@perches.com/
it seems that my status as a reviewer has been wrong. I do look after
the ROHM/Kionix drivers I've authored and currently I am also paid to do
so as is reflected by the 'S: Supported'. According to Joe, the reviewer
entry in MAINTAINERS do not indicate such level of support and having a
reviewer supporting an IC is a contradiction.

Switch undersigned from a reviewer to a maintainer for IC drivers I am
taking care of.

Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
2022-10-28 16:50:14 +02:00
Rafael J. Wysocki dd183e3205 Merge branches 'acpi-resource', 'acpi-pcc' and 'devprop'
Merge an IRQ override quirk, an ACPI PCC code fix and a device
properties documentation update for 6.1-rc3:

 - Make the ACPI device resources code skip IRQ override on Asus
   Vivobook S5602ZA (Tamim Khan).

 - Fix a possible integer overflow during multiplication in the ACPI
   PCC code (Manank Patel).

 - Fix the documentation of the *_match_string() family of functions to
   properly cover the return value (Andy Shevchenko).

* acpi-resource:
  ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA

* acpi-pcc:
  ACPI: PCC: Fix unintentional integer overflow

* devprop:
  device property: Fix documentation for *_match_string() APIs
2022-10-28 16:37:02 +02:00
Rafael J. Wysocki 6f257934ed Merge branches 'pm-sleep', 'pm-domains' and 'pm-tools'
Merge a hiberantion-related fix, a generic power domains code fix and
a pm-graph update for 6.1-rc1:

 - Allow hybrid sleep to use suspend-to-idle as a system suspend method
   if it is the current suspend method of choice (Mario Limonciello).

 - Fix handling of unavailable/disabled idle states in the generic
   power domains code (Sudeep Holla).

 - Update the pm-graph suite of utilities to version 5.10 which is
   fixes-mostly and does not add any new features (Todd Brandt).

* pm-sleep:
  PM: hibernate: Allow hybrid sleep to work with s2idle

* pm-domains:
  PM: domains: Fix handling of unavailable/disabled idle states

* pm-tools:
  pm-graph v5.10
2022-10-28 16:31:25 +02:00
John Garry e3c5a78cdb blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
Function blk_mq_alloc_request_hctx() is missing zeroing/init of rq->bio,
biotail, __sector, and __data_len members, which blk_mq_alloc_request()
has, so duplicate what we do in blk_mq_alloc_request().

Fixes: 1f5bd336b9 ("blk-mq: add blk_mq_alloc_request_hctx")
Signed-off-by: John Garry <john.garry@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/1666780513-121650-1-git-send-email-john.garry@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-10-28 07:54:47 -06:00
Miklos Szeredi 4a6f278d48 fuse: add file_modified() to fallocate
Add missing file_modified() call to fuse_file_fallocate().  Without this
fallocate on fuse failed to clear privileges.

Fixes: 05ba1f0823 ("fuse: add FALLOCATE operation")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2022-10-28 14:25:20 +02:00
Eiichi Tsukata 7353633814 KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()
Should not call eventfd_ctx_put() in case of error.

Fixes: 2fd6df2f2b ("KVM: x86/xen: intercept EVTCHNOP_send from guests")
Reported-by: syzbot+6f0c896c5a9449a10ded@syzkaller.appspotmail.com
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Message-Id: <20221028092631.117438-1-eiichi.tsukata@nutanix.com>
[Introduce new goto target instead. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-28 06:47:26 -04:00